0

Combofix worked! first time I tried it I got almost all the way through and my computer went to a blue screen (kind of like the hardware failure one). So I did the scan again and it went all the way through. Here are my logs.


ComboFix 08-11-12.01 - Mary Catherine 2008-11-13 22:24:21.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.246 [GMT -5:00]
Running from: c:\documents and settings\Mary Catherine\Desktop\SteinerCF.exe
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\BEEP.SYS
c:\windows\system32\drivers\NULL.SYS
c:\windows\system32\igavapiz.ini
c:\windows\system32\iseguvov.ini
c:\windows\system32\obozofur.ini
c:\windows\system32\ovepegif.ini
c:\windows\system32\ugifufak.ini
c:\windows\system32\ulabagew.ini
.
---- Previous Run -------
.
C:\bold.log
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\install.exe
c:\windows\system32\571PnxT3.exe.a_a
c:\windows\system32\5jDxbYE0.exe.a_a
c:\windows\system32\drivers\BEEP.SYS
c:\windows\system32\drivers\npf.sys
c:\windows\system32\drivers\NULL.SYS
c:\windows\system32\pthreadVC.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_LSASS
-------\Legacy_MSDIRECTX
-------\Legacy_NPF
-------\Legacy_OREANS32
-------\Service_NPF
-------\Service_oreans32
-------\Legacy_LSASS
-------\Legacy_MSDIRECTX
-------\Legacy_NPF
-------\Legacy_OREANS32


((((((((((((((((((((((((( Files Created from 2008-10-14 to 2008-11-14 )))))))))))))))))))))))))))))))
.

2008-11-13 18:11 . 2008-06-19 17:24 28,544 --a------ c:\windows\SYSTEM32\DRIVERS\pavboot.sys
2008-11-12 21:49 . 2008-11-12 21:49 1,409 --a------ c:\windows\SYSTEM32\tmpED0D3.FOT
2008-11-12 21:49 . 2008-11-12 21:49 1,409 --a------ c:\windows\SYSTEM32\tmpB31D3.FOT
2008-11-12 21:49 . 2008-11-12 21:49 1,409 --a------ c:\windows\SYSTEM32\tmp4EFC3.FOT
2008-11-12 21:49 . 2008-11-12 21:49 1,409 --a------ c:\windows\SYSTEM32\tmp080D3.FOT
2008-11-11 22:12 . 2008-11-11 22:12 <DIR> d-------- c:\program files\Panda Security
2008-11-09 21:24 . 2008-11-09 21:24 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-11-09 21:23 . 2008-11-09 21:23 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-08 23:35 . 2008-11-13 22:09 <DIR> d-------- C:\ComboFix
2008-11-08 18:06 . 2008-11-08 18:07 <DIR> d-------- c:\documents and settings\Mary Catherine\rs_cache
2008-11-08 10:56 . 2008-11-08 10:56 <DIR> d-------- C:\VundoFix Backups
2008-11-07 23:06 . 2008-11-13 21:45 <DIR> d-------- C:\!KillBox
2008-11-07 15:09 . 2008-10-22 16:10 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys
2008-11-07 15:09 . 2008-10-22 16:10 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys
2008-11-07 15:08 . 2008-11-12 17:34 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-05 20:36 . 2008-11-13 21:54 <DIR> d-------- c:\documents and settings\Mary Catherine\Application Data\BitTorrent
2008-11-05 20:35 . 2008-11-10 14:53 <DIR> d-------- c:\program files\DNA
2008-11-05 20:35 . 2008-11-05 20:35 <DIR> d-------- c:\program files\BitTorrent
2008-11-05 20:35 . 2008-11-10 18:06 <DIR> d-------- c:\documents and settings\Mary Catherine\Application Data\DNA
2008-11-05 19:07 . 2008-11-05 20:54 <DIR> d-------- c:\program files\RegCure
2008-11-05 17:29 . 2008-11-05 17:29 <DIR> d-------- c:\program files\mpegable
2008-11-05 17:29 . 2008-11-05 17:29 47,104 --------- c:\windows\AKDeInstall.exe
2008-11-05 17:26 . 2008-11-05 17:26 <DIR> d-------- c:\program files\Common Files\DeskShare Shared
2008-11-05 17:26 . 2008-11-05 17:26 356,352 --a------ c:\windows\eSellerateEngine.dll
2008-11-05 17:25 . 2008-11-05 17:25 <DIR> d-------- c:\program files\Deskshare
2008-11-05 17:25 . 2004-12-07 10:11 258,352 --a------ c:\windows\SYSTEM32\Unicows.dll
2008-11-04 00:19 . 2008-11-04 00:19 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\AdobeUM
2008-11-01 18:06 . 2008-11-01 18:06 <DIR> d-------- c:\program files\Axife Mouse Recorder DEMO
2008-11-01 17:42 . 2008-11-01 17:42 <DIR> d-------- c:\program files\KALiNKOsoft
2008-11-01 13:01 . 2008-11-13 21:45 <DIR> d-------- C:\GMouse20
2008-11-01 10:43 . 2008-11-01 10:43 <DIR> d-------- c:\windows\SYSTEM32\Futuremark
2008-11-01 10:43 . 2008-11-01 10:43 <DIR> d-------- c:\program files\Common Files\Futuremark Shared
2008-11-01 10:43 . 2008-05-29 11:33 27,672 -ra------ c:\windows\SYSTEM32\DRIVERS\Entech.sys
2008-11-01 10:31 . 2008-11-01 10:32 <DIR> d--h----- c:\windows\msdownld.tmp
2008-11-01 10:31 . 2008-11-01 10:31 <DIR> d-------- c:\windows\Logs
2008-11-01 10:20 . 2008-11-01 10:20 682,280 --a------ c:\windows\SYSTEM32\pbsvc.exe
2008-10-29 19:04 . 2008-10-29 19:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\YoYoGames
2008-10-27 19:00 . 2008-11-04 18:26 <DIR> d-------- c:\program files\Game_Maker7
2008-10-26 18:47 . 2008-10-26 18:47 0 --ah----- c:\windows\SwSys2.bmp
2008-10-26 18:47 . 2008-10-26 18:47 0 --ah----- c:\windows\SwSys1.bmp
2008-10-25 18:27 . 2008-11-04 18:20 <DIR> d-------- c:\program files\AutoHotkey
2008-10-24 22:35 . 2008-11-04 18:28 <DIR> d-------- c:\program files\Synergy
2008-10-24 10:17 . 2008-10-15 11:34 337,408 --------- c:\windows\SYSTEM32\DLLCACHE\netapi32.dll
2008-10-17 22:50 . 2008-10-17 22:57 <DIR> d-------- c:\program files\Portal
2008-10-16 23:44 . 2008-10-16 23:44 <DIR> d-------- c:\documents and settings\Mary Catherine\dodian.com
2008-10-16 23:27 . 2008-10-16 23:27 <DIR> d-------- C:\BattleScape
2008-10-15 10:32 . 2008-09-15 07:12 1,846,400 --------- c:\windows\SYSTEM32\DLLCACHE\win32k.sys
2008-10-15 10:32 . 2008-09-08 05:41 333,824 --------- c:\windows\SYSTEM32\DLLCACHE\srv.sys
2008-10-15 10:30 . 2008-08-14 05:11 2,189,184 --------- c:\windows\SYSTEM32\DLLCACHE\ntoskrnl.exe
2008-10-15 10:30 . 2008-08-14 05:09 2,145,280 --------- c:\windows\SYSTEM32\DLLCACHE\ntkrnlmp.exe
2008-10-15 10:30 . 2008-08-14 04:33 2,066,048 --------- c:\windows\SYSTEM32\DLLCACHE\ntkrnlpa.exe
2008-10-15 10:30 . 2008-08-14 04:33 2,023,936 --------- c:\windows\SYSTEM32\DLLCACHE\ntkrpamp.exe
2008-10-14 15:56 . 2008-11-04 18:28 <DIR> d-------- c:\program files\XBCD 360
2008-10-14 14:31 . 2008-10-14 14:31 <DIR> d-------- c:\program files\XBox 360 Controller for Windows Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-14 03:28 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
2008-11-13 21:42 138,408 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-11-13 21:41 202,320 ----a-w c:\windows\SYSTEM32\PnkBstrB.exe
2008-11-13 13:20 --------- d-----w c:\documents and settings\Mary Catherine\Application Data\AdobeUM
2008-11-13 01:44 --------- d-----w c:\program files\PeerGuardian2
2008-11-12 01:32 86,068 --sha-w c:\windows\SYSTEM32\rufozobo.dll
2008-11-11 13:33 86,068 --sha-w c:\windows\SYSTEM32\wegabalu.dll
2008-11-10 02:24 --------- d-----w c:\documents and settings\Mary Catherine\Application Data\SUPERAntiSpyware.com
2008-11-09 17:14 92,212 ----a-w c:\windows\SYSTEM32\nogorike.dll
2008-11-09 06:19 86,580 --sha-w c:\windows\SYSTEM32\hulahake.dll
2008-11-08 17:38 92,212 ----a-w c:\windows\SYSTEM32\fonebipi.dll
2008-11-08 17:19 86,580 --sha-w c:\windows\SYSTEM32\figepevo.dll
2008-11-08 04:18 92,212 --sha-w c:\windows\SYSTEM32\jifojuse.dll
2008-11-08 04:18 86,580 ------w c:\windows\SYSTEM32\zipavagi.dll
2008-11-06 02:52 --------- d-----w c:\program files\Steam
2008-11-05 23:02 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-04 23:28 --------- d-----w c:\program files\SpeedItUpFree
2008-11-04 23:21 --------- d-----w c:\program files\Cheat Engine
2008-11-04 23:18 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-04 23:18 --------- d-----w c:\program files\Activision
2008-11-01 23:09 --------- d-----w c:\documents and settings\Mary Catherine\Application Data\Azureus
2008-11-01 15:20 22,328 ----a-w c:\documents and settings\Mary Catherine\Application Data\PnkBstrK.sys
2008-11-01 12:26 119,296 ----a-w c:\windows\SYSTEM32\zlib.dll
2008-10-19 21:53 --------- d-----w c:\documents and settings\Mary Catherine\Application Data\Xfire
2008-10-18 12:01 --------- d-----w c:\program files\Xfire
2008-10-16 19:57 30 ----a-w c:\documents and settings\Mary Catherine\jagex_runescape_preferences.dat
2008-10-16 19:13 202,776 ----a-w c:\windows\SYSTEM32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\SYSTEM32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\SYSTEM32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\SYSTEM32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\SYSTEM32\DLLCACHE\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\SYSTEM32\DLLCACHE\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\SYSTEM32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\SYSTEM32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuauclt.exe
2008-10-16 19:09 43,544 -c--a-w c:\windows\SYSTEM32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\SYSTEM32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\SYSTEM32\DLLCACHE\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\SYSTEM32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\SYSTEM32\muweb.dll
2008-10-16 03:00 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-10-14 02:29 --------- d-----w c:\documents and settings\Mary Catherine\Application Data\KALiNKOsoft
2008-10-09 00:47 42,320 ----a-w c:\windows\SYSTEM32\xfcodec.dll
2008-10-04 02:02 66,872 ----a-w c:\windows\SYSTEM32\PnkBstrA.exe
2008-10-03 17:41 6,066,176 ------w c:\windows\SYSTEM32\DLLCACHE\ieframe.dll
2008-09-28 02:50 --------- d-----w c:\program files\Apple Software Update
2008-09-28 02:49 --------- d-----w c:\program files\iTunes
2008-09-28 02:49 --------- d-----w c:\program files\iPod
2008-09-28 02:49 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-28 02:47 --------- d-----w c:\program files\QuickTime
2008-09-28 02:47 --------- d-----w c:\program files\Common Files\Apple
2008-09-28 02:42 --------- d-----w c:\program files\Bonjour
2008-09-23 15:01 --------- d-----w c:\program files\Hewlett-Packard
2008-09-23 14:55 --------- d-----w c:\program files\Common Files\Hewlett-Packard
2008-09-15 12:12 1,846,400 ----a-w c:\windows\SYSTEM32\win32k.sys
2008-08-29 14:18 87,336 ----a-w c:\windows\SYSTEM32\dns-sd.exe
2008-08-29 13:53 61,440 ----a-w c:\windows\SYSTEM32\dnssd.dll
2008-08-27 08:24 3,593,216 ------w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
2008-08-25 08:38 13,824 ------w c:\windows\SYSTEM32\DLLCACHE\ieudinit.exe
2008-08-25 08:37 70,656 ------w c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-08-23 05:56 635,848 ----a-w c:\windows\SYSTEM32\DLLCACHE\iexplore.exe
2008-08-23 05:54 161,792 ----a-w c:\windows\SYSTEM32\DLLCACHE\ieakui.dll
2008-08-19 22:53 578,560 ----a-w c:\windows\SYSTEM32\DLLCACHE\user32.dll
2008-08-14 10:09 2,145,280 ----a-w c:\windows\SYSTEM32\ntoskrnl.exe
2008-08-14 10:04 138,496 ------w c:\windows\SYSTEM32\DLLCACHE\afd.sys
2008-08-14 09:33 2,023,936 ----a-w c:\windows\SYSTEM32\ntkrnlpa.exe
2008-03-22 13:31 317 ----a-w c:\program files\realmlist--.txt
2007-10-27 15:03 309,240 ----a-w c:\program files\AOLDNLD.exe
2007-10-20 04:07 48,009 ----a-w c:\program files\20071019171441682.pdf
2007-10-10 19:05 336,417 ----a-w c:\program files\GCLiteSetup14.exe
2007-01-12 18:12 4,841,060 -c--a-w c:\program files\Missy Higgins - falling.mp3
2006-02-28 00:27 6,009,044 -c--a-w c:\program files\Panic! at the Disco - Its Time To Dance.mp3
2005-10-11 03:05 3,639,296 -c--a-w c:\program files\The Rocket Summer - This Is Me.mp3
2005-10-11 02:51 6,539,280 -c--a-w c:\program files\the rocket summer - around the clock.mp3
2005-10-11 02:51 5,426,628 -c--a-w c:\program files\The Rocket Summer - Mean Thoughts And Cheap Shots.mp3
2005-04-26 03:01 5,727,787 -c--a-w c:\program files\Mariah Carey - The Emancipation of Mimi - 03 - Shake It Off.mp3
2005-04-10 17:37 5,751,940 -c--a-w c:\program files\50 cents - Valentine's Day Massacre - Money By Any Means.mp3
2005-04-06 03:27 4,039,752 -c--a-w c:\program files\Switchfoot- You (A Walk To Remember Soundtrack).mp3
2005-02-04 12:30 2,709,777 -c--a-w c:\program files\Green Day - Minority.mp3
2005-02-04 07:26 4,792,908 -c--a-w c:\program files\Jason Mraz - Beautiful.mp3
2005-02-04 06:56 4,037,780 -c--a-w c:\program files\FM Static - Crazy Mary.mp3
2005-02-04 06:04 3,434,496 -c--a-w c:\program files\Colective Soul - December.mp3
2005-02-04 05:28 5,646,704 -c--a-w c:\program files\Akon - Ghetto.mp3
2005-01-29 05:26 3,563,103 -c--a-w c:\program files\06 - Jump Jimmy (Stronger Than Mine).mp3
2005-01-09 06:13 2,866,269 -c--a-w c:\program files\josh kelley - Wrapped..mp3
2005-01-09 06:12 4,524,776 -c--a-w c:\program files\josh kelley - Knockin.mp3
2005-01-08 18:21 4,448,384 -c--a-w c:\program files\Blessed Union of Souls - Let Me Be The One.mp3
2008-08-12 15:01 32,768 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008081220080813\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-09-20 4583424]
"HostManager"="c:\program files\Common Files\AOL\1124840716\ee\AOLSoftware.exe" [2007-05-25 42032]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-03-23 185896]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 4838952]
"MBkLogOnHook"="c:\program files\McAfee\MBK\LogOnHook.exe" [2007-01-08 20480]
"WN311T.exe"="c:\program files\NETGEAR\WN311T\WN311T.exe" [2008-03-10 565248]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9e.exe" [2007-11-20 218496]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 28672]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 2000 Series.lnk]
backup=c:\windows\pss\hp psc 2000 Series.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^officejet 6100.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\officejet 6100.lnk
backup=c:\windows\pss\officejet 6100.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLAspSunset2
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WUSB54Gv2

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
--a------ 2007-10-27 12:44 50528 c:\program files\AOL 9.1\aol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
-ra--c--- 2006-10-23 07:50 71216 c:\program files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-09-03 19:12 111936 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASM]
--a------ 2006-11-07 14:11 2500096 c:\program files\AOL\Active Security Monitor\ASMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 19:12 15360 c:\windows\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2004-08-13 02:05 122939 c:\windows\SYSTEM32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2004-09-15 02:01 86016 c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2004-08-23 19:19 57344 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX3800 Series]
--a------ 2005-02-07 14:00 98304 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_FATIACA.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-03-23 09:04 29744 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2007-05-25 12:16 42032 c:\program files\Common Files\AOL\1124840716\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
--a------ 2004-03-23 13:16 135168 c:\program files\Intel\Intel Application Accelerator\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-09-10 16:40 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2007-07-25 15:02 563984 c:\program files\Common Files\logishrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
--a------ 2006-01-17 13:03 53248 c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a------ 2006-01-17 13:03 135168 c:\progra~1\MUSICM~1\MUSICM~3\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2004-09-20 16:09 4583424 c:\windows\SYSTEM32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2008-03-23 11:48 214560 c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2004-06-30 14:33 1388544 c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 03:25 144784 c:\program files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1124840716\\ee\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\1124840716\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\WINDOWS\\SYSTEM32\\PnkBstrA.exe"=
"c:\\WINDOWS\\SYSTEM32\\PnkBstrB.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\McAfee\\VirusScan\\mcvsmap.exe"=
"c:\\WINDOWS\\SYSTEM32\\logonui.exe"=
"c:\\WINDOWS\\SYSTEM32\\winlogon.exe"=
"c:\\WINDOWS\\SYSTEM32\\services.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 GoogleDesktopManager-093007-112848;Google Desktop Manager 5.5.709.30344;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-03-23 29744]
S3 NETMW145;Marvell TOPDOG (TM) 802.11n Driver for Windows XP;c:\windows\system32\DRIVERS\NETMW145.sys [2007-11-10 722560]
S3 XDva190;XDva190;c:\windows\system32\XDva190.sys [ ]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\DRIVERS\xusb20.sys [2006-10-13 50048]
.
Contents of the 'Scheduled Tasks' folder

2008-11-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-11-09 c:\windows\Tasks\At1.job
- c:\windows\system32\5jDxbYE0.exe []

2008-11-13 c:\windows\Tasks\At10.job
- c:\windows\system32\5jDxbYE0.exe []

2008-11-13 c:\windows\Tasks\At11.job
- c:\windows\system32\5jDxbYE0.exe []

2008-11-13 c:\windows\Tasks\At12.job
- c:\windows\system32\5jDxbYE0.exe []

2008-11-13 c:\windows\Tasks\At13.job
- c:\windows\system32\5jDxbYE0.exe []

2008-11-13 c:\windows\Tasks\At14.job
- c:\windows\system32\5jDxbYE0.exe []

2008-11-13 c:\windows\Tasks\At15.job
- c:\windows\system32\5jDxbYE0.exe []

2008-11-13 c:\windows\Tasks\At16.job
- c:\windows\system32\5jDxbYE0.exe []

2008-11-13 c:\windows\Tasks\At17.job
- c:\windows\system32\5jDxbYE0.exe []

2008-11-13 c:\windows\Tasks\At18.job
- c:\windows\system32\5jDxbYE0.exe []

2008-11-13 c:\windows\Tasks\At19.job
- c:\windows\system32\5jDxbYE0.exe []

2008-11-09 c:\windows\Tasks\At2.job
- c:\windows\system32\5jDxbYE0.exe []

2008-11-14 c:\windows\Tasks\At20.job
- c:\windows\system32\5jDxbYE0.exe []

2008-11-14 c:\windows\Tasks\At21.job
- c:\windows\system32\5jDxbYE0.exe []

2008-11-14 c:\windows\Tasks\At22.job
- c:\windows\system32\5jDxbYE0.exe []

2008-11-14 c:\windows\Tasks\At23.job
- c:\windows\system32\5jDxbYE0.exe []

2008-11-09 c:\windows\Tasks\At24.job
- c:\windows\system32\5jDxbYE0.exe []

2008-11-09 c:\windows\Tasks\At25.job
- c:\windows\system32\571PnxT3.exe []

2008-11-09 c:\windows\Tasks\At26.job
- c:\windows\system32\571PnxT3.exe []

2008-11-02 c:\windows\Tasks\At27.job
- c:\windows\system32\571PnxT3.exe []

2008-11-02 c:\windows\Tasks\At28.job
- c:\windows\system32\571PnxT3.exe []

2008-11-02 c:\windows\Tasks\At29.job
- c:\windows\system32\571PnxT3.exe []

2008-11-02 c:\windows\Tasks\At3.job
- c:\windows\system32\5jDxbYE0.exe []

2008-11-02 c:\windows\Tasks\At30.job
- c:\windows\system32\571PnxT3.exe []

2008-11-02 c:\windows\Tasks\At31.job
- c:\windows\system32\571PnxT3.exe []

2008-11-02 c:\windows\Tasks\At32.job
- c:\windows\system32\571PnxT3.exe []

2008-11-13 c:\windows\Tasks\At33.job
- c:\windows\system32\571PnxT3.exe []

2008-11-13 c:\windows\Tasks\At34.job
- c:\windows\system32\571PnxT3.exe []

2008-11-13 c:\windows\Tasks\At35.job
- c:\windows\system32\571PnxT3.exe []

2008-11-13 c:\windows\Tasks\At36.job
- c:\windows\system32\571PnxT3.exe []

2008-11-13 c:\windows\Tasks\At37.job
- c:\windows\system32\571PnxT3.exe []

2008-11-13 c:\windows\Tasks\At38.job
- c:\windows\system32\571PnxT3.exe []

2008-11-13 c:\windows\Tasks\At39.job
- c:\windows\system32\571PnxT3.exe []

2008-11-02 c:\windows\Tasks\At4.job
- c:\windows\system32\5jDxbYE0.exe []

2008-11-13 c:\windows\Tasks\At40.job
- c:\windows\system32\571PnxT3.exe []

2008-11-13 c:\windows\Tasks\At41.job
- c:\windows\system32\571PnxT3.exe []

2008-11-13 c:\windows\Tasks\At42.job
- c:\windows\system32\571PnxT3.exe []

2008-11-13 c:\windows\Tasks\At43.job
- c:\windows\system32\571PnxT3.exe []

2008-11-14 c:\windows\Tasks\At44.job
- c:\windows\system32\571PnxT3.exe []

2008-11-14 c:\windows\Tasks\At45.job
- c:\windows\system32\571PnxT3.exe []

2008-11-14 c:\windows\Tasks\At46.job
- c:\windows\system32\571PnxT3.exe []

2008-11-14 c:\windows\Tasks\At47.job
- c:\windows\system32\571PnxT3.exe []

2008-11-09 c:\windows\Tasks\At48.job
- c:\windows\system32\571PnxT3.exe []

2008-11-02 c:\windows\Tasks\At5.job
- c:\windows\system32\5jDxbYE0.exe []

2008-11-02 c:\windows\Tasks\At6.job
- c:\windows\system32\5jDxbYE0.exe []

2008-11-02 c:\windows\Tasks\At7.job
- c:\windows\system32\5jDxbYE0.exe []

2008-11-02 c:\windows\Tasks\At8.job
- c:\windows\system32\5jDxbYE0.exe []

2008-11-13 c:\windows\Tasks\At9.job
- c:\windows\system32\5jDxbYE0.exe []

2008-07-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2008-09-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2008-11-07 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2007-09-18 22:42]

2008-11-14 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-11-05 20:52]

2008-11-06 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-11-05 20:52]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Mary Catherine\Application Data\Mozilla\Firefox\Profiles\3iyse19c.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - isitchristmas.com
FF -: plugin - c:\documents and settings\Mary Catherine\Application Data\Mozilla\Firefox\Profiles\3iyse19c.default\extensions\yyginstantplay@yoyogames.com\plugins\NPYYGInstantPlay.dll
FF -: plugin - c:\program files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - c:\program files\DNA\plugins\npbtdna.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npigl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-13 22:29:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\LEXBCES.EXE
c:\windows\SYSTEM32\LEXPPS.EXE
c:\program files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Application Accelerator\IAANTmon.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\program files\McAfee\MBK\MBackMonitor.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\program files\McAfee\VirusScan\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\windows\SYSTEM32\nvsvc32.exe
c:\windows\SYSTEM32\PnkBstrA.exe
c:\windows\SYSTEM32\wdfmgr.exe
c:\windows\wanmpsvc.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\Common Files\AOL\1124840716\ee\services\antiSpywareApp\ver2_0_25_1\AOLSP Scheduler.exe
c:\program files\Common Files\logishrd\LQCVFX\COCIManager.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
c:\windows\SYSTEM32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-11-13 22:38:37 - machine was rebooted [Mary Catherine]
ComboFix-quarantined-files.txt 2008-11-14 03:38:18

Pre-Run: 24,265,723,904 bytes free
Post-Run: 24,235,307,008 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=20
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS=""

499 --- E O F --- 2008-10-25 05:40:51


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:42:45 PM, on 11/13/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\AOL\1124840716\ee\AOLSoftware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\NETGEAR\WN311T\WN311T.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
c:\program files\common files\aol\1124840716\ee\services\antiSpywareApp\ver2_0_25_1\AOLSP Scheduler.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124840716\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [WN311T.exe] C:\Program Files\NETGEAR\WN311T\WN311T.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [mazayefoha] Rundll32.exe "C:\WINDOWS\system32\yojonaso.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [mazayefoha] Rundll32.exe "C:\WINDOWS\system32\yojonaso.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe (User 'Default user')
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - KALiNKOsoft - C:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle_updater.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 10680 bytes

0

Heya, steiner.. a draw in hockey is fine.. you live again. But now to work, Mary C.:
==Again please disconnect from the web, turn off your Antivirus, Antispyware and Firewall for the duration of this scan:
Copy the text in the box to a notepad [format/wordwrap unchecked] and save as CFScript.txt to where you saved Combofix -that is, to your desktop.

Killall::

Rootkit::
c:\windows\system32\drivers\lvuvc.hs

File::
c:\windows\SYSTEM32\tmpED0D3.FOT
c:\windows\SYSTEM32\tmpB31D3.FOT
c:\windows\SYSTEM32\tmp4EFC3.FOT
c:\windows\SYSTEM32\tmp080D3.FOT
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
c:\windows\msdownld.tmp
c:\windows\SYSTEM32\rufozobo.dll
c:\windows\SYSTEM32\wegabalu.dll
c:\windows\SYSTEM32\nogorike.dll
c:\windows\SYSTEM32\hulahake.dll
c:\windows\SYSTEM32\fonebipi.dll
c:\windows\SYSTEM32\figepevo.dll
c:\windows\SYSTEM32\jifojuse.dll
c:\windows\SYSTEM32\zipavagi.dll
c:\windows\system32\5jDxbYE0.exe
c:\windows\system32\571PnxT3.exe
C:\WINDOWS\system32\yojonaso.dll
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At25.job
c:\windows\Tasks\At26.job
c:\windows\Tasks\At27.job
c:\windows\Tasks\At28.job
c:\windows\Tasks\At29.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At30.job
c:\windows\Tasks\At31.job
c:\windows\Tasks\At32.job
c:\windows\Tasks\At33.job
c:\windows\Tasks\At34.job
c:\windows\Tasks\At35.job
c:\windows\Tasks\At36.job
c:\windows\Tasks\At37.job
c:\windows\Tasks\At38.job
c:\windows\Tasks\At39.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At40.job
c:\windows\Tasks\At41.job
c:\windows\Tasks\At42.job
c:\windows\Tasks\At43.job
c:\windows\Tasks\At44.job
c:\windows\Tasks\At45.job
c:\windows\Tasks\At46.job
c:\windows\Tasks\At47.job
c:\windows\Tasks\At48.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job

Folder::
C:\!KillBox
C:\VundoFix Backups

Registry::
[HKUS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"mazayefoha"=-

[HKUS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"mazayefoha"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000000

Good. Now drag the CFScript.txt icon onto the Combofix icon on your desktop. Combofix will start, let it run, if your firewall prompts then allow all; post the log.

0

Mary C., some more work from the Panda log:

==You must clear all your system restore points because some have been infected.... you do this by toggling System Restore Off then On again. So go control panel > system > system restore tab, check Turn off sys res on all drives, Apply and OK. Do it all again but uncheck that box, Apply and OK.
Now make a fresh, clean restore point: Start > programs > accessories > system tools > system restore and create a restore point now!!
=Uninstall Viewpoint
=If you do not use it, delete this from your desktop:
c:\documents and settings\mary catherine\desktop\complete incredimail installation.lnk
=Delete these folders:
C:\Program Files\Trend Micro\HijackThis\backups
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\Mary Catherine\Local Settings\Application Data\Wildtangent

==Please copy the text in the box to a notepad [format/wordwrap unchecked] and save as fixkey.reg, as type "all files", to your desktop; dclick it to run... agree; if it opens in notepad instead rclick the icon [file], choose Open with, Registry editor....

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FF65677A-8977-48CA-916A-DFF81B037DF3}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0878B424-1F95-4e26-B5AB-F0D349D89650}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87067F04-DE4C-4688-BC3C-4FCF39D609E7}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{556DDE35-E955-11D0-A707-000000521958}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DDFFA75A-E81D-4454-89FC-B9FD0631E726}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{205ff73b-ca67-11d5-99dd-444553540006}]

Update MBAM and run it, post that log plus a fresh hijackthis log.

0

Here is the combofix log, no problems this time.

ComboFix 08-11-12.01 - Mary Catherine 2008-11-14 16:28:20.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.171 [GMT -5:00]
Running from: c:\documents and settings\Mary Catherine\Desktop\SteinerCF.exe
Command switches used :: c:\documents and settings\Mary Catherine\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\windows\msdownld.tmp
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
c:\windows\system32\571PnxT3.exe
c:\windows\system32\5jDxbYE0.exe
c:\windows\SYSTEM32\figepevo.dll
c:\windows\SYSTEM32\fonebipi.dll
c:\windows\SYSTEM32\hulahake.dll
c:\windows\SYSTEM32\jifojuse.dll
c:\windows\SYSTEM32\nogorike.dll
c:\windows\SYSTEM32\rufozobo.dll
c:\windows\SYSTEM32\tmp080D3.FOT
c:\windows\SYSTEM32\tmp4EFC3.FOT
c:\windows\SYSTEM32\tmpB31D3.FOT
c:\windows\SYSTEM32\tmpED0D3.FOT
c:\windows\SYSTEM32\wegabalu.dll
c:\windows\system32\yojonaso.dll
c:\windows\SYSTEM32\zipavagi.dll
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At25.job
c:\windows\Tasks\At26.job
c:\windows\Tasks\At27.job
c:\windows\Tasks\At28.job
c:\windows\Tasks\At29.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At30.job
c:\windows\Tasks\At31.job
c:\windows\Tasks\At32.job
c:\windows\Tasks\At33.job
c:\windows\Tasks\At34.job
c:\windows\Tasks\At35.job
c:\windows\Tasks\At36.job
c:\windows\Tasks\At37.job
c:\windows\Tasks\At38.job
c:\windows\Tasks\At39.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At40.job
c:\windows\Tasks\At41.job
c:\windows\Tasks\At42.job
c:\windows\Tasks\At43.job
c:\windows\Tasks\At44.job
c:\windows\Tasks\At45.job
c:\windows\Tasks\At46.job
c:\windows\Tasks\At47.job
c:\windows\Tasks\At48.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
.
The following files were disabled during the run:
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\!KillBox
c:\!killbox\Logs\kb.log
C:\VundoFix Backups
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
c:\windows\system32\drivers\lvuvc.hs
c:\windows\SYSTEM32\figepevo.dll
c:\windows\SYSTEM32\fonebipi.dll
c:\windows\SYSTEM32\hulahake.dll
c:\windows\SYSTEM32\jifojuse.dll
c:\windows\SYSTEM32\nogorike.dll
c:\windows\SYSTEM32\rufozobo.dll
c:\windows\SYSTEM32\tmp080D3.FOT
c:\windows\SYSTEM32\tmp4EFC3.FOT
c:\windows\SYSTEM32\tmpB31D3.FOT
c:\windows\SYSTEM32\tmpED0D3.FOT
c:\windows\SYSTEM32\wegabalu.dll
c:\windows\SYSTEM32\zipavagi.dll
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At25.job
c:\windows\Tasks\At26.job
c:\windows\Tasks\At27.job
c:\windows\Tasks\At28.job
c:\windows\Tasks\At29.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At30.job
c:\windows\Tasks\At31.job
c:\windows\Tasks\At32.job
c:\windows\Tasks\At33.job
c:\windows\Tasks\At34.job
c:\windows\Tasks\At35.job
c:\windows\Tasks\At36.job
c:\windows\Tasks\At37.job
c:\windows\Tasks\At38.job
c:\windows\Tasks\At39.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At40.job
c:\windows\Tasks\At41.job
c:\windows\Tasks\At42.job
c:\windows\Tasks\At43.job
c:\windows\Tasks\At44.job
c:\windows\Tasks\At45.job
c:\windows\Tasks\At46.job
c:\windows\Tasks\At47.job
c:\windows\Tasks\At48.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_LSASS
-------\Legacy_MSDIRECTX
-------\Legacy_NPF
-------\Legacy_OREANS32


((((((((((((((((((((((((( Files Created from 2008-10-14 to 2008-11-14 )))))))))))))))))))))))))))))))
.

2008-11-13 18:11 . 2008-06-19 17:24 28,544 --a------ c:\windows\SYSTEM32\DRIVERS\pavboot.sys
2008-11-11 22:12 . 2008-11-11 22:12 <DIR> d-------- c:\program files\Panda Security
2008-11-09 21:24 . 2008-11-09 21:24 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-11-09 21:23 . 2008-11-09 21:23 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-08 23:35 . 2008-11-13 22:09 <DIR> d-------- C:\ComboFix
2008-11-08 18:06 . 2008-11-08 18:07 <DIR> d-------- c:\documents and settings\Mary Catherine\rs_cache
2008-11-07 15:09 . 2008-10-22 16:10 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys
2008-11-07 15:09 . 2008-10-22 16:10 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys
2008-11-07 15:08 . 2008-11-12 17:34 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-05 20:36 . 2008-11-13 21:54 <DIR> d-------- c:\documents and settings\Mary Catherine\Application Data\BitTorrent
2008-11-05 20:35 . 2008-11-10 14:53 <DIR> d-------- c:\program files\DNA
2008-11-05 20:35 . 2008-11-05 20:35 <DIR> d-------- c:\program files\BitTorrent
2008-11-05 20:35 . 2008-11-10 18:06 <DIR> d-------- c:\documents and settings\Mary Catherine\Application Data\DNA
2008-11-05 19:07 . 2008-11-05 20:54 <DIR> d-------- c:\program files\RegCure
2008-11-05 17:29 . 2008-11-05 17:29 <DIR> d-------- c:\program files\mpegable
2008-11-05 17:29 . 2008-11-05 17:29 47,104 --------- c:\windows\AKDeInstall.exe
2008-11-05 17:26 . 2008-11-05 17:26 <DIR> d-------- c:\program files\Common Files\DeskShare Shared
2008-11-05 17:26 . 2008-11-05 17:26 356,352 --a------ c:\windows\eSellerateEngine.dll
2008-11-05 17:25 . 2008-11-05 17:25 <DIR> d-------- c:\program files\Deskshare
2008-11-05 17:25 . 2004-12-07 10:11 258,352 --a------ c:\windows\SYSTEM32\Unicows.dll
2008-11-04 00:19 . 2008-11-04 00:19 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\AdobeUM
2008-11-01 18:06 . 2008-11-01 18:06 <DIR> d-------- c:\program files\Axife Mouse Recorder DEMO
2008-11-01 17:42 . 2008-11-01 17:42 <DIR> d-------- c:\program files\KALiNKOsoft
2008-11-01 13:01 . 2008-11-13 21:45 <DIR> d-------- C:\GMouse20
2008-11-01 10:43 . 2008-11-01 10:43 <DIR> d-------- c:\windows\SYSTEM32\Futuremark
2008-11-01 10:43 . 2008-11-01 10:43 <DIR> d-------- c:\program files\Common Files\Futuremark Shared
2008-11-01 10:43 . 2008-05-29 11:33 27,672 -ra------ c:\windows\SYSTEM32\DRIVERS\Entech.sys
2008-11-01 10:31 . 2008-11-01 10:32 <DIR> d--h----- c:\windows\msdownld.tmp
2008-11-01 10:31 . 2008-11-01 10:31 <DIR> d-------- c:\windows\Logs
2008-11-01 10:20 . 2008-11-01 10:20 682,280 --a------ c:\windows\SYSTEM32\pbsvc.exe
2008-10-29 19:04 . 2008-10-29 19:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\YoYoGames
2008-10-27 19:00 . 2008-11-04 18:26 <DIR> d-------- c:\program files\Game_Maker7
2008-10-25 18:27 . 2008-11-04 18:20 <DIR> d-------- c:\program files\AutoHotkey
2008-10-24 22:35 . 2008-11-04 18:28 <DIR> d-------- c:\program files\Synergy
2008-10-24 10:17 . 2008-10-15 11:34 337,408 --------- c:\windows\SYSTEM32\DLLCACHE\netapi32.dll
2008-10-17 22:50 . 2008-10-17 22:57 <DIR> d-------- c:\program files\Portal
2008-10-16 23:44 . 2008-10-16 23:44 <DIR> d-------- c:\documents and settings\Mary Catherine\dodian.com
2008-10-16 23:27 . 2008-10-16 23:27 <DIR> d-------- C:\BattleScape
2008-10-15 10:32 . 2008-09-15 07:12 1,846,400 --------- c:\windows\SYSTEM32\DLLCACHE\win32k.sys
2008-10-15 10:32 . 2008-09-08 05:41 333,824 --------- c:\windows\SYSTEM32\DLLCACHE\srv.sys
2008-10-15 10:30 . 2008-08-14 05:11 2,189,184 --------- c:\windows\SYSTEM32\DLLCACHE\ntoskrnl.exe
2008-10-15 10:30 . 2008-08-14 05:09 2,145,280 --------- c:\windows\SYSTEM32\DLLCACHE\ntkrnlmp.exe
2008-10-15 10:30 . 2008-08-14 04:33 2,066,048 --------- c:\windows\SYSTEM32\DLLCACHE\ntkrnlpa.exe
2008-10-15 10:30 . 2008-08-14 04:33 2,023,936 --------- c:\windows\SYSTEM32\DLLCACHE\ntkrpamp.exe
2008-10-14 15:56 . 2008-11-04 18:28 <DIR> d-------- c:\program files\XBCD 360
2008-10-14 14:31 . 2008-10-14 14:31 <DIR> d-------- c:\program files\XBox 360 Controller for Windows Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-13 21:42 138,408 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-11-13 21:41 202,320 ----a-w c:\windows\SYSTEM32\PnkBstrB.exe
2008-11-13 13:20 --------- d-----w c:\documents and settings\Mary Catherine\Application Data\AdobeUM
2008-11-13 01:44 --------- d-----w c:\program files\PeerGuardian2
2008-11-10 02:24 --------- d-----w c:\documents and settings\Mary Catherine\Application Data\SUPERAntiSpyware.com
2008-11-06 02:52 --------- d-----w c:\program files\Steam
2008-11-05 23:02 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-04 23:28 --------- d-----w c:\program files\SpeedItUpFree
2008-11-04 23:21 --------- d-----w c:\program files\Cheat Engine
2008-11-04 23:18 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-04 23:18 --------- d-----w c:\program files\Activision
2008-11-01 23:09 --------- d-----w c:\documents and settings\Mary Catherine\Application Data\Azureus
2008-11-01 15:20 22,328 ----a-w c:\documents and settings\Mary Catherine\Application Data\PnkBstrK.sys
2008-11-01 12:26 119,296 ----a-w c:\windows\SYSTEM32\zlib.dll
2008-10-19 21:53 --------- d-----w c:\documents and settings\Mary Catherine\Application Data\Xfire
2008-10-18 12:01 --------- d-----w c:\program files\Xfire
2008-10-16 19:57 30 ----a-w c:\documents and settings\Mary Catherine\jagex_runescape_preferences.dat
2008-10-16 19:13 202,776 ----a-w c:\windows\SYSTEM32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\SYSTEM32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\SYSTEM32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\SYSTEM32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\SYSTEM32\DLLCACHE\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\SYSTEM32\DLLCACHE\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\SYSTEM32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\SYSTEM32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuauclt.exe
2008-10-16 19:09 43,544 -c--a-w c:\windows\SYSTEM32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\SYSTEM32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\SYSTEM32\DLLCACHE\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\SYSTEM32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\SYSTEM32\muweb.dll
2008-10-16 03:00 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-10-14 02:29 --------- d-----w c:\documents and settings\Mary Catherine\Application Data\KALiNKOsoft
2008-10-09 00:47 42,320 ----a-w c:\windows\SYSTEM32\xfcodec.dll
2008-10-04 02:02 66,872 ----a-w c:\windows\SYSTEM32\PnkBstrA.exe
2008-10-03 17:41 6,066,176 ------w c:\windows\SYSTEM32\DLLCACHE\ieframe.dll
2008-09-28 02:50 --------- d-----w c:\program files\Apple Software Update
2008-09-28 02:49 --------- d-----w c:\program files\iTunes
2008-09-28 02:49 --------- d-----w c:\program files\iPod
2008-09-28 02:49 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-28 02:47 --------- d-----w c:\program files\QuickTime
2008-09-28 02:47 --------- d-----w c:\program files\Common Files\Apple
2008-09-28 02:42 --------- d-----w c:\program files\Bonjour
2008-09-23 15:01 --------- d-----w c:\program files\Hewlett-Packard
2008-09-23 14:55 --------- d-----w c:\program files\Common Files\Hewlett-Packard
2008-09-15 12:12 1,846,400 ----a-w c:\windows\SYSTEM32\win32k.sys
2008-08-29 14:18 87,336 ----a-w c:\windows\SYSTEM32\dns-sd.exe
2008-08-29 13:53 61,440 ----a-w c:\windows\SYSTEM32\dnssd.dll
2008-08-27 08:24 3,593,216 ------w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
2008-08-25 08:38 13,824 ------w c:\windows\SYSTEM32\DLLCACHE\ieudinit.exe
2008-08-25 08:37 70,656 ------w c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-08-23 05:56 635,848 ----a-w c:\windows\SYSTEM32\DLLCACHE\iexplore.exe
2008-08-23 05:54 161,792 ----a-w c:\windows\SYSTEM32\DLLCACHE\ieakui.dll
2008-08-19 22:53 578,560 ----a-w c:\windows\SYSTEM32\DLLCACHE\user32.dll
2008-08-14 10:09 2,145,280 ----a-w c:\windows\SYSTEM32\ntoskrnl.exe
2008-08-14 10:04 138,496 ------w c:\windows\SYSTEM32\DLLCACHE\afd.sys
2008-08-14 09:33 2,023,936 ----a-w c:\windows\SYSTEM32\ntkrnlpa.exe
2008-03-22 13:31 317 ----a-w c:\program files\realmlist--.txt
2007-10-27 15:03 309,240 ----a-w c:\program files\AOLDNLD.exe
2007-10-20 04:07 48,009 ----a-w c:\program files\20071019171441682.pdf
2007-10-10 19:05 336,417 ----a-w c:\program files\GCLiteSetup14.exe
2007-01-12 18:12 4,841,060 -c--a-w c:\program files\Missy Higgins - falling.mp3
2006-02-28 00:27 6,009,044 -c--a-w c:\program files\Panic! at the Disco - Its Time To Dance.mp3
2005-10-11 03:05 3,639,296 -c--a-w c:\program files\The Rocket Summer - This Is Me.mp3
2005-10-11 02:51 6,539,280 -c--a-w c:\program files\the rocket summer - around the clock.mp3
2005-10-11 02:51 5,426,628 -c--a-w c:\program files\The Rocket Summer - Mean Thoughts And Cheap Shots.mp3
2005-04-26 03:01 5,727,787 -c--a-w c:\program files\Mariah Carey - The Emancipation of Mimi - 03 - Shake It Off.mp3
2005-04-10 17:37 5,751,940 -c--a-w c:\program files\50 cents - Valentine's Day Massacre - Money By Any Means.mp3
2005-04-06 03:27 4,039,752 -c--a-w c:\program files\Switchfoot- You (A Walk To Remember Soundtrack).mp3
2005-02-04 12:30 2,709,777 -c--a-w c:\program files\Green Day - Minority.mp3
2005-02-04 07:26 4,792,908 -c--a-w c:\program files\Jason Mraz - Beautiful.mp3
2005-02-04 06:56 4,037,780 -c--a-w c:\program files\FM Static - Crazy Mary.mp3
2005-02-04 06:04 3,434,496 -c--a-w c:\program files\Colective Soul - December.mp3
2005-02-04 05:28 5,646,704 -c--a-w c:\program files\Akon - Ghetto.mp3
2005-01-29 05:26 3,563,103 -c--a-w c:\program files\06 - Jump Jimmy (Stronger Than Mine).mp3
2005-01-09 06:13 2,866,269 -c--a-w c:\program files\josh kelley - Wrapped..mp3
2005-01-09 06:12 4,524,776 -c--a-w c:\program files\josh kelley - Knockin.mp3
2005-01-08 18:21 4,448,384 -c--a-w c:\program files\Blessed Union of Souls - Let Me Be The One.mp3
2008-08-12 15:01 32,768 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008081220080813\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-11-13_22.37.27.43 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-13 23:10:22 32,768 -c--a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
+ 2008-11-14 17:04:04 32,768 -c--a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
- 2008-11-13 23:10:22 32,768 -c--a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-11-14 17:04:04 32,768 -c--a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-09-20 4583424]
"HostManager"="c:\program files\Common Files\AOL\1124840716\ee\AOLSoftware.exe" [2007-05-25 42032]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-03-23 185896]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 4838952]
"MBkLogOnHook"="c:\program files\McAfee\MBK\LogOnHook.exe" [2007-01-08 20480]
"WN311T.exe"="c:\program files\NETGEAR\WN311T\WN311T.exe" [2008-03-10 565248]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9e.exe" [2007-11-20 218496]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 28672]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 2000 Series.lnk]
backup=c:\windows\pss\hp psc 2000 Series.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^officejet 6100.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\officejet 6100.lnk
backup=c:\windows\pss\officejet 6100.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
--a------ 2007-10-27 12:44 50528 c:\program files\AOL 9.1\aol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
-ra--c--- 2006-10-23 07:50 71216 c:\program files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-09-03 19:12 111936 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASM]
--a------ 2006-11-07 14:11 2500096 c:\program files\AOL\Active Security Monitor\ASMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 19:12 15360 c:\windows\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2004-08-13 02:05 122939 c:\windows\SYSTEM32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2004-09-15 02:01 86016 c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2004-08-23 19:19 57344 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX3800 Series]
--a------ 2005-02-07 14:00 98304 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_FATIACA.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-03-23 09:04 29744 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2007-05-25 12:16 42032 c:\program files\Common Files\AOL\1124840716\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
--a------ 2004-03-23 13:16 135168 c:\program files\Intel\Intel Application Accelerator\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-09-10 16:40 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2007-07-25 15:02 563984 c:\program files\Common Files\logishrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
--a------ 2006-01-17 13:03 53248 c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a------ 2006-01-17 13:03 135168 c:\progra~1\MUSICM~1\MUSICM~3\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2004-09-20 16:09 4583424 c:\windows\SYSTEM32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2008-03-23 11:48 214560 c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2004-06-30 14:33 1388544 c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 03:25 144784 c:\program files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1124840716\\ee\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\1124840716\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\WINDOWS\\SYSTEM32\\PnkBstrA.exe"=
"c:\\WINDOWS\\SYSTEM32\\PnkBstrB.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\McAfee\\VirusScan\\mcvsmap.exe"=
"c:\\WINDOWS\\SYSTEM32\\logonui.exe"=
"c:\\WINDOWS\\SYSTEM32\\winlogon.exe"=
"c:\\WINDOWS\\SYSTEM32\\services.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]
S3 GoogleDesktopManager-093007-112848;Google Desktop Manager 5.5.709.30344;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-03-23 29744]
S3 NETMW145;Marvell TOPDOG (TM) 802.11n Driver for Windows XP;c:\windows\system32\DRIVERS\NETMW145.sys [2007-11-10 722560]
S3 XDva190;XDva190;c:\windows\system32\XDva190.sys [ ]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\DRIVERS\xusb20.sys [2006-10-13 50048]
.
Contents of the 'Scheduled Tasks' folder

2008-11-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-07-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2008-09-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2008-11-14 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2007-09-18 22:42]

2008-11-14 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-11-05 20:52]

2008-11-06 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-11-05 20:52]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-14 16:36:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\LEXBCES.EXE
c:\windows\SYSTEM32\LEXPPS.EXE
c:\program files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Application Accelerator\IAANTmon.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\program files\McAfee\MBK\MBackMonitor.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\program files\McAfee\VirusScan\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\windows\SYSTEM32\nvsvc32.exe
c:\windows\SYSTEM32\PnkBstrA.exe
c:\windows\SYSTEM32\wdfmgr.exe
c:\windows\wanmpsvc.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\AOL\1124840716\ee\services\antiSpywareApp\ver2_0_25_1\AOLSP Scheduler.exe
c:\program files\Common Files\logishrd\LQCVFX\COCIManager.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2008-11-14 16:44:37 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-14 21:44:17
ComboFix2.txt 2008-11-14 03:38:42

Pre-Run: 29,565,812,736 bytes free
Post-Run: 29,558,599,680 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=20
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS=""

476 --- E O F --- 2008-10-25 05:40:51

0

Clean so far! Carry out my requests in my other post, #33, and we'll see where we stand. There is a remote possibility that some of your software may contain bundled adware and that it will complain, but you can then choose to simply reinstall it.

0

I like Opera now even more than firefox. Thanks for showing that to me. here are my logs.


Malwarebytes' Anti-Malware 1.30
Database version: 1400
Windows 5.1.2600 Service Pack 3

11/15/2008 2:07:59 PM
mbam-log-2008-11-15 (14-07-58).txt

Scan type: Full Scan (C:\|)
Objects scanned: 134829
Time elapsed: 1 hour(s), 2 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\MyWaySA (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWaySA\SrchAsDe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWaySA\SrchAsDe\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\nogorike.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\fonebipi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\zipavagi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:18:17 PM, on 11/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\1124840716\ee\AOLSoftware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\NETGEAR\WN311T\WN311T.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\program files\common files\aol\1124840716\ee\services\antiSpywareApp\ver2_0_25_1\AOLSP Scheduler.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124840716\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [WN311T.exe] C:\Program Files\NETGEAR\WN311T\WN311T.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [mazayefoha] Rundll32.exe "C:\WINDOWS\system32\yojonaso.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [mazayefoha] Rundll32.exe "C:\WINDOWS\system32\yojonaso.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe (User 'Default user')
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - KALiNKOsoft - C:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle_updater.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 10668 bytes

0

Heh... don't you just love it when anti-malware pgms find quarantined malware files, and quarantine them themselves?

O4 - HKUS\S-1-5-19\..\Run: [mazayefoha] Rundll32.exe "C:\WINDOWS\system32\yojonaso.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [mazayefoha] Rundll32.exe "C:\WINDOWS\system32\yojonaso.dll",s (User 'NETWORK SERVICE')

These two are still there. It's disappointing that Panda did not spot them.
Start hijackthis, select Scan Only, place checkmarks against those two if they still exist, and then press Fix Checked.
And post another hijackthis log....
{A note for those looking on over our shoulders: the Firefox vs Opera comment arose because FF cannot properly render large posts on this site, it leaves blanks or gaps with missing content. Opera works just fine.]

0

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:29:29 PM, on 11/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\1124840716\ee\AOLSoftware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\NETGEAR\WN311T\WN311T.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\program files\common files\aol\1124840716\ee\services\antiSpywareApp\ver2_0_25_1\AOLSP Scheduler.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124840716\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [WN311T.exe] C:\Program Files\NETGEAR\WN311T\WN311T.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe (User 'Default user')
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - KALiNKOsoft - C:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle_updater.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 10055 bytes

0

Orright! Clean as... don't you also love it when you win one?
I have no idea how you actually ppicked that infection up.. could have been an email, something you clicked on in an infected site, a dodgy download... but the fact is, you invited it in. So be careful out there.
If you do not use the AOL Search item that shows up in your rclick context menu you can remove it by fixing this entry:
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html

Anyway, good luck, Mary C.,... and enjoy the hockey games. Win one, now n then.

0

Thanks a ton. I wish I knew where I got it also. Oh well it's gone now. I have one last question before I leave. You don't need to help because this is totally off topic. I recently bought a microsoft xbox 360 wireless receiver for windows. It did not come with the software because i got it from ebay. I downloaded and installed the software from the microsoft website. The receiver can turn on, I can connect my controller, but my computer can't seem to find my controller??? I just wanted to ask, what website could I use for someone to help me out with that, or if you knew the problem. Thanks again for your time. Bye.

0

Mary, i have no ideas on that.. I would try various gaming sites devoted to Xbox.
Because you are using a wireless receiver be sure the device is connected to a normal, powered USB port [one that is hooked to the mb sockets], and not a hub, otherwise it may not have sufficient power to operate the radio?

0

To set the record straight for those who may read this thread, I miscoded my Registry scripts..eg, this won't work:
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs]
"C:\WINDOWS\system32\zobubabe.dll"=-
"c:\windows\system32\ritibiji.dll"=-
"c:\windows\system32\kedohugu.dll"=-

..and also my instructions for Avenger of this type:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs | C:\WINDOWS\system32\zobubabe.dll

They should read like this - process is delete the name and hence its data then recreate the name thus:
So, the script:
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=-
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
...would do the job, and the Avenger instruction:
Registry values to delete:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs
...would remove the name[or value] and hence the paths of the bad files, but it would be necessary to then make a script to replace the name AppInit_DLLS as above.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.