Tech Support Forum - View Single Post

birddog86 · 11-16-2008, 01:57 PM

Sorry it's taking me so long. I ran the Norton Removal tool. I ran the combofix with the cfscript & have posted the results below.
I could not find the files you listed to do the virustotal step. And I still cannot run the kaspersky scan. I was able to do the ESET scan though and have posted those results as well. Finally, I ran the hijack this and posted those results too.

ComboFix 08-11-09.04 - Amy Wasley 2008-11-12 19:38:58.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.49 [GMT -6:00]
Running from: c:\documents and settings\Amy Wasley\Desktop\ComboFix.exe
Command switches used :: C:\cfscript.txt
* Created a new restore point

FILE ::
c:\windows\download1
c:\windows\system32\sysff11l2jp1.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Symantec
c:\documents and settings\All Users\Application Data\Symantec\ErrLogs\{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}b02c91d0.zip.log
c:\documents and settings\All Users\Application Data\Symantec\ErrLogs\{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}eda51550.zip
c:\documents and settings\All Users\Application Data\Symantec\ErrLogs\Uploaded\{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}b02c91d0.zip
c:\program files\Common Files\riuk
c:\program files\Common Files\riuk\riuka.lck
c:\program files\Common Files\riuk\riukd\class-barrel
c:\program files\Common Files\riuk\riukd\vocabulary
c:\program files\Common Files\riuk\riukl.lck
c:\program files\Common Files\riuk\riukm.lck
c:\program files\Common Files\Symantec Shared
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsys.dll
c:\program files\Common Files\Symantec Shared\Support Controls\SymXPep2.dll
c:\program files\Common Files\Symantec Shared\Support Controls\System_Restore.exe
c:\windows\download1
c:\windows\riuk
c:\windows\riuk\riuk.dat
c:\windows\riuk\wu
c:\windows\system32\sysff11l2jp1.dll

.
((((((((((((((((((((((((( Files Created from 2008-10-13 to 2008-11-13 )))))))))))))))))))))))))))))))
.

2008-11-12 19:28 . 2008-11-12 19:28 <DIR> d-------- c:\windows\LastGood
2008-11-12 17:44 . 2008-11-12 17:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2008-11-10 20:55 . 2008-11-10 20:55 <DIR> d-------- c:\documents and settings\LocalService\Application Data\SACore
2008-11-10 20:26 . 2008-11-10 20:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\SiteAdvisor
2008-11-10 20:26 . 2008-11-12 19:30 7,491 --a------ c:\windows\system32\Config.MPF
2008-11-10 20:17 . 2008-06-02 14:55 120,136 --a------ c:\windows\system32\drivers\Mpfp.sys
2008-11-10 20:17 . 2008-06-27 06:08 79,240 --a------ c:\windows\system32\drivers\mfeavfk.sys
2008-11-10 20:17 . 2008-06-27 06:08 40,488 --a------ c:\windows\system32\drivers\mfesmfk.sys
2008-11-10 20:17 . 2008-06-27 06:08 35,240 --a------ c:\windows\system32\drivers\mfebopk.sys
2008-11-10 20:16 . 2008-11-10 20:17 <DIR> d-------- c:\program files\Common Files\McAfee
2008-11-10 20:15 . 2008-11-10 20:16 <DIR> d-------- c:\program files\McAfee.com
2008-11-10 20:14 . 2008-11-12 07:23 <DIR> d-------- c:\program files\McAfee
2008-11-10 20:06 . 2008-06-20 05:41 34,152 --a------ c:\windows\system32\drivers\mferkdk.sys
2008-11-10 20:01 . 2008-11-10 20:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee
2008-11-10 19:02 . 2008-11-10 19:02 <DIR> d-------- c:\windows\E80F62FF5D3C4A1984099721F2928206.TMP
2008-11-10 18:41 . 2008-11-10 18:40 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-10 18:41 . 2008-11-10 18:40 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-06 16:53 . 2008-11-06 17:25 250 --a------ c:\windows\gmer.ini
2008-11-06 10:00 . 2008-11-06 17:07 <DIR> d-------- C:\rsit
2008-11-05 18:12 . 2008-11-05 18:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-11-05 17:42 . 2008-11-12 12:25 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-11-05 17:42 . 2008-11-12 12:25 <DIR> d-------- c:\documents and settings\Amy Wasley\Application Data\SUPERAntiSpyware.com
2008-11-05 14:11 . 2008-11-05 14:11 <DIR> d-------- c:\program files\Trend Micro
2008-11-04 11:59 . 2008-11-04 11:59 <DIR> d-------- c:\documents and settings\Amy Wasley\Application Data\Malwarebytes
2008-11-04 11:53 . 2008-11-04 11:59 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-04 11:53 . 2008-11-04 11:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-04 11:53 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-04 11:53 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-03 20:18 . 2007-12-17 20:08 <DIR> d-------- c:\documents and settings\Administrator.FAMILYCOMPUTER\Application Data\Apple Computer
2008-11-03 20:18 . 2008-11-03 20:18 <DIR> d-------- c:\documents and settings\Administrator.FAMILYCOMPUTER
2008-11-02 16:49 . 2008-11-02 16:49 9,662 --a------ c:\windows\system32\ZoneAlarmIconUS.ico
2008-11-02 16:38 . 2008-11-02 16:38 4,286 --a------ c:\windows\system32\Jamster.ico
2008-11-02 12:38 . 2008-11-02 12:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-02 12:31 . 2008-11-02 12:31 <DIR> d-------- c:\windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2008-11-02 07:16 . 2008-11-02 07:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Tools
2008-11-01 21:59 . 2008-11-02 11:50 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\Facegame
2008-11-01 16:54 . 2008-11-10 12:33 <DIR> d-------- c:\program files\Spyware Doctor
2008-10-23 20:45 . 2008-10-15 10:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-16 17:20 . 2008-10-16 17:20 <DIR> d-------- c:\windows\system32\scripting
2008-10-16 17:20 . 2008-10-16 17:20 <DIR> d-------- c:\windows\system32\en
2008-10-16 17:20 . 2008-10-16 17:20 <DIR> d-------- c:\windows\l2schemas
2008-10-15 22:08 . 2008-09-08 04:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-10-15 22:07 . 2008-08-14 04:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-15 22:07 . 2008-08-14 04:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-15 22:07 . 2008-08-14 03:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-15 22:07 . 2008-08-14 03:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-15 22:07 . 2008-09-15 06:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-12 18:25 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-11 00:47 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-11 00:40 --------- d-----w c:\program files\Java
2008-11-05 23:40 --------- d-----w c:\program files\Lavasoft
2008-09-28 15:24 --------- d-----w c:\program files\Vet Emergency
2008-09-16 00:54 --------- d-----w c:\documents and settings\Amy Wasley\Application Data\Image Zone Express
2008-09-15 22:49 --------- d-----w c:\documents and settings\Amy Wasley\Application Data\Creative
2008-09-15 03:30 --------- d-----w c:\program files\iTunes
2008-09-15 02:40 --------- d-----w c:\program files\iPod
2008-09-15 02:40 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-15 02:36 --------- d-----w c:\program files\Bonjour
2008-09-15 02:35 --------- d-----w c:\program files\QuickTime
2008-09-15 02:34 --------- d-----w c:\program files\Common Files\Apple
2008-09-15 02:32 --------- d-----w c:\program files\Apple Software Update
2008-09-14 15:59 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-09-14 15:58 --------- d-----w c:\program files\Yahoo!
2008-09-14 15:49 --------- d-----w c:\program files\Charter High-Speed Security Suite
2004-08-13 21:27 1,452 ----a-w c:\program files\hbexport813.qif
2004-08-13 16:34 5,815,952 ----a-w c:\program files\zlsSetup_51_011.exe
2004-08-13 14:38 2,610,649 ----a-w c:\program files\aawsepersonal.exe
.

((((((((((((((((((((((((((((( snapshot@2008-11-10_13.17.21.62 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-11 02:24:27 126,976 ----a-w c:\windows\assembly\GAC\Arbus.Common\2.2.4.3__14cac4d33a885ed2\Arbus.Common.dll
+ 2008-11-11 02:24:27 20,480 ----a-w c:\windows\assembly\GAC\Arbus.Interfacing.Library\1.0.4.0__2be3a081d8c94867\Arbus.Interfacing.Library.dll
+ 2008-11-11 02:24:27 20,480 ----a-w c:\windows\assembly\GAC\ArbusApplicationController\1.0.3093.38280__da57d5d39b1d6dd8\ArbusApplicationController.dll
+ 2008-11-11 01:02:35 22,016 ----a-w c:\windows\E80F62FF5D3C4A1984099721F2928206.TMP\WiseCustomCall.dll
+ 2005-10-21 02:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
- 2008-11-10 18:39:55 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-11-12 23:17:10 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-11-10 18:39:55 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-11-12 23:17:10 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-11-10 18:39:55 49,152 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-11-12 23:17:10 49,152 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-27 12:08:40 207,656 ----a-w c:\windows\system32\drivers\mfehidk.sys
- 2004-09-29 01:29:28 45,161 ----a-w c:\windows\system32\java.exe
+ 2008-11-11 00:40:36 144,792 ----a-w c:\windows\system32\java.exe
- 2004-09-29 01:29:34 45,163 ----a-w c:\windows\system32\javaw.exe
+ 2008-11-11 00:40:36 144,792 ----a-w c:\windows\system32\javaw.exe
+ 2008-11-11 00:40:36 148,888 ----a-w c:\windows\system32\javaws.exe
+ 2008-11-13 01:21:18 16,384 ----atw c:\windows\temp\Perflib_Perfdata_120.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-09-11 95536]
"NvMediaCenter"="c:\windows\system32\NVMCTRAY.DLL" [2003-10-06 49152]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2003-10-06 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-10-20 180269]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2008-06-13 1176808]
"nwiz"="nwiz.exe" [2003-10-06 c:\windows\system32\nwiz.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Cisco Systems VPN Client.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk
backup=c:\windows\pss\Cisco Systems VPN Client.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Norton GoBack.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Norton GoBack.lnk
backup=c:\windows\pss\Norton GoBack.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
--a------ 2002-12-17 13:28 684032 c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-09-10 16:40 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 18:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2003-10-06 13:16 5058560 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2003-10-06 13:16 49152 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QAGENT]
--a------ 2001-08-01 13:30 94208 c:\program files\QUICKENW\qagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2004-10-20 20:13 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
--a------ 2003-08-29 05:59 122880 c:\windows\BCMSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2003-10-06 13:16 741376 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QD FastAndSafe]
--a------ 2003-08-29 05:59 122880 c:\windows\BCMSMMSG.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-10-08 203280]
R2 mrtRate;mrtRate;c:\windows\system32\drivers\mrtRate.sys [2001-02-28 34712]
R2 UxTuneUp;TuneUp Theme Extension;c:\windows\System32\svchost.exe [2008-04-13 14336]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2008-10-31 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-26 20:51]

2008-11-11 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]

2008-11-11 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-12 19:47:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-12 19:59:28
ComboFix-quarantined-files.txt 2008-11-13 01:59:23
ComboFix2.txt 2008-11-12 01:47:42
ComboFix3.txt 2008-11-11 13:50:09
ComboFix4.txt 2008-11-11 00:07:40
ComboFix5.txt 2008-11-13 01:37:19

Pre-Run: 10,557,444,096 bytes free
Post-Run: 10,614,632,448 bytes free

247 --- E O F --- 2008-10-24 08:01:17

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3615 (20081115)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=267a610e2f7aa04d8adb1598d83d1c1c
# end=finished
# remove_checked=false
# unwanted_checked=false
# utc_time=2008-11-16 08:40:51
# local_time=2008-11-16 02:40:51 (-0600, Central Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=170092
# found=5
# scan_time=3129
C:\Qoobox\Quarantine\[4]-Submit_2008-11-10@17.43.zip a variant of Win32/PSW.OnLineGames.ODD trojan C3E2D71EEE4798DBA257C0D72F959DA4
C:\Qoobox\Quarantine\[4]-Submit_2008-11-10@17.43.zip »ZIP »Suspect_sysff11l2jp1.dll.vir a variant of Win32/PSW.OnLineGames.ODD trojan 00000000000000000000000000000000
C:\Qoobox\Quarantine\[4]-Submit_2008-11-11@19.25.zip a variant of Win32/PSW.OnLineGames.ODD trojan 2BF99E45D7CC1EE546F03A7D65778EB0
C:\Qoobox\Quarantine\[4]-Submit_2008-11-11@19.25.zip »ZIP »Suspect_sysff11l2jp1.dll.vir a variant of Win32/PSW.OnLineGames.ODD trojan 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program Files\Common Files\riuk\riukd\vocabulary.vir Win32/TrojanDownloader.TSUpdate.J trojan 7901AE90CA5D7979D4FCA52D83D420FB

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:53:19, on 11/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\taskmgr.exe
c:\PROGRA~1\mcafee\msc\mcshell.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {58916BE6-BAFF-4F33-AEFE-B2AA03FE4C86} - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {963BE66B-121D-4E6C-BF9F-1A774D9A2E41} - http://moneycentral.msn.com/cabs/pmupdate2.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...78/mcfscan.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: McAfee Application Installer Cleanup (0152731226855783) (0152731226855783mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\015273~1.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 10472 bytes

11-16-2008, 01:57 PM	#8 (permalink)
birddog86 Registered User Join Date: Nov 2008 Location: wisconsin Posts: 6 OS: XP	Re: Need help getting rid of malware Sorry it's taking me so long. I ran the Norton Removal tool. I ran the combofix with the cfscript & have posted the results below. I could not find the files you listed to do the virustotal step. And I still cannot run the kaspersky scan. I was able to do the ESET scan though and have posted those results as well. Finally, I ran the hijack this and posted those results too. ComboFix 08-11-09.04 - Amy Wasley 2008-11-12 19:38:58.6 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.49 [GMT -6:00] Running from: c:\documents and settings\Amy Wasley\Desktop\ComboFix.exe Command switches used :: C:\cfscript.txt * Created a new restore point FILE :: c:\windows\download1 c:\windows\system32\sysff11l2jp1.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Symantec c:\documents and settings\All Users\Application Data\Symantec\ErrLogs\{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}b02c91d0.zip.log c:\documents and settings\All Users\Application Data\Symantec\ErrLogs\{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}eda51550.zip c:\documents and settings\All Users\Application Data\Symantec\ErrLogs\Uploaded\{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}b02c91d0.zip c:\program files\Common Files\riuk c:\program files\Common Files\riuk\riuka.lck c:\program files\Common Files\riuk\riukd\class-barrel c:\program files\Common Files\riuk\riukd\vocabulary c:\program files\Common Files\riuk\riukl.lck c:\program files\Common Files\riuk\riukm.lck c:\program files\Common Files\Symantec Shared c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsys.dll c:\program files\Common Files\Symantec Shared\Support Controls\SymXPep2.dll c:\program files\Common Files\Symantec Shared\Support Controls\System_Restore.exe c:\windows\download1 c:\windows\riuk c:\windows\riuk\riuk.dat c:\windows\riuk\wu c:\windows\system32\sysff11l2jp1.dll . ((((((((((((((((((((((((( Files Created from 2008-10-13 to 2008-11-13 ))))))))))))))))))))))))))))))) . 2008-11-12 19:28 . 2008-11-12 19:28 <DIR> d-------- c:\windows\LastGood 2008-11-12 17:44 . 2008-11-12 17:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller 2008-11-10 20:55 . 2008-11-10 20:55 <DIR> d-------- c:\documents and settings\LocalService\Application Data\SACore 2008-11-10 20:26 . 2008-11-10 20:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\SiteAdvisor 2008-11-10 20:26 . 2008-11-12 19:30 7,491 --a------ c:\windows\system32\Config.MPF 2008-11-10 20:17 . 2008-06-02 14:55 120,136 --a------ c:\windows\system32\drivers\Mpfp.sys 2008-11-10 20:17 . 2008-06-27 06:08 79,240 --a------ c:\windows\system32\drivers\mfeavfk.sys 2008-11-10 20:17 . 2008-06-27 06:08 40,488 --a------ c:\windows\system32\drivers\mfesmfk.sys 2008-11-10 20:17 . 2008-06-27 06:08 35,240 --a------ c:\windows\system32\drivers\mfebopk.sys 2008-11-10 20:16 . 2008-11-10 20:17 <DIR> d-------- c:\program files\Common Files\McAfee 2008-11-10 20:15 . 2008-11-10 20:16 <DIR> d-------- c:\program files\McAfee.com 2008-11-10 20:14 . 2008-11-12 07:23 <DIR> d-------- c:\program files\McAfee 2008-11-10 20:06 . 2008-06-20 05:41 34,152 --a------ c:\windows\system32\drivers\mferkdk.sys 2008-11-10 20:01 . 2008-11-10 20:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee 2008-11-10 19:02 . 2008-11-10 19:02 <DIR> d-------- c:\windows\E80F62FF5D3C4A1984099721F2928206.TMP 2008-11-10 18:41 . 2008-11-10 18:40 410,976 --a------ c:\windows\system32\deploytk.dll 2008-11-10 18:41 . 2008-11-10 18:40 73,728 --a------ c:\windows\system32\javacpl.cpl 2008-11-06 16:53 . 2008-11-06 17:25 250 --a------ c:\windows\gmer.ini 2008-11-06 10:00 . 2008-11-06 17:07 <DIR> d-------- C:\rsit 2008-11-05 18:12 . 2008-11-05 18:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2008-11-05 17:42 . 2008-11-12 12:25 <DIR> d-------- c:\program files\SUPERAntiSpyware 2008-11-05 17:42 . 2008-11-12 12:25 <DIR> d-------- c:\documents and settings\Amy Wasley\Application Data\SUPERAntiSpyware.com 2008-11-05 14:11 . 2008-11-05 14:11 <DIR> d-------- c:\program files\Trend Micro 2008-11-04 11:59 . 2008-11-04 11:59 <DIR> d-------- c:\documents and settings\Amy Wasley\Application Data\Malwarebytes 2008-11-04 11:53 . 2008-11-04 11:59 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-11-04 11:53 . 2008-11-04 11:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-11-04 11:53 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-04 11:53 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-11-03 20:18 . 2007-12-17 20:08 <DIR> d-------- c:\documents and settings\Administrator.FAMILYCOMPUTER\Application Data\Apple Computer 2008-11-03 20:18 . 2008-11-03 20:18 <DIR> d-------- c:\documents and settings\Administrator.FAMILYCOMPUTER 2008-11-02 16:49 . 2008-11-02 16:49 9,662 --a------ c:\windows\system32\ZoneAlarmIconUS.ico 2008-11-02 16:38 . 2008-11-02 16:38 4,286 --a------ c:\windows\system32\Jamster.ico 2008-11-02 12:38 . 2008-11-02 12:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft 2008-11-02 12:31 . 2008-11-02 12:31 <DIR> d-------- c:\windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP 2008-11-02 07:16 . 2008-11-02 07:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Tools 2008-11-01 21:59 . 2008-11-02 11:50 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\Facegame 2008-11-01 16:54 . 2008-11-10 12:33 <DIR> d-------- c:\program files\Spyware Doctor 2008-10-23 20:45 . 2008-10-15 10:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll 2008-10-16 17:20 . 2008-10-16 17:20 <DIR> d-------- c:\windows\system32\scripting 2008-10-16 17:20 . 2008-10-16 17:20 <DIR> d-------- c:\windows\system32\en 2008-10-16 17:20 . 2008-10-16 17:20 <DIR> d-------- c:\windows\l2schemas 2008-10-15 22:08 . 2008-09-08 04:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys 2008-10-15 22:07 . 2008-08-14 04:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2008-10-15 22:07 . 2008-08-14 04:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2008-10-15 22:07 . 2008-08-14 03:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2008-10-15 22:07 . 2008-08-14 03:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2008-10-15 22:07 . 2008-09-15 06:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-12 18:25 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2008-11-11 00:47 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2008-11-11 00:40 --------- d-----w c:\program files\Java 2008-11-05 23:40 --------- d-----w c:\program files\Lavasoft 2008-09-28 15:24 --------- d-----w c:\program files\Vet Emergency 2008-09-16 00:54 --------- d-----w c:\documents and settings\Amy Wasley\Application Data\Image Zone Express 2008-09-15 22:49 --------- d-----w c:\documents and settings\Amy Wasley\Application Data\Creative 2008-09-15 03:30 --------- d-----w c:\program files\iTunes 2008-09-15 02:40 --------- d-----w c:\program files\iPod 2008-09-15 02:40 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-09-15 02:36 --------- d-----w c:\program files\Bonjour 2008-09-15 02:35 --------- d-----w c:\program files\QuickTime 2008-09-15 02:34 --------- d-----w c:\program files\Common Files\Apple 2008-09-15 02:32 --------- d-----w c:\program files\Apple Software Update 2008-09-14 15:59 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion 2008-09-14 15:58 --------- d-----w c:\program files\Yahoo! 2008-09-14 15:49 --------- d-----w c:\program files\Charter High-Speed Security Suite 2004-08-13 21:27 1,452 ----a-w c:\program files\hbexport813.qif 2004-08-13 16:34 5,815,952 ----a-w c:\program files\zlsSetup_51_011.exe 2004-08-13 14:38 2,610,649 ----a-w c:\program files\aawsepersonal.exe . ((((((((((((((((((((((((((((( snapshot@2008-11-10_13.17.21.62 ))))))))))))))))))))))))))))))))))))))))) . + 2008-11-11 02:24:27 126,976 ----a-w c:\windows\assembly\GAC\Arbus.Common\2.2.4.3__14cac4d33a885ed2\Arbus.Common.dll + 2008-11-11 02:24:27 20,480 ----a-w c:\windows\assembly\GAC\Arbus.Interfacing.Library\1.0.4.0__2be3a081d8c94867\Arbus.Interfacing.Library.dll + 2008-11-11 02:24:27 20,480 ----a-w c:\windows\assembly\GAC\ArbusApplicationController\1.0.3093.38280__da57d5d39b1d6dd8\ArbusApplicationController.dll + 2008-11-11 01:02:35 22,016 ----a-w c:\windows\E80F62FF5D3C4A1984099721F2928206.TMP\WiseCustomCall.dll + 2005-10-21 02:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE - 2008-11-10 18:39:55 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat + 2008-11-12 23:17:10 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat - 2008-11-10 18:39:55 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2008-11-12 23:17:10 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2008-11-10 18:39:55 49,152 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2008-11-12 23:17:10 49,152 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2008-06-27 12:08:40 207,656 ----a-w c:\windows\system32\drivers\mfehidk.sys - 2004-09-29 01:29:28 45,161 ----a-w c:\windows\system32\java.exe + 2008-11-11 00:40:36 144,792 ----a-w c:\windows\system32\java.exe - 2004-09-29 01:29:34 45,163 ----a-w c:\windows\system32\javaw.exe + 2008-11-11 00:40:36 144,792 ----a-w c:\windows\system32\javaw.exe + 2008-11-11 00:40:36 148,888 ----a-w c:\windows\system32\javaws.exe + 2008-11-13 01:21:18 16,384 ----atw c:\windows\temp\Perflib_Perfdata_120.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] "Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-09-11 95536] "NvMediaCenter"="c:\windows\system32\NVMCTRAY.DLL" [2003-10-06 49152] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2003-10-06 49152] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-10-20 180269] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208] "McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2008-06-13 1176808] "nwiz"="nwiz.exe" [2003-10-06 c:\windows\system32\nwiz.exe] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Cisco Systems VPN Client.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk backup=c:\windows\pss\Cisco Systems VPN Client.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Norton GoBack.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Norton GoBack.lnk backup=c:\windows\pss\Norton GoBack.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD] --a------ 2002-12-17 13:28 684032 c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-09-10 16:40 289576 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2008-04-13 18:12 1695232 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2003-10-06 13:16 5058560 c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2003-10-06 13:16 49152 c:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QAGENT] --a------ 2001-08-01 13:30 94208 c:\program files\QUICKENW\qagent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2004-10-20 20:13 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG] --a------ 2003-08-29 05:59 122880 c:\windows\BCMSMMSG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2003-10-06 13:16 741376 c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QD FastAndSafe] --a------ 2003-08-29 05:59 122880 c:\windows\BCMSMMSG.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime "HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-10-08 203280] R2 mrtRate;mrtRate;c:\windows\system32\drivers\mrtRate.sys [2001-02-28 34712] R2 UxTuneUp;TuneUp Theme Extension;c:\windows\System32\svchost.exe [2008-04-13 14336] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder 2008-10-31 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-26 20:51] 2008-11-11 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10] 2008-11-11 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10] . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-12 19:47:51 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-11-12 19:59:28 ComboFix-quarantined-files.txt 2008-11-13 01:59:23 ComboFix2.txt 2008-11-12 01:47:42 ComboFix3.txt 2008-11-11 13:50:09 ComboFix4.txt 2008-11-11 00:07:40 ComboFix5.txt 2008-11-13 01:37:19 Pre-Run: 10,557,444,096 bytes free Post-Run: 10,614,632,448 bytes free 247 --- E O F --- 2008-10-24 08:01:17 # version=4 # OnlineScanner.ocx=1.0.0.635 # OnlineScannerDLLA.dll=1, 0, 0, 79 # OnlineScannerDLLW.dll=1, 0, 0, 78 # OnlineScannerUninstaller.exe=1, 0, 0, 49 # vers_standard_module=3615 (20081115) # vers_arch_module=1.064 (20080214) # vers_adv_heur_module=1.066 (20070917) # EOSSerial=267a610e2f7aa04d8adb1598d83d1c1c # end=finished # remove_checked=false # unwanted_checked=false # utc_time=2008-11-16 08:40:51 # local_time=2008-11-16 02:40:51 (-0600, Central Standard Time) # country="United States" # osver=5.1.2600 NT Service Pack 3 # scanned=170092 # found=5 # scan_time=3129 C:\Qoobox\Quarantine\[4]-Submit_2008-11-10@17.43.zip a variant of Win32/PSW.OnLineGames.ODD trojan C3E2D71EEE4798DBA257C0D72F959DA4 C:\Qoobox\Quarantine\[4]-Submit_2008-11-10@17.43.zip »ZIP »Suspect_sysff11l2jp1.dll.vir a variant of Win32/PSW.OnLineGames.ODD trojan 00000000000000000000000000000000 C:\Qoobox\Quarantine\[4]-Submit_2008-11-11@19.25.zip a variant of Win32/PSW.OnLineGames.ODD trojan 2BF99E45D7CC1EE546F03A7D65778EB0 C:\Qoobox\Quarantine\[4]-Submit_2008-11-11@19.25.zip »ZIP »Suspect_sysff11l2jp1.dll.vir a variant of Win32/PSW.OnLineGames.ODD trojan 00000000000000000000000000000000 C:\Qoobox\Quarantine\C\Program Files\Common Files\riuk\riukd\vocabulary.vir Win32/TrojanDownloader.TSUpdate.J trojan 7901AE90CA5D7979D4FCA52D83D420FB Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:53:19, on 11/16/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\WINDOWS\system32\taskmgr.exe c:\PROGRA~1\mcafee\msc\mcshell.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: (no name) - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exe O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {58916BE6-BAFF-4F33-AEFE-B2AA03FE4C86} - http://activex.microsoft.com/objects/ocget.dll O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {963BE66B-121D-4E6C-BF9F-1A774D9A2E41} - http://moneycentral.msn.com/cabs/pmupdate2.exe O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} - O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...78/mcfscan.cab O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O23 - Service: McAfee Application Installer Cleanup (0152731226855783) (0152731226855783mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\015273~1.EXE O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- End of file - 10472 bytes