Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

antimalware doctor problem

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

antimalware doctor problem

Unread postby helomech » September 14th, 2010, 2:34 pm

In Windows XP, only one of the users (of the two that are there) seems to be affected by antimalware doctor. I am sending this from the other username, as the virus is blocking IE, taskmanager, registry edit, hijackthis, etc. or any attempt to get rid of it.

Thank you for any help you can provide

I'm not very proficeint with computers, but I have been able to follow your instructions so far. Here are the scan and unistall list:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:28:51 AM, on 14/09/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TELUS\TELUS security advisor\Tsa.exe
C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe
C:\DOCUME~1\Mike\LOCALS~1\Temp\setup.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\Mike\LOCALS~1\Temp\setup.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.library.ubc.ca:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Tsa.exe] "C:\Program Files\TELUS\TELUS security advisor\Tsa.exe" /AUTORUN
O4 - HKLM\..\Run: [GlobeCom_Full_Client_McciTrayApp] "C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe"
O4 - HKLM\..\Run: [HNUhOXRrvc] C:\DOCUME~1\Mike\LOCALS~1\Temp\setup.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [HNUhOXRrvc] C:\DOCUME~1\Mike\LOCALS~1\Temp\setup.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q105&bd=pavilion&pf=laptop
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} (Crystal Report Viewer Control 9) - https://www.yardiaspcn6.com/23568lesres ... iewer9.cab
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://mlslink.mlxchange.com/Control/Mu ... mboBox.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://vanmappub.vancouver.ca/download/mgaxctrl.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://mlslink.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {74485F99-60D0-45F9-94B0-C99F76F09D0B} (Express Uploader Control) - http://www.londondrugs.com/photolab/Ima ... oader6.cab
O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.shockwave.com/content/barnya ... nstall.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://mlslink.mlxchange.com/Control/IRCSharc.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.shockwave.com/content/tumblebugs/axhost.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/ ... Client.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://costco.pnimedia.com/upload/activ ... ontrol.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/ ... taller.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.shockwave.com/content/zuma/p ... der_v5.cab
O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} (WebBrowserType Class) - https://merlin.telus.net/wizlet/Merlin1 ... Wizard.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} (PCUploader Class) - http://www.walmartphotocentre.ca/activex/PCAXSetup.cab?
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/acti ... .0.0.9.cab?
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 11960 bytes


Acrobat.com
Acrobat.com
Ad-Aware SE Personal
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Photoshop 6.0
Adobe Reader 9.1
Adobe Shockwave Player 11.5
Agere Systems AC'97 Modem
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 3
ATI Control Panel
ATI Display Driver
Bonjour
Compatibility Pack for the 2007 Office system
DivX Web Player
Dynamic Human Anatomy 2.0
Easy Internet Sign-up
FastStone Image Viewer 2.22
Garden Planner 2.4
getPlus(R) for Adobe
Google Earth
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
HiJackThis
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Help and Support
HP Imaging Device Functions 7.0
HP Photosmart and Deskjet 7.0.A
HP Photosmart Essential
HP Solution Center 7.0
HP Update
InterVideo WinDVD
IOGEAR HomePlug Utilities 1.1
iTunes
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 21
Java(TM) 6 Update 5
LimeWire 4.14.12
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Money 2005
Microsoft Office Professional Edition 2003
Microsoft Office XP Standard
Microsoft Silverlight
Microsoft Works
Mozilla Firefox (3.0.10)
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
muvee autoProducer 3.5 - SE
Nikon Message Center
OCR Software by I.R.I.S 7.0
PCI 1620 Cardbus Controller and Software
PictureProject
PrimoPDF -- brought to you by Nitro PDF Software
Quick Launch Buttons 5.00 C1
QuickTime
RealPlayer
RPS CRT
SAMSUNG Mobile Composite Device Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3 USB Driver Installer
Sandlot Games Client Services
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Sonic RecordNow!
Sonic Update Manager
SoundMAX
Spelling Dictionaries Support For Adobe Reader 9
TELUS security advisor 2.1.5
TELUS Support Centre (remove only)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Windows Internet Explorer 8
Windows Live Messenger
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
Write-N-Cite
Xvid 1.1.3 final uninstall
helomech
Active Member
 
Posts: 11
Joined: September 14th, 2010, 1:44 pm
Advertisement
Register to Remove

Re: antimalware doctor problem

Unread postby xixo_12 » September 16th, 2010, 7:13 am

Hello and Welcome to Anti-Malware Forums.Image
Introduction and rules :
  • I'm xixo_12 and really glad to help you.
  • You're advised to refrain running any self fixes until I give the "All Clean Speech"
  • Instruction in this topic is special create for current problem and don't apply those on another system.
  • You're advised to ask for any uncertainty.
  • If you are receiving help or have received help on this problem elsewhere, please let us know.

Please make sure you have done your reading on this topic : How to get help at this forum
Please! If you need more time to do all the instructions, let me know before 72hours is done. Otherwise, your thread will be closed

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Now, we will start the collaboration.
Do keep in mind, removing malware is one of hazardous undertaking. I'm ready to share what I have learn through years in removing malware but I'm also fallible.
You're advised to back up all the important data before we start.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

First,
P2P software.
IMPORTANT: I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
LimeWire 4.14.12

  • It's not a good idea to have them.
  • You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
  • Go to Control Panel > Add/Remove Programs and uninstall the P2P program(s) listed above.
  • If you do not wish to remove your P2P programs, don't proceed with the next instruction and please tell me to close this topic.

Next,
CKScanner.
Please download from HERE and save to the desktop.
  • Double click on CKScanner.exe to run it and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Next,
MGADiag.
Please download from HERE and save to the desktop.
  • Double click on MGADiag.exe to run it.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in. Save this file MGADiag.txt and post it in your next reply.

What you need to post
Checklist.
  • Content of CKFiles.txt
  • Content of MGADiag.txt
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: antimalware doctor problem

Unread postby helomech » September 16th, 2010, 10:41 am

Thank you very much for responding, xixo_12. Your asisstance is greatly appreciated.

Limewire uninstall carried out.

CKScan:

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11
----- EOF -----

MGADiag:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-2CXKV-GMP22-HF2BQ
Windows Product Key Hash: 25dG7mX6zCS/Ri0MYOSCvb3ct0w=
Windows Product ID: 76477-OEM-2111907-00101
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010300.3.0.hom
ID: {529E3188-0EE4-4123-A2A6-8417EA656671}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.5.540.0
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: 0
File Exists: Yes
Version: 1.5.540.0
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office XP Standard - 100 Genuine
Microsoft Office Professional Edition 2003 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-604-645_025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{529E3188-0EE4-4123-A2A6-8417EA656671}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010300.3.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-HF2BQ</PKey><PID>76477-OEM-2111907-00101</PID><PIDType>2</PIDType><SID>S-1-5-21-4133374687-4130177164-57951167</SID><SYSTEM><Manufacturer>Hewlett-Packard </Manufacturer><Model>Pavilion zv5000 (PR450UA#ABL) </Model></SYSTEM><BIOS><Manufacturer>Hewlett-Packard </Manufacturer><Version>F.41</Version><SMBIOSVersion major="2" minor="31"/><Date>20041112000000.000000+000</Date><SLPBIOS>Compaq,Hewlett,Hewlett,Compaq</SLPBIOS></BIOS><HWID>66B53507018400D2</HWID><UserLCID>1009</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>HP</name><model></model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.5.540.0"/><File Name="WgaLogon.dll" Version="1.5.540.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120409-6000-11D3-8CFE-0050048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office XP Standard</Name><Ver>10</Ver><Val>8BA80CB5A9E3594</Val><Hash>THzL61Cyu51M5BHuDpyrQtogMEM=</Hash><Pid>54187-760-1589221-17262</Pid><PidType>1</PidType></Product><Product GUID="{90110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>4E37FB3CA79CD00</Val><Hash>4qPSA2xs2z4Xzn1YnhLcg2zKB/Y=</Hash><Pid>73931-640-0304545-57532</Pid><PidType>14</PidType></Product></Products><Applications><App Id="16" Version="10" Result="100"/><App Id="18" Version="10" Result="100"/><App Id="1A" Version="10" Result="100"/><App Id="1B" Version="10" Result="100"/><App Id="15" Version="11" Result="100"/><App Id="16" Version="11" Result="100"/><App Id="18" Version="11" Result="100"/><App Id="19" Version="11" Result="100"/><App Id="1A" Version="11" Result="100"/><App Id="1B" Version="11" Result="100"/><App Id="44" Version="11" Result="100"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 13DE1:Compaq Computer Corporation|13DE1:Compaq Computer Corporation|13DE1:Hewlett-Packard Company|7FC6:HITACHI, Ltd|7FC6:HITACHI, Ltd|7FC6:HITACHI, Ltd
Marker string from OEMBIOS.DAT: Compaq,Hewlett,Hewlett,Compaq

OEM Activation 2.0 Data-->
N/A
helomech
Active Member
 
Posts: 11
Joined: September 14th, 2010, 1:44 pm

Re: antimalware doctor problem

Unread postby xixo_12 » September 16th, 2010, 6:51 pm

Hi,
Let's proceed.

First,
Malwarebytes' Anti-Malware
Download Malwarebytes' Anti-Malware here and save to the desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:
    Update Malwarebytes' Anti-Malware
    Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
    Image
  • Refer to above image and then click Remove Selected to proceed.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
Note:
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Or via the Logs tab when Malwarebytes' Anti-Malware is started.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware.


What you need to post
Checklist.
  • Content of MBAM log
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: antimalware doctor problem

Unread postby helomech » September 17th, 2010, 1:33 am

MBAM log:

Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org

Database version: 4635

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

16/09/2010 10:15:58 PM
mbam-log-2010-09-16 (22-15-58).txt

Scan type: Full scan (C:\|)
Objects scanned: 245976
Time elapsed: 1 hour(s), 31 minute(s), 44 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 3
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 85

Memory Processes Infected:
C:\Documents and Settings\Mike\Local Settings\Temp\setup.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Documents and Settings\Mike\Local Settings\Temp\setup.exe (Trojan.Downloader) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnuhoxrrvc (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnuhoxrrvc (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Mike\Local Settings\Temp\setup.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Documents\Windows\winhelp.exe (Rootkit.Agent.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Me\Local Settings\Temp\iexplorer.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Application Data\antispy.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Application Data\39395100633A10AE9AF9F51C5D8432B7\handlerfix70700en00.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Application Data\5483383288.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Application Data\684994.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Application Data\colph401.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Application Data\ofewofeh.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temp\1792472478.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temp\17931i (Trojan.Alureon) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temp\1eI3q7 (Trojan.Alureon) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temp\2047545112.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temp\jytr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temp\lsass.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temp\drweb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temp\e9dukf8.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temp\2268050190.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temp\931e931e9 (Trojan.Alureon) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temp\n353g.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temp\Npv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temp\Npw.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temp\Npx.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temp\Npy.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temp\svchost.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temp\system.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temp\win.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temp\win16.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temp\winamp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temp\winlogon.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temp\xh7k5ed.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temp\xsocamenwr.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temp\yg3ubcxx10.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temp\zg25azg4uge2w.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temp\D98.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temp\dc1695e5.tmp (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temp\debug.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temp\iexplorer.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temp\hexdump.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temp\services.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temp\ssvd.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temp\stp61778.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temp\stpdd292.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temp\stpe6261.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temp\mqfhi8241i3.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temp\avp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temp\avp32.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temp\axmwnrecso.tmp (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temp\2325550190.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temp\2951509588.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temp\668464492.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temp\3022614254.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Templates\memory.tmp (Rootkit.Agent.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\debug.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\drweb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\iexplarer.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\svchost.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\sysedit.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\taskmgr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\user.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\win16.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\winamp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\wininst.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\winlogon.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\login.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\mdm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\avp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\avp32.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\cmd.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Njiwaa.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ej2xzvnxo.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fr5jxs3.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\55555.dll (Trojan.Alureon) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\i1qGMY7c.dll (Trojan.Alureon) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\IQG9i1qG.dll (Trojan.Alureon) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\_ex-68.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\_ex-08.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Me\Local Settings\Temp\skaioejiesfjoee.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temp\skaioejiesfjoee.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\.COMMgr\complmgr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Desktop\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
helomech
Active Member
 
Posts: 11
Joined: September 14th, 2010, 1:44 pm

Re: antimalware doctor problem

Unread postby xixo_12 » September 17th, 2010, 2:12 am

Hi,

How's the system?
Please provide new HijackThis log for my review.

Thanks!
xixo
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: antimalware doctor problem

Unread postby helomech » September 19th, 2010, 8:11 am

The virus symptoms seem to be gone from the username that was having the problems. A couple of startup files can no longer be found, but it's working.

Have to go to work for the day, will run a HiJack Log for you this evening. Thanks again for your help!
helomech
Active Member
 
Posts: 11
Joined: September 14th, 2010, 1:44 pm

Re: antimalware doctor problem

Unread postby xixo_12 » September 19th, 2010, 9:00 am

Hi,

Ok I'm waiting for your log.
By the way, make sure you're responding to this topic in 3 days after each post by me. ;)

You're welcome.
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: antimalware doctor problem

Unread postby helomech » September 19th, 2010, 10:38 pm

2nd Hijackthis Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:34:05 PM, on 19/09/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\TELUS\TELUS security advisor\Tsa.exe
C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Mike\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Tsa.exe] "C:\Program Files\TELUS\TELUS security advisor\Tsa.exe" /AUTORUN
O4 - HKLM\..\Run: [GlobeCom_Full_Client_McciTrayApp] "C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [HNUhOXRschO] C:\DOCUME~1\Mike\LOCALS~1\Temp\yg3ubcxx10.exe
O4 - HKCU\..\Run: [MKcrc] C:\WINDOWS\login.exe
O4 - HKCU\..\Run: [HNUhOXRnfM] C:\DOCUME~1\Mike\LOCALS~1\Temp\e9dukf8.exe
O4 - HKCU\..\Run: [MKee] C:\WINDOWS\user.exe
O4 - HKCU\..\Run: [Nfosireyil] rundll32.exe "C:\Documents and Settings\Mike\Local Settings\Application Data\colph401.dll",Startup
O4 - HKCU\..\Run: [MKZe] C:\WINDOWS\avp.exe
O4 - HKCU\..\Run: [MKese] C:\WINDOWS\svchost.exe
O4 - HKCU\..\Run: [HNUhOXRpuc] C:\DOCUME~1\Mike\LOCALS~1\Temp\lsass.exe
O4 - HKCU\..\Run: [HNUhOXRsPc] C:\DOCUME~1\Mike\LOCALS~1\Temp\win16.exe
O4 - HKCU\..\Run: [HNUhOXRrvc] C:\DOCUME~1\Mike\LOCALS~1\Temp\setup.exe
O4 - HKCU\..\Run: [MKZSc] C:\WINDOWS\avp32.exe
O4 - HKCU\..\Run: [HNUhOXRrxe] C:\DOCUME~1\Mike\LOCALS~1\Temp\system.exe
O4 - HKCU\..\Run: [MKfsc] C:\WINDOWS\winlogon.exe
O4 - HKCU\..\Run: [HNUhOXRssc] C:\DOCUME~1\Mike\LOCALS~1\Temp\winlogon.exe
O4 - HKCU\..\Run: [MKfpe] C:\WINDOWS\winamp.exe
O4 - HKCU\..\Run: [HNUhOXRnsc] C:\DOCUME~1\Mike\LOCALS~1\Temp\drweb.exe
O4 - HKCU\..\Run: [HNUhOXRspe] C:\DOCUME~1\Mike\LOCALS~1\Temp\winamp.exe
O4 - HKCU\..\Run: [MKaZ] C:\WINDOWS\cmd.exe
O4 - HKCU\..\Run: [MKexe] C:\WINDOWS\system.exe
O4 - HKCU\..\Run: [MKetc] C:\WINDOWS\sysedit.exe
O4 - HKCU\..\Run: [HNUhOXRnoc] C:\DOCUME~1\Mike\LOCALS~1\Temp\debug.exe
O4 - HKCU\..\Run: [handlerfix70700en00.exe] C:\Documents and Settings\Mike\Application Data\39395100633A10AE9AF9F51C5D8432B7\handlerfix70700en00.exe
O4 - HKCU\..\Run: [COM+ Manager] "C:\Documents and Settings\Mike\.COMMgr\complmgr.exe"
O4 - HKCU\..\Run: [OTGV1DNWQQ] C:\WINDOWS\Njiwaa.exe
O4 - HKCU\..\Run: [YXE7DXCQ37] C:\DOCUME~1\Mike\LOCALS~1\Temp\Npx.exe
O4 - HKCU\..\Run: [Jkumariw] rundll32.exe "C:\Documents and Settings\Mike\Local Settings\Application Data\ofewofeh.dll",Startup
O4 - HKCU\..\Run: [MKeella/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.89 Safari/532.5] C:\WINDOWS\user.exe
O4 - HKCU\..\Run: [HNUhOXRnfMomd.com/dw/dw.php?id=%s&ver=d01] C:\DOCUME~1\Mike\LOCALS~1\Temp\e9dukf8.exe
O4 - HKCU\..\Run: [MKasc] C:\WINDOWS\drweb.exe
O4 - HKCU\..\Run: [HNUhOXRrta] C:\DOCUME~1\Mike\LOCALS~1\Temp\services.exe
O4 - HKCU\..\Run: [MKfPc] C:\WINDOWS\win16.exe
O4 - HKCU\..\Run: [MKbuqc] C:\WINDOWS\iexplarer.exe
O4 - HKCU\..\Run: [HNUhOXRotc] C:\DOCUME~1\Mike\LOCALS~1\Temp\hexdump.exe
O4 - HKCU\..\Run: [MKcZ] C:\WINDOWS\mdm.exe
O4 - HKCU\..\Run: [MKfre] C:\WINDOWS\wininst.exe
O4 - HKCU\..\Run: [MKaoc] C:\WINDOWS\debug.exe
O4 - HKCU\..\Run: [HNUhOXRsa] C:\DOCUME~1\Mike\LOCALS~1\Temp\win.exe
O4 - HKCU\..\Run: [HNUhOXRmSc] C:\DOCUME~1\Mike\LOCALS~1\Temp\avp32.exe
O4 - HKCU\..\Run: [HNUhOXRrse] C:\DOCUME~1\Mike\LOCALS~1\Temp\svchost.exe
O4 - HKCU\..\Run: [HNUhOXRme] C:\DOCUME~1\Mike\LOCALS~1\Temp\avp.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q105&bd=pavilion&pf=laptop
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} (Crystal Report Viewer Control 9) - https://www.yardiaspcn6.com/23568lesres ... iewer9.cab
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://mlslink.mlxchange.com/Control/Mu ... mboBox.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://vanmappub.vancouver.ca/download/mgaxctrl.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://mlslink.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {74485F99-60D0-45F9-94B0-C99F76F09D0B} (Express Uploader Control) - http://www.londondrugs.com/photolab/Ima ... oader6.cab
O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.shockwave.com/content/barnya ... nstall.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://mlslink.mlxchange.com/Control/IRCSharc.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.shockwave.com/content/tumblebugs/axhost.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/ ... Client.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://costco.pnimedia.com/upload/activ ... ontrol.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/ ... taller.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.shockwave.com/content/zuma/p ... der_v5.cab
O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} (WebBrowserType Class) - https://merlin.telus.net/wizlet/Merlin1 ... Wizard.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} (PCUploader Class) - http://www.walmartphotocentre.ca/activex/PCAXSetup.cab?
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/acti ... .0.0.9.cab?
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 13885 bytes
helomech
Active Member
 
Posts: 11
Joined: September 14th, 2010, 1:44 pm

Re: antimalware doctor problem

Unread postby xixo_12 » September 20th, 2010, 10:30 am

Hi,
We will handle the remaining.

First,
ComboFix
Download ComboFix from one of these locations (DO NOT download ComboFix from anywhere else but one of the provided links)
Save as Combo-Fix.exe <<Please have a look on file name. You have to change.
Link 1
Link 2

**IMPORTANT !!! Save Combo-Fix.exe to your Desktop**

  • Disable your AntiVirus/AntiSpyware/Firewall applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    A guide to do this can be found here
  • Double click on Combo-Fix.exe & follow the prompts
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console
Image
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Image

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


What you need to post
Checklist.
  • Content ComboFix.txt
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: antimalware doctor problem

Unread postby helomech » September 21st, 2010, 11:31 pm

ComboFix Log:

ComboFix 10-09-21.01 - Me 21/09/2010 19:42:44.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.383.176 [GMT -7:00]
Running from: c:\documents and settings\Me\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Documents\Server\admin.txt
c:\documents and settings\All Users\Documents\Server\server.dat
c:\documents and settings\Me\Application Data\.#
c:\documents and settings\Mike\.COMMgr
c:\documents and settings\Mike\Application Data\39395100633A10AE9AF9F51C5D8432B7
c:\documents and settings\Mike\Application Data\39395100633A10AE9AF9F51C5D8432B7\enemies-names.txt
c:\documents and settings\Mike\Application Data\39395100633A10AE9AF9F51C5D8432B7\local.ini
c:\documents and settings\Mike\Application Data\39395100633A10AE9AF9F51C5D8432B7\lsrslt.ini
c:\documents and settings\Mike\Application Data\39395100633A10AE9AF9F51C5D8432B7\upd_debug.exe
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_usnjsvc


((((((((((((((((((((((((( Files Created from 2010-08-22 to 2010-09-22 )))))))))))))))))))))))))))))))
.

2010-09-19 12:03 . 2010-09-21 00:40 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-17 02:40 . 2010-09-17 02:40 -------- d-----w- c:\documents and settings\Me\Application Data\Malwarebytes
2010-09-17 02:40 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-17 02:40 . 2010-09-17 02:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-17 02:40 . 2010-09-17 02:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-17 02:40 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-16 14:25 . 2010-09-16 14:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-09-14 17:09 . 2010-09-14 17:08 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-14 16:00 . 2010-09-14 17:28 -------- d-----w- c:\program files\Trend Micro
2010-09-14 14:22 . 2010-09-14 14:22 -------- d-----w- C:\36e4488e4304ef69cc62e050f3bf9f
2010-09-14 14:22 . 2010-09-14 14:22 -------- d-----w- C:\0b1693e4b4013143f45008a1
2010-09-14 14:22 . 2010-09-14 14:22 -------- d-----w- C:\f5a143b055983d38ebe83f85ec70
2010-09-14 14:22 . 2010-09-14 14:22 -------- d-----w- C:\5726e76afb49aefa2862cf6ed77d1816
2010-09-14 14:22 . 2010-09-14 14:22 -------- d-----w- C:\01037b456d7f32495cf6
2010-09-14 14:22 . 2010-09-14 14:22 -------- d-----w- C:\800207c25078d57021
2010-09-14 14:22 . 2010-09-14 14:22 -------- d-----w- C:\97b5f47469907e8021f12433f307cf8c
2010-09-14 14:22 . 2010-09-14 14:22 -------- d-----w- C:\682d8b45f17a47eb80
2010-09-14 14:22 . 2010-09-14 14:22 -------- d-----w- C:\163e489d03d0f8454de81ae92d2aa0
2010-09-14 14:22 . 2010-09-14 14:22 -------- d-----w- C:\e22844eb387ffac5a5f54c
2010-09-14 14:22 . 2010-09-14 14:22 -------- d-----w- C:\a8bfe3407e0cde3bd7
2010-09-14 14:22 . 2010-09-14 14:22 -------- d-----w- C:\d5a2a239ade084b0b4f9cb09827b
2010-09-14 14:21 . 2010-09-14 14:21 -------- d-----w- C:\1e87559810e58889e080317641cbf6
2010-09-14 14:21 . 2010-09-14 14:21 -------- d-----w- C:\e2dafad9f0ac5bc0b006a2
2010-09-14 14:21 . 2010-09-14 14:21 -------- d-----w- C:\727b8619740fdd671a033f
2010-09-14 14:21 . 2010-09-14 14:21 -------- d-----w- C:\252556a334ae64cfce30bdf96b68
2010-09-14 14:21 . 2010-09-14 14:21 -------- d-----w- C:\13c7d0076909ef466122f692
2010-09-14 14:21 . 2010-09-14 14:21 -------- d-----w- C:\3c697eabe6e3a4d6ffc61586ed
2010-09-14 14:21 . 2010-09-14 14:21 -------- d-----w- C:\e9630b88bf46840222ac
2010-09-14 14:21 . 2010-09-14 14:21 -------- d-----w- C:\1283d0bc00835eeb6f3f0d
2010-09-14 14:21 . 2010-09-14 14:21 -------- d-----w- C:\09a232c927e2281bd5c6
2010-09-14 14:21 . 2010-09-14 14:21 -------- d-----w- C:\c51af5b61f3d6c87d52b27292c2f
2010-09-14 03:20 . 2010-09-14 03:20 -------- d-----w- C:\96.tmp
2010-09-13 17:05 . 2010-09-13 17:05 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-09-13 17:05 . 2005-01-19 14:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2010-09-13 15:32 . 2010-09-14 13:50 0 ----a-w- c:\documents and settings\Mike\Local Settings\Application Data\Ukiwipab.bin
2010-09-13 15:32 . 2010-09-14 17:17 120 ----a-w- c:\documents and settings\Mike\Local Settings\Application Data\Qbexeguyoyamuzag.dat
2010-09-13 15:32 . 2010-09-13 15:32 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\{A3DBB0CD-1DB3-4235-BF9B-CF00A730CF68}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-14 17:09 . 2005-01-19 14:45 -------- d-----w- c:\program files\Common Files\Java
2010-09-14 17:08 . 2005-01-19 14:45 -------- d-----w- c:\program files\Java
2010-09-14 15:17 . 2005-01-19 14:45 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-08-17 13:17 . 2004-08-04 08:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:49 . 2004-08-04 08:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-15 02:31 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-06-30 12:31 . 2004-08-04 08:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-08-04 08:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-04-18 23:12 . 2010-03-23 14:39 4182560 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-04-18 23:12 . 2010-03-23 14:39 105248 --sha-w- c:\windows\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2003-10-08 159744]
"AGRSMMSG"="AGRSMMSG.exe" [2004-08-24 88363]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-03-01 200766]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-26 335872]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-08-19 290816]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"Tsa.exe"="c:\program files\TELUS\TELUS security advisor\Tsa.exe" [2009-10-23 3245296]
"GlobeCom_Full_Client_McciTrayApp"="c:\program files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe" [2009-10-05 1528832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-5-17 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2006-5-7 118784]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)

R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [18/11/2004 9:42 PM 5632]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/01/2010 11:00 PM 135664]
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;c:\progra~1\IOGEAR\CONFIG~1\PLCNDIS5.SYS [10/09/2002 12:44 AM 17018]
.
Contents of the 'Scheduled Tasks' folder

2010-05-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2010-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 06:00]

2010-09-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 06:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
uInternet Settings,ProxyServer = proxy.library.ubc.ca:8000
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} - hxxp://mlslink.mlxchange.com/Control/Mu ... mboBox.cab
DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} - hxxp://mlslink.mlxchange.com/Control/MLXClientUtils.cab
DPF: {74485F99-60D0-45F9-94B0-C99F76F09D0B} - hxxp://www.londondrugs.com/photolab/Ima ... oader6.cab
DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} - hxxp://www.shockwave.com/content/barnya ... nstall.cab
DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} - hxxp://mlslink.mlxchange.com/Control/IRCSharc.cab
DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} - hxxp://www.shockwave.com/content/tumblebugs/axhost.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://costco.pnimedia.com/upload/activ ... ontrol.cab
DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://merlin.telus.net/wizlet/Merlin1 ... Wizard.cab
FF - ProfilePath - c:\documents and settings\Me\Application Data\Mozilla\Firefox\Profiles\oetthf9g.default\
.
- - - - ORPHANS REMOVED - - - -

AddRemove-{B7050CBDB2504B34BC2A9CA0A692CC29} - c:\program files\DivX\DivXWebPlayerUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-21 20:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????1?7?7?1??????? ???B???????????????B? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(680)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3248)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~1\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\AGRSMMSG.exe
c:\program files\Apoint2K\Apntex.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2010-09-21 20:27:46 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-22 03:27

Pre-Run: 5,807,202,304 bytes free
Post-Run: 6,706,597,888 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - C5AA62F3CDBC5175EBF317BAE8F035AD
helomech
Active Member
 
Posts: 11
Joined: September 14th, 2010, 1:44 pm

Re: antimalware doctor problem

Unread postby xixo_12 » September 22nd, 2010, 11:08 am

Hi,
Looking good.
Let's take a look deeper and we will fight for the remaining.

First,
RSIT by random/random.
Please download from HERE and save to the desktop.
  • Double-click on RSIT.exe to run the tool.
  • Click Continue at the disclaimer screen.
  • Once it finishes, two logs will open.
    • log.txt will be opened maximized
    • info.txt will be opened minimized
  • Please post the contents of both logs in your next post.
***You can find manually the log at C:\rsit

Next,
What you need to post
Checklist.
  • Content of log.txt and info.txt (Find both in c:\rsit)
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: antimalware doctor problem

Unread postby helomech » September 23rd, 2010, 10:23 am

Log:

Logfile of random's system information tool 1.08 (written by random/random)
Run by Me at 2010-09-23 07:18:44
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 6 GB (17%) free of 38 GB
Total RAM: 383 MB (33% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:19:01 AM, on 23/09/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TELUS\TELUS security advisor\Tsa.exe
C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Me\Desktop\RSIT.exe
C:\Program Files\trend micro\Me.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.library.ubc.ca:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Tsa.exe] "C:\Program Files\TELUS\TELUS security advisor\Tsa.exe" /AUTORUN
O4 - HKLM\..\Run: [GlobeCom_Full_Client_McciTrayApp] "C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRschO] C:\DOCUME~1\Mike\LOCALS~1\Temp\yg3ubcxx10.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKcrc] C:\WINDOWS\login.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRnfM] C:\DOCUME~1\Mike\LOCALS~1\Temp\e9dukf8.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKee] C:\WINDOWS\user.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [Nfosireyil] rundll32.exe "C:\Documents and Settings\Mike\Local Settings\Application Data\colph401.dll",Startup (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKZe] C:\WINDOWS\avp.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKese] C:\WINDOWS\svchost.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRpuc] C:\DOCUME~1\Mike\LOCALS~1\Temp\lsass.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRsPc] C:\DOCUME~1\Mike\LOCALS~1\Temp\win16.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRrvc] C:\DOCUME~1\Mike\LOCALS~1\Temp\setup.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKZSc] C:\WINDOWS\avp32.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRrxe] C:\DOCUME~1\Mike\LOCALS~1\Temp\system.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKfsc] C:\WINDOWS\winlogon.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRssc] C:\DOCUME~1\Mike\LOCALS~1\Temp\winlogon.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKfpe] C:\WINDOWS\winamp.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRnsc] C:\DOCUME~1\Mike\LOCALS~1\Temp\drweb.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRspe] C:\DOCUME~1\Mike\LOCALS~1\Temp\winamp.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKaZ] C:\WINDOWS\cmd.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKexe] C:\WINDOWS\system.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKetc] C:\WINDOWS\sysedit.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRnoc] C:\DOCUME~1\Mike\LOCALS~1\Temp\debug.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [handlerfix70700en00.exe] C:\Documents and Settings\Mike\Application Data\39395100633A10AE9AF9F51C5D8432B7\handlerfix70700en00.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [COM+ Manager] "C:\Documents and Settings\Mike\.COMMgr\complmgr.exe" (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [OTGV1DNWQQ] C:\WINDOWS\Njiwaa.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [YXE7DXCQ37] C:\DOCUME~1\Mike\LOCALS~1\Temp\Npx.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [Jkumariw] rundll32.exe "C:\Documents and Settings\Mike\Local Settings\Application Data\ofewofeh.dll",Startup (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKeella/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.89 Safari/532.5] C:\WINDOWS\user.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRnfMomd.com/dw/dw.php?id=%s&ver=d01] C:\DOCUME~1\Mike\LOCALS~1\Temp\e9dukf8.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKasc] C:\WINDOWS\drweb.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRrta] C:\DOCUME~1\Mike\LOCALS~1\Temp\services.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKfPc] C:\WINDOWS\win16.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKbuqc] C:\WINDOWS\iexplarer.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRotc] C:\DOCUME~1\Mike\LOCALS~1\Temp\hexdump.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKcZ] C:\WINDOWS\mdm.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKfre] C:\WINDOWS\wininst.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKaoc] C:\WINDOWS\debug.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRsa] C:\DOCUME~1\Mike\LOCALS~1\Temp\win.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRmSc] C:\DOCUME~1\Mike\LOCALS~1\Temp\avp32.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRrse] C:\DOCUME~1\Mike\LOCALS~1\Temp\svchost.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRme] C:\DOCUME~1\Mike\LOCALS~1\Temp\avp.exe (User 'Mike')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q105&bd=pavilion&pf=laptop
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} (Crystal Report Viewer Control 9) - https://www.yardiaspcn6.com/23568lesres ... iewer9.cab
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://mlslink.mlxchange.com/Control/Mu ... mboBox.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://vanmappub.vancouver.ca/download/mgaxctrl.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://mlslink.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {74485F99-60D0-45F9-94B0-C99F76F09D0B} (Express Uploader Control) - http://www.londondrugs.com/photolab/Ima ... oader6.cab
O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.shockwave.com/content/barnya ... nstall.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://mlslink.mlxchange.com/Control/IRCSharc.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.shockwave.com/content/tumblebugs/axhost.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/ ... Client.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://costco.pnimedia.com/upload/activ ... ontrol.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/ ... taller.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.shockwave.com/content/zuma/p ... der_v5.cab
O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} (WebBrowserType Class) - https://merlin.telus.net/wizlet/Merlin1 ... Wizard.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} (PCUploader Class) - http://www.walmartphotocentre.ca/activex/PCAXSetup.cab?
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/acti ... .0.0.9.cab?
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 17468 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-15 278192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll [2010-07-15 814648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-14 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-09-14 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-15 278192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2003-10-07 159744]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-08-24 88363]
"ATIModeChange"=C:\WINDOWS\system32\Ati2mdxx.exe [2001-09-04 28672]
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe [2004-03-01 200766]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-03-25 335872]
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]
"eabconfg.cpl"=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe [2004-08-19 290816]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"Tsa.exe"=C:\Program Files\TELUS\TELUS security advisor\Tsa.exe [2009-10-23 3245296]
"GlobeCom_Full_Client_McciTrayApp"=C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe [2009-10-05 1528832]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-13 68856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2004-03-25 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 1 months======

2010-09-23 07:18:44 ----D---- C:\rsit
2010-09-21 20:27:57 ----D---- C:\WINDOWS\temp
2010-09-21 20:27:48 ----A---- C:\ComboFix.txt
2010-09-21 19:39:14 ----A---- C:\Boot.bak
2010-09-21 19:39:04 ----RASHD---- C:\cmdcons
2010-09-21 19:34:23 ----A---- C:\WINDOWS\zip.exe
2010-09-21 19:34:23 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-09-21 19:34:23 ----A---- C:\WINDOWS\SWSC.exe
2010-09-21 19:34:23 ----A---- C:\WINDOWS\SWREG.exe
2010-09-21 19:34:23 ----A---- C:\WINDOWS\sed.exe
2010-09-21 19:34:23 ----A---- C:\WINDOWS\PEV.exe
2010-09-21 19:34:23 ----A---- C:\WINDOWS\NIRCMD.exe
2010-09-21 19:34:23 ----A---- C:\WINDOWS\MBR.exe
2010-09-21 19:34:23 ----A---- C:\WINDOWS\grep.exe
2010-09-21 19:34:15 ----D---- C:\WINDOWS\ERDNT
2010-09-21 19:33:43 ----D---- C:\Qoobox
2010-09-18 16:08:51 ----HDC---- C:\WINDOWS\$NtUninstallKB2259922$
2010-09-18 16:08:37 ----HDC---- C:\WINDOWS\$NtUninstallKB975558_WM8$
2010-09-18 16:08:25 ----HDC---- C:\WINDOWS\$NtUninstallKB2347290$
2010-09-18 16:08:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2121546$
2010-09-18 16:07:50 ----HDC---- C:\WINDOWS\$NtUninstallKB982802$
2010-09-18 16:07:29 ----HDC---- C:\WINDOWS\$NtUninstallKB981322$
2010-09-17 07:04:50 ----HDC---- C:\WINDOWS\$NtUninstallKB2141007$
2010-09-16 19:40:20 ----D---- C:\Documents and Settings\Me\Application Data\Malwarebytes
2010-09-16 19:40:02 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-09-16 19:40:01 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-09-16 19:40:00 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-09-16 19:40:00 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-09-16 07:25:25 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2010-09-14 10:09:35 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-09-14 10:09:10 ----A---- C:\WINDOWS\system32\javaws.exe
2010-09-14 10:09:10 ----A---- C:\WINDOWS\system32\javaw.exe
2010-09-14 10:09:10 ----A---- C:\WINDOWS\system32\java.exe
2010-09-14 10:09:10 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-09-14 09:00:23 ----D---- C:\Program Files\Trend Micro
2010-09-14 07:23:49 ----D---- C:\fee95291534d7f02c2a7ac079fe4f7
2010-09-14 07:23:44 ----D---- C:\ce0170b554a64c47e2c87b387ad010
2010-09-14 07:23:42 ----D---- C:\7d2e028758266725872881f1ddb3
2010-09-14 07:23:40 ----D---- C:\_395375_
2010-09-14 07:23:36 ----D---- C:\f18609db94f14f805b30
2010-09-14 07:23:34 ----D---- C:\45e92621205f66461998a3499b3a
2010-09-14 07:23:32 ----D---- C:\_387375_
2010-09-14 07:23:30 ----D---- C:\772c09f5e7db99afbacfd2b9ce7387b3
2010-09-14 07:23:23 ----D---- C:\1363f5f844bd7cd1114a6845
2010-09-14 07:23:22 ----D---- C:\a60030cd7edb4ab583d5512c525b1a
2010-09-14 07:23:20 ----D---- C:\b64b05fa5312736394bf2a3d9a4d6f
2010-09-14 07:23:19 ----D---- C:\baa93d9d2337e028615428
2010-09-14 07:23:16 ----D---- C:\74fc28ba119392c2ec4ab16f87
2010-09-14 07:23:13 ----D---- C:\49356d2d6db7be74b37f
2010-09-14 07:23:12 ----D---- C:\855e840173f3c955469a5de3e8a0
2010-09-14 07:23:09 ----D---- C:\09b61d8503b6f1063e7d
2010-09-14 07:23:06 ----D---- C:\3bd899fd5d368e2470128d73
2010-09-14 07:23:05 ----D---- C:\34405c64724bcc7260a5d2a617
2010-09-14 07:23:04 ----D---- C:\b2311185d3286ebdf40d61
2010-09-14 07:23:02 ----D---- C:\8b2ca3708f2e95c0f54455a9
2010-09-14 07:23:02 ----D---- C:\1b772185add08dd58f70bcdd
2010-09-14 07:23:01 ----D---- C:\46d5bd0e610e5d22adf178a7aad057
2010-09-14 07:23:00 ----D---- C:\_354765_
2010-09-14 07:22:59 ----D---- C:\36e4488e4304ef69cc62e050f3bf9f
2010-09-14 07:22:50 ----D---- C:\0b1693e4b4013143f45008a1
2010-09-14 07:22:37 ----D---- C:\f5a143b055983d38ebe83f85ec70
2010-09-14 07:22:35 ----D---- C:\5726e76afb49aefa2862cf6ed77d1816
2010-09-14 07:22:30 ----D---- C:\01037b456d7f32495cf6
2010-09-14 07:22:29 ----D---- C:\800207c25078d57021
2010-09-14 07:22:26 ----D---- C:\97b5f47469907e8021f12433f307cf8c
2010-09-14 07:22:21 ----D---- C:\682d8b45f17a47eb80
2010-09-14 07:22:11 ----D---- C:\163e489d03d0f8454de81ae92d2aa0
2010-09-14 07:22:07 ----D---- C:\e22844eb387ffac5a5f54c
2010-09-14 07:22:05 ----D---- C:\a8bfe3407e0cde3bd7
2010-09-14 07:22:01 ----D---- C:\d5a2a239ade084b0b4f9cb09827b
2010-09-14 07:21:59 ----D---- C:\1e87559810e58889e080317641cbf6
2010-09-14 07:21:58 ----D---- C:\e2dafad9f0ac5bc0b006a2
2010-09-14 07:21:55 ----D---- C:\727b8619740fdd671a033f
2010-09-14 07:21:44 ----D---- C:\252556a334ae64cfce30bdf96b68
2010-09-14 07:21:37 ----D---- C:\13c7d0076909ef466122f692
2010-09-14 07:21:32 ----D---- C:\3c697eabe6e3a4d6ffc61586ed
2010-09-14 07:21:30 ----D---- C:\e9630b88bf46840222ac
2010-09-14 07:21:29 ----D---- C:\1283d0bc00835eeb6f3f0d
2010-09-14 07:21:26 ----D---- C:\09a232c927e2281bd5c6
2010-09-14 07:21:21 ----D---- C:\c51af5b61f3d6c87d52b27292c2f
2010-09-13 20:20:45 ----D---- C:\96.tmp
2010-09-13 11:14:20 ----ASH---- C:\hiberfil.sys
2010-09-13 10:04:23 ----A---- C:\WINDOWS\ntbtlog.txt
2010-09-13 10:02:44 ----A---- C:\WINDOWS\lsrslt.ini

======List of files/folders modified in the last 1 months======

2010-09-21 20:27:59 ----D---- C:\WINDOWS\system32\drivers
2010-09-21 20:27:57 ----D---- C:\WINDOWS
2010-09-21 20:24:32 ----D---- C:\WINDOWS\system32\CatRoot2
2010-09-21 20:16:23 ----D---- C:\WINDOWS\system32
2010-09-21 20:16:23 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-09-21 20:14:52 ----A---- C:\WINDOWS\system.ini
2010-09-21 20:14:15 ----D---- C:\WINDOWS\system32\drivers\etc
2010-09-21 20:01:40 ----D---- C:\WINDOWS\system32\config
2010-09-21 19:54:51 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-09-21 19:50:45 ----D---- C:\WINDOWS\AppPatch
2010-09-21 19:50:45 ----D---- C:\Program Files\Common Files
2010-09-21 19:39:14 ----RASH---- C:\boot.ini
2010-09-21 19:34:53 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-09-21 19:34:22 ----SHD---- C:\System Volume Information
2010-09-21 19:34:22 ----D---- C:\WINDOWS\system32\Restore
2010-09-21 19:34:15 ----D---- C:\WINDOWS\Prefetch
2010-09-18 16:08:55 ----HD---- C:\WINDOWS\inf
2010-09-18 16:08:43 ----HD---- C:\WINDOWS\$hf_mig$
2010-09-18 16:08:40 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-09-18 16:08:40 ----A---- C:\WINDOWS\imsins.BAK
2010-09-17 07:05:36 ----A---- C:\WINDOWS\system32\MRT.exe
2010-09-16 22:21:30 ----D---- C:\WINDOWS\addins
2010-09-16 22:15:58 ----SD---- C:\WINDOWS\Tasks
2010-09-16 19:40:00 ----RD---- C:\Program Files
2010-09-14 10:28:39 ----SHD---- C:\WINDOWS\Installer
2010-09-14 10:28:39 ----SD---- C:\Documents and Settings\Me\Application Data\Microsoft
2010-09-14 10:28:39 ----D---- C:\Config.Msi
2010-09-14 10:09:33 ----D---- C:\Program Files\Common Files\Java
2010-09-14 10:08:12 ----D---- C:\Program Files\Java
2010-09-14 08:17:36 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-09-13 10:04:57 ----D---- C:\Documents and Settings

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 atiide;atiide; C:\WINDOWS\system32\DRIVERS\atiide.sys [2004-04-14 5632]
R0 caboagp;ATI Cabo AGP Filter; C:\WINDOWS\system32\DRIVERS\atisgkaf.sys [2003-04-23 13174]
R0 DevUpper;TI UltraMedia CardBus Controller Filter Driver; C:\WINDOWS\system32\DRIVERS\tiumflt.sys [2003-08-08 8448]
R0 ohci1394;Texas Instruments OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-05-02 36624]
R1 eabfiltr;EABFiltr; \??\C:\WINDOWS\system32\drivers\EABFiltr.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-10-23 100384]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-08-24 1268204]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2003-10-07 94601]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-03-25 680960]
R3 BCM43XX;BCM 802.11b Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2004-08-04 341760]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\system32\DRIVERS\R8139n51.SYS [2003-10-23 46976]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-04-01 612032]
S2 RPSKT;Security Services Driver (x86); C:\WINDOWS\system32\DRIVERS\rp_skt32.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-01-31 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-01-31 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-01-31 21568]
S3 mbr;mbr; \??\C:\DOCUME~1\Me\LOCALS~1\Temp\mbr.sys []
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\IOGEAR\CONFIG~1\PCAMPR5.SYS []
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\IOGEAR\CONFIG~1\PLCNDIS5.SYS []
S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-17 35913]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 83592]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 15112]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 109704]
S3 tiumfwl;tiumfwl; C:\WINDOWS\system32\drivers\tiumfwl.sys [2003-02-18 42092]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-07-09 39424]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-03-25 397312]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-09-14 153376]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2009-12-10 319488]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-09-22 38912]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2005-11-22 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-30 182768]
S3 hpqwmi;HP WMI Interface; C:\Program Files\HPQ\SHARED\HPQWMI.exe [2004-07-27 98304]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------

Info:

Logfile of random's system information tool 1.08 (written by random/random)
Run by Me at 2010-09-23 07:18:44
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 6 GB (17%) free of 38 GB
Total RAM: 383 MB (33% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:19:01 AM, on 23/09/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TELUS\TELUS security advisor\Tsa.exe
C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Me\Desktop\RSIT.exe
C:\Program Files\trend micro\Me.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.library.ubc.ca:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Tsa.exe] "C:\Program Files\TELUS\TELUS security advisor\Tsa.exe" /AUTORUN
O4 - HKLM\..\Run: [GlobeCom_Full_Client_McciTrayApp] "C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRschO] C:\DOCUME~1\Mike\LOCALS~1\Temp\yg3ubcxx10.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKcrc] C:\WINDOWS\login.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRnfM] C:\DOCUME~1\Mike\LOCALS~1\Temp\e9dukf8.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKee] C:\WINDOWS\user.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [Nfosireyil] rundll32.exe "C:\Documents and Settings\Mike\Local Settings\Application Data\colph401.dll",Startup (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKZe] C:\WINDOWS\avp.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKese] C:\WINDOWS\svchost.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRpuc] C:\DOCUME~1\Mike\LOCALS~1\Temp\lsass.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRsPc] C:\DOCUME~1\Mike\LOCALS~1\Temp\win16.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRrvc] C:\DOCUME~1\Mike\LOCALS~1\Temp\setup.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKZSc] C:\WINDOWS\avp32.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRrxe] C:\DOCUME~1\Mike\LOCALS~1\Temp\system.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKfsc] C:\WINDOWS\winlogon.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRssc] C:\DOCUME~1\Mike\LOCALS~1\Temp\winlogon.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKfpe] C:\WINDOWS\winamp.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRnsc] C:\DOCUME~1\Mike\LOCALS~1\Temp\drweb.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRspe] C:\DOCUME~1\Mike\LOCALS~1\Temp\winamp.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKaZ] C:\WINDOWS\cmd.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKexe] C:\WINDOWS\system.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKetc] C:\WINDOWS\sysedit.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRnoc] C:\DOCUME~1\Mike\LOCALS~1\Temp\debug.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [handlerfix70700en00.exe] C:\Documents and Settings\Mike\Application Data\39395100633A10AE9AF9F51C5D8432B7\handlerfix70700en00.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [COM+ Manager] "C:\Documents and Settings\Mike\.COMMgr\complmgr.exe" (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [OTGV1DNWQQ] C:\WINDOWS\Njiwaa.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [YXE7DXCQ37] C:\DOCUME~1\Mike\LOCALS~1\Temp\Npx.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [Jkumariw] rundll32.exe "C:\Documents and Settings\Mike\Local Settings\Application Data\ofewofeh.dll",Startup (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKeella/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.89 Safari/532.5] C:\WINDOWS\user.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRnfMomd.com/dw/dw.php?id=%s&ver=d01] C:\DOCUME~1\Mike\LOCALS~1\Temp\e9dukf8.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKasc] C:\WINDOWS\drweb.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRrta] C:\DOCUME~1\Mike\LOCALS~1\Temp\services.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKfPc] C:\WINDOWS\win16.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKbuqc] C:\WINDOWS\iexplarer.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRotc] C:\DOCUME~1\Mike\LOCALS~1\Temp\hexdump.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKcZ] C:\WINDOWS\mdm.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKfre] C:\WINDOWS\wininst.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKaoc] C:\WINDOWS\debug.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRsa] C:\DOCUME~1\Mike\LOCALS~1\Temp\win.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRmSc] C:\DOCUME~1\Mike\LOCALS~1\Temp\avp32.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRrse] C:\DOCUME~1\Mike\LOCALS~1\Temp\svchost.exe (User 'Mike')
O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRme] C:\DOCUME~1\Mike\LOCALS~1\Temp\avp.exe (User 'Mike')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q105&bd=pavilion&pf=laptop
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} (Crystal Report Viewer Control 9) - https://www.yardiaspcn6.com/23568lesres ... iewer9.cab
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://mlslink.mlxchange.com/Control/Mu ... mboBox.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://vanmappub.vancouver.ca/download/mgaxctrl.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://mlslink.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {74485F99-60D0-45F9-94B0-C99F76F09D0B} (Express Uploader Control) - http://www.londondrugs.com/photolab/Ima ... oader6.cab
O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.shockwave.com/content/barnya ... nstall.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://mlslink.mlxchange.com/Control/IRCSharc.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.shockwave.com/content/tumblebugs/axhost.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/ ... Client.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://costco.pnimedia.com/upload/activ ... ontrol.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/ ... taller.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.shockwave.com/content/zuma/p ... der_v5.cab
O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} (WebBrowserType Class) - https://merlin.telus.net/wizlet/Merlin1 ... Wizard.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} (PCUploader Class) - http://www.walmartphotocentre.ca/activex/PCAXSetup.cab?
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/acti ... .0.0.9.cab?
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 17468 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-15 278192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll [2010-07-15 814648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-14 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-09-14 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-15 278192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2003-10-07 159744]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-08-24 88363]
"ATIModeChange"=C:\WINDOWS\system32\Ati2mdxx.exe [2001-09-04 28672]
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe [2004-03-01 200766]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-03-25 335872]
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]
"eabconfg.cpl"=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe [2004-08-19 290816]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"Tsa.exe"=C:\Program Files\TELUS\TELUS security advisor\Tsa.exe [2009-10-23 3245296]
"GlobeCom_Full_Client_McciTrayApp"=C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe [2009-10-05 1528832]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-13 68856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2004-03-25 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 1 months======

2010-09-23 07:18:44 ----D---- C:\rsit
2010-09-21 20:27:57 ----D---- C:\WINDOWS\temp
2010-09-21 20:27:48 ----A---- C:\ComboFix.txt
2010-09-21 19:39:14 ----A---- C:\Boot.bak
2010-09-21 19:39:04 ----RASHD---- C:\cmdcons
2010-09-21 19:34:23 ----A---- C:\WINDOWS\zip.exe
2010-09-21 19:34:23 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-09-21 19:34:23 ----A---- C:\WINDOWS\SWSC.exe
2010-09-21 19:34:23 ----A---- C:\WINDOWS\SWREG.exe
2010-09-21 19:34:23 ----A---- C:\WINDOWS\sed.exe
2010-09-21 19:34:23 ----A---- C:\WINDOWS\PEV.exe
2010-09-21 19:34:23 ----A---- C:\WINDOWS\NIRCMD.exe
2010-09-21 19:34:23 ----A---- C:\WINDOWS\MBR.exe
2010-09-21 19:34:23 ----A---- C:\WINDOWS\grep.exe
2010-09-21 19:34:15 ----D---- C:\WINDOWS\ERDNT
2010-09-21 19:33:43 ----D---- C:\Qoobox
2010-09-18 16:08:51 ----HDC---- C:\WINDOWS\$NtUninstallKB2259922$
2010-09-18 16:08:37 ----HDC---- C:\WINDOWS\$NtUninstallKB975558_WM8$
2010-09-18 16:08:25 ----HDC---- C:\WINDOWS\$NtUninstallKB2347290$
2010-09-18 16:08:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2121546$
2010-09-18 16:07:50 ----HDC---- C:\WINDOWS\$NtUninstallKB982802$
2010-09-18 16:07:29 ----HDC---- C:\WINDOWS\$NtUninstallKB981322$
2010-09-17 07:04:50 ----HDC---- C:\WINDOWS\$NtUninstallKB2141007$
2010-09-16 19:40:20 ----D---- C:\Documents and Settings\Me\Application Data\Malwarebytes
2010-09-16 19:40:02 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-09-16 19:40:01 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-09-16 19:40:00 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-09-16 19:40:00 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-09-16 07:25:25 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2010-09-14 10:09:35 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-09-14 10:09:10 ----A---- C:\WINDOWS\system32\javaws.exe
2010-09-14 10:09:10 ----A---- C:\WINDOWS\system32\javaw.exe
2010-09-14 10:09:10 ----A---- C:\WINDOWS\system32\java.exe
2010-09-14 10:09:10 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-09-14 09:00:23 ----D---- C:\Program Files\Trend Micro
2010-09-14 07:23:49 ----D---- C:\fee95291534d7f02c2a7ac079fe4f7
2010-09-14 07:23:44 ----D---- C:\ce0170b554a64c47e2c87b387ad010
2010-09-14 07:23:42 ----D---- C:\7d2e028758266725872881f1ddb3
2010-09-14 07:23:40 ----D---- C:\_395375_
2010-09-14 07:23:36 ----D---- C:\f18609db94f14f805b30
2010-09-14 07:23:34 ----D---- C:\45e92621205f66461998a3499b3a
2010-09-14 07:23:32 ----D---- C:\_387375_
2010-09-14 07:23:30 ----D---- C:\772c09f5e7db99afbacfd2b9ce7387b3
2010-09-14 07:23:23 ----D---- C:\1363f5f844bd7cd1114a6845
2010-09-14 07:23:22 ----D---- C:\a60030cd7edb4ab583d5512c525b1a
2010-09-14 07:23:20 ----D---- C:\b64b05fa5312736394bf2a3d9a4d6f
2010-09-14 07:23:19 ----D---- C:\baa93d9d2337e028615428
2010-09-14 07:23:16 ----D---- C:\74fc28ba119392c2ec4ab16f87
2010-09-14 07:23:13 ----D---- C:\49356d2d6db7be74b37f
2010-09-14 07:23:12 ----D---- C:\855e840173f3c955469a5de3e8a0
2010-09-14 07:23:09 ----D---- C:\09b61d8503b6f1063e7d
2010-09-14 07:23:06 ----D---- C:\3bd899fd5d368e2470128d73
2010-09-14 07:23:05 ----D---- C:\34405c64724bcc7260a5d2a617
2010-09-14 07:23:04 ----D---- C:\b2311185d3286ebdf40d61
2010-09-14 07:23:02 ----D---- C:\8b2ca3708f2e95c0f54455a9
2010-09-14 07:23:02 ----D---- C:\1b772185add08dd58f70bcdd
2010-09-14 07:23:01 ----D---- C:\46d5bd0e610e5d22adf178a7aad057
2010-09-14 07:23:00 ----D---- C:\_354765_
2010-09-14 07:22:59 ----D---- C:\36e4488e4304ef69cc62e050f3bf9f
2010-09-14 07:22:50 ----D---- C:\0b1693e4b4013143f45008a1
2010-09-14 07:22:37 ----D---- C:\f5a143b055983d38ebe83f85ec70
2010-09-14 07:22:35 ----D---- C:\5726e76afb49aefa2862cf6ed77d1816
2010-09-14 07:22:30 ----D---- C:\01037b456d7f32495cf6
2010-09-14 07:22:29 ----D---- C:\800207c25078d57021
2010-09-14 07:22:26 ----D---- C:\97b5f47469907e8021f12433f307cf8c
2010-09-14 07:22:21 ----D---- C:\682d8b45f17a47eb80
2010-09-14 07:22:11 ----D---- C:\163e489d03d0f8454de81ae92d2aa0
2010-09-14 07:22:07 ----D---- C:\e22844eb387ffac5a5f54c
2010-09-14 07:22:05 ----D---- C:\a8bfe3407e0cde3bd7
2010-09-14 07:22:01 ----D---- C:\d5a2a239ade084b0b4f9cb09827b
2010-09-14 07:21:59 ----D---- C:\1e87559810e58889e080317641cbf6
2010-09-14 07:21:58 ----D---- C:\e2dafad9f0ac5bc0b006a2
2010-09-14 07:21:55 ----D---- C:\727b8619740fdd671a033f
2010-09-14 07:21:44 ----D---- C:\252556a334ae64cfce30bdf96b68
2010-09-14 07:21:37 ----D---- C:\13c7d0076909ef466122f692
2010-09-14 07:21:32 ----D---- C:\3c697eabe6e3a4d6ffc61586ed
2010-09-14 07:21:30 ----D---- C:\e9630b88bf46840222ac
2010-09-14 07:21:29 ----D---- C:\1283d0bc00835eeb6f3f0d
2010-09-14 07:21:26 ----D---- C:\09a232c927e2281bd5c6
2010-09-14 07:21:21 ----D---- C:\c51af5b61f3d6c87d52b27292c2f
2010-09-13 20:20:45 ----D---- C:\96.tmp
2010-09-13 11:14:20 ----ASH---- C:\hiberfil.sys
2010-09-13 10:04:23 ----A---- C:\WINDOWS\ntbtlog.txt
2010-09-13 10:02:44 ----A---- C:\WINDOWS\lsrslt.ini

======List of files/folders modified in the last 1 months======

2010-09-21 20:27:59 ----D---- C:\WINDOWS\system32\drivers
2010-09-21 20:27:57 ----D---- C:\WINDOWS
2010-09-21 20:24:32 ----D---- C:\WINDOWS\system32\CatRoot2
2010-09-21 20:16:23 ----D---- C:\WINDOWS\system32
2010-09-21 20:16:23 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-09-21 20:14:52 ----A---- C:\WINDOWS\system.ini
2010-09-21 20:14:15 ----D---- C:\WINDOWS\system32\drivers\etc
2010-09-21 20:01:40 ----D---- C:\WINDOWS\system32\config
2010-09-21 19:54:51 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-09-21 19:50:45 ----D---- C:\WINDOWS\AppPatch
2010-09-21 19:50:45 ----D---- C:\Program Files\Common Files
2010-09-21 19:39:14 ----RASH---- C:\boot.ini
2010-09-21 19:34:53 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-09-21 19:34:22 ----SHD---- C:\System Volume Information
2010-09-21 19:34:22 ----D---- C:\WINDOWS\system32\Restore
2010-09-21 19:34:15 ----D---- C:\WINDOWS\Prefetch
2010-09-18 16:08:55 ----HD---- C:\WINDOWS\inf
2010-09-18 16:08:43 ----HD---- C:\WINDOWS\$hf_mig$
2010-09-18 16:08:40 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-09-18 16:08:40 ----A---- C:\WINDOWS\imsins.BAK
2010-09-17 07:05:36 ----A---- C:\WINDOWS\system32\MRT.exe
2010-09-16 22:21:30 ----D---- C:\WINDOWS\addins
2010-09-16 22:15:58 ----SD---- C:\WINDOWS\Tasks
2010-09-16 19:40:00 ----RD---- C:\Program Files
2010-09-14 10:28:39 ----SHD---- C:\WINDOWS\Installer
2010-09-14 10:28:39 ----SD---- C:\Documents and Settings\Me\Application Data\Microsoft
2010-09-14 10:28:39 ----D---- C:\Config.Msi
2010-09-14 10:09:33 ----D---- C:\Program Files\Common Files\Java
2010-09-14 10:08:12 ----D---- C:\Program Files\Java
2010-09-14 08:17:36 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-09-13 10:04:57 ----D---- C:\Documents and Settings

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 atiide;atiide; C:\WINDOWS\system32\DRIVERS\atiide.sys [2004-04-14 5632]
R0 caboagp;ATI Cabo AGP Filter; C:\WINDOWS\system32\DRIVERS\atisgkaf.sys [2003-04-23 13174]
R0 DevUpper;TI UltraMedia CardBus Controller Filter Driver; C:\WINDOWS\system32\DRIVERS\tiumflt.sys [2003-08-08 8448]
R0 ohci1394;Texas Instruments OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-05-02 36624]
R1 eabfiltr;EABFiltr; \??\C:\WINDOWS\system32\drivers\EABFiltr.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-10-23 100384]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-08-24 1268204]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2003-10-07 94601]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-03-25 680960]
R3 BCM43XX;BCM 802.11b Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2004-08-04 341760]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\system32\DRIVERS\R8139n51.SYS [2003-10-23 46976]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-04-01 612032]
S2 RPSKT;Security Services Driver (x86); C:\WINDOWS\system32\DRIVERS\rp_skt32.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-01-31 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-01-31 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-01-31 21568]
S3 mbr;mbr; \??\C:\DOCUME~1\Me\LOCALS~1\Temp\mbr.sys []
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\IOGEAR\CONFIG~1\PCAMPR5.SYS []
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\IOGEAR\CONFIG~1\PLCNDIS5.SYS []
S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-17 35913]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 83592]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 15112]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 109704]
S3 tiumfwl;tiumfwl; C:\WINDOWS\system32\drivers\tiumfwl.sys [2003-02-18 42092]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-07-09 39424]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-03-25 397312]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-09-14 153376]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2009-12-10 319488]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-09-22 38912]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2005-11-22 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-30 182768]
S3 hpqwmi;HP WMI Interface; C:\Program Files\HPQ\SHARED\HPQWMI.exe [2004-07-27 98304]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------
helomech
Active Member
 
Posts: 11
Joined: September 14th, 2010, 1:44 pm

Re: antimalware doctor problem

Unread postby xixo_12 » September 23rd, 2010, 10:50 am

Hi,
Let's proceed.

First,
Fix entries.
  • Run the HiJack This.
  • Click on Do a system scan only button.
  • Search the entries as below and tick at the small box.
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop <http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q105&bd=pavilion&pf=laptop>
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.library.ubc.ca:8000
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRschO] C:\DOCUME~1\Mike\LOCALS~1\Temp\yg3ubcxx10.exe (User 'Mike')
    O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKcrc] C:\WINDOWS\login.exe (User 'Mike')
    O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRnfM] C:\DOCUME~1\Mike\LOCALS~1\Temp\e9dukf8.exe (User 'Mike')
    O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKee] C:\WINDOWS\user.exe (User 'Mike')
    O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [Nfosireyil] rundll32.exe "C:\Documents and Settings\Mike\Local Settings\Application Data\colph401.dll",Startup (User 'Mike')
    O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKZe] C:\WINDOWS\avp.exe (User 'Mike')
    O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKese] C:\WINDOWS\svchost.exe (User 'Mike')
    O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRpuc] C:\DOCUME~1\Mike\LOCALS~1\Temp\lsass.exe (User 'Mike')
    O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRsPc] C:\DOCUME~1\Mike\LOCALS~1\Temp\win16.exe (User 'Mike')
    O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRrvc] C:\DOCUME~1\Mike\LOCALS~1\Temp\setup.exe (User 'Mike')
    O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKZSc] C:\WINDOWS\avp32.exe (User 'Mike')
    O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRrxe] C:\DOCUME~1\Mike\LOCALS~1\Temp\system.exe (User 'Mike')
    O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKfsc] C:\WINDOWS\winlogon.exe (User 'Mike')
    O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRssc] C:\DOCUME~1\Mike\LOCALS~1\Temp\winlogon.exe (User 'Mike')
    O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKfpe] C:\WINDOWS\winamp.exe (User 'Mike')
    O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRnsc] C:\DOCUME~1\Mike\LOCALS~1\Temp\drweb.exe (User 'Mike')
    O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRspe] C:\DOCUME~1\Mike\LOCALS~1\Temp\winamp.exe (User 'Mike')
    O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKaZ] C:\WINDOWS\cmd.exe (User 'Mike')
    O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKexe] C:\WINDOWS\system.exe (User 'Mike')
    O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKetc] C:\WINDOWS\sysedit.exe (User 'Mike')
    O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRnoc] C:\DOCUME~1\Mike\LOCALS~1\Temp\debug.exe (User 'Mike')
    O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [handlerfix70700en00.exe] C:\Documents and Settings\Mike\Application Data\39395100633A10AE9AF9F51C5D8432B7\handlerfix70700en00.exe (User 'Mike')
    O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [COM+ Manager] "C:\Documents and Settings\Mike\.COMMgr\complmgr.exe" (User 'Mike')
    O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [OTGV1DNWQQ] C:\WINDOWS\Njiwaa.exe (User 'Mike')
    O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [YXE7DXCQ37] C:\DOCUME~1\Mike\LOCALS~1\Temp\Npx.exe (User 'Mike')
    O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [Jkumariw] rundll32.exe "C:\Documents and Settings\Mike\Local Settings\Application Data\ofewofeh.dll",Startup (User 'Mike')
    O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKeella/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.89 Safari/532.5] C:\WINDOWS\user.exe (User 'Mike')
    O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRnfMomd.com/dw/dw.php?id=%s&ver=d01] C:\DOCUME~1\Mike\LOCALS~1\Temp\e9dukf8.exe (User 'Mike')
    O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKasc] C:\WINDOWS\drweb.exe (User 'Mike')
    O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRrta] C:\DOCUME~1\Mike\LOCALS~1\Temp\services.exe (User 'Mike')
    O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKfPc] C:\WINDOWS\win16.exe (User 'Mike')
    O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKbuqc] C:\WINDOWS\iexplarer.exe (User 'Mike')
    O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRotc] C:\DOCUME~1\Mike\LOCALS~1\Temp\hexdump.exe (User 'Mike')
    O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKcZ] C:\WINDOWS\mdm.exe (User 'Mike')
    O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKfre] C:\WINDOWS\wininst.exe (User 'Mike')
    O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [MKaoc] C:\WINDOWS\debug.exe (User 'Mike')
    O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRsa] C:\DOCUME~1\Mike\LOCALS~1\Temp\win.exe (User 'Mike')
    O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRmSc] C:\DOCUME~1\Mike\LOCALS~1\Temp\avp32.exe (User 'Mike')
    O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRrse] C:\DOCUME~1\Mike\LOCALS~1\Temp\svchost.exe (User 'Mike')
    O4 - HKUS\S-1-5-21-4133374687-4130177164-57951167-1007\..\Run: [HNUhOXRme] C:\DOCUME~1\Mike\LOCALS~1\Temp\avp.exe (User 'Mike')
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q105&bd=pavilion&pf=laptop
  • Close any other program and leave HiJackThis program alone.
  • Click Fix checked.

Next,
Delete file.
  • Open Notepad.exe
  • Copy and paste below code into the notepad.
    Code: Select all
    del /q /f "C:\96.tmp"
    del /q /f "C:\WINDOWS\lsrslt.ini"
    del %0
  • Click on File > Save As
    Save in : Desktop
    File name : xixo.bat
    Save as type : All Files
  • It will look like this :
    Image
  • Double click on xixo.bat and the batch file will perform the task and auto delete itself.

Next,
Reboot into the usual account.

Next,
ATF by Atribune
Please download HERE and save to the desktop. Double-click ATF Cleaner.exe to open it.
Under Main choose:
    choose: Select All
    Click the Empty Selected button.
if you use Firefox:
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
if you use Opera:
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program

Next,
Kaspersky Online AV Scan
Note: Internet Explorer should be used.
Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases
  • Click on My Computer under Scan and then put the kettle on!
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place like your Desktop. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Copy and paste the report into your next.

What you need to post
Checklist.
  • Content of Kaspersky scan log
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: antimalware doctor problem

Unread postby helomech » September 25th, 2010, 11:15 am

HiJack Check & Fix carried out
Delete file carried out, satisfactory
ATF clean carried out

Currently downloading Kaspersky, looks like it's going to be a while, please standby.....

Helomech
helomech
Active Member
 
Posts: 11
Joined: September 14th, 2010, 1:44 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 383 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware