Unsolved
This post is more than 5 years old
4 Posts
0
2093
Google Redirects + creates pop-ups...Please Help
Currently having an issue when opening Google. The page either redirects or a pop-up shows up. McAfee has found several Trojans. Any help would be great. Thanks!
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 6:20:22 PM, on 14/12/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Safe mode
Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=73&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=73&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Automated Content Enhancer - {1D74E9DD-8987-448b-B2CB-67FFF2B8A932} - C:\Program Files\Automated Content Enhancer\4.1.0.5260\ACEIEAddOn.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll
O2 - BHO: Customized Platform Advancer - {42C7C39F-3128-4a17-BDB7-91C46032B5B9} - C:\Program Files\Customized Platform Advancer\4.1.0.1850\CPAIEAddOn.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Content Management Wizard - {B72681C0-A222-4b21-A0E2-53A5A5CA3D41} - C:\Program Files\Content Management Wizard\1.1.0.1990\CMWIE.dll
O2 - BHO: Textual Content Provider - {CAC89FF9-34A9-4431-8CFE-292A47F843BC} - C:\Program Files\Textual Content Provider\1.1.0.1810\TCPIE.dll
O2 - BHO: Web Search Operator - {EB4A577D-BCAD-4b1c-8AF2-9A74B8DD3431} - C:\Program Files\Web Search Operator\4.1.0.1990\wso.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: LimeWire On Startup.lnk = D:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: WordWeb Pro.lnk = D:\Program Files\WordWeb\wweb32.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuestService Service - Unknown owner - C:\ProgramData\QuestService\questservice129.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
--
End of file - 13683 bytes
bamajim
10.4K Posts
0
December 15th, 2009 17:00
1. Go HERE and download File Lister.
Rt Click ->> Extract all ->> And extract it to your Desktop
Additional help on extracting zip files can be found HERE
Open the File Lister Folder.
Note: Leave the FileLister.vbe file in the folder and run it from there.
Rt Click FileLister.vbe ->>Select Open Then Open to confirm.
As the program runs, it will appear that nothing is happening.
When the program is fnished it will produce a log for you C:\Files.txt
Copy and paste the contents of that log in your reply.
alex.anton
4 Posts
0
December 16th, 2009 14:00
bamajim,
This is the log. God Bless you!
++++++++++++++++++++++++++++++++++
+ File Lister Version 1.1.2 +
+ +
+ By bamajim / SpywareHammer.com +
++++++++++++++++++++++++++++++++++
Report ran on --->>> 16/12/2009 5:11:10 PM
====== Running Processes ======
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\Explorer.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\System32\WScript.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
====== BHO's ======
BHO: (NO NAME) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Automated Content Enhancer - {1D74E9DD-8987-448b-B2CB-67FFF2B8A932} - C:\Program Files\Automated Content Enhancer\4.1.0.5260\ACEIEAddOn.dll
BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll
BHO: Customized Platform Advancer - {42C7C39F-3128-4a17-BDB7-91C46032B5B9} - C:\Program Files\Customized Platform Advancer\4.1.0.1850\CPAIEAddOn.dll
BHO: (NO NAME) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
BHO: (NO NAME) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
BHO: (NO NAME) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: (NO NAME) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
BHO: Content Management Wizard - {B72681C0-A222-4b21-A0E2-53A5A5CA3D41} - C:\Program Files\Content Management Wizard\1.1.0.1990\CMWIE.dll
BHO: Textual Content Provider - {CAC89FF9-34A9-4431-8CFE-292A47F843BC} - C:\Program Files\Textual Content Provider\1.1.0.1810\TCPIE.dll
BHO: Web Search Operator - {EB4A577D-BCAD-4b1c-8AF2-9A74B8DD3431} - C:\Program Files\Web Search Operator\4.1.0.1990\wso.dll
BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
====== HKLM\~\Run Keys ======
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
[Windows Defender] = %ProgramFiles%\Windows Defender\MSASCui.exe -hide
[SMSERIAL] = C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
[SynTPEnh] = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[IgfxTray] = C:\Windows\system32\igfxtray.exe
[HotKeysCmds] = C:\Windows\system32\hkcmd.exe
[Persistence] = C:\Windows\system32\igfxpers.exe
[RtHDVCpl] = C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
[IAAnotif] = C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
[QPService] = "C:\Program Files\HP\QuickPlay\QPService.exe"
[QlbCtrl] = %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
[HP Health Check Scheduler] = C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
[hpWirelessAssistant] = %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
[WAWifiMessage] = %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
[HP Software Update] = C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
[SunJavaUpdateSched] = "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
[NvCplDaemon] = RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
[NvMediaCenter] = RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
[mcagent_exe] = "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
[McENUI] = C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
[GrooveMonitor] = "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
[QuickTime Task] = "C:\Program Files\QuickTime\QTTask.exe" -atboottime
[iTunesHelper] = "C:\Program Files\iTunes\iTunesHelper.exe"
[NWEReboot] =
[PWRISOVM.EXE] = D:\Program Files\PowerISO\PWRISOVM.EXE
[NeroFilterCheck] = C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[Adobe Acrobat Speed Launcher] = "D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
[Acrobat Assistant 8.0] = "D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
[MSConfig] = "C:\Windows\system32\msconfig.exe" /auto
====== HKCU\~\Run Keys ======
[Sidebar] = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
[Skype] = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
====== DNS Info (List may be empty) ======
HKEY_LOCAL_MACHINE\CCS\~\{5808130B-8483-414C-AA5A-5B35204908F6}\ NameServer=
HKEY_LOCAL_MACHINE\CCS\~\{8349D161-D1B2-4843-8F52-E2C0B17DA59D}\ NameServer=
HKEY_LOCAL_MACHINE\CCS\~\{9888FC70-6947-4494-9CB4-A2738070102E}\ NameServer=
HKEY_LOCAL_MACHINE\CCS\~\{A5907A00-B7EB-4E03-B06C-2B4C1499884B}\ NameServer=
HKEY_LOCAL_MACHINE\CCS\~\{C874A7A3-9546-4572-BD6C-9CB873DD1B5A}\ NameServer=
HKEY_LOCAL_MACHINE\CS001\~\{5808130B-8483-414C-AA5A-5B35204908F6}\ NameServer=
HKEY_LOCAL_MACHINE\CS001\~\{8349D161-D1B2-4843-8F52-E2C0B17DA59D}\ NameServer=
HKEY_LOCAL_MACHINE\CS001\~\{9888FC70-6947-4494-9CB4-A2738070102E}\ NameServer=
HKEY_LOCAL_MACHINE\CS001\~\{A5907A00-B7EB-4E03-B06C-2B4C1499884B}\ NameServer=
HKEY_LOCAL_MACHINE\CS001\~\{C874A7A3-9546-4572-BD6C-9CB873DD1B5A}\ NameServer=
HKEY_LOCAL_MACHINE\CS002\~\{5808130B-8483-414C-AA5A-5B35204908F6}\ NameServer=
HKEY_LOCAL_MACHINE\CS002\~\{8349D161-D1B2-4843-8F52-E2C0B17DA59D}\ NameServer=
HKEY_LOCAL_MACHINE\CS002\~\{9888FC70-6947-4494-9CB4-A2738070102E}\ NameServer=
HKEY_LOCAL_MACHINE\CS002\~\{A5907A00-B7EB-4E03-B06C-2B4C1499884B}\ NameServer=
HKEY_LOCAL_MACHINE\CS002\~\{C874A7A3-9546-4572-BD6C-9CB873DD1B5A}\ NameServer=
====== Folders and Files from "%\" and "%\Windows" Created Last 60 Days ======
16/12/2009 4:57:01 PM 0 32 C:\Files.txt
04/12/2009 7:54:31 PM 0 39 C:\IO.SYS
04/12/2009 7:54:31 PM 0 39 C:\MSDOS.SYS
14/12/2009 6:17:09 PM 54272 C:\WINDOWS\pss
04/12/2009 9:53:58 PM 26817 32 C:\WINDOWS\DirectX.log
16/12/2009 5:06:33 PM 8212 32 C:\WINDOWS\mfebcdata
26/11/2009 3:01:18 AM 285494 32 C:\WINDOWS\msxml4-KB973688-enu.LOG
16/12/2009 5:10:28 PM 69 32 C:\WINDOWS\NeroDigital.ini
25/11/2009 5:45:10 PM 690 32 C:\WINDOWS\setupact.log
25/11/2009 5:45:10 PM 0 32 C:\WINDOWS\setuperr.log
23/10/2009 11:23:17 AM 32768 32 C:\WINDOWS\URCACM.EXE
22/10/2009 1:14:32 PM 144725 C:\WINDOWS\System32\DRVSTORE
22/10/2009 1:14:32 PM 144725 C:\WINDOWS\System32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C
22/10/2009 1:14:32 PM 133968 C:\WINDOWS\System32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86
09/12/2009 3:10:50 AM 72704 32 C:\WINDOWS\System32\admparse.dll
05/12/2009 12:20:32 AM 45392 33 C:\WINDOWS\System32\AdobePDF.dll
05/12/2009 12:20:32 AM 22872 33 C:\WINDOWS\System32\AdobePDFUI.dll
09/12/2009 3:10:51 AM 124928 32 C:\WINDOWS\System32\advpack.dll
04/12/2009 9:54:35 PM 2323664 32 C:\WINDOWS\System32\d3dx9_28.dll
04/12/2009 9:54:37 PM 2388176 32 C:\WINDOWS\System32\d3dx9_30.dll
28/10/2009 8:01:45 PM 4096 32 C:\WINDOWS\System32\dxmasf.dll
09/12/2009 3:10:48 AM 347136 32 C:\WINDOWS\System32\dxtmsft.dll
09/12/2009 3:10:48 AM 214528 32 C:\WINDOWS\System32\dxtrans.dll
20/10/2009 2:03:02 AM 428032 32 C:\WINDOWS\System32\EncDec.dll
22/10/2009 1:14:33 PM 107368 32 C:\WINDOWS\System32\GEARAspi.dll
09/12/2009 3:10:44 AM 389120 32 C:\WINDOWS\System32\html.iec
09/12/2009 3:07:52 AM 31232 32 C:\WINDOWS\System32\httpapi.dll
09/12/2009 3:10:40 AM 63488 32 C:\WINDOWS\System32\icardie.dll
09/12/2009 3:10:37 AM 70656 32 C:\WINDOWS\System32\ie4uinit.exe
09/12/2009 3:10:50 AM 230400 32 C:\WINDOWS\System32\ieaksie.dll
09/12/2009 3:10:50 AM 161792 32 C:\WINDOWS\System32\ieakui.dll
09/12/2009 3:10:49 AM 380928 32 C:\WINDOWS\System32\ieapfltr.dll
09/12/2009 3:10:50 AM 385024 32 C:\WINDOWS\System32\iedkcs32.dll
09/12/2009 3:10:44 AM 78336 32 C:\WINDOWS\System32\ieencode.dll
09/12/2009 3:10:46 AM 6067200 32 C:\WINDOWS\System32\ieframe.dll
09/12/2009 3:10:37 AM 44544 32 C:\WINDOWS\System32\iernonce.dll
09/12/2009 3:10:37 AM 268288 32 C:\WINDOWS\System32\iertutil.dll
09/12/2009 3:10:36 AM 56320 32 C:\WINDOWS\System32\iesetup.dll
09/12/2009 3:10:46 AM 180736 32 C:\WINDOWS\System32\ieui.dll
09/12/2009 3:10:39 AM 26624 32 C:\WINDOWS\System32\ieUnatt.exe
09/12/2009 3:10:40 AM 1830912 32 C:\WINDOWS\System32\inetcpl.cpl
09/12/2009 3:10:48 AM 27648 32 C:\WINDOWS\System32\jsproxy.dll
20/10/2009 2:03:02 AM 1244672 32 C:\WINDOWS\System32\mcmde.dll
20/10/2009 2:03:01 AM 68608 32 C:\WINDOWS\System32\Mpeg2Data.ax
20/10/2009 2:03:02 AM 177152 32 C:\WINDOWS\System32\mpg2splt.ax
18/10/2009 2:39:51 PM 60928 32 C:\WINDOWS\System32\msasn1.dll
20/10/2009 2:03:01 AM 57856 32 C:\WINDOWS\System32\MSDvbNP.ax
28/10/2009 8:01:45 PM 4096 32 C:\WINDOWS\System32\msdxm.ocx
09/12/2009 3:10:47 AM 459264 32 C:\WINDOWS\System32\msfeeds.dll
09/12/2009 3:10:43 AM 3598336 32 C:\WINDOWS\System32\mshtml.dll
09/12/2009 3:10:42 AM 1383424 32 C:\WINDOWS\System32\mshtml.tlb
09/12/2009 3:10:44 AM 477696 32 C:\WINDOWS\System32\mshtmled.dll
09/12/2009 3:10:44 AM 48128 32 C:\WINDOWS\System32\mshtmler.dll
20/10/2009 2:03:02 AM 80896 32 C:\WINDOWS\System32\MSNP.ax
09/12/2009 3:10:41 AM 671232 32 C:\WINDOWS\System32\mstime.dll
19/10/2009 11:27:44 AM 216576 32 C:\WINDOWS\System32\msv1_0.dll
26/11/2009 3:04:59 AM 1260032 32 C:\WINDOWS\System32\msxml3.dll
26/11/2009 3:04:59 AM 2048 32 C:\WINDOWS\System32\msxml3r.dll
26/11/2009 3:04:59 AM 1406464 32 C:\WINDOWS\System32\msxml6.dll
26/11/2009 3:04:59 AM 2048 32 C:\WINDOWS\System32\msxml6r.dll
09/12/2009 3:07:51 AM 24064 32 C:\WINDOWS\System32\nshhttp.dll
20/10/2009 2:04:56 AM 3502152 32 C:\WINDOWS\System32\ntkrnlpa.exe
20/10/2009 2:04:55 AM 3467864 32 C:\WINDOWS\System32\ntoskrnl.exe
09/12/2009 3:10:38 AM 102912 32 C:\WINDOWS\System32\occache.dll
09/12/2009 3:10:37 AM 44544 32 C:\WINDOWS\System32\pngfilt.dll
20/10/2009 2:03:01 AM 292352 32 C:\WINDOWS\System32\psisdecd.dll
20/10/2009 2:03:01 AM 217088 32 C:\WINDOWS\System32\psisrndr.ax
09/12/2009 3:01:42 AM 274432 32 C:\WINDOWS\System32\raschap.dll
09/12/2009 3:01:41 AM 232960 32 C:\WINDOWS\System32\rastls.dll
28/10/2009 8:01:46 PM 7680 32 C:\WINDOWS\System32\spwmp.dll
26/11/2009 3:03:40 AM 713728 32 C:\WINDOWS\System32\timedate.cpl
26/11/2009 3:04:38 AM 2048 32 C:\WINDOWS\System32\tzres.dll
28/10/2009 8:01:41 PM 311296 32 C:\WINDOWS\System32\unregmp2.exe
09/12/2009 3:10:37 AM 1168384 32 C:\WINDOWS\System32\urlmon.dll
12/11/2009 3:02:55 AM 2031104 32 C:\WINDOWS\System32\win32k.sys
09/12/2009 3:11:51 AM 378368 32 C:\WINDOWS\System32\winhttp.dll
09/12/2009 3:10:49 AM 832512 32 C:\WINDOWS\System32\wininet.dll
28/10/2009 8:01:47 PM 10622464 32 C:\WINDOWS\System32\wmp.dll
28/10/2009 8:01:47 PM 8147968 32 C:\WINDOWS\System32\wmploc.DLL
18/10/2009 2:38:20 PM 604672 32 C:\WINDOWS\System32\WMSPDMOD.DLL
12/11/2009 3:01:34 AM 321536 32 C:\WINDOWS\System32\WSDApi.dll
27/10/2009 6:39:40 AM 575704 32 C:\WINDOWS\System32\wuapi.dll
27/10/2009 6:39:13 AM 33792 32 C:\WINDOWS\System32\wuapp.exe
27/10/2009 6:40:11 AM 53472 32 C:\WINDOWS\System32\wuauclt.exe
27/10/2009 6:40:11 AM 1929952 32 C:\WINDOWS\System32\wuaueng.dll
27/10/2009 6:40:11 AM 2421760 32 C:\WINDOWS\System32\wucltux.dll
27/10/2009 6:39:41 AM 87552 32 C:\WINDOWS\System32\wudriver.dll
27/10/2009 6:39:40 AM 35552 32 C:\WINDOWS\System32\wups.dll
27/10/2009 6:40:11 AM 44768 32 C:\WINDOWS\System32\wups2.dll
27/10/2009 6:39:13 AM 171608 32 C:\WINDOWS\System32\wuwebv.dll
====== "\Administrator\Startup" Last 60 Days======
====== "\All Users\Startup" Last 60 Days======
====== "\Program Files" Last 60 Days======
22/10/2009 1:10:11 PM 2221118 C:\Program Files\Apple Software Update
14/12/2009 1:21:37 AM 1692651 C:\Program Files\Automated Content Enhancer
22/10/2009 1:12:22 PM 390387 C:\Program Files\Bonjour
14/12/2009 1:22:05 AM 2396443 C:\Program Files\Content Management Wizard
14/12/2009 1:21:45 AM 1689351 C:\Program Files\Customized Platform Advancer
05/12/2009 2:24:32 AM 1926592 C:\Program Files\DAEMON Tools Toolbar
27/10/2009 7:56:42 PM 4152518 C:\Program Files\DivX
14/12/2009 1:21:15 AM 0 C:\Program Files\Gameztar Toolbar
14/12/2009 1:21:54 AM 3201028 C:\Program Files\Internet Today
22/10/2009 1:13:09 PM 1582699 C:\Program Files\iPod
22/10/2009 1:13:06 PM 111963019 C:\Program Files\iTunes
04/12/2009 9:56:46 PM 378157702 C:\Program Files\Nero
14/12/2009 1:22:30 AM 750192 C:\Program Files\QuestService
22/10/2009 1:11:16 PM 79277715 C:\Program Files\QuickTime
14/12/2009 1:22:17 AM 1127954 C:\Program Files\Textual Content Provider
14/12/2009 5:43:42 PM 401781 C:\Program Files\TrendMicro
14/12/2009 1:21:33 AM 1673833 C:\Program Files\Web Search Operator
01/11/2009 7:11:48 PM 431104 C:\Program Files\WinAce
13/11/2009 9:46:53 PM 8345177 C:\Program Files\WinSCP
======"Drivers" Modified Last 60 Days======
09/12/2009 3:07:52 AM 396800 32 C:\WINDOWS\System32\drivers\http.sys
05/12/2009 2:23:47 AM 691696 32 C:\WINDOWS\System32\drivers\sptd.sys
18/10/2009 2:39:01 PM 130048 32 C:\WINDOWS\System32\drivers\srv2.sys
====== Files Deleted under "%Temp%" ======
3 Files deleted
======"All Users\Application Data" Last 60 Days======
====== HKLM\~\ShellServiceObjectDelayLoad======
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll
====== HKLM\~\SharedTaskScheduler======
Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\system32\browseui.dll
======HKLM\~\msconfig\startupreg======
HKLM\Software\microsoft\shared tools\msconfig\startupreg\
====== Services ( Services that are Whitelisted are not shown) ======
adp94xx (adp94xx)- C:\Windows\system32\drivers\adp94xx.sys - Disabled/Stopped
adpahci (adpahci)- C:\Windows\system32\drivers\adpahci.sys - Disabled/Stopped
amdide (amdide)- C:\Windows\system32\drivers\amdide.sys - Disabled/Stopped
arcsas (arcsas)- C:\Windows\system32\drivers\arcsas.sys - Disabled/Stopped
BCM43XV (Broadcom Extensible 802.11 Network Adapter Driver)- C:\Windows\system32\DRIVERS\bcmwl6.sys - Manual/Stopped
bowser (Bowser)- C:\Windows\system32\DRIVERS\bowser.sys - Manual/Stopped
BrFiltLo (Brother USB Mass-Storage Lower Filter Driver)- C:\Windows\system32\drivers\brfiltlo.sys - Manual/Stopped
BrFiltUp (Brother USB Mass-Storage Upper Filter Driver)- C:\Windows\system32\drivers\brfiltup.sys - Manual/Stopped
Brserid (Brother MFC Serial Port Interface Driver (WDM))- C:\Windows\system32\drivers\brserid.sys - Disabled/Stopped
BrSerWdm (Brother WDM Serial driver)- C:\Windows\system32\drivers\brserwdm.sys - Disabled/Stopped
BrUsbMdm (Brother MFC USB Fax Only Modem)- C:\Windows\system32\drivers\brusbmdm.sys - Disabled/Stopped
BrUsbSer (Brother MFC USB Serial WDM Driver)- C:\Windows\system32\drivers\brusbser.sys - Manual/Stopped
circlass (Consumer IR Devices)- C:\Windows\system32\drivers\circlass.sys - Disabled/Stopped
CLFS (Common Log (CLFS))- C:\Windows\system32\CLFS.sys - Boot/Running
Crusoe (Transmeta Crusoe Processor Driver)- C:\Windows\system32\drivers\crusoe.sys - Disabled/Stopped
DfsC (Dfs Client Driver)- C:\Windows\system32\Drivers\dfsc.sys - System/Stopped
DXGKrnl (LDDM Graphics Subsystem)- C:\Windows\system32\drivers\dxgkrnl.sys - Manual/Stopped
E100B (Intel(R) PRO Adapter Driver)- C:\Windows\system32\DRIVERS\e100b325.sys - Manual/Stopped
E1G60 (Intel(R) PRO/1000 NDIS 6 Adapter Driver)- C:\Windows\system32\DRIVERS\E1G60I32.sys - Manual/Stopped
eabfiltr (eabfiltr)- C:\Windows\system32\DRIVERS\eabfiltr.sys - System/Stopped
Ecache (ReadyBoost Caching Driver)- C:\Windows\system32\drivers\ecache.sys - Boot/Running
elxstor (elxstor)- C:\Windows\system32\drivers\elxstor.sys - Disabled/Stopped
FileInfo (File Information FS MiniFilter)- C:\Windows\system32\drivers\fileinfo.sys - Boot/Running
Filetrace (FileTrace)- C:\Windows\system32\drivers\filetrace.sys - Manual/Stopped
gagp30kx (Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms)- C:\Windows\system32\drivers\gagp30kx.sys - Manual/Stopped
HBtnKey (HBtnKey)- C:\Windows\system32\DRIVERS\cpqbttn.sys - Manual/Running
HidBth (Microsoft Bluetooth HID Miniport)- C:\Windows\system32\drivers\hidbth.sys - Disabled/Stopped
HidIr (Microsoft Infrared HID Driver)- C:\Windows\system32\drivers\hidir.sys - Disabled/Stopped
HpCISSs (HpCISSs)- C:\Windows\system32\drivers\hpcisss.sys - Disabled/Stopped
HSFHWAZL (HSFHWAZL)- C:\Windows\system32\DRIVERS\VSTAZL3.SYS - Manual/Stopped
HSF_DPV (HSF_DPV)- C:\Windows\system32\DRIVERS\VSTDPV3.SYS - Manual/Stopped
iaStor (Intel AHCI Controller)- C:\Windows\system32\DRIVERS\iaStor.sys - Boot/Running
iaStorV (Intel RAID Controller Vista)- C:\Windows\system32\drivers\iastorv.sys - Disabled/Stopped
igfx (igfx)- C:\Windows\system32\DRIVERS\igdkmd32.sys - Manual/Stopped
IPMIDRV (IPMIDRV)- C:\Windows\system32\drivers\ipmidrv.sys - Disabled/Stopped
iScsiPrt (iScsiPort Driver)- C:\Windows\system32\DRIVERS\msiscsi.sys - Manual/Running
iteatapi (ITEATAPI_Service_Install)- C:\Windows\system32\drivers\iteatapi.sys - Disabled/Stopped
iteraid (ITERAID_Service_Install)- C:\Windows\system32\drivers\iteraid.sys - Disabled/Stopped
lltdio (Link-Layer Topology Discovery Mapper I/O Driver)- C:\Windows\system32\DRIVERS\lltdio.sys - Auto/Stopped
LSI_FC (LSI_FC)- C:\Windows\system32\drivers\lsi_fc.sys - Disabled/Stopped
LSI_SAS (LSI_SAS)- C:\Windows\system32\drivers\lsi_sas.sys - Disabled/Stopped
LSI_SCSI (LSI_SCSI)- C:\Windows\system32\drivers\lsi_scsi.sys - Disabled/Stopped
luafv (UAC File Virtualization)- C:\Windows\system32\drivers\luafv.sys - Auto/Stopped
megasas (megasas)- C:\Windows\system32\drivers\megasas.sys - Disabled/Stopped
mpio (Microsoft Multi-Path Bus Driver)- C:\Windows\system32\drivers\mpio.sys - Disabled/Stopped
mpsdrv (Windows Firewall Authorization Driver)- C:\Windows\system32\drivers\mpsdrv.sys - Manual/Stopped
mrxsmb10 (SMB 1.x MiniRedirector)- C:\Windows\system32\DRIVERS\mrxsmb10.sys - Manual/Stopped
mrxsmb20 (SMB 2.0 MiniRedirector)- C:\Windows\system32\DRIVERS\mrxsmb20.sys - Manual/Stopped
msahci (msahci)- C:\Windows\system32\drivers\msahci.sys - Disabled/Stopped
msdsm (Microsoft Multi-Path Device Specific Module)- C:\Windows\system32\drivers\msdsm.sys - Disabled/Stopped
msisadrv (ISA/EISA Class Driver)- C:\Windows\system32\drivers\msisadrv.sys - Boot/Running
MsRPC (MsRPC)- C:\Windows\system32\drivers\MsRPC.sys - Manual/Stopped
NativeWifiP (NativeWiFi Filter)- C:\Windows\system32\DRIVERS\nwifi.sys - Manual/Stopped
NETw3v32 (Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit)- C:\Windows\system32\DRIVERS\NETw3v32.sys - Manual/Stopped
NETw4v32 (Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit)- C:\Windows\system32\DRIVERS\NETw4v32.sys - Manual/Stopped
NETw5v32 (Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit)- C:\Windows\system32\DRIVERS\NETw5v32.sys - Manual/Stopped
nfrd960 (nfrd960)- C:\Windows\system32\drivers\nfrd960.sys - Disabled/Stopped
nsiproxy (NSI proxy service)- C:\Windows\system32\drivers\nsiproxy.sys - System/Stopped
ntrigdigi (N-trig HID Tablet Driver)- C:\Windows\system32\drivers\ntrigdigi.sys - Disabled/Stopped
nvlddmkm (nvlddmkm)- C:\Windows\system32\DRIVERS\nvlddmkm.sys - Manual/Stopped
nvstor (nvstor)- C:\Windows\system32\drivers\nvstor.sys - Disabled/Stopped
PEAUTH (PEAUTH)- C:\Windows\system32\drivers\peauth.sys - Auto/Stopped
ql2300 (QLogic Fibre Channel Miniport Driver)- C:\Windows\system32\drivers\ql2300.sys - Disabled/Stopped
ql40xx (QLogic iSCSI Miniport Driver)- C:\Windows\system32\drivers\ql40xx.sys - Disabled/Stopped
QWAVEdrv (QWAVE driver)- C:\Windows\system32\drivers\qwavedrv.sys - Manual/Stopped
RDPENCDD (RDP Encoder Mirror Driver)- C:\Windows\system32\drivers\rdpencdd.sys - System/Stopped
rimmptsk (rimmptsk)- C:\Windows\system32\DRIVERS\rimmptsk.sys - Auto/Running
rimsptsk (rimsptsk)- C:\Windows\system32\DRIVERS\rimsptsk.sys - Auto/Running
rismxdp (Ricoh xD-Picture Card Driver)- C:\Windows\system32\DRIVERS\rixdptsk.sys - Auto/Running
rspndr (Link-Layer Topology Discovery Responder)- C:\Windows\system32\DRIVERS\rspndr.sys - Auto/Stopped
RTL8169 (Realtek 8169 NT Driver)- C:\Windows\system32\DRIVERS\Rtlh86.sys - Manual/Stopped
sbp2port (SBP-2 Transport/Protocol Bus Driver)- C:\Windows\system32\drivers\sbp2port.sys - Disabled/Stopped
SCDEmu (SCDEmu)- C:\Windows\system32\drivers\SCDEmu.sys - System/Stopped
sdbus (sdbus)- C:\Windows\system32\DRIVERS\sdbus.sys - Manual/Stopped
sermouse (Serial Mouse Driver)- C:\Windows\system32\drivers\sermouse.sys - Disabled/Stopped
sffdisk (SFF Storage Class Driver)- C:\Windows\system32\DRIVERS\sffdisk.sys - Manual/Stopped
sffp_mmc (SFF Storage Protocol Driver for MMC)- C:\Windows\system32\drivers\sffp_mmc.sys - Manual/Stopped
sffp_sd (SFF Storage Protocol Driver for SDBus)- C:\Windows\system32\DRIVERS\sffp_sd.sys - Manual/Stopped
SiSRaid2 (SiSRaid2)- C:\Windows\system32\drivers\sisraid2.sys - Disabled/Stopped
SiSRaid4 (SiSRaid4)- C:\Windows\system32\drivers\sisraid4.sys - Disabled/Stopped
smserial (smserial)- C:\Windows\system32\DRIVERS\smserial.sys - Manual/Stopped
spldr (Security Processor Loader Driver)- C:\Windows\system32\drivers\spldr.sys - Boot/Stopped
srv2 (srv2)- C:\Windows\system32\DRIVERS\srv2.sys - Manual/Stopped
srvnet (srvnet)- C:\Windows\system32\DRIVERS\srvnet.sys - Manual/Stopped
SynTP (Synaptics TouchPad Driver)- C:\Windows\system32\DRIVERS\SynTP.sys - Manual/Running
Tcpip6 (Microsoft IPv6 Protocol Driver)- C:\Windows\system32\DRIVERS\tcpip.sys - Manual/Stopped
tcpipreg (TCP/IP Registry Compatibility)- C:\Windows\system32\drivers\tcpipreg.sys - Auto/Stopped
tdx (NetIO Legacy TDI Support Driver)- C:\Windows\system32\DRIVERS\tdx.sys - System/Stopped
tssecsrv (Terminal Services Security Filter Driver)- C:\Windows\system32\DRIVERS\tssecsrv.sys - Manual/Stopped
tunmp (Microsoft Tun Miniport Adapter Driver)- C:\Windows\system32\DRIVERS\tunmp.sys - Manual/Stopped
tunnel (Microsoft IPv6 Tunnel Miniport Adapter Driver)- C:\Windows\system32\DRIVERS\tunnel.sys - Manual/Stopped
uagp35 (Microsoft AGPv3.5 Filter)- C:\Windows\system32\drivers\uagp35.sys - Manual/Stopped
uliagpkx (Uli AGP Bus Filter)- C:\Windows\system32\drivers\uliagpkx.sys - Manual/Stopped
uliahci (uliahci)- C:\Windows\system32\drivers\uliahci.sys - Disabled/Stopped
UlSata (UlSata)- C:\Windows\system32\drivers\ulsata.sys - Disabled/Stopped
ulsata2 (ulsata2)- C:\Windows\system32\drivers\ulsata2.sys - Disabled/Stopped
umbus (UMBus Enumerator Driver)- C:\Windows\system32\DRIVERS\umbus.sys - Manual/Running
USBAAPL (Apple Mobile USB Driver)- C:\Windows\system32\Drivers\usbaapl.sys - Manual/Stopped
usbcir (eHome Infrared Receiver (USBCIR))- C:\Windows\system32\drivers\usbcir.sys - Disabled/Stopped
usbvideo (USB Video Device (WDM))- C:\Windows\system32\Drivers\usbvideo.sys - Manual/Stopped
USB_RNDIS (RCA Digital Cable Modem)- C:\Windows\system32\DRIVERS\usb8023.sys - Manual/Stopped
ViaC7 (VIA C7 Processor Driver)- C:\Windows\system32\drivers\viac7.sys - Disabled/Stopped
volmgr (Volume Manager Driver)- C:\Windows\system32\drivers\volmgr.sys - Boot/Running
volmgrx (Dynamic Volume Manager)- C:\Windows\system32\drivers\volmgrx.sys - Boot/Running
vsmraid (vsmraid)- C:\Windows\system32\drivers\vsmraid.sys - Disabled/Stopped
WacomPen (Wacom Serial Pen HID Driver)- C:\Windows\system32\drivers\wacompen.sys - Disabled/Stopped
Wanarpv6 (Remote Access IPv6 ARP Driver)- C:\Windows\system32\DRIVERS\wanarp.sys - System/Stopped
Wdf01000 (Kernel Mode Driver Frameworks service)- C:\Windows\system32\drivers\Wdf01000.sys - Boot/Running
WmiAcpi (Microsoft Windows Management Interface for ACPI)- C:\Windows\system32\DRIVERS\wmiacpi.sys - Manual/Running
WpdUsb (WpdUsb)- C:\Windows\system32\DRIVERS\wpdusb.sys - Manual/Stopped
====== Uninstall List ======
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 ActiveX
BitComet 1.16
Acrobat.com
DAEMON Tools Toolbar
Microsoft Office Enterprise 2007
Intel(R) Graphics Media Accelerator Driver
HP Photosmart Essential 2.0
LimeWire 5.3.6
Microsoft .NET Framework 3.5 SP1
MpcStar 4.2
McAfee SecurityCenter
McAfee SecurityCenter
McAfee SecurityCenter
McAfee SecurityCenter
McAfee SecurityCenter
McAfee SecurityCenter
McAfee SecurityCenter
McAfee SecurityCenter
RCA Digital Cable Modem
Netscape Navigator (9.0.0.6)
NVIDIA Drivers
PowerISO
QuestService 1.0 build 129
Adobe Flash Player 9 ActiveX
Motorola SM56 Speakerphone Modem
Synaptics Pointing Device Driver
My HP Games
WinAce Archiver
WinSCP 4.2.4 beta
WordWeb Pro
WordWeb Pro
WordWeb Pro
WordWeb Pro
WordWeb Pro
WordWeb Pro
WordWeb Pro
WordWeb Pro
WordWeb Pro
WordWeb Pro
WordWeb Pro
WordWeb Pro
WordWeb Pro
WordWeb Pro
WordWeb Pro
WordWeb Pro
WordWeb Pro
WordWeb Pro
WordWeb Pro
WordWeb Pro
WordWeb Pro
WordWeb Pro
WordWeb Pro
WordWeb Pro
WordWeb Pro
WordWeb Pro
WordWeb Pro
WordWeb Pro
WordWeb Pro
WordWeb Pro
WordWeb Pro
Bonjour
HiJackThis
HP Doc Viewer
muvee autoProducer 6.0
Apple Application Support
Adobe Flash Player 10 Plugin
ESU for Microsoft Vista
AeroSnap 0.61
HPNetworkAssistant
Nero 7 Ultra Edition
ActiveCheck component for HP Active Support Library
HP Active Support Library
Java(TM) SE Runtime Environment 6
HP Quick Launch Buttons 6.20 B1
Roxio Activation Module
Max Payne
MSCU for Microsoft Vista
HP Easy Setup - Frontend
HP QuickPlay 3.2
Skype web features
HP User Guides 0056
HPAsset component for HP Active Support Library
Apple Software Update
Microsoft Works
Acrobat.com
VC80CRTRedist - 8.0.50727.762
MSXML 4.0 SP2 (KB954430)
HP Update
Microsoft Office Access MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
HP Help and Support
Intel Matrix Storage Manager
Adobe AIR
QuickTime
Microsoft Visual C++ 2005 Redistributable
Apple Mobile Device Support
HP Customer Experience Enhancements
Adobe Acrobat 9 Pro - English, Français, Deutsch
DivX Web Player
Microsoft .NET Framework 3.5 SP1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Skype™ 4.1
HP Wireless Assistant
iTunes
Max Payne 2
Realtek High Definition Audio Driver
MSXML 4.0 SP2 (KB973688)
HP Active Support Library 32 bit components
======== Other Info ========
TOTAL PHYSICAL RAM: 2145 MB
Boot Info
OS Type: Microsoft® Windows Vista™ Home Premium
Build: 6.0.6000
Service Pack: 0.0
====== Files with Hidden Attributes======
C:\IO.SYS
C:\MSDOS.SYS
C:\pagefile.sys
C:\boot\bootstat.dat
==End of Report==
bamajim
10.4K Posts
0
December 17th, 2009 07:00
Please download Malwarebytes' Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
alex.anton
4 Posts
0
December 17th, 2009 14:00
bamajim,
Did what you told me. This is the MBAM log:
Malwarebytes' Anti-Malware 1.42
Database version: 3382
Windows 6.0.6000
Internet Explorer 7.0.6000.16945
17/12/2009 4:56:33 PM
mbam-log-2009-12-17 (16-56-33).txt
Scan type: Quick Scan
Objects scanned: 100126
Time elapsed: 8 minute(s), 49 second(s)
Memory Processes Infected: 2
Memory Modules Infected: 10
Registry Keys Infected: 48
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 33
Files Infected: 74
Memory Processes Infected:
C:\ProgramData\QuestService\questservice129.exe (Adware.DoubleD) -> Unloaded process successfully.
C:\Program Files\QuestService\questservice.exe (Adware.DoubleD) -> Unloaded process successfully.
Memory Modules Infected:
C:\Program Files\Content Management Wizard\1.1.0.1990\CMWIE.dll (Adware.Agent) -> Delete on reboot.
C:\Program Files\Customized Platform Advancer\4.1.0.1850\CPAIEAddOn.dll (Adware.Agent) -> Delete on reboot.
C:\Program Files\Web Search Operator\4.1.0.1990\WSO.dll (Adware.Agent) -> Delete on reboot.
C:\Program Files\Textual Content Provider\1.1.0.1810\TCPIE.dll (Adware.Agent) -> Delete on reboot.
C:\Program Files\Automated Content Enhancer\4.1.0.5260\ACEIEAddOn.dll (Adware.Agent) -> Delete on reboot.
C:\Program Files\Web Search Operator\4.1.0.1990\WSOCommon.dll (Adware.Agent) -> Delete on reboot.
C:\Program Files\Automated Content Enhancer\4.1.0.5260\ACECommon.dll (Adware.Agent) -> Delete on reboot.
C:\Program Files\Automated Content Enhancer\4.1.0.5260\lri.dll (Adware.Agent) -> Delete on reboot.
C:\Program Files\Customized Platform Advancer\4.1.0.1850\CPACommon.dll (Adware.Agent) -> Delete on reboot.
C:\Program Files\QuestService\questservice.dll (Adware.DoubleD) -> Delete on reboot.
Registry Keys Infected:
HKEY_CLASSES_ROOT\explorerbar.cmw (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{f5b8c69c-9b45-4a6a-9380-df225c546ae7} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{629cd6c2-e4c5-4554-aeb8-12e4e2cd40ff} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.cmw.1 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funexplorer (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funexplorer.1 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.tcp (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{2a743834-05f4-4ed4-8a1c-41332b10ac0c} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1081d532-7de4-40bd-b912-388fa6b27c78} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Explorer\Bars\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.tcp.1 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{565dd573-549e-4da9-8cd7-6ae3df25339a} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3de88beb-f271-484a-ba71-01d30f439f0c} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{50ad41d2-b1f0-47cc-9ea7-395355eaeebd} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8ceb185e-81a5-46d3-bc20-c555d605afbd} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a72522ba-9ff3-4c83-abc6-9b476728a396} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c5762628-ae15-4ca6-96c4-b00dd17f3419} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d062e03e-65ca-49e4-9b15-31938ba98922} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Explorer\Bars\{b72681c0-a222-4b21-a0e2-53a5a5ca3d411} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\questservice (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AppDataLow\SOFTWARE\Internet Today (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\QuestService (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\QuestService Service (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{8141440e-08f0-4339-9959-5c31c6a69f23} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{e63605fc-d583-4c81-867f-9457bdb3ea1b} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{e889f097-b0be-471b-89ad-b86b6f04b506} (Adware.DoubleD) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\Internet Today (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Internet Today\1.1.0.1260 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.1990 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.1990\Data (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.1990\FF (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.1990\FF\chrome (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.1990\FF\chrome\content (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.1990\FF\components (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider\1.1.0.1810 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider\1.1.0.1810\data (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5260 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5260\Data (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5260\FF (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5260\FF\chrome (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5260\FF\chrome\content (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5260\FF\components (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\4.1.0.1850 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\4.1.0.1850\Data (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\4.1.0.1850\FF (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\4.1.0.1850\FF\chrome (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\4.1.0.1850\FF\chrome\content (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\4.1.0.1850\FF\components (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Content Management Wizard (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Content Management Wizard\1.1.0.1990 (Adware.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\QuestService (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\QuestService (Adware.DoubleD) -> Delete on reboot.
C:\Users\user\Local Settings\Application Data\Internet Today (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Users\user\Local Settings\Application Data\Web Search Operator (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Users\user\Local Settings\Application Data\Web Search Operator\4.1.0.1990 (Adware.DoubleD) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\Content Management Wizard\1.1.0.1990\CMWIE.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\4.1.0.1850\CPAIEAddOn.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.1990\WSO.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider\1.1.0.1810\TCPIE.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5260\ACEIEAddOn.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\Low\7392.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Program Files\Internet Today\1.1.0.1260\InternetToday.ico (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Internet Today\1.1.0.1260\InternetToday.skf (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Internet Today\1.1.0.1260\mfc80.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Internet Today\1.1.0.1260\Microsoft.VC80.MFC.manifest (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Internet Today\1.1.0.1260\SkinCrafterDll.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Internet Today\1.1.0.1260\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Internet Today\1.1.0.1260\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.1990\lri.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.1990\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.1990\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.1990\WSOCommon.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.1990\Data\config.md (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.1990\FF\chrome.manifest (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.1990\FF\install.rdf (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.1990\FF\chrome\WSOAddOn.jar (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.1990\FF\chrome\content\WSOAddOn.js (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.1990\FF\chrome\content\WSOAddOn.xul (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.1990\FF\components\WSOFFAddOn.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.1990\FF\components\WSOFFAddOn.xpt (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.1990\FF\components\WSOFFHelperComponent.js (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider\1.1.0.1810\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider\1.1.0.1810\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider\1.1.0.1810\data\pxtmpdata.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider\1.1.0.1810\data\TP_Config.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider\1.1.0.1810\data\TP_Data.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider\1.1.0.1810\data\TP_DomainExcludeList.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider\1.1.0.1810\data\TP_DomainInterval.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider\1.1.0.1810\data\TP_KeywordInterval.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5260\ACECommon.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5260\lri.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5260\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5260\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5260\Data\config.md (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5260\FF\chrome.manifest (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5260\FF\install.rdf (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5260\FF\chrome\ACEAddOn.jar (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5260\FF\chrome\content\ACEAddOn.js (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5260\FF\chrome\content\ACEAddOn.xul (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5260\FF\components\ACEFFAddOn.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5260\FF\components\ACEFFAddOn.xpt (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5260\FF\components\ACEFFHelperComponent.js (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\4.1.0.1850\CPACommon.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\4.1.0.1850\lri.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\4.1.0.1850\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\4.1.0.1850\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\4.1.0.1850\Data\config.md (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\4.1.0.1850\FF\chrome.manifest (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\4.1.0.1850\FF\install.rdf (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\4.1.0.1850\FF\chrome\CPAAddOn.jar (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\4.1.0.1850\FF\chrome\content\CPAAddOn.js (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\4.1.0.1850\FF\chrome\content\CPAAddOn.xul (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\4.1.0.1850\FF\components\CPAFFAddOn.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\4.1.0.1850\FF\components\CPAFFAddOn.xpt (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\4.1.0.1850\FF\components\CPAFFHelperComponent.js (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Content Management Wizard\1.1.0.1990\cmwsh.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Content Management Wizard\1.1.0.1990\config.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Content Management Wizard\1.1.0.1990\data.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Content Management Wizard\1.1.0.1990\exclude.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Content Management Wizard\1.1.0.1990\LRI.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Content Management Wizard\1.1.0.1990\MatchingData.zd5 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Content Management Wizard\1.1.0.1990\pxtmpdata.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Content Management Wizard\1.1.0.1990\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Content Management Wizard\1.1.0.1990\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\QuestService\questservice129.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\QuestService\questservice.dll (Adware.DoubleD) -> Delete on reboot.
C:\Program Files\QuestService\questservice.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\QuestService\uninstall.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Users\user\Local Settings\Application Data\Web Search Operator\4.1.0.1990\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
bamajim
10.4K Posts
0
December 18th, 2009 09:00
Good work. Rerun Hijackthis and post a fresh Hijackthis log.
And in your reply tell how your pc is running at this point
alex.anton
4 Posts
0
December 18th, 2009 10:00
bamajim,
Thanks for the fast reply. The computer seems to work fine. There are no pop-ups in Internet Explorer, nor redirections of any sorts. This is the Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 1:19:36 PM, on 18/12/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Safe mode
Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=73&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=73&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: LimeWire On Startup.lnk = D:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: WordWeb Pro.lnk = D:\Program Files\WordWeb\wweb32.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
--
End of file - 11521 bytes
bamajim
10.4K Posts
0
December 18th, 2009 12:00
You are most welcome. Glad to hear things are well
You may now remove/delete/uninstall the tools we used to clean your PC
Now that your log is clean
There are some final notes:
Lets create a clean System Restore point:
To create a Clean System Restore Point in Vista
The System restore Window will open. Select Open System Protection
Another window will open, Hilite The C:\ Drive in the window
Then Select Create. Yet another window will open type in todays date 05262008 (or what ever you would like to remind you of this Restore Point) in the Create a restore point window.
Then Select Create. Windows will then create a restore point.
Once done you will receive notification that a System Restore point has been Created.
Close all the open widows and you are done.
Update your Anti Virus Software
Use and maintain a Firewall
Visit Microsoft's Windows Update Site Frequently for critical updates
Backup your Important Documents and Files on a regular basis
You may want to read this article" So how did I get infected in the first place" by Tony Klein
surf safe