A couple of things have changed since my last post. I could not re-enable Online Armor. I tried several routes and could never get the program to open again whatsoever. I read Online Armor forum, and it looked like a couple of other people had a similar issue and may be related to one of the latest microsoft updates of a couple of days ago. Uninstalling a particular update had worked for somebody, so I started to try that. When I began, a box popped up telling me it would interfere with the functioning of Spybot S & D. I had also earlier that day downloaded a current version of spybot S & D and did not want it to malfunction. I kept the microsoft update. Online Armor uninstall function would not work. I finally restarted the computer in safe mode and managed to uninstall it. For now I have windows firewall enabled. It sounds like Tall Emu will release a new version within a couple of weeks. Maybe I will try it again then.
The volume control icon seems to be remaining visible lately. Last I checked, I still have tempmbroit.exe. Did you ever find out what that is?
ComboFix log:
ComboFix 08-01-14.4 - Owner 2008-01-16 9:22:32.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.109 [GMT -6:00]Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2007-12-16 to 2008-01-16 )))))))))))))))))))))))))))))))
.
2008-01-14 09:05 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-14 02:01 . 2008-01-14 02:01 40,960 --a------ C:\WINDOWS\system32\omano.dll
2008-01-14 00:25 . 2008-01-14 00:26 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-01-09 15:44 . 2008-01-09 16:56 <DIR> d-------- C:\WINDOWS\$regcmp$
2008-01-03 23:29 . 2002-06-13 06:09 274,432 --a------ C:\WINDOWS\TLCUninstall.exe
2008-01-01 22:34 . 2008-01-01 22:34 <DIR> d-------- C:\Program Files\Tall Emu
2008-01-01 22:33 . 2008-01-01 22:33 <DIR> d-------- C:\OnlineArmor
2007-12-30 23:02 . 2007-01-18 06:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2007-12-30 22:42 . 2008-01-12 03:09 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2007-12-30 22:42 . 2007-12-30 22:42 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-30 22:41 . 2008-01-16 03:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-12-28 02:10 . 2007-12-28 02:10 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Grisoft
2007-12-28 02:09 . 2007-12-30 22:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-28 02:09 . 2007-05-30 06:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-26 00:35 . 2007-12-26 00:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\The Learning Company
2007-12-26 00:30 . 2007-12-26 00:30 27 --a------ C:\KP.cfg
2007-12-25 23:59 . 2007-12-25 23:59 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\cerasus.media
2007-12-25 23:16 . 2006-06-27 14:50 868,352 --a------ C:\WINDOWS\cerscr3.scr
2007-12-25 23:16 . 2006-01-08 19:56 552 --a------ C:\WINDOWS\cerscr3.ini
2007-12-25 23:15 . 2007-12-25 23:16 <DIR> d-------- C:\Program Files\'I Luv' House Pets
2007-12-23 16:58 . 2007-12-23 17:01 <DIR> d-------- C:\Program Files\CCleaner
2007-12-20 22:19 . 2007-12-20 22:19 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\TrojanHunter
2007-12-20 22:14 . 2007-12-21 16:45 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2007-12-19 00:23 . 2007-12-19 00:23 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-19 00:23 . 2007-12-19 00:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-17 14:45 . 2007-12-17 14:45 <DIR> d-------- C:\Program Files\Windows Defender
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-15 19:55 --------- d-----w C:\Program Files\OpenOffice.org1.1.1
2008-01-15 08:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-04 05:42 --------- d-----w C:\Program Files\The Learning Company
2008-01-03 23:04 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-02 21:52 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-31 06:46 --------- d-----w C:\Documents and Settings\Owner\Application Data\SecondLife
2007-12-28 03:10 --------- d-----w C:\Documents and Settings\Owner\Application Data\.BitTornado
2007-12-27 05:31 --------- d-----w C:\Program Files\Java
2007-12-26 06:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-26 05:16 --------- d-----w C:\Program Files\'I Luv' House Pets
2007-12-14 21:53 --------- d-----w C:\Program Files\QuickTime
2007-12-14 21:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-03 05:54 --------- d-----w C:\Program Files\Infogrames Interactive
2007-12-03 05:00 --------- d-----w C:\Program Files\Visioneer OneTouch
2007-11-23 07:56 --------- d-----w C:\Documents and Settings\Owner\Application Data\Uniblue
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 23:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2004-10-26 23:59 11,804 ----a-w C:\Program Files\On-Screen Takeoffuntitled.b02
2004-10-26 23:49 11,804 ----a-w C:\Program Files\On-Screen Takeoffuntitled.b01
2004-10-26 23:38 11,804 ----a-w C:\Program Files\On-Screen Takeoffuntitled.b00
2004-10-26 23:28 11,804 ----a-w C:\Program Files\On-Screen Takeoffuntitled.b03
2004-04-07 15:54 14,162,080 ----a-w C:\Program Files\j2re-1_4_2-windows-i586.exe
2004-04-07 15:34 67,067,477 ----a-w C:\Program Files\OOo_1.1.1_Win32Intel_install.zip
2004-03-25 16:21 1,955,904 ----a-w C:\Program Files\ppviewer.exe
2001-09-10 15:00 139,264 ----a-w C:\WINDOWS\inf\i386\Rtscan.dll
2001-09-10 14:10 61,440 ----a-w C:\WINDOWS\inf\i386\onetUSD.dll
2001-08-18 00:43 32,768 ----a-w C:\WINDOWS\inf\i386\Wiamicro.dll
2001-08-04 00:29 13,824 ----a-w C:\WINDOWS\inf\i386\usbscan.sys
2001-06-29 14:10 163,840 ----a-w C:\WINDOWS\inf\i386\viceo.dll
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- C:\WINDOWS\System32\DRIVERS\IOPORT.SYS ----
Company: Erik Salaj
File Description: Windows NT I/O port driver
File Version: 2.00.0000.0
Product Name: IOPort
Copyright: Copyright (c) 1998 Erik Salaj
Original file name: ioport.sys
- Invalid filepath
((((((((((((((((((((((((((((( snapshot@2008-01-14_ 9.30.54.39 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-14 15:06:46 241,664 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\
00000001\NTUSER.DAT
+ 2008-01-16 15:21:54 1,429,504 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\
00000001\NTUSER.DAT
- 2008-01-14 15:06:46 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\
00000002\UsrClass.dat
+ 2008-01-16 15:21:54 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\
00000002\UsrClass.dat
- 2008-01-14 15:06:46 241,664 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\
00000003\NTUSER.DAT
+ 2008-01-16 15:21:55 1,425,408 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\
00000003\NTUSER.DAT
- 2008-01-14 15:06:46 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\
00000004\UsrClass.dat
+ 2008-01-16 15:21:55 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\
00000004\UsrClass.dat
- 2008-01-14 15:06:46 12,214,272 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\
00000005\NTUSER.DAT
+ 2008-01-16 15:21:55 13,443,072 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\
00000005\NTUSER.DAT
- 2008-01-14 15:06:46 466,944 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\
00000006\UsrClass.dat
+ 2008-01-16 15:21:55 466,944 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\
00000006\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-03-11 18:11 114688]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 20:02 61440]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 22:42 212992]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 16:57 81920]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-26 04:34 172032]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 22:43 7630848]
"nwiz"="nwiz.exe" [2006-08-11 22:43 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 22:43 86016]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-30 22:41 579072]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 10:56 286720]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-30 22:42 219136]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll 2003-02-21 04:50 40960 C:\Program Files\Softex\OmniPass\OPXPGina.dll
R1 NPPTNT;NPPTNT;C:\WINDOWS\System32\npptNT.sys [2003-07-22 00:14]
R2 BBDemon;Backbone Service;C:\Program Files\Dassault Systemes\B11\intel_a\code\bin\CATSysDemon.exe [2003-03-22 07:57]
R2 IOPort;IOPort;C:\WINDOWS\System32\DRIVERS\IOPORT.SYS [1998-11-27 14:57]
R2 ppsio2;PPDevice;C:\WINDOWS\system32\drivers\ppsio2.sys [1999-06-30 02:49]
S2 PPSCAN;PPSCAN;C:\WINDOWS\system32\drivers\PPSCAN.sys [2002-03-29 12:58]
S3 PCDRDRV;Pcdr Helper Driver;C:\PROGRA~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\Install.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-01-08 19:45:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-16 15:12:33 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-01-16 09:32:38
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Softex\OmniPass\opxpgina.dll
.
Completion time: 2008-01-16 9:38:07
ComboFix-quarantined-files.txt 2008-01-16 15:38:02
ComboFix2.txt 2008-01-15 05:25:21
ComboFix3.txt 2008-01-14 15:34:51
.
2007-12-12 20:35:39 --- E O F ---
HIJACK THIS
Logfile of HijackThis v1.99.1
Scan saved at 9:40:58 AM, on 1/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Dassault Systemes\B11\intel_a\code\bin\CATSysDemon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Owner\Desktop\mEvans\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.refdesk.com/R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:81
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) -
http://support.charter.com/sdccommon/do ... gctlcm.cabO16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) -
http://support.f-secure.com/ols/fscax.cabO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/english/ka ... nicode.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) -
http://h20270.www2.hp.com/ediags/gmn/in ... er_gmn.cabO16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.symantec.com/sscv6/Shar ... vSniff.cabO16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) -
http://www.fileplanet.com/fpdlmgr/cabs/ ... 0_0_42.cabO16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) -
https://www.e-games.com.my/com/EGamesPlugin.cabO16 - DPF: {4A769165-055C-4566-ABBB-3EA82DD4F8AE} (IVSLite.FastViewer) -
http://ipinviewer.lunarpages.com/bin/IVSLite.CABO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/Shar ... /cabsa.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftup ... 1448280515O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) -
http://www.nick.com/common/groove/gx/GrooveAX27.cabO16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} (Web Camera Server Control) -
http://66.250.123.194/wg_webeye.cabO16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) -
https://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocxO16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
http://www.symantec.com/techsupp/asa/ctrl/SymAData.cabO16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) -
http://www.bravetree.com/downloader/BTDownloadCtrl.cabO16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) -
https://www-secure.symantec.com/techsup ... veData.cabO16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} -
http://download.abacast.com/download/fi ... tup144.cabO16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) -
http://photos.msn.com/resources/neutral ... 10,0,910,0O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Program Files\Dassault Systemes\B11\intel_a\code\bin\CATSysDemon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - F:\Program Files\TightVNC\WinVNC.exe" -service (file missing)
I also ran kaspersky online scan yesterday afternoon. Here's that log:
KASPERSKY ONLINE SCANNER REPORT
Tuesday, January 15, 2008 4:22:14 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 15/01/2008
Kaspersky Anti-Virus database records: 512262
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\
Scan Statistics:
Total number of scanned objects: 325493
Number of viruses found: 2
Number of infected objects: 4
Number of suspicious objects: 0
Duration of the scan process: 03:43:08
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-12172007-144537.log Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{520682BF-0796-481A-AAB4-4E13F899C96E}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{520682BF-0796-481A-AAB4-4E13F899C96E}\Microsoft\Outlook Express\Inbox.dbx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{520682BF-0796-481A-AAB4-4E13F899C96E}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{520682BF-0796-481A-AAB4-4E13F899C96E}\Microsoft\Outlook Express\Pop3uidl.dbx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{61F00182-5CCD-4044-850E-D1AB3AC57F50} Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012008011520080116\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DFDA3F.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DFDA4B.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP1338\A0219915.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP1358\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
F:\Mitzer Russ's Master Folder\Utilities\irc\mirc612.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.612 skipped
F:\Mitzer Russ's Master Folder\Utilities\irc\mirc612.exe mIRC: infected - 1 skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP1338\A0219937.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
F:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP1358\change.log Object is locked skipped
Scan process completed.
Thank you so much,
heydaze