OK here goes:
Thanks for all this btw...
My McAfee no longer tells me about a vundo trojan it can't fix. I get several run dll errors when I boot. Aside frim that all seems well.
ComboFix 08-05-01.3 - Owner 2008-05-07 19:07:43.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.144 [GMT -4:00]
Running from: F:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
F:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
F:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
F:\Documents and Settings\All Users\Application Data\Rabio
F:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\#SharedObjects\B6SBRY5K\www.broadcaster.com
F:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
F:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
F:\Program Files\Temporary
F:\WINDOWS\cookies.ini
F:\WINDOWS\PerfInfo
F:\WINDOWS\pskt.ini
F:\WINDOWS\system32\amrwhxwm.ini
F:\WINDOWS\system32\asks~1
F:\WINDOWS\system32\asks~1\?asks\
F:\WINDOWS\system32\bublbnsl.ini
F:\WINDOWS\system32\cdptomrc.ini
F:\WINDOWS\system32\cxmdawci.ini
f:\windows\system32\Drivers\Inr62.sys
F:\WINDOWS\system32\hmlvmnqp.ini
F:\WINDOWS\system32\ikpxkder.ini
F:\WINDOWS\system32\IRAaayay.ini
F:\WINDOWS\system32\IRAaayay.ini2
F:\WINDOWS\system32\oioqxjwh.ini
F:\WINDOWS\system32\pac.txt
F:\WINDOWS\system32\ploekaty.ini
F:\WINDOWS\system32\qXFPoXbc.ini
F:\WINDOWS\system32\qXFPoXbc.ini2
F:\WINDOWS\system32\sft.res
F:\WINDOWS\system32\vifhqomj.ini
F:\WINDOWS\system32\wfataxig.ini
F:\WINDOWS\system32\WLCtrl32.dl_
F:\WINDOWS\system32\WLCtrl32.dll
F:\WINDOWS\system32\yayaaARI.dll
F:\WINDOWS\system32\yGPrCfhk.ini
F:\WINDOWS\system32\yGPrCfhk.ini2
F:\WINDOWS\Web\def.htm
----- BITS: Possible infected sites -----
hxxp://80.93.48.74
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_INR62
-------\Service_Inr62
((((((((((((((((((((((((( Files Created from 2008-04-07 to 2008-05-07 )))))))))))))))))))))))))))))))
.
2008-05-01 23:01 . 2008-05-01 23:01 24,576 --a------ F:\WINDOWS\system32\VundoFixSVC.exe
2008-05-01 21:57 . 2008-05-01 21:57 8 --a------ F:\WINDOWS\system32\
0000fdec
2008-04-26 11:41 . 2008-04-26 11:41 <DIR> d-------- F:\Documents and Settings\Owner\Application Data\Motive
2008-04-26 11:35 . 2008-04-26 11:35 <DIR> d-------- F:\WINDOWS\system32\LogFiles
2008-04-26 08:46 . 2008-04-26 08:46 <DIR> d-------- F:\Program Files\Svconr
2008-04-26 08:33 . 2003-07-16 16:24 4,224 --a------ F:\WINDOWS\system32\beep.sys
2008-04-26 08:31 . 2008-04-26 08:31 <DIR> d-------- F:\WINDOWS\system32\xcsDd06
2008-04-26 08:31 . 2008-04-27 14:10 578 --a------ F:\WINDOWS\index.html
2008-04-24 17:12 . 2008-02-22 02:33 69,632 --a------ F:\WINDOWS\system32\javacpl.cpl
2008-04-24 15:43 . 2007-09-06 00:22 289,144 --a------ F:\WINDOWS\system32\VCCLSID.exe
2008-04-24 15:43 . 2006-04-27 17:49 288,417 --a------ F:\WINDOWS\system32\SrchSTS.exe
2008-04-24 15:43 . 2008-04-24 08:10 86,528 --a------ F:\WINDOWS\system32\VACFix.exe
2008-04-24 15:43 . 2008-04-23 22:14 82,944 --a------ F:\WINDOWS\system32\IEDFix.exe
2008-04-24 15:43 . 2008-04-23 22:14 82,944 --a------ F:\WINDOWS\system32\404Fix.exe
2008-04-24 15:43 . 2004-07-31 18:50 51,200 --a------ F:\WINDOWS\system32\dumphive.exe
2008-04-24 15:43 . 2007-10-04 00:36 25,600 --a------ F:\WINDOWS\system32\WS2Fix.exe
2008-04-24 15:40 . 2008-04-24 15:40 3,798 --a------ F:\WINDOWS\system32\tmp.reg
2008-04-24 15:23 . 2008-04-24 15:23 <DIR> d-------- F:\Documents and Settings\Administrator
2008-04-24 15:23 . 2008-05-07 19:07 1,024 --ah----- F:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-04-23 19:15 . 2008-05-06 09:50 <DIR> d-------- F:\VundoFix Backups
2008-04-23 14:04 . 2008-04-23 14:04 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\McAfee
2008-04-21 01:25 . 2008-05-03 08:38 109,738 --a------ F:\WINDOWS\BMcf339d83.xml
2008-04-20 14:36 . 2008-03-01 09:06 6,066,176 -----c--- F:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-20 14:36 . 2007-06-30 23:31 2,455,488 -----c--- F:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-04-20 14:36 . 2007-06-30 23:36 991,232 -----c--- F:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-04-20 14:36 . 2008-03-01 09:06 459,264 -----c--- F:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-20 14:36 . 2008-03-01 09:06 383,488 -----c--- F:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-20 14:36 . 2008-03-01 09:06 267,776 -----c--- F:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-20 14:36 . 2008-03-01 09:06 63,488 -----c--- F:\WINDOWS\system32\dllcache\icardie.dll
2008-04-20 14:36 . 2008-03-01 09:06 52,224 -----c--- F:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-20 14:36 . 2008-02-22 06:00 13,824 -----c--- F:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 14:32 . 2007-08-13 18:54 33,792 --a--c--- F:\WINDOWS\system32\dllcache\custsat.dll
2008-04-20 13:09 . 2008-05-06 16:59 1,061 --a------ F:\WINDOWS\wininit.ini
2008-04-20 12:14 . 2008-04-20 12:13 691,545 --a------ F:\WINDOWS\unins000.exe
2008-04-20 12:14 . 2008-04-20 12:14 2,542 --a------ F:\WINDOWS\unins000.dat
2008-04-20 11:11 . 2008-04-20 11:11 <DIR> d-------- F:\WINDOWS\mgwwgmke
2008-04-20 11:11 . 2008-04-23 20:48 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\rezgdwhm
2008-04-20 11:11 . 2008-04-20 11:11 192,512 --a------ F:\WINDOWS\qxkxgbgh.dll
2008-04-20 11:10 . 2008-04-20 11:10 398 --a------ F:\WINDOWS\system32\LE5C0.tmp
2008-04-20 11:10 . 2008-04-20 11:10 398 --a------ F:\WINDOWS\system32\LE504.tmp
2008-04-20 11:10 . 2008-04-20 11:10 398 --a------ F:\WINDOWS\system32\LE3BC.tmp
2008-04-20 11:10 . 2008-04-20 11:10 398 --a------ F:\WINDOWS\system32\LE310.tmp
2008-04-16 17:55 . 2004-08-04 03:56 159,232 --a------ F:\WINDOWS\system32\ptpusd.dll
2008-04-16 17:55 . 2004-08-04 01:58 15,104 --a------ F:\WINDOWS\system32\drivers\usbscan.sys
2008-04-16 17:55 . 2004-08-04 01:58 15,104 --a--c--- F:\WINDOWS\system32\dllcache\usbscan.sys
2008-04-16 17:55 . 2001-08-17 22:36 5,632 --a------ F:\WINDOWS\system32\ptpusb.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-07 23:04 --------- d-----w F:\Documents and Settings\Owner\Application Data\SlimBrowser
2008-05-06 12:51 --------- d-----w F:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-06 12:50 9,344 ----a-w F:\WINDOWS\system32\drivers\NSDriver.sys
2008-05-06 12:50 8,320 ----a-w F:\WINDOWS\system32\drivers\AWRTRD.sys
2008-05-06 11:06 --------- d-----w F:\Program Files\AIMTunes
2008-04-28 01:31 61,328 ----a-w F:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2008-04-27 17:28 --------- d-----w F:\Documents and Settings\All Users\Application Data\Motive
2008-04-24 21:12 --------- d-----w F:\Program Files\Java
2008-04-20 17:14 --------- d-----w F:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-20 16:42 --------- d-----w F:\Program Files\Spybot - Search & Destroy
2008-04-05 14:40 --------- d-----w F:\Documents and Settings\LocalService\Application Data\SlimBrowser
2008-03-22 17:38 --------- d-----w F:\Documents and Settings\Owner\Application Data\Apple Computer
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0A6F29BE-3471-4C70-855B-8D04DAC044ED}]
F:\WINDOWS\system32\cbXoPFXq.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{33FC22E2-3683-4701-9607-CC52DB2DF66F}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36C4671D-C266-4552-A37E-C90485B9D87C}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{39D9831A-862D-450D-8097-541459450C52}]
F:\WINDOWS\system32\khfCrPGy.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3AD0DE36-D3BD-40A3-A19D-6ECC908A8AE6}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45EA9988-8619-4E2A-89E8-0447F986E070}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{63F7460B-C831-4142-A4AA-5EC303EC4343}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{69709C25-DE35-4993-80AC-332399DA5360}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{811E2DE6-5045-49E1-B73D-8365DE8B374F}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872E2001-5F8A-44B9-871B-0CC4E83B2F6B}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8C31491B-CC1B-4F18-9E5B-D0654B8EFBF6}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{945BD018-E78E-4F47-BFE2-52EC69E5CB9B}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8EEB996-62AA-4E48-995D-EADDCAC47476}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B5DAAF2B-DE0E-40F0-BBCD-253212EF47F4}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C0BDC333-0F38-4A83-940B-43515473FF28}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-BBBB-4146-86FD-A722E8AB3489}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="F:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"Aim6"="F:\Program Files\AIM6\aim6.exe" [2007-09-29 16:22 50528]
"pyznpxpw"="F:\WINDOWS\system32\vwzqtyls.exe" [ ]
"SpybotSD TeaTimer"="F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"mcwkqhba"="F:\WINDOWS\system32\uryhahwd.exe" [ ]
"ctfmon.exe"="F:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"qwfckqme"="F:\WINDOWS\system32\gpevqpyj.exe" [ ]
"BMcf339d83"="F:\WINDOWS\system32\lqgarhcw.dll" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="F:\WINDOWS\System32\igfxtray.exe" [2003-04-07 00:19 155648]
"HotKeysCmds"="F:\WINDOWS\System32\hkcmd.exe" [2003-04-07 00:07 114688]
"MCAgentExe"="f:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29 303104]
"MCUpdateExe"="F:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 12:05 212992]
"VirusScan Online"="F:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 12:49 163840]
"VSOCheckTask"="F:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 18:18 151552]
"OASClnt"="F:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 22:02 53248]
"PDUiP6000DMon"="F:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exe" [2004-05-31 13:26 57344]
"PDUiP6000DTskbr"="F:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DTskbr.exe" [2004-05-28 09:29 69632]
"Microsoft Works Update Detection"="F:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-16 21:21 28672]
"QuickTime Task"="F:\PROGRA~1\QUICKT~1\qttask.exe" [2006-09-01 15:57 282624]
"iTunesHelper"="F:\Program Files\iTunes\iTunesHelper.exe" [2006-09-12 01:58 229952]
"SunJavaUpdateSched"="F:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Verizon_McciTrayApp"="F:\Program Files\Verizon\McciTrayApp.exe" [2007-09-28 14:30 936960]
"VerizonServicepoint.exe"="F:\Program Files\Verizon\VSP\VerizonServicepoint.exe" [2007-05-11 16:20 2061816]
"BMcf339d83"="F:\WINDOWS\system32\lqgarhcw.dll" [ ]
F:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
Microsoft Office.lnk - F:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"JB1IBJB1IB"= F:\Documents and Settings\All Users\Application Data\rezgdwhm\hmlelqbs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khFuVpNf]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljJAroPf]
ljJAroPf.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Inr62.sys]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"F:\\Program Files\\AIM\\aim.exe"=
"F:\\Program Files\\iTunes\\iTunes.exe"=
"F:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"F:\\Program Files\\AIM6\\aim6.exe"=
"F:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R2 Viewpoint Manager Service;Viewpoint Manager Service;"F:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{66186F05-BBBB-4a39-864F-72D84615C679}]
rundll32 sockots64.dll,InitModule
.
Contents of the 'Scheduled Tasks' folder
"2008-04-20 13:15:23 F:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- F:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-05-07 19:15:53
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
F:\WINDOWS\system32\drivers\clbdriver.sys 6656 bytes executable
F:\WINDOWS\system32\clbcatex.dll 110080 bytes executable
F:\WINDOWS\system32\clb.dll 10752 bytes executable
F:\WINDOWS\system32\clbcatq.dll 498688 bytes executable
F:\WINDOWS\system32\clbcfg.dat 1695 bytes
scan completed successfully
hidden files: 5
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\clbdriver]
"imagepath"="\??\globalroot\systemroot\system32\drivers\clbdriver.sys"
.
------------------------ Other Running Processes ------------------------
.
F:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
F:\Program Files\McAfee.com\Agent\Mcdetect.exe
F:\PROGRA~1\McAfee.com\VSO\McShield.exe
F:\PROGRA~1\McAfee.com\Agent\McTskshd.exe
F:\PROGRA~1\McAfee.com\VSO\McVSEscn.exe
F:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe
F:\Program Files\QuickTime\qttask.exe
F:\WINDOWS\system32\rundll32.exe
F:\WINDOWS\system32\rundll32.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\AIM6\aolsoftware.exe
F:\PROGRA~1\McAfee.com\VSO\mcvsftsn.exe
F:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
F:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-05-07 19:20:24 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2008-05-07 23:20:20
Pre-Run: 65,854,607,360 bytes free
Post-Run: 67,255,820,288 bytes free
237 --- E O F --- 2008-04-21 07:01:15
Logfile of HijackThis v1.99.1
Scan saved at 7:24:47 PM, on 5/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
F:\WINDOWS\system32\spoolsv.exe
f:\program files\mcafee.com\agent\mcdetect.exe
f:\PROGRA~1\mcafee.com\vso\mcshield.exe
f:\PROGRA~1\mcafee.com\agent\mctskshd.exe
f:\PROGRA~1\mcafee.com\vso\OasClnt.exe
f:\program files\mcafee.com\vso\mcvsshld.exe
f:\progra~1\mcafee.com\vso\mcvsescn.exe
F:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Viewpoint\Common\ViewpointService.exe
F:\WINDOWS\System32\hkcmd.exe
F:\PROGRA~1\mcafee.com\agent\mcagent.exe
F:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exe
F:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DTskbr.exe
F:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
F:\PROGRA~1\QUICKT~1\qttask.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
F:\Program Files\Verizon\McciTrayApp.exe
F:\Program Files\Verizon\VSP\VerizonServicepoint.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\AIM6\aim6.exe
F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\AIM6\aolsoftware.exe
f:\progra~1\mcafee.com\vso\mcvsftsn.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
F:\WINDOWS\explorer.exe
F:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://eihs.eischools.org/home.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157
O2 - BHO: (no name) - {0A6F29BE-3471-4C70-855B-8D04DAC044ED} - F:\WINDOWS\system32\cbXoPFXq.dll (file missing)
O2 - BHO: (no name) - {39D9831A-862D-450D-8097-541459450C52} - F:\WINDOWS\system32\khfCrPGy.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Microsoft copyright - {FFFFFFFF-BBBB-4146-86FD-A722E8AB3489} - sockots64.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - f:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - F:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [IgfxTray] F:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] F:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [MCAgentExe] f:\PROGRA~1\mcafee.com\agent\mcagent.exe files\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] F:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] F:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [VSOCheckTask] "F:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] F:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [PDUiP6000DMon] F:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exe
O4 - HKLM\..\Run: [PDUiP6000DTskbr] F:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DTskbr.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] F:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\PROGRA~1\QUICKT~1\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] F:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "F:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [BMcf339d83] Rundll32.exe "F:\WINDOWS\system32\lqgarhcw.dll",s
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "F:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [pyznpxpw] F:\WINDOWS\system32\vwzqtyls.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [mcwkqhba] F:\WINDOWS\system32\uryhahwd.exe
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [qwfckqme] F:\WINDOWS\system32\gpevqpyj.exe
O4 - HKCU\..\Run: [BMcf339d83] Rundll32.exe "F:\WINDOWS\system32\lqgarhcw.dll",s
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://F:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://F:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://F:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://F:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) -
https://activatemyfi...IOS/tgctlcm.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) -
http://lads.myspace....ploader1006.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) -
http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) -
http://upload.facebo...otoUploader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -
http://download.mcaf...,26/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - F:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: khFuVpNf - F:\WINDOWS\
O20 - Winlogon Notify: ljJAroPf - ljJAroPf.dll (file missing)
O20 - Winlogon Notify: WgaLogon - F:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - F:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: iPod Service - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - f:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - f:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - f:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - F:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Canon PIXMA iP6000D Memory Card Manager (PDUiP6000DMemCrdMgr) - CANON INC. - F:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - F:\Program Files\Viewpoint\Common\ViewpointService.exe
Uninstall List:
Ad-Aware 2007
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player ActiveX
Adobe Reader 7.0.8
Adobe Shockwave Player
AIM 6
AIMTunes (remove only)
AOL Instant Messenger
Apple Software Update
Canon PhotoRecord
Canon PIXMA iP6000D
Canon PIXMA iP6000D Memory Card Utility
Canon Utilities Easy-PhotoPrint
Dell ResourceCD
Easy-WebPrint
Fish Tycoon 1.0
Hijackthis 1.99.1
HijackThis 1.99.1
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
igLoader
Intel® Extreme Graphics Driver
Intel® PRO Network Adapters and Drivers
iTunes
J2SE Runtime Environment 5.0 Update 9
Java 6 Update 5
McAfee SecurityCenter
McAfee VirusScan
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Picture It! Photo 7.0
Microsoft Word 2002
Microsoft Works 2003 Setup Launcher
Microsoft Works 7.0
Microsoft Works Suite Add-in for Microsoft Word
QuickTime
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 8 (KB917734)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
SlimBrowser (remove only)
SoundMAX
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Verizon Online Help and Support
Verizon Servicepoint 1.5.12
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
Edited by sagiter, 07 May 2008 - 05:37 PM.