Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Various Malware, Spyware, & Trojans found on Computer

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Various Malware, Spyware, & Trojans found on Computer

Unread postby wordgirl » December 20th, 2008, 8:35 pm

I downloaded several new programs recently as trials. I have been having a problem with removal of spyware from EMusic, and trojans like Virtumonde and Smitfraud-C. I am getting a lot of false "spyware removal" popups online. The internet also freezes often, then all of the icons disappear from the desktop. I usually use trend micro, but I found your site through spybot, and was directed to post a hijackthis log here.

Also, I am wondering if you have an opinion of a program called MP3 Rocket. I didn't see it on your list of clean and infected P2P programs.

I need to be online for classes I take, so I thank you in advance for your help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:22:49 PM, on 12.20.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Chameleon Clock\ChamClock.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Consumer Input Rewarded with MyPoints, Consumer Input\ConsumerInputRewardedwithMyPoints,ConsumerInputUa.exe
C:\Program Files\Nuance\NaturallySpeaking10\Program\natspeak.exe
C:\Program Files\Zards software\Startup Defender\Startup Defender.exe
C:\Program Files\Vision Defense\Vision Defense.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Consumer Input Rewarded with MyPoints, Consumer Input\ConsumerInputRewardedwithMyPoints,ConsumerInput.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.careerstep.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - Default URLSearchHook is missing
O3 - Toolbar: MYPOINTS - {A057A204-BACC-4D26-CEC4-75A487FD6484} - C:\PROGRA~1\mypoints\mypoints.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: (no name) - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - (no file)
O3 - Toolbar: (no name) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - (no file)
O3 - Toolbar: Merriam-Webster Online - {B7B76DD6-B6F0-4443-AF81-6A3ECF12A57D} - C:\WINDOWS\_MWOLTB.DLL
O3 - Toolbar: &Linkman - {5C9DCA26-CEC4-4280-A831-D622D4DBF113} - C:\PROGRA~1\Linkman\LINKMA~1.DLL
O3 - Toolbar: (no name) - {9ee802e8-c931-47ab-b570-aa8f791598ca} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking10\Ereg.ini
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Logon Applicationedc] C:\Documents and Settings\Abria Laél\winlogon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [HomeAlarm] C:\Program Files\Chameleon Clock\ChamClock.exe
O4 - HKCU\..\Run: [AnVir Task Manager] "C:\Program Files\AnVir Task Manager\AnVir.exe" Minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Consumer Input Rewarded with MyPoints, Consumer Input Update] C:\Program Files\Consumer Input Rewarded with MyPoints, Consumer Input\ConsumerInputRewardedwithMyPoints,ConsumerInputUa.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\Nuance\NaturallySpeaking10\Program\natspeak.exe
O4 - Startup: Startup Defender.lnk = C:\Program Files\Zards software\Startup Defender\Startup Defender.exe
O4 - Startup: visiondefense.lnk = C:\Program Files\Vision Defense\Vision Defense.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O8 - Extra context menu item: &Search - ?p=ZJman000
O8 - Extra context menu item: >Search in Linkman - file://C:\Documents and Settings\Abria Laél\My Documents\Linkman\iescript_search.htm
O8 - Extra context menu item: Add to Linkman - file://C:\Documents and Settings\Abria Laél\My Documents\Linkman\iescript_add.htm
O8 - Extra context menu item: Add to Linkman and Edit - file://C:\Documents and Settings\Abria Laél\My Documents\Linkman\iescript_edit.htm
O8 - Extra context menu item: Add to Power Favorites - C:\Program Files\Desksware\Power Favorites\copyurl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: MWOL &Dictionary - res://C:\WINDOWS\_MWOLTB.DLL/23/219
O8 - Extra context menu item: MWOL &Thesaurus - res://C:\WINDOWS\_MWOLTB.DLL/23/220
O8 - Extra context menu item: Show Linkman - file://C:\Documents and Settings\Abria Laél\My Documents\Linkman\iescript_show.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {07246F83-6D48-4559-81EC-117CBAE54F1B} (Microsoft Office Live Workspace Upload Tool) - http://workspace.office.live.com/Misc/M ... Upload.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3CF32649-D1C0-4F42-AB44-ED284748920B} (Merriam-Webster Online Toolbar) - http://www.merriam-webster.com/download ... nstall.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 3707172546
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
O16 - DPF: {BEB82CC6-09F3-43EA-BEB1-97188E21035D} (FootPedalCtl Class) - http://shared.careerstep.com/footpedal.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://disney.webex.com/client/v_myweb ... eatgpc.cab
O16 - DPF: {EE884C7D-21A0-49EA-B6F2-61ACF4E226F6} (Microsoft Office Live Workspace Upload Tool) - http://workspace.office.live.com/Misc/M ... Upload.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/ ... 0.0.11.cab?
O20 - AppInit_DLLs: mykmpt.dll riorle.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 12993 bytes
wordgirl
Active Member
 
Posts: 14
Joined: December 20th, 2008, 8:14 pm
Advertisement
Register to Remove

Re: Various Malware, Spyware, & Trojans found on Computer

Unread postby Shaba » December 23rd, 2008, 6:04 am

Hi wordgirl

Rename HijackThis.exe to wordgirl.exe and post back a fresh HijackThis log, please :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Various Malware, Spyware, & Trojans found on Computer

Unread postby wordgirl » December 23rd, 2008, 10:07 pm

Hello, I'm not sure if this is what you meant. I renamed the actual application .exe file. I rescanned today and thought I got rid of them, but some things are still there.

Thank you for your time.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:02:51 PM, on 12.23.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exea
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wscntfy.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Chameleon Clock\ChamClock.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\AnVir Task Manager\AnVir.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Consumer Input Rewarded with MyPoints, Consumer Input\ConsumerInputRewardedwithMyPoints,ConsumerInputUa.exe
C:\Program Files\Nuance\NaturallySpeaking10\Program\natspeak.exe
C:\Program Files\Zards software\Startup Defender\Startup Defender.exe
C:\Program Files\Vision Defense\Vision Defense.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Consumer Input Rewarded with MyPoints, Consumer Input\ConsumerInputRewardedwithMyPoints,ConsumerInput.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\wordgirl.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.careerstep.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - Default URLSearchHook is missing
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Merriam-Webster Online BHO - {5ADA9CAC-04F9-4DD2-ABFD-74D673BE8624} - C:\WINDOWS\_MWOLTB.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: {6f8a23ca-319a-e198-4fe4-2208c15356d8} - {8d65351c-8022-4ef4-891e-a913ac32a8f6} - C:\WINDOWS\system32\bygpsq.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MYPOINTS - {A057A204-BACC-4D26-CEC4-75A487FD6484} - C:\PROGRA~1\mypoints\mypoints.dll
O2 - BHO: (no name) - {DC5F9604-C6E2-47D0-8E0F-E60FCCB334C7} - (no file)
O2 - BHO: (no name) - {E721C75B-1107-4AC7-8172-7D96414449AF} - C:\WINDOWS\system32\pmnonmnL.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: MYPOINTS - {A057A204-BACC-4D26-CEC4-75A487FD6484} - C:\PROGRA~1\mypoints\mypoints.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: (no name) - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - (no file)
O3 - Toolbar: (no name) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - (no file)
O3 - Toolbar: Merriam-Webster Online - {B7B76DD6-B6F0-4443-AF81-6A3ECF12A57D} - C:\WINDOWS\_MWOLTB.DLL
O3 - Toolbar: &Linkman - {5C9DCA26-CEC4-4280-A831-D622D4DBF113} - C:\PROGRA~1\Linkman\LINKMA~1.DLL
O3 - Toolbar: (no name) - {9ee802e8-c931-47ab-b570-aa8f791598ca} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking10\Ereg.ini
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Logon Applicationedc] C:\Documents and Settings\Abria Laél\winlogon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [HomeAlarm] C:\Program Files\Chameleon Clock\ChamClock.exe
O4 - HKCU\..\Run: [AnVir Task Manager] "C:\Program Files\AnVir Task Manager\AnVir.exe" Minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Consumer Input Rewarded with MyPoints, Consumer Input Update] C:\Program Files\Consumer Input Rewarded with MyPoints, Consumer Input\ConsumerInputRewardedwithMyPoints,ConsumerInputUa.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\Nuance\NaturallySpeaking10\Program\natspeak.exe
O4 - Startup: Startup Defender.lnk = C:\Program Files\Zards software\Startup Defender\Startup Defender.exe
O4 - Startup: visiondefense.lnk = C:\Program Files\Vision Defense\Vision Defense.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O8 - Extra context menu item: &Search - ?p=ZJman000
O8 - Extra context menu item: >Search in Linkman - file://C:\Documents and Settings\Abria Laél\My Documents\Linkman\iescript_search.htm
O8 - Extra context menu item: Add to Linkman - file://C:\Documents and Settings\Abria Laél\My Documents\Linkman\iescript_add.htm
O8 - Extra context menu item: Add to Linkman and Edit - file://C:\Documents and Settings\Abria Laél\My Documents\Linkman\iescript_edit.htm
O8 - Extra context menu item: Add to Power Favorites - C:\Program Files\Desksware\Power Favorites\copyurl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: MWOL &Dictionary - res://C:\WINDOWS\_MWOLTB.DLL/23/219
O8 - Extra context menu item: MWOL &Thesaurus - res://C:\WINDOWS\_MWOLTB.DLL/23/220
O8 - Extra context menu item: Show Linkman - file://C:\Documents and Settings\Abria Laél\My Documents\Linkman\iescript_show.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {07246F83-6D48-4559-81EC-117CBAE54F1B} (Microsoft Office Live Workspace Upload Tool) - http://workspace.office.live.com/Misc/M ... Upload.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3CF32649-D1C0-4F42-AB44-ED284748920B} (Merriam-Webster Online Toolbar) - http://www.merriam-webster.com/download ... nstall.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 3707172546
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
O16 - DPF: {BEB82CC6-09F3-43EA-BEB1-97188E21035D} (FootPedalCtl Class) - http://shared.careerstep.com/footpedal.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://disney.webex.com/client/v_myweb ... eatgpc.cab
O16 - DPF: {EE884C7D-21A0-49EA-B6F2-61ACF4E226F6} (Microsoft Office Live Workspace Upload Tool) - http://workspace.office.live.com/Misc/M ... Upload.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/ ... 0.0.11.cab?
O20 - AppInit_DLLs: mykmpt.dll bygpsq.dll
O20 - Winlogon Notify: awtqqoNd - awtqqoNd.dll (file missing)
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O20 - Winlogon Notify: UpdateNf - C:\WINDOWS\SYSTEM32\updatenf.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 15287 bytes
wordgirl
Active Member
 
Posts: 14
Joined: December 20th, 2008, 8:14 pm

Re: Various Malware, Spyware, & Trojans found on Computer

Unread postby Shaba » December 24th, 2008, 5:36 am

Yes, that went right :)

We will begin with ComboFix.

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Various Malware, Spyware, & Trojans found on Computer

Unread postby wordgirl » December 24th, 2008, 11:05 am

ComboFix 08-12-23.01 - Abria Laél 2008-12-24 9:32:12.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.373 [GMT -5:00]
Running from: c:\documents and settings\Abria Laél\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Abria Laél\Application Data\.#
c:\documents and settings\Abria Laél\Application Data\inst.exe
c:\documents and settings\Abria Laél\Local Settings\Temporary Internet Files\fbk.sts
c:\documents and settings\Abria Laél\services.exe
c:\temp\DIV55
c:\temp\DIV55\xDb.log
c:\windows\system32\apalsyjr.dll
c:\windows\system32\api.dat
c:\windows\system32\api32.dll
c:\windows\system32\apwjuses.dll
c:\windows\system32\bvgckuyl.ini
c:\windows\system32\bwtxhwyu.dll
c:\windows\system32\bygpsq.dll
c:\windows\system32\C
c:\windows\system32\dgjhjltw.ini
c:\windows\system32\dykgxufa.ini
c:\windows\system32\fpybckrk.dll
c:\windows\system32\hmrael.dll
c:\windows\system32\iduxuitq.dll
c:\windows\system32\IN
c:\windows\system32\ki3
c:\windows\system32\kuuwctxo.ini
c:\windows\system32\kvwdyabx.ini
c:\windows\system32\lmipgd.dll
c:\windows\system32\Lnmnonmp.ini
c:\windows\system32\Lnmnonmp.ini2
c:\windows\system32\mbewdkfu.ini
c:\windows\system32\mcrh.tmp
c:\windows\system32\mykmpt.dll
c:\windows\system32\natcjwvk.dll
c:\windows\system32\neqrrbox.dll
c:\windows\system32\ofiwmjuh.ini
c:\windows\system32\ogrpmkjd.dll
c:\windows\system32\olgkgl.dll
c:\windows\system32\oxtcwuuk.dll
c:\windows\system32\pmnonmnL.dll
c:\windows\system32\poxgpy.dll
c:\windows\system32\pwjclgsf.ini
c:\windows\system32\rijldlti.ini
c:\windows\system32\riorle.dll
c:\windows\system32\roxddsie.dll
c:\windows\system32\sesujwpa.ini
c:\windows\system32\snikmcrg.ini
c:\windows\system32\ttsckeai.ini
c:\windows\system32\updatenf.dll
c:\windows\system32\uXPi02
c:\windows\system32\uywhxtwb.ini
c:\windows\system32\vrxaseul.ini
c:\windows\system32\vvkldthp.ini
c:\windows\system32\wgvkpowc.ini
c:\windows\system32\wtljhjgd.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_OREANS32
-------\Service_oreans32


((((((((((((((((((((((((( Files Created from 2008-11-24 to 2008-12-24 )))))))))))))))))))))))))))))))
.

2008-12-24 09:17 . 2008-12-24 09:17 <DIR> d-------- c:\documents and settings\Abria Laél\Application Data\McAfee
2008-12-23 18:28 . 2008-12-23 19:43 <DIR> d-------- c:\program files\EasyScript
2008-12-23 18:22 . 2008-12-23 18:22 4,390,831 --a------ c:\program files\attachments_2008_12_23.zip
2008-12-23 09:52 . 2008-12-23 09:52 1,615,442 --a------ c:\program files\ProcessExplorer.zip
2008-12-23 01:48 . 2008-12-23 01:49 <DIR> d-------- c:\program files\Image Mender
2008-12-23 00:59 . 2008-12-24 09:49 8,155 --a------ c:\windows\system32\Config.MPF
2008-12-23 00:58 . 2006-03-03 08:07 143,360 --a------ c:\windows\system32\dunzip32.dll
2008-12-23 00:55 . 2007-11-22 06:44 201,320 --a------ c:\windows\system32\drivers\mfehidk.sys
2008-12-23 00:55 . 2007-11-22 06:44 79,304 --a------ c:\windows\system32\drivers\mfeavfk.sys
2008-12-23 00:55 . 2007-12-02 12:51 40,488 --a------ c:\windows\system32\drivers\mfesmfk.sys
2008-12-23 00:55 . 2007-11-22 06:44 35,240 --a------ c:\windows\system32\drivers\mfebopk.sys
2008-12-23 00:55 . 2007-11-22 06:44 33,832 --a------ c:\windows\system32\drivers\mferkdk.sys
2008-12-23 00:54 . 2008-12-23 00:54 <DIR> d-------- c:\program files\McAfee.com
2008-12-23 00:54 . 2008-12-23 00:55 <DIR> d-------- c:\program files\Common Files\McAfee
2008-12-23 00:54 . 2007-07-13 06:20 113,952 --a------ c:\windows\system32\drivers\Mpfp.sys
2008-12-23 00:53 . 2008-12-23 14:49 <DIR> d-------- c:\program files\McAfee
2008-12-23 00:47 . 2008-12-24 09:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee
2008-12-22 17:11 . 2008-12-22 17:11 <DIR> d-------- c:\program files\Bonjour
2008-12-21 14:14 . 2008-12-21 14:14 <DIR> d-------- c:\program files\Shockwave.com
2008-12-21 07:08 . 2008-12-21 07:06 165,454 --a------ c:\windows\system32\raidmg.dll
2008-12-20 15:26 . 2008-12-20 15:26 <DIR> d-------- c:\program files\Typing Assistant (English) 4.2
2008-12-19 12:07 . 2008-12-19 12:07 <DIR> d--hs---- c:\windows\ftpcache
2008-12-19 12:06 . 2008-12-19 12:09 <DIR> d-------- c:\program files\Show.kit 2.1
2008-12-17 10:10 . 2008-12-17 10:10 <DIR> d-------- c:\documents and settings\Abria Laél\Application Data\DDWidget
2008-12-17 10:09 . 2008-12-17 10:09 <DIR> d-------- c:\program files\BrainexSoft
2008-12-17 10:09 . 2008-12-17 10:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\IsolatedStorage
2008-12-16 15:31 . 2008-12-16 15:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\PBGsavesDirectory
2008-12-16 15:18 . 2008-12-23 04:52 <DIR> d-------- c:\program files\The Princess Bride
2008-12-16 15:08 . 2008-12-16 15:08 <DIR> d-------- c:\program files\bfgclient
2008-12-16 15:04 . 2008-12-16 15:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2008-12-16 11:20 . 2008-12-16 11:20 126,976 --a------ c:\windows\lcmmfu.cpl
2008-12-16 11:20 . 2008-12-16 11:20 48,640 --a------ c:\windows\mmfs.dll
2008-12-16 11:20 . 2008-12-16 11:20 2,560 --a------ c:\windows\Runservice.exe
2008-12-16 11:20 . 2008-12-24 09:46 1,273 --ahs---- c:\windows\system32\mmf.sys
2008-12-16 11:14 . 2008-12-16 11:14 <DIR> d-------- c:\program files\Worldwide Biggies
2008-12-16 10:22 . 2008-12-16 10:22 <DIR> d-------- c:\program files\Crossword Writer
2008-12-16 10:21 . 2008-12-16 10:21 <DIR> d-------- c:\program files\Babble Deluxe
2008-12-14 23:55 . 2008-12-14 23:55 664 --a------ c:\windows\system32\d3d9caps.dat
2008-12-12 11:55 . 2008-12-12 11:55 0 --a------ c:\windows\wlist
2008-12-12 11:55 . 2008-12-12 11:55 0 --a------ c:\windows\hlist
2008-12-12 11:53 . 2008-12-12 11:53 <DIR> d-------- c:\windows\HMF
2008-12-12 11:18 . 2008-12-12 11:18 87,336 --a------ c:\windows\system32\dns-sd.exe
2008-12-12 11:11 . 2008-12-12 11:11 61,440 --a------ c:\windows\system32\dnssd.dll
2008-12-11 11:47 . 2008-12-11 11:47 <DIR> d-------- c:\documents and settings\Abria Laél\Contacts
2008-12-11 11:47 . 2008-12-11 11:47 <DIR> d-------- c:\documents and settings\Abria Laél\Contacts
2008-12-11 11:38 . 2008-12-11 11:38 268 --ah----- C:\sqmdata06.sqm
2008-12-11 11:38 . 2008-12-11 11:38 244 --ah----- C:\sqmnoopt06.sqm
2008-12-10 15:27 . 2008-12-10 15:27 <DIR> d-------- c:\program files\Consumer Input Rewarded with MyPoints, Consumer Input
2008-12-10 15:27 . 2008-12-10 15:27 <DIR> d-------- c:\documents and settings\Abria Laél\Application Data\compete
2008-12-10 13:47 . 2008-12-10 13:47 <DIR> d-------- c:\program files\FormatFactory
2008-12-10 11:26 . 2008-12-10 11:26 <DIR> d-------- c:\program files\Eltima Software
2008-12-10 11:26 . 2008-12-10 11:26 <DIR> d-------- c:\documents and settings\Abria Laél\Application Data\Eltima Software
2008-12-10 11:26 . 2007-12-02 14:13 40,960 --a------ c:\windows\wavdest.ax
2008-12-10 10:15 . 2008-12-10 10:15 114,688 --a------ c:\windows\system32\bmwniahj.dll
2008-12-10 06:21 . 2008-12-10 06:21 268 --ah----- C:\sqmdata05.sqm
2008-12-10 06:21 . 2008-12-10 06:21 244 --ah----- C:\sqmnoopt05.sqm
2008-12-10 01:06 . 2008-12-10 01:06 268 --ah----- C:\sqmdata04.sqm
2008-12-10 01:06 . 2008-12-10 01:06 244 --ah----- C:\sqmnoopt04.sqm
2008-12-09 14:56 . 2008-12-09 14:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\SiComponents
2008-12-09 14:55 . 2008-12-09 14:55 <DIR> d-------- c:\program files\SiComponents
2008-12-09 14:35 . 2008-12-19 15:15 <DIR> d-------- c:\documents and settings\Abria Laél\Application Data\eMusic
2008-12-09 14:32 . 2008-12-19 15:15 <DIR> d-------- c:\program files\eMusic Download Manager
2008-12-09 14:32 . 2008-12-19 13:34 <DIR> d-------- c:\program files\eMusic
2008-12-08 22:40 . 2008-12-08 22:46 617 --a------ c:\windows\tlknw20.ini
2008-12-08 08:27 . 2008-12-08 08:27 268 --ah----- C:\sqmdata03.sqm
2008-12-08 08:27 . 2008-12-08 08:27 244 --ah----- C:\sqmnoopt03.sqm
2008-12-08 08:16 . 2008-11-04 10:41 339,968 --a------ c:\windows\system32\MP3Enc.dll
2008-12-08 08:16 . 2008-11-04 10:41 77,824 --a------ c:\windows\system32\wavdest.ax
2008-12-07 15:56 . 2008-12-07 15:56 552 --a------ c:\windows\system32\d3d8caps.dat
2008-12-07 07:52 . 2008-12-07 07:52 <DIR> d-------- c:\program files\TechSmith
2008-12-07 07:52 . 2006-06-15 03:12 45,056 --a------ c:\windows\system32\CSvidcap.dll
2008-12-07 07:52 . 2008-12-07 07:52 268 --ah----- C:\sqmdata02.sqm
2008-12-07 07:52 . 2008-12-07 07:52 244 --ah----- C:\sqmnoopt02.sqm
2008-12-07 07:49 . 2008-12-24 09:32 <DIR> d-------- C:\Temp
2008-12-07 07:49 . 2008-12-08 08:47 192,000 --a------ c:\documents and settings\Abria Laél\gif.exe
2008-12-07 07:49 . 2008-12-08 08:47 192,000 --a------ c:\documents and settings\Abria Laél\gif.exe
2008-12-07 07:49 . 2008-12-07 07:49 366 --a------ C:\x.bat
2008-12-07 06:40 . 2008-12-23 01:33 <DIR> d-------- c:\program files\Total Network Monitor
2008-12-06 12:27 . 2008-12-06 12:27 8,628 --ah----- c:\windows\PLAYENU.GID
2008-12-06 12:25 . 2008-12-06 12:25 46 --a------ c:\windows\QTW.QTW
2008-12-05 23:16 . 2008-12-05 23:16 268 --ah----- C:\sqmdata01.sqm
2008-12-05 23:16 . 2008-12-05 23:16 244 --ah----- C:\sqmnoopt01.sqm
2008-12-05 23:07 . 2008-12-06 12:25 748 --a------ c:\windows\WININI.QTW
2008-12-05 23:07 . 2008-12-06 12:25 254 --a------ c:\windows\SYSINI.QTW
2008-12-05 22:51 . 2008-12-05 22:51 268 --ah----- C:\sqmdata00.sqm
2008-12-05 22:51 . 2008-12-05 22:51 244 --ah----- C:\sqmnoopt00.sqm
2008-12-05 21:21 . 2008-12-05 22:51 13,030 --a------ C:\PDOXUSRS.NET
2008-12-05 21:20 . 2008-12-05 21:20 <DIR> d-------- c:\program files\Trinity Software, Inc
2008-12-05 09:25 . 2008-12-05 09:27 <DIR> d-------- c:\program files\Windows Live
2008-12-05 09:25 . 2008-12-05 09:26 <DIR> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller
2008-12-05 09:24 . 2008-12-05 09:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\WLInstaller
2008-12-05 08:29 . 2008-12-05 08:29 <DIR> d-------- c:\program files\AnVir Task Manager
2008-12-04 09:11 . 2008-12-04 09:22 <DIR> d-------- c:\program files\project dogwaffle
2008-12-04 09:11 . 1999-05-06 23:00 244,232 --a------ c:\windows\system32\MSFLXGRD.OCX
2008-12-04 09:11 . 1998-11-03 10:45 94,208 --a------ c:\windows\system32\MsStkPrp.dll
2008-12-03 02:05 . 2008-12-03 02:09 <DIR> d-------- c:\program files\SoftDawn
2008-12-01 11:52 . 2008-12-01 11:52 <DIR> d-------- c:\program files\Windows Automation Macro Recorder
2008-11-30 11:50 . 2008-11-30 11:50 <DIR> d-------- c:\program files\ArzooSoft Solutions
2008-11-30 11:48 . 2008-11-28 00:24 414,665 --a------ C:\Setup-mfe.exe
2008-11-29 07:58 . 2008-11-29 07:58 <DIR> d-------- c:\program files\RemoteObserver
2008-11-29 07:57 . 2008-11-29 07:57 <DIR> d-------- c:\program files\RemoteObserverClient
2008-11-28 22:20 . 2008-11-28 22:20 <DIR> d-------- c:\program files\eBook Maestro FREE
2008-11-28 22:19 . 2008-11-28 22:19 <DIR> d-------- C:\vv
2008-11-28 20:02 . 2008-11-28 20:02 <DIR> d-------- C:\ebookswriter
2008-11-27 23:52 . 2008-11-27 23:52 <DIR> d-------- C:\Teach2000
2008-11-26 09:57 . 2008-11-26 09:57 <DIR> d-------- c:\documents and settings\LocalService\Application Data\agi
2008-11-26 08:26 . 2008-11-26 08:27 <DIR> d-------- c:\program files\Linkman
2008-11-25 22:18 . 2008-11-26 08:20 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-25 22:18 . 2008-11-26 09:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-25 10:24 . 2008-11-25 10:27 <DIR> d-------- c:\program files\MultiStage Recovery
2008-11-24 17:35 . 2008-11-24 17:36 <DIR> d-------- c:\program files\iTunes
2008-11-24 17:35 . 2008-11-24 17:35 <DIR> d-------- c:\program files\iPod
2008-11-24 17:35 . 2008-11-24 17:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-24 08:21 . 2008-11-24 08:25 <DIR> d-------- c:\program files\Smart Diary Suite 4
2008-11-24 01:25 . 2008-11-24 01:25 <DIR> d-------- c:\documents and settings\Guest\Application Data\EAST Technologies

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-24 14:48 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-24 14:47 --------- d-----w c:\program files\Chameleon Clock
2008-12-23 05:19 --------- d-----w c:\program files\Trend Micro
2008-12-21 17:55 --------- d-----w c:\program files\QuickTime
2008-12-20 21:12 --------- d-----w c:\program files\Type Booster
2008-12-20 20:39 --------- d-----w c:\program files\BitComet
2008-12-19 20:22 --------- d-----w c:\program files\Diplodock Company
2008-12-19 19:22 16,384 ----a-w c:\windows\DCEBoot.exe
2008-12-18 19:52 --------- d-----w c:\program files\Wondershare
2008-12-16 23:47 --------- d-----w c:\documents and settings\Abria Laél\Application Data\uTorrent
2008-12-15 16:21 --------- d-----w c:\program files\AllMedia Grabber
2008-12-12 17:01 --------- d-----w c:\program files\Hide Wizard
2008-12-10 15:31 --------- d-----w c:\program files\PDF to Image
2008-12-10 06:23 --------- d-----w c:\program files\Common Files\Adobe
2008-12-06 17:22 --------- d-----w c:\program files\American Sign Language
2008-12-06 15:56 --------- d-----w c:\program files\Encsoft
2008-12-04 16:45 2,874 ----a-w c:\documents and settings\Abria Laél\Application Data\SAS7_000.DAT
2008-12-03 17:24 --------- d-----w c:\documents and settings\All Users\Application Data\WholeSecurity
2008-11-28 04:22 --------- d-----w c:\program files\Teach2000
2008-11-27 17:50 --------- d-----w c:\program files\BinaryMark
2008-11-26 14:57 --------- d-----w c:\program files\Webshots
2008-11-26 13:58 --------- d-----w c:\program files\Free Offers from Freeze.com
2008-11-26 13:24 --------- d-----w c:\program files\GridinSoft
2008-11-26 13:23 --------- d-----w c:\documents and settings\Abria Laél\Application Data\Easy Macro Recorder
2008-11-24 22:35 --------- d-----w c:\program files\Common Files\Apple
2008-11-24 22:19 --------- d-----w c:\program files\Safari
2008-11-23 17:45 --------- d-----w c:\program files\Astro Gemini Software
2008-11-22 15:15 33,824 ----a-w c:\windows\system32\drivers\oreans32.sys
2008-11-22 15:15 --------- d-----w c:\documents and settings\Abria Laél\Application Data\SpellQuizzer
2008-11-22 15:13 --------- d-----w c:\program files\SpellQuizzer
2008-11-20 14:55 --------- d-----w c:\program files\Daniusoft
2008-11-17 19:38 --------- d-----w c:\program files\FreeGamePick.com
2008-11-16 17:54 --------- d-----w c:\program files\MegaSign Trial_V1.4
2008-11-16 13:14 --------- d-----w c:\program files\The Lost Watch 3D Screensaver
2008-11-15 14:49 --------- d-----w c:\program files\Digital Physiognomy
2008-11-13 15:58 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-10 14:07 --------- d-----w c:\program files\Microsoft ActiveSync
2008-11-10 09:24 --------- d-----w c:\program files\Vidroid
2008-11-09 14:08 --------- d-----w c:\program files\HotHotSoftwareFullVersion
2008-11-08 22:28 --------- d-----w c:\program files\easycalendarmaker
2008-11-08 22:23 --------- d-----w c:\program files\Realore
2008-11-07 15:33 --------- d-----w c:\documents and settings\Abria Laél\Application Data\Conceptworld
2008-11-07 15:32 --------- d-----w c:\program files\Conceptworld
2008-11-06 15:57 --------- d-----w c:\program files\Teknia
2008-11-06 14:08 --------- d-----w c:\program files\Uconomix
2008-11-06 04:19 --------- d-----w c:\program files\NoteAttack
2008-11-05 21:31 --------- d-----w c:\documents and settings\Abria Laél\Application Data\agi
2008-11-05 14:21 --------- d-----w c:\documents and settings\Abria Laél\Application Data\HTConsulting
2008-11-05 14:19 --------- d-----w c:\program files\NoteFrog
2008-11-04 14:58 --------- d-----w c:\documents and settings\Abria Laél\Application Data\Beyond Sync
2008-11-04 14:55 --------- d-----w c:\program files\Beyond Sync
2008-11-04 14:40 --------- d-----w c:\documents and settings\Abria Laél\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-11-03 18:21 --------- d-----w c:\program files\WinUtilities
2008-11-03 13:06 --------- d-----w c:\program files\CaptureIt
2008-11-01 20:59 --------- d-----w c:\documents and settings\NetworkService\Application Data\agi
2008-11-01 16:01 --------- d-----w c:\program files\Desksware
2008-10-31 16:42 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-10-31 16:41 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-31 16:40 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2008-10-31 16:35 --------- d-----w c:\program files\NOS
2008-10-31 12:44 --------- d-----w c:\program files\Smart CD Catalog PRO
2008-10-30 05:31 --------- d-----w c:\program files\Rosetta
2008-10-30 04:50 --------- d-----w c:\program files\Ax3soft
2008-10-28 09:50 --------- d-----w c:\program files\Reminder Commander
2008-10-27 12:10 --------- d-----w c:\documents and settings\All Users\Application Data\Watermark Factory
2008-10-27 12:09 --------- d-----w c:\program files\Watermark Factory 2
2008-10-26 21:00 339,968 ----a-w c:\windows\system32\pythoncom25.dll
2008-10-26 21:00 2,117,632 ----a-w c:\windows\system32\python25.dll
2008-10-26 21:00 114,688 ----a-w c:\windows\system32\pywintypes25.dll
2008-10-26 18:08 --------- d-----w c:\documents and settings\All Users\Application Data\agi
2008-10-26 18:07 --------- d-----w c:\program files\AGI
2008-10-26 17:33 --------- d-----w c:\documents and settings\Abria Laél\Application Data\cerasus.media
2008-10-25 14:55 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-10-25 14:53 --------- d-----w c:\program files\Give Away of the day
2008-10-24 15:45 --------- d-----w c:\program files\MagicScore Music Software
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-24 03:07 --------- d-----w c:\program files\The French Tutorial Personal Edition
2008-10-22 21:18 60,744 ----a-w c:\documents and settings\Abria Laél\g2mdlhlpx.exe
2008-10-22 21:18 60,744 ----a-w c:\documents and settings\Abria Laél\g2mdlhlpx.exe
2008-10-22 01:01 217,088 ----a-w c:\windows\system32\atasnt40.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 20:05 47,360 ----a-w c:\documents and settings\Abria Laél\Application Data\pcouffin.sys
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-06-17 13:26 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008061720080618\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-CEC4-75A487FD6484}]
2007-10-02 15:31 1909248 --a------ c:\progra~1\mypoints\mypoints.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
2008-07-28 05:46 160496 --a------ c:\program files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-CEC4-75A487FD6484}"= "c:\progra~1\mypoints\mypoints.dll" [2007-10-02 1909248]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A057A204-BACC-4D26-CEC4-75A487FD6484}"= "c:\progra~1\mypoints\mypoints.dll" [2007-10-02 1909248]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-cec4-75a487fd6484}]
[HKEY_CLASSES_ROOT\mypoints.MYPOINTS]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-09-19 4347120]
"HomeAlarm"="c:\program files\Chameleon Clock\ChamClock.exe" [2007-12-10 709632]
"AnVir Task Manager"="c:\program files\AnVir Task Manager\AnVir.exe" [2008-11-30 2733280]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" [2007-04-16 259624]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-26 185896]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

c:\documents and settings\Abria La‚l\Start Menu\Programs\Startup\
Dragon NaturallySpeaking.lnk - c:\program files\Nuance\NaturallySpeaking10\Program\natspeak.exe [2008-09-11 2815336]
Startup Defender.lnk - c:\program files\Zards software\Startup Defender\Startup Defender.exe [2008-07-06 1052160]
visiondefense.lnk - c:\program files\Vision Defense\Vision Defense.exe [2008-09-11 11954890]
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-03-18 4742184]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{1214FBE7-4464-4A7E-9958-B5851A7A30A3}"= "c:\program files\Conceptworld\RecentX\RXShell.dll" [2008-06-12 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2005-07-25 13:41 40960 c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=mykmpt.dll bygpsq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
"MSVideo"= CSvidcap.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli AsWlnPkg

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eBay Countdown.url]
backup=c:\windows\pss\eBay Countdown.urlCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CapTrue]
--a------ 2008-09-05 11:55 673280 c:\program files\CapTrue\captrue.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zweitgeist Assistant]
--a------ 2008-09-03 20:53 192512 c:\program files\weblin\weblinAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Widgets\\YahooWidgets.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
"c:\\Program Files\\Nuance\\NaturallySpeaking10\\Program\\datacollector.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 HFCore;HFCore;\??\c:\windows\system32\drivers\HFCore.sys [2006-05-30 18816]
R1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\DRIVERS\StarPortLite.sys [2008-10-25 93544]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2004-08-04 14336]
R2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [2008-12-16 2560]
S1 WudfRdd;WudfRdd;c:\windows\system32\drivers\WudfRdd.sys []
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-10-31 33752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d008cd74-6d66-11dd-8530-0019d246ccff}]
\Shell\AutoRun\command - F:\ClearPlayEasyUpdates.exe
.
Contents of the 'Scheduled Tasks' folder

2008-12-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-23 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2008-12-23 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2008-12-24 c:\windows\Tasks\NatSpeak Periodic Acoustic Optimization.job
- c:\program files\Nuance\NaturallySpeaking10\Program\schedmgr.exe [2008-09-11 04:51]

2008-12-24 c:\windows\Tasks\NatSpeak Periodic Data Collection.job
- c:\program files\Nuance\NaturallySpeaking10\Program\datacollector.exe [2008-09-11 04:51]

2008-12-24 c:\windows\Tasks\NatSpeak Periodic Language Model Optimization.job
- c:\program files\Nuance\NaturallySpeaking10\Program\schedmgr.exe [2008-09-11 04:51]

2008-12-23 c:\windows\Tasks\rpc.job
- c:\program files\Winferno\RegistryPowerCleaner\RegPowerClean.exe []
.
- - - - ORPHANS REMOVED - - - -

BHO-{8d65351c-8022-4ef4-891e-a913ac32a8f6} - c:\windows\system32\bygpsq.dll
BHO-{E721C75B-1107-4AC7-8172-7D96414449AF} - c:\windows\system32\pmnonmnL.dll
Toolbar-{34ea1c70-42cc-42c5-aa29-ec58b95a343e} - (no file)
Toolbar-{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - (no file)
Toolbar-{9ee802e8-c931-47ab-b570-aa8f791598ca} - (no file)
WebBrowser-{34EA1C70-42CC-42C5-AA29-EC58B95A343E} - (no file)
WebBrowser-{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - (no file)
WebBrowser-{9EE802E8-C931-47AB-B570-AA8F791598CA} - (no file)
HKCU-Run-RecentX - (no file)
HKLM-Run-Windows Logon Applicationedc - c:\documents and settings\Abria Laél\winlogon.exe
Notify-awtqqoNd - awtqqoNd.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.careerstep.com/
uInternet Settings,ProxyOverride = *.local
IE: &Search - ?p=ZJman000
IE: >Search in Linkman - file://c:\documents and settings\Abria Laél\My Documents\Linkman\iescript_search.htm
IE: Add to Linkman - file://c:\documents and settings\Abria Laél\My Documents\Linkman\iescript_add.htm
IE: Add to Linkman and Edit - file://c:\documents and settings\Abria Laél\My Documents\Linkman\iescript_edit.htm
IE: Add to Power Favorites - c:\program files\Desksware\Power Favorites\copyurl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: MWOL &Dictionary - c:\windows\_MWOLTB.DLL/23/219
IE: MWOL &Thesaurus - c:\windows\_MWOLTB.DLL/23/220
IE: Show Linkman - file://c:\documents and settings\Abria Laél\My Documents\Linkman\iescript_show.htm

c:\windows\Downloaded Program Files\CONFLICT.1\Microsoft.OfficeLive.Workspace.RichUpload.dll - O16 -: {07246F83-6D48-4559-81EC-117CBAE54F1B}
hxxp://workspace.office.live.com/Misc/M ... Upload.cab
c:\windows\Downloaded Program Files\CONFLICT.1\Microsoft.OfficeLive.Workspace.RichUpload.inf

c:\windows\Downloaded Program Files\mwolinstaller.dll - O16 -: {3CF32649-D1C0-4F42-AB44-ED284748920B}
hxxp://www.merriam-webster.com/download ... nstall.cab
c:\windows\Downloaded Program Files\mwoltb.inf

c:\windows\Downloaded Program Files\PIEHid.dll - c:\windows\Downloaded Program Files\footpedal.dll
O16 -: {BEB82CC6-09F3-43EA-BEB1-97188E21035D}
hxxp://shared.careerstep.com/footpedal.cab
c:\windows\Downloaded Program Files\footpedal.inf

c:\windows\Downloaded Program Files\Microsoft.OfficeLive.Workspace.RichUpload.dll - O16 -: {EE884C7D-21A0-49EA-B6F2-61ACF4E226F6}
hxxp://workspace.office.live.com/Misc/M ... Upload.cab
c:\windows\Downloaded Program Files\Microsoft.OfficeLive.Workspace.RichUpload.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-24 09:46:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(908)
c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
c:\program files\HPQ\IAM\Bin\ASChnl.dll
c:\program files\HPQ\IAM\Bin\ItMsg.dll

- - - - - - - > 'lsass.exe'(964)
c:\program files\HPQ\IAM\bin\AsWlnPkg.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\dllhost.exe
c:\program files\HPQ\IAM\Bin\asghost.exe
c:\windows\system32\msdtc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Consumer Input Rewarded with MyPoints, Consumer Input\ConsumerInputRewardedwithMyPoints,ConsumerInputUa.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\program files\McAfee\VirusScan\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\windows\system32\mqsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\mqtgsvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\program files\Consumer Input Rewarded with MyPoints, Consumer Input\ConsumerInputRewardedwithMyPoints,ConsumerInput.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2008-12-24 9:54:35 - machine was rebooted [Abria Laél]
ComboFix-quarantined-files.txt 2008-12-24 14:54:32

Pre-Run: 3,757,899,776 bytes free
Post-Run: 4,719,603,712 bytes free

488 --- E O F --- 2008-12-05 13:28:59



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:57:12 AM, on 12.24.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Chameleon Clock\ChamClock.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Consumer Input Rewarded with MyPoints, Consumer Input\ConsumerInputRewardedwithMyPoints,ConsumerInputUa.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Nuance\NaturallySpeaking10\Program\natspeak.exe
C:\Program Files\Zards software\Startup Defender\Startup Defender.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Consumer Input Rewarded with MyPoints, Consumer Input\ConsumerInputRewardedwithMyPoints,ConsumerInput.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\wordgirl.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.careerstep.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Merriam-Webster Online BHO - {5ADA9CAC-04F9-4DD2-ABFD-74D673BE8624} - C:\WINDOWS\_MWOLTB.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MYPOINTS - {A057A204-BACC-4D26-CEC4-75A487FD6484} - C:\PROGRA~1\mypoints\mypoints.dll
O2 - BHO: (no name) - {DC5F9604-C6E2-47D0-8E0F-E60FCCB334C7} - (no file)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: MYPOINTS - {A057A204-BACC-4D26-CEC4-75A487FD6484} - C:\PROGRA~1\mypoints\mypoints.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Merriam-Webster Online - {B7B76DD6-B6F0-4443-AF81-6A3ECF12A57D} - C:\WINDOWS\_MWOLTB.DLL
O3 - Toolbar: &Linkman - {5C9DCA26-CEC4-4280-A831-D622D4DBF113} - C:\PROGRA~1\Linkman\LINKMA~1.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking10\Ereg.ini
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [HomeAlarm] C:\Program Files\Chameleon Clock\ChamClock.exe
O4 - HKCU\..\Run: [AnVir Task Manager] "C:\Program Files\AnVir Task Manager\AnVir.exe" Minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Consumer Input Rewarded with MyPoints, Consumer Input Update] C:\Program Files\Consumer Input Rewarded with MyPoints, Consumer Input\ConsumerInputRewardedwithMyPoints,ConsumerInputUa.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\Nuance\NaturallySpeaking10\Program\natspeak.exe
O4 - Startup: Startup Defender.lnk = C:\Program Files\Zards software\Startup Defender\Startup Defender.exe
O4 - Startup: visiondefense.lnk = C:\Program Files\Vision Defense\Vision Defense.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O8 - Extra context menu item: &Search - ?p=ZJman000
O8 - Extra context menu item: >Search in Linkman - file://C:\Documents and Settings\Abria Laél\My Documents\Linkman\iescript_search.htm
O8 - Extra context menu item: Add to Linkman - file://C:\Documents and Settings\Abria Laél\My Documents\Linkman\iescript_add.htm
O8 - Extra context menu item: Add to Linkman and Edit - file://C:\Documents and Settings\Abria Laél\My Documents\Linkman\iescript_edit.htm
O8 - Extra context menu item: Add to Power Favorites - C:\Program Files\Desksware\Power Favorites\copyurl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: MWOL &Dictionary - res://C:\WINDOWS\_MWOLTB.DLL/23/219
O8 - Extra context menu item: MWOL &Thesaurus - res://C:\WINDOWS\_MWOLTB.DLL/23/220
O8 - Extra context menu item: Show Linkman - file://C:\Documents and Settings\Abria Laél\My Documents\Linkman\iescript_show.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {07246F83-6D48-4559-81EC-117CBAE54F1B} (Microsoft Office Live Workspace Upload Tool) - http://workspace.office.live.com/Misc/M ... Upload.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3CF32649-D1C0-4F42-AB44-ED284748920B} (Merriam-Webster Online Toolbar) - http://www.merriam-webster.com/download ... nstall.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 3707172546
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
O16 - DPF: {BEB82CC6-09F3-43EA-BEB1-97188E21035D} (FootPedalCtl Class) - http://shared.careerstep.com/footpedal.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://disney.webex.com/client/v_myweb ... eatgpc.cab
O16 - DPF: {EE884C7D-21A0-49EA-B6F2-61ACF4E226F6} (Microsoft Office Live Workspace Upload Tool) - http://workspace.office.live.com/Misc/M ... Upload.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/ ... 0.0.11.cab?
O20 - AppInit_DLLs: mykmpt.dll bygpsq.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 14298 bytes
wordgirl
Active Member
 
Posts: 14
Joined: December 20th, 2008, 8:14 pm

Re: Various Malware, Spyware, & Trojans found on Computer

Unread postby Shaba » December 24th, 2008, 11:18 am

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

Image

5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Various Malware, Spyware, & Trojans found on Computer

Unread postby wordgirl » December 24th, 2008, 12:53 pm

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9
Adobe Reader for Pocket PC 2.0
Adobe Shockwave Player
Adolix PDF Converter PRO v4.2
AdolixPDFConverter (novaPDF Professional Desktop OEM 5.5 print
Agere Systems HDA Modem
AllMedia Grabber
Almeza MultiSet Professional 6.1
AltDesk.1.8
Amazing Jigsaw
American Sign Language 3.2
AnVir Task Manager
Apple Mobile Device Support
Apple Software Update
Application Installer 4.00.B5
Aqua Bubble 2
Around the World in 80 Days 1.0
Atomic Alarm Clock 5.81
AVS DVDMenu Editor 1.2.1.19
AVS Video Editor 4
AVS Video Tools 5.6
AVS4YOU Software Navigator 1.2
Batch Image Enhancer 3.5
Batch Image Resizer 3.5
Batch Image Watermarker 3.5
Before You Know It 3.6
Beyond Sync 3.5.8.135
Big Fish Games Client
Bonjour
BurnAware Express 2.0.2
BusinessCardsMX 3.92
CapTrue
Capture Assistant
CaptureIt 1.1.0.0
Chameleon Clock 5.1
Comfort Keys Pro 3.1.3.0
ComputerScript 2.21
Consumer Input Rewarded with MyPoints, Consumer Input Software (remove only)
ConvertXtoDVD 3.2.1.55b
Cool RingTone Maker 1.1.2
Coral Reef 3D Screensaver 1.0
Coupon Printer for Windows
Daniusoft Media Converter(Build 2.3.1.34)
DDWidget Pro version 1.4
Digital Physiognomy (remove only)
DivX Codec
DivX Converter
DoubleSafety
Dragon NaturallySpeaking 10
Driver Magician 3.32
East-Tec Eraser 2008 Version 8.9
EasyCalendarMaker
eBay Toolbar Featuring Yahoo!
eBook Maestro FREE 1.80
eCover Engineer 5.5
eCover Engineer 5.5
Edraw Max 4
Expense Tracker 1.3
Express Scribe Uninstall
Extra DVD to FLV Ripper 5.6
Extra Video Converter 4.6
FlashWorks Converter
FormatFactory
Foxonic 3.0 (build 0198)
Free DVD Decrypter version 1.3
Free Video Flip and Rotate version 1.4
getPlus(R) for Adobe
Golden Autumn 3D Screensaver 1.0
GOM Player
Google Talk (remove only)
HijackThis 2.0.2
HippoEdit 1.34 - GiveAwayOfTheDay Edition
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Backup and Recovery Manager Installer
HP BIOS Configuration for ProtectTools 2.00 C3
HP Credential Manager for ProtectTools
HP Extended Capabilities 4.7
HP Help and Support
HP Image Zone 4.7
HP Notebook Accessories Product Tour
HP ProtectTools Security Manager 2.00 C3
HP PSC & OfficeJet 4.7
HP Quick Launch Buttons 6.00 D2
HP Software Update
HP Software Update
HP User Guides 0029
HP Wireless Assistant 2.00 E1
HyperSign 2.3p
Image Mender 1.1
ImgBurn
Inpaint
Intel(R) Graphics Media Accelerator Driver
InterVideo DVD Check
InterVideo WinDVD
Intrusion Detection System - Sax2 2.0
iRecordMax Sound Recorder v7.1.3
iTunes
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Kurso de Esperanto 3
LeaderTask 5.79
LinguaSaver_11
Linkman 7.6.0.18r
List Remove, List Replace, List Sort, List compare and duplicat
Magical File Encrypt v1.1
MagicScore
Mah Jong Adventures
Marble Tactics 1.0
McAfee SecurityCenter
MegaSign-Trial_V1.4
Merriam-Webster Online Toolbar
mgLaunch 1.2.2.B426
mgWindow 1.0.0.B509
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft ActiveSync
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
Mobipocket Reader 6.2
MP3 Rocket
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Multi Screen Emulator for Windows 2.0.2.0
MultiFind
MultiStage Recovery 3.6
myBabylon Toolbar
myBabylon_English Toolbar
MyPoints Toolbar
Need4 Video Converter 5.7
Netflix Movie Viewer
NetStat Agent 2.0
NewtPad 3.0
Note Attack v1.36
OverDrive Media Console
Paint.NET 3.8
PD Artist
PD Particles
PDF to HTML
PDF to Image
PDF to Text
PDF to Word
Power Favorites 1.7.1
PPTminimizer
Prism Video Converter
project dogwaffle
QuickTime
ratDVD 0.78.1444
RealPlayer
RecentX 2.0
Reminder Commander 2.20
RemoteObserver
RemoteObserverClient
Rhapsody
Rhapsody Player Engine
Safari
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB955936)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB955470)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Show.kit
Smart CD Catalog 2.53 Professional
Smart Diary Suite 4
Smart Install Maker 5.02
SoftMaker Office 2006 (C:\Program Files\SoftMaker Office 2006)
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic DLA
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
SoundMAX
SpanishUno 6.01
SpellQuizzer 1.0.1
Spybot - Search & Destroy
StarBurn(GiveAwayOfTheDay) Version 10 (Build 0x20081020)
SWF & FLV Toolbox 3.5 (build 3.5.23.412)
Synaptics Pointing Device Driver
Sync Now! 4.2.2.128
Teach2000 8.31
The French Tutorial Personal Edition
The Lost Watch 3D Screensaver 1.0
The Princess Bride
The Princess Bride Game
The Rosetta Stone
Total Network Monitor 1.0.1 (build 1100)
Tray Commander 2.3
Turtle Odyssey 2
Typing Assistant (English) 4.2
TypingMaster Pro
Uconomix Encryption Engine 1.0
Uninstall 1.0.0.1
Unix Utilities for Yahoo! Widgets
Update for Office 2007 (KB946691)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Videora Trial Version 2.15
Vidroid - ImagePut 1.1
Vision Defense
Visual C++ Runtime for Dragon NaturallySpeaking
Visual Vision EbooksWriterLITE_e
Watchtower Library 2007 - English
Watermark Factory 2
Web Forum Reader 2.0
WebEx
Webshots Desktop
WebVideo Author
Wii Video 9 2.25
Windows Automation Macro Recorder 1.0
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live SkyDrive Upload Tool
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Mobile® Device Handbook
Windows XP Service Pack 3
WinLog Assist 2.1
WinUtilities 6.2
Wondershare Movie Story GAOTD Edition 4.5.0
Wondershare Photo Collage Studio 4.2.8
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Mail Advisor
Yahoo! Messenger
Yahoo! Toolbar
Yahoo! Widgets
ZipGenius 6 (6.0.3.1150)
Zortam Mp3 Player 1.50
Zwei-Stein Video Compositor 3.01 (Beta 2).
wordgirl
Active Member
 
Posts: 14
Joined: December 20th, 2008, 8:14 pm

Re: Various Malware, Spyware, & Trojans found on Computer

Unread postby Shaba » December 24th, 2008, 1:43 pm

I'd like you to check a file for malware.
c:\documents and settings\Abria Laél\gif.exe

  • Copy/Paste the first file on the list into the white Upload a file box.
  • Click Send/Submit, and the file will upload to VirusTotal/Jotti, where it will be scanned by several anti-virus programmes.
  • After a while, a window will open, with details of what the scans found.
  • Save the complete results in a Notepad/Word document on your desktop.
  • Post back results here, please.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Various Malware, Spyware, & Trojans found on Computer

Unread postby wordgirl » December 24th, 2008, 2:42 pm

Antivirus Version Last Update Result
AntiVir 7.9.0.45 2008.12.24 -
Authentium 5.1.0.4 2008.12.24 -
Avast 4.8.1281.0 2008.12.24 -
AVG 8.0.0.199 2008.12.24 -
BitDefender 7.2 2008.12.24 -
CAT-QuickHeal 10.00 2008.12.24 -
ClamAV 0.94.1 2008.12.24 -
DrWeb 4.44.0.09170 2008.12.24 -
eSafe 7.0.17.0 2008.12.24 -
Ewido 4.0 2008.12.24 -
F-Prot 4.4.4.56 2008.12.24 -
F-Secure 8.0.14332.0 2008.12.24 -
GData 19 2008.12.24 -
Ikarus T3.1.1.45.0 2008.12.24 -
K7AntiVirus 7.10.564 2008.12.24 -
Kaspersky 7.0.0.125 2008.12.24 -
McAfee 5474 2008.12.24 -
McAfee+Artemis 5474 2008.12.24 -
Microsoft 1.4205 2008.12.24 -
NOD32 3716 2008.12.24 -
Norman 5.80.02 2008.12.24 -
Panda 9.0.0.4 2008.12.24 -
PCTools 4.4.2.0 2008.12.24 -
Prevx1 V2 2008.12.24 -
Rising 21.09.22.00 2008.12.24 -
SecureWeb-Gateway 6.7.6 2008.12.24 Trojan.LooksLike.Dropper
Sophos 4.37.0 2008.12.24 -
Sunbelt 3.2.1809.2 2008.12.22 -
Symantec 10 2008.12.24 -
ViRobot 2008.12.24.1534 2008.12.24 -
VirusBuster 4.5.11.0 2008.12.24 -
Additional information
File size: 192000 bytes
MD5...: 073c41474dbf7e2e2a9a4e5e6ca55d45
SHA1..: cd29d4e5aa395a8b9bab8684fe3da47fe4d8cda3
SHA256: 807db55b626469d48e34bdb769a3d18c7d1cf7116f11dd988b87676c19e23a6b
SHA512: 2dddb9cb9173139b970e5518bde6a99030f479778450bcb6078064a722583389
56a4738c881d56eb75d902eb466231b8170a4995b05381418980bedacc279682
ssdeep: 3072:2GLds2+YxJTrhqxIiqlpeek6uoKLcu3Ra9e2miJNmW/8vCzTJV+cFH2pyEe
cJUiD:2Gv+KJ/sck6uoRu0kx6Z/8KnJV+GHe4S
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4010b8
timedatestamp.....: 0x493ca5c4 (Mon Dec 08 04:42:44 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x27ec 0x2800 4.95 839c7382fdacefb86640751a4d46e6ae
.data 0x4000 0x31c 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x5000 0x2c0d0 0x2c200 8.00 371e7cbd7614e40f3c7ff72bc7da4818

( 1 imports )
> MSVBVM60.DLL: -, -, -, -, DllFunctionCall, __vbaExceptHandler, -, -, -, ProcCallEngine, -, -, -, -, -, -, -

( 0 exports )
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=073c41474dbf7e2e2a9a4e5e6ca55d45' target='_blank'>http://www.threatexpert.com/report.aspx?md5=073c41474dbf7e2e2a9a4e5e6ca55d45</a>
wordgirl
Active Member
 
Posts: 14
Joined: December 20th, 2008, 8:14 pm

Re: Various Malware, Spyware, & Trojans found on Computer

Unread postby Shaba » December 24th, 2008, 2:52 pm

Open notepad and copy/paste the text in the codebox below into it:

Code: Select all
File::
c:\windows\system32\bmwniahj.dll
c:\documents and settings\Abria Laél\gif.exe
C:\x.bat

Folder::
c:\program files\BitComet
c:\documents and settings\Abria Laél\Application Data\uTorrent

Driver::
WudfRdd

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-


Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Various Malware, Spyware, & Trojans found on Computer

Unread postby wordgirl » December 24th, 2008, 5:03 pm

I didn't have to end any processes; it did take around 20 minutes. After the log was created, the screen froze and I had to restart before running hijackthis.



ComboFix 08-12-24.01 - Abria Laél 2008-12-24 14:48:10.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.468 [GMT -5:00]
Running from: c:\documents and settings\Abria Laél\Desktop\ComboFix.exe
Command switches used :: c:\program files\Trend Micro\HijackThis\CFScript.txt
* Created a new restore point

FILE ::
c:\documents and settings\Abria Laél\gif.exe
c:\windows\system32\bmwniahj.dll
C:\x.bat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Abria Laél\Application Data\uTorrent
c:\documents and settings\Abria Laél\Application Data\uTorrent\dht.dat
c:\documents and settings\Abria Laél\Application Data\uTorrent\dht.dat.old
c:\documents and settings\Abria Laél\Application Data\uTorrent\resume.dat
c:\documents and settings\Abria Laél\Application Data\uTorrent\resume.dat.old
c:\documents and settings\Abria Laél\Application Data\uTorrent\rss.dat
c:\documents and settings\Abria Laél\Application Data\uTorrent\rss.dat.old
c:\documents and settings\Abria Laél\Application Data\uTorrent\settings.dat
c:\documents and settings\Abria Laél\Application Data\uTorrent\settings.dat.old
c:\documents and settings\Abria Laél\Application Data\uTorrent\The Princess Bride Game - Experience true love high adventure and 5 games-in-one_.torrent
c:\documents and settings\Abria Laél\gif.exe
c:\program files\BitComet
c:\program files\BitComet\fav\fav_bg_bg.xml
c:\program files\BitComet\fav\fav_ca_es.xml
c:\program files\BitComet\fav\fav_en_us.xml
c:\program files\BitComet\fav\fav_es_es.xml
c:\program files\BitComet\fav\fav_fi_fi.xml
c:\program files\BitComet\fav\fav_he_il.xml
c:\program files\BitComet\fav\fav_hu_hu.xml
c:\program files\BitComet\fav\fav_it_it.xml
c:\program files\BitComet\fav\fav_jp_jp.xml
c:\program files\BitComet\fav\fav_ko_kr.xml
c:\program files\BitComet\fav\fav_nl_nl.xml
c:\program files\BitComet\fav\fav_pl_pl.xml
c:\program files\BitComet\fav\fav_pt_br.xml
c:\program files\BitComet\fav\fav_pt_pt.xml
c:\program files\BitComet\fav\fav_ru_ru.xml
c:\program files\BitComet\fav\fav_sl_si.xml
c:\program files\BitComet\fav\fav_th_th.xml
c:\program files\BitComet\fav\fav_va_es.xml
c:\program files\BitComet\fav\fav_vi_vn.xml
c:\program files\BitComet\fav\fav_zh_cn.xml
c:\program files\BitComet\fav\fav_zh_tw.xml
c:\program files\BitComet\fav\HowTo-AddYourSite.txt
c:\program files\BitComet\fav\my_fav.xml
c:\program files\BitComet\fav\search_en_us.mht
c:\program files\BitComet\fav\search_zh_cn.mht
c:\program files\BitComet\lang\HowTo-Translate.txt
c:\program files\BitComet\lang\lang_ar_ae.xml
c:\program files\BitComet\lang\lang_bg_bg.xml
c:\program files\BitComet\lang\lang_ca_es.xml
c:\program files\BitComet\lang\lang_cz_cz.xml
c:\program files\BitComet\lang\lang_da_dk.xml
c:\program files\BitComet\lang\lang_de_de.xml
c:\program files\BitComet\lang\lang_el_gr.xml
c:\program files\BitComet\lang\lang_en_us.xml
c:\program files\BitComet\lang\lang_es_ar.xml
c:\program files\BitComet\lang\lang_es_es.xml
c:\program files\BitComet\lang\lang_et_ee.xml
c:\program files\BitComet\lang\lang_fi_fi.xml
c:\program files\BitComet\lang\lang_fr_fr.xml
c:\program files\BitComet\lang\lang_gl_es.xml
c:\program files\BitComet\lang\lang_he_il.xml
c:\program files\BitComet\lang\lang_hu_hu.xml
c:\program files\BitComet\lang\lang_it_it.xml
c:\program files\BitComet\lang\lang_jp_jp.xml
c:\program files\BitComet\lang\lang_ko_kr.xml
c:\program files\BitComet\lang\lang_nb_no.xml
c:\program files\BitComet\lang\lang_nl_nl.xml
c:\program files\BitComet\lang\lang_pl_pl.xml
c:\program files\BitComet\lang\lang_pt_br.xml
c:\program files\BitComet\lang\lang_pt_pt.xml
c:\program files\BitComet\lang\lang_ro_ro.xml
c:\program files\BitComet\lang\lang_ru_ru.xml
c:\program files\BitComet\lang\lang_sk_sk.xml
c:\program files\BitComet\lang\lang_sl_si.xml
c:\program files\BitComet\lang\lang_sr_sr.xml
c:\program files\BitComet\lang\lang_sv_se.xml
c:\program files\BitComet\lang\lang_th_th.xml
c:\program files\BitComet\lang\lang_tr_tr.xml
c:\program files\BitComet\lang\lang_va_es.xml
c:\program files\BitComet\lang\lang_vi_vn.xml
c:\program files\BitComet\lang\lang_zh_cn.xml
c:\program files\BitComet\lang\lang_zh_tw.xml
c:\program files\BitComet\rules\ipfilter.dat
c:\windows\system32\bmwniahj.dll
C:\x.bat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_WudfRdd


((((((((((((((((((((((((( Files Created from 2008-11-24 to 2008-12-24 )))))))))))))))))))))))))))))))
.

2008-12-24 09:54 . 2008-10-03 05:02 247,326 --------- c:\windows\system32\dllcache\strmdll.dll
2008-12-24 09:17 . 2008-12-24 09:17 <DIR> d-------- c:\documents and settings\Abria Laél\Application Data\McAfee
2008-12-23 18:28 . 2008-12-23 19:43 <DIR> d-------- c:\program files\EasyScript
2008-12-23 18:22 . 2008-12-23 18:22 4,390,831 --a------ c:\program files\attachments_2008_12_23.zip
2008-12-23 09:52 . 2008-12-23 09:52 1,615,442 --a------ c:\program files\ProcessExplorer.zip
2008-12-23 01:48 . 2008-12-23 01:49 <DIR> d-------- c:\program files\Image Mender
2008-12-23 00:59 . 2008-12-24 14:58 8,601 --a------ c:\windows\system32\Config.MPF
2008-12-23 00:58 . 2006-03-03 08:07 143,360 --a------ c:\windows\system32\dunzip32.dll
2008-12-23 00:55 . 2007-11-22 06:44 201,320 --a------ c:\windows\system32\drivers\mfehidk.sys
2008-12-23 00:55 . 2007-11-22 06:44 79,304 --a------ c:\windows\system32\drivers\mfeavfk.sys
2008-12-23 00:55 . 2007-12-02 12:51 40,488 --a------ c:\windows\system32\drivers\mfesmfk.sys
2008-12-23 00:55 . 2007-11-22 06:44 35,240 --a------ c:\windows\system32\drivers\mfebopk.sys
2008-12-23 00:55 . 2007-11-22 06:44 33,832 --a------ c:\windows\system32\drivers\mferkdk.sys
2008-12-23 00:54 . 2008-12-23 00:54 <DIR> d-------- c:\program files\McAfee.com
2008-12-23 00:54 . 2008-12-23 00:55 <DIR> d-------- c:\program files\Common Files\McAfee
2008-12-23 00:54 . 2007-07-13 06:20 113,952 --a------ c:\windows\system32\drivers\Mpfp.sys
2008-12-23 00:53 . 2008-12-23 14:49 <DIR> d-------- c:\program files\McAfee
2008-12-23 00:47 . 2008-12-24 09:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee
2008-12-22 17:11 . 2008-12-22 17:11 <DIR> d-------- c:\program files\Bonjour
2008-12-21 14:14 . 2008-12-21 14:14 <DIR> d-------- c:\program files\Shockwave.com
2008-12-21 07:08 . 2008-12-21 07:06 165,454 --a------ c:\windows\system32\raidmg.dll
2008-12-20 15:26 . 2008-12-20 15:26 <DIR> d-------- c:\program files\Typing Assistant (English) 4.2
2008-12-19 12:07 . 2008-12-19 12:07 <DIR> d--hs---- c:\windows\ftpcache
2008-12-19 12:06 . 2008-12-19 12:09 <DIR> d-------- c:\program files\Show.kit 2.1
2008-12-17 10:10 . 2008-12-17 10:10 <DIR> d-------- c:\documents and settings\Abria Laél\Application Data\DDWidget
2008-12-17 10:09 . 2008-12-17 10:09 <DIR> d-------- c:\program files\BrainexSoft
2008-12-17 10:09 . 2008-12-17 10:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\IsolatedStorage
2008-12-16 15:31 . 2008-12-16 15:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\PBGsavesDirectory
2008-12-16 15:18 . 2008-12-23 04:52 <DIR> d-------- c:\program files\The Princess Bride
2008-12-16 15:08 . 2008-12-16 15:08 <DIR> d-------- c:\program files\bfgclient
2008-12-16 15:04 . 2008-12-16 15:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2008-12-16 11:20 . 2008-12-16 11:20 126,976 --a------ c:\windows\lcmmfu.cpl
2008-12-16 11:20 . 2008-12-16 11:20 48,640 --a------ c:\windows\mmfs.dll
2008-12-16 11:20 . 2008-12-16 11:20 2,560 --a------ c:\windows\Runservice.exe
2008-12-16 11:20 . 2008-12-24 14:57 1,273 --ahs---- c:\windows\system32\mmf.sys
2008-12-16 11:14 . 2008-12-16 11:14 <DIR> d-------- c:\program files\Worldwide Biggies
2008-12-16 10:22 . 2008-12-16 10:22 <DIR> d-------- c:\program files\Crossword Writer
2008-12-16 10:21 . 2008-12-16 10:21 <DIR> d-------- c:\program files\Babble Deluxe
2008-12-14 23:55 . 2008-12-14 23:55 664 --a------ c:\windows\system32\d3d9caps.dat
2008-12-12 11:55 . 2008-12-12 11:55 0 --a------ c:\windows\wlist
2008-12-12 11:55 . 2008-12-12 11:55 0 --a------ c:\windows\hlist
2008-12-12 11:53 . 2008-12-12 11:53 <DIR> d-------- c:\windows\HMF
2008-12-12 11:18 . 2008-12-12 11:18 87,336 --a------ c:\windows\system32\dns-sd.exe
2008-12-12 11:11 . 2008-12-12 11:11 61,440 --a------ c:\windows\system32\dnssd.dll
2008-12-11 11:47 . 2008-12-11 11:47 <DIR> d-------- c:\documents and settings\Abria Laél\Contacts
2008-12-11 11:47 . 2008-12-11 11:47 <DIR> d-------- c:\documents and settings\Abria Laél\Contacts
2008-12-11 11:38 . 2008-12-11 11:38 268 --ah----- C:\sqmdata06.sqm
2008-12-11 11:38 . 2008-12-11 11:38 244 --ah----- C:\sqmnoopt06.sqm
2008-12-10 15:27 . 2008-12-10 15:27 <DIR> d-------- c:\program files\Consumer Input Rewarded with MyPoints, Consumer Input
2008-12-10 15:27 . 2008-12-10 15:27 <DIR> d-------- c:\documents and settings\Abria Laél\Application Data\compete
2008-12-10 13:47 . 2008-12-10 13:47 <DIR> d-------- c:\program files\FormatFactory
2008-12-10 11:26 . 2008-12-10 11:26 <DIR> d-------- c:\program files\Eltima Software
2008-12-10 11:26 . 2008-12-10 11:26 <DIR> d-------- c:\documents and settings\Abria Laél\Application Data\Eltima Software
2008-12-10 11:26 . 2007-12-02 14:13 40,960 --a------ c:\windows\wavdest.ax
2008-12-10 06:21 . 2008-12-10 06:21 268 --ah----- C:\sqmdata05.sqm
2008-12-10 06:21 . 2008-12-10 06:21 244 --ah----- C:\sqmnoopt05.sqm
2008-12-10 01:06 . 2008-12-10 01:06 268 --ah----- C:\sqmdata04.sqm
2008-12-10 01:06 . 2008-12-10 01:06 244 --ah----- C:\sqmnoopt04.sqm
2008-12-09 14:56 . 2008-12-09 14:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\SiComponents
2008-12-09 14:55 . 2008-12-09 14:55 <DIR> d-------- c:\program files\SiComponents
2008-12-09 14:35 . 2008-12-19 15:15 <DIR> d-------- c:\documents and settings\Abria Laél\Application Data\eMusic
2008-12-09 14:32 . 2008-12-19 15:15 <DIR> d-------- c:\program files\eMusic Download Manager
2008-12-09 14:32 . 2008-12-19 13:34 <DIR> d-------- c:\program files\eMusic
2008-12-08 22:40 . 2008-12-08 22:46 617 --a------ c:\windows\tlknw20.ini
2008-12-08 08:27 . 2008-12-08 08:27 268 --ah----- C:\sqmdata03.sqm
2008-12-08 08:27 . 2008-12-08 08:27 244 --ah----- C:\sqmnoopt03.sqm
2008-12-08 08:16 . 2008-11-04 10:41 339,968 --a------ c:\windows\system32\MP3Enc.dll
2008-12-08 08:16 . 2008-11-04 10:41 77,824 --a------ c:\windows\system32\wavdest.ax
2008-12-07 15:56 . 2008-12-07 15:56 552 --a------ c:\windows\system32\d3d8caps.dat
2008-12-07 07:52 . 2008-12-07 07:52 <DIR> d-------- c:\program files\TechSmith
2008-12-07 07:52 . 2006-06-15 03:12 45,056 --a------ c:\windows\system32\CSvidcap.dll
2008-12-07 07:52 . 2008-12-07 07:52 268 --ah----- C:\sqmdata02.sqm
2008-12-07 07:52 . 2008-12-07 07:52 244 --ah----- C:\sqmnoopt02.sqm
2008-12-07 07:49 . 2008-12-24 09:32 <DIR> d-------- C:\Temp
2008-12-07 06:40 . 2008-12-23 01:33 <DIR> d-------- c:\program files\Total Network Monitor
2008-12-06 12:27 . 2008-12-06 12:27 8,628 --ah----- c:\windows\PLAYENU.GID
2008-12-06 12:25 . 2008-12-06 12:25 46 --a------ c:\windows\QTW.QTW
2008-12-05 23:16 . 2008-12-05 23:16 268 --ah----- C:\sqmdata01.sqm
2008-12-05 23:16 . 2008-12-05 23:16 244 --ah----- C:\sqmnoopt01.sqm
2008-12-05 23:07 . 2008-12-06 12:25 748 --a------ c:\windows\WININI.QTW
2008-12-05 23:07 . 2008-12-06 12:25 254 --a------ c:\windows\SYSINI.QTW
2008-12-05 22:51 . 2008-12-05 22:51 268 --ah----- C:\sqmdata00.sqm
2008-12-05 22:51 . 2008-12-05 22:51 244 --ah----- C:\sqmnoopt00.sqm
2008-12-05 21:21 . 2008-12-05 22:51 13,030 --a------ C:\PDOXUSRS.NET
2008-12-05 21:20 . 2008-12-05 21:20 <DIR> d-------- c:\program files\Trinity Software, Inc
2008-12-05 09:25 . 2008-12-05 09:27 <DIR> d-------- c:\program files\Windows Live
2008-12-05 09:25 . 2008-12-05 09:26 <DIR> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller
2008-12-05 09:24 . 2008-12-05 09:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\WLInstaller
2008-12-05 08:29 . 2008-12-05 08:29 <DIR> d-------- c:\program files\AnVir Task Manager
2008-12-04 09:11 . 2008-12-04 09:22 <DIR> d-------- c:\program files\project dogwaffle
2008-12-04 09:11 . 1999-05-06 23:00 244,232 --a------ c:\windows\system32\MSFLXGRD.OCX
2008-12-04 09:11 . 1998-11-03 10:45 94,208 --a------ c:\windows\system32\MsStkPrp.dll
2008-12-03 02:05 . 2008-12-03 02:09 <DIR> d-------- c:\program files\SoftDawn
2008-12-01 11:52 . 2008-12-01 11:52 <DIR> d-------- c:\program files\Windows Automation Macro Recorder
2008-11-30 11:50 . 2008-11-30 11:50 <DIR> d-------- c:\program files\ArzooSoft Solutions
2008-11-30 11:48 . 2008-11-28 00:24 414,665 --a------ C:\Setup-mfe.exe
2008-11-29 07:58 . 2008-11-29 07:58 <DIR> d-------- c:\program files\RemoteObserver
2008-11-29 07:57 . 2008-11-29 07:57 <DIR> d-------- c:\program files\RemoteObserverClient
2008-11-28 22:20 . 2008-11-28 22:20 <DIR> d-------- c:\program files\eBook Maestro FREE
2008-11-28 22:19 . 2008-11-28 22:19 <DIR> d-------- C:\vv
2008-11-28 20:02 . 2008-11-28 20:02 <DIR> d-------- C:\ebookswriter
2008-11-27 23:52 . 2008-11-27 23:52 <DIR> d-------- C:\Teach2000
2008-11-26 09:57 . 2008-11-26 09:57 <DIR> d-------- c:\documents and settings\LocalService\Application Data\agi
2008-11-26 08:26 . 2008-11-26 08:27 <DIR> d-------- c:\program files\Linkman
2008-11-25 22:18 . 2008-11-26 08:20 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-25 22:18 . 2008-11-26 09:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-25 10:24 . 2008-11-25 10:27 <DIR> d-------- c:\program files\MultiStage Recovery
2008-11-24 17:35 . 2008-11-24 17:36 <DIR> d-------- c:\program files\iTunes
2008-11-24 17:35 . 2008-11-24 17:35 <DIR> d-------- c:\program files\iPod
2008-11-24 17:35 . 2008-11-24 17:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-24 08:21 . 2008-11-24 08:25 <DIR> d-------- c:\program files\Smart Diary Suite 4
2008-11-24 01:25 . 2008-11-24 01:25 <DIR> d-------- c:\documents and settings\Guest\Application Data\EAST Technologies

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-24 20:00 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-24 20:00 --------- d-----w c:\program files\Chameleon Clock
2008-12-24 18:09 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-24 18:05 --------- d-----w c:\program files\East-Tec Eraser 2008
2008-12-23 05:19 --------- d-----w c:\program files\Trend Micro
2008-12-21 17:55 --------- d-----w c:\program files\QuickTime
2008-12-20 21:12 --------- d-----w c:\program files\Type Booster
2008-12-19 20:22 --------- d-----w c:\program files\Diplodock Company
2008-12-19 19:22 16,384 ----a-w c:\windows\DCEBoot.exe
2008-12-18 19:52 --------- d-----w c:\program files\Wondershare
2008-12-15 16:21 --------- d-----w c:\program files\AllMedia Grabber
2008-12-12 17:01 --------- d-----w c:\program files\Hide Wizard
2008-12-10 15:31 --------- d-----w c:\program files\PDF to Image
2008-12-10 06:23 --------- d-----w c:\program files\Common Files\Adobe
2008-12-06 17:22 --------- d-----w c:\program files\American Sign Language
2008-12-06 15:56 --------- d-----w c:\program files\Encsoft
2008-12-04 16:45 2,874 ----a-w c:\documents and settings\Abria Laél\Application Data\SAS7_000.DAT
2008-12-03 17:24 --------- d-----w c:\documents and settings\All Users\Application Data\WholeSecurity
2008-11-28 04:22 --------- d-----w c:\program files\Teach2000
2008-11-27 17:50 --------- d-----w c:\program files\BinaryMark
2008-11-26 14:57 --------- d-----w c:\program files\Webshots
2008-11-26 13:58 --------- d-----w c:\program files\Free Offers from Freeze.com
2008-11-26 13:24 --------- d-----w c:\program files\GridinSoft
2008-11-26 13:23 --------- d-----w c:\documents and settings\Abria Laél\Application Data\Easy Macro Recorder
2008-11-24 22:35 --------- d-----w c:\program files\Common Files\Apple
2008-11-24 22:19 --------- d-----w c:\program files\Safari
2008-11-23 17:45 --------- d-----w c:\program files\Astro Gemini Software
2008-11-22 15:15 33,824 ----a-w c:\windows\system32\drivers\oreans32.sys
2008-11-22 15:15 --------- d-----w c:\documents and settings\Abria Laél\Application Data\SpellQuizzer
2008-11-22 15:13 --------- d-----w c:\program files\SpellQuizzer
2008-11-20 14:55 --------- d-----w c:\program files\Daniusoft
2008-11-17 19:38 --------- d-----w c:\program files\FreeGamePick.com
2008-11-16 17:54 --------- d-----w c:\program files\MegaSign Trial_V1.4
2008-11-16 13:14 --------- d-----w c:\program files\The Lost Watch 3D Screensaver
2008-11-15 14:49 --------- d-----w c:\program files\Digital Physiognomy
2008-11-10 14:07 --------- d-----w c:\program files\Microsoft ActiveSync
2008-11-10 09:24 --------- d-----w c:\program files\Vidroid
2008-11-09 14:08 --------- d-----w c:\program files\HotHotSoftwareFullVersion
2008-11-08 22:28 --------- d-----w c:\program files\easycalendarmaker
2008-11-08 22:23 --------- d-----w c:\program files\Realore
2008-11-07 15:33 --------- d-----w c:\documents and settings\Abria Laél\Application Data\Conceptworld
2008-11-07 15:32 --------- d-----w c:\program files\Conceptworld
2008-11-06 15:57 --------- d-----w c:\program files\Teknia
2008-11-06 14:08 --------- d-----w c:\program files\Uconomix
2008-11-06 04:19 --------- d-----w c:\program files\NoteAttack
2008-11-05 21:31 --------- d-----w c:\documents and settings\Abria Laél\Application Data\agi
2008-11-05 14:21 --------- d-----w c:\documents and settings\Abria Laél\Application Data\HTConsulting
2008-11-05 14:19 --------- d-----w c:\program files\NoteFrog
2008-11-04 14:58 --------- d-----w c:\documents and settings\Abria Laél\Application Data\Beyond Sync
2008-11-04 14:55 --------- d-----w c:\program files\Beyond Sync
2008-11-04 14:40 --------- d-----w c:\documents and settings\Abria Laél\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-11-03 18:21 --------- d-----w c:\program files\WinUtilities
2008-11-03 13:06 --------- d-----w c:\program files\CaptureIt
2008-11-01 20:59 --------- d-----w c:\documents and settings\NetworkService\Application Data\agi
2008-11-01 16:01 --------- d-----w c:\program files\Desksware
2008-10-31 16:42 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-10-31 16:41 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-31 16:40 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2008-10-31 16:35 --------- d-----w c:\program files\NOS
2008-10-31 12:44 --------- d-----w c:\program files\Smart CD Catalog PRO
2008-10-30 05:31 --------- d-----w c:\program files\Rosetta
2008-10-30 04:50 --------- d-----w c:\program files\Ax3soft
2008-10-28 09:50 --------- d-----w c:\program files\Reminder Commander
2008-10-27 12:10 --------- d-----w c:\documents and settings\All Users\Application Data\Watermark Factory
2008-10-27 12:09 --------- d-----w c:\program files\Watermark Factory 2
2008-10-26 18:08 --------- d-----w c:\documents and settings\All Users\Application Data\agi
2008-10-26 18:07 --------- d-----w c:\program files\AGI
2008-10-26 17:33 --------- d-----w c:\documents and settings\Abria Laél\Application Data\cerasus.media
2008-10-25 14:55 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-10-25 14:53 --------- d-----w c:\program files\Give Away of the day
2008-10-24 15:45 --------- d-----w c:\program files\MagicScore Music Software
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 03:07 --------- d-----w c:\program files\The French Tutorial Personal Edition
2008-10-22 21:18 60,744 ----a-w c:\documents and settings\Abria Laél\g2mdlhlpx.exe
2008-10-22 21:18 60,744 ----a-w c:\documents and settings\Abria Laél\g2mdlhlpx.exe
2008-10-15 20:05 47,360 ----a-w c:\documents and settings\Abria Laél\Application Data\pcouffin.sys
2008-10-04 16:19 385,024 ----a-w c:\windows\_MWOLTB.DLL
2008-09-22 14:17 303 ----a-w c:\documents and settings\All Users\License.dat
2008-09-13 05:30 947 ----a-w c:\program files\OneNote 2007 Screen Clipper and Launcher.lnk
1998-06-20 04:00 286,720 ----a-w c:\program files\SETUP1.EXE
2008-06-17 13:26 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008061720080618\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-12-24_ 9.53.53.84 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-26 07:24:28 124,928 -c----w c:\windows\ie7updates\KB958215-IE7\advpack.dll
+ 2008-08-26 07:24:28 347,136 -c----w c:\windows\ie7updates\KB958215-IE7\dxtmsft.dll
+ 2008-08-26 07:24:28 214,528 -c----w c:\windows\ie7updates\KB958215-IE7\dxtrans.dll
+ 2008-08-26 07:24:28 133,120 -c----w c:\windows\ie7updates\KB958215-IE7\extmgr.dll
+ 2008-08-26 07:24:28 63,488 -c----w c:\windows\ie7updates\KB958215-IE7\icardie.dll
+ 2008-08-25 08:37:59 70,656 -c----w c:\windows\ie7updates\KB958215-IE7\ie4uinit.exe
+ 2008-08-26 07:24:28 153,088 -c----w c:\windows\ie7updates\KB958215-IE7\ieakeng.dll
+ 2008-08-26 07:24:28 230,400 -c----w c:\windows\ie7updates\KB958215-IE7\ieaksie.dll
+ 2008-08-23 05:54:51 161,792 -c----w c:\windows\ie7updates\KB958215-IE7\ieakui.dll
+ 2008-08-26 07:24:28 383,488 -c----w c:\windows\ie7updates\KB958215-IE7\ieapfltr.dll
+ 2008-08-26 07:24:29 384,512 -c----w c:\windows\ie7updates\KB958215-IE7\iedkcs32.dll
+ 2008-10-03 17:41:15 6,066,176 -c----w c:\windows\ie7updates\KB958215-IE7\ieframe.dll
+ 2008-08-26 07:24:29 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\iernonce.dll
+ 2008-08-26 07:24:29 267,776 -c----w c:\windows\ie7updates\KB958215-IE7\iertutil.dll
+ 2008-08-25 08:38:00 13,824 -c----w c:\windows\ie7updates\KB958215-IE7\ieudinit.exe
+ 2008-08-23 05:56:15 635,848 -c----w c:\windows\ie7updates\KB958215-IE7\iexplore.exe
+ 2008-08-26 07:24:30 27,648 -c----w c:\windows\ie7updates\KB958215-IE7\jsproxy.dll
+ 2008-08-26 07:24:30 459,264 -c----w c:\windows\ie7updates\KB958215-IE7\msfeeds.dll
+ 2008-08-26 07:24:30 52,224 -c----w c:\windows\ie7updates\KB958215-IE7\msfeedsbs.dll
+ 2008-08-26 07:24:30 477,696 -c----w c:\windows\ie7updates\KB958215-IE7\mshtmled.dll
+ 2008-08-26 07:24:30 193,024 -c----w c:\windows\ie7updates\KB958215-IE7\msrating.dll
+ 2008-08-26 07:24:30 671,232 -c----w c:\windows\ie7updates\KB958215-IE7\mstime.dll
+ 2008-08-26 07:24:30 102,912 -c----w c:\windows\ie7updates\KB958215-IE7\occache.dll
+ 2008-08-26 07:24:30 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\updspapi.dll
+ 2008-08-26 07:24:30 105,984 -c----w c:\windows\ie7updates\KB958215-IE7\url.dll
+ 2008-08-26 07:24:31 1,159,680 -c----w c:\windows\ie7updates\KB958215-IE7\urlmon.dll
+ 2008-08-26 07:24:31 233,472 -c----w c:\windows\ie7updates\KB958215-IE7\webcheck.dll
+ 2008-08-26 07:24:31 826,368 -c----w c:\windows\ie7updates\KB958215-IE7\wininet.dll
+ 2008-08-27 08:24:32 3,593,216 -c----w c:\windows\ie7updates\KB960714-IE7\mshtml.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\updspapi.dll
- 2008-11-13 15:58:12 20,240 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-12-24 18:09:18 20,240 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-11-13 15:58:11 184,080 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-12-24 18:09:18 184,080 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
- 2008-11-13 15:58:12 217,864 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2008-12-24 18:09:18 217,864 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2008-11-13 15:58:12 18,704 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-12-24 18:09:18 18,704 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-11-13 15:58:12 35,088 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-12-24 18:09:18 35,088 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-11-13 15:58:12 922,384 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-12-24 18:09:18 922,384 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2008-11-13 15:58:12 888,080 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-12-24 18:09:18 888,080 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-11-13 15:58:11 1,172,240 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-12-24 18:09:18 1,172,240 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-08-26 07:24:28 124,928 ----a-w c:\windows\system32\advpack.dll
+ 2008-10-16 20:38:34 124,928 ----a-w c:\windows\system32\advpack.dll
- 2008-12-24 14:12:26 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-12-24 18:24:41 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-12-24 14:12:26 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-12-24 18:24:41 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-12-24 14:12:26 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-24 18:24:41 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-08-26 07:24:28 124,928 ------w c:\windows\system32\dllcache\advpack.dll
+ 2008-10-16 20:38:34 124,928 ------w c:\windows\system32\dllcache\advpack.dll
- 2008-08-26 07:24:28 347,136 ------w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-10-16 20:38:34 347,136 ------w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-08-26 07:24:28 214,528 ------w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-10-16 20:38:34 214,528 ------w c:\windows\system32\dllcache\dxtrans.dll
- 2008-08-26 07:24:28 133,120 ----a-w c:\windows\system32\dllcache\extmgr.dll
+ 2008-10-16 20:38:35 133,120 ----a-w c:\windows\system32\dllcache\extmgr.dll
+ 2008-10-23 12:36:14 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
- 2008-08-26 07:24:28 63,488 ------w c:\windows\system32\dllcache\icardie.dll
+ 2008-10-16 20:38:35 63,488 ------w c:\windows\system32\dllcache\icardie.dll
- 2008-08-25 08:37:59 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-10-16 13:11:09 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
- 2008-08-26 07:24:28 153,088 ----a-w c:\windows\system32\dllcache\ieakeng.dll
+ 2008-10-16 20:38:35 153,088 ----a-w c:\windows\system32\dllcache\ieakeng.dll
- 2008-08-26 07:24:28 230,400 ----a-w c:\windows\system32\dllcache\ieaksie.dll
+ 2008-10-16 20:38:35 230,400 ----a-w c:\windows\system32\dllcache\ieaksie.dll
- 2008-08-23 05:54:51 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
+ 2008-10-15 07:04:53 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
- 2008-08-26 07:24:28 383,488 ------w c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-10-16 20:38:35 383,488 ------w c:\windows\system32\dllcache\ieapfltr.dll
- 2008-08-26 07:24:29 384,512 ------w c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-10-16 20:38:35 384,512 ------w c:\windows\system32\dllcache\iedkcs32.dll
- 2008-10-03 17:41:15 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
+ 2008-10-16 20:38:37 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
- 2008-08-26 07:24:29 44,544 ----a-w c:\windows\system32\dllcache\iernonce.dll
+ 2008-10-16 20:38:37 44,544 ----a-w c:\windows\system32\dllcache\iernonce.dll
- 2008-08-26 07:24:29 267,776 ------w c:\windows\system32\dllcache\iertutil.dll
+ 2008-10-16 20:38:37 267,776 ------w c:\windows\system32\dllcache\iertutil.dll
- 2008-08-25 08:38:00 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
+ 2008-10-16 13:11:09 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
- 2008-08-23 05:56:15 635,848 ------w c:\windows\system32\dllcache\iexplore.exe
+ 2008-10-15 07:06:26 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
- 2008-08-26 07:24:30 27,648 ------w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-10-16 20:38:37 27,648 ------w c:\windows\system32\dllcache\jsproxy.dll
- 2006-10-19 00:03:58 100,864 ----a-w c:\windows\system32\dllcache\logagent.exe
+ 2008-06-18 06:09:22 100,864 ----a-w c:\windows\system32\dllcache\logagent.exe
- 2008-08-26 07:24:30 459,264 ------w c:\windows\system32\dllcache\msfeeds.dll
+ 2008-10-16 20:38:37 459,264 ------w c:\windows\system32\dllcache\msfeeds.dll
- 2008-08-26 07:24:30 52,224 ------w c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-10-16 20:38:37 52,224 ------w c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-08-27 08:24:32 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
+ 2008-12-13 06:40:02 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
- 2008-08-26 07:24:30 477,696 ------w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-10-16 20:38:38 477,696 ------w c:\windows\system32\dllcache\mshtmled.dll
- 2008-08-26 07:24:30 193,024 ------w c:\windows\system32\dllcache\msrating.dll
+ 2008-10-16 20:38:38 193,024 ------w c:\windows\system32\dllcache\msrating.dll
- 2008-08-26 07:24:30 671,232 ----a-w c:\windows\system32\dllcache\mstime.dll
+ 2008-10-16 20:38:39 671,232 ----a-w c:\windows\system32\dllcache\mstime.dll
- 2008-08-26 07:24:30 102,912 ------w c:\windows\system32\dllcache\occache.dll
+ 2008-10-16 20:38:39 102,912 ------w c:\windows\system32\dllcache\occache.dll
- 2008-08-26 07:24:30 44,544 ------w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-10-16 20:38:39 44,544 ------w c:\windows\system32\dllcache\pngfilt.dll
- 2008-08-26 07:24:30 105,984 ------w c:\windows\system32\dllcache\url.dll
+ 2008-10-16 20:38:39 105,984 ------w c:\windows\system32\dllcache\url.dll
- 2008-08-26 07:24:31 1,159,680 ------w c:\windows\system32\dllcache\urlmon.dll
+ 2008-10-16 20:38:39 1,160,192 ------w c:\windows\system32\dllcache\urlmon.dll
- 2008-08-26 07:24:31 233,472 ------w c:\windows\system32\dllcache\webcheck.dll
+ 2008-10-16 20:38:39 233,472 ------w c:\windows\system32\dllcache\webcheck.dll
- 2008-08-26 07:24:31 826,368 ------w c:\windows\system32\dllcache\wininet.dll
+ 2008-10-16 20:38:40 826,368 ------w c:\windows\system32\dllcache\wininet.dll
- 2006-10-19 01:47:20 937,984 -c--a-w c:\windows\system32\dllcache\WMNetMgr.dll
+ 2008-06-18 10:03:08 938,496 ----a-w c:\windows\system32\dllcache\WMNetmgr.dll
- 2006-10-19 01:47:22 2,450,944 -c--a-w c:\windows\system32\dllcache\wmvcore.dll
+ 2008-06-18 10:03:14 2,458,112 ----a-w c:\windows\system32\dllcache\WMVCore.dll
- 2008-08-26 07:24:28 347,136 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-10-16 20:38:34 347,136 ----a-w c:\windows\system32\dxtmsft.dll
- 2008-08-26 07:24:28 214,528 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-10-16 20:38:34 214,528 ----a-w c:\windows\system32\dxtrans.dll
- 2008-08-26 07:24:28 133,120 ----a-w c:\windows\system32\extmgr.dll
+ 2008-10-16 20:38:35 133,120 ----a-w c:\windows\system32\extmgr.dll
- 2008-04-14 00:11:54 285,184 ----a-w c:\windows\system32\gdi32.dll
+ 2008-10-23 12:36:14 286,720 ----a-w c:\windows\system32\gdi32.dll
- 2008-08-26 07:24:28 63,488 ----a-w c:\windows\system32\icardie.dll
+ 2008-10-16 20:38:35 63,488 ----a-w c:\windows\system32\icardie.dll
- 2008-08-25 08:37:59 70,656 ----a-w c:\windows\system32\ie4uinit.exe
+ 2008-10-16 13:11:09 70,656 ----a-w c:\windows\system32\ie4uinit.exe
- 2008-08-26 07:24:28 153,088 ----a-w c:\windows\system32\ieakeng.dll
+ 2008-10-16 20:38:35 153,088 ----a-w c:\windows\system32\ieakeng.dll
- 2008-08-26 07:24:28 230,400 ----a-w c:\windows\system32\ieaksie.dll
+ 2008-10-16 20:38:35 230,400 ----a-w c:\windows\system32\ieaksie.dll
- 2008-08-23 05:54:51 161,792 ----a-w c:\windows\system32\ieakui.dll
+ 2008-10-15 07:04:53 161,792 ----a-w c:\windows\system32\ieakui.dll
- 2008-08-26 07:24:28 383,488 ----a-w c:\windows\system32\ieapfltr.dll
+ 2008-10-16 20:38:35 383,488 ----a-w c:\windows\system32\ieapfltr.dll
- 2008-08-26 07:24:29 384,512 ----a-w c:\windows\system32\iedkcs32.dll
+ 2008-10-16 20:38:35 384,512 ----a-w c:\windows\system32\iedkcs32.dll
- 2008-10-03 17:41:15 6,066,176 ----a-w c:\windows\system32\ieframe.dll
+ 2008-10-16 20:38:37 6,066,176 ----a-w c:\windows\system32\ieframe.dll
- 2008-08-26 07:24:29 44,544 ----a-w c:\windows\system32\iernonce.dll
+ 2008-10-16 20:38:37 44,544 ----a-w c:\windows\system32\iernonce.dll
- 2008-08-26 07:24:29 267,776 ----a-w c:\windows\system32\iertutil.dll
+ 2008-10-16 20:38:37 267,776 ----a-w c:\windows\system32\iertutil.dll
- 2008-08-25 08:38:00 13,824 ----a-w c:\windows\system32\ieudinit.exe
+ 2008-10-16 13:11:09 13,824 ----a-w c:\windows\system32\ieudinit.exe
- 2008-08-26 07:24:30 27,648 ----a-w c:\windows\system32\jsproxy.dll
+ 2008-10-16 20:38:37 27,648 ----a-w c:\windows\system32\jsproxy.dll
- 2006-10-19 00:03:58 100,864 -c--a-w c:\windows\system32\logagent.exe
+ 2008-06-18 06:09:22 100,864 ----a-w c:\windows\system32\logagent.exe
- 2008-11-04 00:10:25 17,318,336 ----a-w c:\windows\system32\MRT.exe
+ 2008-12-09 23:24:37 17,593,280 ----a-w c:\windows\system32\MRT.exe
- 2008-08-26 07:24:30 459,264 ----a-w c:\windows\system32\msfeeds.dll
+ 2008-10-16 20:38:37 459,264 ----a-w c:\windows\system32\msfeeds.dll
- 2008-08-26 07:24:30 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
+ 2008-10-16 20:38:37 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
- 2008-08-27 08:24:32 3,593,216 ----a-w c:\windows\system32\mshtml.dll
+ 2008-12-13 06:40:02 3,593,216 ----a-w c:\windows\system32\mshtml.dll
- 2008-08-26 07:24:30 477,696 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-10-16 20:38:38 477,696 ----a-w c:\windows\system32\mshtmled.dll
- 2008-08-26 07:24:30 193,024 ----a-w c:\windows\system32\msrating.dll
+ 2008-10-16 20:38:38 193,024 ----a-w c:\windows\system32\msrating.dll
- 2008-08-26 07:24:30 671,232 ----a-w c:\windows\system32\mstime.dll
+ 2008-10-16 20:38:39 671,232 ----a-w c:\windows\system32\mstime.dll
- 2008-08-26 07:24:30 102,912 ----a-w c:\windows\system32\occache.dll
+ 2008-10-16 20:38:39 102,912 ----a-w c:\windows\system32\occache.dll
- 2008-08-26 07:24:30 44,544 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-10-16 20:38:39 44,544 ----a-w c:\windows\system32\pngfilt.dll
- 2008-07-08 13:02:01 17,272 ----a-w c:\windows\system32\spmsg.dll
+ 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll
- 2008-04-14 00:12:07 246,814 ----a-w c:\windows\system32\strmdll.dll
+ 2008-10-03 10:02:42 247,326 ----a-w c:\windows\system32\strmdll.dll
- 2008-07-11 12:42:28 62,976 ----a-w c:\windows\system32\tzchange.exe
+ 2008-10-23 10:06:59 62,976 ----a-w c:\windows\system32\tzchange.exe
- 2008-08-26 07:24:30 105,984 ----a-w c:\windows\system32\url.dll
+ 2008-10-16 20:38:39 105,984 ----a-w c:\windows\system32\url.dll
- 2008-08-26 07:24:31 1,159,680 ----a-w c:\windows\system32\urlmon.dll
+ 2008-10-16 20:38:39 1,160,192 ----a-w c:\windows\system32\urlmon.dll
- 2008-08-26 07:24:31 233,472 ----a-w c:\windows\system32\webcheck.dll
+ 2008-10-16 20:38:39 233,472 ----a-w c:\windows\system32\webcheck.dll
- 2008-08-26 07:24:31 826,368 ----a-w c:\windows\system32\wininet.dll
+ 2008-10-16 20:38:40 826,368 ----a-w c:\windows\system32\wininet.dll
- 2006-10-19 01:47:20 937,984 ----a-w c:\windows\system32\WMNetMgr.dll
+ 2008-06-18 10:03:08 938,496 ----a-w c:\windows\system32\WMNetmgr.dll
- 2006-10-19 01:47:22 2,450,944 ----a-w c:\windows\system32\wmvcore.dll
+ 2008-06-18 10:03:14 2,458,112 ----a-w c:\windows\system32\WMVCore.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-CEC4-75A487FD6484}]
2007-10-02 15:31 1909248 --a------ c:\progra~1\mypoints\mypoints.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
2008-07-28 05:46 160496 --a------ c:\program files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-CEC4-75A487FD6484}"= "c:\progra~1\mypoints\mypoints.dll" [2007-10-02 1909248]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A057A204-BACC-4D26-CEC4-75A487FD6484}"= "c:\progra~1\mypoints\mypoints.dll" [2007-10-02 1909248]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-cec4-75a487fd6484}]
[HKEY_CLASSES_ROOT\mypoints.MYPOINTS]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-09-19 4347120]
"HomeAlarm"="c:\program files\Chameleon Clock\ChamClock.exe" [2007-12-10 709632]
"AnVir Task Manager"="c:\program files\AnVir Task Manager\AnVir.exe" [2008-11-30 2733280]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" [2007-04-16 259624]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-26 185896]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"MBkLogOnHook"="c:\program files\McAfee\MBK\LogOnHook.exe" [2007-01-08 20480]

c:\documents and settings\Abria La‚l\Start Menu\Programs\Startup\
Dragon NaturallySpeaking.lnk - c:\program files\Nuance\NaturallySpeaking10\Program\natspeak.exe [2008-09-11 2815336]
Startup Defender.lnk - c:\program files\Zards software\Startup Defender\Startup Defender.exe [2008-07-06 1052160]
visiondefense.lnk - c:\program files\Vision Defense\Vision Defense.exe [2008-09-11 11954890]
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-03-18 4742184]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{1214FBE7-4464-4A7E-9958-B5851A7A30A3}"= "c:\program files\Conceptworld\RecentX\RXShell.dll" [2008-06-12 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2005-07-25 13:41 40960 c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
"MSVideo"= CSvidcap.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli AsWlnPkg

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eBay Countdown.url]
backup=c:\windows\pss\eBay Countdown.urlCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CapTrue]
--a------ 2008-09-05 11:55 673280 c:\program files\CapTrue\captrue.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zweitgeist Assistant]
--a------ 2008-09-03 20:53 192512 c:\program files\weblin\weblinAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Widgets\\YahooWidgets.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
"c:\\Program Files\\Nuance\\NaturallySpeaking10\\Program\\datacollector.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 HFCore;HFCore;\??\c:\windows\system32\drivers\HFCore.sys [2006-05-30 18816]
R1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\DRIVERS\StarPortLite.sys [2008-10-25 93544]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2004-08-04 14336]
R2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [2008-12-16 2560]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-10-31 33752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d008cd74-6d66-11dd-8530-0019d246ccff}]
\Shell\AutoRun\command - F:\ClearPlayEasyUpdates.exe
.
Contents of the 'Scheduled Tasks' folder

2008-12-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-23 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2008-12-23 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2008-12-24 c:\windows\Tasks\NatSpeak Periodic Acoustic Optimization.job
- c:\program files\Nuance\NaturallySpeaking10\Program\schedmgr.exe [2008-09-11 04:51]

2008-12-24 c:\windows\Tasks\NatSpeak Periodic Data Collection.job
- c:\program files\Nuance\NaturallySpeaking10\Program\datacollector.exe [2008-09-11 04:51]

2008-12-24 c:\windows\Tasks\NatSpeak Periodic Language Model Optimization.job
- c:\program files\Nuance\NaturallySpeaking10\Program\schedmgr.exe [2008-09-11 04:51]

2008-12-23 c:\windows\Tasks\rpc.job
- c:\program files\Winferno\RegistryPowerCleaner\RegPowerClean.exe []
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.careerstep.com/
uInternet Settings,ProxyOverride = *.local
IE: &Search - ?p=ZJman000
IE: >Search in Linkman - file://c:\documents and settings\Abria Laél\My Documents\Linkman\iescript_search.htm
IE: Add to Linkman - file://c:\documents and settings\Abria Laél\My Documents\Linkman\iescript_add.htm
IE: Add to Linkman and Edit - file://c:\documents and settings\Abria Laél\My Documents\Linkman\iescript_edit.htm
IE: Add to Power Favorites - c:\program files\Desksware\Power Favorites\copyurl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: MWOL &Dictionary - c:\windows\_MWOLTB.DLL/23/219
IE: MWOL &Thesaurus - c:\windows\_MWOLTB.DLL/23/220
IE: Show Linkman - file://c:\documents and settings\Abria Laél\My Documents\Linkman\iescript_show.htm

c:\windows\Downloaded Program Files\CONFLICT.1\Microsoft.OfficeLive.Workspace.RichUpload.dll - O16 -: {07246F83-6D48-4559-81EC-117CBAE54F1B}
hxxp://workspace.office.live.com/Misc/M ... Upload.cab
c:\windows\Downloaded Program Files\CONFLICT.1\Microsoft.OfficeLive.Workspace.RichUpload.inf

c:\windows\Downloaded Program Files\mwolinstaller.dll - O16 -: {3CF32649-D1C0-4F42-AB44-ED284748920B}
hxxp://www.merriam-webster.com/download ... nstall.cab
c:\windows\Downloaded Program Files\mwoltb.inf

c:\windows\Downloaded Program Files\PIEHid.dll - c:\windows\Downloaded Program Files\footpedal.dll
O16 -: {BEB82CC6-09F3-43EA-BEB1-97188E21035D}
hxxp://shared.careerstep.com/footpedal.cab
c:\windows\Downloaded Program Files\footpedal.inf

c:\windows\Downloaded Program Files\Microsoft.OfficeLive.Workspace.RichUpload.dll - O16 -: {EE884C7D-21A0-49EA-B6F2-61ACF4E226F6}
hxxp://workspace.office.live.com/Misc/M ... Upload.cab
c:\windows\Downloaded Program Files\Microsoft.OfficeLive.Workspace.RichUpload.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-24 14:58:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(908)
c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
c:\program files\HPQ\IAM\Bin\ASChnl.dll
c:\program files\HPQ\IAM\Bin\ItMsg.dll

- - - - - - - > 'lsass.exe'(964)
c:\program files\HPQ\IAM\bin\AsWlnPkg.dll

- - - - - - - > 'Explorer.EXE'(3256)
c:\program files\HPQ\IAM\Bin\SFSShell.dll
c:\program files\HPQ\IAM\bin\ItMsg.dll
c:\docume~1\ABRIAL~1\LOCALS~1\Temp\catchme.dll
c:\program files\Conceptworld\RecentX\RxResEnu.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll
c:\program files\Chameleon Clock\trayclock.dll
c:\program files\AnVir Task Manager\AnvirHook54.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\dllhost.exe
c:\windows\system32\msdtc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\McAfee\MBK\MBackMonitor.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\program files\McAfee\VirusScan\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\windows\system32\mqsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\mqtgsvc.exe
c:\program files\HPQ\IAM\Bin\asghost.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\combofix\hidec.exe
c:\program files\Consumer Input Rewarded with MyPoints, Consumer Input\ConsumerInputRewardedwithMyPoints,ConsumerInputUa.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\windows\system32\drwtsn32.exe
c:\windows\system32\drwtsn32.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
c:\windows\system32\taskmgr.exe
c:\program files\Consumer Input Rewarded with MyPoints, Consumer Input\ConsumerInputRewardedwithMyPoints,ConsumerInput.exe
c:\combofix\Catchme.tmp
.
**************************************************************************
.
Completion time: 2008-12-24 15:04:43 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-24 20:03:25
ComboFix2.txt 2008-12-24 14:54:36

Pre-Run: 4,267,642,880 bytes free
Post-Run: 4,308,758,528 bytes free

694 --- E O F --- 2008-12-24 18:09:21



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:20:27 PM, on 12.24.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Chameleon Clock\ChamClock.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Consumer Input Rewarded with MyPoints, Consumer Input\ConsumerInputRewardedwithMyPoints,ConsumerInputUa.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Nuance\NaturallySpeaking10\Program\natspeak.exe
C:\Program Files\Zards software\Startup Defender\Startup Defender.exe
C:\Program Files\Vision Defense\Vision Defense.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Consumer Input Rewarded with MyPoints, Consumer Input\ConsumerInputRewardedwithMyPoints,ConsumerInput.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Trend Micro\HijackThis\wordgirl.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.careerstep.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Merriam-Webster Online BHO - {5ADA9CAC-04F9-4DD2-ABFD-74D673BE8624} - C:\WINDOWS\_MWOLTB.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MYPOINTS - {A057A204-BACC-4D26-CEC4-75A487FD6484} - C:\PROGRA~1\mypoints\mypoints.dll
O2 - BHO: (no name) - {DC5F9604-C6E2-47D0-8E0F-E60FCCB334C7} - (no file)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: MYPOINTS - {A057A204-BACC-4D26-CEC4-75A487FD6484} - C:\PROGRA~1\mypoints\mypoints.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Merriam-Webster Online - {B7B76DD6-B6F0-4443-AF81-6A3ECF12A57D} - C:\WINDOWS\_MWOLTB.DLL
O3 - Toolbar: &Linkman - {5C9DCA26-CEC4-4280-A831-D622D4DBF113} - C:\PROGRA~1\Linkman\LINKMA~1.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking10\Ereg.ini
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [HomeAlarm] C:\Program Files\Chameleon Clock\ChamClock.exe
O4 - HKCU\..\Run: [AnVir Task Manager] "C:\Program Files\AnVir Task Manager\AnVir.exe" Minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Consumer Input Rewarded with MyPoints, Consumer Input Update] C:\Program Files\Consumer Input Rewarded with MyPoints, Consumer Input\ConsumerInputRewardedwithMyPoints,ConsumerInputUa.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\Nuance\NaturallySpeaking10\Program\natspeak.exe
O4 - Startup: Startup Defender.lnk = C:\Program Files\Zards software\Startup Defender\Startup Defender.exe
O4 - Startup: visiondefense.lnk = C:\Program Files\Vision Defense\Vision Defense.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O8 - Extra context menu item: &Search - ?p=ZJman000
O8 - Extra context menu item: >Search in Linkman - file://C:\Documents and Settings\Abria Laél\My Documents\Linkman\iescript_search.htm
O8 - Extra context menu item: Add to Linkman - file://C:\Documents and Settings\Abria Laél\My Documents\Linkman\iescript_add.htm
O8 - Extra context menu item: Add to Linkman and Edit - file://C:\Documents and Settings\Abria Laél\My Documents\Linkman\iescript_edit.htm
O8 - Extra context menu item: Add to Power Favorites - C:\Program Files\Desksware\Power Favorites\copyurl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: MWOL &Dictionary - res://C:\WINDOWS\_MWOLTB.DLL/23/219
O8 - Extra context menu item: MWOL &Thesaurus - res://C:\WINDOWS\_MWOLTB.DLL/23/220
O8 - Extra context menu item: Show Linkman - file://C:\Documents and Settings\Abria Laél\My Documents\Linkman\iescript_show.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {07246F83-6D48-4559-81EC-117CBAE54F1B} (Microsoft Office Live Workspace Upload Tool) - http://workspace.office.live.com/Misc/M ... Upload.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3CF32649-D1C0-4F42-AB44-ED284748920B} (Merriam-Webster Online Toolbar) - http://www.merriam-webster.com/download ... nstall.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 3707172546
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
O16 - DPF: {BEB82CC6-09F3-43EA-BEB1-97188E21035D} (FootPedalCtl Class) - http://shared.careerstep.com/footpedal.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://disney.webex.com/client/v_myweb ... eatgpc.cab
O16 - DPF: {EE884C7D-21A0-49EA-B6F2-61ACF4E226F6} (Microsoft Office Live Workspace Upload Tool) - http://workspace.office.live.com/Misc/M ... Upload.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/ ... 0.0.11.cab?
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 14330 bytes
wordgirl
Active Member
 
Posts: 14
Joined: December 20th, 2008, 8:14 pm

Re: Various Malware, Spyware, & Trojans found on Computer

Unread postby Shaba » December 25th, 2008, 4:17 am

Please go to Kaspersky website and perform an online antivirus scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select ''Run as administrator'' to perform this scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply along with a fresh HijackThis log.

If you need a tutorial, see here
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Various Malware, Spyware, & Trojans found on Computer

Unread postby wordgirl » December 27th, 2008, 3:24 am

I had some problems with Kaspersky when I had trouble disabling McAfee. Then it got to the end twice after about 10 hours and restarted before I could view the scan report! I had surgery today, (wisdom teeth pulled), and have been home resting while I decided to try it one last time. I was able to excecute. Although they both found infected files, I have not "fixed"' anything yet through Kaspersky nor McAfee.



--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, December 27, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, December 26, 2008 17:50:15
Records in database: 1518304
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 255912
Threat name: 9
Infected objects: 25
Suspicious objects: 0
Duration of the scan: 10:10:09


File name / Threat name / Threats count
C:\Documents and Settings\Administrator\My Documents\Downloads\WinRAR 3.7 Full Corporate Edition\wr_3.7_corporate.exe Infected: Trojan.Win32.Monder.gen 1
C:\My Backup -- 12-05-08 1420\Documents and Settings\Chameleon\Local Settings\Temp\NERO14399\Toolbar.exe Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.bm 1
C:\My Backup -- 16-06-08 1813\Documents and Settings\Administrator\Local Settings\Temp\NERO14399\Toolbar.exe Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.bm 1
C:\My Backup -- 16-06-08 1813\Program Files\Trend Micro\Internet Security\Quarantine\30.tmp Infected: Trojan.Win32.Monder.gen 1
C:\My Backup -- 16-06-08 1813\Program Files\Trend Micro\Internet Security\Quarantine\36.tmp Infected: Trojan.Win32.LowZones.gb 1
C:\My Backup -- 16-06-08 1813\Program Files\Trend Micro\Internet Security\Quarantine\37.tmp Infected: Trojan.Win32.Monder.gen 1
C:\My Backup -- 16-06-08 1813\Program Files\Trend Micro\Internet Security\Quarantine\39.tmp Infected: Trojan.Win32.Monder.gen 1
C:\My Backup -- 16-06-08 1813\Program Files\Trend Micro\Internet Security\Quarantine\3A.tmp Infected: Trojan.Win32.Monder.gen 1
C:\My Backup -- 16-06-08 1813\Program Files\Trend Micro\Internet Security\Quarantine\A0011787.dll Infected: Trojan.Win32.Monder.gen 1
C:\My Backup -- 16-06-08 1813\Program Files\Trend Micro\Internet Security\Quarantine\A0011788.dll Infected: Trojan.Win32.Agent.rep 1
C:\My Backup -- 16-06-08 1813\Program Files\Trend Micro\Internet Security\Quarantine\dkfjklvh.dll Infected: Trojan.Win32.Monder.gen 1
C:\My Backup -- 16-06-08 1813\Program Files\Trend Micro\Internet Security\Quarantine\endgwnts.dll Infected: Trojan.Win32.Agent.rep 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\bwtxhwyu.dll.vir Infected: Trojan.Win32.Monder.afdh 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\bygpsq.dll.vir Infected: Trojan.Win32.Monder.afdj 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\iduxuitq.dll.vir Infected: Trojan.Win32.Monder.afdj 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\ogrpmkjd.dll.vir Infected: Trojan.Win32.Monder.afdj 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\poxgpy.dll.vir Infected: Trojan.Win32.Monder.afdj 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP2\A0000014.EXE Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ee 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP2\A0000060.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ca 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP2\A0000061.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ea 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP2\A0000147.dll Infected: Trojan.Win32.Monder.afdh 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP2\A0000148.dll Infected: Trojan.Win32.Monder.afdj 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP2\A0000153.dll Infected: Trojan.Win32.Monder.afdj 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP2\A0000162.dll Infected: Trojan.Win32.Monder.afdj 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP2\A0000166.dll Infected: Trojan.Win32.Monder.afdj 1

The selected area was scanned.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:57:26 AM, on 12.27.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Chameleon Clock\ChamClock.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Consumer Input Rewarded with MyPoints, Consumer Input\ConsumerInputRewardedwithMyPoints,ConsumerInputUa.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Nuance\NaturallySpeaking10\Program\natspeak.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0_07\bin\javaw.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Consumer Input Rewarded with MyPoints, Consumer Input\ConsumerInputRewardedwithMyPoints,ConsumerInput.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\McAfee\MSC\mcshell.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\wordgirl.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.careerstep.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Merriam-Webster Online BHO - {5ADA9CAC-04F9-4DD2-ABFD-74D673BE8624} - C:\WINDOWS\_MWOLTB.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MYPOINTS - {A057A204-BACC-4D26-CEC4-75A487FD6484} - C:\PROGRA~1\mypoints\mypoints.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {DC5F9604-C6E2-47D0-8E0F-E60FCCB334C7} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: MYPOINTS - {A057A204-BACC-4D26-CEC4-75A487FD6484} - C:\PROGRA~1\mypoints\mypoints.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Merriam-Webster Online - {B7B76DD6-B6F0-4443-AF81-6A3ECF12A57D} - C:\WINDOWS\_MWOLTB.DLL
O3 - Toolbar: &Linkman - {5C9DCA26-CEC4-4280-A831-D622D4DBF113} - C:\PROGRA~1\Linkman\LINKMA~1.DLL
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking10\Ereg.ini
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [HomeAlarm] C:\Program Files\Chameleon Clock\ChamClock.exe
O4 - HKCU\..\Run: [AnVir Task Manager] "C:\Program Files\AnVir Task Manager\AnVir.exe" Minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Consumer Input Rewarded with MyPoints, Consumer Input Update] C:\Program Files\Consumer Input Rewarded with MyPoints, Consumer Input\ConsumerInputRewardedwithMyPoints,ConsumerInputUa.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\Nuance\NaturallySpeaking10\Program\natspeak.exe
O4 - Startup: Startup Defender.lnk = C:\Program Files\Zards software\Startup Defender\Startup Defender.exe
O4 - Startup: visiondefense.lnk = C:\Program Files\Vision Defense\Vision Defense.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O8 - Extra context menu item: &Search - ?p=ZJman000
O8 - Extra context menu item: >Search in Linkman - file://C:\Documents and Settings\Abria Laél\My Documents\Linkman\iescript_search.htm
O8 - Extra context menu item: Add to Linkman - file://C:\Documents and Settings\Abria Laél\My Documents\Linkman\iescript_add.htm
O8 - Extra context menu item: Add to Linkman and Edit - file://C:\Documents and Settings\Abria Laél\My Documents\Linkman\iescript_edit.htm
O8 - Extra context menu item: Add to Power Favorites - C:\Program Files\Desksware\Power Favorites\copyurl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: MWOL &Dictionary - res://C:\WINDOWS\_MWOLTB.DLL/23/219
O8 - Extra context menu item: MWOL &Thesaurus - res://C:\WINDOWS\_MWOLTB.DLL/23/220
O8 - Extra context menu item: Show Linkman - file://C:\Documents and Settings\Abria Laél\My Documents\Linkman\iescript_show.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {07246F83-6D48-4559-81EC-117CBAE54F1B} (Microsoft Office Live Workspace Upload Tool) - http://workspace.office.live.com/Misc/M ... Upload.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3CF32649-D1C0-4F42-AB44-ED284748920B} (Merriam-Webster Online Toolbar) - http://www.merriam-webster.com/download ... nstall.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 3707172546
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
O16 - DPF: {BEB82CC6-09F3-43EA-BEB1-97188E21035D} (FootPedalCtl Class) - http://shared.careerstep.com/footpedal.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://disney.webex.com/client/v_myweb ... eatgpc.cab
O16 - DPF: {EE884C7D-21A0-49EA-B6F2-61ACF4E226F6} (Microsoft Office Live Workspace Upload Tool) - http://workspace.office.live.com/Misc/M ... Upload.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/ ... 0.0.11.cab?
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 14415 bytes
wordgirl
Active Member
 
Posts: 14
Joined: December 20th, 2008, 8:14 pm

Re: Various Malware, Spyware, & Trojans found on Computer

Unread postby Shaba » December 27th, 2008, 5:15 am

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

Image

5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Various Malware, Spyware, & Trojans found on Computer

Unread postby wordgirl » December 27th, 2008, 11:55 am

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9
Adobe Reader for Pocket PC 2.0
Adobe Shockwave Player
Adolix PDF Converter PRO v4.2
AdolixPDFConverter (novaPDF Professional Desktop OEM 5.5 print
Agere Systems HDA Modem
AllMedia Grabber
Almeza MultiSet Professional 6.1
AltDesk.1.8
Amazing Jigsaw
American Sign Language 3.2
AnVir Task Manager
Apple Mobile Device Support
Apple Software Update
Application Installer 4.00.B5
Aqua Bubble 2
Aqua Words
Around the World in 80 Days 1.0
Atomic Alarm Clock 5.81
AVS DVDMenu Editor 1.2.1.19
AVS Video Editor 4
AVS Video Tools 5.6
AVS4YOU Software Navigator 1.2
Batch Image Enhancer 3.5
Batch Image Resizer 3.5
Batch Image Watermarker 3.5
Before You Know It 3.6
Beyond Sync 3.5.8.135
Big Fish Games Client
Bonjour
BurnAware Express 2.0.2
BusinessCardsMX 3.92
CapTrue
Capture Assistant
CaptureIt 1.1.0.0
Chameleon Clock 5.1
Comfort Keys Pro 3.1.3.0
ComputerScript 2.21
Consumer Input Rewarded with MyPoints, Consumer Input Software (remove only)
ConvertXtoDVD 3.2.1.55b
Cool RingTone Maker 1.1.2
Coral Reef 3D Screensaver 1.0
Coupon Printer for Windows
Daniusoft Media Converter(Build 2.3.1.34)
DDWidget Pro version 1.4
Digital Physiognomy (remove only)
DivX Codec
DivX Converter
DoubleSafety
Dragon NaturallySpeaking 10
Driver Magician 3.32
East-Tec Eraser 2008 Version 8.9
EasyCalendarMaker
eBay Toolbar Featuring Yahoo!
eBook Maestro FREE 1.80
eCover Engineer 5.5
eCover Engineer 5.5
Edraw Max 4
Expense Tracker 1.3
Express Scribe Uninstall
Extra DVD to FLV Ripper 5.6
Extra Video Converter 4.6
FlashWorks Converter
FormatFactory
Foxonic 3.0 (build 0198)
Free DVD Decrypter version 1.3
Free Video Flip and Rotate version 1.4
getPlus(R) for Adobe
Golden Autumn 3D Screensaver 1.0
GOM Player
Google Talk (remove only)
HijackThis 2.0.2
HippoEdit 1.34 - GiveAwayOfTheDay Edition
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Backup and Recovery Manager Installer
HP BIOS Configuration for ProtectTools 2.00 C3
HP Credential Manager for ProtectTools
HP Extended Capabilities 4.7
HP Help and Support
HP Image Zone 4.7
HP Notebook Accessories Product Tour
HP ProtectTools Security Manager 2.00 C3
HP PSC & OfficeJet 4.7
HP Quick Launch Buttons 6.00 D2
HP Software Update
HP Software Update
HP User Guides 0029
HP Wireless Assistant 2.00 E1
HyperSign 2.3p
Image Mender 1.1
ImgBurn
Inpaint
Intel(R) Graphics Media Accelerator Driver
InterVideo DVD Check
InterVideo WinDVD
Intrusion Detection System - Sax2 2.0
iRecordMax Sound Recorder v7.1.3
iTunes
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 11
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Kurso de Esperanto 3
LeaderTask 5.79
LinguaSaver_11
Linkman 7.6.0.18r
List Remove, List Replace, List Sort, List compare and duplicat
Magical File Encrypt v1.1
MagicScore
Mah Jong Adventures
Marble Tactics 1.0
McAfee SecurityCenter
MegaSign-Trial_V1.4
Merriam-Webster Online Toolbar
mgLaunch 1.2.2.B426
mgWindow 1.0.0.B509
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft ActiveSync
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
Mobipocket Reader 6.2
MP3 Rocket
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Multi Screen Emulator for Windows 2.0.2.0
MultiFind
MultiStage Recovery 3.6
myBabylon Toolbar
myBabylon_English Toolbar
MyPoints Toolbar
Need4 Video Converter 5.7
Netflix Movie Viewer
NetStat Agent 2.0
NewtPad 3.0
Note Attack v1.36
OverDrive Media Console
Paint.NET 3.8
PD Artist
PD Particles
PDF to HTML
PDF to Image
PDF to Text
PDF to Word
Power Favorites 1.7.1
PPTminimizer
Prism Video Converter
project dogwaffle
QuickTime
ratDVD 0.78.1444
RealPlayer
RecentX 2.0
Reminder Commander 2.20
RemoteObserver
RemoteObserverClient
Rhapsody
Rhapsody Player Engine
Safari
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Show.kit
Smart CD Catalog 2.53 Professional
Smart Diary Suite 4
Smart Install Maker 5.02
SoftMaker Office 2006 (C:\Program Files\SoftMaker Office 2006)
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic DLA
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
SoundMAX
SpanishUno 6.01
SpellQuizzer 1.0.1
Spybot - Search & Destroy
StarBurn(GiveAwayOfTheDay) Version 10 (Build 0x20081020)
SWF & FLV Toolbox 3.5 (build 3.5.23.412)
Synaptics Pointing Device Driver
Sync Now! 4.2.2.128
Teach2000 8.31
The French Tutorial Personal Edition
The Lost Watch 3D Screensaver 1.0
The Princess Bride
The Princess Bride Game
The Rosetta Stone
Total Network Monitor 1.0.1 (build 1100)
Tray Commander 2.3
Turtle Odyssey 2
Typing Assistant (English) 4.2
TypingMaster Pro
Uconomix Encryption Engine 1.0
Uninstall 1.0.0.1
Unix Utilities for Yahoo! Widgets
Update for Office 2007 (KB946691)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Videora Trial Version 2.15
Vidroid - ImagePut 1.1
Vision Defense
Visual C++ Runtime for Dragon NaturallySpeaking
Visual Vision EbooksWriterLITE_e
Watchtower Library 2007 - English
Watermark Factory 2
Web Forum Reader 2.0
WebEx
Webshots Desktop
WebVideo Author
Wii Video 9 2.25
Windows Automation Macro Recorder 1.0
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live SkyDrive Upload Tool
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Mobile® Device Handbook
Windows XP Service Pack 3
WinLog Assist 2.1
WinUtilities 6.2
Wondershare Movie Story GAOTD Edition 4.5.0
Wondershare Photo Collage Studio 4.2.8
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Mail Advisor
Yahoo! Messenger
Yahoo! Toolbar
Yahoo! Widgets
ZipGenius 6 (6.0.3.1150)
Zortam Mp3 Player 1.50
Zwei-Stein Video Compositor 3.01 (Beta 2).
wordgirl
Active Member
 
Posts: 14
Joined: December 20th, 2008, 8:14 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 57 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware