Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

''Troj/Rustok-N' messages-hijackthis log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: ''Troj/Rustok-N' messages-hijackthis log

Unread postby bobgrem » May 7th, 2009, 11:57 am

Hi Dakeyras -

Thank you for your good advice and patience. :)

My computer is operating okay as far as I know. As you will see in the rsit file below I opened up 24G of space on C:

Thanks!
Bob

Logfile of random's system information tool 1.06 (written by random/random)
Run by Bob at 2009-05-07 11:52:17
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 24 GB (21%) free of 114 GB
Total RAM: 511 MB (32% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:52:32 AM, on 5/7/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\SysAgent\SysAgent.exe
C:\WINDOWS\system32\DeltTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\McAfee\MHN\McENUI.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\Program Files\ATT Internet Tools\blsloader.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Bob\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Bob.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.merlinman.blogspot.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
O2 - BHO: BlspcHlpr Class - {15C9938F-CB96-496D-800A-B827F2E34EA1} - C:\Program Files\ATT Internet Tools\blspc.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SysAgent] C:\SysAgent\SysAgent.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Auto EPSON Stylus CX4800 Series on A] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P36 "Auto EPSON Stylus CX4800 Series on A" /O30 "\\A\EPSON Stylus CX4800 Series" /M "Stylus CX4800"
O4 - HKLM\..\Run: [blspcloader] "C:\Program Files\ATT Internet Tools\blsloader.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\hcm.exe" -w
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5483.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 1661173984
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 1831980593
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 11619 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\RegCure.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15C9938F-CB96-496D-800A-B827F2E34EA1}]
BlspcHlpr Class - C:\Program Files\ATT Internet Tools\blspc.dll [2008-12-18 1433600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29}]
AT&&T Toolbar - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL [2008-05-15 1865544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2007-11-09 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-29 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-30 145424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-29 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-01 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-01 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-30 145424]
{4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - AT&&T Toolbar - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL [2008-05-15 1865544]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-29 259696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"=C:\WINDOWS\system32\Ati2mdxx.exe [2001-09-04 28672]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2002-09-25 290816]
"DVDSentry"=C:\WINDOWS\System32\DSentry.exe [2002-08-14 28672]
"AdaptecDirectCD"=C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [2003-06-10 684032]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2002-12-21 77824]
"SysAgent"=C:\SysAgent\SysAgent.exe [2001-09-14 814592]
"diagent"=C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe [2002-04-03 135264]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"DeltTray"=C:\WINDOWS\system32\DeltTray.exe [2004-08-26 56320]
"EPSON Stylus CX4800 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE [2005-02-01 98304]
"mmtask"=C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe [2006-01-17 53248]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-11-01 582992]
"McENUI"=C:\PROGRA~1\McAfee\MHN\McENUI.exe [2007-11-30 1164576]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"Auto EPSON Stylus CX4800 Series on A"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE [2005-02-01 98304]
"blspcloader"=C:\Program Files\ATT Internet Tools\blsloader.exe [2008-12-18 103760]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-02-28 198160]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-01 148888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"uoltray"=C:\Program Files\NetZero\exec.exe [2004-01-20 90384]
"spc_w"=C:\Program Files\NZSearch\hcm.exe [2004-05-13 258114]
"DellSupport"=C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-11-28 68856]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Microsoft Works Update Detection"=C:\Program Files\Microsoft Works\WkDetect.exe []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
Smart Wizard Wireless Settings.lnk - C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-04-10 144688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
scecli
scecli
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=36
"NoDriveAutoRun"=FFFFFFFF
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
""=
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.bat - edit - C:\I386\NOTEPAD.EXE %1
.cmd - edit - C:\I386\NOTEPAD.EXE %1
.ini - open - C:\I386\NOTEPAD.EXE %1
.js - edit - C:\I386\NOTEPAD.EXE %1
.reg - edit - C:\I386\NOTEPAD.EXE %1
.txt - open - C:\I386\NOTEPAD.EXE %1
.vbs - edit - C:\I386\NOTEPAD.EXE %1

======List of files/folders created in the last 1 months======

2009-05-07 11:45:36 ----D---- C:\WINDOWS\LastGood
2009-05-07 10:31:06 ----A---- C:\WINDOWS\prestopm.INI
2009-05-06 17:41:57 ----D---- C:\rsit
2009-05-06 09:29:09 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-04 21:44:26 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2009-05-04 21:33:35 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-05-04 21:29:34 ----D---- C:\WINDOWS\Prefetch
2009-05-04 20:23:27 ----N---- C:\WINDOWS\system32\xpsp2res.dll
2009-05-04 20:23:27 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-05-04 20:22:40 ----A---- C:\WINDOWS\system32\csrsrv.dll
2009-05-04 20:22:40 ----A---- C:\WINDOWS\system32\comdlg32.dll
2009-05-04 20:22:40 ----A---- C:\WINDOWS\system32\comctl32.dll
2009-05-04 20:22:40 ----A---- C:\WINDOWS\system32\cmd.exe
2009-05-04 20:22:40 ----A---- C:\WINDOWS\system32\cacls.exe
2009-05-04 20:22:40 ----A---- C:\WINDOWS\system32\autoconv.exe
2009-05-04 20:22:40 ----A---- C:\WINDOWS\system32\autochk.exe
2009-05-04 20:22:40 ----A---- C:\WINDOWS\system32\advapi32.dll
2009-05-04 20:22:39 ----A---- C:\WINDOWS\system32\lsasrv.dll
2009-05-04 20:22:39 ----A---- C:\WINDOWS\system32\locator.exe
2009-05-04 20:22:39 ----A---- C:\WINDOWS\system32\localspl.dll
2009-05-04 20:22:39 ----A---- C:\WINDOWS\system32\lmhsvc.dll
2009-05-04 20:22:39 ----A---- C:\WINDOWS\system32\kernel32.dll
2009-05-04 20:22:39 ----A---- C:\WINDOWS\system32\imagehlp.dll
2009-05-04 20:22:39 ----A---- C:\WINDOWS\system32\ftp.exe
2009-05-04 20:22:39 ----A---- C:\WINDOWS\system32\format.com
2009-05-04 20:22:39 ----A---- C:\WINDOWS\system32\dhcpcsvc.dll
2009-05-04 20:22:38 ----A---- C:\WINDOWS\system32\olecnv32.dll
2009-05-04 20:22:38 ----A---- C:\WINDOWS\system32\oleaut32.dll
2009-05-04 20:22:38 ----A---- C:\WINDOWS\system32\nwprovau.dll
2009-05-04 20:22:38 ----A---- C:\WINDOWS\system32\ntvdm.exe
2009-05-04 20:22:38 ----A---- C:\WINDOWS\system32\ntprint.dll
2009-05-04 20:22:38 ----A---- C:\WINDOWS\system32\ntlsapi.dll
2009-05-04 20:22:38 ----A---- C:\WINDOWS\system32\ntdll.dll
2009-05-04 20:22:38 ----A---- C:\WINDOWS\system32\nslookup.exe
2009-05-04 20:22:38 ----A---- C:\WINDOWS\system32\msv1_0.dll
2009-05-04 20:22:38 ----A---- C:\WINDOWS\system32\msgsvc.dll
2009-05-04 20:22:38 ----A---- C:\WINDOWS\system32\mgmtapi.dll
2009-05-04 20:22:37 ----A---- C:\WINDOWS\system32\samsrv.dll
2009-05-04 20:22:37 ----A---- C:\WINDOWS\system32\samlib.dll
2009-05-04 20:22:37 ----A---- C:\WINDOWS\system32\rshx32.dll
2009-05-04 20:22:37 ----A---- C:\WINDOWS\system32\rastapi.dll
2009-05-04 20:22:37 ----A---- C:\WINDOWS\system32\rasman.dll
2009-05-04 20:22:37 ----A---- C:\WINDOWS\system32\rasdlg.dll
2009-05-04 20:22:37 ----A---- C:\WINDOWS\system32\rasauto.dll
2009-05-04 20:22:37 ----A---- C:\WINDOWS\system32\rasapi32.dll
2009-05-04 20:22:37 ----A---- C:\WINDOWS\system32\printui.dll
2009-05-04 20:22:37 ----A---- C:\WINDOWS\system32\perfctrs.dll
2009-05-04 20:22:36 ----A---- C:\WINDOWS\system32\srvsvc.dll
2009-05-04 20:22:36 ----A---- C:\WINDOWS\system32\smss.exe
2009-05-04 20:22:36 ----A---- C:\WINDOWS\system32\setupapi.dll
2009-05-04 20:22:36 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-05-04 20:22:36 ----A---- C:\WINDOWS\system32\services.exe
2009-05-04 20:22:36 ----A---- C:\WINDOWS\system32\schannel.dll
2009-05-04 20:22:36 ----A---- C:\WINDOWS\system32\scardsvr.exe
2009-05-04 20:22:36 ----A---- C:\WINDOWS\system32\savedump.exe
2009-05-04 20:22:35 ----A---- C:\WINDOWS\system32\wkssvc.dll
2009-05-04 20:22:35 ----A---- C:\WINDOWS\system32\win32spl.dll
2009-05-04 20:22:35 ----A---- C:\WINDOWS\system32\userinit.exe
2009-05-04 20:22:35 ----A---- C:\WINDOWS\system32\untfs.dll
2009-05-04 20:22:35 ----A---- C:\WINDOWS\system32\ulib.dll
2009-05-04 20:22:35 ----A---- C:\WINDOWS\system32\tcpmonui.dll
2009-05-04 20:22:35 ----A---- C:\WINDOWS\system32\syssetup.dll
2009-05-04 20:22:21 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2009-05-04 20:22:21 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2009-05-04 20:22:21 ----A---- C:\WINDOWS\system32\hal.dll
2009-05-03 18:34:07 ----RASHD---- C:\autorun.inf
2009-05-03 13:59:39 ----SHD---- C:\RECYCLER
2009-05-02 01:13:12 ----A---- C:\kaspersky scan.txt
2009-05-01 18:47:18 ----A---- C:\WINDOWS\system32\javaws.exe
2009-05-01 18:47:18 ----A---- C:\WINDOWS\system32\javaw.exe
2009-05-01 18:47:18 ----A---- C:\WINDOWS\system32\java.exe
2009-05-01 18:47:18 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-05-01 18:46:47 ----D---- C:\Program Files\Java
2009-05-01 18:29:28 ----A---- C:\ComboFix.txt
2009-04-30 15:24:00 ----D---- C:\Documents and Settings\Bob\Application Data\Malwarebytes
2009-04-30 14:36:45 ----A---- C:\Boot.bak
2009-04-30 14:36:39 ----RASHD---- C:\cmdcons
2009-04-30 14:34:43 ----A---- C:\WINDOWS\zip.exe
2009-04-30 14:34:43 ----A---- C:\WINDOWS\vFind.exe
2009-04-30 14:34:43 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-04-30 14:34:43 ----A---- C:\WINDOWS\SWSC.exe
2009-04-30 14:34:43 ----A---- C:\WINDOWS\SWREG.exe
2009-04-30 14:34:43 ----A---- C:\WINDOWS\sed.exe
2009-04-30 14:34:43 ----A---- C:\WINDOWS\NIRCMD.exe
2009-04-30 14:34:43 ----A---- C:\WINDOWS\grep.exe
2009-04-30 14:32:32 ----D---- C:\WINDOWS\ERDNT
2009-04-30 14:32:06 ----D---- C:\Qoobox
2009-04-30 11:16:30 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-04-28 13:21:41 ----D---- C:\Program Files\Malware Avenger
2009-04-28 12:42:53 ----D---- C:\Program Files\Trend Micro
2009-04-28 11:12:35 ----D---- C:\Documents and Settings\Bob\Application Data\GetRightToGo
2009-04-27 21:32:21 ----D---- C:\WINDOWS\Sun
2009-04-27 21:32:19 ----D---- C:\Documents and Settings\Bob\Application Data\Sun
2009-04-27 17:54:36 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-04-27 17:54:35 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-04-26 19:45:44 ----D---- C:\iview
2009-04-23 00:29:33 ----D---- C:\WINDOWS\system32\Adobe
2009-04-17 12:52:39 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-16 23:58:54 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-16 23:53:54 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-16 23:53:36 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-16 23:53:00 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$

======List of files/folders modified in the last 1 months======

2009-05-07 11:52:21 ----D---- C:\WINDOWS\TEMP
2009-05-07 11:49:19 ----D---- C:\SysAgent
2009-05-07 11:47:13 ----D---- C:\Program Files\Mozilla Firefox
2009-05-07 11:45:56 ----HD---- C:\WINDOWS\INF
2009-05-07 11:45:42 ----D---- C:\WINDOWS\system32\DRIVERS
2009-05-07 11:45:42 ----D---- C:\WINDOWS\SYSTEM32
2009-05-07 11:45:39 ----D---- C:\WINDOWS\system32\CatRoot
2009-05-07 11:45:36 ----D---- C:\WINDOWS
2009-05-07 11:44:17 ----A---- C:\DebugLog.txt
2009-05-07 11:43:44 ----HD---- C:\Config.Msi
2009-05-07 11:39:13 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-07 11:36:36 ----RD---- C:\Program Files
2009-05-07 11:29:30 ----D---- C:\Program Files\Viewpoint
2009-05-07 11:24:04 ----D---- C:\Program Files\Dell
2009-05-07 11:22:04 ----SHD---- C:\WINDOWS\Installer
2009-05-07 11:22:04 ----D---- C:\Program Files\Real
2009-05-07 11:17:52 ----HD---- C:\Program Files\InstallShield Installation Information
2009-05-07 11:02:30 ----D---- C:\Program Files\Microsoft Office
2009-05-07 11:01:25 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-05-07 10:59:58 ----A---- C:\WINDOWS\jammerw.ini
2009-05-07 10:52:29 ----D---- C:\Program Files\NewSoft
2009-05-07 10:47:43 ----A---- C:\WINDOWS\JUNO.INI
2009-05-07 10:46:58 ----D---- C:\Program Files\Juno
2009-05-07 10:28:03 ----D---- C:\Program Files\Iomega
2009-05-07 10:27:09 ----RSD---- C:\WINDOWS\Fonts
2009-05-07 10:27:07 ----D---- C:\Psfonts
2009-05-07 10:27:07 ----D---- C:\Allegro 2001
2009-05-07 01:18:09 ----D---- C:\atemp
2009-05-06 21:07:32 ----A---- C:\WINDOWS\NeroDigital.ini
2009-05-06 14:55:36 ----D---- C:\Program Files\McAfee
2009-05-06 11:55:34 ----A---- C:\WINDOWS\ModemLog_Conexant HSF V92 56K RTAD Speakerphone PCI Modem.txt
2009-05-06 09:04:03 ----SD---- C:\Documents and Settings\Bob\Application Data\Microsoft
2009-05-06 08:55:16 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2009-05-04 23:04:13 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-05-04 21:50:34 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-05-04 21:44:36 ----SD---- C:\WINDOWS\Tasks
2009-05-04 21:28:30 ----D---- C:\WINDOWS\system32\WBEM
2009-05-04 21:28:30 ----D---- C:\WINDOWS\AppPatch
2009-05-04 21:28:24 ----D---- C:\Program Files\Messenger
2009-05-04 21:15:30 ----D---- C:\WINDOWS\SECURITY
2009-05-04 21:13:33 ----D---- C:\WINDOWS\ServicePackFiles
2009-05-04 21:08:44 ----D---- C:\WINDOWS\WinSxS
2009-05-04 21:08:34 ----D---- C:\WINDOWS\system32\Setup
2009-05-04 21:07:19 ----D---- C:\WINDOWS\IME
2009-05-04 21:07:18 ----D---- C:\WINDOWS\Help
2009-05-04 21:07:00 ----D---- C:\Program Files\Windows NT
2009-05-04 21:07:00 ----D---- C:\Program Files\Windows Media Player
2009-05-04 21:06:59 ----D---- C:\Program Files\Outlook Express
2009-05-04 21:06:58 ----D---- C:\Program Files\NetMeeting
2009-05-04 21:06:56 ----D---- C:\Program Files\Movie Maker
2009-05-04 21:06:40 ----D---- C:\Program Files\Common Files\System
2009-05-04 21:05:58 ----D---- C:\WINDOWS\system32\USMT
2009-05-04 21:05:58 ----D---- C:\WINDOWS\system32\scripting
2009-05-04 21:05:58 ----D---- C:\WINDOWS\system32\en
2009-05-04 21:05:54 ----D---- C:\WINDOWS\network diagnostic
2009-05-04 21:05:54 ----D---- C:\WINDOWS\l2schemas
2009-05-04 20:32:25 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-05-04 20:31:42 ----D---- C:\WINDOWS\system32\en-us
2009-05-04 20:26:21 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-05-04 20:21:37 ----D---- C:\WINDOWS\EHome
2009-05-02 01:26:16 ----D---- C:\WINDOWS\Minidump
2009-05-01 18:37:05 ----D---- C:\Program Files\Common Files
2009-05-01 18:26:20 ----A---- C:\WINDOWS\system.ini
2009-05-01 18:16:02 ----D---- C:\Documents and Settings\Bob\Application Data\DNA
2009-05-01 17:21:52 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-05-01 17:02:16 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-05-01 17:02:02 ----D---- C:\Program Files\Lavasoft
2009-05-01 10:18:40 ----D---- C:\Documents and Settings\All Users\Application Data\ATTToolbar
2009-04-30 15:01:21 ----D---- C:\WINDOWS\system32\CONFIG
2009-04-30 14:36:45 ----RASH---- C:\BOOT.INI
2009-04-28 12:37:07 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-27 20:24:14 ----D---- C:\Program Files\Cakewalk
2009-04-27 20:24:09 ----D---- C:\Documents and Settings\All Users\Application Data\Cakewalk
2009-04-27 20:24:09 ----D---- C:\Cakewalk Projects
2009-04-27 19:47:12 ----D---- C:\Program Files\Windows Live Safety Center
2009-04-26 19:07:43 ----D---- C:\Documents and Settings\Bob\Application Data\BitTorrent
2009-04-22 19:19:10 ----D---- C:\Documents and Settings\Bob\Application Data\Adobe
2009-04-21 02:51:16 ----D---- C:\Program Files\Adobe
2009-04-21 02:51:14 ----D---- C:\Program Files\Common Files\Adobe
2009-04-17 12:51:49 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-16 23:58:36 ----D---- C:\Program Files\Internet Explorer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2008-01-30 44288]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2003-06-10 23436]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2003-06-10 241280]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-11-22 201320]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-07-13 113952]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2002-10-15 17153]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2003-06-10 144250]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2003-06-10 206464]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-02-01 20747]
R2 ASPI32;ASPI32; C:\WINDOWS\System32\drivers\aspi32.sys [2002-05-06 16512]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 Fallback;Fallback; C:\WINDOWS\System32\DRIVERS\HSF_FALL.sys [2001-08-17 289887]
R2 Fsks;Fsks; C:\WINDOWS\System32\DRIVERS\HSF_FSKS.sys [2001-08-17 115807]
R2 K56;K56; C:\WINDOWS\System32\DRIVERS\HSF_K56K.sys [2001-08-17 391199]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2001-10-22 9855]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [2004-08-04 88448]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [2002-08-29 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [2002-08-29 55936]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\System32\PfModNT.sys []
R2 SoftFax;SoftFax; C:\WINDOWS\System32\DRIVERS\HSF_FAXX.sys [2001-08-17 199711]
R2 SpeakerPhone;SpeakerPhone; C:\WINDOWS\System32\DRIVERS\HSF_SPKP.sys [2001-08-17 73279]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R2 Tones;Tones; C:\WINDOWS\System32\DRIVERS\HSF_TONE.sys [2001-08-17 50751]
R2 V124;V124; C:\WINDOWS\System32\DRIVERS\HSF_V124.sys [2001-08-17 488383]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2002-09-25 531584]
R3 AtlsAud;Dell Movie Studio Audio Device; C:\WINDOWS\system32\drivers\AtlsAud.sys [2002-10-11 25600]
R3 DELTA;Service for Delta Driver (WDM); C:\WINDOWS\system32\DRIVERS\delta.sys [2004-09-10 291456]
R3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
R3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2003-06-10 25930]
R3 EMATCORE;Dell Movie Studio Video Device; C:\WINDOWS\System32\Drivers\AtlsVid.sys [2002-10-11 207936]
R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2002-06-30 1172416]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys [2002-06-30 167155]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-11-22 79304]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-11-22 35240]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2007-12-02 40488]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248]
R3 RT73;Belkin USB Network Adapter; C:\WINDOWS\system32\DRIVERS\rt73.sys [2005-08-03 232192]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2002-06-30 594832]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2004-08-04 42496]
S3 basic2;basic2; C:\WINDOWS\System32\DRIVERS\HSF_BSC2.sys [2001-08-17 67167]
S3 Bridge;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2004-08-04 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2004-08-04 71552]
S3 BWU713_A02;Blitzz Wireless G USB Controller; C:\WINDOWS\System32\DRIVERS\BWU713.sys [2004-03-02 340096]
S3 catchme;catchme; \??\C:\DOCUME~1\Bob\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2002-04-30 139776]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 hsf_msft;hsf_msft; C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys [2001-08-17 542879]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-04 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-04 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-04 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-04 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-04 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-04 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-04 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-04 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-04 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-04 23615]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2007-11-22 33832]
S3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2003-06-10 30662]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 nm;Network Monitor Driver; C:\WINDOWS\System32\DRIVERS\NMnt.sys [2004-08-04 40320]
S3 NMSCFG;NIC Management Service Configuration Driver; \??\C:\WINDOWS\system32\drivers\NMSCFG.SYS []
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 P16X;Creative SB Live! Series (WDM); C:\WINDOWS\system32\drivers\P16X.sys [2002-08-30 1293440]
S3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCTINDIS5.SYS []
S3 Rksample;Rksample; C:\WINDOWS\System32\DRIVERS\HSF_SAMP.sys [2001-08-17 57471]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys []
S3 wg111nd5;NETGEAR WG111 802.11g Wireless USB Adapter Driver; C:\WINDOWS\system32\DRIVERS\wg111nd5.sys [2004-03-03 339776]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS); C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys []
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2004-08-04 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2004-08-04 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2004-08-04 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2004-08-04 41088]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2004-08-04 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2002-09-25 147456]
R2 Belkin Wireless USB Network Adapter Service;Belkin Wireless USB Network Adapter; C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe [2004-03-29 49152]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [1999-12-13 44032]
R2 Iomega App Services;Iomega App Services; C:\PROGRA~1\Iomega\System32\AppServices.exe [2002-09-04 73728]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-01 152984]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-01-23 203280]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
R2 NwSapAgent;SAP Agent; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2000-06-26 53520]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]
S2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-29 182768]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184]
S3 NMSSvc;Intel(R) NMS; C:\WINDOWS\System32\NMSSvc.exe [2002-05-03 1118208]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 Iomega Activity Disk2;Iomega Activity Disk2; []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------
bobgrem
Regular Member
 
Posts: 37
Joined: April 28th, 2009, 12:53 pm
Advertisement
Register to Remove

Re: ''Troj/Rustok-N' messages-hijackthis log

Unread postby Dakeyras » May 7th, 2009, 5:36 pm

Hi :)

Thank you for your good advice and patience. :)
You are very welcome!

My computer is operating okay as far as I know. As you will see in the rsit file below I opened up 24G of space on C:
A vast improvement on the original 2% :thumbup:

Next:

Please re-open HiJackThis and select Scan. Check the boxes next to all the entries listed below (if present):

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Now click on Fix Checked. Close HiJackThis.

Note: No need to Reboot(restart) your computer at this stage, it will be automatically after the below OTMoveIt3 Script.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.
  • Please go here and download ERUNT.
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup to install ERUNT by following the prompts.
  • Use the default install settings but say no to the portion that asks you to add ERUNT to the Start-Up folder. You can enable this option later if you wish.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.

Fix Policies:

Please Fix Policies download to your Desktop. This is a self-extracting ZIP archive.

  • Double-click FixPolicies.exe.
  • Click the "Install" button on the bottom toolbar of the box that will open.
  • The program will create a new Folder called [FixPolicies.
  • Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd.
  • A black box should briefly appear and then close.

Repair File Extensions:

Download SREng (System Repair Engineer 2.7.1.1261)

  • Extract it to Desktop and double click on SREng.exe to run it.
  • Select System Repair from the left pane.
  • Click on File Association
  • Select all entries that has an Error status click [Repair]
  • Refer to this image for an example:

    Image
  • Close SREng now.

Next:

Please download OTMoveIT3 to your Desktop.
  • Double-click OTMoveIt3.exe to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + B (or, after highlighting, right-click and choose Copy):
Code: Select all
:Processes
Explorer.EXE

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00 
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

:Files
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\RegCure.job
C:\Program Files\Lavasoft
C:\Documents and Settings\All Users\Application Data\Lavasoft
C:\Documents and Settings\Bob\Application Data\BitTorrent

:Commands
[Purity]
[EmptyTemp]
[Start Explorer]
[Reboot]
  • Return to OTMoveIt3, right-click in the "Paste instructions for items to be moved" window (under the yellow bar) and choose Paste
  • Then click the red MoveIt! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of it and pressing CTRL + C (or, after highlighting, right-click and choose Copy), and paste it into your next response.
  • If OTMoveIt asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
  • Close OTMoveIt3.

Malwarebytes Anti-Malware:

  • Launch the application, Check for Updates >> Perform a Quick Scan
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.

Next:

Please make sure that RSIT.exe is still on the Desktop.(if not inform myself straight away please)

  • Double click once on RSIT.exe
  • RSIT will start running, at the disclaimer click on Continue.
  • When done, 1 log will be produced.
  • Post that in your next reply.

When completed the above, please post back the following:

  • Inform myself how your computer is running. Any problems encountered and or further symptoms?
  • Malwarebytes Anti-Malware Log.
  • A new RSIT Log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: ''Troj/Rustok-N' messages-hijackthis log

Unread postby bobgrem » May 7th, 2009, 7:59 pm

Hi Dakeyras -

The computer seems to be operating fine. :)

I followed your instructions and the various logs are below.

Thank you!
Bob

OTMoveIt3 results:
File delete failed. C:\Documents and Settings\Bob\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Bob\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\mcmsc_9NjguGjpY6V4ur1 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_lgLOz1McRhujk34 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_ZAaY87cDXypmMLP scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_1bc.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_xmBCNMuk3J8fwbJ scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_Y8Ryu1wnJHDuzDg scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_zeWhWPgLdMf5MRS scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\WFV1.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Bob\Local Settings\Application Data\Mozilla\Firefox\Profiles\jcnxm3kk.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Bob\Local Settings\Application Data\Mozilla\Firefox\Profiles\jcnxm3kk.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Bob\Local Settings\Application Data\Mozilla\Firefox\Profiles\jcnxm3kk.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Bob\Local Settings\Application Data\Mozilla\Firefox\Profiles\jcnxm3kk.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Bob\Local Settings\Application Data\Mozilla\Firefox\Profiles\jcnxm3kk.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Bob\Local Settings\Application Data\Mozilla\Firefox\Profiles\jcnxm3kk.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05072009_183253


OTMoveIt3 log after reboot:
========== PROCESSES ==========
Process Explorer.EXE killed successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\"Notification Packages"|hex(7):73,63,65,63,6c,69,00,00 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys\\ deleted successfully.
========== FILES ==========
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job moved successfully.
C:\WINDOWS\tasks\RegCure.job moved successfully.
C:\Program Files\Lavasoft\Ad-aware 6\Quarantine moved successfully.
C:\Program Files\Lavasoft\Ad-aware 6\Logs moved successfully.
C:\Program Files\Lavasoft\Ad-aware 6 moved successfully.
C:\Program Files\Lavasoft moved successfully.
C:\Documents and Settings\All Users\Application Data\Lavasoft\MiniMessage moved successfully.
C:\Documents and Settings\All Users\Application Data\Lavasoft\License moved successfully.
C:\Documents and Settings\All Users\Application Data\Lavasoft moved successfully.
C:\Documents and Settings\Bob\Application Data\BitTorrent moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Bob\LOCALS~1\Temp\etilqs_e7QRjxXyvX1psM8jgo7t scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Bob\LOCALS~1\Temp\~DF85A4.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Bob\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Bob\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\mcmsc_9NjguGjpY6V4ur1 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_lgLOz1McRhujk34 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_ZAaY87cDXypmMLP scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_1bc.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_xmBCNMuk3J8fwbJ scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_Y8Ryu1wnJHDuzDg scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_zeWhWPgLdMf5MRS scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\WFV1.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Bob\Local Settings\Application Data\Mozilla\Firefox\Profiles\jcnxm3kk.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Bob\Local Settings\Application Data\Mozilla\Firefox\Profiles\jcnxm3kk.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Bob\Local Settings\Application Data\Mozilla\Firefox\Profiles\jcnxm3kk.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Bob\Local Settings\Application Data\Mozilla\Firefox\Profiles\jcnxm3kk.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Bob\Local Settings\Application Data\Mozilla\Firefox\Profiles\jcnxm3kk.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Bob\Local Settings\Application Data\Mozilla\Firefox\Profiles\jcnxm3kk.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05072009_183253

Files moved on Reboot...
File C:\DOCUME~1\Bob\LOCALS~1\Temp\etilqs_e7QRjxXyvX1psM8jgo7t not found!
C:\DOCUME~1\Bob\LOCALS~1\Temp\~DF85A4.tmp moved successfully.
C:\Documents and Settings\Bob\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat moved successfully.
File C:\WINDOWS\temp\mcmsc_9NjguGjpY6V4ur1 not found!
File C:\WINDOWS\temp\mcmsc_lgLOz1McRhujk34 not found!
File C:\WINDOWS\temp\mcmsc_ZAaY87cDXypmMLP not found!
File C:\WINDOWS\temp\Perflib_Perfdata_1bc.dat not found!
C:\WINDOWS\temp\sqlite_xmBCNMuk3J8fwbJ moved successfully.
C:\WINDOWS\temp\sqlite_Y8Ryu1wnJHDuzDg moved successfully.
C:\WINDOWS\temp\sqlite_zeWhWPgLdMf5MRS moved successfully.
File move failed. C:\WINDOWS\temp\WFV1.tmp scheduled to be moved on reboot.
C:\Documents and Settings\Bob\Local Settings\Application Data\Mozilla\Firefox\Profiles\jcnxm3kk.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Bob\Local Settings\Application Data\Mozilla\Firefox\Profiles\jcnxm3kk.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Bob\Local Settings\Application Data\Mozilla\Firefox\Profiles\jcnxm3kk.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Bob\Local Settings\Application Data\Mozilla\Firefox\Profiles\jcnxm3kk.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Bob\Local Settings\Application Data\Mozilla\Firefox\Profiles\jcnxm3kk.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Bob\Local Settings\Application Data\Mozilla\Firefox\Profiles\jcnxm3kk.default\XUL.mfl moved successfully.


Malwarebytes log:
Malwarebytes' Anti-Malware 1.36
Database version: 2090
Windows 5.1.2600 Service Pack 2

5/7/2009 7:52:12 PM
mbam-log-2009-05-07 (19-52-12).txt

Scan type: Quick Scan
Objects scanned: 102065
Time elapsed: 22 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


rsit log:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Bob at 2009-05-07 19:54:32
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 25 GB (21%) free of 114 GB
Total RAM: 511 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:54:52 PM, on 5/7/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\DeltTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\PROGRA~1\McAfee\MHN\McENUI.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\Program Files\ATT Internet Tools\blsloader.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111.exe
C:\Program Files\Microsoft Works\MSWorks.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Bob\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Bob.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.merlinman.blogspot.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
O2 - BHO: BlspcHlpr Class - {15C9938F-CB96-496D-800A-B827F2E34EA1} - C:\Program Files\ATT Internet Tools\blspc.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SysAgent] C:\SysAgent\SysAgent.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Auto EPSON Stylus CX4800 Series on A] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P36 "Auto EPSON Stylus CX4800 Series on A" /O30 "\\A\EPSON Stylus CX4800 Series" /M "Stylus CX4800"
O4 - HKLM\..\Run: [blspcloader] "C:\Program Files\ATT Internet Tools\blsloader.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\hcm.exe" -w
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5483.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 1661173984
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 1831980593
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 11575 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15C9938F-CB96-496D-800A-B827F2E34EA1}]
BlspcHlpr Class - C:\Program Files\ATT Internet Tools\blspc.dll [2008-12-18 1433600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29}]
AT&&T Toolbar - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL [2008-05-15 1865544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2007-11-09 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-29 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-30 145424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-29 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-01 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-01 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-30 145424]
{4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - AT&&T Toolbar - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL [2008-05-15 1865544]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-29 259696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"=C:\WINDOWS\system32\Ati2mdxx.exe [2001-09-04 28672]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2002-09-25 290816]
"DVDSentry"=C:\WINDOWS\System32\DSentry.exe [2002-08-14 28672]
"AdaptecDirectCD"=C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [2003-06-10 684032]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2002-12-21 77824]
"SysAgent"=C:\SysAgent\SysAgent.exe [2001-09-14 814592]
"diagent"=C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe [2002-04-03 135264]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"DeltTray"=C:\WINDOWS\system32\DeltTray.exe [2004-08-26 56320]
"EPSON Stylus CX4800 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE [2005-02-01 98304]
"mmtask"=C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe [2006-01-17 53248]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-11-01 582992]
"McENUI"=C:\PROGRA~1\McAfee\MHN\McENUI.exe [2007-11-30 1164576]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"Auto EPSON Stylus CX4800 Series on A"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE [2005-02-01 98304]
"blspcloader"=C:\Program Files\ATT Internet Tools\blsloader.exe [2008-12-18 103760]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-02-28 198160]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-01 148888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"uoltray"=C:\Program Files\NetZero\exec.exe [2004-01-20 90384]
"spc_w"=C:\Program Files\NZSearch\hcm.exe [2004-05-13 258114]
"DellSupport"=C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-11-28 68856]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Microsoft Works Update Detection"=C:\Program Files\Microsoft Works\WkDetect.exe []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
Smart Wizard Wireless Settings.lnk - C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-04-10 144688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=FFFFFFFF
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
""=
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.bat - edit - C:\I386\NOTEPAD.EXE %1
.cmd - edit - C:\I386\NOTEPAD.EXE %1
.js - edit - C:\I386\NOTEPAD.EXE %1
.reg - edit - C:\I386\NOTEPAD.EXE %1
.vbs - edit - C:\I386\NOTEPAD.EXE %1

======List of files/folders created in the last 1 months======

2009-05-07 18:32:53 ----D---- C:\_OTMoveIt
2009-05-07 18:10:23 ----D---- C:\Program Files\ERUNT
2009-05-07 10:31:06 ----A---- C:\WINDOWS\prestopm.INI
2009-05-06 17:41:57 ----D---- C:\rsit
2009-05-06 09:29:09 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-04 21:44:26 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2009-05-04 21:33:35 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-05-04 21:29:34 ----D---- C:\WINDOWS\Prefetch
2009-05-04 20:23:27 ----N---- C:\WINDOWS\system32\xpsp2res.dll
2009-05-04 20:23:27 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-05-04 20:22:40 ----A---- C:\WINDOWS\system32\csrsrv.dll
2009-05-04 20:22:40 ----A---- C:\WINDOWS\system32\comdlg32.dll
2009-05-04 20:22:40 ----A---- C:\WINDOWS\system32\comctl32.dll
2009-05-04 20:22:40 ----A---- C:\WINDOWS\system32\cmd.exe
2009-05-04 20:22:40 ----A---- C:\WINDOWS\system32\cacls.exe
2009-05-04 20:22:40 ----A---- C:\WINDOWS\system32\autoconv.exe
2009-05-04 20:22:40 ----A---- C:\WINDOWS\system32\autochk.exe
2009-05-04 20:22:40 ----A---- C:\WINDOWS\system32\advapi32.dll
2009-05-04 20:22:39 ----A---- C:\WINDOWS\system32\lsasrv.dll
2009-05-04 20:22:39 ----A---- C:\WINDOWS\system32\locator.exe
2009-05-04 20:22:39 ----A---- C:\WINDOWS\system32\localspl.dll
2009-05-04 20:22:39 ----A---- C:\WINDOWS\system32\lmhsvc.dll
2009-05-04 20:22:39 ----A---- C:\WINDOWS\system32\kernel32.dll
2009-05-04 20:22:39 ----A---- C:\WINDOWS\system32\imagehlp.dll
2009-05-04 20:22:39 ----A---- C:\WINDOWS\system32\ftp.exe
2009-05-04 20:22:39 ----A---- C:\WINDOWS\system32\format.com
2009-05-04 20:22:39 ----A---- C:\WINDOWS\system32\dhcpcsvc.dll
2009-05-04 20:22:38 ----A---- C:\WINDOWS\system32\olecnv32.dll
2009-05-04 20:22:38 ----A---- C:\WINDOWS\system32\oleaut32.dll
2009-05-04 20:22:38 ----A---- C:\WINDOWS\system32\nwprovau.dll
2009-05-04 20:22:38 ----A---- C:\WINDOWS\system32\ntvdm.exe
2009-05-04 20:22:38 ----A---- C:\WINDOWS\system32\ntprint.dll
2009-05-04 20:22:38 ----A---- C:\WINDOWS\system32\ntlsapi.dll
2009-05-04 20:22:38 ----A---- C:\WINDOWS\system32\ntdll.dll
2009-05-04 20:22:38 ----A---- C:\WINDOWS\system32\nslookup.exe
2009-05-04 20:22:38 ----A---- C:\WINDOWS\system32\msv1_0.dll
2009-05-04 20:22:38 ----A---- C:\WINDOWS\system32\msgsvc.dll
2009-05-04 20:22:38 ----A---- C:\WINDOWS\system32\mgmtapi.dll
2009-05-04 20:22:37 ----A---- C:\WINDOWS\system32\samsrv.dll
2009-05-04 20:22:37 ----A---- C:\WINDOWS\system32\samlib.dll
2009-05-04 20:22:37 ----A---- C:\WINDOWS\system32\rshx32.dll
2009-05-04 20:22:37 ----A---- C:\WINDOWS\system32\rastapi.dll
2009-05-04 20:22:37 ----A---- C:\WINDOWS\system32\rasman.dll
2009-05-04 20:22:37 ----A---- C:\WINDOWS\system32\rasdlg.dll
2009-05-04 20:22:37 ----A---- C:\WINDOWS\system32\rasauto.dll
2009-05-04 20:22:37 ----A---- C:\WINDOWS\system32\rasapi32.dll
2009-05-04 20:22:37 ----A---- C:\WINDOWS\system32\printui.dll
2009-05-04 20:22:37 ----A---- C:\WINDOWS\system32\perfctrs.dll
2009-05-04 20:22:36 ----A---- C:\WINDOWS\system32\srvsvc.dll
2009-05-04 20:22:36 ----A---- C:\WINDOWS\system32\smss.exe
2009-05-04 20:22:36 ----A---- C:\WINDOWS\system32\setupapi.dll
2009-05-04 20:22:36 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-05-04 20:22:36 ----A---- C:\WINDOWS\system32\services.exe
2009-05-04 20:22:36 ----A---- C:\WINDOWS\system32\schannel.dll
2009-05-04 20:22:36 ----A---- C:\WINDOWS\system32\scardsvr.exe
2009-05-04 20:22:36 ----A---- C:\WINDOWS\system32\savedump.exe
2009-05-04 20:22:35 ----A---- C:\WINDOWS\system32\wkssvc.dll
2009-05-04 20:22:35 ----A---- C:\WINDOWS\system32\win32spl.dll
2009-05-04 20:22:35 ----A---- C:\WINDOWS\system32\userinit.exe
2009-05-04 20:22:35 ----A---- C:\WINDOWS\system32\untfs.dll
2009-05-04 20:22:35 ----A---- C:\WINDOWS\system32\ulib.dll
2009-05-04 20:22:35 ----A---- C:\WINDOWS\system32\tcpmonui.dll
2009-05-04 20:22:35 ----A---- C:\WINDOWS\system32\syssetup.dll
2009-05-04 20:22:21 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2009-05-04 20:22:21 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2009-05-04 20:22:21 ----A---- C:\WINDOWS\system32\hal.dll
2009-05-03 18:34:07 ----RASHD---- C:\autorun.inf
2009-05-03 13:59:39 ----SHD---- C:\RECYCLER
2009-05-02 01:13:12 ----A---- C:\kaspersky scan.txt
2009-05-01 18:47:18 ----A---- C:\WINDOWS\system32\javaws.exe
2009-05-01 18:47:18 ----A---- C:\WINDOWS\system32\javaw.exe
2009-05-01 18:47:18 ----A---- C:\WINDOWS\system32\java.exe
2009-05-01 18:47:18 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-05-01 18:46:47 ----D---- C:\Program Files\Java
2009-05-01 18:29:28 ----A---- C:\ComboFix.txt
2009-04-30 15:24:00 ----D---- C:\Documents and Settings\Bob\Application Data\Malwarebytes
2009-04-30 14:36:45 ----A---- C:\Boot.bak
2009-04-30 14:36:39 ----RASHD---- C:\cmdcons
2009-04-30 14:34:43 ----A---- C:\WINDOWS\zip.exe
2009-04-30 14:34:43 ----A---- C:\WINDOWS\vFind.exe
2009-04-30 14:34:43 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-04-30 14:34:43 ----A---- C:\WINDOWS\SWSC.exe
2009-04-30 14:34:43 ----A---- C:\WINDOWS\SWREG.exe
2009-04-30 14:34:43 ----A---- C:\WINDOWS\sed.exe
2009-04-30 14:34:43 ----A---- C:\WINDOWS\NIRCMD.exe
2009-04-30 14:34:43 ----A---- C:\WINDOWS\grep.exe
2009-04-30 14:32:32 ----D---- C:\WINDOWS\ERDNT
2009-04-30 14:32:06 ----D---- C:\Qoobox
2009-04-30 11:16:30 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-04-28 13:21:41 ----D---- C:\Program Files\Malware Avenger
2009-04-28 12:42:53 ----D---- C:\Program Files\Trend Micro
2009-04-28 11:12:35 ----D---- C:\Documents and Settings\Bob\Application Data\GetRightToGo
2009-04-27 21:32:21 ----D---- C:\WINDOWS\Sun
2009-04-27 21:32:19 ----D---- C:\Documents and Settings\Bob\Application Data\Sun
2009-04-27 17:54:36 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-04-27 17:54:35 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-04-26 19:45:44 ----D---- C:\iview
2009-04-23 00:29:33 ----D---- C:\WINDOWS\system32\Adobe
2009-04-17 12:52:39 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-16 23:58:54 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-16 23:53:54 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-16 23:53:36 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-16 23:53:00 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$

======List of files/folders modified in the last 1 months======

2009-05-07 19:54:39 ----D---- C:\WINDOWS\TEMP
2009-05-07 19:51:53 ----D---- C:\SysAgent
2009-05-07 18:50:14 ----D---- C:\Program Files\Mozilla Firefox
2009-05-07 18:46:54 ----A---- C:\DebugLog.txt
2009-05-07 18:44:52 ----D---- C:\WINDOWS
2009-05-07 18:42:21 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-07 18:32:54 ----RD---- C:\Program Files
2009-05-07 18:32:53 ----SD---- C:\WINDOWS\Tasks
2009-05-07 11:47:15 ----D---- C:\WINDOWS\system32\CatRoot
2009-05-07 11:45:56 ----HD---- C:\WINDOWS\INF
2009-05-07 11:45:42 ----D---- C:\WINDOWS\system32\DRIVERS
2009-05-07 11:45:42 ----D---- C:\WINDOWS\SYSTEM32
2009-05-07 11:43:44 ----HD---- C:\Config.Msi
2009-05-07 11:29:30 ----D---- C:\Program Files\Viewpoint
2009-05-07 11:24:04 ----D---- C:\Program Files\Dell
2009-05-07 11:22:04 ----SHD---- C:\WINDOWS\Installer
2009-05-07 11:22:04 ----D---- C:\Program Files\Real
2009-05-07 11:17:52 ----HD---- C:\Program Files\InstallShield Installation Information
2009-05-07 11:02:30 ----D---- C:\Program Files\Microsoft Office
2009-05-07 11:01:25 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-05-07 10:59:58 ----A---- C:\WINDOWS\jammerw.ini
2009-05-07 10:52:29 ----D---- C:\Program Files\NewSoft
2009-05-07 10:47:43 ----A---- C:\WINDOWS\JUNO.INI
2009-05-07 10:46:58 ----D---- C:\Program Files\Juno
2009-05-07 10:28:03 ----D---- C:\Program Files\Iomega
2009-05-07 10:27:09 ----RSD---- C:\WINDOWS\Fonts
2009-05-07 10:27:07 ----D---- C:\Psfonts
2009-05-07 10:27:07 ----D---- C:\Allegro 2001
2009-05-07 01:18:09 ----D---- C:\atemp
2009-05-06 21:07:32 ----A---- C:\WINDOWS\NeroDigital.ini
2009-05-06 14:55:36 ----D---- C:\Program Files\McAfee
2009-05-06 11:55:34 ----A---- C:\WINDOWS\ModemLog_Conexant HSF V92 56K RTAD Speakerphone PCI Modem.txt
2009-05-06 09:04:03 ----SD---- C:\Documents and Settings\Bob\Application Data\Microsoft
2009-05-06 08:55:16 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2009-05-04 23:04:13 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-05-04 21:50:34 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-05-04 21:28:30 ----D---- C:\WINDOWS\system32\WBEM
2009-05-04 21:28:30 ----D---- C:\WINDOWS\AppPatch
2009-05-04 21:28:24 ----D---- C:\Program Files\Messenger
2009-05-04 21:15:30 ----D---- C:\WINDOWS\SECURITY
2009-05-04 21:13:33 ----D---- C:\WINDOWS\ServicePackFiles
2009-05-04 21:08:44 ----D---- C:\WINDOWS\WinSxS
2009-05-04 21:08:34 ----D---- C:\WINDOWS\system32\Setup
2009-05-04 21:07:19 ----D---- C:\WINDOWS\IME
2009-05-04 21:07:18 ----D---- C:\WINDOWS\Help
2009-05-04 21:07:00 ----D---- C:\Program Files\Windows NT
2009-05-04 21:07:00 ----D---- C:\Program Files\Windows Media Player
2009-05-04 21:06:59 ----D---- C:\Program Files\Outlook Express
2009-05-04 21:06:58 ----D---- C:\Program Files\NetMeeting
2009-05-04 21:06:56 ----D---- C:\Program Files\Movie Maker
2009-05-04 21:06:40 ----D---- C:\Program Files\Common Files\System
2009-05-04 21:05:58 ----D---- C:\WINDOWS\system32\USMT
2009-05-04 21:05:58 ----D---- C:\WINDOWS\system32\scripting
2009-05-04 21:05:58 ----D---- C:\WINDOWS\system32\en
2009-05-04 21:05:54 ----D---- C:\WINDOWS\network diagnostic
2009-05-04 21:05:54 ----D---- C:\WINDOWS\l2schemas
2009-05-04 20:32:25 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-05-04 20:31:42 ----D---- C:\WINDOWS\system32\en-us
2009-05-04 20:26:21 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-05-04 20:21:37 ----D---- C:\WINDOWS\EHome
2009-05-02 01:26:16 ----D---- C:\WINDOWS\Minidump
2009-05-01 18:37:05 ----D---- C:\Program Files\Common Files
2009-05-01 18:26:20 ----A---- C:\WINDOWS\system.ini
2009-05-01 18:16:02 ----D---- C:\Documents and Settings\Bob\Application Data\DNA
2009-05-01 17:21:52 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-05-01 10:18:40 ----D---- C:\Documents and Settings\All Users\Application Data\ATTToolbar
2009-04-30 15:01:21 ----D---- C:\WINDOWS\system32\CONFIG
2009-04-30 14:36:45 ----RASH---- C:\BOOT.INI
2009-04-28 12:37:07 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-27 20:24:14 ----D---- C:\Program Files\Cakewalk
2009-04-27 20:24:09 ----D---- C:\Documents and Settings\All Users\Application Data\Cakewalk
2009-04-27 20:24:09 ----D---- C:\Cakewalk Projects
2009-04-27 19:47:12 ----D---- C:\Program Files\Windows Live Safety Center
2009-04-22 19:19:10 ----D---- C:\Documents and Settings\Bob\Application Data\Adobe
2009-04-21 02:51:16 ----D---- C:\Program Files\Adobe
2009-04-21 02:51:14 ----D---- C:\Program Files\Common Files\Adobe
2009-04-17 12:51:49 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-16 23:58:36 ----D---- C:\Program Files\Internet Explorer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2008-01-30 44288]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2003-06-10 23436]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2003-06-10 241280]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-11-22 201320]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-07-13 113952]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2002-10-15 17153]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2003-06-10 144250]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2003-06-10 206464]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-02-01 20747]
R2 ASPI32;ASPI32; C:\WINDOWS\System32\drivers\aspi32.sys [2002-05-06 16512]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 Fallback;Fallback; C:\WINDOWS\System32\DRIVERS\HSF_FALL.sys [2001-08-17 289887]
R2 Fsks;Fsks; C:\WINDOWS\System32\DRIVERS\HSF_FSKS.sys [2001-08-17 115807]
R2 K56;K56; C:\WINDOWS\System32\DRIVERS\HSF_K56K.sys [2001-08-17 391199]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2001-10-22 9855]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [2004-08-04 88448]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [2002-08-29 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [2002-08-29 55936]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\System32\PfModNT.sys []
R2 SoftFax;SoftFax; C:\WINDOWS\System32\DRIVERS\HSF_FAXX.sys [2001-08-17 199711]
R2 SpeakerPhone;SpeakerPhone; C:\WINDOWS\System32\DRIVERS\HSF_SPKP.sys [2001-08-17 73279]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R2 Tones;Tones; C:\WINDOWS\System32\DRIVERS\HSF_TONE.sys [2001-08-17 50751]
R2 V124;V124; C:\WINDOWS\System32\DRIVERS\HSF_V124.sys [2001-08-17 488383]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2002-09-25 531584]
R3 AtlsAud;Dell Movie Studio Audio Device; C:\WINDOWS\system32\drivers\AtlsAud.sys [2002-10-11 25600]
R3 DELTA;Service for Delta Driver (WDM); C:\WINDOWS\system32\DRIVERS\delta.sys [2004-09-10 291456]
R3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
R3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2003-06-10 25930]
R3 EMATCORE;Dell Movie Studio Video Device; C:\WINDOWS\System32\Drivers\AtlsVid.sys [2002-10-11 207936]
R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2002-06-30 1172416]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys [2002-06-30 167155]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-11-22 79304]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-11-22 35240]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2007-12-02 40488]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248]
R3 RT73;Belkin USB Network Adapter; C:\WINDOWS\system32\DRIVERS\rt73.sys [2005-08-03 232192]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2002-06-30 594832]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2004-08-04 42496]
S3 basic2;basic2; C:\WINDOWS\System32\DRIVERS\HSF_BSC2.sys [2001-08-17 67167]
S3 Bridge;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2004-08-04 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2004-08-04 71552]
S3 BWU713_A02;Blitzz Wireless G USB Controller; C:\WINDOWS\System32\DRIVERS\BWU713.sys [2004-03-02 340096]
S3 catchme;catchme; \??\C:\DOCUME~1\Bob\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2002-04-30 139776]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 hsf_msft;hsf_msft; C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys [2001-08-17 542879]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-04 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-04 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-04 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-04 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-04 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-04 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-04 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-04 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-04 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-04 23615]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2007-11-22 33832]
S3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2003-06-10 30662]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 nm;Network Monitor Driver; C:\WINDOWS\System32\DRIVERS\NMnt.sys [2004-08-04 40320]
S3 NMSCFG;NIC Management Service Configuration Driver; \??\C:\WINDOWS\system32\drivers\NMSCFG.SYS []
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 P16X;Creative SB Live! Series (WDM); C:\WINDOWS\system32\drivers\P16X.sys [2002-08-30 1293440]
S3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCTINDIS5.SYS []
S3 Rksample;Rksample; C:\WINDOWS\System32\DRIVERS\HSF_SAMP.sys [2001-08-17 57471]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys []
S3 wg111nd5;NETGEAR WG111 802.11g Wireless USB Adapter Driver; C:\WINDOWS\system32\DRIVERS\wg111nd5.sys [2004-03-03 339776]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS); C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys []
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2004-08-04 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2004-08-04 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2004-08-04 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2004-08-04 41088]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2004-08-04 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2002-09-25 147456]
R2 Belkin Wireless USB Network Adapter Service;Belkin Wireless USB Network Adapter; C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe [2004-03-29 49152]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [1999-12-13 44032]
R2 Iomega App Services;Iomega App Services; C:\PROGRA~1\Iomega\System32\AppServices.exe [2002-09-04 73728]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-01 152984]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-01-23 203280]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
R2 NwSapAgent;SAP Agent; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2000-06-26 53520]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]
S2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-29 182768]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184]
S3 NMSSvc;Intel(R) NMS; C:\WINDOWS\System32\NMSSvc.exe [2002-05-03 1118208]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 Iomega Activity Disk2;Iomega Activity Disk2; []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------
bobgrem
Regular Member
 
Posts: 37
Joined: April 28th, 2009, 12:53 pm

Re: ''Troj/Rustok-N' messages-hijackthis log

Unread postby Dakeyras » May 7th, 2009, 8:31 pm

Hi :)

Congratulations your computer now appears to be malware free!

Now I have some tasks for your good self to carry out as part of a clean up process and some advice about online safety.

The information for how to download/install XP SP3 I advice you leave to last after completing the below. Make sure you do read the Microsoft advice what to do after downloading the installer before actually beginning the installation process OK, as this will lesson the chance for any errors during the installation process.

Importance of Regular System Maintenance:

I advice you read both of the below listed topics as this will go a long way to keeping your Computer performing well.

Help! My computer is slow!

Also so is this:

What to do if your Computer is running slowly

Uninstall ComboFix:

  • Click on Start >> Run...
  • Now type in Combofix /u in the and click OK.
  • Note the space between the X and the U, it needs to be there.
  • Image

Clean up with OTMoveIt3:

  • Double-click OTMoveIt3.exe to start the program.
  • Close all other programs apart from OTMoveIt3 as this step will require a reboot
  • On the OTMoveIt main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.

Now some advice for on-line safety:

Malwarebyte's Anti-Malware:

This is a excellent application and I advise you keep this installed. Check for updates and run a scan once a week.

Other installed security software:

Your presently installed combination security application, McAfee Security Suite automatically checks for updates and downloads/installs them with every system reboot and or periodically if the machine is left running providing a internet connection is active.

I advise you also run a complete scan with this also once per week.

Erunt:

Emergency Recovery Utility NT, I advice you keep this installed as a means to keep a complete backup of your registry and restore it when needed.

Myself I would actually create a new back up once per week as this along with System Restore may prove to be invaluable if something unforeseen occurs!

Keep your system updated:

Microsoft releases patches for Windows and other products regularly:


Be careful when opening attachments and downloading files:

  • Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
  • Never open emails from unknown senders.
  • Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
  • Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware.

Stop malicious scripts:

Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript by Symantec or Script Defender by AnalogX to handle these scripts.

Make your Internet Explorer safer:

For Internet Explorer 7

Please read this article to configure Internet Explorer 7 properly.

Note: Internet Explorer v8 has been recently released from its beta program, my advice hold off upgrading for the time being as no doubt flaws will be identified and fixes released over the coming months.

Avoid Peer to Peer software:

P2P may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. My advice avoid these types of software applications.

Hosts File:

A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your computer will look up the website's IP address before you can view the website.

Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

Here are some Hosts files:


Only use one of the above.

Advised Optional update:

There is a new service pack for XP, namely SP3. I advise you download/install this as it will increase the security side of your system. This will also improve the stability of your Operating System.

Download can be found here

Note: Though the page states this is for IT Professionals and Developers, the download is absolutely fine for a stand alone personal computer.

Or the CD ordered for your country here <--scroll down to and click on 'How to obtain Windows XP Service Pack 3 on a CD'

Please read this Microsoft article before actually installing the aforementioned service pack.

Finally a educational source:

To learn more about how to protect yourself while on the internet read this article by Tony Klein:

So how did I get infected in the first place?

Some consider this article outdated, personally I still think it bares relevance and the author is well respected in the Anti-Malware community and by myself also!

Any questions ? feel free to ask, if not stay safe!
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: ''Troj/Rustok-N' messages-hijackthis log

Unread postby bobgrem » May 8th, 2009, 10:37 am

Dakeyras -

Thank you, thank you (and also Wi[k]!) for your time and deep expertise in helping people like me. I will be following your instructions and look forward to reading how to be safer.

I look forward to reading the material on slow computers as I have a laptop that I rarely use because of it being so slow and needing to expand virtual memory after a little while. After reading your suggested sources and then catching my breath, I'm sure your reading material on slow computers will shed some light, along with running Malwarebyte's Anti-Malware to check out the laptop. Any other preliminary advice you have regarding that is most welcome.

Your expertise and willingness to devote time to people in trouble is outstanding!

Thanks again and Peace,
Bob
bobgrem
Regular Member
 
Posts: 37
Joined: April 28th, 2009, 12:53 pm

Re: ''Troj/Rustok-N' messages-hijackthis log

Unread postby Dakeyras » May 8th, 2009, 1:47 pm

Thank you for the kinds words on behalf of myself and colleagues. You are also very welcome and a pleasure to be of assistance! :)
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: ''Troj/Rustok-N' messages-hijackthis log

Unread postby bobgrem » May 8th, 2009, 8:33 pm

Hi -

I attempted to download and install Windows XP Service Pack 3 as suggested after disabling McAfee but it stalled part way through and then a Software Update Removal Wizard ran to reverse the partly installed Service Pack. Should I be doing something different. Is it okay to post this here?

Thanks,
Bob
bobgrem
Regular Member
 
Posts: 37
Joined: April 28th, 2009, 12:53 pm

Re: ''Troj/Rustok-N' messages-hijackthis log

Unread postby Dakeyras » May 8th, 2009, 8:59 pm

Hi :)

No problem asking Bob OK :thumbup:. I'll have a think on this but before I decide on the best course of action for your good self, could you describe exactly how you attempted to implement the SP3 installation please, than you.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: ''Troj/Rustok-N' messages-hijackthis log

Unread postby bobgrem » May 9th, 2009, 9:44 am

Hi Dakeyras -

Thanks! I went to the MS's Active X website you suggested and had a scan of my computer for updates, and I attempted to d/l and install SP3 from there.

Gratitude,
Bob
bobgrem
Regular Member
 
Posts: 37
Joined: April 28th, 2009, 12:53 pm

Re: ''Troj/Rustok-N' messages-hijackthis log

Unread postby Dakeyras » May 9th, 2009, 9:50 am

Hi :)

Ah that may explain the problem then, since you still have a update issue which once SP3 is installed should be rectified.

OK please actually download the installer from here:

http://www.microsoft.com/downloads/deta ... laylang=en

Remember to adhere to these outlined procedures before actually running the installer:

http://support.microsoft.com/kb/950717

Let myself know the outcome please, if any further problems we will go from there OK :thumbup:
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: ''Troj/Rustok-N' messages-hijackthis log

Unread postby bobgrem » May 9th, 2009, 5:53 pm

Hi Dakeyras -

I downloaded Windows XP Service Pack 3 Network Installation Package for IT Professionals and Developers as you suggested. As with the other attempt, I disabled McAfee virus and firewall protection, and ran appwiz.cpl in the run box but did not see Microsoft Shared Computer Toolkit or Remote Desktop Connection to remove.
When attempting to install SP3 via the downloaded executable it partly installed and then gave an error message: Service Pack 3 Setup: Access is denied. I clicked on that and it gave a message of Setup Error and that installation did not complete and to select OK to undo changes. After clicking that it said SP3 installation did not complete and that Windows XP has been partially updated and may not work properly. Along the way, the partially installed SP3 was reversed. After all that, the computer shut down.

Thanks :)
Bob
bobgrem
Regular Member
 
Posts: 37
Joined: April 28th, 2009, 12:53 pm

Re: ''Troj/Rustok-N' messages-hijackthis log

Unread postby Dakeyras » May 9th, 2009, 7:15 pm

Hi Bob :)

Thanks for the update.

I feel at this point in time because I am primarily Anti-Malware support and as far as I can tell your computer is now malware free it would be best to address this issue to a specific forum that is best able to address this Operating System issue.

I am a member of the below myself and they have outstanding IT Tech Support Staff:

What the Tech

Join the aforementioned and post a topic in this sub-forum requesting assistance.

By all means include in the topic I (Dakeyras) advised you seek this assistance and include the URL(Uniform Resource Identifier) for this topic:
http://www.malwareremoval.com/forum/viewtopic.php?f=11&t=42360
Please let myself know when you have read this, thank you.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: ''Troj/Rustok-N' messages-hijackthis log

Unread postby bobgrem » May 9th, 2009, 7:43 pm

Dakeyras -

Thank you for all of your help and your referral. :)

As you suggested, I posted my problem to whatthetech:
http://forums.whatthetech.com/Trouble_u ... 02927.html

Gratitude,
Bob
bobgrem
Regular Member
 
Posts: 37
Joined: April 28th, 2009, 12:53 pm

Re: ''Troj/Rustok-N' messages-hijackthis log

Unread postby Dakeyras » May 9th, 2009, 8:37 pm

Fair play Bob :)

You are very welcome for the assistance I could provide. You will be in very good hands so to speak with the IT Team(techs) over in What the Tech.

Good luck and stay safe!
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: ''Troj/Rustok-N' messages-hijackthis log

Unread postby markkhunt » May 9th, 2009, 9:25 pm

Since this issue appears resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
markkhunt
Admin/Teacher Emeritus
 
Posts: 7913
Joined: April 15th, 2005, 8:58 pm
Location: Newburgh, IN
Advertisement
Register to Remove

Previous

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 292 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware