0

Hello, and thank you for any help that you provide. I am not sure what the problem is, but I will post all the information that the introduction thread says to provide. I would say that there is a virus/spyware infecting my explorer.exe file. Whenever I go on msn, and go to websites, my computer jumps up to 100% usage, and I feel that the explorer.exe file is using way to much memory (currently using 17,332KB). Also, when I try to open a folder filled with photos that I took, the start menu disappears and the explorer.exe file disappears. Finally, my McAfee virus scan program is very spotty, first it doesn't work correctly, and needs to be manually turned on. When I turn it on, I automatically get popup virus windows as follows

McAfee has automatically blocked and removed a Trojan.

About this Trojan
Detected: Vundo.gen.h (Trojan), Vundo.gen.h (Trojan)
Location: C:\WINDOWS\system32\nnnnOhEW.dll

Trojans appear as legitimate programs but can damage valuable files, disrupt performance, and allow unauthorized access to your computer.


McAfee has automatically blocked and removed a Trojan.

About this Trojan
Detected: Boaxxe.dll (Trojan), Boaxxe.dll (Trojan), Boaxxe.dll (Trojan), Boaxxe.dll (Trojan), Boaxxe.dll (Trojan), Boaxxe.dll (Trojan), Boaxxe.dll (Trojan)
Location: C:\Documents and Settings\Thaddeus\Local Settings\Temporary Internet Files\Content.IE5\SEBLQ0JO\3077htsbdjyf[1].dll

Trojans appear as legitimate programs but can damage valuable files, disrupt performance, and allow unauthorized access to your computer.


But here is the information that is requested of every user. I will also attach the docs to this post. Thank you once again.

Deckard's System Scanner v20071014.68
Run by Thaddeus on 2008-08-16 17:24:15
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
38: 2008-08-16 21:24:34 UTC - RP1006 - Deckard's System Scanner Restore Point
37: 2008-08-16 18:48:32 UTC - RP1005 - Installed Ad-Aware
36: 2008-08-16 06:20:21 UTC - RP1004 - Removed Ad-Aware SE Personal
35: 2008-08-15 11:05:55 UTC - RP1003 - System Checkpoint
34: 2008-08-14 02:06:58 UTC - RP1002 - System Checkpoint


-- First Restore Point --
1: 2008-08-06 04:09:22 UTC - RP969 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 76% (more than 75%).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-08-16 17:28:03
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
C:\Program Files\Verizon Online\SupportCenter\SmartBridge\MotiveSB.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Verizon Online\VisualIPInsight\IPClient.exe
C:\Program Files\Verizon Online\VisualIPInsight\ipmon32.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\Program Files\Common Files\AOL\1103236765\EE\aolsoftware.exe
C:\WINDOWS\system32\msvcmm32.exe
C:\Program Files\McAfee\VirusScan\mcsysmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pure Networks\Port Magic\PortAOL.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee\VirusScan\Mcshield.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\MSN\MSNIA\CC\MSNCC\logonmgr.exe
C:\Program Files\MSN\MSNIA\CC\MSNCC\msncc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Thaddeus\Local Settings\Temporary Internet Files\Content.IE5\HNK9W8PM\dss[1].exe
C:\Program Files\McAfee\MPF\MC\MpfAlert.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\search.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = C:\WINDOWS\search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer customized for Verizon Online
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://images.only-virgins.com/secure.php[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/en-us/srchasst/srchasst.htm
O2 - BHO: (no name) - {24DAAFB8-B7F5-463F-88C1-D497611FC253} - C:\WINDOWS\system32\wvUlljji.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: {396827cd-64bb-3788-5c64-b6251d826c6c} - {c6c628d1-526b-46c5-8873-bb46dc728693} - C:\WINDOWS\system32\essqcl.dll
O2 - BHO: (no name) - {C909B7A3-614D-4A65-9417-62C94A0930D9} - C:\WINDOWS\system32\nnnnOhEW.dll
O2 - BHO: (no name) - {F99727B2-854D-45B9-B2EB-301E41C405D5} - C:\WINDOWS\system32\vdrrsdkk.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\Program Files\McAfee.com\VSO\mcvsshl.dll
O3 - Toolbar: (no name) - {11359F4A-B191-42D7-905A-594F8CF0387B} - (no file)
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon Online\VisualIPInsight\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\VisualIPInsight\IPMon32.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1103236765\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [LoadMSvcmm] C:\WINDOWS\System32\msvcmm32.exe
O4 - HKLM\..\Run: [winshost.exe]
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [VideoraiPodConverter] C:\Program Files\VideoraiPodConverter\VideoraConverter.exe -t
O4 - HKLM\..\Run: [winupdate] C:\Program Files\winupdate\winupdate.exe /auto
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [3ce917fb] rundll32.exe "C:\WINDOWS\system32\kegmmumq.dll",b
O4 - HKLM\..\Run: [BM3fda2467] Rundll32.exe "C:\WINDOWS\system32\pisuepxt.dll",s
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ESPN BottomLine] C:\Program Files\ESPN\BottomLine\bline.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [winshost.exe]
O4 - HKCU\..\Run: [freestyle] lockx.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Startup: SMPMEnvSetup.lnk = C:\Documents and Settings\Thaddeus\Local Settings\Temporary Internet Files\Content.IE5\5F3JTH0E\SMPMEnvSetup.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - CmdMapping - (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Control Pad - {28D44DAC-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\ControlPad\Misc\a_menu.exe
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.mste.uiuc.edu (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://bba.bloomberg.net/Citrix/ICAWEB/en/ica32/wficat.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb_us/html/activexplayer/SMALStreaming.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc2.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - https://objects.aol.com/mcafee/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/219b8664b2fc35e71f00/netzip/RdxIE601.cab
O16 - DPF: {596AF4AC-40A0-474A-9F86-33F0A90F0FD6} (PictureItLauncher Class) - http://photos.msn.com/resources/neutral/controls/DigWebX2.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094168243109
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129410370453
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresponse.one.microsoft.com/media/xp/TLIEFlash.CAB
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - https://objects.aol.com/mcafee/molbin/shared/mcgdmgr/en-us/1,0,0,20/McGDMgr.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab Class) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://livenj02.custhelp.com/7530-b327h/rnl/java/RntX.cab
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} () - http://dictionary.reference.com/tools/toolbar/lexico.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O20 - Winlogon Notify: wvUlljji - C:\WINDOWS\system32\wvUlljji.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\Mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - C:\Program Files\McAfee.com\VSO\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MpfSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SmartLinkService (SLService) - Unknown owner - C:\WINDOWS\system32\slserv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: - http://images.packers.com/images/wallpaper/dt040430_1_1024.jpg

--
End of file - 20259 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 SVKP - c:\windows\system32\svkp.sys <Not Verified; AntiCracking; SVKP driver for NT>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
R3 SaiMini - c:\windows\system32\drivers\saimini.sys <Not Verified; Saitek; Configuration Software>
R3 SaiNtBus - c:\windows\system32\drivers\saintbus.sys <Not Verified; Saitek; Configuration Software>

S3 ENTECH - c:\windows\system32\drivers\entech.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-08-16 16:21:34 370 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2008-08-15 03:07:00 346 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2008-05-01 01:00:40 338 --a------ C:\WINDOWS\Tasks\McQcTask.job
2007-12-16 06:35:54 420 --a------ C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (THADDEUSCOLLINS-Thaddeus).job


-- Files created between 2008-07-16 and 2008-08-16 -----------------------------

2008-08-16 14:48:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-16 13:31:36 85504 --a------ C:\WINDOWS\system32\kegmmumq.dll
2008-08-16 13:28:56 107008 --a------ C:\WINDOWS\system32\essqcl.dll
2008-08-16 13:28:51 107008 --a------ C:\WINDOWS\system32\pomgqrww.dll
2008-08-16 13:28:35 119808 --a------ C:\WINDOWS\system32\vdrrsdkk.dll
2008-08-16 13:25:50 93184 --a------ C:\WINDOWS\system32\pisuepxt.dll
2008-08-16 01:22:46 84480 -----n--- C:\WINDOWS\system32\kjuwdmpu.dll
2008-08-16 01:16:47 107008 --a------ C:\WINDOWS\system32\wajwgv.dll
2008-08-16 01:16:46 107008 --a------ C:\WINDOWS\system32\iymnkuqc.dll
2008-08-16 01:13:47 92672 --a------ C:\WINDOWS\system32\ilpsdnkx.dll
2008-08-15 01:13:18 98304 --a------ C:\WINDOWS\system32\wwnzyb.dll
2008-08-15 01:13:15 98304 --a------ C:\WINDOWS\system32\ycljmlcx.dll
2008-08-14 00:19:11 97792 --a------ C:\WINDOWS\system32\svtqmt.dll
2008-08-14 00:19:08 97792 --a------ C:\WINDOWS\system32\yhbpugsl.dll
2008-08-14 00:10:01 83968 -----n--- C:\WINDOWS\system32\bnkpuyto.dll
2008-08-14 00:07:02 94208 --a------ C:\WINDOWS\system32\uchyvpqy.dll
2008-08-13 23:04:47 0 d-------- C:\Documents and Settings\Thaddeus\Application Data\MSNInstaller
2008-08-13 20:42:19 83968 -----n--- C:\WINDOWS\system32\psvuscto.dll
2008-08-13 20:39:20 97792 --a------ C:\WINDOWS\system32\dopcmy.dll
2008-08-13 20:39:19 97792 --a------ C:\WINDOWS\system32\whavhlhr.dll
2008-08-13 20:36:19 94208 --a------ C:\WINDOWS\system32\iewxrbkf.dll
2008-08-07 01:23:56 0 d-------- C:\Documents and Settings\Thaddeus\Application Data\WinRAR
2008-08-06 00:09:10 817177 --ahs---- C:\WINDOWS\system32\WEhOnnnn.ini2
2008-08-06 00:09:01 246272 --a------ C:\WINDOWS\system32\nnnnOhEW.dll
2008-08-06 00:03:43 35840 --a------ C:\WINDOWS\system32\tuvSkhiH.dll
2008-08-06 00:03:37 35840 --a------ C:\WINDOWS\system32\wvUlljji.dll


-- Find3M Report ---------------------------------------------------------------

2008-08-16 16:46:24 0 d-------- C:\Documents and Settings\Thaddeus\Application Data\MSN6
2008-08-16 14:48:43 0 d-------- C:\Program Files\Lavasoft
2008-08-16 14:47:16 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-16 14:27:51 0 d-------- C:\Program Files\BitComet
2008-08-16 14:01:27 0 d-------- C:\Program Files\Azureus
2008-08-16 13:39:43 0 d-------- C:\Program Files\Common Files\AOL
2008-08-16 13:26:45 0 d-------- C:\Documents and Settings\Thaddeus\Application Data\WeatherBug
2008-08-16 02:24:17 0 d-------- C:\Program Files\Eidos Interactive
2008-08-16 02:23:21 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-08-16 02:22:02 0 d-------- C:\Program Files\aim
2008-08-16 02:21:40 0 d-------- C:\Documents and Settings\Thaddeus\Application Data\Aim
2008-08-16 02:21:03 0 d-------- C:\Program Files\AIM Toolbar
2008-08-06 00:04:32 0 d-------- C:\Program Files\LimeWire
2008-08-04 21:48:34 0 d-------- C:\Documents and Settings\Thaddeus\Application Data\AdobeAUM
2008-08-04 01:41:23 0 d-------- C:\Documents and Settings\Thaddeus\Application Data\Mozilla
2008-06-22 17:26:18 131162 --a------ C:\WINDOWS\hpiins06.dat
2008-06-22 17:17:26 0 d-------- C:\Program Files\Common Files\HP
2008-06-22 17:16:01 0 d-------- C:\Program Files\HP
2008-06-22 17:14:47 0 d-a------ C:\Program Files\Common Files


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{24DAAFB8-B7F5-463F-88C1-D497611FC253}]
08/06/2008 12:03 AM 35840 --a------ C:\WINDOWS\system32\wvUlljji.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c6c628d1-526b-46c5-8873-bb46dc728693}]
08/16/2008 01:28 PM 107008 --a------ C:\WINDOWS\system32\essqcl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C909B7A3-614D-4A65-9417-62C94A0930D9}]
08/06/2008 12:09 AM 246272 --a------ C:\WINDOWS\system32\nnnnOhEW.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F99727B2-854D-45B9-B2EB-301E41C405D5}]
08/16/2008 01:28 PM 119808 --a------ C:\WINDOWS\system32\vdrrsdkk.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CHotkey"="mHotkey.exe" [07/23/2002 02:09 PM C:\WINDOWS\mHotkey.exe]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [12/17/2002 03:28 PM]
"Motive SmartBridge"="C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe" [01/01/2002 12:04 AM]
"IPInSightLAN 01"="C:\Program Files\Verizon Online\VisualIPInsight\IPClient.exe" [03/18/2002 08:34 AM]
"IPInSightMonitor 01"="C:\Program Files\Verizon Online\VisualIPInsight\IPMon32.exe" [03/18/2002 08:34 AM]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [03/11/2007 09:34 PM]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe" [03/26/2003 06:34 AM]
"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [12/02/2002 08:56 PM]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [09/13/2003 10:36 PM]
"S3TRAY2"="S3tray2.exe" [02/25/2003 04:33 AM C:\WINDOWS\system32\S3tray2.exe]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [10/20/2004 10:40 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [11/10/2005 01:03 PM]
"Profiler"="C:\Program Files\Saitek\Software\Profiler.exe" [01/28/2004 09:19 AM]
"SaiSmart"="C:\Program Files\Saitek\Software\SaiSmart.exe" [01/28/2004 09:19 AM]
"VTPreset"="VTPreset.exe" [02/24/2004 08:17 PM C:\WINDOWS\system32\VTPreset.exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [10/03/2004 10:47 PM]
"HostManager"="C:\Program Files\Common Files\AOL\1103236765\ee\AOLSoftware.exe" [05/09/2006 08:24 PM]
"LoadMSvcmm"="C:\WINDOWS\System32\msvcmm32.exe" [01/13/2005 06:01 PM]
"winshost.exe"=" " []
"Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [04/05/2004 05:33 PM]
"VideoraiPodConverter"="C:\Program Files\VideoraiPodConverter\VideoraConverter.exe" []
"winupdate"="C:\Program Files\winupdate\winupdate.exe" []
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [08/08/2003 06:02 PM]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [08/17/2003 09:50 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [06/29/2007 12:43 AM]
"nwiz"="nwiz.exe" [01/30/2007 02:54 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [06/29/2007 12:43 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [11/15/2007 12:43 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/15/2007 02:11 PM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/07/2005 12:46 AM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [11/01/2007 07:12 PM]
"3ce917fb"="C:\WINDOWS\system32\kegmmumq.dll" [08/16/2008 01:31 PM]
"BM3fda2467"="C:\WINDOWS\system32\pisuepxt.dll" [08/16/2008 01:25 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/24/2006 12:37 PM]
"@"="" []
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" [09/30/2005 04:27 PM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" []
"ESPN BottomLine"="C:\Program Files\ESPN\BottomLine\bline.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"winshost.exe"=" " []
"freestyle"="lockx.exe" []
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{24DAAFB8-B7F5-463F-88C1-D497611FC253}"= C:\WINDOWS\system32\wvUlljji.dll [08/06/2008 12:03 AM 35840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvUlljji]
wvUlljji.dll 08/06/2008 12:03 AM 35840 C:\WINDOWS\system32\wvUlljji.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\nnnnOhEW

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt hpqcxs08 hpqddsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f36b1d1-fe74-11d5-a9d5-806d6172696f}]
AutoRun\command- E:\RunGame.exe


-- Hosts -----------------------------------------------------------------------

127.0.0.1 localhost


-- End of Deckard's System Scanner: finished at 2008-08-16 17:31:48 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) XP 2600+
Percentage of Memory in Use: 76%
Physical Memory (total/avail): 511.48 MiB / 120.82 MiB
Pagefile Memory (total/avail): 1201.96 MiB / 688.7 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1914.25 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 111.79 GiB total, 40.51 GiB free.
D: is CDROM (No Media)
E: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - WDC WD1200AB-00DBA0 - 111.79 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 111.79 GiB - C:

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: McAfee Personal Firewall v (McAfee)
AV: McAfee VirusScan v (McAfee)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire PRO 4.18.3"
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Thaddeus\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
COLLECTIONID=COL8143
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=THADDEUSCOLLINS
ComSpec=C:\WINDOWS\system32\cmd.exe
DXSDK_DIR=C:\Program Files\Microsoft DirectX 9.0 SDK (December 2004)\
FP_NO_HOST_CHECK=NO
HMSERVER=https://wwss1proa.cce.hp.com/wuss/servlet/WUSSServlet
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Thaddeus
ITEMID=dj-22741-15
LANG=1033
LOGONSERVER=\\THADDEUSCOLLINS
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
OSVER=winXPH
Path=C:\Program Files\MSN\MSNCoreFiles;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\AOL\System Information
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0801
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONID=1133028022401htx60561962ecd:107e2259d7d:-3a83
SESSIONNAME=Console
SWUTVER=1.0.1.1
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Thaddeus\LOCALS~1\Temp
TIMEOUT=0
TMP=C:\DOCUME~1\Thaddeus\LOCALS~1\Temp
TOOLPATH=/C:\Program%20Files\Hewlett-Packard\HP%20Software%20Update\install.htm
UPDATEDIR=C:\DOCUME~1\Thaddeus\LOCALS~1\Temp\rad06FDF.tmp
USERDOMAIN=THADDEUSCOLLINS
USERNAME=Thaddeus
USERPROFILE=C:\Documents and Settings\Thaddeus
VERSION=3.0.5.001
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Thaddeus (admin)
Aisha


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\mcafee.com\antivirus\uninst.exe" /PopUpMsgBox="N" /CheckMutx="N" /S
--> C:\PROGRA~1\VERIZO~1\SUPPOR~1\Uninstall.exe Verizon
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
56Kbps Internal Modem --> C:\WINDOWS\Modio\SLAMR2KV\Setup.exe /Remove
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Download Manager 2.0 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
AOL Coach Version 2.0(Build:20041026.5 en) --> C:\Program Files\Common Files\AolCoach\en_en\AolCInUn.exe -lang=en_en -ext=UDP
AOL Connectivity Services --> "C:\Program Files\Common Files\AOL\ACS\AcsUninstall.exe" /c
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Auto Care --> RunDll32 setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\Progra~1\MSN\Support\Setup.inf
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
BigFix --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll"
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Citrix ICA Web Client --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wficat.inf,DefaultUninstall
CompuServe --> C:\Program Files\Common Files\csshare\csunins_us.exe
Control Pad --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{86C3A7C1-454F-11D5-9BFF-080009B69BB3}\Setup.exe" -l0x9 UNINSTALL
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Easy CD Creator 5 Basic --> MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC --> MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS --> MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt --> MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
essvcpt --> MsiExec.exe /I{D1973749-F5E7-40EB-B528-F2B78685B9FF}
Free YouTube to iPod Converter version 2.8 --> "C:\Program Files\DVDVideoSoft\Free YouTube to iPod Converter\unins000.exe"
Grand Theft Auto Vice City --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}\Setup.exe" -l0x9
GTA San Andreas --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E0303B6A-C675-4102-95DA-C013625BFA99}\setup.exe" -l0x9 -removeonly
GTAIII --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{92B94569-6683-4617-8C54-EB27A1B51B30}\Setup.exe" -l0x9
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HLPPDOCK --> MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21}
hp deskjet 5100 --> msiexec /x{FEDA56C4-82F3-46DD-8B50-FC592BBE1C0D}
hp deskjet 5100 series --> rundll32 hpzcon08.dll,VendorJettison hp deskjet 5100 series
HP Imaging Device Functions 9.0 --> C:\Program Files\Hewlett-Packard\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Memories Disc --> MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
HP Photo and Imaging 2.0 - Deskjet Series --> MsiExec.exe /I{E0828692-FD9D-459F-9312-C645C3CA6650}
HP Photosmart Cameras 9.0 --> C:\Program Files\Hewlett-Packard\Digital Imaging\{3602F97F-5ECE-45b6-9AF8-4DC73961F27B}\setup\hpzscr01.exe -datfile hpiscr06.dat
HP Photosmart Essential 2.01 --> C:\Program Files\Hewlett-Packard\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
hp print screen utility --> C:\Program Files\Hewlett-Packard\hp print screen utility\UnInstall\prnunins.exe
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center 9.0 --> C:\Program Files\Hewlett-Packard\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
ICQ --> C:\PROGRA~1\ICQ\ICQUninstall.EXE
Internet Explorer Q903235 --> C:\WINDOWS\ieuninst.exe C:\WINDOWS\INF\Q903235.inf
iPod for Windows 2005-03-23 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{44A537A5-859C-43A6-8285-C0668142A090} /l1033
iPod for Windows 2006-01-10 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3D047C15-C859-45F7-81CE-F2681778069B} /l1033
iTunes --> MsiExec.exe /I{4F5CE18C-D97D-48FF-A510-A0D90C918294}
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java 2 Runtime Environment Standard Edition v1.3.1_02 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\JavaSoft\JRE\1.3.1_02\Uninst.isu"
Java 2 Runtime Environment, SE v1.4.2_04 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142040}
kgcbaby --> MsiExec.exe /I{E18B549C-5D15-45DA-8D8F-8FD2BD946344}
kgcbase --> MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
kgchday --> MsiExec.exe /I{11F3F858-4131-4FFA-A560-3FE282933B6E}
kgchlwn --> MsiExec.exe /I{03EDED24-8375-407D-A721-4643D9768BE1}
kgcinvt --> MsiExec.exe /I{9BD54685-1496-46A5-AB62-357CD140ED8B}
kgckids --> MsiExec.exe /I{693C08A7-9E76-43FF-B11E-9A58175474C4}
kgcmove --> MsiExec.exe /I{A1588373-1D86-4D44-86C9-78ABD190F9CC}
kgcvday --> MsiExec.exe /I{8A8664E1-84C8-4936-891C-BC1F07797549}
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140010_f1d3ebb\Setup.exe /APR-REMOVE
KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
LimeWire PRO 4.18.3 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 2.5 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft DirectX 9.0 SDK Update (December 2004) --> MsiExec.exe /I{BC4EF602-67C3-498A-94C7-3A9BE9116AC8}
Microsoft Money 2003 --> MsiExec.exe /I{01F9D88C-3C86-4E82-840A-101A3221F67A}
Microsoft Money 2003 System Pack --> MsiExec.exe /I{02B42D23-10F2-4862-ADA4-3DF1EA0021B2}
Microsoft Office XP Standard for Students and Teachers --> MsiExec.exe /I{913D0409-6000-11D3-8CFE-0050048383C9}
Microsoft Picture It! Express 9 --> C:\WINDOWS\System32\msiexec.exe /i {DBA8B9E1-C6FF-4624-9598-73D3B41A0900}
Microsoft Picture It! Library 9 --> C:\WINDOWS\System32\msiexec.exe /i {9F7FC79B-3059-4264-9450-39EB368E3220}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Thaddeus\Application Data\Move Networks\ie_bin\Uninst.exe
Movielink Manager --> C:\Program Files\Movielink\MovielinkManager\Movielink Manager.exe /uninstall
Mozilla Firefox (3.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msniadm.exe /Action:ARP
MSN Encarta Plus Support Files --> MsiExec.exe /I{00000000-785F-478A-BAA2-87F1A136068C}
MSN Messenger 7.5 --> MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSN Toolbar --> C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\mtbs.exe c
Multimedia Keyboard Driver Ver1.0 (KB-0108) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF262740-C85A-11D5-BBEC-00D0B740900A}\Setup.exe"
MVP Baseball 2004 --> C:\Program Files\EA SPORTS\MVP Baseball 2004\EAUninstall.exe
Netscape 6 (6.2.1) --> C:\WINDOWS\N6Uninst.exe /ua "6.2.1 (en)"
Norton WMI Update --> MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
NVIDIA DVD Decoder --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055FEF8E-4B86-400F-A5C6-8FAC0042DCD9}\setup.exe" -l0x9 -uninstall
NVIDIA WDM Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B023185F-F1EF-4F97-B0BD-AE6D802226D1}\Setup.exe"
OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OTtBP --> MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
OTtBPSDK --> MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
ProSavageDDR and Utilities --> C:\PROGRA~1\S3\P4M266\s3setvga.exe -s -fC:\PROGRA~1\S3\P4M266\P4M266.uns
Pure Networks Port Magic --> C:\Program Files\Pure Networks\Port Magic\PortAOL.exe -Uninstall -ShowUI
QuickTime --> MsiExec.exe /I{9763E36A-08E9-4228-BBCE-12989A4EB1A8}
Radio@Netscape --> C:\Program Files\Radio@Netscape\Uninstall Radio@Netscape.exe
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Realtek RTL8139/810x Fast Ethernet NIC Driver Setup --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}\setup.exe" -l0x9 REMOVE
S3Display --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Display'
S3Gamma2 --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Gamma2'
S3Info2 --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Info2'
S3Overlay --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Overlay'
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA --> MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
SKIN0001 --> MsiExec.exe /I{FDF9943A-3D5C-46B3-9679-586BD237DDEE}
SKINXSDK --> MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
SST Programming Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{03ADCA1C-BCF0-4B12-AFCF-8EBF2CB3AB07}\setup.exe" AddRem
staticcr --> MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
System Requirements Lab --> C:\Program Files\Common Files\SystemRequirementsLab\Uninstall.exe
TI Connect 1.6 --> MsiExec.exe /I{A8B94669-8654-4126-BD28-D0D2412CDED6}
Tom Clancy's Rainbow Six 3: Raven Shield 1.60.412 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AF131494-F5D8-45C5-938C-D5F020CF1B0D}\setup.exe" -l0x9
Uninstall 1.0.0.0 --> "C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Verizon Online DSL --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9806BFBB-F566-4654-94DE-CB1F85B5CDDD}\Setup.exe" -l0x9
Verizon Online Support Center --> C:\WINDOWS\Motive\Verizon\MCCUninst.exe
Video4iPod Converter --> C:\WINDOWS\system32\javaws.exe -uninstall "http://www.video4ipod.org/veni/VeniVideoConverter.jar"
Videora 1.0 --> C:\Program Files\Videora\uninst.exe
Videora iPod Converter 3.07 --> C:\Program Files\Red Kawa\Video Converter 3\uninstaller.exe
Videora Trial Version 2.13 --> C:\Program Files\Videora\uninst.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Visual IP InSight(Verizon Online) --> C:\Program Files\InstallShield Installation Information\{097346E0-6A51-11D1-AD16-00A0C95E0503}Verizon Online\setup.exe Verizon Online
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
WeatherBug --> C:\PROGRA~1\AWS\WEATHE~1\REMOVE.EXE C:\PROGRA~1\AWS\WEATHE~1\INSTALL.LOG
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Backup Utility --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
WIRELESS --> MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}


-- Application Event Log -------------------------------------------------------

Event Record #/Type1836 / Error
Event Submitted/Written: 08/15/2008 01:38:09 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application msn.exe, version 9.60.53.2200, faulting module seal.dll, version 9.60.53.2200, fault address 0x00034682.
Processing media-specific event for [msn.exe!ws!]

Event Record #/Type1834 / Error
Event Submitted/Written: 08/15/2008 01:20:14 AM
Event ID/Source: 5051 / McLogEvent
Event Description:
A thread in process C:\Program Files\McAfee\VirusScan\McShield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 2908 (0xb5c)

Thread address : 0x7C90EB94

Thread message :

Build VSCORE.14.0.0.349 / 5200.2160
Object being scanned = \Device\HarddiskVolume1\Documents and Settings\Thaddeus\Local Settings\Temporary Internet Files\Content.IE5\54BE7FL0\3077htsbdjyf[1].dll
by C:\WINDOWS\Explorer.EXE
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)

Event Record #/Type1832 / Error
Event Submitted/Written: 08/15/2008 01:13:02 AM
Event ID/Source: 5051 / McLogEvent
Event Description:
A thread in process C:\Program Files\McAfee\VirusScan\McShield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 1112 (0x458)

Thread address : 0x12020BC9

Thread message :

Build VSCORE.14.0.0.349 / 5200.2160
Object being scanned = \Device\HarddiskVolume1\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
by C:\WINDOWS\Explorer.EXE
4(16)(0)
4(16)(0)
7200(16)(0)
7595(16)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)

Event Record #/Type1780 / Error
Event Submitted/Written: 08/01/2008 04:43:40 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.40413, faulting module quicktime.qts, version 7.3.0.80, fault address 0x0006f0c3.
Processing media-specific event for [firefox.exe!ws!]

Event Record #/Type1778 / Error
Event Submitted/Written: 08/01/2008 02:01:28 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.40413, faulting module quicktime.qts, version 7.3.0.80, fault address 0x0006f0c3.
Processing media-specific event for [firefox.exe!ws!]

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type70294 / Error
Event Submitted/Written: 08/16/2008 05:29:00 PM
Event ID/Source: 7016 / Service Control Manager
Event Description:
The SmartLinkService service has reported an invalid current state 0.

Event Record #/Type70293 / Error
Event Submitted/Written: 08/16/2008 05:12:27 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type70292 / Warning
Event Submitted/Written: 08/16/2008 05:05:35 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type70238 / Error
Event Submitted/Written: 08/16/2008 02:08:45 PM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.1.100 for the Network Card with network address 0040CA5BD278 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Event Record #/Type70235 / Error
Event Submitted/Written: 08/16/2008 02:05:45 PM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.1.147 for the Network Card with network address 0040CA5BD278 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

-- End of Deckard's System Scanner: finished at 2008-08-16 17:31:48 ------------

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3361 (20080816)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=823d14ad1c6c6d4b94da5266cd0f8f89
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2008-08-17 08:25:01
# local_time=2008-08-17 04:25:01 (-0500, Eastern Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=410164
# found=1
# scan_time=10137
C:\WINDOWS\system32\nnnnOhEW.dll Win32/Adware.Virtumonde.FP application AFA8DD0C5D5AF83918F29F9670E77C4C

Malwarebytes' Anti-Malware 1.24
Database version: 1059
Windows 5.1.2600 Service Pack 2

12:05:25 AM 8/17/2008
mbam-log-8-17-2008 (00-05-25).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|)
Objects scanned: 126031
Time elapsed: 1 hour(s), 29 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 5
Registry Keys Infected: 23
Registry Values Infected: 7
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 41

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\kegmmumq.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\nnnnOhEW.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\wvUlljji.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\essqcl.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\vdrrsdkk.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c6c628d1-526b-46c5-8873-bb46dc728693} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c6c628d1-526b-46c5-8873-bb46dc728693} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c909b7a3-614d-4a65-9417-62c94a0930d9} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{c909b7a3-614d-4a65-9417-62c94a0930d9} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{24daafb8-b7f5-463f-88c1-d497611fc253} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{24daafb8-b7f5-463f-88c1-d497611fc253} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvulljji (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{f99727b2-854d-45b9-b2eb-301e41c405d5} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f99727b2-854d-45b9-b2eb-301e41c405d5} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\b8gxe.ishehf (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\b8gxe.ishehf.151 (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\videora ipod converter (BHO.Baidu) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3ce917fb (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{24daafb8-b7f5-463f-88c1-d497611fc253} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm3fda2467 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\nnnnohew -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\nnnnohew

I have the Hijack This installed, and I ran the uninstall thing, but whenever I click "save this" it must save somewhere, but the program closes. Where can I find the file?

Please contact me if you need more information! Thank you!

2
Contributors
19
Replies
20
Views
9 Years
Discussion Span
Last Post by tcollins17
0

Hi, can you please post a new DSS log?
Also, please use the Search for Files and Folders to search for the file named uninstall_list in the C:\ drive.

0

Hi, can you please post a new DSS log?
Also, please use the Search for Files and Folders to search for the file named uninstall_list in the C:\ drive.

Is there anything that I am missing from the old DSS log? I will run it again and repost it. I will also check my files and folders and repost. Thanks for all your help!

0

Hi, can you please post a new DSS log?
Also, please use the Search for Files and Folders to search for the file named uninstall_list in the C:\ drive.

I don't know what is going on. I have no trace of the DSS program on my computer. And when I try to reinstall it, the program will not install. Finally, I cannot find the uninstall log in my search no matter what permutations I use. Please help!

Would you be able to help me with the information that you have?

0

Hi, that's ok. So you cannot install Deckard's System Scanner?

We'll look at how much more malware is left in your computer.

Please do an online scan with Kaspersky WebScanner

Click Scan Now and Accept the agreement. You will be promted to install an ActiveX component from Kaspersky, click Yes

The program will launch and then begin downloading the latest definition files:

  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    • Extended (if available otherwise Standard)
    • Scan Options:
    • Scan Archives
    • Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
    • Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.

Please post the contents of the log here.

0

I get this message when I try to run Kaspersky.

You need to install Java version 1.5 or later to run Kaspersky Online Scanner 7.0.

You need to install Java version 1.5 or later to run Kaspersky Online Scanner 7.0.

I've reinstalled Java but I keep getting this message. I am so sorry that there are all these complications that prevent you from helping me. Your patience is greatly appreciated!

0

Hi, that's ok. So you cannot install Deckard's System Scanner?

We'll look at how much more malware is left in your computer.

Please do an online scan with Kaspersky WebScanner

Click Scan Now and Accept the agreement. You will be promted to install an ActiveX component from Kaspersky, click Yes

The program will launch and then begin downloading the latest definition files:

  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    • Extended (if available otherwise Standard)
    • Scan Options:
    • Scan Archives
    • Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
    • Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.

Please post the contents of the log here.

I did run the ESET scan though, and I put it in my first post. Would you like me to repost it?

0

Please repost a fresh scan.

I'm glad to help you out.

I re-ran the ESET online scanner. This is the log. Thank you very much!

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3372 (20080820)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=823d14ad1c6c6d4b94da5266cd0f8f89
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2008-08-21 07:37:36
# local_time=2008-08-21 03:37:36 (-0500, Eastern Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=383651
# found=1
# scan_time=9784
C:\WINDOWS\system32\nnnnOhEW.dll Win32/Adware.Virtumonde.FP application AFA8DD0C5D5AF83918F29F9670E77C4C

0

Hi, please download F-Secure Blacklight to your system and save it in your C:\ drive.

  • Click Start and then Run.
  • Type the following :
    C:\fsbl.exe /expert

    and press enter

  • Select I accept the agreement
  • Click Next then Scan & wait for the scan to finish
  • Click on Next> then Exit
  • A log will be produced in the C:\ drive
    It will be named fsbl-xxxxxxxxxxxxxx.log where xxxxxxxxxxxxxx is the date and time of the scan
  • Use Notepad to open that log and
    Post the contents of that log as a reply to this topic.

Please download VundoFix.exe by Atribune from Atribune and save it to your desktop.

  • Double click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Fix Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt
0

Hi, please download F-Secure Blacklight to your system and save it in your C:\ drive.

  • Click Start and then Run.
  • Type the following :
    C:\fsbl.exe /expert

    and press enter

  • Select I accept the agreement
  • Click Next then Scan & wait for the scan to finish
  • Click on Next> then Exit
  • A log will be produced in the C:\ drive
    It will be named fsbl-xxxxxxxxxxxxxx.log where xxxxxxxxxxxxxx is the date and time of the scan
  • Use Notepad to open that log and
    Post the contents of that log as a reply to this topic.

Please download VundoFix.exe by Atribune from Atribune and save it to your desktop.

  • Double click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Fix Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt

Vundofix.txt

VundoFix V7.0.6

Scan started at 3:11:44 PM 8/23/2008

Listing files found while scanning....

C:\Windows\system32\aozttl.dll
C:\Windows\system32\bmyvfc.dll
C:\Windows\system32\botqxnyk.dll
C:\Windows\system32\cieaxvwh.dll
C:\Windows\system32\conxjbuv.dll
C:\Windows\system32\fhhrxdsk.dll
C:\Windows\system32\gicnct.dll
C:\Windows\system32\godidfin.dll
C:\Windows\system32\hldtuvlk.dll
C:\Windows\system32\ksdxrhhf.ini
C:\Windows\system32\nnnnOhEW.dll
C:\Windows\system32\rofgfo.dll
C:\Windows\system32\thdihsqy.dll
C:\Windows\system32\ubjkimbd.dll
C:\Windows\system32\vubjxnoc.ini
C:\Windows\system32\WEhOnnnn.ini
C:\Windows\system32\WEhOnnnn.ini2
C:\Windows\system32\wultplkk.dll
C:\Windows\system32\wvUlljji.dll
C:\Windows\system32\xrjhtwsq.dll

Beginning removal...

Attempting to delete C:\Windows\system32\aozttl.dll
C:\Windows\system32\aozttl.dll Could not be deleted.

Attempting to delete C:\Windows\system32\bmyvfc.dll
C:\Windows\system32\bmyvfc.dll Could not be deleted.

Attempting to delete C:\Windows\system32\botqxnyk.dll
C:\Windows\system32\botqxnyk.dll Has been deleted!

Attempting to delete C:\Windows\system32\cieaxvwh.dll
C:\Windows\system32\cieaxvwh.dll Has been deleted!

Attempting to delete C:\Windows\system32\conxjbuv.dll
C:\Windows\system32\conxjbuv.dll Could not be deleted.

Attempting to delete C:\Windows\system32\fhhrxdsk.dll
C:\Windows\system32\fhhrxdsk.dll Has been deleted!

Attempting to delete C:\Windows\system32\gicnct.dll
C:\Windows\system32\gicnct.dll Could not be deleted.

Attempting to delete C:\Windows\system32\godidfin.dll
C:\Windows\system32\godidfin.dll Has been deleted!

Attempting to delete C:\Windows\system32\hldtuvlk.dll
C:\Windows\system32\hldtuvlk.dll Has been deleted!

Attempting to delete C:\Windows\system32\ksdxrhhf.ini
C:\Windows\system32\ksdxrhhf.ini Has been deleted!

Attempting to delete C:\Windows\system32\nnnnOhEW.dll
C:\Windows\system32\nnnnOhEW.dll Has been deleted!

Attempting to delete C:\Windows\system32\rofgfo.dll
C:\Windows\system32\rofgfo.dll Could not be deleted.

Attempting to delete C:\Windows\system32\thdihsqy.dll
C:\Windows\system32\thdihsqy.dll Has been deleted!

Attempting to delete C:\Windows\system32\ubjkimbd.dll
C:\Windows\system32\ubjkimbd.dll Has been deleted!

Attempting to delete C:\Windows\system32\vubjxnoc.ini
C:\Windows\system32\vubjxnoc.ini Has been deleted!

Attempting to delete C:\Windows\system32\WEhOnnnn.ini
C:\Windows\system32\WEhOnnnn.ini Has been deleted!

Attempting to delete C:\Windows\system32\WEhOnnnn.ini2
C:\Windows\system32\WEhOnnnn.ini2 Has been deleted!

Attempting to delete C:\Windows\system32\wultplkk.dll
C:\Windows\system32\wultplkk.dll Has been deleted!

Attempting to delete C:\Windows\system32\wvUlljji.dll
C:\Windows\system32\wvUlljji.dll Could not be deleted.

Attempting to delete C:\Windows\system32\xrjhtwsq.dll
C:\Windows\system32\xrjhtwsq.dll Has been deleted!

Performing Repairs to the registry.
Done!

FSBL 08/23/08 16:22:53 [Info]: BlackLight Engine 1.0.70 initialized
08/23/08 16:22:53 [Info]: OS: 5.1 build 2600 (Service Pack 2)
08/23/08 16:22:54 [Note]: 7019 4
08/23/08 16:22:54 [Note]: 7005 0
08/23/08 16:22:56 [Note]: 7006 0
08/23/08 16:22:56 [Note]: 7022 0
08/23/08 16:22:56 [Note]: 7011 768
08/23/08 16:22:56 [Note]: 7035 0
08/23/08 16:22:57 [Note]: 7026 0
08/23/08 16:22:57 [Note]: 7026 0
08/23/08 16:23:35 [Note]: FSRAW library version 1.7.1024
08/23/08 16:57:00 [Error]: 6023 3
08/23/08 17:01:15 [Note]: 7007 0

0

Now download The Avenger by Swandog46, and save it to your Desktop.

  • Extract avenger.exe from the Zip file and save it to your desktop
  • Run avenger.exe by double-clicking on it.
  • Check the 'Input script manually' box.
  • Click on the magnifying glass icon.
  • Copy everything in the Quote box below, and paste it in the box that opens:
    Files to delete:
    
    C:\Windows\system32\aozttl.dll
    C:\Windows\system32\bmyvfc.dll
    C:\Windows\system32\conxjbuv.dll
    C:\Windows\system32\gicnct.dll
    C:\Windows\system32\rofgfo.dll
    C:\Windows\system32\wvUlljji.dll
  • Now click the 'Done' button.
  • Click on the traffic light icon and OK the prompt.
  • You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
  • A log file from Avenger will be produced at C:\avenger.txt, please copy and paste the contents of the log here.

Please include a new VundoFix scan result.

0

VundoFix V7.0.6

Scan started at 3:11:44 PM 8/23/2008

Listing files found while scanning....

C:\Windows\system32\aozttl.dll
C:\Windows\system32\bmyvfc.dll
C:\Windows\system32\botqxnyk.dll
C:\Windows\system32\cieaxvwh.dll
C:\Windows\system32\conxjbuv.dll
C:\Windows\system32\fhhrxdsk.dll
C:\Windows\system32\gicnct.dll
C:\Windows\system32\godidfin.dll
C:\Windows\system32\hldtuvlk.dll
C:\Windows\system32\ksdxrhhf.ini
C:\Windows\system32\nnnnOhEW.dll
C:\Windows\system32\rofgfo.dll
C:\Windows\system32\thdihsqy.dll
C:\Windows\system32\ubjkimbd.dll
C:\Windows\system32\vubjxnoc.ini
C:\Windows\system32\WEhOnnnn.ini
C:\Windows\system32\WEhOnnnn.ini2
C:\Windows\system32\wultplkk.dll
C:\Windows\system32\wvUlljji.dll
C:\Windows\system32\xrjhtwsq.dll

Beginning removal...

Attempting to delete C:\Windows\system32\aozttl.dll
C:\Windows\system32\aozttl.dll Could not be deleted.

Attempting to delete C:\Windows\system32\bmyvfc.dll
C:\Windows\system32\bmyvfc.dll Could not be deleted.

Attempting to delete C:\Windows\system32\botqxnyk.dll
C:\Windows\system32\botqxnyk.dll Has been deleted!

Attempting to delete C:\Windows\system32\cieaxvwh.dll
C:\Windows\system32\cieaxvwh.dll Has been deleted!

Attempting to delete C:\Windows\system32\conxjbuv.dll
C:\Windows\system32\conxjbuv.dll Could not be deleted.

Attempting to delete C:\Windows\system32\fhhrxdsk.dll
C:\Windows\system32\fhhrxdsk.dll Has been deleted!

Attempting to delete C:\Windows\system32\gicnct.dll
C:\Windows\system32\gicnct.dll Could not be deleted.

Attempting to delete C:\Windows\system32\godidfin.dll
C:\Windows\system32\godidfin.dll Has been deleted!

Attempting to delete C:\Windows\system32\hldtuvlk.dll
C:\Windows\system32\hldtuvlk.dll Has been deleted!

Attempting to delete C:\Windows\system32\ksdxrhhf.ini
C:\Windows\system32\ksdxrhhf.ini Has been deleted!

Attempting to delete C:\Windows\system32\nnnnOhEW.dll
C:\Windows\system32\nnnnOhEW.dll Has been deleted!

Attempting to delete C:\Windows\system32\rofgfo.dll
C:\Windows\system32\rofgfo.dll Could not be deleted.

Attempting to delete C:\Windows\system32\thdihsqy.dll
C:\Windows\system32\thdihsqy.dll Has been deleted!

Attempting to delete C:\Windows\system32\ubjkimbd.dll
C:\Windows\system32\ubjkimbd.dll Has been deleted!

Attempting to delete C:\Windows\system32\vubjxnoc.ini
C:\Windows\system32\vubjxnoc.ini Has been deleted!

Attempting to delete C:\Windows\system32\WEhOnnnn.ini
C:\Windows\system32\WEhOnnnn.ini Has been deleted!

Attempting to delete C:\Windows\system32\WEhOnnnn.ini2
C:\Windows\system32\WEhOnnnn.ini2 Has been deleted!

Attempting to delete C:\Windows\system32\wultplkk.dll
C:\Windows\system32\wultplkk.dll Has been deleted!

Attempting to delete C:\Windows\system32\wvUlljji.dll
C:\Windows\system32\wvUlljji.dll Could not be deleted.

Attempting to delete C:\Windows\system32\xrjhtwsq.dll
C:\Windows\system32\xrjhtwsq.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V7.0.6

Scan started at 3:44:52 AM 8/24/2008

Listing files found while scanning....

C:\Windows\system32\atpjmvsb.dll
C:\Windows\system32\bfjmct.dll
C:\Windows\system32\cbrjyfnp.ini
C:\Windows\system32\chsysgwq.dll
C:\Windows\system32\cvceeslm.dll
C:\Windows\system32\hglgoseu.dll
C:\Windows\system32\obdqfqck.dll
C:\Windows\system32\pnfyjrbc.dll
C:\Windows\system32\vtULFYqQ.dll
C:\Windows\system32\xttbiocd.dll
C:\Windows\system32\yrypxlec.dll
C:\Windows\system32\yydqdvwa.dll

Beginning removal...

Attempting to delete C:\Windows\system32\atpjmvsb.dll
C:\Windows\system32\atpjmvsb.dll Has been deleted!

Attempting to delete C:\Windows\system32\bfjmct.dll
C:\Windows\system32\bfjmct.dll Could not be deleted.

Attempting to delete C:\Windows\system32\cbrjyfnp.ini
C:\Windows\system32\cbrjyfnp.ini Has been deleted!

Attempting to delete C:\Windows\system32\chsysgwq.dll
C:\Windows\system32\chsysgwq.dll Has been deleted!

Attempting to delete C:\Windows\system32\cvceeslm.dll
C:\Windows\system32\cvceeslm.dll Has been deleted!

Attempting to delete C:\Windows\system32\hglgoseu.dll
C:\Windows\system32\hglgoseu.dll Has been deleted!

Attempting to delete C:\Windows\system32\obdqfqck.dll
C:\Windows\system32\obdqfqck.dll Has been deleted!

Attempting to delete C:\Windows\system32\pnfyjrbc.dll
C:\Windows\system32\pnfyjrbc.dll Could not be deleted.

Attempting to delete C:\Windows\system32\vtULFYqQ.dll
C:\Windows\system32\vtULFYqQ.dll Has been deleted!

Attempting to delete C:\Windows\system32\xttbiocd.dll
C:\Windows\system32\xttbiocd.dll Has been deleted!

Attempting to delete C:\Windows\system32\yrypxlec.dll
C:\Windows\system32\yrypxlec.dll Has been deleted!

Attempting to delete C:\Windows\system32\yydqdvwa.dll
C:\Windows\system32\yydqdvwa.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\Windows\system32\bfjmct.dll
C:\Windows\system32\bfjmct.dll Could not be deleted.

Attempting to delete C:\Windows\system32\cbrjyfnp.ini
C:\Windows\system32\cbrjyfnp.ini Has been deleted!

Attempting to delete C:\Windows\system32\pnfyjrbc.dll
C:\Windows\system32\pnfyjrbc.dll Could not be deleted.

Attempting to delete C:\Windows\system32\yydqdvwa.dll
C:\Windows\system32\yydqdvwa.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Does the vundo log file grow everytime you run it? It looks like it just added the results to the same file.

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "C:\Windows\system32\aozttl.dll" not found!
Deletion of file "C:\Windows\system32\aozttl.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\Windows\system32\bmyvfc.dll" deleted successfully.
File "C:\Windows\system32\conxjbuv.dll" deleted successfully.

Error: file "C:\Windows\system32\gicnct.dll" not found!
Deletion of file "C:\Windows\system32\gicnct.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\Windows\system32\rofgfo.dll" deleted successfully.
File "C:\Windows\system32\wvUlljji.dll" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


I don't think my computer is clean yet. I still get all the virus screen popups telling me that my computer is infected with at myriad of viruses. Also, explorer.exe is still chugging memory.

0

The Vundo files are regenerating, and yet there appears to be no rootkit.

Please download Combofix by sUbs and save it to your Desktop.

  • Now physically disconnect from the internet and STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields)
  • Click Start and choose Run. Then copy the entire content of the following quotebox and paste it into the run box.
    "%userprofile%\desktop\ComboFix.exe" /KillAll
  • Click OK and this will start ComboFix.
  • When finished, it will produce a log. Please save that log to a Notepad File to post in your next reply along with a fresh HJT log.

    Note:
    Do not mouse-click combofix's window while it is running. That may cause it to stall.

  • After you have saved the logs, restart your system to re-enable all the programs that were disabled during the running of ComboFix.
  • Reconnect to the internet
  • Post the following logs/Reports:

  • ComboFix.txt
  • Fresh HijackThis log run after all the other tools have performed their cleanup.

Also include a new Vundofix scan result. If it's still there, then I might need to consult somebody before I post another fix.

0

ComboFix 08-08-23.03 - Thaddeus 2008-08-24 23:29:23.1 - NTFSx86
Running from: C:\Documents and Settings\Thaddeus\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Thaddeus\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Thaddeus\Application Data\macromedia\Flash Player\#SharedObjects\SMMKF2XZ\interclick.com
C:\Documents and Settings\Thaddeus\Application Data\macromedia\Flash Player\#SharedObjects\SMMKF2XZ\interclick.com\ud.sol
C:\Documents and Settings\Thaddeus\Application Data\macromedia\Flash Player\#SharedObjects\SMMKF2XZ\static.youku.com
C:\Documents and Settings\Thaddeus\Application Data\macromedia\Flash Player\#SharedObjects\SMMKF2XZ\static.youku.com\v1.0.0242\v\swf\qplayer.swf\qplayer.sol
C:\Documents and Settings\Thaddeus\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Thaddeus\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Thaddeus\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com
C:\Documents and Settings\Thaddeus\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com\settings.sol
C:\Documents and Settings\Thaddeus\Cookies\thaddeus@ad.yieldmanager[2].txt
C:\Documents and Settings\Thaddeus\Cookies\thaddeus@insightexpressai[1].txt
C:\Documents and Settings\Thaddeus\Cookies\thaddeus@nytimes[1].txt
C:\Documents and Settings\Thaddeus\Cookies\thaddeus@revsci[2].txt
C:\Program Files\winupdate
C:\WINDOWS\BM3fda2467.txt
C:\WINDOWS\BM3fda2467.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\adljgoxa.dll
C:\WINDOWS\system32\bfjmct.dll
C:\WINDOWS\system32\cbrjyfnp.ini
C:\WINDOWS\system32\drivers\abdgqymy.dat
C:\WINDOWS\system32\drivers\mpbftmmn.dat
C:\WINDOWS\system32\fgjdrmpo.ini
C:\WINDOWS\system32\foscisuy.ini
C:\WINDOWS\system32\hcwglkac.ini
C:\WINDOWS\system32\lobwsvon.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nclaiq.dll
C:\WINDOWS\system32\pnfyjrbc.dll
C:\WINDOWS\system32\QqYFLUtv.ini
C:\WINDOWS\system32\QqYFLUtv.ini2
C:\WINDOWS\system32\qswthjrx.ini
C:\WINDOWS\system32\REGOBJ.DLL
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tinlrgvb.ini
C:\WINDOWS\system32\yydqdvwa.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_HGDPLLZF
-------\Service_hgdpllzf


((((((((((((((((((((((((( Files Created from 2008-07-25 to 2008-08-25 )))))))))))))))))))))))))))))))
.

2008-08-23 15:57 . 2008-08-23 15:57 294 --ahs---- C:\WINDOWS\system32\vubjxnoc.ini
2008-08-23 15:11 . 2008-08-24 07:50 <DIR> d-------- C:\VundoFix Backups
2008-08-23 14:59 . 2008-08-23 14:59 1,018,520 --a------ C:\fsbl.exe
2008-08-19 13:49 . 2008-08-19 13:49 <DIR> d-------- C:\Program Files\Common Files\Java
2008-08-19 13:21 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-17 14:26 . 2008-08-17 14:26 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-17 01:19 . 2008-08-21 03:37 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-08-16 17:39 . 2008-08-16 17:39 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-16 17:39 . 2008-08-16 17:39 <DIR> d-------- C:\Documents and Settings\Thaddeus\Application Data\Malwarebytes
2008-08-16 17:39 . 2008-08-16 17:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-16 17:39 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-16 17:39 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-16 17:23 . 2008-08-16 17:23 <DIR> d-------- C:\Deckard
2008-08-16 14:48 . 2008-08-16 15:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-13 23:04 . 2008-08-13 23:04 <DIR> d-------- C:\Documents and Settings\Thaddeus\Application Data\MSNInstaller

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-25 03:26 --------- d-----w C:\Documents and Settings\Thaddeus\Application Data\MSN6
2008-08-19 17:51 --------- d-----w C:\Program Files\Java
2008-08-16 18:48 --------- d-----w C:\Program Files\Lavasoft
2008-08-16 18:47 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-16 18:27 --------- d-----w C:\Program Files\BitComet
2008-08-16 18:01 --------- d-----w C:\Program Files\Azureus
2008-08-16 17:39 --------- d-----w C:\Program Files\Common Files\AOL
2008-08-16 17:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-08-16 17:26 --------- d-----w C:\Documents and Settings\Thaddeus\Application Data\WeatherBug
2008-08-16 06:24 --------- d-----w C:\Program Files\Eidos Interactive
2008-08-16 06:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-16 06:22 --------- d-----w C:\Program Files\aim
2008-08-16 06:21 --------- d-----w C:\Program Files\AIM Toolbar
2008-08-16 06:21 --------- d-----w C:\Documents and Settings\Thaddeus\Application Data\Aim
2008-08-06 04:04 --------- d-----w C:\Program Files\LimeWire
2008-08-05 01:48 --------- d-----w C:\Documents and Settings\Thaddeus\Application Data\AdobeAUM
2008-04-25 01:29 41,048 ----a-w C:\Documents and Settings\Thaddeus\Application Data\GDIPFONTCACHEV1.DAT
2005-11-28 21:13 10,395,991 ----a-w C:\Program Files\NVIDIA DVD Decoder 1.00.58 + serial.zip
2004-10-18 01:17 56 --sh--r C:\WINDOWS\system32\B88B75BE6E.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2006-01-24 12:37 7094272]
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" [2005-09-30 16:27 1343488]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 15:28 684032]
"Motive SmartBridge"="C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe" [2002-01-01 00:04 385024]
"IPInSightLAN 01"="C:\Program Files\Verizon Online\VisualIPInsight\IPClient.exe" [2002-03-18 08:34 364544]
"IPInSightMonitor 01"="C:\Program Files\Verizon Online\VisualIPInsight\IPMon32.exe" [2002-03-18 08:34 102400]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-26 06:34 172032]
"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 20:56 40960]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-09-13 22:36 50688]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2004-10-20 10:40 34904]
"Profiler"="C:\Program Files\Saitek\Software\Profiler.exe" [2004-01-28 09:19 159744]
"SaiSmart"="C:\Program Files\Saitek\Software\SaiSmart.exe" [2004-01-28 09:19 98304]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-10-03 22:47 180269]
"HostManager"="C:\Program Files\Common Files\AOL\1103236765\ee\AOLSoftware.exe" [2006-05-09 20:24 50760]
"LoadMSvcmm"="C:\WINDOWS\System32\msvcmm32.exe" [2005-01-13 18:01 50272]
"Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-04-05 17:33 99480]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2003-08-08 18:02 122880]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2003-08-17 21:50 163840]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43 8466432]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43 81920]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-15 00:43 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 14:11 267048]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46 57344]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"CHotkey"="mHotkey.exe" [2002-07-23 14:09 477184 C:\WINDOWS\mHotkey.exe]
"S3TRAY2"="S3tray2.exe" [2003-02-25 04:33 69632 C:\WINDOWS\system32\S3tray2.exe]
"VTPreset"="VTPreset.exe" [2004-02-24 20:17 45056 C:\WINDOWS\system32\VTPreset.exe]
"nwiz"="nwiz.exe" [2007-01-30 14:54 1622016 C:\WINDOWS\system32\nwiz.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 02:05:26 29696]
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2006-06-14 23:11:40 180224]
KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 14:12:08 16423]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
Verizon Online Support Center.lnk - C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe [2003-09-25 01:18:38 204800]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=bfjmct.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\EA SPORTS\\MVP Baseball 2004\\mvp2004.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19973:TCP"= 19973:TCP:BitComet 19973 TCP
"19973:UDP"= 19973:UDP:BitComet 19973 UDP
"31624:TCP"= 31624:TCP:Limewire Pro

R2 SVKP;SVKP;C:\WINDOWS\System32\SVKP.sys [2005-10-16 20:10]
R3 SaiH0109;SaiH0109;C:\WINDOWS\system32\DRIVERS\SaiH0109.sys [2004-01-30 09:19]
R3 SaiU0109;SaiU0109;C:\WINDOWS\system32\DRIVERS\SaiU0109.sys [2004-01-30 09:19]
S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-04 02:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2007-12-16 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (THADDEUSCOLLINS-Thaddeus).job
- c:\program files\mcafee.com\vso\mcmnhdlr.exe [2003-08-08 18:02]

2008-08-15 C:\WINDOWS\Tasks\McDefragTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2008-05-01 C:\WINDOWS\Tasks\McQcTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2008-08-25 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2004-07-19 18:26]
.
- - - - ORPHANS REMOVED - - - -

BHO-{24DAAFB8-B7F5-463F-88C1-D497611FC253} - C:\WINDOWS\system32\wvUlljji.dll
BHO-{C481CD6B-5DA5-41B6-B156-733B318E1530} - C:\WINDOWS\system32\vtULFYqQ.dll
BHO-{F6988681-1291-41D9-93B3-D3AB4343A75A} - C:\WINDOWS\system32\nnnnOhEW.dll
BHO-{F99727B2-854D-45B9-B2EB-301E41C405D5} - C:\WINDOWS\system32\chsysgwq.dll
HKCU-Run-Yahoo! Pager - C:\Program Files\Yahoo!\Messenger\ypager.exe
HKCU-Run-ESPN BottomLine - C:\Program Files\ESPN\BottomLine\bline.exe
HKCU-Run-winshost.exe - (no file)
HKCU-Run-freestyle - lockx.exe
HKLM-Run-VideoraiPodConverter - C:\Program Files\VideoraiPodConverter\VideoraConverter.exe
HKLM-Run-3ce917fb - C:\WINDOWS\system32\pnfyjrbc.dll
HKLM-Run-BM3fda2467 - C:\WINDOWS\system32\yydqdvwa.dll
HKLM-Run-winshost.exe - (no file)
ShellExecuteHooks-{24DAAFB8-B7F5-463F-88C1-D497611FC253} - C:\WINDOWS\system32\wvUlljji.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Thaddeus\Application Data\Mozilla\Firefox\Profiles\60uayfaw.default\
FF -: plugin - C:\Documents and Settings\Thaddeus\Application Data\Mozilla\Firefox\Profiles\60uayfaw.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-24 23:39:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\McAfee\MSC\mcuimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
C:\WINDOWS\system32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2008-08-24 23:52:29 - machine was rebooted [Thaddeus]
ComboFix-quarantined-files.txt 2008-08-25 03:52:22

Pre-Run: 43,264,626,688 bytes free
Post-Run: 43,566,604,288 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

248 --- E O F --- 2008-08-02 06:06:21

Hijack this file
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:09:19 AM, on 8/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Verizon Online\VisualIPInsight\IPClient.exe
C:\Program Files\Verizon Online\VisualIPInsight\IPMon32.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1103236765\ee\AOLSoftware.exe
C:\WINDOWS\System32\msvcmm32.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN\MSNCoreFiles\MSN.EXE
C:\Program Files\MSN\MSNIA\CC\MSNCC\logonmgr.exe
C:\Program Files\MSN\MSNIA\CC\MSNCC\msncc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\SoftwareDistribution\Download\f6d390a5c8cb03ef1624d5e3583de48b\update\update.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = C:\WINDOWS\search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://images.only-virgins.com/secure.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F1 - win.ini: run=fntldr.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: (no name) - {11359F4A-B191-42D7-905A-594F8CF0387B} - (no file)
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon Online\VisualIPInsight\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\VisualIPInsight\IPMon32.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1103236765\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [LoadMSvcmm] C:\WINDOWS\System32\msvcmm32.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Startup: SMPMEnvSetup.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Control Pad - {28D44DAC-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\ControlPad\Misc\a_menu.exe
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://bba.bloomberg.net/Citrix/ICAWEB/en/ica32/wficat.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb_us/html/activexplayer/SMALStreaming.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - https://objects.aol.com/mcafee/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {596AF4AC-40A0-474A-9F86-33F0A90F0FD6} (PictureItLauncher Class) - http://photos.msn.com/resources/neutral/controls/DigWebX2.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094168243109
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129410370453
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1219168105233&h=00e807c06c7ece70f2fff4bf0161aee6/&filename=jinstall-6u7-windows-i586-jc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresponse.one.microsoft.com/media/xp/TLIEFlash.CAB
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - https://objects.aol.com/mcafee/molbin/shared/mcgdmgr/en-us/1,0,0,20/McGDMgr.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://livenj02.custhelp.com/7530-b327h/rnl/java/RntX.cab
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tools/toolbar/lexico.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - AppInit_DLLs: bfjmct.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://images.packers.com/images/wallpaper/dt040430_1_1024.jpg

--
End of file - 17415 bytes

I will post the vundo one once it finishes

0

Here is the Vundo log file:

VundoFix V7.0.6

Scan started at 12:14:27 AM 8/25/2008

Listing files found while scanning....

No infected files were found.

0

That's it :) I was right about combofix.
MBAM could not find and delete the files combofix could.
I always save combofix as a last resort because it's a very powerful tool.

There are a few things to do though, combofix has uncovered another hidden infection in your computer.

Please run MBAM now, if it still does not discover the malware files, I will have to use special recommendations again.

0

what do I do now? Thanks.

Malwarebytes' Anti-Malware 1.24
Database version: 1059
Windows 5.1.2600 Service Pack 2

8:10:45 PM 8/28/2008
mbam-log-8-28-2008 (20-10-45).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|)
Objects scanned: 126422
Time elapsed: 11 hour(s), 0 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{A4C4F8D3-6D77-44E2-BE28-2FF83291E877}\RP1\A0000004.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\wvUlljji.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.