Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

AntivirusXP 2009 Infection

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

AntivirusXP 2009 Infection

Unread postby wildcat » November 13th, 2008, 7:25 pm

I've become infected with the AntivirusXP 2009 spyware. I've not let it complete the registration process, but my computer is totally blocked - no internet access, no ability to run any kind of previously installed antivirus or malware, or any new malware from a memory stick. I simply blocks out everything from running, so I've got no ability to clean it up. Right now I'm pretty screwed.

What are my options?
wildcat
Active Member
 
Posts: 10
Joined: November 13th, 2008, 7:13 pm
Advertisement
Register to Remove

Re: AntivirusXP 2009 Infection

Unread postby Katana » November 18th, 2008, 5:58 pm

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.


Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
  1. Please Read All Instructions Carefully
  2. If you don't understand something, stop and ask! Don't keep going on.
  3. Please do not run any other tools or scans whilst I am helping you
  4. Please continue to respond until I give you the "All Clear"
    (Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly Image

Please ensure that any USB/Flash/External drives are connected whilst we are cleaning your machine.

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe


----------------------------------------------------------------------------------------

I apologize for the delay in responding, but as you can probably see the forums are quite busy.
Unfortunately there are far more people needing help than there are helpers.

or any new malware from a memory stick


Please can you clarify this, can you access the memory stick but not run tools or does the machine not recognise the memory stick at all ?
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: AntivirusXP 2009 Infection

Unread postby wildcat » November 19th, 2008, 5:23 pm

I apologize for the delay. To clarify, the computer I'm using to communicate isn't the infected one, and I CAN read a memory stick from the infected computer. I just can't run any spyware removal software. I have AVG installed on the infected computer but it's being blocked from running as far as I can tell.

Finally, should I be PMing you to communicate or do it by trading e-mails?

Bruce Williams
Last edited by NonSuch on November 19th, 2008, 6:01 pm, edited 1 time in total.
Reason: Edited to remove telephone number. For the sake of your own privacy, please do not post your telephone number in public.
wildcat
Active Member
 
Posts: 10
Joined: November 13th, 2008, 7:13 pm

Re: AntivirusXP 2009 Infection

Unread postby Katana » November 19th, 2008, 5:56 pm

wildcat wrote: should I be PMing you to communicate or do it by trading e-mails?

Neither,
I will post instructions here and you can reply here with the information I request.



Download and Run ComboFix

Please download Combofix on your working machine and transfer it to the infected computer via your USB drive


    ComboFix.exe 1
    ComboFix.exe 2
    ComboFix.exe 3

  • You must save it to and run it from your Desktop
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
  • Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
ComboFix SHOULD NOT be used unless requested by a forum helper
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: AntivirusXP 2009 Infection

Unread postby wildcat » November 19th, 2008, 11:08 pm

I've completed the three scans and the logs follow. I don't know what you mean by a "fresn HJT log". Please advise on that item. Thanks for the help.

Scan Log from ComboFix1

ComboFix 08-11-18.A2 - Bruce Williams 2008-11-19 19:23:46.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.261 [GMT -6:00]
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Bruce Williams\Cookies\aqoj.exe
c:\documents and settings\Bruce Williams\Cookies\dehys.dl
c:\documents and settings\Bruce Williams\Cookies\ducysux.dll
c:\documents and settings\Bruce Williams\Cookies\iguvyzix.bin
c:\documents and settings\Bruce Williams\Cookies\iran.lib
c:\documents and settings\Bruce Williams\Cookies\uficesiba.reg
c:\documents and settings\Bruce Williams\Cookies\yjyga.vbs
c:\documents and settings\Bruce Williams\Local Settings\Temporary Internet Files\jywerezo.scr
c:\documents and settings\Bruce Williams\Local Settings\Temporary Internet Files\odiw.vbs
c:\documents and settings\Bruce Williams\Local Settings\Temporary Internet Files\otyzypuvy.reg
c:\program files\popcorn Terms.html
c:\windows\brastk.exe
c:\windows\IE4 Error Log.txt
c:\windows\karna.dat
c:\windows\Readme.txt
c:\windows\system32\_scui.cpl
c:\windows\system32\AutoRun.inf
c:\windows\system32\av.dat
c:\windows\system32\brastk.exe
c:\windows\system32\Cache
c:\windows\system32\Cache\buts.bin
c:\windows\system32\Cache\chart 1.bmp
c:\windows\system32\Cache\comp40.bmp
c:\windows\system32\Cache\creditcard.bmp
c:\windows\system32\Cache\ding.bmp
c:\windows\system32\Cache\disk 1.bmp
c:\windows\system32\Cache\document.bmp
c:\windows\system32\Cache\football.bmp
c:\windows\system32\Cache\mail unreaded.bmp
c:\windows\system32\Cache\msg.bin
c:\windows\system32\Cache\peoples 1.bmp
c:\windows\system32\Cache\search find 2.bmp
c:\windows\system32\Cache\showbtn.bmp
c:\windows\system32\Cache\showbtn1.bmp
c:\windows\system32\Cache\showbtn12.bmp
c:\windows\system32\Cache\showbtn123.bmp
c:\windows\system32\Cache\showbtn1234.bmp
c:\windows\system32\Cache\showbtn12345.bmp
c:\windows\system32\Cache\showbtn123456.bmp
c:\windows\system32\Cache\slotmachine.bmp
c:\windows\system32\Cache\untitled.bmp
c:\windows\system32\Cache\valentines copy.bmp
c:\windows\system32\Cache\web app.bmp
c:\windows\system32\Cache\web app1.bmp
c:\windows\system32\DelSelf.bat
c:\windows\system32\drivers\TDSSmhxt.sys
c:\windows\system32\karna.dat
c:\windows\system32\TDSScfum.dll
c:\windows\system32\TDSSfxmp.dll
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSnrsr.dll
c:\windows\system32\TDSSofxh.dll
c:\windows\system32\TDSSosvd.dat
c:\windows\system32\TDSSrhym.log
c:\windows\system32\TDSSriqp.dll
c:\windows\system32\TDSSsbhc.dll
c:\windows\system32\TDSStkdv.log
c:\windows\system32\wini108015.exe

Infected copy of c:\windows\system32\drivers\beep.sys was found and disinfected
Restored copy from - c:\windows\system32\drivers\beep.sys


.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS


((((((((((((((((((((((((( Files Created from 2008-10-20 to 2008-11-20 )))))))))))))))))))))))))))))))
.

2008-11-19 19:29 . 2001-08-18 06:00 4,224 --a------ c:\windows\system32\drivers\beep.sys
2008-11-19 19:29 . 2001-08-18 06:00 4,224 --a--c--- c:\windows\system32\dllcache\beep.sys
2008-11-19 19:12 . 2008-11-19 19:12 <DIR> d-------- C:\CF2
2008-11-19 18:01 . 2008-11-19 19:38 7,712 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2008-11-19 18:01 . 2008-11-19 19:33 1,700 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2008-11-15 15:22 . 2008-11-15 15:22 5,098 --a------ C:\rollback.ini
2008-11-15 15:10 . 2008-11-15 15:10 <DIR> d-------- c:\program files\ParetoLogic
2008-11-15 15:10 . 2008-11-15 15:11 <DIR> d-------- c:\program files\Common Files\ParetoLogic
2008-11-15 15:10 . 2008-11-15 15:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS
2008-11-15 15:10 . 2008-11-15 15:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\ParetoLogic
2008-11-13 18:06 . 2008-11-14 16:20 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-13 18:02 . 2008-11-13 18:02 <DIR> d-------- c:\program files\MalwareRemovalBot
2008-11-13 17:54 . 2008-11-13 17:55 <DIR> d-------- c:\documents and settings\Bruce Williams\Application Data\MalwareRemovalBot
2008-11-13 16:20 . 2008-11-13 16:20 18,121 --a------ c:\windows\system32\ipib.dl
2008-11-13 16:20 . 2008-11-13 16:20 17,089 --a------ c:\windows\izyp._dl
2008-11-13 16:20 . 2008-11-13 16:20 16,321 --a------ c:\windows\bivoq.db
2008-11-13 16:20 . 2008-11-13 16:20 15,558 --a------ c:\windows\ydusicujo.inf
2008-11-13 16:20 . 2008-11-13 16:20 14,976 --a------ c:\windows\ysazos.reg
2008-11-13 16:20 . 2008-11-13 16:20 11,815 --a------ c:\windows\dyjabo.vbs
2008-11-13 16:20 . 2008-11-13 16:20 11,519 --a------ c:\windows\sipe.pif
2008-11-13 16:20 . 2008-11-13 16:20 11,100 --a------ c:\windows\meponufal._sy
2008-11-13 10:53 . 2008-11-13 10:53 18,681 --a------ c:\documents and settings\Bruce Williams\Application Data\zanyt.bat
2008-11-13 10:53 . 2008-11-13 10:53 17,663 --a------ c:\windows\system32\ucazuf.ban
2008-11-13 10:53 . 2008-11-13 10:53 16,032 --a------ c:\documents and settings\Bruce Williams\Application Data\tivatyhe.bin
2008-11-13 10:53 . 2008-11-13 10:53 14,211 --a------ c:\windows\system32\bojameke.exe
2008-11-13 10:53 . 2008-11-13 10:53 14,182 --a------ c:\windows\system32\ejedubago.pif
2008-11-13 10:53 . 2008-11-13 10:53 12,646 --a------ c:\documents and settings\Bruce Williams\Application Data\zyquwawy.reg
2008-11-13 10:53 . 2008-11-13 10:53 12,046 --a------ c:\windows\wokym.bin
2008-11-13 10:53 . 2008-11-13 10:53 10,370 --a------ c:\windows\zyneny.pif
2008-11-13 09:34 . 2008-11-13 09:34 <DIR> d-------- c:\documents and settings\Bruce Williams\Application Data\Software602
2008-11-13 09:23 . 2008-11-13 09:23 <DIR> d-------- c:\program files\Software602
2008-11-13 09:23 . 2008-10-01 14:29 3,833,856 --a------ c:\windows\system32\cdintf300.dll
2008-11-12 17:14 . 2008-10-24 05:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 17:13 . 2008-09-04 11:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 11:46 . 2008-11-12 11:46 243,024 --a------ c:\windows\system32\LSPInstall.dll
2008-11-12 11:46 . 2008-11-12 11:46 111,960 --a------ c:\windows\system32\INetHTTPFilter.dll
2008-11-03 09:38 . 2008-11-03 09:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant
2008-11-03 09:31 . 2008-11-03 09:52 147,264 --a------ c:\windows\hpoins17.dat
2008-11-03 09:31 . 2007-04-24 21:48 8,138 --------- c:\windows\hpomdl17.dat
2008-10-23 12:42 . 2008-10-15 10:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-20 01:39 --------- d-----w c:\documents and settings\Bruce Williams\Application Data\AVG7
2008-11-20 01:33 5,191,028 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-11-20 01:33 442,875,936 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-11-13 22:20 15,857 ----a-w c:\program files\Common Files\hylobahin._dl
2008-11-13 15:23 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-09 20:10 2,959,360 ----a-w c:\windows\Internet Logs\xDB5.tmp
2008-11-09 20:10 1,539,072 ----a-w c:\windows\Internet Logs\xDB6.tmp
2008-11-03 15:38 --------- d-----w c:\documents and settings\All Users\Application Data\HP
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-12 17:46 --------- d-----w c:\documents and settings\Bruce Williams\Application Data\HP
2008-10-12 15:22 --------- d-----w c:\program files\Sun
2008-10-12 15:21 --------- d-----w c:\program files\Java
2007-07-30 02:38 411,248 ----a-w c:\program files\FLV PlayerRCSetup.exe
2005-05-06 21:36 63,040 ----a-w c:\documents and settings\Bruce Williams\Application Data\GDIPFONTCACHEV1.DAT
2007-03-09 07:12 27,648 --sha-w c:\windows\system32\AVSredirect.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-25 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Windows Registry Repair Pro"="c:\program files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe" [2005-09-07 1358336]
"MalwareRemovalBot"="c:\program files\MalwareRemovalBot\MalwareRemovalBot.exe" [2008-11-13 19382272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IPInSightMonitor 02"="c:\program files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe" [2003-06-11 122880]
"IPInSightLAN 02"="c:\program files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" [2003-06-11 380928]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-07 196608]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"CPQEASYACC"="c:\compaq\eakdrv\STARTDRV.exe" [2001-07-11 40960]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-10-18 590848]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-13 169984]
"ParetoLogic Anti-Virus PLUS"="c:\program files\ParetoLogic\Anti-Virus PLUS\Pareto_AV.lnk" [2008-11-19 2355]
"PD0630 STISvc"="P0630Pin.dll" [2005-06-05 c:\windows\system32\P0630Pin.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2007-10-25 219136]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.iac2"= c:\progra~1\REPLAY~1\iac25_32.ax

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
--a------ 2001-10-17 11:50 655360 c:\program files\Adaptec\Easy CD Creator 5\DirectCD\Directcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
--------- 2005-03-29 00:13 258048 c:\program files\Creative\Shared Files\CamTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MalwareRemovalBot]
--a------ 2008-11-13 11:59 19382272 c:\program files\MalwareRemovalBot\MalwareRemovalBot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Print2PDF Print Monitor]
--a------ 2008-10-03 21:10 77824 c:\program files\Software602\Print2PDF\Print2PDF.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\srmclean]
--a------ 2001-07-24 15:34 36864 c:\cpqs\scom\srmclean.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-06-07 13:08 4670968 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
--a------ 2008-03-13 22:11 919016 c:\program files\Zone Labs\ZoneAlarm\zlclient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"windows auto update"=
"WCOLOREAL"="c:\program files\COMPAQ\Coloreal\coloreal.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqnrs08.exe"=

R2 ScFBPNT;CanoScan FBP Port Driver;\??\c:\windows\System32\drivers\ScFBPNT.SYS [2002-12-17 16288]
R3 Ptserlp;PCTEL Serial Device Driver for PCI;c:\windows\system32\DRIVERS\ptserlp.sys [2002-12-17 112574]
S3 P0630VID;Creative WebCam Live!;c:\windows\system32\DRIVERS\P0630Vid.sys [2006-01-05 91841]
S4 hpt3xx;hpt3xx; []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2008-11-20 c:\windows\Tasks\MalwareRemovalBot Scheduled Scan.job
- c:\program files\MalwareRemovalBot\MalwareRemovalBot.exe [2008-11-13 11:59]

2008-11-20 c:\windows\Tasks\MalwareRemovalBot Scheduled Scan.job
- c:\program files\MalwareRemovalBot [2008-11-13 18:02]

2008-11-19 c:\windows\Tasks\ParetoLogic Anti-Virus PLUS.job
- c:\program files\ParetoLogic\Anti-Virus PLUS\Pareto_AV.exe [2008-11-12 11:47]

2008-11-19 c:\windows\Tasks\ParetoLogic Anti-Virus PLUS_dbsummary.job
- c:\program files\ParetoLogic\Anti-Virus PLUS\Pareto_AV.exe [2008-11-12 11:47]

2008-11-19 c:\windows\Tasks\ParetoLogic Registration.job
- c:\windows\system32\rundll32.exe [2008-04-13 18:12]

2008-11-19 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 12:25]
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-brastk - c:\windows\system32\brastk.exe
MSConfigStartUp-Antivirus Pro 2009 - c:\program files\AntivirusPro2009\AntivirusPro2009.exe
MSConfigStartUp-SDAutoLiveupdate - c:\program files\SpywareDetector\LiveUpdateSD.exe
MSConfigStartUp-brastk - brastk.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/def ... earch.html
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - {E4ABF418-CB30-470C-BFF7-674AC0FC564F} - c:\program files\Software602\Print2PDF\Print602.dll
LSP: c:\windows\system32\INetHTTPFilter.dll

O16 -: Microsoft XML Parser for Java - c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-19 19:39:02
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ZoneLabs\vsmon.exe
c:\windows\system32\scardsvr.exe
c:\progra~1\Grisoft\AVG7\avgamsvr.exe
c:\progra~1\Grisoft\AVG7\avgupsvc.exe
c:\progra~1\Grisoft\AVG7\avgemc.exe
c:\windows\system32\pctspk.exe
c:\program files\Common Files\ParetoLogic\PLAS\plasservice.exe
c:\compaq\EAKDRV\EAKDRV.exe
c:\compaq\EAKDRV\EAUSBKBD.exe
c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe
c:\windows\system32\msiexec.exe
c:\progra~1\Grisoft\AVG7\avginet.exe
c:\program files\Common Files\ParetoLogic\PLAVEngine\ScanningProcess.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2008-11-19 19:53:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-20 01:52:45

Pre-Run: 21,424,640,000 bytes free
Post-Run: 22,185,754,624 bytes free

283 --- E O F --- 2008-11-15 01:19:48

Scan Log from ComboFix2

ComboFix 08-11-18.A2 - Bruce Williams 2008-11-19 20:17:10.2 - NTFSx86
Running from: c:\documents and settings\Bruce Williams\Desktop\CF2.exe
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-10-20 to 2008-11-20 )))))))))))))))))))))))))))))))
.

2008-11-19 19:29 . 2001-08-18 06:00 4,224 --a------ c:\windows\system32\drivers\beep.sys
2008-11-19 19:29 . 2001-08-18 06:00 4,224 --a--c--- c:\windows\system32\dllcache\beep.sys
2008-11-19 18:01 . 2008-11-19 20:25 13,344 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2008-11-19 18:01 . 2008-11-19 19:33 1,700 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2008-11-15 15:22 . 2008-11-15 15:22 5,098 --a------ C:\rollback.ini
2008-11-15 15:10 . 2008-11-15 15:10 <DIR> d-------- c:\program files\ParetoLogic
2008-11-15 15:10 . 2008-11-15 15:11 <DIR> d-------- c:\program files\Common Files\ParetoLogic
2008-11-15 15:10 . 2008-11-15 15:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS
2008-11-15 15:10 . 2008-11-15 15:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\ParetoLogic
2008-11-13 18:06 . 2008-11-14 16:20 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-13 18:02 . 2008-11-19 20:22 <DIR> d-------- c:\program files\MalwareRemovalBot
2008-11-13 17:54 . 2008-11-13 17:55 <DIR> d-------- c:\documents and settings\Bruce Williams\Application Data\MalwareRemovalBot
2008-11-13 16:20 . 2008-11-13 16:20 18,121 --a------ c:\windows\system32\ipib.dl
2008-11-13 16:20 . 2008-11-13 16:20 17,089 --a------ c:\windows\izyp._dl
2008-11-13 16:20 . 2008-11-13 16:20 16,321 --a------ c:\windows\bivoq.db
2008-11-13 16:20 . 2008-11-13 16:20 15,558 --a------ c:\windows\ydusicujo.inf
2008-11-13 16:20 . 2008-11-13 16:20 14,976 --a------ c:\windows\ysazos.reg
2008-11-13 16:20 . 2008-11-13 16:20 11,815 --a------ c:\windows\dyjabo.vbs
2008-11-13 16:20 . 2008-11-13 16:20 11,519 --a------ c:\windows\sipe.pif
2008-11-13 16:20 . 2008-11-13 16:20 11,100 --a------ c:\windows\meponufal._sy
2008-11-13 10:53 . 2008-11-13 10:53 18,681 --a------ c:\documents and settings\Bruce Williams\Application Data\zanyt.bat
2008-11-13 10:53 . 2008-11-13 10:53 17,663 --a------ c:\windows\system32\ucazuf.ban
2008-11-13 10:53 . 2008-11-13 10:53 16,032 --a------ c:\documents and settings\Bruce Williams\Application Data\tivatyhe.bin
2008-11-13 10:53 . 2008-11-13 10:53 14,211 --a------ c:\windows\system32\bojameke.exe
2008-11-13 10:53 . 2008-11-13 10:53 14,182 --a------ c:\windows\system32\ejedubago.pif
2008-11-13 10:53 . 2008-11-13 10:53 12,646 --a------ c:\documents and settings\Bruce Williams\Application Data\zyquwawy.reg
2008-11-13 10:53 . 2008-11-13 10:53 12,046 --a------ c:\windows\wokym.bin
2008-11-13 10:53 . 2008-11-13 10:53 10,370 --a------ c:\windows\zyneny.pif
2008-11-13 09:34 . 2008-11-13 09:34 <DIR> d-------- c:\documents and settings\Bruce Williams\Application Data\Software602
2008-11-13 09:23 . 2008-11-13 09:23 <DIR> d-------- c:\program files\Software602
2008-11-13 09:23 . 2008-10-01 14:29 3,833,856 --a------ c:\windows\system32\cdintf300.dll
2008-11-12 17:14 . 2008-10-24 05:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 17:13 . 2008-09-04 11:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 11:46 . 2008-11-12 11:46 243,024 --a------ c:\windows\system32\LSPInstall.dll
2008-11-12 11:46 . 2008-11-12 11:46 111,960 --a------ c:\windows\system32\INetHTTPFilter.dll
2008-11-03 09:38 . 2008-11-03 09:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant
2008-11-03 09:31 . 2008-11-03 09:52 147,264 --a------ c:\windows\hpoins17.dat
2008-11-03 09:31 . 2007-04-24 21:48 8,138 --------- c:\windows\hpomdl17.dat
2008-10-23 12:42 . 2008-10-15 10:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-20 01:39 --------- d-----w c:\documents and settings\Bruce Williams\Application Data\AVG7
2008-11-20 01:33 5,191,028 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-11-20 01:33 442,875,936 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-11-13 22:20 15,857 ----a-w c:\program files\Common Files\hylobahin._dl
2008-11-13 15:23 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-09 20:10 2,959,360 ----a-w c:\windows\Internet Logs\xDB5.tmp
2008-11-09 20:10 1,539,072 ----a-w c:\windows\Internet Logs\xDB6.tmp
2008-11-03 15:38 --------- d-----w c:\documents and settings\All Users\Application Data\HP
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-12 17:46 --------- d-----w c:\documents and settings\Bruce Williams\Application Data\HP
2008-10-12 15:22 --------- d-----w c:\program files\Sun
2008-10-12 15:21 --------- d-----w c:\program files\Java
2008-09-30 22:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
2007-07-30 02:38 411,248 ----a-w c:\program files\FLV PlayerRCSetup.exe
2005-05-06 21:36 63,040 ----a-w c:\documents and settings\Bruce Williams\Application Data\GDIPFONTCACHEV1.DAT
2007-03-09 07:12 27,648 --sha-w c:\windows\system32\AVSredirect.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-25 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Windows Registry Repair Pro"="c:\program files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe" [2005-09-07 1358336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IPInSightMonitor 02"="c:\program files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe" [2003-06-11 122880]
"IPInSightLAN 02"="c:\program files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" [2003-06-11 380928]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-07 196608]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"CPQEASYACC"="c:\compaq\eakdrv\STARTDRV.exe" [2001-07-11 40960]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-10-18 590848]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-13 169984]
"ParetoLogic Anti-Virus PLUS"="c:\program files\ParetoLogic\Anti-Virus PLUS\Pareto_AV.lnk" [2008-11-19 2355]
"PD0630 STISvc"="P0630Pin.dll" [2005-06-05 c:\windows\system32\P0630Pin.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2007-10-25 219136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.iac2"= c:\progra~1\REPLAY~1\iac25_32.ax

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
--a------ 2001-10-17 11:50 655360 c:\program files\Adaptec\Easy CD Creator 5\DirectCD\Directcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
--------- 2005-03-29 00:13 258048 c:\program files\Creative\Shared Files\CamTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Print2PDF Print Monitor]
--a------ 2008-10-03 21:10 77824 c:\program files\Software602\Print2PDF\Print2PDF.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\srmclean]
--a------ 2001-07-24 15:34 36864 c:\cpqs\scom\srmclean.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-06-07 13:08 4670968 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
--a------ 2008-03-13 22:11 919016 c:\program files\Zone Labs\ZoneAlarm\zlclient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"windows auto update"=
"WCOLOREAL"="c:\program files\COMPAQ\Coloreal\coloreal.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqnrs08.exe"=

R2 Pctspk;PCTEL Speaker Phone;c:\windows\system32\pctspk.exe [2002-12-17 86016]
R2 ScFBPNT;CanoScan FBP Port Driver;\??\c:\windows\System32\drivers\ScFBPNT.SYS [2002-12-17 16288]
R2 ZeppelinService;plasservice;"c:\program files\Common Files\ParetoLogic\PLAS\plasservice.exe" [2008-11-12 587216]
R3 Ptserlp;PCTEL Serial Device Driver for PCI;c:\windows\system32\DRIVERS\ptserlp.sys [2002-12-17 112574]
S3 P0630VID;Creative WebCam Live!;c:\windows\system32\DRIVERS\P0630Vid.sys [2006-01-05 91841]
S4 hpt3xx;hpt3xx; []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder

2008-11-20 c:\windows\Tasks\MalwareRemovalBot Scheduled Scan.job
- c:\program files\MalwareRemovalBot\MalwareRemovalBot.exe []

2008-11-20 c:\windows\Tasks\MalwareRemovalBot Scheduled Scan.job
- c:\program files\MalwareRemovalBot [2008-11-19 20:22]

2008-11-19 c:\windows\Tasks\ParetoLogic Anti-Virus PLUS.job
- c:\program files\ParetoLogic\Anti-Virus PLUS\Pareto_AV.exe [2008-11-12 11:47]

2008-11-19 c:\windows\Tasks\ParetoLogic Anti-Virus PLUS_dbsummary.job
- c:\program files\ParetoLogic\Anti-Virus PLUS\Pareto_AV.exe [2008-11-12 11:47]

2008-11-19 c:\windows\Tasks\ParetoLogic Registration.job
- c:\windows\system32\rundll32.exe [2008-04-13 18:12]

2008-11-19 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 12:25]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-MalwareRemovalBot - c:\program files\MalwareRemovalBot\MalwareRemovalBot.exe
MSConfigStartUp-MalwareRemovalBot - c:\program files\MalwareRemovalBot\MalwareRemovalBot.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/def ... earch.html
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - {E4ABF418-CB30-470C-BFF7-674AC0FC564F} - c:\program files\Software602\Print2PDF\Print602.dll
LSP: c:\windows\system32\INetHTTPFilter.dll

O16 -: Microsoft XML Parser for Java - c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-19 20:25:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\docume~1\BRUCEW~1\LOCALS~1\Temp\RGI24.tmp 7075 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2008-11-19 20:29:43
ComboFix-quarantined-files.txt 2008-11-20 02:29:29
ComboFix2.txt 2008-11-20 01:53:50

Pre-Run: 22,196,547,584 bytes free
Post-Run: 22,177,034,240 bytes free

205 --- E O F --- 2008-11-15 01:19:48


Scan Log from ComboFix3

ComboFix 08-11-18.A2 - Bruce Williams 2008-11-19 20:41:16.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.205 [GMT -6:00]
Running from: c:\documents and settings\Bruce Williams\Desktop\CF3.exe
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-10-20 to 2008-11-20 )))))))))))))))))))))))))))))))
.

2008-11-19 19:29 . 2001-08-18 06:00 4,224 --a------ c:\windows\system32\drivers\beep.sys
2008-11-19 19:29 . 2001-08-18 06:00 4,224 --a--c--- c:\windows\system32\dllcache\beep.sys
2008-11-19 18:01 . 2008-11-19 20:48 15,392 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2008-11-19 18:01 . 2008-11-19 19:33 1,700 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2008-11-15 15:22 . 2008-11-15 15:22 5,098 --a------ C:\rollback.ini
2008-11-15 15:10 . 2008-11-15 15:10 <DIR> d-------- c:\program files\ParetoLogic
2008-11-15 15:10 . 2008-11-15 15:11 <DIR> d-------- c:\program files\Common Files\ParetoLogic
2008-11-15 15:10 . 2008-11-15 15:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS
2008-11-15 15:10 . 2008-11-15 15:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\ParetoLogic
2008-11-13 18:06 . 2008-11-14 16:20 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-13 18:02 . 2008-11-19 20:22 <DIR> d-------- c:\program files\MalwareRemovalBot
2008-11-13 17:54 . 2008-11-13 17:55 <DIR> d-------- c:\documents and settings\Bruce Williams\Application Data\MalwareRemovalBot
2008-11-13 16:20 . 2008-11-13 16:20 18,121 --a------ c:\windows\system32\ipib.dl
2008-11-13 16:20 . 2008-11-13 16:20 17,089 --a------ c:\windows\izyp._dl
2008-11-13 16:20 . 2008-11-13 16:20 16,321 --a------ c:\windows\bivoq.db
2008-11-13 16:20 . 2008-11-13 16:20 15,558 --a------ c:\windows\ydusicujo.inf
2008-11-13 16:20 . 2008-11-13 16:20 14,976 --a------ c:\windows\ysazos.reg
2008-11-13 16:20 . 2008-11-13 16:20 11,815 --a------ c:\windows\dyjabo.vbs
2008-11-13 16:20 . 2008-11-13 16:20 11,519 --a------ c:\windows\sipe.pif
2008-11-13 16:20 . 2008-11-13 16:20 11,100 --a------ c:\windows\meponufal._sy
2008-11-13 10:53 . 2008-11-13 10:53 18,681 --a------ c:\documents and settings\Bruce Williams\Application Data\zanyt.bat
2008-11-13 10:53 . 2008-11-13 10:53 17,663 --a------ c:\windows\system32\ucazuf.ban
2008-11-13 10:53 . 2008-11-13 10:53 16,032 --a------ c:\documents and settings\Bruce Williams\Application Data\tivatyhe.bin
2008-11-13 10:53 . 2008-11-13 10:53 14,211 --a------ c:\windows\system32\bojameke.exe
2008-11-13 10:53 . 2008-11-13 10:53 14,182 --a------ c:\windows\system32\ejedubago.pif
2008-11-13 10:53 . 2008-11-13 10:53 12,646 --a------ c:\documents and settings\Bruce Williams\Application Data\zyquwawy.reg
2008-11-13 10:53 . 2008-11-13 10:53 12,046 --a------ c:\windows\wokym.bin
2008-11-13 10:53 . 2008-11-13 10:53 10,370 --a------ c:\windows\zyneny.pif
2008-11-13 09:34 . 2008-11-13 09:34 <DIR> d-------- c:\documents and settings\Bruce Williams\Application Data\Software602
2008-11-13 09:23 . 2008-11-13 09:23 <DIR> d-------- c:\program files\Software602
2008-11-13 09:23 . 2008-10-01 14:29 3,833,856 --a------ c:\windows\system32\cdintf300.dll
2008-11-12 17:14 . 2008-10-24 05:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 17:13 . 2008-09-04 11:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 11:46 . 2008-11-12 11:46 243,024 --a------ c:\windows\system32\LSPInstall.dll
2008-11-12 11:46 . 2008-11-12 11:46 111,960 --a------ c:\windows\system32\INetHTTPFilter.dll
2008-11-03 09:38 . 2008-11-03 09:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant
2008-11-03 09:31 . 2008-11-03 09:52 147,264 --a------ c:\windows\hpoins17.dat
2008-11-03 09:31 . 2007-04-24 21:48 8,138 --------- c:\windows\hpomdl17.dat
2008-10-23 12:42 . 2008-10-15 10:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-20 01:39 --------- d-----w c:\documents and settings\Bruce Williams\Application Data\AVG7
2008-11-20 01:33 5,191,028 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-11-20 01:33 442,875,936 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-11-13 22:20 15,857 ----a-w c:\program files\Common Files\hylobahin._dl
2008-11-13 15:23 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-09 20:10 2,959,360 ----a-w c:\windows\Internet Logs\xDB5.tmp
2008-11-09 20:10 1,539,072 ----a-w c:\windows\Internet Logs\xDB6.tmp
2008-11-03 15:38 --------- d-----w c:\documents and settings\All Users\Application Data\HP
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-12 17:46 --------- d-----w c:\documents and settings\Bruce Williams\Application Data\HP
2008-10-12 15:22 --------- d-----w c:\program files\Sun
2008-10-12 15:21 --------- d-----w c:\program files\Java
2008-09-30 22:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
2007-07-30 02:38 411,248 ----a-w c:\program files\FLV PlayerRCSetup.exe
2005-05-06 21:36 63,040 ----a-w c:\documents and settings\Bruce Williams\Application Data\GDIPFONTCACHEV1.DAT
2007-03-09 07:12 27,648 --sha-w c:\windows\system32\AVSredirect.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-25 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Windows Registry Repair Pro"="c:\program files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe" [2005-09-07 1358336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IPInSightMonitor 02"="c:\program files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe" [2003-06-11 122880]
"IPInSightLAN 02"="c:\program files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" [2003-06-11 380928]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-07 196608]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"CPQEASYACC"="c:\compaq\eakdrv\STARTDRV.exe" [2001-07-11 40960]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-10-18 590848]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-13 169984]
"ParetoLogic Anti-Virus PLUS"="c:\program files\ParetoLogic\Anti-Virus PLUS\Pareto_AV.lnk" [2008-11-19 2355]
"PD0630 STISvc"="P0630Pin.dll" [2005-06-05 c:\windows\system32\P0630Pin.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2007-10-25 219136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.iac2"= c:\progra~1\REPLAY~1\iac25_32.ax

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
--a------ 2001-10-17 11:50 655360 c:\program files\Adaptec\Easy CD Creator 5\DirectCD\Directcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
--------- 2005-03-29 00:13 258048 c:\program files\Creative\Shared Files\CamTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Print2PDF Print Monitor]
--a------ 2008-10-03 21:10 77824 c:\program files\Software602\Print2PDF\Print2PDF.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\srmclean]
--a------ 2001-07-24 15:34 36864 c:\cpqs\scom\srmclean.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-06-07 13:08 4670968 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
--a------ 2008-03-13 22:11 919016 c:\program files\Zone Labs\ZoneAlarm\zlclient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"windows auto update"=
"WCOLOREAL"="c:\program files\COMPAQ\Coloreal\coloreal.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqnrs08.exe"=

R2 Pctspk;PCTEL Speaker Phone;c:\windows\system32\pctspk.exe [2002-12-17 86016]
R2 ScFBPNT;CanoScan FBP Port Driver;\??\c:\windows\System32\drivers\ScFBPNT.SYS [2002-12-17 16288]
R2 ZeppelinService;plasservice;"c:\program files\Common Files\ParetoLogic\PLAS\plasservice.exe" [2008-11-12 587216]
R3 Ptserlp;PCTEL Serial Device Driver for PCI;c:\windows\system32\DRIVERS\ptserlp.sys [2002-12-17 112574]
S3 P0630VID;Creative WebCam Live!;c:\windows\system32\DRIVERS\P0630Vid.sys [2006-01-05 91841]
S4 hpt3xx;hpt3xx; []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder

2008-11-20 c:\windows\Tasks\MalwareRemovalBot Scheduled Scan.job
- c:\program files\MalwareRemovalBot\MalwareRemovalBot.exe []

2008-11-20 c:\windows\Tasks\MalwareRemovalBot Scheduled Scan.job
- c:\program files\MalwareRemovalBot [2008-11-19 20:22]

2008-11-19 c:\windows\Tasks\ParetoLogic Anti-Virus PLUS.job
- c:\program files\ParetoLogic\Anti-Virus PLUS\Pareto_AV.exe [2008-11-12 11:47]

2008-11-19 c:\windows\Tasks\ParetoLogic Anti-Virus PLUS_dbsummary.job
- c:\program files\ParetoLogic\Anti-Virus PLUS\Pareto_AV.exe [2008-11-12 11:47]

2008-11-19 c:\windows\Tasks\ParetoLogic Registration.job
- c:\windows\system32\rundll32.exe [2008-04-13 18:12]

2008-11-19 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 12:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/def ... earch.html
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - {E4ABF418-CB30-470C-BFF7-674AC0FC564F} - c:\program files\Software602\Print2PDF\Print602.dll
LSP: c:\windows\system32\INetHTTPFilter.dll

O16 -: Microsoft XML Parser for Java - c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-19 20:47:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-19 20:51:40
ComboFix-quarantined-files.txt 2008-11-20 02:51:28
ComboFix2.txt 2008-11-20 02:29:47
ComboFix3.txt 2008-11-20 01:53:50

Pre-Run: 22,185,381,888 bytes free
Post-Run: 22,170,513,408 bytes free

203 --- E O F --- 2008-11-15 01:19:48
wildcat
Active Member
 
Posts: 10
Joined: November 13th, 2008, 7:13 pm

Re: AntivirusXP 2009 Infection

Unread postby Katana » November 20th, 2008, 5:13 am

I don't know what you mean by a "fresn HJT log".

Sorry, I assumed that you had downloaded HJT as the forum requests in the "Before You Post" thread

At least we are getting somewhere now :)
Please do the following
----------------------------------------------------------- -----------------------------------------------------------

Step 1


Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

----------------------------------------------------------- -----------------------------------------------------------
Step 2


Download and Run RSIT
  • Please download Random's System Information Tool by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized.
    • info.txt will be opened minimized.
  • Please post the contents of both log.txt and info.txt.

----------------------------------------------------------- -----------------------------------------------------------
Step 3

Logs/Information to Post in Reply
Please post the following logs/Information in your reply
  • Malwarebytes Log
  • RSIT Logs
  • How are things running now ?
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: AntivirusXP 2009 Infection

Unread postby wildcat » November 20th, 2008, 1:50 pm

I have completed the processes you've outlined for me. The logs follow this text. I have been running the free versions of AVG and ZoneAlarm. Should I substitute the Malware program or use something else? What do you recommend? Keep in mind it's a very old Compaq Presario and once I transfer my personal files I'll probably sell it or give it away.

The machine seems to be running OK right now. Hopefully, the problem is solved. Please offer your recommendation on protective software and if I need to do anything else related to cleaning up the spyware. Thank you for your assistance.

Here are the logs:

Malwarebytes' Anti-Malware 1.30
Database version: 1414
Windows 5.1.2600 Service Pack 3

11/20/2008 10:54:16 AM
mbam-log-2008-11-20 (10-54-16).txt

Scan type: Full Scan (C:\|D:\|H:\|)
Objects scanned: 109755
Time elapsed: 1 hour(s), 40 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Typelib\{2a7db8d1-43be-4ad3-a81e-9bb8c9d00073} (Adware.Delphinmediaviewer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\antiviruspro2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\WINDOWS\karna.dat.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\karna.dat.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSScfum.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSnrsr.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSofxh.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSriqp.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\TDSSmhxt.sys.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{04AF220D-CBE2-417D-9DA8-8AD5ECDDBE1C}\RP1550\A0341455.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bruce Williams\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro2009.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSproc.log (Trojan.TDSS) -> Quarantined and deleted successfully.

Logfile of random's system information tool 1.04 (written by random/random)
Run by Bruce Williams at 2008-11-20 11:01:11
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 21 GB (62%) free of 34 GB
Total RAM: 510 MB (25% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:07:20 AM, on 11/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Compaq\eakdrv\STARTDRV.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Compaq\eakdrv\EAKDRV.exe
C:\Compaq\eakdrv\EAUSBKBD.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe
C:\PROGRA~1\Grisoft\AVG7\avginet.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Documents and Settings\Bruce Williams\Desktop\RSIT.exe
C:\Program Files\trend micro\Bruce Williams.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
N2 - Netscape 6: user_pref("browser.startup.homepage", "http://yahoo.sbc.com/dsl"); (C:\Documents and Settings\BRUCE WILLIAMS\Application Data\Mozilla\Profiles\default\vy0qatf4.slt\prefs.js)
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\BRUCE WILLIAMS\Application Data\Mozilla\Profiles\default\vy0qatf4.slt\prefs.js)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [CPQEASYACC] C:\Compaq\eakdrv\STARTDRV.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Print2PDF - {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - C:\Program Files\Software602\Print2PDF\Print602.dll
O9 - Extra 'Tools' menuitem: Print2PDF - {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - C:\Program Files\Software602\Print2PDF\Print602.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {2FDDDACA-B98D-4028-8711-540B2BA6B0E6} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/ins ... _v01_5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0975298641
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v ... b34246.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8745 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\MalwareRemovalBot Scheduled Scan.job
C:\WINDOWS\tasks\ParetoLogic Registration.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2006-10-12 2108480]
{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - ZoneAlarm Spy Blocker - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-04-09 262144]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IPInSightMonitor 02"=C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe [2003-06-11 122880]
"IPInSightLAN 02"=C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe [2003-06-11 380928]
"HPDJ Taskbar Utility"=C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe [2001-11-07 196608]
"PD0630 STISvc"=C:\WINDOWS\system32\P0630Pin.dll [2005-06-05 36864]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"CPQEASYACC"=C:\Compaq\eakdrv\STARTDRV.exe [2001-07-11 40960]
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVG7\avgcc.exe [2008-10-18 590848]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-13 169984]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2008-10-22 1261200]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2008-10-22 399504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-25 68856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Windows Registry Repair Pro"=C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe [2005-09-07 1358336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe [2001-10-17 655360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
C:\Program Files\Creative\Shared Files\CamTray.exe [2005-03-29 258048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Print2PDF Print Monitor]
C:\Program Files\Software602\Print2PDF\Print2PDF.exe [2008-10-03 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\srmclean]
C:\Cpqs\Scom\srmclean.exe [2001-07-24 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-06-07 4670968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-03-13 919016]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceClassicControlPanel"=1
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\SightSpeed\SightSpeed.exe"="C:\Program Files\SightSpeed\SightSpeed.exe:*:Enabled:SightSpeed"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\Grisoft\AVG7\avgemc.exe"="C:\Program Files\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe"
"C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe"="C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe:*:Enabled:Kaspersky AV Scanner"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe"="C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

======List of files/folders created in the last 3 months======

2008-11-20 11:01:33 ----D---- C:\Program Files\trend micro
2008-11-20 11:01:11 ----D---- C:\rsit
2008-11-20 10:54:32 ----A---- C:\WINDOWS\qonita.txt
2008-11-20 09:09:10 ----D---- C:\Documents and Settings\Bruce Williams\Application Data\Malwarebytes
2008-11-20 09:08:55 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-20 09:08:55 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-20 09:07:36 ----SHD---- C:\RECYCLER
2008-11-19 20:51:44 ----A---- C:\ComboFix.txt
2008-11-19 19:13:31 ----A---- C:\WINDOWS\zip.exe
2008-11-19 19:13:31 ----A---- C:\WINDOWS\VFIND.exe
2008-11-19 19:13:31 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-11-19 19:13:31 ----A---- C:\WINDOWS\SWSC.exe
2008-11-19 19:13:31 ----A---- C:\WINDOWS\SWREG.exe
2008-11-19 19:13:31 ----A---- C:\WINDOWS\sed.exe
2008-11-19 19:13:31 ----A---- C:\WINDOWS\NIRCMD.exe
2008-11-19 19:13:31 ----A---- C:\WINDOWS\grep.exe
2008-11-19 19:13:31 ----A---- C:\WINDOWS\fdsv.exe
2008-11-19 19:12:48 ----D---- C:\WINDOWS\ERDNT
2008-11-19 19:12:48 ----D---- C:\Qoobox
2008-11-15 15:22:06 ----A---- C:\rollback.ini
2008-11-15 15:10:56 ----D---- C:\Program Files\Common Files\ParetoLogic
2008-11-15 15:10:56 ----D---- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS
2008-11-15 15:10:56 ----D---- C:\Documents and Settings\All Users\Application Data\ParetoLogic
2008-11-13 17:54:52 ----D---- C:\Documents and Settings\Bruce Williams\Application Data\MalwareRemovalBot
2008-11-13 16:20:51 ----A---- C:\WINDOWS\dyjabo.vbs
2008-11-13 10:53:59 ----A---- C:\WINDOWS\system32\bojameke.exe
2008-11-13 10:53:59 ----A---- C:\Documents and Settings\Bruce Williams\Application Data\zanyt.bat
2008-11-13 09:34:34 ----D---- C:\Documents and Settings\Bruce Williams\Application Data\Software602
2008-11-13 09:23:53 ----A---- C:\WINDOWS\system32\cdintf300.dll
2008-11-13 09:23:44 ----D---- C:\Program Files\Software602
2008-11-12 20:39:33 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 20:14:23 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 20:13:56 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-03 09:38:10 ----D---- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-10-24 02:06:37 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-15 02:09:38 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-15 02:09:16 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-15 02:08:53 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-15 02:06:55 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-15 02:04:44 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-12 11:46:52 ----D---- C:\Documents and Settings\Bruce Williams\Application Data\HP
2008-10-12 09:22:17 ----D---- C:\Program Files\Sun
2008-10-12 09:21:40 ----A---- C:\WINDOWS\system32\javaws.exe
2008-10-12 09:21:40 ----A---- C:\WINDOWS\system32\javaw.exe
2008-10-12 09:21:40 ----A---- C:\WINDOWS\system32\java.exe
2008-09-30 16:43:34 ----A---- C:\WINDOWS\system32\msxml4.dll
2008-09-10 02:01:39 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-10 02:00:34 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-08-31 02:01:48 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-08-30 13:06:53 ----D---- C:\WINDOWS\Prefetch
2008-08-30 08:54:08 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-30 08:53:14 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-30 08:52:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-08-30 08:51:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-08-30 08:50:27 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-08-30 08:49:35 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-08-30 08:48:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-30 08:47:44 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-30 08:46:51 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-08-30 08:45:47 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-30 08:24:22 ----D---- C:\WINDOWS\system32\scripting
2008-08-30 08:24:13 ----D---- C:\WINDOWS\l2schemas
2008-08-30 08:24:08 ----D---- C:\WINDOWS\system32\en
2008-08-27 21:04:16 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-08-27 21:04:11 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-08-27 21:04:08 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-08-27 21:04:07 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-08-27 21:03:49 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-08-27 21:03:48 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-08-27 21:03:22 ----N---- C:\WINDOWS\system32\setupn.exe
2008-08-27 21:03:14 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-08-27 21:03:11 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-08-27 21:03:09 ----N---- C:\WINDOWS\system32\qutil.dll
2008-08-27 21:03:07 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-08-27 21:03:06 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-08-27 21:03:06 ----N---- C:\WINDOWS\system32\qagent.dll
2008-08-27 21:03:03 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-08-27 21:02:55 ----N---- C:\WINDOWS\system32\onex.dll
2008-08-27 21:02:34 ----N---- C:\WINDOWS\system32\napstat.exe
2008-08-27 21:02:33 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-08-27 21:02:33 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-08-27 21:02:30 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-08-27 21:02:30 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-08-27 21:02:24 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-08-27 21:02:24 ----N---- C:\WINDOWS\system32\mssha.dll
2008-08-27 21:01:55 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-08-27 21:01:54 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-08-27 21:01:54 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-08-27 21:01:53 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-08-27 21:01:26 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-08-27 21:01:24 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-08-27 21:01:23 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-08-27 21:01:23 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-08-27 21:01:22 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-08-27 21:01:22 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-08-27 21:00:48 ----A---- C:\WINDOWS\005638_.tmp
2008-08-27 21:00:44 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-08-27 21:00:44 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-08-27 21:00:44 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-08-27 21:00:44 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-08-27 21:00:44 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-08-27 21:00:44 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-08-27 21:00:44 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-08-27 21:00:44 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-08-27 21:00:37 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-08-27 21:00:37 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-08-27 21:00:37 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-08-27 21:00:37 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-08-27 21:00:36 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-08-27 21:00:36 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-08-27 21:00:36 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-08-27 21:00:32 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-08-27 21:00:32 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-08-27 21:00:31 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-08-27 21:00:23 ----N---- C:\WINDOWS\system32\credssp.dll
2008-08-27 21:00:11 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-08-27 21:00:10 ----N---- C:\WINDOWS\system32\azroles.dll
2008-08-27 20:59:50 ----N---- C:\WINDOWS\system32\aaclient.dll

======List of files/folders modified in the last 3 months======

2008-11-20 11:03:01 ----RHD---- C:\$VAULT$.AVG
2008-11-20 11:01:33 ----AD---- C:\Program Files
2008-11-20 10:54:32 ----D---- C:\WINDOWS\system32\drivers
2008-11-20 10:54:32 ----D---- C:\WINDOWS
2008-11-20 10:54:15 ----D---- C:\WINDOWS\system32
2008-11-20 09:02:28 ----SHD---- C:\WINDOWS\Installer
2008-11-20 09:02:26 ----HD---- C:\Config.Msi
2008-11-20 08:55:20 ----SD---- C:\WINDOWS\Tasks
2008-11-20 08:00:13 ----D---- C:\Documents and Settings\Bruce Williams\Application Data\AVG7
2008-11-19 20:57:32 ----D---- C:\WINDOWS\Temp
2008-11-19 20:48:27 ----D---- C:\WINDOWS\Internet Logs
2008-11-19 20:47:14 ----A---- C:\WINDOWS\system.ini
2008-11-19 20:44:48 ----AD---- C:\Program Files\Common Files
2008-11-19 20:44:47 ----D---- C:\WINDOWS\AppPatch
2008-11-19 20:36:32 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-19 19:33:31 ----D---- C:\WINDOWS\system32\config
2008-11-19 19:30:01 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-19 19:29:36 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-15 15:06:21 ----HD---- C:\WINDOWS\inf
2008-11-14 19:21:23 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-14 17:21:13 ----RASH---- C:\boot.ini
2008-11-14 17:21:13 ----A---- C:\WINDOWS\win.ini
2008-11-14 13:59:38 ----A---- C:\Documents and Settings\All Users\Application Data\DirectCDUserName.txt
2008-11-13 10:48:54 ----D---- C:\WINDOWS\Drivers
2008-11-13 09:23:38 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-12 20:14:30 ----A---- C:\WINDOWS\imsins.BAK
2008-11-12 20:14:13 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-12 20:11:55 ----D---- C:\WINDOWS\WinSxS
2008-11-12 12:31:29 ----D---- C:\WINDOWS\ie7updates
2008-11-12 11:58:22 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-11-12 11:58:22 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-11-12 11:57:21 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-11-03 18:10:25 ----A---- C:\WINDOWS\system32\MRT.exe
2008-11-03 09:47:55 ----D---- C:\WINDOWS\twain_32
2008-11-03 09:38:08 ----D---- C:\Documents and Settings\All Users\Application Data\HP
2008-11-03 09:30:13 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-15 10:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-15 02:08:04 ----D---- C:\Program Files\Internet Explorer
2008-10-12 09:21:34 ----D---- C:\Program Files\Java
2008-10-03 11:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-09-04 11:15:04 ----A---- C:\WINDOWS\system32\msxml3.dll
2008-08-30 13:08:05 ----A---- C:\WINDOWS\OEWABLog.txt
2008-08-30 13:06:24 ----A---- C:\WINDOWS\setuplog.txt
2008-08-30 13:05:12 ----D---- C:\WINDOWS\system32\Setup
2008-08-30 13:05:10 ----D---- C:\WINDOWS\system32\wbem
2008-08-30 13:05:06 ----RSD---- C:\WINDOWS\Fonts
2008-08-30 08:50:39 ----D---- C:\WINDOWS\security
2008-08-30 08:45:54 ----D---- C:\Program Files\Messenger
2008-08-30 08:26:21 ----D---- C:\WINDOWS\ServicePackFiles
2008-08-30 08:25:59 ----D---- C:\WINDOWS\network diagnostic
2008-08-30 08:25:58 ----D---- C:\WINDOWS\ime
2008-08-30 08:25:55 ----D---- C:\WINDOWS\Help
2008-08-30 08:24:33 ----D---- C:\WINDOWS\system32\en-US
2008-08-30 08:24:32 ----D---- C:\WINDOWS\system32\usmt
2008-08-30 08:24:06 ----D---- C:\WINDOWS\system32\bits
2008-08-30 08:24:05 ----D---- C:\WINDOWS\peernet
2008-08-30 08:24:04 ----D---- C:\Program Files\Movie Maker
2008-08-30 08:05:49 ----D---- C:\WINDOWS\system32\Restore
2008-08-30 08:05:48 ----D---- C:\WINDOWS\system32\npp
2008-08-30 08:05:39 ----D---- C:\WINDOWS\msagent
2008-08-30 08:05:32 ----D---- C:\WINDOWS\srchasst
2008-08-30 08:05:29 ----D---- C:\Program Files\NetMeeting
2008-08-30 08:05:22 ----D---- C:\WINDOWS\system32\Com
2008-08-30 08:05:12 ----D---- C:\Program Files\Windows Media Player
2008-08-30 08:05:09 ----D---- C:\Program Files\Windows NT
2008-08-30 08:05:08 ----D---- C:\Program Files\Outlook Express
2008-08-30 08:04:56 ----D---- C:\Program Files\Common Files\System
2008-08-30 08:03:56 ----D---- C:\WINDOWS\system32\oobe
2008-08-30 08:03:44 ----D---- C:\WINDOWS\system
2008-08-30 07:50:55 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-08-30 07:49:37 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-08-30 07:37:37 ----D---- C:\WINDOWS\ehome
2008-08-27 20:16:21 ----D---- C:\WINDOWS\Debug
2008-08-27 02:24:32 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-08-26 01:24:31 ----A---- C:\WINDOWS\system32\wininet.dll
2008-08-26 01:24:31 ----A---- C:\WINDOWS\system32\webcheck.dll
2008-08-26 01:24:31 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-08-26 01:24:30 ----A---- C:\WINDOWS\system32\url.dll
2008-08-26 01:24:30 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-08-26 01:24:30 ----A---- C:\WINDOWS\system32\occache.dll
2008-08-26 01:24:30 ----A---- C:\WINDOWS\system32\mstime.dll
2008-08-26 01:24:30 ----A---- C:\WINDOWS\system32\msrating.dll
2008-08-26 01:24:30 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-08-26 01:24:30 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2008-08-26 01:24:30 ----A---- C:\WINDOWS\system32\msfeeds.dll
2008-08-26 01:24:30 ----A---- C:\WINDOWS\system32\jsproxy.dll
2008-08-26 01:24:29 ----A---- C:\WINDOWS\system32\iertutil.dll
2008-08-26 01:24:29 ----A---- C:\WINDOWS\system32\iernonce.dll
2008-08-26 01:24:29 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2008-08-26 01:24:28 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2008-08-26 01:24:28 ----A---- C:\WINDOWS\system32\ieaksie.dll
2008-08-26 01:24:28 ----A---- C:\WINDOWS\system32\ieakeng.dll
2008-08-26 01:24:28 ----A---- C:\WINDOWS\system32\icardie.dll
2008-08-26 01:24:28 ----A---- C:\WINDOWS\system32\extmgr.dll
2008-08-26 01:24:28 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-08-26 01:24:28 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-08-26 01:24:28 ----A---- C:\WINDOWS\system32\advpack.dll
2008-08-25 02:38:00 ----A---- C:\WINDOWS\system32\ieudinit.exe
2008-08-25 02:37:59 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2008-08-22 23:54:51 ----A---- C:\WINDOWS\system32\ieakui.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Avg7Core;AVG7 Kernel; C:\WINDOWS\System32\Drivers\avg7core.sys [2007-10-25 821856]
R1 Avg7RsW;AVG7 Wrap Driver; C:\WINDOWS\System32\Drivers\avg7rsw.sys [2007-08-08 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [2007-08-08 27776]
R1 AvgClean;AVG7 Clean Driver; C:\WINDOWS\System32\Drivers\avgclean.sys [2007-12-21 10760]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2002-12-17 55216]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2002-12-17 23593]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2001-10-17 233728]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2008-11-12 186128]
R1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-13 42752]
R1 pwd_2K;pwd_2K; C:\WINDOWS\system32\drivers\pwd_2K.sys [2001-10-17 79414]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2001-10-17 205440]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-03-13 394952]
R2 AvgTdi;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdi.sys [2007-08-08 4960]
R2 CdaC15BA;CdaC15BA; \??\C:\WINDOWS\System32\drivers\CDAC15BA.SYS []
R2 ScFBPNT;CanoScan FBP Port Driver; \??\C:\WINDOWS\System32\drivers\ScFBPNT.SYS []
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-07 49920]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-07 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-07 21568]
R3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2002-02-01 160956]
R3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2001-10-17 19158]
R3 Ptserlp;PCTEL Serial Device Driver for PCI; C:\WINDOWS\System32\DRIVERS\ptserlp.sys [2001-08-17 112574]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 catchme;catchme; \??\C:\CF1\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2001-10-17 18342]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2002-02-01 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2002-02-01 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2002-02-01 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2002-02-01 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2002-02-01 19455]
S3 iAimFP5;iAimFP5; C:\WINDOWS\System32\DRIVERS\wADV07nt.sys [2002-02-01 11807]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2002-02-01 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2002-02-01 19551]
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2002-02-01 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2002-02-01 23615]
S3 iAimTV5;iAimTV5; C:\WINDOWS\System32\DRIVERS\wATV10nt.sys [2002-02-01 25471]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 P0630VID;Creative WebCam Live!; C:\WINDOWS\system32\DRIVERS\P0630Vid.sys [2005-06-05 91841]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 wandrv;WAN Network Driver; C:\WINDOWS\System32\DRIVERS\wandrv.sys [2001-08-09 22608]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe [2007-10-25 418816]
R2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe [2007-08-08 49664]
R2 AVGEMS;AVG E-mail Scanner; C:\PROGRA~1\Grisoft\AVG7\avgemc.exe [2007-12-21 406528]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 Pctspk;PCTEL Speaker Phone; C:\WINDOWS\system32\pctspk.exe [2001-08-17 86016]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-03-13 75304]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-04-13 69632]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.04 2008-11-20 11:07:34

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D0803DB-8FC8-4C97-AE1F-1C3DCA357B01}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{513D9FB1-27A2-44E4-8F2D-77A6737921A5}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{80426743-0CC7-4967-BFEC-10DE08D1B6F3}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{80426743-0CC7-4967-BFEC-10DE08D1B6F3}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93CC99FD-FCFC-4BAB-BCB0-3814826DF93D}\SETUP.EXE" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5ABA5FD-EE3D-4F15-895D-B32321E6C96B}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EAF97B2C-0B9B-403C-829C-EF8099237DA9}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Ad-aware 6 Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Advanced Video FX Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D0803DB-8FC8-4C97-AE1F-1C3DCA357B01}\setup.exe" -l0x9 /remove
AnswerWorks 4.0 Runtime - English-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
AVG 7.5-->C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Coloreal-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDE90251-93EB-4F6A-89D8-086E2D91DC56}\setup.exe"
Compaq Advisor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4C1AFCD-2C72-48B4-AE2E-A7354A525E87}\Setup.exe" UNINSTALL
Compaq P920 INF and ICM software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AD82870C-495C-422A-85FC-0F5823BA6272}\Setup.exe"
Compaq Wallpaper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{03AAA1D8-D4CF-48BD-9C66-78B41D80DF06}\setup.exe"
CramDisk-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\CramDisk\ST6UNST.LOG"
Creative Photo Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{513D9FB1-27A2-44E4-8F2D-77A6737921A5}\setup.exe" -l0x9 /remove
Creative WebCam Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5ABA5FD-EE3D-4F15-895D-B32321E6C96B}\setup.exe" -l0x9 /remove
Creative WebCam Live! Driver (1.02.03.0606)-->C:\WINDOWS\CtDrvIns.exe -uninstall -script Pd0630.uns -unsext NT -plugin P0630Pin.dll -pluginres P0630Pin.crl
Creative WebCam Live! User's Guide (English)-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Creative WebCam\Creative WebCam Live! User's Guide\English\CTManual.isu"
Easy CD Creator 5 Basic-->MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
FLV Player-->"C:\WINDOWS\FLV Player\uninstall.exe" "/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml"
Get Yahoo! Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EAF97B2C-0B9B-403C-829C-EF8099237DA9}\setup.exe" -l0x9 /remove
Google Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Customer Participation Program 9.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
hp deskjet 950c series (Remove only)-->C:\Program Files\hp deskjet 950c series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=USB001 -vproduct=950c -huninstall
HP Driver Diagnostics-->MsiExec.exe /X{6314D540-E3C1-4F30-AEEB-4154C93375C3}
HP Imaging Device Functions 9.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 9.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photosmart All-In-One Software 9.0-->C:\Program Files\HP\Digital Imaging\{034F8C89-C4F4-4731-A32B-F4294C04729F}\setup\hpzscr01.exe -datfile hposcr17.dat
HP Photosmart Essential 2.01-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Smart Web Printing-->MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7}
HP Solution Center 9.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Media Content-->MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Small Business-->MsiExec.exe /I{91130409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
MSN Music Assistant-->rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Netscape 6 (6.1)-->C:\WINDOWS\N6Uninst.exe /ua "6.1 (en)"
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
Print2PDF-->C:\Program Files\InstallShield Installation Information\{32C74893-0243-4235-A6F3-201F0E5D2C03}\setup.exe -runfromtemp -l0x0009 REMOVE
Replay Converter 2.8-->C:\WINDOWS\iun6002.exe "C:\Program Files\Replay Converter\iruninRCV.ini"
Rhapsody Player Engine-->MsiExec.exe /I{30C2FCD0-FF7B-4FFA-8DDE-43A22E01A1E7}
Roxio Express Labeler 3-->MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
ScanCraft CS-P-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\ScanCraft CS-P\Uninst.isu" -c"C:\Program Files\Canon\ScanCraft CS-P\scuninst.dll"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Shop for HP Supplies-->C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
SightSpeed (remove only)-->"C:\Program Files\SightSpeed\uninst.exe"
Spybot - Search & Destroy 1.2-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Symantec Technical Support Web Controls-->MsiExec.exe /X{A0E27BA8-353A-4288-AB60-5DE8EDA18E16}
TurboTax Deluxe 2005-->C:\Program Files\TurboTax\Deluxe 2005\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2005\Uninstall.log" -NoGui
TurboTax Deluxe 2007-->C:\Program Files\TurboTax\Deluxe 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2007\Uninstall.log" -NoGui
TurboTax Deluxe Deduction Maximizer 2006-->C:\Program Files\TurboTax\Deluxe 2006\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2006\Uninstall.log" -NoGui
TurboTax ItsDeductible 2005-->MsiExec.exe /X{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}
TurboTax ItsDeductible 2006-->MsiExec.exe /X{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}
Update for Windows Internet Explorer 7 (KB928089)-->"C:\WINDOWS\ie7updates\KB928089\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Visual IP InSight(SBC)-->C:\Program Files\InstallShield Installation Information\{097346E0-6A51-11D1-AD16-00A0C95E0503}SBC\setup.exe SBC
WebCam Live! Product Registration-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93CC99FD-FCFC-4BAB-BCB0-3814826DF93D}\SETUP.EXE" -l0x9 /remove
Winamp3 (remove only)-->C:\Program Files\Winamp3\uninst-wa3.EXE
Windows Defender Signatures-->MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Registry Repair Pro-->"C:\Program Files\3B Software\Windows Registry Repair Pro\unins000.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahoo! Anti-Spy-->C:\PROGRA~1\Yahoo!\Common\unypsr.exe
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
ZoneAlarm Spy Blocker-->rundll32 C:\PROGRA~1\ZONEAL~1\bar\1.bin\SpyBlock.dll,O
ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

======Security center information======

AV: AVG 7.5.549 (outdated)
FW: ZoneAlarm Firewall

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Common Files\Adaptec Shared\System
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=080a
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;
"tvdumpflags"=8

-----------------EOF-----------------

Again, thank you for all your help.
wildcat
Active Member
 
Posts: 10
Joined: November 13th, 2008, 7:13 pm

Re: AntivirusXP 2009 Infection

Unread postby Katana » November 20th, 2008, 5:03 pm

Information


Registry Cleaners

Re. RegistryRepairPro

I don't personally recommend the use of ANY registry cleaners.
Here is an excerpt from a discussion on regcleaners
Most reg cleaners aren't "bad" as such, but they aren't perfect and even the best have been known to cause problems.
The point we are trying to make is that the risk of using one far outweighs any benefit.
If it does work perfectly you will not see any difference
If it doesn't work properly you may end up with an expensive doorstop.

http://forums.whatthetech.com/Regcleaner_t42862.html

----------------------------------------------------------- -----------------------------------------------------------

Step 1


Fix With HJT

Close all other windows and then start HiJack This
Click Do A System Scan Only
When it has finished scanning put a check next to the following lines IF still present
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - (no file) (HKCU)

- Close ALL open windows (especially Internet Explorer!)-
Now click Fix checked
Click yes to any prompts
Close HijackThis

----------------------------------------------------------- -----------------------------------------------------------
Step 2

Remove Programs

Older versions of some programs have vulnerabilities that malware can use to infect your system.

Now click Start---Control Panel. Double click Add or Remove Programs (XP) / Programs and Features (Vista) . If any of the following programs are listed there,
click on the program to highlight it, and click on remove.
  • Adobe Reader 7.0.9 << See below for updating Adobe
  • J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 9
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) SE Runtime Environment 6 Update 1

    The following programs have newer versions
  • Ad-aware 6 Personal
    Spybot - Search & Destroy 1.2
Now close the Control Panel.

----------------------------------------------------------- -----------------------------------------------------------
Step 3


Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)

NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partne ... bscan.html

Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.


**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

----------------------------------------------------------- -----------------------------------------------------------
Step 4

Logs/Information to Post in Reply
Please post the following logs/Information in your reply
  • Kaspersky Log

----------------------------------------------------------- -----------------------------------------------------------

Additional Notes

Your Adobe Acrobat Reader is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Adobe Reader is a large program and uses unnecessary space.
If you prefer a smaller program you can get Foxit 2.0 from http://www.foxitsoftware.com/pdf/rd_intro.php << Recommended

There is a newer version of Adobe Acrobat Reader available.
  • Please go to this link Adobe Acrobat Reader Download Link
  • Click Download
  • On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
  • Click the Continue button
  • Click Run, and click Run again
  • Next click the Install Now button and follow the on screen prompts

When the installation is complete go to Add/Remove Programs and uninstall all previous versions.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: AntivirusXP 2009 Infection

Unread postby wildcat » November 20th, 2008, 7:12 pm

I've completed steps 1 and 2 but I can't get the Kaspersky On-Line Scanner to load. I've turned off all software that might interfere, and after clicking the accept button it jumps to a downloading screen but shows (0%) progress and it just hangs. It's also a real pain to close out of.

FYI - I've copied your Kaspersky link and pasted it into Internet Explorer to start the process. Question - if I right click on my Internet Explorer desktop shortcut and select "run as" it shows current user (me as administrator) as selected and the "Protect my computer and data...." is checked. Is this OK?

I've got no other explanation for why the Kaspersky program won't load up. So, now what?
wildcat
Active Member
 
Posts: 10
Joined: November 13th, 2008, 7:13 pm

Re: AntivirusXP 2009 Infection

Unread postby Katana » November 20th, 2008, 7:35 pm

Please try this one instead



Active Scan
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Please go to this site Link >> ActiveScan << LINK
  • Click the Scan Now button
  • Follow the prompts to install the Active X if necessary
  • Go and make a cup of tea/coffee/beverage of your choice and watch some TV :)
  • When the scan is finished, a report will be generated
  • Next to Scan Details click the small Save button and save the report to your desktop.
  • Please post the report in your reply.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: AntivirusXP 2009 Infection

Unread postby wildcat » November 21st, 2008, 4:30 pm

Here is the log from ActiveScan. Please advise as to next step(s).

ANALYSIS: 2008-11-21 14:26:59
PROTECTIONS: 1
MALWARE: 42
SUSPECTS: 13
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Zone Alarm Security Suite 7.0.470.000 No No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00001888 adware/dyfuca Adware No 0 Yes No c:\windows\stwsi
00020302 adware/ncase Adware No 0 Yes No c:\windows\system32\fleok
00027660 adware/savenow Adware No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\savenow
00029264 adware/beginto Adware No 0 Yes No hkey_current_user\eeennn
00029264 adware/beginto Adware No 0 Yes No c:\windows\system32\cache32_dsktptr
00029459 spyware/betterinet Spyware No 1 Yes No c:\windows\inf\satmat.inf
00029459 spyware/betterinet Spyware No 1 Yes No hkey_local_machine\software\microsoft\windows\currentversion\uninstall\tmu
00039209 adware/virtualbouncer Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{c0f88e9e-dceb-4655-968a-ae508a677c39}
00039209 adware/virtualbouncer Adware No 0 Yes No HKEY_CLASSES_ROOT\TypeLib\{5e594162-60a9-487d-84b8-dbdd716cb862}
00039209 adware/virtualbouncer Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{8c53bd8e-b12d-4c8f-ad0e-c9ddc39d1273}
00039209 adware/virtualbouncer Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{49db48ff-02b5-4645-b676-94a4df1aa026}
00039209 adware/virtualbouncer Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{830d3aed-2fa9-454f-b266-d931862bbf34}
00039209 adware/virtualbouncer Adware No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\virtual bouncer
00039209 adware/virtualbouncer Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{d7eac2d8-2d52-4010-a4ad-dfdf60c1706c}
00039209 adware/virtualbouncer Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{6e0ed53c-9908-49ed-b055-7cb31b162577}
00039209 adware/virtualbouncer Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{9bcdd51b-4a7b-446c-8452-d32d38004582}
00039209 adware/virtualbouncer Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{a986f4db-792e-4571-8974-0bb6e024766f}
00039209 adware/virtualbouncer Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{bccab53d-0895-40c3-a942-a03538ce227a}
00040610 VBS/Solow.CN Virus No 0 Yes No C:\WINDOWS\system32\spool\drivers\print2pdf\Scripts.zip[Maintenance.vbs]
00040610 VBS/Solow.CN Virus No 0 Yes No C:\Program Files\Software602\Print2PDF\Scripts\Maintenance.vbs
00043174 adware/riversoft Adware No 0 Yes No hkey_classes_root\appid\x2ff.dll
00048504 spyware/whazit Spyware No 0 Yes No c:\windows\system32\kyf.dat
00063168 spyware/dluca Spyware No 1 Yes No hkey_current_user\software\program info
00063620 adware/ilookup Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{DE53FA5D-11CC-4CB5-8D8E-EB5AA59C1E5A}
00063620 adware/ilookup Adware No 0 Yes No HKEY_CLASSES_ROOT\TypeLib\{64440E59-A0DD-421C-AA4B-268141D764BB}
00063620 adware/ilookup Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{FA82A7EC-2AFC-4EE0-8F83-3229F7C6437E}
00063620 adware/ilookup Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{E38924F7-F290-4C13-BEEC-E8C587F58128}
00063620 adware/ilookup Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{696D1AF8-D0FF-42FD-BD8D-D0B20D64F508}
00063620 adware/ilookup Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{8FC08358-3634-44C7-A8F2-96DC7F39ACD2}
00063620 adware/ilookup Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{42F58F60-9299-4564-9ABD-8E9324844560}
00065260 adware/ipinsight Adware No 0 Yes No c:\windows\inf\polall1r.inf
00090908 Exploit/ByteVerify HackTools No 0 Yes No C:\Documents and Settings\Bruce Williams\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-44f46a27-43b5c33a.zip[Gummy.class]
00090908 Exploit/ByteVerify HackTools No 0 Yes No C:\Documents and Settings\Bruce Williams\Application Data\Sun\Java\Deployment\cache\6.0\24\3e021ed8-38767ba8[Gummy.class]
00096718 adware/twain-tech Adware No 0 Yes No c:\windows\satmat.ini
00103967 adware/dealhelper Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{0b16b278-b2e3-4cbf-85b5-e058878f728f}
00103967 adware/dealhelper Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{1da40091-14b4-4c21-8170-a2ceede90b10}
00103967 adware/dealhelper Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{3afae37a-56a3-4850-b599-4da9a9104b82}
00103967 adware/dealhelper Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{81739076-56b7-42ec-a0aa-692794fded1a}
00103967 adware/dealhelper Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{bf9ee3a0-1a02-4265-a65f-ac4d4447f6bf}
00103967 adware/dealhelper Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{f3816084-9608-485a-b63b-cad8f931577e}
00103967 adware/dealhelper Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{3d89a731-9f4a-418f-a997-2d633c7c404c}
00103967 adware/dealhelper Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{c9679631-7060-443f-bd37-88f9410ed8c3}
00103967 adware/dealhelper Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{c2e6831b-822b-4a1f-9ef1-1d3eb7d3e985}
00103967 adware/dealhelper Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{06e53101-654c-45eb-bff6-e37e13b5972a}
00113833 Trj/Qhost.M Virus/Trojan No 0 Yes No C:\WINDOWS\system32\drivers\etc\hosts.bak
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Bruce Williams\Cookies\bruce_williams@doubleclick[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Bruce Williams\Cookies\bruce_williams@atdmt[2].txt
00145427 Cookie/Kazaa Networks TrackingCookie No 0 Yes No C:\Documents and Settings\Daniel Williams\Cookies\daniel williams@desktop.kazaa[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Bruce Williams\Cookies\bruce_williams@mediaplex[1].txt
00165384 Cookie/DelfinMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Daniel Williams\Cookies\daniel williams@delfinproject[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Bruce Williams\Cookies\bruce_williams@com[1].txt
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Bruce Williams\Cookies\bruce_williams@perf.overture[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Bruce Williams\Cookies\bruce_williams@ad.yieldmanager[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Bruce Williams\Cookies\bruce_williams@apmebf[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Bruce Williams\Cookies\bruce_williams@advertising[2].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Bruce Williams\Cookies\bruce_williams@bluestreak[2].txt
00221188 adware/webext Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{5679B16C-CD3A-471F-A503-25C528A3AD26}
00221188 adware/webext Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{89E9F6CF-6F80-4C5E-B8E8-78E5A6B5D3BF}
00221188 adware/webext Adware No 0 Yes No HKEY_CLASSES_ROOT\TypeLib\{547DDE29-2299-4C8F-B613-DA17A62CF102}
00221188 adware/webext Adware No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{4681B27C-CD92-4AFF-B5F6-1C53970344B6}
00221188 adware/webext Adware No 0 Yes No hkey_classes_root\clsid\{4681b27c-cd92-4aff-b5f6-1c53970344b6}
00444112 Bck/Tdss.C Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{04AF220D-CBE2-417D-9DA8-8AD5ECDDBE1C}\RP1550\A0341451.sys
00449733 Bck/Tdss.C Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{04AF220D-CBE2-417D-9DA8-8AD5ECDDBE1C}\RP1550\A0341452.dll
00450061 Adware/AntivirusPro2009 Adware No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\av.dat.vir
00451299 Adware/XPAntivirusPro Adware No 0 Yes No C:\System Volume Information\_restore{04AF220D-CBE2-417D-9DA8-8AD5ECDDBE1C}\RP1550\A0341457.exe
00451299 Adware/XPAntivirusPro Adware No 0 Yes No C:\System Volume Information\_restore{04AF220D-CBE2-417D-9DA8-8AD5ECDDBE1C}\RP1539\A0329426.exe
00451299 Adware/XPAntivirusPro Adware No 0 Yes No C:\System Volume Information\_restore{04AF220D-CBE2-417D-9DA8-8AD5ECDDBE1C}\RP1539\A0330426.exe
00451299 Adware/XPAntivirusPro Adware No 0 Yes No C:\System Volume Information\_restore{04AF220D-CBE2-417D-9DA8-8AD5ECDDBE1C}\RP1550\A0341458.exe
00451299 Adware/XPAntivirusPro Adware No 0 Yes No C:\System Volume Information\_restore{04AF220D-CBE2-417D-9DA8-8AD5ECDDBE1C}\RP1539\A0331426.exe
00451299 Adware/XPAntivirusPro Adware No 0 Yes No C:\System Volume Information\_restore{04AF220D-CBE2-417D-9DA8-8AD5ECDDBE1C}\RP1539\A0331427.exe
00451299 Adware/XPAntivirusPro Adware No 0 Yes No C:\System Volume Information\_restore{04AF220D-CBE2-417D-9DA8-8AD5ECDDBE1C}\RP1539\A0332426.exe
00451299 Adware/XPAntivirusPro Adware No 0 Yes No C:\System Volume Information\_restore{04AF220D-CBE2-417D-9DA8-8AD5ECDDBE1C}\RP1539\A0332427.exe
00451299 Adware/XPAntivirusPro Adware No 0 Yes No C:\System Volume Information\_restore{04AF220D-CBE2-417D-9DA8-8AD5ECDDBE1C}\RP1539\A0332428.exe
00451299 Adware/XPAntivirusPro Adware No 0 Yes No C:\System Volume Information\_restore{04AF220D-CBE2-417D-9DA8-8AD5ECDDBE1C}\RP1539\A0332429.exe
00451299 Adware/XPAntivirusPro Adware No 0 Yes No C:\System Volume Information\_restore{04AF220D-CBE2-417D-9DA8-8AD5ECDDBE1C}\RP1539\A0332430.exe
00451299 Adware/XPAntivirusPro Adware No 0 Yes No C:\System Volume Information\_restore{04AF220D-CBE2-417D-9DA8-8AD5ECDDBE1C}\RP1539\A0332431.exe
00451299 Adware/XPAntivirusPro Adware No 0 Yes No C:\System Volume Information\_restore{04AF220D-CBE2-417D-9DA8-8AD5ECDDBE1C}\RP1539\A0332432.exe
00451299 Adware/XPAntivirusPro Adware No 0 Yes No C:\System Volume Information\_restore{04AF220D-CBE2-417D-9DA8-8AD5ECDDBE1C}\RP1539\A0332433.exe
00451299 Adware/XPAntivirusPro Adware No 0 Yes No C:\System Volume Information\_restore{04AF220D-CBE2-417D-9DA8-8AD5ECDDBE1C}\RP1539\A0332434.exe
00451299 Adware/XPAntivirusPro Adware No 0 Yes No C:\System Volume Information\_restore{04AF220D-CBE2-417D-9DA8-8AD5ECDDBE1C}\RP1539\A0332435.exe
00451299 Adware/XPAntivirusPro Adware No 0 Yes No C:\System Volume Information\_restore{04AF220D-CBE2-417D-9DA8-8AD5ECDDBE1C}\RP1539\A0332436.exe
00451299 Adware/XPAntivirusPro Adware No 0 Yes No C:\System Volume Information\_restore{04AF220D-CBE2-417D-9DA8-8AD5ECDDBE1C}\RP1539\A0332437.exe
00451299 Adware/XPAntivirusPro Adware No 0 Yes No C:\System Volume Information\_restore{04AF220D-CBE2-417D-9DA8-8AD5ECDDBE1C}\RP1539\A0333436.exe
00451299 Adware/XPAntivirusPro Adware No 0 Yes No C:\System Volume Information\_restore{04AF220D-CBE2-417D-9DA8-8AD5ECDDBE1C}\RP1539\A0333437.exe
00451299 Adware/XPAntivirusPro Adware No 0 Yes No C:\System Volume Information\_restore{04AF220D-CBE2-417D-9DA8-8AD5ECDDBE1C}\RP1539\A0333438.exe
00451299 Adware/XPAntivirusPro Adware No 0 Yes No C:\System Volume Information\_restore{04AF220D-CBE2-417D-9DA8-8AD5ECDDBE1C}\RP1539\A0333439.exe
00451299 Adware/XPAntivirusPro Adware No 0 Yes No C:\System Volume Information\_restore{04AF220D-CBE2-417D-9DA8-8AD5ECDDBE1C}\RP1539\A0333440.exe
00451299 Adware/XPAntivirusPro Adware No 0 Yes No C:\System Volume Information\_restore{04AF220D-CBE2-417D-9DA8-8AD5ECDDBE1C}\RP1539\A0333441.exe
00451299 Adware/XPAntivirusPro Adware No 0 Yes No C:\System Volume Information\_restore{04AF220D-CBE2-417D-9DA8-8AD5ECDDBE1C}\RP1539\A0333442.exe
00451299 Adware/XPAntivirusPro Adware No 0 Yes No C:\System Volume Information\_restore{04AF220D-CBE2-417D-9DA8-8AD5ECDDBE1C}\RP1539\A0333443.exe
00451299 Adware/XPAntivirusPro Adware No 0 Yes No C:\System Volume Information\_restore{04AF220D-CBE2-417D-9DA8-8AD5ECDDBE1C}\RP1539\A0333444.exe
00451299 Adware/XPAntivirusPro Adware No 0 Yes No C:\System Volume Information\_restore{04AF220D-CBE2-417D-9DA8-8AD5ECDDBE1C}\RP1539\A0333445.exe
00451299 Adware/XPAntivirusPro Adware No 0 Yes No C:\System Volume Information\_restore{04AF220D-CBE2-417D-9DA8-8AD5ECDDBE1C}\RP1542\A0334444.exe
00451299 Adware/XPAntivirusPro Adware No 0 Yes No C:\System Volume Information\_restore{04AF220D-CBE2-417D-9DA8-8AD5ECDDBE1C}\RP1542\A0334445.exe
00451299 Adware/XPAntivirusPro Adware No 0 Yes No C:\System Volume Information\_restore{04AF220D-CBE2-417D-9DA8-8AD5ECDDBE1C}\RP1542\A0335444.exe
00451299 Adware/XPAntivirusPro Adware No 0 Yes No C:\System Volume Information\_restore{04AF220D-CBE2-417D-9DA8-8AD5ECDDBE1C}\RP1542\A0335445.exe
00451299 Adware/XPAntivirusPro Adware No 0 Yes No C:\System Volume Information\_restore{04AF220D-CBE2-417D-9DA8-8AD5ECDDBE1C}\RP1542\A0335446.exe
00451299 Adware/XPAntivirusPro Adware No 0 Yes No C:\System Volume Information\_restore{04AF220D-CBE2-417D-9DA8-8AD5ECDDBE1C}\RP1542\A0335447.exe
00451299 Adware/XPAntivirusPro Adware No 0 Yes No C:\System Volume Information\_restore{04AF220D-CBE2-417D-9DA8-8AD5ECDDBE1C}\RP1542\A0336446.exe
00451299 Adware/XPAntivirusPro Adware No 0 Yes No C:\System Volume Information\_restore{04AF220D-CBE2-417D-9DA8-8AD5ECDDBE1C}\RP1542\A0336447.exe
00451299 Adware/XPAntivirusPro Adware No 0 Yes No C:\System Volume Information\_restore{04AF220D-CBE2-417D-9DA8-8AD5ECDDBE1C}\RP1542\A0337446.exe
00451299 Adware/XPAntivirusPro Adware No 0 Yes No C:\System Volume Information\_restore{04AF220D-CBE2-417D-9DA8-8AD5ECDDBE1C}\RP1542\A0337447.exe
00451299 Adware/XPAntivirusPro Adware No 0 Yes No C:\System Volume Information\_restore{04AF220D-CBE2-417D-9DA8-8AD5ECDDBE1C}\RP1542\A0337448.exe
00451299 Adware/XPAntivirusPro Adware No 0 Yes No C:\System Volume Information\_restore{04AF220D-CBE2-417D-9DA8-8AD5ECDDBE1C}\RP1542\A0337449.exe
00451299 Adware/XPAntivirusPro Adware No 0 Yes No C:\System Volume Information\_restore{04AF220D-CBE2-417D-9DA8-8AD5ECDDBE1C}\RP1542\A0338448.exe
00451299 Adware/XPAntivirusPro Adware No 0 Yes No C:\System Volume Information\_restore{04AF220D-CBE2-417D-9DA8-8AD5ECDDBE1C}\RP1542\A0338449.exe
00451299 Adware/XPAntivirusPro Adware No 0 Yes No C:\System Volume Information\_restore{04AF220D-CBE2-417D-9DA8-8AD5ECDDBE1C}\RP1548\A0339448.exe
00451299 Adware/XPAntivirusPro Adware No 0 Yes No C:\System Volume Information\_restore{04AF220D-CBE2-417D-9DA8-8AD5ECDDBE1C}\RP1548\A0339449.exe
00451299 Adware/XPAntivirusPro Adware No 0 Yes No C:\System Volume Information\_restore{04AF220D-CBE2-417D-9DA8-8AD5ECDDBE1C}\RP1548\A0340448.exe
00451299 Adware/XPAntivirusPro Adware No 0 Yes No C:\System Volume Information\_restore{04AF220D-CBE2-417D-9DA8-8AD5ECDDBE1C}\RP1548\A0340449.exe
00451299 Adware/XPAntivirusPro Adware No 0 Yes No C:\System Volume Information\_restore{04AF220D-CBE2-417D-9DA8-8AD5ECDDBE1C}\RP1548\A0341448.exe
00451299 Adware/XPAntivirusPro Adware No 0 Yes No C:\System Volume Information\_restore{04AF220D-CBE2-417D-9DA8-8AD5ECDDBE1C}\RP1548\A0341449.exe
00451299 Adware/XPAntivirusPro Adware No 0 Yes No C:\System Volume Information\_restore{04AF220D-CBE2-417D-9DA8-8AD5ECDDBE1C}\RP1539\A0330427.exe
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{04AF220D-CBE2-417D-9DA8-8AD5ECDDBE1C}\RP1550\A0341505.EXE
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{04AF220D-CBE2-417D-9DA8-8AD5ECDDBE1C}\RP1550\A0341459.sys
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{04AF220D-CBE2-417D-9DA8-8AD5ECDDBE1C}\RP1550\A0341483.sys
02902637 Rootkit/Nurech.BC HackTools No 1 Yes No C:\System Volume Information\_restore{04AF220D-CBE2-417D-9DA8-8AD5ECDDBE1C}\RP1550\A0341476.sys
02902637 Rootkit/Nurech.BC HackTools No 1 Yes No C:\System Volume Information\_restore{04AF220D-CBE2-417D-9DA8-8AD5ECDDBE1C}\RP1550\A0341477.sys
02902637 Rootkit/Nurech.BC HackTools No 1 Yes No C:\System Volume Information\_restore{04AF220D-CBE2-417D-9DA8-8AD5ECDDBE1C}\RP1551\A0341712.sys
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\wini108015.exe.vir
03839851 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{04AF220D-CBE2-417D-9DA8-8AD5ECDDBE1C}\RP1551\A0341771.sys
03939308 Adware/XPAntiSpyware2009 Adware No 1 Yes No C:\System Volume Information\_restore{04AF220D-CBE2-417D-9DA8-8AD5ECDDBE1C}\RP1550\A0341453.dll
03939310 Adware/UltimateDefender Adware No 0 Yes No C:\System Volume Information\_restore{04AF220D-CBE2-417D-9DA8-8AD5ECDDBE1C}\RP1550\A0341454.dll
04123488 Generic Trojan Virus/Trojan No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\_scui.cpl.vir
04123488 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{04AF220D-CBE2-417D-9DA8-8AD5ECDDBE1C}\RP1550\A0341472.cpl
04165813 Generic Trojan Virus/Trojan No 0 Yes No H:\CF3.EXE
04165813 Generic Trojan Virus/Trojan No 0 Yes No C:\Documents and Settings\Bruce Williams\Desktop\CF3.exe
04165813 Generic Trojan Virus/Trojan No 0 Yes No C:\Documents and Settings\Bruce Williams\Desktop\CF2.exe
04165813 Generic Trojan Virus/Trojan No 0 Yes No C:\Documents and Settings\Bruce Williams\Desktop\CF1.exe
04165813 Generic Trojan Virus/Trojan No 0 Yes No H:\CF1.EXE
04165813 Generic Trojan Virus/Trojan No 0 Yes No H:\CF2.EXE
04166821 Generic Malware Virus/Trojan No 0 Yes No C:\RECYCLER\S-1-5-21-1576462213-1260927497-516276246-1006\Dc2\TCL.dll
;===================================================================================================================================================================================
SUSPECTS
Sent Location l
;===================================================================================================================================================================================
No C:\Documents and Settings\Bruce Williams\Desktop\CF1.exe[32788R22FWJFW\catchme.cfexe] l
No C:\Documents and Settings\Bruce Williams\Desktop\CF1.exe[32788R22FWJFW\psexec.cfexe] l
No C:\Documents and Settings\Bruce Williams\Desktop\CF2.exe[32788R22FWJFW\catchme.cfexe] l
No C:\Documents and Settings\Bruce Williams\Desktop\CF2.exe[32788R22FWJFW\psexec.cfexe] l
No C:\Documents and Settings\Bruce Williams\Desktop\CF3.exe[32788R22FWJFW\catchme.cfexe] l
No C:\Documents and Settings\Bruce Williams\Desktop\CF3.exe[32788R22FWJFW\psexec.cfexe] l
No C:\Program Files\Microsoft AntiSpyware\Quarantine\4EE36E1A-E987-4362-B232-A594D6\DF8B67AE-FCFF-47ED-997B-B1663B
No H:\CF1.EXE[32788R22FWJFW\psexec.cfexe] l
No H:\CF1.EXE[32788R22FWJFW\catchme.cfexe] l
No H:\CF2.EXE[32788R22FWJFW\psexec.cfexe] l
No H:\CF2.EXE[32788R22FWJFW\catchme.cfexe] l
No H:\CF3.EXE[32788R22FWJFW\catchme.cfexe] l
No H:\CF3.EXE[32788R22FWJFW\psexec.cfexe] l
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description l
;===================================================================================================================================================================================
;===================================================================================================================================================================================
wildcat
Active Member
 
Posts: 10
Joined: November 13th, 2008, 7:13 pm

Re: AntivirusXP 2009 Infection

Unread postby Katana » November 21st, 2008, 4:44 pm

OTMoveIt
Please download OTMoveIt3 by OldTimer and save it to your desktop
  • Double-click OTMoveIt3.exe to run it.
  • Copy the lines in the codebox below. ( Make sure you include :Files )
Code: Select all
:Files
C:\Documents and Settings\Bruce Williams\Application Data\Sun\Java\Deployment\cache\6.0\24\3e021ed8-38767ba8
C:\Documents and Settings\Bruce Williams\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-44f46a27-43b5c33a.zip
C:\Documents and Settings\Bruce Williams\Desktop\CF1.exe
C:\Documents and Settings\Bruce Williams\Desktop\CF2.exe
C:\Program Files\Microsoft AntiSpyware
c:\windows\inf\polall1r.inf
c:\windows\inf\satmat.inf
c:\windows\satmat.ini
c:\windows\stwsi
c:\windows\system32\cache32_dsktptr
C:\WINDOWS\system32\drivers\etc\hosts.bak
c:\windows\system32\fleok
c:\windows\system32\kyf.dat
H:\CF1.EXE
H:\CF2.EXE
H:\CF3.EXE
:Reg
[-hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\savenow]
[-hkey_current_user\eeennn]
[-hkey_local_machine\software\microsoft\windows\currentversion\uninstall\tmu]
[-hkey_CLASSES_ROOT\Interface\{c0f88e9e-dceb-4655-968a-ae508a677c39}]
[-hkey_CLASSES_ROOT\TypeLib\{5e594162-60a9-487d-84b8-dbdd716cb862}]
[-hkey_CLASSES_ROOT\Interface\{8c53bd8e-b12d-4c8f-ad0e-c9ddc39d1273}]
[-hkey_CLASSES_ROOT\Interface\{49db48ff-02b5-4645-b676-94a4df1aa026}
[-hkey_CLASSES_ROOT\Interface\{830d3aed-2fa9-454f-b266-d931862bbf34}]
[-hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\virtual bouncer]
[-hkey_CLASSES_ROOT\Interface\{d7eac2d8-2d52-4010-a4ad-dfdf60c1706c}]
[-hkey_CLASSES_ROOT\Interface\{6e0ed53c-9908-49ed-b055-7cb31b162577}]
[-hkey_CLASSES_ROOT\Interface\{9bcdd51b-4a7b-446c-8452-d32d38004582}]
[-hkey_CLASSES_ROOT\Interface\{a986f4db-792e-4571-8974-0bb6e024766f}]
[-hkey_CLASSES_ROOT\Interface\{bccab53d-0895-40c3-a942-a03538ce227a}]
[-hkey_classes_root\appid\x2ff.dll]
[-hkey_current_user\software\program info]
[-hkey_CLASSES_ROOT\Interface\{DE53FA5D-11CC-4CB5-8D8E-EB5AA59C1E5A}]
[-hkey_CLASSES_ROOT\TypeLib\{64440E59-A0DD-421C-AA4B-268141D764BB}]
[-hkey_CLASSES_ROOT\Interface\{FA82A7EC-2AFC-4EE0-8F83-3229F7C6437E}]
[-hkey_CLASSES_ROOT\Interface\{E38924F7-F290-4C13-BEEC-E8C587F58128}]
[-hkey_CLASSES_ROOT\Interface\{696D1AF8-D0FF-42FD-BD8D-D0B20D64F508}]
[-hkey_CLASSES_ROOT\Interface\{8FC08358-3634-44C7-A8F2-96DC7F39ACD2}]
[-hkey_CLASSES_ROOT\Interface\{42F58F60-9299-4564-9ABD-8E9324844560}]
[-hkey_CLASSES_ROOT\Interface\{0b16b278-b2e3-4cbf-85b5-e058878f728f}]
[-hkey_CLASSES_ROOT\Interface\{1da40091-14b4-4c21-8170-a2ceede90b10}]
[-hkey_CLASSES_ROOT\Interface\{3afae37a-56a3-4850-b599-4da9a9104b82}]
[-hkey_CLASSES_ROOT\Interface\{81739076-56b7-42ec-a0aa-692794fded1a}]
[-hkey_CLASSES_ROOT\Interface\{bf9ee3a0-1a02-4265-a65f-ac4d4447f6bf}]
[-hkey_CLASSES_ROOT\Interface\{f3816084-9608-485a-b63b-cad8f931577e}]
[-hkey_CLASSES_ROOT\Interface\{3d89a731-9f4a-418f-a997-2d633c7c404c}]
[-hkey_CLASSES_ROOT\Interface\{c9679631-7060-443f-bd37-88f9410ed8c3}]
[-hkey_CLASSES_ROOT\Interface\{c2e6831b-822b-4a1f-9ef1-1d3eb7d3e985}]
[-hkey_CLASSES_ROOT\Interface\{06e53101-654c-45eb-bff6-e37e13b5972a}]
[-hkey_CLASSES_ROOT\Interface\{5679B16C-CD3A-471F-A503-25C528A3AD26}]
[-hkey_CLASSES_ROOT\Interface\{89E9F6CF-6F80-4C5E-B8E8-78E5A6B5D3BF}]
[-hkey_CLASSES_ROOT\TypeLib\{547DDE29-2299-4C8F-B613-DA17A62CF102}]
[-hkey_LOCAL_MACHINE\software\classes\CLSID\{4681B27C-CD92-4AFF-B5F6-1C53970344B6}]
[-hkey_classes_root\clsid\{4681b27c-cd92-4aff-b5f6-1c53970344b6}]

:Commands
[Purity]
[EmptyTemp]


  • Return to OTMoveIt3, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: AntivirusXP 2009 Infection

Unread postby wildcat » November 21st, 2008, 6:39 pm

I've completed this task...small problem though. I can't do anything with the results window - can't close it, can't minimize it, can't copy the results...nothing. Of the log files I can view, every line is preceded with "File delete failed".

Also, when the final results were displayed, the files I copied from your last reply disappear from the left side... is that OK? I assume it is. Am I supposed to push another button in the program to make the data accessible to copy?

Are we making progress here?
wildcat
Active Member
 
Posts: 10
Joined: November 13th, 2008, 7:13 pm

Re: AntivirusXP 2009 Infection

Unread postby wildcat » November 21st, 2008, 6:42 pm

I just figured out how to make the window interactive. Here are the results:

========== FILES ==========
C:\Documents and Settings\Bruce Williams\Application Data\Sun\Java\Deployment\cache\6.0\24\3e021ed8-38767ba8 moved successfully.
C:\Documents and Settings\Bruce Williams\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-44f46a27-43b5c33a.zip moved successfully.
C:\Documents and Settings\Bruce Williams\Desktop\CF1.exe moved successfully.
C:\Documents and Settings\Bruce Williams\Desktop\CF2.exe moved successfully.
C:\Program Files\Microsoft AntiSpyware\TempUpdates moved successfully.
C:\Program Files\Microsoft AntiSpyware\Quarantine\A97ACDC5-7832-417B-AA9C-9017A0 moved successfully.
C:\Program Files\Microsoft AntiSpyware\Quarantine\8882B9C4-D438-49E8-87E4-CD7EE6 moved successfully.
C:\Program Files\Microsoft AntiSpyware\Quarantine\4EE36E1A-E987-4362-B232-A594D6 moved successfully.
C:\Program Files\Microsoft AntiSpyware\Quarantine moved successfully.
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems moved successfully.
C:\Program Files\Microsoft AntiSpyware moved successfully.
c:\windows\inf\polall1r.inf moved successfully.
c:\windows\inf\satmat.inf moved successfully.
c:\windows\satmat.ini moved successfully.
c:\windows\STWSI moved successfully.
c:\windows\system32\cache32_dsktptr moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.bak moved successfully.
c:\windows\system32\FLEOK moved successfully.
c:\windows\system32\kyf.dat moved successfully.
H:\CF1.exe moved successfully.
H:\CF2.exe moved successfully.
H:\CF3.exe moved successfully.
========== REGISTRY ==========
Registry key hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\savenow\\ deleted successfully.
Registry key hkey_current_user\eeennn\\ not found.
Registry key hkey_local_machine\software\microsoft\windows\currentversion\uninstall\tmu\\ deleted successfully.
Registry key hkey_CLASSES_ROOT\Interface\{c0f88e9e-dceb-4655-968a-ae508a677c39}\\ not found.
Registry key hkey_CLASSES_ROOT\TypeLib\{5e594162-60a9-487d-84b8-dbdd716cb862}\\ not found.
Registry key hkey_CLASSES_ROOT\Interface\{8c53bd8e-b12d-4c8f-ad0e-c9ddc39d1273}\\ not found.
Registry key hkey_CLASSES_ROOT\Interface\{49db48ff-02b5-4645-b676-94a4df1aa026\\ not found.
Registry key hkey_CLASSES_ROOT\Interface\{830d3aed-2fa9-454f-b266-d931862bbf34}\\ not found.
Registry key hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\virtual bouncer\\ deleted successfully.
Registry key hkey_CLASSES_ROOT\Interface\{d7eac2d8-2d52-4010-a4ad-dfdf60c1706c}\\ not found.
Registry key hkey_CLASSES_ROOT\Interface\{6e0ed53c-9908-49ed-b055-7cb31b162577}\\ not found.
Registry key hkey_CLASSES_ROOT\Interface\{9bcdd51b-4a7b-446c-8452-d32d38004582}\\ not found.
Registry key hkey_CLASSES_ROOT\Interface\{a986f4db-792e-4571-8974-0bb6e024766f}\\ not found.
Registry key hkey_CLASSES_ROOT\Interface\{bccab53d-0895-40c3-a942-a03538ce227a}\\ not found.
Registry key hkey_classes_root\appid\x2ff.dll\\ not found.
Registry key hkey_current_user\software\program info\\ not found.
Registry key hkey_CLASSES_ROOT\Interface\{DE53FA5D-11CC-4CB5-8D8E-EB5AA59C1E5A}\\ not found.
Registry key hkey_CLASSES_ROOT\TypeLib\{64440E59-A0DD-421C-AA4B-268141D764BB}\\ not found.
Registry key hkey_CLASSES_ROOT\Interface\{FA82A7EC-2AFC-4EE0-8F83-3229F7C6437E}\\ not found.
Registry key hkey_CLASSES_ROOT\Interface\{E38924F7-F290-4C13-BEEC-E8C587F58128}\\ not found.
Registry key hkey_CLASSES_ROOT\Interface\{696D1AF8-D0FF-42FD-BD8D-D0B20D64F508}\\ not found.
Registry key hkey_CLASSES_ROOT\Interface\{8FC08358-3634-44C7-A8F2-96DC7F39ACD2}\\ not found.
Registry key hkey_CLASSES_ROOT\Interface\{42F58F60-9299-4564-9ABD-8E9324844560}\\ not found.
Registry key hkey_CLASSES_ROOT\Interface\{0b16b278-b2e3-4cbf-85b5-e058878f728f}\\ not found.
Registry key hkey_CLASSES_ROOT\Interface\{1da40091-14b4-4c21-8170-a2ceede90b10}\\ not found.
Registry key hkey_CLASSES_ROOT\Interface\{3afae37a-56a3-4850-b599-4da9a9104b82}\\ not found.
Registry key hkey_CLASSES_ROOT\Interface\{81739076-56b7-42ec-a0aa-692794fded1a}\\ not found.
Registry key hkey_CLASSES_ROOT\Interface\{bf9ee3a0-1a02-4265-a65f-ac4d4447f6bf}\\ not found.
Registry key hkey_CLASSES_ROOT\Interface\{f3816084-9608-485a-b63b-cad8f931577e}\\ not found.
Registry key hkey_CLASSES_ROOT\Interface\{3d89a731-9f4a-418f-a997-2d633c7c404c}\\ not found.
Registry key hkey_CLASSES_ROOT\Interface\{c9679631-7060-443f-bd37-88f9410ed8c3}\\ not found.
Registry key hkey_CLASSES_ROOT\Interface\{c2e6831b-822b-4a1f-9ef1-1d3eb7d3e985}\\ not found.
Registry key hkey_CLASSES_ROOT\Interface\{06e53101-654c-45eb-bff6-e37e13b5972a}\\ not found.
Registry key hkey_CLASSES_ROOT\Interface\{5679B16C-CD3A-471F-A503-25C528A3AD26}\\ not found.
Registry key hkey_CLASSES_ROOT\Interface\{89E9F6CF-6F80-4C5E-B8E8-78E5A6B5D3BF}\\ not found.
Registry key hkey_CLASSES_ROOT\TypeLib\{547DDE29-2299-4C8F-B613-DA17A62CF102}\\ not found.
Registry key hkey_LOCAL_MACHINE\software\classes\CLSID\{4681B27C-CD92-4AFF-B5F6-1C53970344B6}\\ deleted successfully.
Registry key hkey_classes_root\clsid\{4681b27c-cd92-4aff-b5f6-1c53970344b6}\\ not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\BRUCEW~1\LOCALS~1\Temp\Perflib_Perfdata_8b4.dat scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\reserve\avp.klb scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\reserve\avp.set scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\reserve\avp_ext.set scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\reserve\avp_x.set scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\reserve\base082.avc scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\reserve\base156.avc scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\reserve\base164.avc scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\reserve\base165.avc scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\reserve\base279c.avc scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\reserve\base450c.avc scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\reserve\daily-ec.avc scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\reserve\daily-ex.avc scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\reserve\daily.avc scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\reserve\dailyc.avc scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\reserve\ext062c.avc scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\reserve\fa.avc scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\reserve\fa001.avc scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\reserve\gen005.avc scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\reserve\kavset.xml scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\reserve\krn004.avc scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\reserve\krn005.avc scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\reserve\master.xml scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\reserve\unp027.avc scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11212008_162233


Now what?
wildcat
Active Member
 
Posts: 10
Joined: November 13th, 2008, 7:13 pm

Re: AntivirusXP 2009 Infection

Unread postby wildcat » November 21st, 2008, 6:46 pm

Also, I was queried on re-booting the system when the MoveIt window became interactive (I had to click on the open MAlwareRemoval message window behind it). Should I reboot my computer or not? Please advise.
wildcat
Active Member
 
Posts: 10
Joined: November 13th, 2008, 7:13 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 19 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware