ComboFix 08-01-07.5 - Mark 2008-01-09 9:01:56.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2630 [GMT -5:00]
Running from: C:\Documents and Settings\Mark\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Mark\Desktop\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\PROGRAM FILES\WINUPDATER
D:\PROGRAM FILES\MYWEBSEARCH
D:\PROGRAM FILES\MYWEBSEARCH\bar\1.bin\F3BKGERR.JPG
D:\PROGRAM FILES\MYWEBSEARCH\bar\1.bin\F3CJPEG.DLL
D:\PROGRAM FILES\MYWEBSEARCH\bar\1.bin\F3DTACTL.DLL
D:\PROGRAM FILES\MYWEBSEARCH\bar\1.bin\F3HISTSW.DLL
D:\PROGRAM FILES\MYWEBSEARCH\bar\1.bin\F3HTMLMU.DLL
D:\PROGRAM FILES\MYWEBSEARCH\bar\1.bin\F3HTTPCT.DLL
D:\PROGRAM FILES\MYWEBSEARCH\bar\1.bin\F3IMSTUB.DLL
D:\PROGRAM FILES\MYWEBSEARCH\bar\1.bin\F3POPSWT.DLL
D:\PROGRAM FILES\MYWEBSEARCH\bar\1.bin\F3PSSAVR.SCR
D:\PROGRAM FILES\MYWEBSEARCH\bar\1.bin\F3REPROX.DLL
D:\PROGRAM FILES\MYWEBSEARCH\bar\1.bin\F3RESTUB.DLL
D:\PROGRAM FILES\MYWEBSEARCH\bar\1.bin\F3SCHMON.EXE
D:\PROGRAM FILES\MYWEBSEARCH\bar\1.bin\F3SCRCTR.DLL
D:\PROGRAM FILES\MYWEBSEARCH\bar\1.bin\F3SHLLVW.DLL
D:\PROGRAM FILES\MYWEBSEARCH\bar\1.bin\F3SPACER.WMV
D:\PROGRAM FILES\MYWEBSEARCH\bar\1.bin\F3WALLPP.DAT
D:\PROGRAM FILES\MYWEBSEARCH\bar\1.bin\F3WPHOOK.DLL
D:\PROGRAM FILES\MYWEBSEARCH\bar\1.bin\M3FFXTBR.JAR
D:\PROGRAM FILES\MYWEBSEARCH\bar\1.bin\M3FFXTBR.MANIFEST
D:\PROGRAM FILES\MYWEBSEARCH\bar\1.bin\M3HTML.DLL
D:\PROGRAM FILES\MYWEBSEARCH\bar\1.bin\M3IDLE.DLL
D:\PROGRAM FILES\MYWEBSEARCH\bar\1.bin\M3NTSTBR.JAR
D:\PROGRAM FILES\MYWEBSEARCH\bar\1.bin\M3NTSTBR.MANIFEST
D:\PROGRAM FILES\MYWEBSEARCH\bar\1.bin\M3OUTLCN.DLL
D:\PROGRAM FILES\MYWEBSEARCH\bar\1.bin\M3PLUGIN.DLL
D:\PROGRAM FILES\MYWEBSEARCH\bar\1.bin\M3SKIN.DLL
D:\PROGRAM FILES\MYWEBSEARCH\bar\1.bin\M3SKPLAY.EXE
D:\PROGRAM FILES\MYWEBSEARCH\bar\1.bin\MWSBAR.DLL
D:\PROGRAM FILES\MYWEBSEARCH\bar\1.bin\MWSOEPLG.DLL
D:\PROGRAM FILES\MYWEBSEARCH\bar\1.bin\MWSOESTB.DLL
D:\PROGRAM FILES\MYWEBSEARCH\bar\1.bin\NPMYWEBS.DLL
D:\PROGRAM FILES\MYWEBSEARCH\bar\Cache\
019A7FD4
D:\PROGRAM FILES\MYWEBSEARCH\bar\Cache\
019A8C09.bin
D:\PROGRAM FILES\MYWEBSEARCH\bar\Cache\
019A8D51.bin
D:\PROGRAM FILES\MYWEBSEARCH\bar\Cache\
019A8EE7.bin
D:\PROGRAM FILES\MYWEBSEARCH\bar\Cache\
019A904F.bin
D:\PROGRAM FILES\MYWEBSEARCH\bar\Cache\
04EE02F3.bin
D:\PROGRAM FILES\MYWEBSEARCH\bar\Cache\
04EE062F.bin
D:\PROGRAM FILES\MYWEBSEARCH\bar\Cache\
04EE07D5.bin
D:\PROGRAM FILES\MYWEBSEARCH\bar\Cache\
04EE0A17.bin
D:\PROGRAM FILES\MYWEBSEARCH\bar\Cache\
0EE2825B
D:\PROGRAM FILES\MYWEBSEARCH\bar\Cache\files.ini
D:\PROGRAM FILES\MYWEBSEARCH\bar\Game\CHECKERS.F3S
D:\PROGRAM FILES\MYWEBSEARCH\bar\Game\CHESS.F3S
D:\PROGRAM FILES\MYWEBSEARCH\bar\Game\REVERSI.F3S
D:\PROGRAM FILES\MYWEBSEARCH\bar\History\search2
D:\PROGRAM FILES\MYWEBSEARCH\bar\Settings\prevcfg2.htm
D:\PROGRAM FILES\MYWEBSEARCH\bar\Settings\s_pid.dat
D:\PROGRAM FILES\MYWEBSEARCH\SrchAstt\1.bin\MWSSRCAS.DLL
.
((((((((((((((((((((((((( Files Created from 2007-12-09 to 2008-01-09 )))))))))))))))))))))))))))))))
.
2008-01-09 08:49 . 2008-01-09 08:49 <DIR> d-------- C:\WINDOWS\LastGood
2008-01-08 07:47 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-07 10:52 . 2008-01-07 10:52 <DIR> d-------- C:\Documents and Settings\Mark\Application Data\SUPERAntiSpyware.com
2008-01-07 10:52 . 2008-01-07 10:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-07 10:51 . 2008-01-07 10:51 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-03 14:11 . 2008-01-07 17:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-02 09:49 . 2008-01-02 09:49 <DIR> d-------- C:\Documents and Settings\Mark\Application Data\Stamps.com Internet Postage
2008-01-01 19:45 . 2008-01-01 19:45 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-01 17:32 . 2008-01-01 17:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{B0AFCE64-DF3F-4824-8985-B21DB0EEE07B}
2008-01-01 17:32 . 2008-01-01 17:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{8737778F-82C6-4680-A660-E8B2B8C8C22B}
2008-01-01 17:31 . 2008-01-01 17:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{876C6265-922D-4EF3-A784-71D72FF033C0}
2008-01-01 17:31 . 2008-01-02 09:49 36 --ah----- C:\WINDOWS\system32\f9t.dat
2007-12-31 17:03 . 2007-12-31 17:03 0 --a------ C:\WINDOWS\QuickInstall.INI
2007-12-31 16:54 . 2007-12-31 16:54 0 --a------ C:\WINDOWS\QUICKI~1.INI
2007-12-31 16:42 . 2007-12-31 16:42 <DIR> d-------- C:\Documents and Settings\Mark\Application Data\Leadertech
2007-12-31 16:20 . 2007-12-31 16:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HotSync
2007-12-31 16:19 . 2007-12-31 16:18 53,248 --a------ C:\WINDOWS\PalmDevC.dll
2007-12-31 16:18 . 2007-12-31 16:18 <DIR> d-------- C:\Documents and Settings\Mark\Application Data\HotSync
2007-12-28 19:42 . 2007-12-28 19:42 <DIR> d-------- C:\Program Files\Sun
2007-12-28 19:13 . 2008-01-01 19:08 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-28 19:10 . 2008-01-08 20:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2007-12-28 18:15 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-28 10:52 . 2007-12-28 10:52 <DIR> d-------- C:\Program Files\DIFX
2007-12-28 10:52 . 2006-05-24 10:42 102,400 --a------ C:\WINDOWS\system32\FTLang.dll
2007-12-28 10:52 . 2006-05-18 09:49 61,067 --a------ C:\WINDOWS\system32\drivers\ftser2k.sys
2007-12-28 10:52 . 2006-05-19 11:51 33,360 --a------ C:\WINDOWS\system32\ftserui2.dll
2007-12-28 10:51 . 2006-05-24 10:40 188,416 --a------ C:\WINDOWS\system32\ftdiunin.exe
2007-12-28 10:51 . 2006-05-24 10:45 176,128 --a------ C:\WINDOWS\system32\ftd2xx.dll
2007-12-28 10:51 . 2006-05-24 10:47 106,496 --a------ C:\WINDOWS\system32\ftbusui.dll
2007-12-28 10:51 . 2006-05-18 09:48 47,249 --a------ C:\WINDOWS\system32\drivers\ftdibus.sys
2007-12-28 10:51 . 2006-05-24 11:04 133 --a------ C:\WINDOWS\system32\ftdiun2k.ini
2007-12-25 11:37 . 2007-12-25 11:37 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared
2007-12-25 11:16 . 2007-12-25 11:01 116,971 --------- C:\WINDOWS\hpoins11.dat.temp
2007-12-25 11:16 . 2006-04-10 14:03 38,400 --a------ C:\WINDOWS\system32\hpz3l054.dll
2007-12-25 11:16 . 2007-04-18 19:42 11,634 --------- C:\WINDOWS\hpomdl11.dat.temp
2007-12-25 11:00 . 2007-12-25 11:58 117,443 --a------ C:\WINDOWS\hpoins11.dat
2007-12-24 12:47 . 2007-12-24 12:47 <DIR> d-------- C:\Program Files\Savings Bond Wizard
2007-12-24 12:47 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2007-12-20 09:36 . 2007-12-20 09:36 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-12-19 18:15 . 2007-12-22 17:09 <DIR> d-------- C:\Documents and Settings\Mark\Application Data\HP
2007-12-19 18:10 . 2007-12-19 18:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2007-12-19 18:03 . 2007-12-19 18:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2007-12-19 17:55 . 2007-12-19 17:55 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-12-19 17:47 . 2005-03-15 14:36 77,824 -ra------ C:\WINDOWS\system32\hpzids01.dll
2007-12-19 17:47 . 2005-05-05 08:51 37,376 --a------ C:\WINDOWS\system32\hpz3l3xu.dll
2007-12-19 17:46 . 2006-04-12 19:02 827,392 --a------ C:\WINDOWS\system32\hpotiop2.dll
2007-12-19 17:46 . 2005-04-07 20:50 278,528 -ra------ C:\WINDOWS\system32\hpowiamd.dll
2007-12-19 17:46 . 2006-04-12 19:02 254,026 --a------ C:\WINDOWS\system32\hpovst09.dll
2007-12-15 15:05 . 2007-06-15 18:50 1,971,784 --a------ C:\WINDOWS\system32\cdintf251.dll
2007-12-15 14:57 . 2007-12-15 14:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Invoices & Estimates Pro
2007-12-10 12:11 . 2007-12-10 12:11 <DIR> d-------- C:\Documents and Settings\Mark\Application Data\McAfee
2007-12-09 19:13 . 2007-12-09 19:13 <DIR> d-------- C:\Program Files\Windows Defender
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-09 01:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-01-06 13:10 --------- d-----w C:\Program Files\McAfee
2008-01-01 23:56 --------- d-----w C:\Program Files\SiteAdvisor
2007-12-31 21:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-31 21:18 16,694 ----a-w C:\WINDOWS\system32\drivers\PalmUSBD.sys
2007-12-29 00:41 --------- d-----w C:\Program Files\Java
2007-12-29 00:12 --------- d-----w C:\Program Files\Google
2007-12-28 22:18 --------- d-----w C:\Documents and Settings\Mark\Application Data\Uniblue
2007-12-25 16:35 --------- d-----w C:\Program Files\Common Files\HP
2007-12-19 22:51 --------- d-----w C:\Program Files\HP
2007-12-15 19:56 --------- d-----w C:\Documents and Settings\Mark\Application Data\Nova Development
2007-12-15 19:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-15 00:16 103,064 ----a-w C:\Documents and Settings\Mark\Application Data\GDIPFONTCACHEV1.DAT
2007-12-15 00:04 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-10 17:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-12-10 01:21 --------- d-----w C:\Documents and Settings\Mark\Application Data\System Tweaker
2007-12-05 12:45 --------- d-----w C:\Documents and Settings\Mark\Application Data\Azureus
2007-11-30 14:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2007-11-25 13:29 --------- d-----w C:\Program Files\laughnetwork
2007-11-16 23:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Broderbund Software
2007-11-16 23:37 --------- d-----w C:\Program Files\Common Files\Broderbund
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-11 00:17 --------- d-----w C:\Program Files\Common Files\McAfee
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2006-02-19 08:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.
((((((((((((((((((((((((((((( snapshot@2008-01-08_ 7.51.33.85 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-08 12:41:05 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-01-09 13:47:50 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-01-08 12:41:05 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-01-09 13:47:50 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-01-08 12:41:05 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-09 13:47:50 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpySweeper"="" []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 18:03 152872]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-10-22 07:58 1885464]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"Uniblue SpeedUpMyPC"="" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-28 19:10 68856]
"SUPERAntiSpyware"="I:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
"E6TaskPanel"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" [2005-09-01 17:24 942080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 05:20 77824 C:\WINDOWS\SOUNDMAN.EXE]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 07:38 241664]
"DXDllRegExe"="dxdllreg.exe" []
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 13:43 45056]
"HydraVisionDesktopManager"="C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2003-09-15 20:00 270336]
"HydraVisionViewport"="C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraMD.exe" [2003-09-15 20:00 364544]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"QuickTime Task"="E:\Quicktime\QTTask.exe" [2007-06-29 05:24 286720]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 20:08 813912]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 18:52 849280]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"Adobe Reader Speed Launcher"="I:\adobe\reader8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-12-28 19:12 29744]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-08-24 16:57 36640]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-12-28 19:10:19]
HotSync Manager.lnk - I:\Program Files\palmOne\Hotsync.exe [2004-06-09 14:16:08]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 07:56:20]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 14:40:46]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideShutdownScripts"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuMFUprogramsList"= 1 (0x1)
"MaxRecentDocs"= 99 (0x63)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= I:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
I:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 I:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightLAN 01]
-ra------ 2005-08-10 20:10 380928 C:\Program Files\EarthLink TotalAccess\FastLane2\IPClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightMonitor 01]
-ra------ 2005-08-10 20:10 122880 C:\Program Files\EarthLink TotalAccess\FastLane2\IPMon32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 11:24 1694208 C:\Program Files\Messenger\MSMSGS.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 14:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 05:24 286720 E:\Quicktime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor]
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
R0 iteraid;ITERAID_Service_Install;C:\WINDOWS\system32\DRIVERS\iteraid.sys [2004-05-31 21:19]
R2 EarthLinkMonitor;EarthLink Monitor Service;C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe [2005-01-26 10:47]
S2 0255131199886557mcinstcleanup;McAfee Application Installer Cleanup (0255131199886557);C:\WINDOWS\TEMP\
025513~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog []
S3 BW2NDIS5;BW2NDIS5;C:\WINDOWS\system32\Drivers\BW2NDIS5.sys [2004-11-01 13:16]
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2007-09-29 08:58]
S3 GoogleDesktopManager-093007-112848;Google Desktop Manager 5.5.709.30344;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-12-28 19:12]
S3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\drivers\lccfltr.sys [2004-03-03 08:50]
.
Contents of the 'Scheduled Tasks' folder
"2007-12-18 21:37:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-09-09 19:41:30 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2007-09-09 19:41:29 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2007-11-06 16:18:26 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job"
- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
"2007-11-06 16:18:25 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IType_exe.job"
- C:\Program Files\Microsoft IntelliType Pro\itype.exe
"2008-01-09 13:45:32 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-01-07 22:38:26 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- i:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-12-28 22:18:48 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- i:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-01-09 13:42:36 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- i:\Program Files\XoftSpySE\XoftSpy.exe
"2008-01-03 18:43:48 C:\WINDOWS\Tasks\XoftSpySE.job"
- i:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-01-09 09:05:18
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-09 9:05:49
ComboFix-quarantined-files.txt 2008-01-09 14:05:46
ComboFix2.txt 2008-01-08 12:51:59
.
2008-01-04 13:00:25 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:09:39 AM, on 1/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraMD.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\WINDOWS\system32\ctfmon.exe
I:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\SearchIndexer.exe
I:\Program Files\palmOne\Hotsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.earthlink...ton/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://start.earthlink.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://start.earthlink.net
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: EarthLink ScamBlocker V2 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [HydraVisionViewport] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraMD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Quicktime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "I:\adobe\reader8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] I:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HotSync Manager.lnk = I:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open Client to monitor &1 - C:\WINDOWS\web\AOpenClient.htm
O8 - Extra context menu item: Open Client to monitor &2 - C:\WINDOWS\web\AOpenClient.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) -
http://download.giga...bject/Dldrv.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.mi...b?1189360115937
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - I:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: McAfee Application Installer Cleanup (0255131199886557) (0255131199886557mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\025513~1.EXE (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
--
End of file - 12142 bytes
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 
This topic is locked
