Tech Support Forum - View Single Post - POP-UP virus having problems removing

AnnaLop · 06-16-2008, 08:57 PM

Hello TheBruce1

I deleted old Java and loaded version 6. Ran atf cleaner per your instructions.
here are the requested logs. That Kaspersky Scan Report sure does take a long time.
Thanks again for your time and talent on this matter.

ComboFix 08-06-15.4 - HP_Owner 2008-06-16 16:42:27.2 - NTFSx86
Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Owner\Desktop\CFscript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\003004_.tmp
C:\WINDOWS\imsins.BAK
C:\WINDOWS\system32\eccxctal.tmp
C:\WINDOWS\system32\rjdflwku.ini
C:\WINDOWS\system32\ugmvutbe.tmp
C:\WINDOWS\uccspecc.sys
C:\WINDOWS\wininit.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\VundoFix Backups
C:\WINDOWS\003004_.tmp
C:\WINDOWS\imsins.BAK
C:\WINDOWS\system32\rjdflwku.ini
C:\WINDOWS\system32\ugmvutbe.tmp
C:\WINDOWS\uccspecc.sys
C:\WINDOWS\wininit.ini

.
((((((((((((((((((((((((( Files Created from 2008-05-16 to 2008-06-16 )))))))))))))))))))))))))))))))
.

2008-06-16 11:38 . 2008-06-16 11:38 <DIR> d----c--- C:\XPSETUP
2008-06-16 10:28 . 2008-06-16 10:28 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-16 10:22 . 2008-06-16 11:11 <DIR> d----c--- C:\SDFix
2008-06-14 12:21 . 2008-06-14 12:52 <DIR> d-------- C:\Program Files\Security Task Manager
2008-06-14 12:21 . 2008-06-14 12:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-06-13 21:20 . 2008-06-13 21:20 <DIR> d----c--- C:\Deckard
2008-06-13 21:05 . 2008-06-13 21:11 <DIR> d----c--- C:\ie-spyad_zo
2008-06-13 20:50 . 2008-06-13 20:50 <DIR> d-------- C:\ZonedOut
2008-06-13 20:40 . 2008-06-13 20:43 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-06-13 20:40 . 2008-06-13 20:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-13 16:36 . 2008-06-13 16:36 <DIR> d-------- C:\Program Files\Panda Security
2008-06-12 12:41 . 2008-06-12 12:44 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-06-12 12:29 . 2008-06-12 12:29 <DIR> d-------- C:\WINDOWS\EHome
2008-06-12 10:45 . 2008-06-16 16:28 2,206 --a------ C:\WINDOWS\system32\wpa.dbl
2008-06-12 10:40 . 2008-05-08 10:02 203,136 --------- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-12 10:39 . 2008-04-14 08:30 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-08 21:04 . 2008-06-08 21:06 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-08 21:04 . 2008-06-08 23:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-08 20:08 . 2008-06-10 10:29 <DIR> d-------- C:\Program Files\Uniblue
2008-06-05 10:24 . 2008-06-05 10:24 <DIR> d----c--- C:\SIERRA
2008-05-23 21:54 . 2008-05-23 21:54 <DIR> d-------- C:\Program Files\CCleaner
2008-05-23 21:19 . 2008-05-23 21:19 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Uniblue
2008-05-23 11:13 . 2008-05-23 11:13 <DIR> d-------- C:\Program Files\directx

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-16 15:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-06-16 08:21 --------- d-----w C:\Program Files\Java
2008-06-13 02:08 --------- d-----w C:\Program Files\Shutterfly
2008-06-13 02:08 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Shutterfly
2008-06-13 00:08 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-06-12 16:49 45,056 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2008-06-12 16:49 44,032 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2008-06-12 13:22 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\AVG7
2008-06-10 12:11 --------- d-----w C:\Program Files\Quicken
2008-06-10 12:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-10 12:04 --------- d-----w C:\Program Files\Winamp
2008-06-02 13:00 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-02 12:54 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\AdobeUM
2008-05-20 20:31 --------- d-----w C:\Program Files\Advanced GET EOD
2008-05-14 01:40 --------- d-----w C:\Program Files\Bejeweled 2 Deluxe
2008-05-08 19:04 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:59 720,896 ----a-w C:\WINDOWS\iun6002ev.exe
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:12 1,288,192 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-06 03:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-04-29 20:32 --------- d-----w C:\Program Files\Typing Instructor Deluxe
2008-04-21 06:44 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-21 06:44 666,112 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2008-04-21 06:44 3,066,880 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-14 09:55 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 09:46 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 09:43 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 09:43 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 09:43 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 09:41 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll
2008-04-14 09:40 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 09:40 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 09:40 4,126 ----a-w C:\WINDOWS\system32\dllcache\msdxmlc.dll
2008-04-14 09:40 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-14 06:30 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-14 05:00 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-14 04:57 2,188,928 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 04:15 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-14 04:05 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll
2008-04-14 04:01 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-14 04:01 2,065,792 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 04:00 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-14 03:45 76,800 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 03:09 438,784 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-14 03:09 2,897,920 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-14 03:09 187,392 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-14 03:07 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-14 03:07 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-14 02:57 79,872 ----a-w C:\WINDOWS\system32\msxml6r.dll
2008-04-14 02:57 79,872 ------w C:\WINDOWS\system32\dllcache\msxml6r.dll
2008-04-14 02:56 94,208 ----a-w C:\WINDOWS\system32\odbcint.dll
2008-04-14 02:56 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-14 02:56 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-14 02:54 20,480 ----a-w C:\WINDOWS\system32\msorc32r.dll
2008-04-14 02:51 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-04-14 02:39 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-14 02:33 63,488 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-14 02:33 549,376 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-14 02:18 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-14 02:15 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-04-14 01:56 56,832 ----a-w C:\WINDOWS\system32\mshtmler.dll
2008-04-14 01:53 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2008-04-14 01:52 48,128 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-14 01:09 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
2007-03-12 12:55 142,950 ----a-w C:\Program Files\IMAG0004.JPG
2007-03-12 12:53 172,330 ----a-w C:\Program Files\IMAG0003.JPG
2007-03-12 12:48 188,766 ----a-w C:\Program Files\IMAG0001.JPG
2007-03-12 12:48 170,718 ----a-w C:\Program Files\IMAG0002.JPG
2006-05-31 15:52 1,408 ----a-w C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
2006-02-15 21:00 15,093 -c--a-w C:\Program Files\Common Files\Deep_theta_complete.bwg
.

((((((((((((((((((((((((((((( snapshot@2008-06-16_12.46.33.89 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-16 16:34:29 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-16 20:28:05 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:42 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 15:54 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 03:52 579584]
"FinePrint Dispatcher v5"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [2005-09-19 22:42 487424]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-11-02 04:59 126976]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 18:34 245760]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 18:22 35328]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [1998-07-07 17:20 22528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-23 07:42 282624]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-16 23:41 28738]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 09:54 253952]
"InstantAccess"="C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.exe" [1998-07-07 17:04 37376]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46 57344]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [1998-07-07 17:20 22528]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-25 16:03 219136]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 15:54 68856]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-18 00:05:56 65588]
Monitor Apache Servers.lnk - C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe [2008-01-17 23:59:58 41042]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 17:23:32 74308]
Updates from HP.lnk - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe [2005-08-26 03:41:47 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.MJPG"= m3jpeg32.dll
"vidc.dmb1"= m3jpeg32.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"C:\\Program Files\\Hewlett-Packard\\HP Organize\\bin\\displayAgent.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Microsoft SQL Server\\MSSQL.1\\MSSQL\\Binn\\sqlservr.exe"=
"C:\\Program Files\\Microsoft SQL Server\\90\\Shared\\sqlbrowser.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\WeBuilder 2007\\webuild.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R2 FastPara;FastPara;C:\WINDOWS\system32\drivers\FastPara.sys [1998-10-09 21:53]
S3 MSSQL$SQL2000;MSSQL$SQL2000;C:\Program Files\Microsoft SQL Server\MSSQL$SQL2000\Binn\sqlservr.exe [2002-12-17 17:26]
S3 MySQL41;MySQL41;"C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt" --defaults-file="C:\Program Files\MySQL\MySQL Server 5.0\my.ini" MySQL41 []
S3 SQLAgent$SQL2000;SQLAgent$SQL2000;C:\Program Files\Microsoft SQL Server\MSSQL$SQL2000\Binn\sqlagent.EXE [2002-12-17 17:23]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-16 20:31:14 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-16 16:48:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\TEMP\TMP0000008C22B43A646E2CBA31 524288 bytes

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySQL41]
"ImagePath"="\"C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"C:\Program Files\MySQL\MySQL Server 5.0\my.ini\" MySQL41"
.
Completion time: 2008-06-16 16:52:51
ComboFix-quarantined-files.txt 2008-06-16 20:52:35
ComboFix2.txt 2008-06-16 16:47:23

Pre-Run: 12,327,854,080 bytes free
Post-Run: 12,322,594,816 bytes free

212 --- E O F --- 2008-06-14 21:10:40
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, June 16, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, June 16, 2008 20:33:01
Records in database: 874421
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics:
Files scanned: 135817
Threat name: 6
Infected objects: 8
Suspicious objects: 0
Duration of the scan: 04:08:13

File name / Threat name / Threats count
C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\MPSampleSubmit\a0001062.exe.xor Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\MPSampleSubmit\a0001109.dll.xor Infected: Trojan.Win32.Monder.mx 1
C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\MPSampleSubmit\a0001110.dll.xor Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\MPSampleSubmit\xbgmdpxb.dll.xor Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b 1
C:\Documents and Settings\All Users\Application Data\SecTaskMan\axkroewn.dll.q_8048201_q Infected: Trojan.Win32.Monder.pt 1
C:\QooBox\Quarantine\C\WINDOWS\system32\euvxhfwc.dll.vir Infected: Trojan-PSW.Win32.OnLineGames.apjl 1
D:\I386\Apps\APP11629\src\HPSummer2005.exe Infected: not-a-virus:AdWare.Win32.MyWay.j 1

The selected area was scanned.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:49:16 PM, on 6/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - <default> - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O15 - Trusted Zone: *.moove.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase9563.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1139869182765
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O23 - Service: Apache2 - Apache Software Foundation - C:\Program Files\Apache Group\Apache2\bin\Apache.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MySQL41 - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 10430 bytes

06-16-2008, 08:57 PM	#5 (permalink)
AnnaLop Registered User Join Date: Jun 2008 Location: Fort Lauderdale Florida Posts: 14 OS: XP	Re: POP-UP virus having problems removing Hello TheBruce1 I deleted old Java and loaded version 6. Ran atf cleaner per your instructions. here are the requested logs. That Kaspersky Scan Report sure does take a long time. Thanks again for your time and talent on this matter. ComboFix 08-06-15.4 - HP_Owner 2008-06-16 16:42:27.2 - NTFSx86 Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\HP_Owner\Desktop\CFscript.txt * Created a new restore point FILE :: C:\WINDOWS\003004_.tmp C:\WINDOWS\imsins.BAK C:\WINDOWS\system32\eccxctal.tmp C:\WINDOWS\system32\rjdflwku.ini C:\WINDOWS\system32\ugmvutbe.tmp C:\WINDOWS\uccspecc.sys C:\WINDOWS\wininit.ini . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\VundoFix Backups C:\WINDOWS\003004_.tmp C:\WINDOWS\imsins.BAK C:\WINDOWS\system32\rjdflwku.ini C:\WINDOWS\system32\ugmvutbe.tmp C:\WINDOWS\uccspecc.sys C:\WINDOWS\wininit.ini . ((((((((((((((((((((((((( Files Created from 2008-05-16 to 2008-06-16 ))))))))))))))))))))))))))))))) . 2008-06-16 11:38 . 2008-06-16 11:38 <DIR> d----c--- C:\XPSETUP 2008-06-16 10:28 . 2008-06-16 10:28 <DIR> d-------- C:\WINDOWS\ERUNT 2008-06-16 10:22 . 2008-06-16 11:11 <DIR> d----c--- C:\SDFix 2008-06-14 12:21 . 2008-06-14 12:52 <DIR> d-------- C:\Program Files\Security Task Manager 2008-06-14 12:21 . 2008-06-14 12:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan 2008-06-13 21:20 . 2008-06-13 21:20 <DIR> d----c--- C:\Deckard 2008-06-13 21:05 . 2008-06-13 21:11 <DIR> d----c--- C:\ie-spyad_zo 2008-06-13 20:50 . 2008-06-13 20:50 <DIR> d-------- C:\ZonedOut 2008-06-13 20:40 . 2008-06-13 20:43 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-06-13 20:40 . 2008-06-13 20:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP 2008-06-13 16:36 . 2008-06-13 16:36 <DIR> d-------- C:\Program Files\Panda Security 2008-06-12 12:41 . 2008-06-12 12:44 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-06-12 12:29 . 2008-06-12 12:29 <DIR> d-------- C:\WINDOWS\EHome 2008-06-12 10:45 . 2008-06-16 16:28 2,206 --a------ C:\WINDOWS\system32\wpa.dbl 2008-06-12 10:40 . 2008-05-08 10:02 203,136 --------- C:\WINDOWS\system32\dllcache\rmcast.sys 2008-06-12 10:39 . 2008-04-14 08:30 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-08 21:04 . 2008-06-08 21:06 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-06-08 21:04 . 2008-06-08 23:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-06-08 20:08 . 2008-06-10 10:29 <DIR> d-------- C:\Program Files\Uniblue 2008-06-05 10:24 . 2008-06-05 10:24 <DIR> d----c--- C:\SIERRA 2008-05-23 21:54 . 2008-05-23 21:54 <DIR> d-------- C:\Program Files\CCleaner 2008-05-23 21:19 . 2008-05-23 21:19 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Uniblue 2008-05-23 11:13 . 2008-05-23 11:13 <DIR> d-------- C:\Program Files\directx . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-16 15:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7 2008-06-16 08:21 --------- d-----w C:\Program Files\Java 2008-06-13 02:08 --------- d-----w C:\Program Files\Shutterfly 2008-06-13 02:08 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Shutterfly 2008-06-13 00:08 --------- d-----w C:\Program Files\Windows Live Safety Center 2008-06-12 16:49 45,056 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe 2008-06-12 16:49 44,032 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe 2008-06-12 13:22 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\AVG7 2008-06-10 12:11 --------- d-----w C:\Program Files\Quicken 2008-06-10 12:05 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-10 12:04 --------- d-----w C:\Program Files\Winamp 2008-06-02 13:00 --------- d-----w C:\Program Files\Common Files\Adobe 2008-06-02 12:54 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\AdobeUM 2008-05-20 20:31 --------- d-----w C:\Program Files\Advanced GET EOD 2008-05-14 01:40 --------- d-----w C:\Program Files\Bejeweled 2 Deluxe 2008-05-08 19:04 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-05-07 05:59 720,896 ----a-w C:\WINDOWS\iun6002ev.exe 2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll 2008-05-07 05:12 1,288,192 ------w C:\WINDOWS\system32\dllcache\quartz.dll 2008-05-06 03:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia 2008-04-29 20:32 --------- d-----w C:\Program Files\Typing Instructor Deluxe 2008-04-21 06:44 666,112 ----a-w C:\WINDOWS\system32\wininet.dll 2008-04-21 06:44 666,112 ------w C:\WINDOWS\system32\dllcache\wininet.dll 2008-04-21 06:44 3,066,880 ------w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-04-14 09:55 1,804 ----a-w C:\WINDOWS\system32\dcache.bin 2008-04-14 09:46 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe 2008-04-14 09:43 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll 2008-04-14 09:43 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll 2008-04-14 09:43 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll 2008-04-14 09:41 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll 2008-04-14 09:40 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll 2008-04-14 09:40 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll 2008-04-14 09:40 4,126 ----a-w C:\WINDOWS\system32\dllcache\msdxmlc.dll 2008-04-14 09:40 3,584 ----a-w C:\WINDOWS\system32\msafd.dll 2008-04-14 06:30 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll 2008-04-14 05:00 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys 2008-04-14 04:57 2,188,928 ----a-w C:\WINDOWS\system32\ntoskrnl.exe 2008-04-14 04:15 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys 2008-04-14 04:05 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll 2008-04-14 04:01 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll 2008-04-14 04:01 2,065,792 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe 2008-04-14 04:00 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll 2008-04-14 03:45 76,800 ------w C:\WINDOWS\system32\msshavmsg.dll 2008-04-14 03:09 438,784 ----a-w C:\WINDOWS\system32\xpob2res.dll 2008-04-14 03:09 2,897,920 ----a-w C:\WINDOWS\system32\xpsp2res.dll 2008-04-14 03:09 187,392 ----a-w C:\WINDOWS\system32\xpsp1res.dll 2008-04-14 03:07 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll 2008-04-14 03:07 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll 2008-04-14 02:57 79,872 ----a-w C:\WINDOWS\system32\msxml6r.dll 2008-04-14 02:57 79,872 ------w C:\WINDOWS\system32\dllcache\msxml6r.dll 2008-04-14 02:56 94,208 ----a-w C:\WINDOWS\system32\odbcint.dll 2008-04-14 02:56 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll 2008-04-14 02:56 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll 2008-04-14 02:54 20,480 ----a-w C:\WINDOWS\system32\msorc32r.dll 2008-04-14 02:51 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll 2008-04-14 02:39 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll 2008-04-14 02:33 63,488 ----a-w C:\WINDOWS\system32\browselc.dll 2008-04-14 02:33 549,376 ----a-w C:\WINDOWS\system32\shdoclc.dll 2008-04-14 02:18 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll 2008-04-14 02:15 216,064 ----a-w C:\WINDOWS\system32\moricons.dll 2008-04-14 01:56 56,832 ----a-w C:\WINDOWS\system32\mshtmler.dll 2008-04-14 01:53 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll 2008-04-14 01:52 48,128 ----a-w C:\WINDOWS\system32\inetres.dll 2008-04-14 01:09 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll 2007-03-12 12:55 142,950 ----a-w C:\Program Files\IMAG0004.JPG 2007-03-12 12:53 172,330 ----a-w C:\Program Files\IMAG0003.JPG 2007-03-12 12:48 188,766 ----a-w C:\Program Files\IMAG0001.JPG 2007-03-12 12:48 170,718 ----a-w C:\Program Files\IMAG0002.JPG 2006-05-31 15:52 1,408 ----a-w C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat 2006-02-15 21:00 15,093 -c--a-w C:\Program Files\Common Files\Deep_theta_complete.bwg . ((((((((((((((((((((((((((((( snapshot@2008-06-16_12.46.33.89 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-16 16:34:29 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-16 20:28:05 2,048 --s-a-w C:\WINDOWS\bootstat.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:42 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 15:54 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 03:52 579584] "FinePrint Dispatcher v5"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [2005-09-19 22:42 487424] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-11-02 04:59 126976] "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 18:34 245760] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 18:22 35328] "RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [1998-07-07 17:20 22528] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-23 07:42 282624] "Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-16 23:41 28738] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 09:54 253952] "InstantAccess"="C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.exe" [1998-07-07 17:04 37376] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46 57344] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [1998-07-07 17:20 22528] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-25 16:03 219136] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 15:54 68856] "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-18 00:05:56 65588] Monitor Apache Servers.lnk - C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe [2008-01-17 23:59:58 41042] Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 17:23:32 74308] Updates from HP.lnk - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe [2005-08-26 03:41:47 45056] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.MJPG"= m3jpeg32.dll "vidc.dmb1"= m3jpeg32.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"= "C:\\Program Files\\Hewlett-Packard\\HP Organize\\bin\\displayAgent.exe"= "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Microsoft SQL Server\\MSSQL.1\\MSSQL\\Binn\\sqlservr.exe"= "C:\\Program Files\\Microsoft SQL Server\\90\\Shared\\sqlbrowser.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"= "C:\\WINDOWS\\system32\\mmc.exe"= "C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\WeBuilder 2007\\webuild.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R2 FastPara;FastPara;C:\WINDOWS\system32\drivers\FastPara.sys [1998-10-09 21:53] S3 MSSQL$SQL2000;MSSQL$SQL2000;C:\Program Files\Microsoft SQL Server\MSSQL$SQL2000\Binn\sqlservr.exe [2002-12-17 17:26] S3 MySQL41;MySQL41;"C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt" --defaults-file="C:\Program Files\MySQL\MySQL Server 5.0\my.ini" MySQL41 [] S3 SQLAgent$SQL2000;SQLAgent$SQL2000;C:\Program Files\Microsoft SQL Server\MSSQL$SQL2000\Binn\sqlagent.EXE [2002-12-17 17:23] Newly Created Service - CATCHME . Contents of the 'Scheduled Tasks' folder "2008-06-16 20:31:14 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-16 16:48:26 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\WINDOWS\TEMP\TMP0000008C22B43A646E2CBA31 524288 bytes scan completed successfully hidden files: 1 ************************************************************************ [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySQL41] "ImagePath"="\"C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"C:\Program Files\MySQL\MySQL Server 5.0\my.ini\" MySQL41" . Completion time: 2008-06-16 16:52:51 ComboFix-quarantined-files.txt 2008-06-16 20:52:35 ComboFix2.txt 2008-06-16 16:47:23 Pre-Run: 12,327,854,080 bytes free Post-Run: 12,322,594,816 bytes free 212 --- E O F --- 2008-06-14 21:10:40 -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Monday, June 16, 2008 Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Monday, June 16, 2008 20:33:01 Records in database: 874421 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: A:\ C:\ D:\ E:\ F:\ G:\ H:\ I:\ Scan statistics: Files scanned: 135817 Threat name: 6 Infected objects: 8 Suspicious objects: 0 Duration of the scan: 04:08:13 File name / Threat name / Threats count C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\MPSampleSubmit\a0001062.exe.xor Infected: Trojan.Win32.Monder.gen 1 C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\MPSampleSubmit\a0001109.dll.xor Infected: Trojan.Win32.Monder.mx 1 C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\MPSampleSubmit\a0001110.dll.xor Infected: Trojan.Win32.Monder.gen 1 C:\Deckard\System Scanner\backup\DOCUME~1\HP_Owner\LOCALS~1\Temp\MPSampleSubmit\xbgmdpxb.dll.xor Infected: Trojan.Win32.Monder.gen 1 C:\Deckard\System Scanner\backup\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b 1 C:\Documents and Settings\All Users\Application Data\SecTaskMan\axkroewn.dll.q_8048201_q Infected: Trojan.Win32.Monder.pt 1 C:\QooBox\Quarantine\C\WINDOWS\system32\euvxhfwc.dll.vir Infected: Trojan-PSW.Win32.OnLineGames.apjl 1 D:\I386\Apps\APP11629\src\HPSummer2005.exe Infected: not-a-virus:AdWare.Win32.MyWay.j 1 The selected area was scanned. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:49:16 PM, on 6/16/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\HPZipm12.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\ALCXMNTR.EXE C:\WINDOWS\AGRSMMSG.exe c:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\hphmon06.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local R3 - URLSearchHook: (no name) - <default> - (no file) R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O15 - Trusted Zone: .moove.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase9563.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1139869182765 O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab O23 - Service: Apache2 - Apache Software Foundation - C:\Program Files\Apache Group\Apache2\bin\Apache.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: MySQL41 - Unknown owner - C:\Program.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 10430 bytes