Find your solution!

jharveytx · 07-Nov-2009, 12:53 PM #1

I don't know what is really wrong with my PC -- But I'm pretty sure it is a virus. I will be going along fine when I will start getting error msgs saying there is no room on the device to perform some task, or that "this is not a windows image" (or something like that).

Anyhow -- you guys have pulled my butt out of the fire before, so I'm confident you can help me again.

Also, if you have any suggestions about the stuff in this log, like a service running locally that should be run at a system level, or notice any duplicate stuff in here, I would greatly appreciate your input.

Here is my HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:42:29 AM, on 11/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Juniper Networks\Common Files\dsNcService.exe
D:\WINDOWS\system32\inetsrv\inetinfo.exe
D:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\McAfee\Common Framework\FrameworkService.exe
D:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
D:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
D:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
D:\Program Files\Winamp Remote\bin\OrbMediaService.exe
D:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
D:\Program Files\Winamp Remote\bin\OrbTray.exe
D:\WINDOWS\system32\HPZipm12.exe
D:\WINDOWS\system32\slserv.exe
D:\WINDOWS\System32\snmp.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Subsonic\subsonic-service.exe
d:\program files\zoneeditdyndns\zoneeditdyndns.exe
D:\Program Files\Winamp Remote\bin\Orb.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
D:\Program Files\McAfee\Common Framework\UdaterUI.exe
D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
D:\Program Files\McAfee\Common Framework\McTray.exe
D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Qliner Hotkeys\HotKeys.exe
D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
D:\WINDOWS\system32\hphmon06.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\WINDOWS\system32\LVCOMSX.EXE
D:\Program Files\Java\jre6\bin\jusched.exe
D:\PROGRA~1\HP\{BA2D9~1\pexpress\hphPED06.exe
D:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\CallStation\CStation.exe
D:\Program Files\CallStation\CStation.exe
D:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
D:\WINDOWS\system32\slrundll.exe
D:\Program Files\HP\digital imaging\bin\hpqtra08.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\Program Files\Subsonic\subsonic-agent.exe
D:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
D:\Program Files\YCIII\YankClip.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - D:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - D:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - D:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - D:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ShStatEXE] "D:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "D:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Google Desktop Search] "D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Google Quick Search Box] "D:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [googletalk] D:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [CloneCDTray] "D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [00Hotkeys] "D:\Program Files\Qliner Hotkeys\HotKeys.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "D:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] D:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [HPHmon06] D:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\Nero\Nero BackItUp 4\NBKeyScan.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HPHped06] D:\PROGRA~1\HP\{BA2D9~1\pexpress\hphPED06.exe
O4 - HKLM\..\Run: [Nikon Transfer Monitor] D:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "D:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [swg] "D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\john\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [CallStation] D:\Program Files\CallStation\CStation.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "D:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [RoboForm] "D:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Orb] D:\Program Files\Winamp Remote\bin\OrbTray.exe
O4 - Startup: Yankee Clipper III.lnk = D:\Program Files\YCIII\YankClip.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Subsonic.lnk = D:\Program Files\Subsonic\subsonic-agent.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://D:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append Link Target to Existing PDF - res://D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Customize Menu - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1238910362848
O16 - DPF: {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} (IOBIVMUtil.VMDecoder) - https://www36.verizon.com/CallAssist.../VCAVMUtil.CAB
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupControlXP Class) - https://utdvpn.utdallas.edu/dana-cac...erSetupSP1.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://utdvpn.utdallas.edu/dana-cac...etupClient.cab
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - D:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - D:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.8.811.4345 (GoogleDesktopManager-110408-113106) - Google - D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c9bbe019fe2f6) (gupdate1c9bbe019fe2f6) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - D:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - D:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - D:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - D:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - D:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - D:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: OrbMediaService - Orb Networks - D:\Program Files\Winamp Remote\bin\OrbMediaService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - D:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
O23 - Service: Pml Driver - HP - D:\WINDOWS\system32\HPHipm09.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - D:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Subsonic - Unknown owner - D:\Program Files\Subsonic\subsonic-service.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - D:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: ZoneEdit Dynamic DNS Update - www.freymond.ca - d:\program files\zoneeditdyndns\zoneeditdyndns.exe

--
End of file - 16809 bytes

jharveytx · 09-Nov-2009, 08:48 AM #2

I realized I didn't mentioned the BSOD I have been receiving -- the error I get is "STOP: 0x000000C2 BAD_POOL_CALLER."

I've tried to hunt down the source of this, and using the WinDbg tool to read the minidump file, I learned:

PROCESS_NAME: csrss.exe
BUGCHECK_STR: 0xc2_40
MODULE_NAME: WinFLdrv
IMAGE_NAME: WinFLdrv.sys

And that's about as far as my limited understanding has been able to take me. I searched on the csrss.exe and WinFLdrv.sys files and did not really find anything very helpful.

jharveytx · 09-Nov-2009, 08:54 AM #3

I was finally able to get ComboFix to run to completion. Here is the Part 1 of the resulting log.

ComboFix log:

ComboFix 09-11-08.03 - john 11/09/2009 0:42.3.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3583.2655 [GMT -6:00]
Running from: d:\documents and settings\john\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
FW: ZoneAlarm Pro Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\documents and settings\john\Application Data\.#
d:\documents and settings\john\Application Data\.#\MBX@10D0@3737C8.###
d:\documents and settings\john\Application Data\.#\MBX@10D0@3737D8.###
d:\documents and settings\john\Application Data\.#\MBX@10D0@3737E8.###
d:\documents and settings\john\Application Data\.#\MBX@11BC@3737C8.###
d:\documents and settings\john\Application Data\.#\MBX@11BC@3737D8.###
d:\documents and settings\john\Application Data\.#\MBX@11BC@3737E8.###
d:\documents and settings\john\Application Data\.#\MBX@13D0@3737C8.###
d:\documents and settings\john\Application Data\.#\MBX@13D0@3737D8.###
d:\documents and settings\john\Application Data\.#\MBX@13D0@3737E8.###
d:\documents and settings\john\Application Data\.#\MBX@13DC@3737C8.###
d:\documents and settings\john\Application Data\.#\MBX@13DC@3737D8.###
d:\documents and settings\john\Application Data\.#\MBX@13DC@3737E8.###
d:\documents and settings\john\Application Data\.#\MBX@14D8@3737C8.###
d:\documents and settings\john\Application Data\.#\MBX@14D8@3737D8.###
d:\documents and settings\john\Application Data\.#\MBX@14D8@3737E8.###
d:\documents and settings\john\Application Data\.#\MBX@152C@3737C8.###
d:\documents and settings\john\Application Data\.#\MBX@152C@3737D8.###
d:\documents and settings\john\Application Data\.#\MBX@152C@3737E8.###
d:\documents and settings\john\Application Data\.#\MBX@15C0@3737C8.###
d:\documents and settings\john\Application Data\.#\MBX@15C0@3737D8.###
d:\documents and settings\john\Application Data\.#\MBX@15C0@3737E8.###
d:\documents and settings\john\Application Data\.#\MBX@1700@3737C8.###
d:\documents and settings\john\Application Data\.#\MBX@1700@3737D8.###
d:\documents and settings\john\Application Data\.#\MBX@1700@3737E8.###
d:\documents and settings\john\Application Data\.#\MBX@1788@3737C8.###
d:\documents and settings\john\Application Data\.#\MBX@1788@3737D8.###
d:\documents and settings\john\Application Data\.#\MBX@1788@3737E8.###
d:\documents and settings\john\Application Data\.#\MBX@1D0@3737C8.###
d:\documents and settings\john\Application Data\.#\MBX@1D0@3737D8.###
d:\documents and settings\john\Application Data\.#\MBX@1D0@3737E8.###
d:\documents and settings\john\Application Data\.#\MBX@520@3737C8.###
d:\documents and settings\john\Application Data\.#\MBX@520@3737D8.###
d:\documents and settings\john\Application Data\.#\MBX@520@3737E8.###
d:\documents and settings\john\Application Data\.#\MBX@5E0@3737C8.###
d:\documents and settings\john\Application Data\.#\MBX@5E0@3737D8.###
d:\documents and settings\john\Application Data\.#\MBX@5E0@3737E8.###
d:\documents and settings\john\Application Data\.#\MBX@70@3737C8.###
d:\documents and settings\john\Application Data\.#\MBX@70@3737D8.###
d:\documents and settings\john\Application Data\.#\MBX@70@3737E8.###
d:\documents and settings\john\Application Data\.#\MBX@7A4@3737C8.###
d:\documents and settings\john\Application Data\.#\MBX@7A4@3737D8.###
d:\documents and settings\john\Application Data\.#\MBX@7A4@3737E8.###
d:\documents and settings\john\Application Data\.#\MBX@824@3737C8.###
d:\documents and settings\john\Application Data\.#\MBX@824@3737D8.###
d:\documents and settings\john\Application Data\.#\MBX@824@3737E8.###
d:\documents and settings\john\Application Data\.#\MBX@A3C@3737C8.###
d:\documents and settings\john\Application Data\.#\MBX@A3C@3737D8.###
d:\documents and settings\john\Application Data\.#\MBX@A3C@3737E8.###
d:\documents and settings\john\Application Data\.#\MBX@AA4@3737C8.###
d:\documents and settings\john\Application Data\.#\MBX@AA4@3737D8.###
d:\documents and settings\john\Application Data\.#\MBX@AA4@3737E8.###
d:\documents and settings\john\Application Data\.#\MBX@CC4@3737C8.###
d:\documents and settings\john\Application Data\.#\MBX@CC4@3737D8.###
d:\documents and settings\john\Application Data\.#\MBX@CC4@3737E8.###
d:\documents and settings\john\Application Data\inst.exe
d:\documents and settings\john\My Documents\Cstation.reg
d:\program files\Fast Browser Search
d:\program files\FunWebProducts
d:\program files\MyWebSearch
d:\program files\MyWebSearch\bar\Settings\s_pid.dat
D:\root
d:\root\kym.flk
d:\windows\AUTOLNCH.REG
d:\windows\system32\Cache
d:\windows\system32\f3PSSavr.scr

.
((((((((((((((((((((((((( Files Created from 2009-10-09 to 2009-11-09 )))))))))))))))))))))))))))))))
.

2009-11-08 23:05 . 2009-11-08 23:05 -------- d-----w- d:\program files\ESET
2009-11-06 05:02 . 2009-11-06 05:02 -------- d-----w- d:\program files\Trend Micro
2009-11-06 04:14 . 2009-11-06 04:14 -------- d-----w- D:\OrbSecure
2009-11-05 01:38 . 2009-11-05 01:38 8192 ----a-w- d:\documents and settings\Administrator.BATCRAY\Application Data\qliner\hotkeys\Jaggle\tool.dll
2009-11-05 01:38 . 2009-11-05 01:38 6144 ----a-w- d:\documents and settings\Administrator.BATCRAY\Application Data\qliner\hotkeys\Shell\tool.dll
2009-11-05 01:38 . 2009-11-05 01:38 53248 ----a-w- d:\documents and settings\Administrator.BATCRAY\Application Data\qliner\hotkeys\Shell\Interop.Shell32.dll
2009-11-05 01:38 . 2009-11-05 01:38 4608 ----a-w- d:\documents and settings\Administrator.BATCRAY\Application Data\qliner\hotkeys\Zip\tool.dll
2009-11-05 01:38 . 2009-11-05 01:38 4608 ----a-w- d:\documents and settings\Administrator.BATCRAY\Application Data\qliner\hotkeys\Screenshots\tool.dll
2009-11-05 01:38 . 2009-11-05 01:38 3584 ----a-w- d:\documents and settings\Administrator.BATCRAY\Application Data\qliner\hotkeys\Hotkeys\tool.dll
2009-11-05 01:38 . 2009-11-05 01:38 32768 ----a-w- d:\documents and settings\Administrator.BATCRAY\Application Data\qliner\hotkeys\Zip\Zip.dll
2009-11-05 01:38 . 2009-11-05 01:38 20480 ----a-w- d:\documents and settings\Administrator.BATCRAY\Application Data\qliner\hotkeys\Shell\ShellTool.dll
2009-11-05 01:38 . 2009-11-05 01:38 122880 ----a-w- d:\documents and settings\Administrator.BATCRAY\Application Data\qliner\hotkeys\Screenshots\Screenshots.dll
2009-11-05 01:38 . 2009-11-05 01:38 11776 ----a-w- d:\documents and settings\Administrator.BATCRAY\Application Data\qliner\hotkeys\Clock\tool.dll
2009-11-05 01:38 . 2009-11-05 01:38 10240 ----a-w- d:\documents and settings\Administrator.BATCRAY\Application Data\qliner\hotkeys\Volume\tool.dll
2009-11-05 01:37 . 2009-11-05 01:37 -------- d-----w- d:\documents and settings\Administrator.BATCRAY\Application Data\qliner
2009-11-05 01:36 . 2009-11-05 01:36 -------- d-----w- d:\documents and settings\Administrator.BATCRAY\Local Settings\Application Data\ATI
2009-11-05 01:36 . 2009-11-05 01:36 -------- d-----w- d:\documents and settings\Administrator.BATCRAY\Application Data\ATI
2009-11-05 01:36 . 2009-11-05 01:36 -------- d-----w- d:\documents and settings\Administrator.BATCRAY\Local Settings\Application Data\Google
2009-10-31 20:16 . 2009-10-31 20:16 -------- d-----w- d:\documents and settings\Maggie\Local Settings\Application Data\Help
2009-10-30 12:37 . 2009-10-30 12:37 -------- d-sh--w- d:\documents and settings\Laura.BATCAVE\PrivacIE
2009-10-30 12:36 . 2009-10-30 12:36 -------- d-sh--w- d:\documents and settings\Laura.BATCAVE\IETldCache
2009-10-28 03:19 . 2009-10-28 04:11 -------- d-----w- d:\program files\Muziic
2009-10-21 04:51 . 2009-10-21 04:51 10752 ----a-w- d:\windows\system32\WinFLdrv.sys
2009-10-19 03:47 . 2009-07-26 05:00 7680 ----a-w- d:\documents and settings\john\Application Data\Mozilla\Firefox\Profiles\x3y73b1v.john\extensions\{DD43485F-44CC-4452-A6C6-69356A7E33DA}\platform\WINNT_x86-msvc\components\ahWinUtils_32.dll
2009-10-19 02:09 . 2009-08-31 22:52 229376 ----a-w- d:\documents and settings\john\Application Data\Mozilla\Firefox\Profiles\x3y73b1v.john\extensions\ietab@ip.cn\plugins\ npCoralIETab.dll
2009-10-15 23:21 . 2009-10-15 23:21 -------- d-sh--w- d:\documents and settings\john\IECompatCache
2009-10-14 11:56 . 2009-09-06 07:09 126976 -c----w- d:\windows\system32\dllcache\ftpsvc2.dll
2009-10-14 02:54 . 2009-10-13 09:19 701992 ----a-w- D:\WindowsXP-KB944904-v2-x86-ENU.exe
2009-10-12 23:29 . 2009-11-08 20:31 -------- d-----w- D:\symbols
2009-10-12 23:15 . 2009-11-09 04:57 -------- d-----w- d:\program files\Debugging Tools for Windows (x86)

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-09 12:56 . 2009-04-07 01:39 -------- d-----w- d:\documents and settings\john\Application Data\DNA
2009-11-09 12:25 . 2009-09-14 02:09 4212 ---ha-w- d:\windows\system32\zllictbl.dat
2009-11-09 12:09 . 2009-04-07 01:39 -------- d-----w- d:\program files\DNA
2009-11-09 07:04 . 2009-10-12 00:52 8373557 ----a-w- d:\windows\Internet Logs\tvDebug.Zip
2009-11-09 06:35 . 2009-05-19 04:28 -------- d-----w- d:\program files\Thumbs7
2009-11-09 05:47 . 2009-04-05 16:21 -------- d-----w- d:\program files\Mozilla Firefox 3.1 Beta 3
2009-11-09 05:41 . 2009-11-09 05:41 56009 ----a-w- d:\windows\Internet Logs\vsmon_2nd_2009_11_08_23_32_56_small.dmp.zip
2009-11-09 05:41 . 2009-11-09 05:40 14161502 ----a-w- d:\windows\Internet Logs\vsmon_2nd_2009_11_08_23_32_49_full.dmp.zip
2009-11-09 05:40 . 2009-11-09 05:40 55969 ----a-w- d:\windows\Internet Logs\vsmon_2nd_2009_11_08_23_32_45_small.dmp.zip
2009-11-09 05:40 . 2009-11-09 05:40 55928 ----a-w- d:\windows\Internet Logs\vsmon_2nd_2009_11_08_23_32_42_small.dmp.zip
2009-11-09 05:40 . 2009-11-09 05:40 55906 ----a-w- d:\windows\Internet Logs\vsmon_2nd_2009_11_08_23_32_30_small.dmp.zip
2009-11-09 05:40 . 2009-11-09 05:40 55385 ----a-w- d:\windows\Internet Logs\vsmon_2nd_2009_11_08_23_32_36_small.dmp.zip
2009-11-09 05:40 . 2009-11-09 05:40 55366 ----a-w- d:\windows\Internet Logs\vsmon_2nd_2009_11_08_23_32_33_small.dmp.zip
2009-11-09 05:40 . 2009-11-09 05:40 55325 ----a-w- d:\windows\Internet Logs\vsmon_2nd_2009_11_08_23_32_39_small.dmp.zip
2009-11-09 05:40 . 2009-11-09 05:40 55400 ----a-w- d:\windows\Internet Logs\vsmon_2nd_2009_11_08_23_32_27_small.dmp.zip
2009-11-09 05:40 . 2009-11-09 05:40 56008 ----a-w- d:\windows\Internet Logs\vsmon_2nd_2009_11_08_23_32_23_small.dmp.zip
2009-11-09 05:16 . 2009-05-14 03:09 -------- d---a-w- d:\documents and settings\All Users\Application Data\TEMP
2009-11-09 04:53 . 2009-11-09 05:35 171520 ----a-w- d:\windows\Internet Logs\xDB25.tmp
2009-11-09 03:16 . 2009-09-01 02:30 -------- d-----w- d:\documents and settings\john\Application Data\GoodSync
2009-11-08 23:36 . 2009-11-08 23:37 126976 ----a-w- d:\windows\Internet Logs\xDB24.tmp
2009-11-08 16:58 . 2009-04-13 02:30 -------- d-----w- d:\documents and settings\All Users\Application Data\Google Updater
2009-11-07 23:38 . 2009-11-08 07:22 462336 ----a-w- d:\windows\Internet Logs\xDB119.tmp
2009-11-05 23:01 . 2009-11-06 03:19 147456 ----a-w- d:\windows\Internet Logs\xDB23.tmp
2009-11-04 23:15 . 2009-11-04 23:28 40960 ----a-w- d:\windows\Internet Logs\xDB22.tmp
2009-11-04 22:17 . 2009-11-04 22:31 70656 ----a-w- d:\windows\Internet Logs\xDB21.tmp
2009-11-04 14:27 . 2009-11-04 14:27 2632192 ----a-w- d:\windows\Internet Logs\xDB118.tmp
2009-11-04 05:13 . 2009-07-29 16:21 -------- d-----w- d:\documents and settings\john\Application Data\vlc
2009-11-03 03:09 . 2009-04-11 20:01 -------- d-----w- d:\program files\PeerGuardian2
2009-11-02 14:18 . 2009-06-07 18:28 -------- d-----w- d:\program files\Winamp Remote
2009-10-31 21:55 . 2009-04-07 01:39 -------- d-----w- d:\documents and settings\john\Application Data\BitTorrent
2009-10-31 03:28 . 2009-10-31 14:02 118784 ----a-w- d:\windows\Internet Logs\xDB1F.tmp
2009-10-31 03:28 . 2009-10-31 14:02 4090368 ----a-w- d:\windows\Internet Logs\xDB20.tmp
2009-10-30 12:45 . 2009-10-30 22:43 2797568 ----a-w- d:\windows\Internet Logs\xDB1C.tmp
2009-10-27 23:04 . 2009-06-07 19:20 7028 --sha-w- d:\windows\system32\sys_drv.dat
2009-10-27 23:04 . 2009-06-07 19:20 6024 --sha-w- d:\windows\system32\sys_drv_2.dat
2009-10-27 04:15 . 2009-10-27 20:57 206848 ----a-w- d:\windows\Internet Logs\xDB1B.tmp
2009-10-27 03:37 . 2009-10-02 03:30 -------- d-----w- d:\program files\Subsonic
2009-10-27 01:50 . 2009-10-27 01:51 4048896 ----a-w- d:\windows\Internet Logs\xDB1A.tmp
2009-10-27 01:50 . 2009-10-27 01:51 2993152 ----a-w- d:\windows\Internet Logs\xDB19.tmp
2009-10-26 03:33 . 2009-04-26 22:35 -------- d-----w- d:\program files\MediaMonkey
2009-10-25 05:01 . 2009-04-27 03:18 -------- d-----w- d:\program files\SuperCat
2009-10-21 04:52 . 2009-05-25 01:35 -------- d-----w- d:\program files\YCIII
2009-10-17 07:39 . 2009-09-14 02:09 1238408 ----a-w- d:\windows\system32\zpeng25.dll
2009-10-17 07:39 . 2009-10-01 21:57 69000 ----a-w- d:\windows\system32\zlcomm.dll
2009-10-17 07:39 . 2009-10-01 21:57 103816 ----a-w- d:\windows\system32\zlcommdb.dll
2009-10-16 04:26 . 2009-10-16 13:05 1678848 ----a-w- d:\windows\Internet Logs\xDB18.tmp
2009-10-15 05:00 . 2009-10-15 12:09 1916928 ----a-w- d:\windows\Internet Logs\xDB17.tmp
2009-10-12 21:18 . 2009-10-12 22:49 8704 ----a-w- d:\windows\Internet Logs\xDB16.tmp
2009-10-12 21:04 . 2009-10-12 21:18 268288 ----a-w- d:\windows\Internet Logs\xDB15.tmp
2009-10-09 18:05 . 2009-04-11 19:23 -------- d-----w- d:\documents and settings\john\Application Data\dvdcss
2009-10-09 15:52 . 2009-10-09 15:58 3862528 ----a-w- d:\windows\Internet Logs\xDB14.tmp
2009-10-09 15:52 . 2009-10-09 15:58 169472 ----a-w- d:\windows\Internet Logs\xDB13.tmp
2009-10-08 04:55 . 2009-10-08 12:29 432640 ----a-w- d:\windows\Internet Logs\xDB12.tmp
2009-10-07 03:11 . 2009-10-07 03:12 2713088 ----a-w- d:\windows\Internet Logs\xDB10F.tmp
2009-10-05 05:57 . 2009-05-19 04:29 -------- d-----w- d:\documents and settings\john\Application Data\ThumbsPlus
2009-10-05 04:53 . 2009-04-05 05:34 -------- d--h--w- d:\program files\InstallShield Installation Information
2009-10-05 04:53 . 2009-10-05 04:53 -------- d-----w- d:\program files\User Productivity Kit
2009-10-04 20:10 . 2009-04-27 16:07 664 ----a-w- d:\windows\system32\d3d9caps.dat
2009-10-04 16:50 . 2009-10-04 18:21 3649536 ----a-w- d:\windows\Internet Logs\xDB11.tmp
2009-10-03 16:20 . 2009-10-04 14:47 8704 ----a-w- d:\windows\Internet Logs\xDB10.tmp
2009-10-03 16:16 . 2009-10-03 16:20 8192 ----a-w- d:\windows\Internet Logs\xDBCC.tmp
2009-10-03 16:16 . 2009-10-03 16:20 3642368 ----a-w- d:\windows\Internet Logs\xDBCD.tmp
2009-10-03 13:39 . 2009-10-03 16:16 449536 ----a-w- d:\windows\Internet Logs\xDBE.tmp
2009-10-03 13:39 . 2009-10-03 16:16 3642368 ----a-w- d:\windows\Internet Logs\xDBF.tmp
2009-10-02 12:41 . 2009-10-02 12:58 3635712 ----a-w- d:\windows\Internet Logs\xDBD.tmp
2009-10-01 20:52 . 2009-10-01 20:54 3615232 ----a-w- d:\windows\Internet Logs\xDBCA.tmp
2009-10-01 20:52 . 2009-10-01 20:54 12800 ----a-w- d:\windows\Internet Logs\xDBC9.tmp
2009-10-01 13:49 . 2009-10-01 20:52 3614208 ----a-w- d:\windows\Internet Logs\xDBC.tmp
2009-10-01 13:49 . 2009-10-01 20:52 506368 ----a-w- d:\windows\Internet Logs\xDBB.tmp
2009-10-01 13:04 . 2009-05-21 03:23 -------- d-----w- d:\program files\Winamp
2009-09-30 00:36 . 2009-09-30 00:38 3584000 ----a-w- d:\windows\Internet Logs\xDBC7.tmp
2009-09-30 00:36 . 2009-09-30 00:38 53760 ----a-w- d:\windows\Internet Logs\xDBC6.tmp
2009-09-29 14:25 . 2009-09-29 21:04 2916864 ----a-w- d:\windows\Internet Logs\xDB8.tmp
2009-09-27 21:22 . 2009-04-12 03:54 -------- d-----w- d:\documents and settings\john\Application Data\Vso
2009-09-26 22:56 . 2009-09-03 01:57 20 ---h--w- d:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2009-09-26 22:45 . 2009-09-26 22:46 3342336 ----a-w- d:\windows\Internet Logs\xDB7.tmp
2009-09-26 22:29 . 2009-09-03 02:00 20 ---h--w- d:\documents and settings\All Users\Application Data\PKP_DLdw.DAT
2009-09-25 04:42 . 2009-09-25 12:23 765440 ----a-w- d:\windows\Internet Logs\xDB5.tmp
2009-09-25 04:42 . 2009-09-25 12:23 3446784 ----a-w- d:\windows\Internet Logs\xDB6.tmp
2009-09-24 01:16 . 2009-09-24 01:16 -------- d-----w- d:\documents and settings\Rose\Application Data\ThumbsPlus
2009-09-23 21:07 . 2009-09-23 21:07 -------- d-----w- d:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-09-23 21:07 . 2009-09-23 21:07 -------- d-----w- d:\documents and settings\Maggie\Application Data\Office Genuine Advantage
2009-09-23 05:33 . 2009-09-23 11:12 3397120 ----a-w- d:\windows\Internet Logs\xDB4.tmp
2009-09-23 05:33 . 2009-09-23 11:12 527360 ----a-w- d:\windows\Internet Logs\xDB3.tmp
2009-09-20 04:09 . 2009-04-26 21:27 -------- d-----w- d:\documents and settings\john\Application Data\Apple Computer
2009-09-20 03:46 . 2009-09-20 03:47 3274240 ----a-w- d:\windows\Internet Logs\xDBA.tmp
2009-09-20 03:45 . 2009-09-20 03:47 12800 ----a-w- d:\windows\Internet Logs\xDB9.tmp
2009-09-20 03:44 . 2009-09-20 03:45 2621440 ----a-w- d:\windows\Internet Logs\xDB2.tmp
2009-09-20 03:22 . 2009-09-20 03:21 -------- d-----w- d:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-20 03:22 . 2009-09-20 03:21 -------- d-----w- d:\program files\iTunes
2009-09-20 03:21 . 2009-09-20 03:21 -------- d-----w- d:\program files\iPod
2009-09-20 03:21 . 2009-04-26 18:17 -------- d-----w- d:\program files\Common Files\Apple
2009-09-20 03:13 . 2009-09-20 03:13 79144 ----a-w- d:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.0.70\SetupAdmin.exe
2009-09-19 16:59 . 2009-04-16 05:18 138472 ---ha-w- d:\windows\system32\mlfcache.dat
2009-09-16 23:54 . 2009-09-16 23:52 -------- d-----w- d:\program files\Macro Express3
2009-09-16 23:53 . 2009-09-16 23:53 -------- d-----w- d:\documents and settings\All Users\Application Data\Insight Software Solutions
2009-09-16 23:52 . 2009-09-16 23:52 -------- d-----w- d:\program files\Common Files\Insight Software Solutions
2009-09-16 04:22 . 2009-09-16 04:08 -------- d-----w- d:\program files\ZoneEditDynDNS
2009-09-16 03:18 . 2009-09-16 03:14 -------- d-----w- d:\program files\zeDyn
2009-09-16 03:14 . 2009-09-16 03:14 249856 ------w- d:\windows\Setup1.exe
2009-05-20 02:11 . 2009-05-20 02:11 0 --sh--w- d:\windows\S1ADC06D4.tmp

jharveytx · 09-Nov-2009, 08:57 AM #4

This is Part 2 of my ComboFix log
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="d:\program files\DNA\btdna.exe" [2009-04-07 342848]
"swg"="d:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-13 39408]
"MSMSGS"="d:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Google Update"="d:\documents and settings\john\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-06 133104]
"CallStation"="d:\program files\CallStation\CStation.exe" [2009-05-01 1327104]
"LogitechSoftwareUpdate"="d:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"RoboForm"="d:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-08-03 160592]
"Orb"="d:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE"="d:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-23 112216]
"McAfeeUpdaterUI"="d:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 136768]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"HPDJ Taskbar Utility"="d:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2006-01-13 196608]
"StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-18 61440]
"Google Desktop Search"="d:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-04-13 30192]
"Google Quick Search Box"="d:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-04-13 68592]
"googletalk"="d:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"CloneCDTray"="d:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"00Hotkeys"="d:\program files\Qliner Hotkeys\HotKeys.exe" [2006-12-02 45056]
"AdobeCS4ServiceManager"="d:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="d:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="d:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"HPHmon06"="d:\windows\system32\hphmon06.exe" [2006-01-07 622592]
"HP Software Update"="d:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"NBKeyScan"="d:\program files\Nero\Nero BackItUp 4\NBKeyScan.exe" [2008-09-24 2254120]
"LVCOMSX"="d:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="d:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"HPHped06"="d:\progra~1\HP\{BA2D9~1\pexpress\hphPED06.exe" [2004-12-16 339968]
"Nikon Transfer Monitor"="d:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-02-24 479232]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"ZoneAlarm Client"="d:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-10-17 1037192]
"RTHDCPL"="RTHDCPL.EXE" - d:\windows\RTHDCPL.EXE [2008-09-30 16864768]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - d:\windows\KHALMNPR.Exe [2008-12-19 76304]

d:\documents and settings\john\Start Menu\Programs\Startup\
Yankee Clipper III.lnk - d:\program files\YCIII\YankClip.exe [2009-5-24 1368064]

d:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - d:\program files\HP\digital imaging\bin\hpqtra08.exe [2004-11-4 258048]
Logitech SetPoint.lnk - d:\program files\Logitech\SetPoint\SetPoint.exe [2009-7-4 809488]
Subsonic.lnk - d:\program files\Subsonic\subsonic-agent.exe [2009-10-23 160768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explo rer]
"NoWinKeys"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-02-19 05:30 72208 ----a-w- d:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoa dGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ShellHWDetection"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="d:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"HPHUPD06"=d:\program files\HP\{BA2D9411-DBB4-43e4-9421-780413650A67}\hphupd06.exe
"LogitechVideoTray"=d:\program files\Logitech\Video\LogiTray.exe
"QuickTime Task"="d:\program files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"d:\\Program Files\\DNA\\btdna.exe"=
"d:\\Program Files\\BitTorrent\\bittorrent.exe"=
"d:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Documents and Settings\\john\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"d:\\Documents and Settings\\john\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"d:\\Program Files\\Winamp\\winamp.exe"=
"d:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"d:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"d:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"d:\\WINDOWS\\system32\\mmc.exe"=
"d:\\Documents and Settings\\Rose\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"d:\\Documents and Settings\\Rose\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"d:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"d:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"d:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"d:\\Program Files\\Folder Lock 6\\Folder Lock 6.exe"=
"d:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"d:\\Program Files\\Verizon\\Verizon Media Manager\\Release\\Verizon Media Manager.exe"=
"d:\\Program Files\\Adobe\\Adobe Dreamweaver CS4\\Dreamweaver.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Program Files\\Subsonic\\subsonic-service.exe"=
"d:\\Program Files\\Subsonic\\subsonic-agent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5353:TCP"= 5353:TCP:*

isabled:Adobe CSI CS4
"3703:TCP"= 3703:TCP:*

isabled:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:*

isabled:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:*

isabled:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:*

isabled:Adobe Version Cue CS4 Server

R1 ATMhelpr;ATMhelpr;d:\windows\system32\drivers\ATMHELPR.SYS [6/29/2009 10:26 PM 4064]
R2 fssfltr;FssFltr;d:\windows\system32\drivers\fssfltr_tdi.sys [4/5/2009 9:13 AM 55152]
R2 IntuitUpdateService;Intuit Update Service;d:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 4:45 AM 13088]
R2 LBeepKE;LBeepKE;d:\windows\system32\drivers\LBeepKE.sys [7/4/2009 11:06 PM 10384]
R2 WinFLdrv;WinFLdrv;d:\windows\system32\WinFLdrv.sys [10/20/2009 10:51 PM 10752]
R2 ZoneEdit Dynamic DNS Update;ZoneEdit Dynamic DNS Update;d:\program files\ZoneEditDynDNS\ZoneEditDynDNS.exe [2/2/2009 8:30 PM 40960]
R3 Dot4Usb HPH09;Dot4Usb HPH09;d:\windows\system32\drivers\hphius09.sys [2/11/2008 7:18 PM 18864]
S2 gupdate1c9bbe019fe2f6;Google Update Service (gupdate1c9bbe019fe2f6);d:\program files\Google\Update\GoogleUpdate.exe [4/12/2009 8:31 PM 133104]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;d:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 4:46 AM 284016]
S3 fsssvc;Windows Live Family Safety;d:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 5:08 PM 533360]
S3 GoogleDesktopManager-110408-113106;Google Desktop Manager 5.8.811.4345;d:\program files\Google\Google Desktop Search\GoogleDesktop.exe [4/11/2009 2:39 PM 30192]
S3 ntkvpn;Loki VPN Driver Service;d:\windows\system32\DRIVERS\ntkvpn.sys --> d:\windows\system32\DRIVERS\ntkvpn.sys [?]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;d:\windows\system32\drivers\nvhda32.sys --> d:\windows\system32\drivers\nvhda32.sys [?]
S3 pfsvgae;pfsvgae;\??\d:\docume~1\john\LOCALS~1\Temp\pfsvgae.sys --> d:\docume~1\john\LOCALS~1\Temp\pfsvgae.sys [?]
S3 slicedisk.sys;slicedisk.sys;d:\windows\system32\slicedisk.sys [7/20/2009 5:38 AM 8832]
S3 SliceDisk5;SliceDisk5;\??\d:\docume~1\john\LOCALS~1\Temp\FindAndMount\slice disk.sys --> d:\docume~1\john\LOCALS~1\Temp\FindAndMount\slicedisk.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-11-09 d:\windows\Tasks\GlaryInitialize.job
- d:\program files\Glary Utilities\initialize.exe [2009-04-05 21:55]

2009-11-09 d:\windows\Tasks\Google Software Updater.job
- d:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-13 02:30]

2009-11-09 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files\Google\Update\GoogleUpdate.exe [2009-04-13 02:31]

2009-11-09 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2009-04-13 02:31]

2009-11-08 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-1004336348-839522115-1003Core.job
- d:\documents and settings\john\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-12 19:26]

2009-11-09 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-1004336348-839522115-1003UA.job
- d:\documents and settings\john\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-12 19:26]

2009-11-07 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-1004336348-839522115-1005Core.job
- d:\documents and settings\Rose\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-04 11:34]

2009-11-09 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-1004336348-839522115-1005UA.job
- d:\documents and settings\Rose\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-04 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: Add to Google Photos Screensa&ver - d:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - d:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - d:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - d:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - d:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://d:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Fill Forms - file://d:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://d:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://d:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
Trusted Zone: utdallas.edu\webmail
DPF: {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} - hxxps://www36.verizon.com/CallAssistant/UnProtected/Voice%20Mail/VCAVMUtil.CAB
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://utdvpn.utdallas.edu/dana-cached/sc/JuniperSetupClient.cab
FF - ProfilePath - d:\documents and settings\john\Application Data\Mozilla\Firefox\Profiles\o8g8ihz1.BruceWayne\
FF - prefs.js: browser.search.selectedEngine - IMDB
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/|http://us.mg4.mail.yahoo.com/dc/launch?.gx=1&.rand=e6a9pmhmp9dvp|http://www.google.com/ig|https://mail.google.com/mail/?shva=1#inbox
FF - component: d:\documents and settings\john\Application Data\Mozilla\Firefox\Profiles\o8g8ihz1.BruceWayne\extensions\{DD43485F-44CC-4452-A6C6-69356A7E33DA}\platform\WINNT_x86-msvc\components\ahWinUtils_32.dll
FF - component: d:\program files\Mozilla Firefox 3.1 Beta 3\components\GoogleDesktopMozilla.dll
FF - component: d:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - plugin: d:\documents and settings\john\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: d:\documents and settings\john\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: d:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: d:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: d:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: d:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: d:\program files\Mozilla Firefox 3.1 Beta 3\plugins\npbittorrent.dll
FF - plugin: d:\program files\Mozilla Firefox 3.1 Beta 3\plugins\npWebLaunch.dll
FF - plugin: d:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
d:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

disk not found D:\

please note that you need administrator rights to perform deep scan
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(680)
d:\windows\system32\Ati2evxx.dll
d:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
d:\program files\common files\logishrd\bluetooth\LBTServ.dll
d:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(5876)
d:\windows\system32\WININET.dll
d:\program files\Logitech\SetPoint\GameHook.dll
d:\program files\Logitech\SetPoint\lgscroll.dll
d:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
d:\windows\system32\ieframe.dll
d:\windows\system32\webcheck.dll
d:\windows\system32\WPDShServiceObj.dll
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
d:\windows\system32\Ati2evxx.exe
d:\windows\system32\Ati2evxx.exe
d:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
d:\program files\Bonjour\mDNSResponder.exe
d:\program files\Juniper Networks\Common Files\dsNcService.exe
d:\windows\system32\inetsrv\inetinfo.exe
d:\program files\Java\jre6\bin\jqs.exe
d:\program files\McAfee\Common Framework\FrameworkService.exe
d:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
d:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
d:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
d:\program files\McAfee\Common Framework\naPrdMgr.exe
d:\program files\Winamp Remote\bin\OrbMediaService.exe
d:\program files\Nero\Nero BackItUp 4\IoctlSvc.exe
d:\windows\system32\HPZipm12.exe
d:\windows\system32\slserv.exe
d:\windows\System32\snmp.exe
d:\windows\system32\wbem\wmiapsrv.exe
d:\program files\Winamp Remote\bin\Orb.exe
d:\program files\McAfee\Common Framework\McTray.exe
d:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
d:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
d:\program files\iPod\bin\iPodService.exe
d:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
d:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2009-11-09 7:01 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-09 13:01
ComboFix2.txt 2008-07-24 02:16
ComboFix3.txt 2008-07-22 02:16
ComboFix4.txt 2008-07-20 17:10
ComboFix5.txt 2008-08-26 03:18

Pre-Run: 15,817,981,952 bytes free
Post-Run: 31,376,580,608 bytes free

- - End Of File - - 4D08798132AA8D336FFCAB36B73B729F

jharveytx · 09-Nov-2009, 08:58 AM #5

Updated HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:03:52 AM, on 11/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Juniper Networks\Common Files\dsNcService.exe
D:\WINDOWS\system32\inetsrv\inetinfo.exe
D:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\McAfee\Common Framework\FrameworkService.exe
D:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
D:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
D:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
D:\Program Files\Winamp Remote\bin\OrbMediaService.exe
D:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
D:\WINDOWS\system32\HPZipm12.exe
D:\Program Files\Winamp Remote\bin\OrbTray.exe
D:\WINDOWS\system32\slserv.exe
D:\WINDOWS\System32\snmp.exe
D:\WINDOWS\system32\svchost.exe
d:\program files\zoneeditdyndns\zoneeditdyndns.exe
D:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\Program Files\Winamp Remote\bin\Orb.exe
D:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
D:\Program Files\McAfee\Common Framework\UdaterUI.exe
D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
D:\Program Files\McAfee\Common Framework\McTray.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Qliner Hotkeys\HotKeys.exe
D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\WINDOWS\system32\LVCOMSX.EXE
D:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\DNA\btdna.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
D:\Program Files\HP\digital imaging\bin\hpqtra08.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\YCIII\YankClip.exe
D:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - D:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - D:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - D:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - D:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ShStatEXE] "D:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "D:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Google Desktop Search] "D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Google Quick Search Box] "D:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [googletalk] D:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [CloneCDTray] "D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [00Hotkeys] "D:\Program Files\Qliner Hotkeys\HotKeys.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "D:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] D:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [HPHmon06] D:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\Nero\Nero BackItUp 4\NBKeyScan.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HPHped06] D:\PROGRA~1\HP\{BA2D9~1\pexpress\hphPED06.exe
O4 - HKLM\..\Run: [Nikon Transfer Monitor] D:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "D:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [swg] "D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\john\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [CallStation] D:\Program Files\CallStation\CStation.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "D:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [RoboForm] "D:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Orb] D:\Program Files\Winamp Remote\bin\OrbTray.exe
O4 - Startup: Yankee Clipper III.lnk = D:\Program Files\YCIII\YankClip.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Subsonic.lnk = D:\Program Files\Subsonic\subsonic-agent.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://D:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append Link Target to Existing PDF - res://D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Customize Menu - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1238910362848
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} (IOBIVMUtil.VMDecoder) - https://www36.verizon.com/CallAssist.../VCAVMUtil.CAB
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupControlXP Class) - https://utdvpn.utdallas.edu/dana-cac...erSetupSP1.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://utdvpn.utdallas.edu/dana-cac...etupClient.cab
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - D:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - D:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.8.811.4345 (GoogleDesktopManager-110408-113106) - Google - D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c9bbe019fe2f6) (gupdate1c9bbe019fe2f6) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - D:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - D:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - D:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - D:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - D:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - D:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: OrbMediaService - Orb Networks - D:\Program Files\Winamp Remote\bin\OrbMediaService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - D:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
O23 - Service: Pml Driver - HP - D:\WINDOWS\system32\HPHipm09.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - D:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Subsonic - Unknown owner - D:\Program Files\Subsonic\subsonic-service.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - D:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: ZoneEdit Dynamic DNS Update - www.freymond.ca - d:\program files\zoneeditdyndns\zoneeditdyndns.exe

--
End of file - 16491 bytes

jharveytx · 11:33 PM

I'm still struggling with this as best as I can. I have downloaded and run Malwarebytes' Anti-Malware tool. Here is the log:

Malwarebytes' Anti-Malware 1.41
Database version: 3143
Windows 5.1.2600 Service Pack 3

11/10/2009 9:32:59 PM
mbam-log-2009-11-10 (21-32-59).txt

Scan type: Quick Scan
Objects scanned: 154292
Time elapsed: 5 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
D:\Documents and Settings\Maggie\My Documents\downloads\MyWebFaceSetup2.3.50.56.GRfox000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
D:\Documents and Settings\Maggie\My Documents\downloads\PopularScreensaversSetup2.3.50.49.ZRfox000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.

*************************************************************************** ***
As you can see, I removed the four infected items. I then re-ran it and it returned a clean bill of health.

Things have improved a bunch, but I am now seeing a remarkable slow down in my Internet connection. This may have been present earlier, but it seems to have gotten worse.

Here is my latest Hijack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:16:33 PM, on 11/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Juniper Networks\Common Files\dsNcService.exe
D:\WINDOWS\system32\inetsrv\inetinfo.exe
D:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\McAfee\Common Framework\FrameworkService.exe
D:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
D:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
D:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
D:\Program Files\Winamp Remote\bin\OrbMediaService.exe
D:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
D:\Program Files\Winamp Remote\bin\OrbTray.exe
D:\WINDOWS\system32\HPZipm12.exe
D:\WINDOWS\system32\slserv.exe
D:\WINDOWS\System32\snmp.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Subsonic\subsonic-service.exe
d:\program files\zoneeditdyndns\zoneeditdyndns.exe
D:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
D:\Program Files\McAfee\Common Framework\UdaterUI.exe
D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
D:\Program Files\McAfee\Common Framework\McTray.exe
D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Qliner Hotkeys\HotKeys.exe
D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
D:\WINDOWS\system32\hphmon06.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\WINDOWS\system32\LVCOMSX.EXE
D:\Program Files\Java\jre6\bin\jusched.exe
D:\PROGRA~1\HP\{BA2D9~1\pexpress\hphPED06.exe
D:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\CallStation\CStation.exe
D:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
D:\Program Files\CallStation\CStation.exe
D:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\WINDOWS\system32\slrundll.exe
D:\Program Files\HP\digital imaging\bin\hpqtra08.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\Program Files\Subsonic\subsonic-agent.exe
D:\Program Files\YCIII\YankClip.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
D:\Program Files\Winamp Remote\bin\Orb.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Mozilla Firefox 3.1 Beta 3\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - D:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - D:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - D:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - D:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ShStatEXE] "D:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "D:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Google Desktop Search] "D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Google Quick Search Box] "D:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [googletalk] D:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [CloneCDTray] "D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [00Hotkeys] "D:\Program Files\Qliner Hotkeys\HotKeys.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "D:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] D:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [HPHmon06] D:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\Nero\Nero BackItUp 4\NBKeyScan.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HPHped06] D:\PROGRA~1\HP\{BA2D9~1\pexpress\hphPED06.exe
O4 - HKLM\..\Run: [Nikon Transfer Monitor] D:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [BitTorrent DNA] "D:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [swg] "D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\john\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [CallStation] D:\Program Files\CallStation\CStation.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "D:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [RoboForm] "D:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: Yankee Clipper III.lnk = D:\Program Files\YCIII\YankClip.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Subsonic.lnk = D:\Program Files\Subsonic\subsonic-agent.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://D:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append Link Target to Existing PDF - res://D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Customize Menu - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1238910362848
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} (IOBIVMUtil.VMDecoder) - https://www36.verizon.com/CallAssist.../VCAVMUtil.CAB
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupControlXP Class) - https://utdvpn.utdallas.edu/dana-cac...erSetupSP1.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://utdvpn.utdallas.edu/dana-cac...etupClient.cab
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - D:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - D:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.8.811.4345 (GoogleDesktopManager-110408-113106) - Google - D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c9bbe019fe2f6) (gupdate1c9bbe019fe2f6) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - D:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - D:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - D:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - D:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - D:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - D:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: OrbMediaService - Orb Networks - D:\Program Files\Winamp Remote\bin\OrbMediaService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - D:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
O23 - Service: Pml Driver - HP - D:\WINDOWS\system32\HPHipm09.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - D:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Subsonic - Unknown owner - D:\Program Files\Subsonic\subsonic-service.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - D:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: ZoneEdit Dynamic DNS Update - www.freymond.ca - d:\program files\zoneeditdyndns\zoneeditdyndns.exe

--
End of file - 16949 bytes

Thanks in advance,

jeh

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)