Computer Hope

Software => Computer viruses and spyware => Topic started by: TriciaM on September 29, 2009, 05:11:30 PM

Title: Virus?
Post by: TriciaM on September 29, 2009, 05:11:30 PM
I've tried searching the threads for this and could not find it...

C:\\WINDOWS\ASSEMBLY\NativeImages|System.Web.Mobile.ni.dll

This is what my Virus scan is stuck on. It's been stuck there for hours....I'm wondering if anyone knows what this is ?  Some more info:

My computer has been slow the last several days.  If I visit websites (such as Ebay, other merchant sites), a message come up that says something like "True Vector has to shut down" (I'm pretty sure this is related to Zone Alarm.)   I've searched Zone Alarm's site for answers but cannot find anything. Any help is appreciated.
Title: Re: Virus?
Post by: harry 48 on September 29, 2009, 05:21:52 PM
http://www.computerhope.com/forum/index.php/topic,46313.0.html

go to above and complete post 3 logs here an expert will see them
Title: Re: Virus?
Post by: TriciaM on September 29, 2009, 05:30:48 PM
Ok. It looks like it's going to take a while....I'll be back tonight when my kids go to bed...I did look to see what pack I had, though. I have 3.

Thanks for the help.
Title: Re: Virus?
Post by: TriciaM on September 29, 2009, 08:18:34 PM
Is is correct to say that if I have SP3 installed that I am good-to-do in respect to the SPs ?
Title: Re: Virus?
Post by: TriciaM on September 30, 2009, 07:04:57 AM
**further info on the below problem** - I've since gotten an error message involving RAID or missing RAID.  This is after my computer shut down while running MBAM scan. Right before it shut down, MBAM scan was scanning and showing 7 infections. 

Thought I needed to post this...as I came across this while doing the MalWarebytes scan. I may be using the incorrect terms so please bear with me....

While conducting the MBAM scan, my computer abruptly "shut down".  I've seen this before...it gives me the black screen.  It gave me the error signature, then gives me the following:   C:\DOCUME~1\TRICIA~1\LOCALS~1\TEMP\WER122e.dir00\Mini093009-01.dmp

I had to turn my computer off by using the power button (wouldn't let me exit out of the black screen...).

Title: SUPERAntiSpyware scan log
Post by: TriciaM on September 30, 2009, 09:01:23 AM
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/30/2009 at 03:59 AM

Application Version : 4.29.1002

Core Rules Database Version : 4135
Trace Rules Database Version: 2068

Scan type       : Complete Scan
Total Scan Time : 02:55:16

Memory items scanned      : 625
Memory threats detected   : 0
Registry items scanned    : 6890
Registry threats detected : 13
File items scanned        : 103767
File threats detected     : 19

Trojan.WinFixer
   HKLM\Software\Classes\CLSID\{314C5152-F664-4A53-8FD4-109B82D866DF}
   HKCR\CLSID\{314C5152-F664-4A53-8FD4-109B82D866DF}
   HKCR\CLSID\{314C5152-F664-4A53-8FD4-109B82D866DF}\InprocServer32
   HKCR\CLSID\{314C5152-F664-4A53-8FD4-109B82D866DF}\InprocServer32#ThreadingModel
   C:\WINDOWS\SYSTEM32\SSTQP.DLL
   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{314C5152-F664-4A53-8FD4-109B82D866DF}
   HKU\S-1-5-21-186917913-2315771567-692555066-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{314C5152-F664-4A53-8FD4-109B82D866DF}

Adware.Vundo Variant
   HKU\S-1-5-21-186917913-2315771567-692555066-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E9BD0828-1FD9-410C-A50F-43EBE65D310F}

Adware.Tracking Cookie
   c:\documents and settings\tricia & roger\cookies\tricia_&[email protected][2].txt
   c:\documents and settings\tricia & roger\cookies\tricia & [email protected][1].txt
   c:\documents and settings\tricia & roger\cookies\tricia_&[email protected][1].txt
   c:\documents and settings\tricia & roger\cookies\tricia & [email protected][1].txt
   c:\documents and settings\tricia & roger\cookies\tricia_&_roger@countrywide[1].txt
   c:\documents and settings\tricia & roger\cookies\tricia_&[email protected][2].txt
   c:\documents and settings\tricia & roger\cookies\tricia_&[email protected][1].txt
   c:\documents and settings\tricia & roger\cookies\tricia_&[email protected][2].txt
   c:\documents and settings\tricia & roger\cookies\tricia_&[email protected][2].txt
   c:\documents and settings\tricia & roger\cookies\tricia_&[email protected][2].txt
   C:\Documents and Settings\Tricia & Roger\Cookies\tricia & [email protected]

Trojan.ZenoSearch
   C:\WINDOWS\system32\msnav32.ax

Trojan.Unknown Origin
   HKLM\Software\xpre
   HKLM\Software\xpre#execount

Adware.Vundo Variant/Rel
   HKLM\SOFTWARE\Microsoft\aoprndtws
   HKLM\SOFTWARE\Microsoft\FCOVM
   HKU\S-1-5-21-186917913-2315771567-692555066-1006\Software\Microsoft\aldd
   HKU\S-1-5-21-186917913-2315771567-692555066-1006\Software\Microsoft\rdfa
   C:\WINDOWS\SYSTEM32\PQTSS.BAK1
   C:\WINDOWS\SYSTEM32\PQTSS.BAK2
   C:\WINDOWS\SYSTEM32\PQTSS.INI
   C:\WINDOWS\SYSTEM32\PQTSS.INI2

Adware.ClickSpring/Yazzle
   C:\PROGRAM FILES\COMMON FILES\YAZZLE1281OINUNINSTALLER.EXE

Adware.ClickSpring/PuritySCAN
   C:\WINDOWS\SYSTEM32\WNSAPISV.EXE
Title: Re: Virus?
Post by: TriciaM on September 30, 2009, 09:32:40 AM
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:30:48 AM, on 9/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Brmfrmps.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\AppStream\WindowsClient\bin\AppMgrService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\Elmore Music Messenger.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\AppStream\WindowsClient\Bin\AppMgrGui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\Sniper.exe\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Road Runner High Speed Online
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\elnIE.dll
R3 - URLSearchHook: (no name) - ~37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - (no file)
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [AppMgrGui] C:\Program Files\AppStream\WindowsClient\bin\exeForService.exe
O4 - HKLM\..\Run: [Elmore Music Messenger] C:\WINDOWS\Elmore Music Messenger.exe
O4 - HKLM\..\Run: [eligmini] C:\Program Files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe 0
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Tricia & Roger\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - HKUS\S-1-5-18\..\RunOnce: [TBInfo] iexplore.exe "http://www.earthlink.net/go/elnktoolbarinstall" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [TBInfo] iexplore.exe "http://www.earthlink.net/go/elnktoolbarinstall" (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://support.broderbund.com
O15 - Trusted Zone: http://smartdownload.riverdeep.net
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/downloads/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5DA9D8E0-5A57-11CF-9E36-00C0930198C0} (Pegasus ImagN' 32-bit (Windowed) ActiveX Control v4.00) - http://www.ansonncrod.org/imw32o40.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136246925750
O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Maid Control) - http://vsp.closetmaid.com/vsp/cmaidctl_vsp.closetmaid.com_downloader.cab
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} (Whale Client Components) - https://portal.uspsoig.gov/InternalSite/WhlCompMgr.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9841D1AE-9C0B-11D3-9452-00105A098C21} (Pegasus PrintPRO Control v2.0) - http://www.ansonncrod.org/prntpro2.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.38.50/ttinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bw+0 - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {E11B92F2-2C05-42AD-BDE5-120D138B8CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ASWLNDLL - C:\WINDOWS\SYSTEM32\ASWLNDLL.dll
O20 - Winlogon Notify: sstqp - C:\WINDOWS\system32\sstqp.dll (file missing)
O23 - Service: AWE 5.1.0 Application Manager (AppMgrService) - AppStream Inc. - C:\Program Files\AppStream\WindowsClient\bin\AppMgrService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\SYSTEM32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: EarthLinkSafeConnectAgent - Unknown owner - C:\Program Files\EarthLink\EarthLink Protection Control Center\Sana\Bin\SanaAgent.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

--
End of file - 27106 bytes
Title: Re: Virus?
Post by: TriciaM on September 30, 2009, 09:34:12 AM
I was never able to complete the Malwarebytes Anti Malware scan.  That was when the shut-down (black screen) occurred. 

Thanks for the help !
Title: Re: Virus?
Post by: evilfantasy on September 30, 2009, 09:40:51 AM
Hello Tricia.

Download DDS from |HERE| (http://www.techsupportforum.com/sectools/sUBs/dds) or |HERE| (http://download.bleepingcomputer.com/sUBs/dds.scr) or |HERE| (http://www.forospyware.com/sUBs/dds) and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.
Title: Re: Virus?
Post by: TriciaM on September 30, 2009, 09:49:57 AM
That's funny. (And thank you for the help, by the way.....)  I was just at another thread reading those very instructions....

Thanks..and I'll do that now..
Title: Re: Virus?
Post by: TriciaM on September 30, 2009, 09:57:14 AM
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-09-29.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 11/29/2004 10:16:53 PM
System Uptime: 9/30/2009 11:17:13 AM (0 hours ago)

Motherboard: Dell Inc.           |  | 0J3492
Processor:               Intel(R) Pentium(R) 4 CPU 3.40GHz | Microprocessor | 3391/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 71 GiB total, 7.518 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\8072EBB4D100
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\8072EBB4D100
Service: NIC1394

==== System Restore Points ===================

RP1692: 8/28/2009 11:02:16 AM - System Checkpoint
RP1693: 8/28/2009 11:22:14 PM - Software Distribution Service 3.0
RP1694: 8/30/2009 12:57:55 AM - Software Distribution Service 3.0
RP1695: 8/30/2009 9:13:57 PM - Software Distribution Service 3.0
RP1696: 8/31/2009 11:20:17 PM - System Checkpoint
RP1697: 9/1/2009 12:01:16 AM - Software Distribution Service 3.0
RP1698: 9/1/2009 11:01:15 PM - Software Distribution Service 3.0
RP1699: 9/2/2009 3:00:23 AM - Software Distribution Service 3.0
RP1700: 9/2/2009 10:43:19 PM - Software Distribution Service 3.0
RP1701: 9/3/2009 10:56:53 PM - System Checkpoint
RP1702: 9/4/2009 3:00:27 AM - Software Distribution Service 3.0
RP1703: 9/5/2009 10:22:18 AM - System Checkpoint
RP1704: 9/5/2009 10:13:27 PM - Software Distribution Service 3.0
RP1705: 9/6/2009 10:54:17 PM - Software Distribution Service 3.0
RP1706: 9/7/2009 11:16:06 PM - System Checkpoint
RP1707: 9/8/2009 3:00:35 AM - Software Distribution Service 3.0
RP1708: 9/8/2009 10:00:22 PM - Software Distribution Service 3.0
RP1709: 9/9/2009 10:48:25 PM - System Checkpoint
RP1710: 9/9/2009 11:05:36 PM - Software Distribution Service 3.0
RP1711: 9/10/2009 11:14:55 PM - System Checkpoint
RP1712: 9/11/2009 3:00:22 AM - Software Distribution Service 3.0
RP1713: 9/12/2009 9:33:21 AM - System Checkpoint
RP1714: 9/13/2009 1:18:37 AM - Software Distribution Service 3.0
RP1715: 9/14/2009 2:28:17 AM - System Checkpoint
RP1716: 9/14/2009 3:00:19 AM - Software Distribution Service 3.0
RP1717: 9/15/2009 7:09:05 AM - System Checkpoint
RP1718: 9/16/2009 1:17:47 AM - Software Distribution Service 3.0
RP1719: 9/16/2009 9:28:37 PM - Software Distribution Service 3.0
RP1720: 9/17/2009 11:37:17 PM - System Checkpoint
RP1721: 9/18/2009 12:36:45 AM - Software Distribution Service 3.0
RP1722: 9/19/2009 1:15:52 AM - System Checkpoint
RP1723: 9/19/2009 3:00:21 AM - Software Distribution Service 3.0
RP1724: 9/20/2009 12:55:37 PM - System Checkpoint
RP1725: 9/21/2009 12:11:13 AM - Software Distribution Service 3.0
RP1726: 9/21/2009 10:49:13 PM - Software Distribution Service 3.0
RP1727: 9/22/2009 10:56:36 PM - Software Distribution Service 3.0
RP1728: 9/23/2009 10:37:47 PM - Software Distribution Service 3.0
RP1729: 9/24/2009 10:57:59 PM - System Checkpoint
RP1730: 9/25/2009 3:00:17 AM - Software Distribution Service 3.0
RP1731: 9/26/2009 7:54:34 AM - System Checkpoint
RP1732: 9/27/2009 12:05:25 AM - Software Distribution Service 3.0
RP1733: 9/27/2009 11:35:52 PM - Software Distribution Service 3.0
RP1734: 9/28/2009 11:56:12 PM - Software Distribution Service 3.0
RP1735: 9/29/2009 9:29:02 AM - Software Distribution Service 3.0
RP1736: 9/29/2009 1:40:25 PM - Software Distribution Service 3.0
RP1737: 9/29/2009 10:40:37 PM - Configured Barbie Girls
RP1738: 9/29/2009 10:43:04 PM - Removed InstallShield Restore Point
RP1739: 9/29/2009 10:47:59 PM - Configured iTunes
RP1740: 9/29/2009 10:55:27 PM - Removed Logitech Desktop Messenger
RP1741: 9/29/2009 10:59:34 PM - Removed NetZeroInstallers
RP1742: 9/29/2009 11:14:49 PM - Removed Windows Live Favorites for Windows Live Toolbar
RP1743: 9/29/2009 11:15:15 PM - Removed Windows Live installer
RP1744: 9/29/2009 11:16:08 PM - Removed Windows Live Messenger
RP1745: 9/29/2009 11:16:55 PM - Removed Windows Live Sign-in Assistant
RP1746: 9/29/2009 11:19:29 PM - Removed Windows Live Toolbar
RP1747: 9/30/2009 12:54:46 AM - Installed SUPERAntiSpyware Free Edition
RP1748: 9/30/2009 3:00:38 AM - Software Distribution Service 3.0
RP1749: 9/30/2009 11:05:47 AM - Installed Java(TM) 6 Update 16
RP1750: 9/30/2009 11:11:25 AM - Removed Java(TM) 6 Update 7

==== Installed Programs ======================

Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Photoshop Album 2.0
Adobe Reader 7.0.9
Adobe Shockwave Player 11
AppStream Technology Windows Edition Client
ATI Control Panel
ATI Display Driver
Banctec Service Agreement
Broadcom Advanced Control Suite 2
Brother MFL-Pro Suite
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera WIA Driver
Canon EOS 5D WIA Driver
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities Digital Photo Professional 3.4
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities Original Data Security Tools
Canon Utilities PhotoStitch
Canon Utilities Picture Style Editor
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities WFT-E1/E2/E3 Utility
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner (remove only)
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
Deal Info
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Media Experience
Dell Networking Guide
DellSupport
Disney's Toontown Online
Disney Toontown Online
EarthLink Accelerator
EarthLink Common Authentication
EarthLink MailBox
EarthLink Wireless High Speed
Easy-Link internet launch pad
Elmore Music Messenger
eMedia Guitar Method
GearDrvs
Get High Speed Internet!
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Updater
GuitarVision
Highlight Viewer (Windows Live Toolbar)
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Intel Application Accelerator
Intel(R) 537EP V9x DF PCI Modem
InterActual Player
Internet Explorer Default Page
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 16
Kid Pix Deluxe 4
Logitech QuickCam Software
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Encarta Encyclopedia Standard 2004
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Picture It! Photo Premium 9
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft Streets and Trips 2004
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Word 2002
Microsoft Works
Microsoft Works 2004 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Microsoft WSE 2.0 SP3 Runtime
Microsoft XML Parser
Mozilla Firefox (3.0.14)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Musicmatch for Windows Media Player
Musicmatch® Jukebox
PaperPort
PC Tune-Up
Pdf995
PdfEdit995
Picasa 3
Protection Control Center
QuickTime
RealPlayer
Redistributed Files
Road Runner Install
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Shockwave
Shutterfly Studio
Smart Menus (Windows Live Toolbar)
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
SoundMAX
SUPERAntiSpyware Free Edition
Symantec Technical Support Web Controls
System Requirements Lab
Tarzan Activity Center
TaxCut 2004
TaxCut Deluxe 2005
TaxCut Premium 2006
TiVo Desktop
TotalAccess Core Applications
Uninstall Dual Mode Camera
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VC 9.0 Runtime
Virtools 3D Life Player
Virtual Earth 3D (Beta)
Walmart MP3 Music Downloads
WebFldrs XP
Whale Communications' Client Components v3.6
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
Yahoo! Toolbar
ZoneAlarm Security Suite

==== Event Viewer Messages From Past Week ========

9/30/2009 9:45:05 AM, error: System Error [1003]  - Error code 00008086, parameter1 00000000, parameter2 00000000, parameter3 00000000, parameter4 00000000.
9/30/2009 8:12:08 AM, error: System Error [1003]  - Error code 1000007e, parameter1 c0000005, parameter2 f778aefa, parameter3 f7d0fba4, parameter4 f7d0f8a0.
9/30/2009 8:01:49 AM, error: iaStor [9]  - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
9/30/2009 11:51:20 AM, error: Service Control Manager [7016]  - The BrSplService service has reported an invalid current state 0.
9/30/2009 10:36:02 AM, error: PlugPlayManager [11]  - The device Root\LEGACY_INVOKER\0000 disappeared from the system without first being prepared for removal.
9/29/2009 9:54:47 AM, error: Service Control Manager [7034]  - The TrueVector Internet Monitor service terminated unexpectedly.  It has done this 1 time(s).
9/29/2009 9:16:28 PM, error: Service Control Manager [7034]  - The TrueVector Internet Monitor service terminated unexpectedly.  It has done this 8 time(s).
9/29/2009 7:38:44 PM, error: Service Control Manager [7034]  - The TrueVector Internet Monitor service terminated unexpectedly.  It has done this 7 time(s).
9/29/2009 2:05:30 PM, error: Service Control Manager [7034]  - The TrueVector Internet Monitor service terminated unexpectedly.  It has done this 6 time(s).
9/29/2009 12:55:20 PM, error: Service Control Manager [7034]  - The TrueVector Internet Monitor service terminated unexpectedly.  It has done this 4 time(s).
9/29/2009 12:18:06 PM, error: Service Control Manager [7034]  - The TrueVector Internet Monitor service terminated unexpectedly.  It has done this 3 time(s).
9/29/2009 11:57:42 AM, error: Service Control Manager [7034]  - The TrueVector Internet Monitor service terminated unexpectedly.  It has done this 2 time(s).
9/29/2009 11:27:38 PM, error: Service Control Manager [7034]  - The TrueVector Internet Monitor service terminated unexpectedly.  It has done this 9 time(s).
9/29/2009 11:15:23 PM, error: Service Control Manager [7023]  - The Application Management service terminated with the following error:  The specified module could not be found.
9/29/2009 1:14:25 PM, error: Service Control Manager [7034]  - The TrueVector Internet Monitor service terminated unexpectedly.  It has done this 5 time(s).

==== End Of File ===========================
Title: Re: Virus?
Post by: TriciaM on September 30, 2009, 09:58:13 AM
DDS (Ver_09-09-29.01) - NTFSx86 
Run by Tricia & Roger at 11:51:15.90 on Wed 09/30/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1022.454 [GMT -4:00]

AV: Authentium Antivirus *On-access scanning enabled* (Updated)   {A4E803B3-4E6E-4271-B1CD-56FBC0992D36}
AV: ZoneAlarm Security Suite Antivirus *On-access scanning enabled* (Updated)   {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Security Suite Firewall *enabled*   {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\SYSTEM32\Brmfrmps.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\AppStream\WindowsClient\bin\AppMgrService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\AppStream\WindowsClient\Bin\AppMgrGui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Tricia & Roger\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.rr.com/
uDefault_Page_URL = hxxp://start.earthlink.net
uSearch Bar = hxxp://start.earthlink.net/AL/Search
uDefault_Search_URL = hxxp://www.earthlink.net/partner/more/msie/button/search.html
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage}
uWindow Title = Road Runner High Speed Online
mSearchAssistant = hxxp://start.earthlink.net/AL/Search
uURLSearchHooks: SrchHook Class: {44f9b173-041c-4825-a9b9-d914bd9dcbb3} - c:\program files\earthlink totalaccess\elnIE.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: {656ec4b7-072b-4698-b504-2a414c1f0037} - IE_PopupBlocker Class
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: JunoBar: {5854fac4-5bf0-47dd-b5a9-a5ea8cff3cf4} - c:\program files\juno\Toolbar.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {C7768536-96F8-4001-B1A2-90EE21279187} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" boot
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [TivoTransfer] "c:\program files\common files\tivo shared\transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
uRun: [TivoNotify] "c:\program files\tivo\desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
uRun: [TivoServer] "c:\program files\tivo\desktop\TiVoServer.exe" /service /registry /auto:TivoServer
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
uRun: [Google Update] "c:\documents and settings\tricia & roger\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [E6TaskPanel] "c:\program files\earthlink totalaccess\TaskPanl.exe" -winstart
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [IAAnotif] c:\program files\intel\intel application accelerator\iaanotif.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [MimBoot] c:\progra~1\musicm~1\musicm~2\mimboot.exe
mRun: [LogitechCameraAssistant] c:\program files\logitech\video\CameraAssistant.exe
mRun: [LogitechVideo[inspector]] c:\program files\logitech\video\InstallHelper.exe /inspect
mRun: [LogitechCameraService(E)] c:\windows\system32\ElkCtrl.exe /automation
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [SetDefPrt] c:\program files\brother\brmfl04a\BrStDvPt.exe
mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
mRun: [AppMgrGui] c:\program files\appstream\windowsclient\bin\exeForService.exe
mRun: [Elmore Music Messenger] c:\windows\Elmore Music Messenger.exe
mRun: [eligmini] c:\program files\fisher-price\easy-link internet launch pad\Easy-Link internet launch pad.exe 0
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRunOnce: [TBInfo] iexplore.exe "http://www.earthlink.net/go/elnktoolbarinstall"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\status~1.lnk - c:\program files\brother\brmfcmon\BrMfcWnd.exe
uPolicies-system: DisableTaskMgr = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: c:\program files\earthlink totalaccess\accelerator\prplsf.dll
Trusted Zone: broderbund.com\support
Trusted Zone: mypublisher.com\www
Trusted Zone: riverdeep.net\smartdownload
Trusted Zone: uspsoig.gov\portal2003
Trusted Zone: musicmatch.com\online
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://activation.rr.com/install/downloads/tgctlcm.cab
DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} - hxxp://download.microsoft.com/download/7/0/7/707a44ad-52ad-49af-b7ef-e21b6b0656e4/VirtualEarth3D.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?LinkID=39204
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.costcophotocenter.com/CostcoActivia.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {5DA9D8E0-5A57-11CF-9E36-00C0930198C0} - hxxp://www.ansonncrod.org/imw32o40.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136246925750
DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} - hxxp://vsp.closetmaid.com/vsp/cmaidctl_vsp.closetmaid.com_downloader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} - hxxps://portal.uspsoig.gov/InternalSite/WhlCompMgr.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {9841D1AE-9C0B-11D3-9452-00105A098C21} - hxxp://www.ansonncrod.org/prntpro2.CAB
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {B49C4597-8721-4789-9250-315DFBD9F525} - hxxp://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - hxxp://a.download.toontown.com/sv1.0.38.50/ttinst.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: ASWLNDLL - ASWLNDLL.dll
Notify: sstqp - c:\windows\system32\sstqp.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tricia~1\applic~1\mozilla\firefox\profiles\10loo8z7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\tricia & roger\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa2.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npvirtools.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 APPSTREAM;APPSTREAM;c:\windows\system32\drivers\AppStream.sys [2007-5-13 115284]
R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2009-4-14 150544]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-9-15 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-15 74480]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-9-29 353672]
R2 AppMgrService;AWE 5.1.0 Application Manager;c:\program files\appstream\windowsclient\bin\AppMgrService.exe [2006-9-27 1990656]
R2 EarthLinkMonitor;EarthLink Monitor Service;c:\program files\earthlink totalaccess\wengine\wmonitor.exe [2005-1-26 65604]
R2 REGHOOK;REGHOOK;c:\windows\system32\drivers\RegHook.sys [2006-9-27 54879]
R2 TivoBeacon2;TiVo Beacon;c:\program files\common files\tivo shared\beacon\TiVoBeacon.exe [2006-7-11 857088]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R2 VSPD;VSPD;c:\windows\system32\drivers\VSPD.sys [2006-9-27 31321]
S3 ADSFilter;ADSFilter - (Aluria Filter Driver);c:\windows\system32\drivers\ADSFilter.sys [2007-8-3 57456]
S3 ADSMonitor;ADSMonitor - (EarthLink Monitor Driver);c:\windows\system32\drivers\ADSMonitor.sys [2007-8-3 38384]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\drivers\BW2NDIS5.SYS [2004-11-1 17536]
S3 EarthLinkSafeConnectDriver;EarthLinkSafeConnectDriver;\??\c:\program files\earthlink\earthlink protection control center\sana\driver\platform_xp\safeconnectdriver.sys --> c:\program files\earthlink\earthlink protection control center\sana\driver\platform_xp\SafeConnectDriver.sys [?]
S3 EarthLinkSafeConnectFilter;EarthLinkSafeConnectFilter;\??\c:\program files\earthlink\earthlink protection control center\sana\driver\platform_xp\safeconnectfilter.sys --> c:\program files\earthlink\earthlink protection control center\sana\driver\platform_xp\SafeConnectFilter.sys [?]
S3 EarthLinkSafeConnectShim;EarthLinkSafeConnectShim;\??\c:\program files\earthlink\earthlink protection control center\sana\driver\platform_xp\safeconnectshim.sys --> c:\program files\earthlink\earthlink protection control center\sana\driver\platform_xp\SafeConnectShim.sys [?]
S3 JL2005C;Dual Mode Camera;c:\windows\system32\drivers\jl2005c.sys [2007-3-24 62762]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-15 7408]
S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-9-28 1174664]

=============== Created Last 30 ================

2009-09-30 11:24   <DIR>   --d-----   c:\program files\Trend Micro
2009-09-30 11:13   272   a-------   c:\windows\_delis32.ini
2009-09-30 10:54   <DIR>   --d-----   c:\program files\SystemRequirementsLab
2009-09-30 10:36   294,912   a-------   c:\windows\system32\FlexEng.dll
2009-09-30 10:07   53,248   a-------   c:\windows\system32\CSVer.dll
2009-09-30 09:59   <DIR>   --d-----   C:\Intel
2009-09-30 08:00   <DIR>   --d-----   c:\docume~1\tricia~1\applic~1\Malwarebytes
2009-09-30 08:00   38,224   a-------   c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-30 08:00   19,160   a-------   c:\windows\system32\drivers\mbam.sys
2009-09-30 08:00   <DIR>   --d-----   c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-09-30 08:00   <DIR>   --d-----   c:\program files\Malwarebytes' Anti-Malware
2009-09-30 00:55   <DIR>   --d-----   c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-09-30 00:54   <DIR>   --d-----   c:\program files\SUPERAntiSpyware
2009-09-30 00:54   <DIR>   --d-----   c:\docume~1\tricia~1\applic~1\SUPERAntiSpyware.com
2009-09-29 23:41   <DIR>   --d-----   c:\program files\CCleaner
2009-09-09 21:57   153,088   --------   c:\windows\system32\dllcache\triedit.dll

==================== Find3M  ====================

2009-09-30 11:51   1,347,926,304   a--sh---   c:\windows\system32\drivers\fidbox.dat
2009-09-30 11:17   18,051,452   a--sh---   c:\windows\system32\drivers\fidbox.idx
2009-09-29 18:53   36,412   a-------   c:\docume~1\tricia~1\applic~1\wklnhst.dat
2009-09-20 22:00   80,720   a-------   c:\docume~1\tricia~1\applic~1\GDIPFONTCACHEV1.DAT
2009-09-15 06:49   4,212   a---h---   c:\windows\system32\zllictbl.dat
2009-08-05 05:01   204,800   a-------   c:\windows\system32\mswebdvd.dll
2009-08-05 05:01   204,800   --------   c:\windows\system32\dllcache\mswebdvd.dll
2009-07-31 15:23   411,368   a-------   c:\windows\system32\deploytk.dll
2009-07-19 18:48   11,067,392   --------   c:\windows\system32\dllcache\ieframe.dll
2009-07-19 09:18   5,937,152   --------   c:\windows\system32\dllcache\mshtml.dll
2009-07-17 15:01   58,880   a-------   c:\windows\system32\atl.dll
2009-07-17 15:01   58,880   --------   c:\windows\system32\dllcache\atl.dll
2009-07-13 23:43   286,208   a-------   c:\windows\system32\wmpdxm.dll
2009-07-13 23:43   286,208   a-------   c:\windows\system32\dllcache\wmpdxm.dll
2009-07-13 23:43   10,841,088   --------   c:\windows\system32\dllcache\wmp.dll
2009-07-10 09:27   1,315,328   --------   c:\windows\system32\dllcache\msoe.dll
2009-07-03 13:09   915,456   a-------   c:\windows\system32\wininet.dll
2009-07-03 13:09   915,456   --------   c:\windows\system32\dllcache\wininet.dll
2009-07-03 13:09   12,800   --------   c:\windows\system32\dllcache\xpshims.dll
2009-07-03 13:09   206,848   a-------   c:\windows\system32\dllcache\occache.dll
2009-07-03 13:09   1,208,832   --------   c:\windows\system32\dllcache\urlmon.dll
2009-07-03 13:09   594,432   a-------   c:\windows\system32\dllcache\msfeeds.dll
2009-07-03 13:09   55,296   a-------   c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-03 13:09   1,985,536   --------   c:\windows\system32\dllcache\iertutil.dll
2009-07-03 13:09   25,600   --------   c:\windows\system32\dllcache\jsproxy.dll
2009-07-03 13:09   184,320   a-------   c:\windows\system32\dllcache\iepeers.dll
2009-07-03 13:09   246,272   --------   c:\windows\system32\dllcache\ieproxy.dll
2009-07-03 13:09   386,048   --------   c:\windows\system32\dllcache\iedkcs32.dll
2009-07-03 07:01   173,056   --------   c:\windows\system32\dllcache\ie4uinit.exe
2008-10-08 16:30   32,768   ac-sh---   c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008100820081009\index.dat
2009-09-30 11:52   1,347,933,472   a--sh---   c:\windows\system32\drivers\fidbox.dat

============= FINISH: 11:52:44.90 ===============
Title: Re: Virus?
Post by: TriciaM on September 30, 2009, 01:20:35 PM
Ok. I tried the Malwarebytes' scan again. This time, it completed the scan with no problems.  Here is the log.  Also, do you know what the story is on "Authentium Anti-Virus" is ?  At one point, there was a pop up that I was running two different anti virus real time scans/protection.   We use Zone Alarm.

Malwarebytes' Anti-Malware 1.41
Database version: 2876
Windows 5.1.2600 Service Pack 3

9/30/2009 3:15:41 PM
mbam-log-2009-09-30 (15-15-35).txt

Scan type: Quick Scan
Objects scanned: 99416
Time elapsed: 1 hour(s), 24 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CAC (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
C:\WINDOWS\SYSTEM32\f02WtR (Malware.Trace) -> No action taken.

Files Infected:
C:\WINDOWS\SYSTEM32\ClickToFindandFixErrors_US.ico (Malware.Trace) -> No action taken.
C:\WINDOWS\SYSTEM32\mcrh.tmp (Malware.Trace) -> No action taken.
C:\WINDOWS\cookies.ini (Malware.Trace) -> No action taken.
Title: Re: Virus?
Post by: evilfantasy on September 30, 2009, 04:44:54 PM
http://www.authentium.com/mainv2/index.htm - Is a trusted software vendor. Someone must have installed it at some point and I di see it running but I don't see it installed. We will look for it and try to get it removed later.

The Malwarebytes log says No action taken after everything. Did you let MBAM fix everything after copying the log?

Please go to Add or Remove Programs and uninstall:

.
----------

Download Disable/Remove Windows Messenger (http://www.majorgeeks.com/DisableRemove_Windows_Messenger_d2327.html) to the desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the desktop.

----------

If you already have ComboFix be sure to delete it and download a new copy.

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link #2 (http://www.forospyware.com/sUBs/ComboFix.exe)

**Note:  It is important that it is saved directly to your Desktop

DO NOT run it yet!

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]
KillAll::

Driver::
Symantec Core LC

File::
c:\windows\_delis32.ini

DDS::
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {C7768536-96F8-4001-B1A2-90EE21279187} - No File
uPolicies-system: DisableTaskMgr = 1 (0x1)
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Notify: sstqp - c:\windows\system32\sstqp.dll


3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

(http://i154.photobucket.com/albums/s258/evilfantasy69/CFScript-1.gif)

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze
Title: Re: Virus?
Post by: TriciaM on September 30, 2009, 09:44:49 PM
I am at a standstill..after about 3 hrs of trying to install Adobe Reader (my system tells me the install abruptly shut down, but doesn't give reason...). I feel like I've run in circles.  Anyway, I went on to try to run Combofix. It stops, gives me a warning about running two anti-virus programs...tells me to shut them off. I turned off one. The other is the Authentium, which I have not downloaded knowingly.  It probably was "attached" to something else, just like McAfee tried to download itself when I downloaded some Adobe about an hour ago (McAfee was checked with the checkmark, and if you didn't see it, you would have downloaded it unknowingly right along with your Adobe update....). Well.....My virus protection is off....I can't cancel out Combofix or else it will start running again (and could damage my computer, according to the warning that is on my screen).  So....I think I'll just give up now ? LOL
Title: Re: Virus?
Post by: evilfantasy on October 01, 2009, 09:11:10 AM
Let ComboFix run anyway. It won't hurt anything.
Title: Re: Virus?
Post by: TriciaM on October 01, 2009, 10:06:35 AM
ComboFix 09-09-30.06 - Tricia & Roger 10/01/2009 11:38.1.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1022.451 [GMT -4:00]
Running from: c:\documents and settings\Tricia & Roger\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Tricia & Roger\Desktop\CFScript.txt
AV: Authentium Antivirus *On-access scanning enabled* (Updated) {A4E803B3-4E6E-4271-B1CD-56FBC0992D36}
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Security Suite Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

FILE ::
"c:\windows\_delis32.ini"
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Tricia & Roger\err.log
c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
c:\program files\sks~1
c:\program files\sks~1\??sks\ctxad-559.0001
c:\program files\sks~1\??sks\ctxad-559.0002
c:\program files\sks~1\??sks\ctxad-559.0003
c:\temp\fse
c:\windows\_delis32.ini
c:\windows\Installer\12ae3.msp
c:\windows\Installer\15cf844.msi
c:\windows\Installer\fea64.msp
c:\windows\smante~1
c:\windows\system32\evhbbweu.ini
c:\windows\system32\mxrqrqwp.ini
c:\windows\wpd99.drv

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Legacy_SYMANTEC_CORE_LC
-------\Service_Iprip
-------\Service_Symantec Core LC


(((((((((((((((((((((((((   Files Created from 2009-09-01 to 2009-10-01  )))))))))))))))))))))))))))))))
.

2009-10-01 15:52 . 2009-10-01 15:52   --------   d-----w-   c:\windows\LastGood
2009-10-01 02:44 . 2009-10-01 02:44   --------   d-----w-   c:\documents and settings\Tricia & Roger\Local Settings\Application Data\NOS
2009-10-01 01:57 . 2009-10-01 02:48   --------   d-----w-   c:\documents and settings\All Users\Application Data\NOS
2009-10-01 01:57 . 2009-10-01 02:40   --------   d-----w-   c:\program files\NOS
2009-09-30 21:10 . 2009-09-30 21:10   --------   d-----w-   c:\windows\system32\FxsTmp
2009-09-30 21:08 . 2004-08-04 11:00   41029   ----a-w-   c:\windows\system32\dllcache\zcorem.dll
2009-09-30 21:08 . 2004-08-04 11:00   1039955   ----a-w-   c:\windows\system32\dllcache\cmnresm.dll
2009-09-30 21:08 . 2004-08-04 11:00   113222   ----a-w-   c:\windows\system32\dllcache\zoneclim.dll
2009-09-30 21:08 . 2004-08-04 11:00   217160   ----a-w-   c:\windows\system32\dllcache\cmnclim.dll
2009-09-30 21:08 . 2004-08-04 11:00   29760   ----a-w-   c:\windows\system32\dllcache\znetm.dll
2009-09-30 21:08 . 2004-08-04 11:00   36937   ----a-w-   c:\windows\system32\dllcache\zclientm.exe
2009-09-30 21:07 . 2004-08-04 11:00   13312   ----a-w-   c:\windows\system32\dllcache\htrn_jis.dll
2009-09-30 21:07 . 2004-08-04 11:00   18944   ----a-w-   c:\windows\system32\simptcp.dll
2009-09-30 21:07 . 2004-08-04 11:00   18944   ----a-w-   c:\windows\system32\dllcache\simptcp.dll
2009-09-30 21:07 . 2004-08-04 11:00   5632   ----a-w-   c:\windows\system32\dllcache\smimsgif.dll
2009-09-30 21:07 . 2004-08-04 11:00   5632   ----a-w-   c:\windows\system32\dllcache\smierrsy.dll
2009-09-30 21:07 . 2004-08-04 11:00   15872   ----a-w-   c:\windows\system32\dllcache\smierrsm.dll
2009-09-30 21:07 . 2004-08-04 11:00   10240   ----a-w-   c:\windows\system32\wbem\snmpstup.dll
2009-09-30 21:07 . 2004-08-04 11:00   10240   ----a-w-   c:\windows\system32\dllcache\snmpstup.dll
2009-09-30 15:24 . 2009-09-30 15:29   --------   d-----w-   c:\program files\Trend Micro
2009-09-30 14:54 . 2009-09-30 14:54   --------   d-----w-   c:\program files\SystemRequirementsLab
2009-09-30 14:54 . 2009-09-30 14:54   --------   d-----w-   c:\documents and settings\Tricia & Roger\Application Data\SystemRequirementsLab
2009-09-30 14:36 . 2005-02-28 13:49   294912   ----a-w-   c:\windows\system32\FlexEng.dll
2009-09-30 14:07 . 2009-08-18 17:44   53248   ----a-w-   c:\windows\system32\CSVer.dll
2009-09-30 13:59 . 2009-09-30 13:59   --------   d-----w-   C:\Intel
2009-09-30 12:00 . 2009-09-30 12:00   --------   d-----w-   c:\documents and settings\Tricia & Roger\Application Data\Malwarebytes
2009-09-30 12:00 . 2009-09-10 18:54   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-30 12:00 . 2009-09-30 12:00   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-30 12:00 . 2009-09-10 18:53   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-09-30 12:00 . 2009-09-30 12:00   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2009-09-30 04:55 . 2009-09-30 04:55   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-09-30 04:54 . 2009-09-30 04:54   --------   d-----w-   c:\program files\SUPERAntiSpyware
2009-09-30 04:54 . 2009-09-30 04:54   --------   d-----w-   c:\documents and settings\Tricia & Roger\Application Data\SUPERAntiSpyware.com
2009-09-30 03:41 . 2009-09-30 03:41   --------   d-----w-   c:\program files\CCleaner
2009-09-10 01:57 . 2009-06-21 21:44   153088   ------w-   c:\windows\system32\dllcache\triedit.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-01 15:44 . 2009-03-15 12:23   18128084   --sha-w-   c:\windows\system32\drivers\fidbox.idx
2009-10-01 15:44 . 2007-09-30 02:31   1353854240   --sha-w-   c:\windows\system32\drivers\fidbox.dat
2009-10-01 05:13 . 2007-02-19 03:16   --------   d-----w-   c:\program files\TaxCut06
2009-10-01 05:11 . 2006-03-04 15:26   --------   d-----w-   c:\program files\TaxCut05
2009-10-01 05:10 . 2005-03-22 03:07   --------   d-----w-   c:\program files\TaxCut04
2009-10-01 05:02 . 2005-10-12 00:23   --------   d-----w-   c:\program files\EarthLink TotalAccess
2009-10-01 00:42 . 2008-10-25 13:17   --------   d-----w-   c:\documents and settings\All Users\Application Data\Google Updater
2009-09-30 15:17 . 2006-01-02 23:00   --------   d-----w-   c:\program files\Common Files\Logitech
2009-09-30 15:11 . 2004-11-23 07:52   --------   d-----w-   c:\program files\Java
2009-09-30 14:57 . 2004-11-23 07:52   --------   d-----w-   c:\program files\Common Files\InstallShield
2009-09-30 14:23 . 2004-11-23 07:52   --------   d-----w-   c:\program files\Intel
2009-09-30 13:59 . 2004-11-23 07:52   --------   d--h--w-   c:\program files\InstallShield Installation Information
2009-09-30 04:52 . 2007-02-26 02:04   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2009-09-30 03:15 . 2007-12-24 19:57   --------   d-----w-   c:\program files\Windows Live
2009-09-30 03:05 . 2005-05-28 12:19   --------   d-----w-   c:\program files\The Learning Company
2009-09-30 02:57 . 2008-08-22 20:29   --------   d-----w-   c:\program files\MyPublisher
2009-09-30 02:50 . 2007-08-29 23:41   --------   d-----w-   c:\program files\Kids Cam Show and Share Creativity Center
2009-09-30 02:43 . 2005-10-08 12:11   --------   d-----w-   c:\program files\Infogrames Interactive
2009-09-30 02:43 . 2006-06-04 17:42   --------   d-----w-   c:\program files\Disney Interactive
2009-09-30 02:33 . 2007-12-26 01:06   --------   d-----w-   c:\documents and settings\Tricia & Roger\Application Data\Amazon
2009-09-30 02:33 . 2007-12-26 01:04   --------   d-----w-   c:\program files\Amazon
2009-09-30 02:32 . 2005-11-10 16:30   --------   d-----w-   c:\program files\sz8001
2009-09-29 22:53 . 2004-11-30 03:32   36412   ----a-w-   c:\documents and settings\Tricia & Roger\Application Data\wklnhst.dat
2009-09-15 10:49 . 2007-09-30 02:24   4212   ---ha-w-   c:\windows\system32\zllictbl.dat
2009-09-11 13:23 . 2004-11-30 03:17   80720   ----a-w-   c:\documents and settings\Tricia & Roger\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-10 11:02 . 2007-09-23 01:58   --------   d-----w-   c:\program files\Microsoft Silverlight
2009-08-22 04:24 . 2009-08-22 04:24   --------   d-----w-   c:\program files\MSBuild
2009-08-22 04:23 . 2009-08-22 04:23   --------   d-----w-   c:\program files\Reference Assemblies
2009-08-14 17:25 . 2009-08-14 17:25   --------   d-----w-   c:\program files\Disney
2009-08-05 09:01 . 2004-08-04 11:00   204800   ----a-w-   c:\windows\system32\mswebdvd.dll
2009-07-31 19:23 . 2008-11-24 02:33   411368   ----a-w-   c:\windows\system32\deploytk.dll
2009-07-17 19:01 . 2004-08-04 11:00   58880   ----a-w-   c:\windows\system32\atl.dll
2009-07-14 03:43 . 2004-08-04 11:00   286208   ----a-w-   c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2004-08-04 11:00   915456   ----a-w-   c:\windows\system32\wininet.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-01-18 196608]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-02 68856]
"TivoTransfer"="c:\program files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" [2006-07-11 1174528]
"TivoNotify"="c:\program files\TiVo\Desktop\TiVoNotify.exe" [2006-07-11 341504]
"TivoServer"="c:\program files\TiVo\Desktop\TiVoServer.exe" [2006-07-11 1313792]
"Google Update"="c:\documents and settings\Tricia & Roger\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-03-24 133104]
"E6TaskPanel"="c:\program files\EarthLink TotalAccess\TaskPanl.exe" [2005-09-01 942080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 1388544]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-08-24 57344]
"MMTray"="c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" [2006-01-19 110592]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-12-06 50688]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~2\mimboot.exe" [2006-01-19 11776]
"LogitechCameraAssistant"="c:\program files\Logitech\Video\CameraAssistant.exe" [2005-07-28 389120]
"LogitechVideo[inspector]"="c:\program files\Logitech\Video\InstallHelper.exe" [2005-07-28 18:09 73728]
"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-07-08 282624]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
"SetDefPrt"="c:\program files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 49152]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 851968]
"AppMgrGui"="c:\program files\AppStream\WindowsClient\bin\exeForService.exe" [2006-09-27 24064]
"Elmore Music Messenger"="c:\windows\Elmore Music Messenger.exe" [2007-01-29 292658]
"eligmini"="c:\program files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe" [2009-04-28 491520]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-03-31 982408]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TBInfo"="iexplore.exe" - c:\combofix\iexplore.exe [2009-04-20 31232]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-1-8 196608]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2007-10-8 819200]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ASWLNDLL]
2007-05-14 01:45   6656   ----a-w-   c:\windows\SYSTEM32\ASWLNDLL.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\TiVo\\Desktop\\TiVoServer.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\WINDOWS\\SYSTEM32\\ZoneLabs\\vsmon.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 APPSTREAM;APPSTREAM;c:\windows\SYSTEM32\DRIVERS\AppStream.sys [5/13/2007 9:33 PM 115284]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/15/2009 11:42 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 11:42 AM 74480]
R2 AppMgrService;AWE 5.1.0 Application Manager;c:\program files\AppStream\WindowsClient\bin\AppMgrService.exe [9/27/2006 7:49 PM 1990656]
R2 EarthLinkMonitor;EarthLink Monitor Service;c:\program files\EarthLink TotalAccess\WENGINE\wmonitor.exe [1/26/2005 11:47 AM 65604]
R2 REGHOOK;REGHOOK;c:\windows\SYSTEM32\DRIVERS\RegHook.sys [9/27/2006 7:27 PM 54879]
R2 TivoBeacon2;TiVo Beacon;c:\program files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe [7/11/2006 8:22 AM 857088]
R2 VSPD;VSPD;c:\windows\SYSTEM32\DRIVERS\VSPD.sys [9/27/2006 7:27 PM 31321]
S3 ADSFilter;ADSFilter - (Aluria Filter Driver);c:\windows\SYSTEM32\DRIVERS\ADSFilter.sys [8/3/2007 7:35 AM 57456]
S3 ADSMonitor;ADSMonitor - (EarthLink Monitor Driver);c:\windows\SYSTEM32\DRIVERS\ADSMonitor.sys [8/3/2007 7:35 AM 38384]
S3 BW2NDIS5;BW2NDIS5;c:\windows\SYSTEM32\DRIVERS\BW2NDIS5.SYS [11/1/2004 2:16 PM 17536]
S3 EarthLinkSafeConnectDriver;EarthLinkSafeConnectDriver;\??\c:\program files\EarthLink\EarthLink Protection Control Center\Sana\Driver\platform_XP\SafeConnectDriver.sys --> c:\program files\EarthLink\EarthLink Protection Control Center\Sana\Driver\platform_XP\SafeConnectDriver.sys [?]
S3 EarthLinkSafeConnectFilter;EarthLinkSafeConnectFilter;\??\c:\program files\EarthLink\EarthLink Protection Control Center\Sana\Driver\platform_XP\SafeConnectFilter.sys --> c:\program files\EarthLink\EarthLink Protection Control Center\Sana\Driver\platform_XP\SafeConnectFilter.sys [?]
S3 EarthLinkSafeConnectShim;EarthLinkSafeConnectShim;\??\c:\program files\EarthLink\EarthLink Protection Control Center\Sana\Driver\platform_XP\SafeConnectShim.sys --> c:\program files\EarthLink\EarthLink Protection Control Center\Sana\Driver\platform_XP\SafeConnectShim.sys [?]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [8/4/2004 7:00 AM 14336]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 11:42 AM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc   REG_MULTI_SZ      p2psvc p2pimsvc p2pgasvc PNRPSvc
getPlusHelper   REG_MULTI_SZ      getPlusHelper

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-10-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-02 11:52]

2009-09-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-186917913-2315771567-692555066-1006Core.job
- c:\documents and settings\Tricia & Roger\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-24 11:55]

2009-10-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-186917913-2315771567-692555066-1006UA.job
- c:\documents and settings\Tricia & Roger\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-24 11:55]
.
Title: Re: Virus?
Post by: TriciaM on October 01, 2009, 10:08:09 AM
------- Supplementary Scan -------
.
uStart Page = hxxp://www.rr.com/
uDefault_Search_URL = hxxp://www.earthlink.net/partner/more/msie/button/search.html
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage}
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
LSP: c:\program files\EarthLink TotalAccess\Accelerator\prplsf.dll
Trusted Zone: broderbund.com\support
Trusted Zone: mypublisher.com\www
Trusted Zone: riverdeep.net\smartdownload
Trusted Zone: uspsoig.gov\portal2003
Trusted Zone: musicmatch.com\online
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {5DA9D8E0-5A57-11CF-9E36-00C0930198C0} - hxxp://www.ansonncrod.org/imw32o40.cab
DPF: {9841D1AE-9C0B-11D3-9452-00105A098C21} - hxxp://www.ansonncrod.org/prntpro2.CAB
FF - ProfilePath - c:\documents and settings\Tricia & Roger\Application Data\Mozilla\Firefox\Profiles\10loo8z7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\Tricia & Roger\Application Data\Mozilla\Firefox\Profiles\10loo8z7.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\Tricia & Roger\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvirtools.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-~37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - (no file)
URLSearchHooks-~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKCU-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe
AddRemove-{0BEDBD4E-2D34-47B5-9973-57E62B29307C} - c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
AddRemove-{2637C347-9DAD-11D6-9EA2-00055D0CA761} - c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
AddRemove-{8A367C28-423C-48E2-8C76-EBA1171F932A} - c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
AddRemove-{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E} - c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll

Title: Re: Virus?
Post by: TriciaM on October 01, 2009, 10:09:16 AM
**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-01 11:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cd20xrnt]
"ImagePath"="system32\DRIVERS\cd20xrnt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdaudio]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdrom]
"ImagePath"="system32\DRIVERS\cdrom.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Changer]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CiSvc]
"ImagePath"="%SystemRoot%\system32\cisvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ClipSrv]
"ImagePath"="%SystemRoot%\system32\clipsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\clr_optimization_v2.0.50727_32]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CmdIde]
"ImagePath"="system32\DRIVERS\cmdide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\COMSysApp]
"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentFilter]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentIndex]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cpqarray]
"ImagePath"="system32\DRIVERS\cpqarray.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CryptSvc]
"ServiceDll"="%SystemRoot%\System32\cryptsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac2w2k]
"ImagePath"="system32\DRIVERS\dac2w2k.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac960nt]
"ImagePath"="system32\DRIVERS\dac960nt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DcomLaunch]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dhcp]
"ServiceDll"="%SystemRoot%\System32\dhcpcsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Disk]
"ImagePath"="system32\DRIVERS\disk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmadmin]
"ImagePath"="%SystemRoot%\System32\dmadmin.exe /com"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmboot]
"ImagePath"="System32\drivers\dmboot.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmio]
"ImagePath"="System32\drivers\dmio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmload]
"ImagePath"="System32\drivers\dmload.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmserver]
"ServiceDll"="%SystemRoot%\System32\dmserver.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DMusic]
"ImagePath"="system32\drivers\DMusic.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dnscache]
"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dot3svc]
"ServiceDll"="%SystemRoot%\System32\dot3svc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dpti2o]
"ImagePath"="system32\DRIVERS\dpti2o.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\drmkaud]
"ImagePath"="system32\drivers\drmkaud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\drvmcdb]
"ImagePath"="system32\drivers\drvmcdb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\drvncdb]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\drvnddm]
"ImagePath"="system32\drivers\drvnddm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DSBrokerService]
"ImagePath"="\"c:\program files\DellSupport\brkrsvc.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DSproct]
"ImagePath"="\??\c:\program files\DellSupport\GTAction\triggers\DSproct.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dsunidrv]
"ImagePath"="system32\DRIVERS\dsunidrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\E100B]
"ImagePath"="system32\DRIVERS\e100b325.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EapHost]
"ServiceDll"="%SystemRoot%\System32\eapsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EarthLinkMonitor]
"ImagePath"="\"c:\program files\EarthLink TotalAccess\WENGINE\wmonitor.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EarthLinkSafeConnectAgent]
"ImagePath"="\"c:\program files\EarthLink\EarthLink Protection Control Center\Sana\Bin\SanaAgent.exe\" EarthLinkSafeConnectAgent"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EarthLinkSafeConnectDriver]
"ImagePath"="\??\c:\program files\EarthLink\EarthLink Protection Control Center\Sana\Driver\platform_XP\SafeConnectDriver.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EarthLinkSafeConnectFilter]
"ImagePath"="\??\c:\program files\EarthLink\EarthLink Protection Control Center\Sana\Driver\platform_XP\SafeConnectFilter.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EarthLinkSafeConnectShim]
"ImagePath"="\??\c:\program files\EarthLink\EarthLink Protection Control Center\Sana\Driver\platform_XP\SafeConnectShim.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ERSvc]
"ServiceDll"="%SystemRoot%\System32\ersvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Eventlog]
"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EventSystem]
"ServiceDll"="c:\windows\system32\es.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fastfat]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibility]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fax]
"ImagePath"="%systemroot%\system32\fxssvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc]
"ImagePath"="system32\DRIVERS\fdc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FilterService]
"ImagePath"="system32\DRIVERS\lvuvcflt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fips]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk]
"ImagePath"="system32\DRIVERS\flpydisk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FltMgr]
"ImagePath"="system32\drivers\fltmgr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FontCache3.0.0.0]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FSLX]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fs_Rec]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ftdisk]
"ImagePath"="system32\DRIVERS\ftdisk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GEARAspiWDM]
"ImagePath"="System32\Drivers\GEARAspiWDM.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\getPlusHelper]
"ServiceDll"="c:\program files\NOS\bin\getPlus_Helper.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Gpc]
"ImagePath"="system32\DRIVERS\msgpc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GRTdiMon]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gusvc]
"ImagePath"="\"c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\helpsvc]
"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidServ]
"ServiceDll"="%SystemRoot%\System32\hidserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidUsb]
"ImagePath"="system32\DRIVERS\hidusb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hkmsvc]
"ServiceDll"="%SystemRoot%\System32\kmsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpn]
"ImagePath"="system32\DRIVERS\hpn.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTP]
"ImagePath"="System32\Drivers\HTTP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTPFilter]
"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omgmt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omp]
"ImagePath"="system32\DRIVERS\i2omp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i8042prt]
"ImagePath"="system32\DRIVERS\i8042prt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IAANTMon]
"ImagePath"="c:\program files\Intel\Intel Application Accelerator\iaantmon.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iaStor]
"ImagePath"="system32\drivers\iaStor.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IDriverT]
"ImagePath"="\"c:\program files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\idsvc]
"ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Imapi]
"ImagePath"="system32\DRIVERS\imapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ImapiService]
"ImagePath"="%systemroot%\system32\imapi.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\inetaccs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ini910u]
"ImagePath"="system32\DRIVERS\ini910u.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Inport]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelC51]
"ImagePath"="system32\DRIVERS\IntelC51.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelC52]
"ImagePath"="system32\DRIVERS\IntelC52.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelC53]
"ImagePath"="system32\DRIVERS\IntelC53.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelIde]
"ImagePath"="system32\DRIVERS\intelide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\intelppm]
"ImagePath"="system32\DRIVERS\intelppm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ip6Fw]
"ImagePath"="system32\drivers\ip6fw.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpInIp]
"ImagePath"="system32\DRIVERS\ipinip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpNat]
"ImagePath"="system32\DRIVERS\ipnat.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IPSec]
"ImagePath"="system32\DRIVERS\ipsec.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IRENUM]
"ImagePath"="system32\DRIVERS\irenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ISAPISearch]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\isapnp]
"ImagePath"="system32\DRIVERS\isapnp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\JavaQuickStarterService]
"ImagePath"="\"c:\program files\Java\jre6\bin\jqs.exe\" -service -config \"c:\program files\Java\jre6\lib\deploy\jqs\jqs.conf\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\JL2005C]
"ImagePath"="System32\Drivers\jl2005c.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KLIF]
"ImagePath"="system32\DRIVERS\klif.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kmixer]
"ImagePath"="system32\drivers\kmixer.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KSecDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanserver]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lbrtfdc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ldap]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LicenseService]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LmHosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LPDSVC]
"ImagePath"="%SystemRoot%\system32\tcpsvcs.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Lvckap]
"ImagePath"="\??\c:\windows\system32\drivers\Lvckap.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lvmvdrv]
"ImagePath"="\??\c:\windows\system32\drivers\lvmvdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lvpopflt]
"ImagePath"="system32\DRIVERS\lvpopflt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LVUSBSta]
"ImagePath"="system32\drivers\lvusbsta.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LVUVC]
"ImagePath"="system32\DRIVERS\lvuvc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Messenger]
"ServiceDll"="%SystemRoot%\System32\msgsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmdd]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvc]
"ImagePath"="c:\windows\system32\mnmsrvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Modem]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MODEMCSA]
"ImagePath"="system32\drivers\MODEMCSA.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mohfilt]
"ImagePath"="system32\DRIVERS\mohfilt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MountMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MPE]
"ImagePath"="system32\DRIVERS\MPE.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mraid35x]
"ImagePath"="system32\DRIVERS\mraid35x.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxDAV]
"ImagePath"="system32\DRIVERS\mrxdav.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxSmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC]
"ImagePath"="c:\windows\system32\msdtc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC Bridge 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDV]
"ImagePath"="system32\DRIVERS\msdv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Msfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSIServer]
"ImagePath"="%systemroot%\system32\msiexec.exe /V"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mssmbios]
"ImagePath"="system32\DRIVERS\mssmbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSTEE]
"ImagePath"="system32\drivers\MSTEE.sys"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mup]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NABTSFEC]
"ImagePath"="system32\DRIVERS\NABTSFEC.sys"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\napagent]
"ServiceDll"="%SystemRoot%\System32\qagentrt.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDIS]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisIP]
"ImagePath"="system32\DRIVERS\NdisIP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDProxy]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBT]
"ImagePath"="system32\DRIVERS\netbt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDE]
"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdm]
"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetTcpPortSharing]
"ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIC1394]
"ImagePath"="system32\DRIVERS\nic1394.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nla]
"ServiceDll"="%SystemRoot%\System32\mswsock.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Npfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ntfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSsp]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc]
"ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Null]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nv]
"ImagePath"="system32\DRIVERS\nv4_mini.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFlt]
"ImagePath"="system32\DRIVERS\nwlnkflt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFwd]
"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ohci1394]
"ImagePath"="system32\DRIVERS\ohci1394.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\omci]
"ImagePath"="system32\DRIVERS\omci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\p2pgasvc]
"ServiceDll"="%SystemRoot%\system32\p2pgasvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\p2pimsvc]
"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\p2psvc]
"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Parport]
"ImagePath"="system32\DRIVERS\parport.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PartMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ParVdm]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCI]
"ImagePath"="system32\DRIVERS\pci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIDump]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIIde]
"ImagePath"="system32\DRIVERS\pciide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pcmcia]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDCOMP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRELI]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2]
"ImagePath"="system32\DRIVERS\perc2.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2hib]
"ImagePath"="system32\DRIVERS\perc2hib.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfDisk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfNet]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfOS]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfProc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pfc]
"ImagePath"="\??\c:\windows\system32\drivers\pfc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PlugPlay]
"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PNRPSvc]
"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PolicyAgent]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PortProxy]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSched]
"ImagePath"="system32\DRIVERS\psched.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ptilink]
"ImagePath"="system32\DRIVERS\ptilink.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PxHelp20]
"ImagePath"="System32\Drivers\PxHelp20.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1080]
"ImagePath"="system32\DRIVERS\ql1080.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ql10wnt]
"ImagePath"="system32\DRIVERS\ql10wnt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql12160]
"ImagePath"="system32\DRIVERS\ql12160.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1240]
"ImagePath"="system32\DRIVERS\ql1240.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1280]
"ImagePath"="system32\DRIVERS\ql1280.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAcd]
"ImagePath"="system32\DRIVERS\rasacd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Raspti]
"ImagePath"="system32\DRIVERS\raspti.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rdpdr]
"ImagePath"="system32\DRIVERS\rdpdr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPNP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPWD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgr]
"ImagePath"="c:\windows\system32\sessmgr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\redbook]
"ImagePath"="system32\DRIVERS\redbook.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\REGHOOK]
"ImagePath"="\??\c:\windows\System32\Drivers\REGHOOK.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccess]
"ServiceDll"="%SystemRoot%\System32\mprdim.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcSs]
"ServiceDll"="%SystemRoot%\System32\rpcss.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RSVP]
"ImagePath"="%SystemRoot%\system32\rsvp.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SASDIFSV]
"ImagePath"="\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SASENUM]
"ImagePath"="\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SASKUTIL]
"ImagePath"="\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCardSvr]
"ImagePath"="%SystemRoot%\System32\SCardSvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Schedule]
"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ScsiPort]
"ImagePath"="%SystemRoot%\system32\drivers\scsiport.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Secdrv]
"ImagePath"="system32\DRIVERS\secdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\seclogon]
"ServiceDll"="%SystemRoot%\System32\seclogon.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\senfilt]
"ImagePath"="system32\drivers\senfilt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\serenum]
"ImagePath"="system32\DRIVERS\serenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Serial]
"ImagePath"="system32\DRIVERS\serial.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelOperation 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelService 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sfloppy]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Simbad]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SimpTcp]
"ImagePath"="%SystemRoot%\system32\tcpsvcs.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sisagp]
"ImagePath"="system32\DRIVERS\sisagp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SLIP]
"ImagePath"="system32\DRIVERS\SLIP.sys"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SMSvcHost 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\smwdm]
"ImagePath"="system32\drivers\smwdm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SNMP]
"ImagePath"="%SystemRoot%\System32\snmp.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SNMPTRAP]
"ImagePath"="%SystemRoot%\System32\snmptrap.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sparrow]
"ImagePath"="system32\DRIVERS\sparrow.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\splitter]
"ImagePath"="system32\drivers\splitter.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Spooler]
"ImagePath"="%SystemRoot%\system32\spoolsv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sr]
"ImagePath"="system32\DRIVERS\sr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srescan]
"ImagePath"="system32\ZoneLabs\srescan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srservice]
"ServiceDll"="%SystemRoot%\system32\srsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Srv]
"ImagePath"="system32\DRIVERS\srv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sscdbhk5]
"ImagePath"="system32\drivers\sscdbhk5.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ssrtln]
"ImagePath"="system32\drivers\ssrtln.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvc]
"ServiceDll"="%SystemRoot%\system32\wiaservc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\streamip]
"ImagePath"="system32\DRIVERS\StreamIP.sys"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swenum]
"ImagePath"="system32\DRIVERS\swenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swmidi]
"ImagePath"="system32\drivers\swmidi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrv]
"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{A445BD1E-49EE-4607-B370-5CCA447377C4}"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swwd]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc810]
"ImagePath"="system32\DRIVERS\symc810.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc8xx]
"ImagePath"="system32\DRIVERS\symc8xx.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_hi]
"ImagePath"="system32\DRIVERS\sym_hi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_u3]
"ImagePath"="system32\DRIVERS\sym_u3.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sysaudio]
"ImagePath"="system32\drivers\sysaudio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SysmonLog]
"ImagePath"="%SystemRoot%\system32\smlogsvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip]
"ImagePath"="system32\DRIVERS\tcpip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip6]
"ImagePath"="system32\DRIVERS\tcpip6.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDPIPE]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDTCP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermDD]
"ImagePath"="system32\DRIVERS\termdd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tfsnboio]
"ImagePath"="system32\dla\tfsnboio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tfsncofs]
"ImagePath"="system32\dla\tfsncofs.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tfsndrct]
"ImagePath"="system32\dla\tfsndrct.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tfsndres]
"ImagePath"="system32\dla\tfsndres.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tfsnifs]
"ImagePath"="system32\dla\tfsnifs.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tfsnopio]
"ImagePath"="system32\dla\tfsnopio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tfsnpool]
"ImagePath"="system32\dla\tfsnpool.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tfsnudf]
"ImagePath"="system32\dla\tfsnudf.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tfsnudfa]
"ImagePath"="system32\dla\tfsnudfa.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Themes]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TivoBeacon2]
"ImagePath"="\"c:\program files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe\" /service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TosIde]
"ImagePath"="system32\DRIVERS\toside.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrkWks]
"ServiceDll"="%SystemRoot%\system32\trkwks.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TSDDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tunmp]
"ImagePath"="system32\DRIVERS\tunmp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Udfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ultra]
"ImagePath"="system32\DRIVERS\ultra.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Update]
"ImagePath"="system32\DRIVERS\update.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UPS]
"ImagePath"="%SystemRoot%\System32\ups.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbaudio]
"ImagePath"="system32\drivers\usbaudio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbccgp]
"ImagePath"="system32\DRIVERS\usbccgp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbprint]
"ImagePath"="system32\DRIVERS\usbprint.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbscan]
"ImagePath"="system32\DRIVERS\usbscan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\USBSTOR]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbuhci]
"ImagePath"="system32\DRIVERS\usbuhci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\viaagp]
"ImagePath"="system32\DRIVERS\viaagp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ViaIde]
"ImagePath"="system32\DRIVERS\viaide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VolSnap]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"="System32\vsdatant.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsmon]
"ImagePath"="c:\windows\SYSTEM32\ZoneLabs\vsmon.exe -service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VSPD]
"ImagePath"="\??\c:\windows\System32\Drivers\VSPD.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VSS]
"ImagePath"="%SystemRoot%\System32\vssvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\w32time]
"ServiceDll"="%systemroot%\system32\w32time.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W3SVC]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wanarp]
"ImagePath"="system32\DRIVERS\wanarp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wanatw]
"ImagePath"="system32\DRIVERS\wanatw4.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WDICA]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wdmaud]
"ImagePath"="system32\drivers\wdmaud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Windows Workflow Foundation 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Winsock]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinSock2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinTrust]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSN]
"ServiceDll"="c:\windows\system32\MsPMSNSv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wmi]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApRpl]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApSrv]
"ImagePath"="c:\windows\system32\wbem\wmiapsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WMPNetworkSvc]
"ImagePath"="\"c:\program files\Windows Media Player\WMPNetwk.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WpdUsb]
"ImagePath"="system32\DRIVERS\wpdusb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WS2IFSL]
"ImagePath"="\SystemRoot\System32\drivers\ws2ifsl.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wscsvc]
"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WSTCODEC]
"ImagePath"="system32\DRIVERS\WSTCODEC.SYS"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wuauserv]
"ServiceDll"="c:\windows\system32\wuauserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf]
"ImagePath"="system32\DRIVERS\WudfPf.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd]
"ImagePath"="system32\DRIVERS\wudfrd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc]
"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WZCSVC]
"ServiceDll"="%SystemRoot%\System32\wzcsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xmlprov]
"ServiceDll"="%SystemRoot%\System32\xmlprov.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{9F308F8A-7C99-4907-AE93-02A349C53899}]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{AEA69CD6-BEF8-4F41-8F9F-E3364390A66B}]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{D847D4EC-2128-4DCA-BEB1-8E73F1CC5BE3}]
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(792)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\ASWLNDLL.dll

- - - - - - - > 'lsass.exe'(856)
c:\program files\EarthLink TotalAccess\Accelerator\prplsf.dll

- - - - - - - > 'explorer.exe'(3572)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\EarthLink TotalAccess\Accelerator\prplsf.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\ati2evxx.exe
c:\windows\SYSTEM32\Brmfrmps.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\SYSTEM32\TCPSVCS.EXE
c:\windows\SYSTEM32\snmp.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\SYSTEM32\brss01a.exe
c:\progra~1\MUSICM~1\MUSICM~2\MMDiag.exe
c:\program files\MUSICMATCH\Musicmatch Jukebox\mim.exe
c:\program files\AppStream\WindowsClient\bin\AppMgrGui.exe
c:\windows\SYSTEM32\msiexec.exe
c:\windows\SYSTEM32\msiexec.exe
c:\windows\SYSTEM32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-10-01 12:01 - machine was rebooted
ComboFix-quarantined-files.txt  2009-10-01 16:01

Pre-Run: 8,066,433,024 bytes free
Post-Run: 7,995,674,624 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

919   --- E O F ---   2009-09-30 17:45
Title: Re: Virus?
Post by: TriciaM on October 01, 2009, 10:14:28 AM
I need to add that : TotalAccess Core applications keeps trying to run and then is giving me an error message.  TACORE.MSI

I also get an error message like this:  Cannot export APISVC:Error writing the file. Disk/file system error.

True Vector kept coming up last night (before comboscan) and telling me that it needs to shut down.

I also kept getting Logitech desktop messenger messages and a shut down window with "Shellcon Hidden Window" at the top. 

Title: Re: Virus?
Post by: harry 48 on October 01, 2009, 01:53:14 PM
why would you give up , listen and try to do as evil says
Title: Re: Virus?
Post by: evilfantasy on October 01, 2009, 05:18:20 PM
Download Registry Search by Bobbi Flekman (http://www.bleepingcomputer.com/files/regsearch.php)
(see the link titled RegSearch Download Link)

* Extract the files from Regsearch.zip into a folder.
* Doubleclick regsearch.exe to start the program.
* Enter Authentium in the top area of the form and then click OK
* Notepad will be opened with text in it (the file named RegSearch.txt will be saved in the program's folder as well).
* Add the contents of the Notepad file to your next reply.
Title: Re: Virus?
Post by: TriciaM on October 01, 2009, 08:43:16 PM
Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0

; Results at 10/1/2009 10:41:18 PM for strings:
;  'authentium'
; Strings excluded from search:
;  (None)
; Search in:
; Registry Keys  Registry Values  Registry Data 
; HKEY_LOCAL_MACHINE  HKEY_USERS 


; End Of The Log...
Title: Re: Virus?
Post by: evilfantasy on October 01, 2009, 09:04:30 PM
Run Registry Search again and this time search for the following. (include the brackets { } in the search term)

{A4E803B3-4E6E-4271-B1CD-56FBC0992D36}
Title: Re: Virus?
Post by: TriciaM on October 01, 2009, 09:57:26 PM
Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0

; Results at 10/1/2009 11:51:48 PM for strings:
;  '{a4e803b3-4e6e-4271-b1cd-56fbc0992d36}'
; Strings excluded from search:
;  (None)
; Search in:
; Registry Keys  Registry Values  Registry Data 
; HKEY_LOCAL_MACHINE  HKEY_USERS 


; End Of The Log...
Title: Re: Virus?
Post by: evilfantasy on October 02, 2009, 01:42:20 PM
It appears that the entry is "stuck" in the security center so we need to reset it.

But first let's finish with ComboFix.

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]
KillAll::

FixCSet::

File::
c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=-


3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

(http://i154.photobucket.com/albums/s258/evilfantasy69/CFScript-1.gif)

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze
Title: Re: Virus?
Post by: TriciaM on October 02, 2009, 04:03:24 PM
ComboFix 09-10-01.05 - Tricia & Roger 10/02/2009 17:42.3.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1022.597 [GMT -4:00]
Running from: c:\documents and settings\Tricia & Roger\Desktop\ComboFix.exe
AV: Authentium Antivirus *On-access scanning enabled* (Updated) {A4E803B3-4E6E-4271-B1CD-56FBC0992D36}
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Security Suite Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

.
(((((((((((((((((((((((((   Files Created from 2009-09-02 to 2009-10-02  )))))))))))))))))))))))))))))))
.

2009-10-01 02:44 . 2009-10-01 02:44   --------   d-----w-   c:\documents and settings\Tricia & Roger\Local Settings\Application Data\NOS
2009-10-01 01:57 . 2009-10-01 02:48   --------   d-----w-   c:\documents and settings\All Users\Application Data\NOS
2009-10-01 01:57 . 2009-10-01 02:40   --------   d-----w-   c:\program files\NOS
2009-09-30 21:10 . 2009-09-30 21:10   --------   d-----w-   c:\windows\system32\FxsTmp
2009-09-30 21:08 . 2004-08-04 11:00   41029   ----a-w-   c:\windows\system32\dllcache\zcorem.dll
2009-09-30 21:08 . 2004-08-04 11:00   1039955   ----a-w-   c:\windows\system32\dllcache\cmnresm.dll
2009-09-30 21:08 . 2004-08-04 11:00   113222   ----a-w-   c:\windows\system32\dllcache\zoneclim.dll
2009-09-30 21:08 . 2004-08-04 11:00   217160   ----a-w-   c:\windows\system32\dllcache\cmnclim.dll
2009-09-30 21:08 . 2004-08-04 11:00   29760   ----a-w-   c:\windows\system32\dllcache\znetm.dll
2009-09-30 21:08 . 2004-08-04 11:00   36937   ----a-w-   c:\windows\system32\dllcache\zclientm.exe
2009-09-30 21:07 . 2004-08-04 11:00   13312   ----a-w-   c:\windows\system32\dllcache\htrn_jis.dll
2009-09-30 21:07 . 2004-08-04 11:00   18944   ----a-w-   c:\windows\system32\simptcp.dll
2009-09-30 21:07 . 2004-08-04 11:00   18944   ----a-w-   c:\windows\system32\dllcache\simptcp.dll
2009-09-30 21:07 . 2004-08-04 11:00   5632   ----a-w-   c:\windows\system32\dllcache\smimsgif.dll
2009-09-30 21:07 . 2004-08-04 11:00   5632   ----a-w-   c:\windows\system32\dllcache\smierrsy.dll
2009-09-30 21:07 . 2004-08-04 11:00   15872   ----a-w-   c:\windows\system32\dllcache\smierrsm.dll
2009-09-30 21:07 . 2004-08-04 11:00   10240   ----a-w-   c:\windows\system32\wbem\snmpstup.dll
2009-09-30 21:07 . 2004-08-04 11:00   10240   ----a-w-   c:\windows\system32\dllcache\snmpstup.dll
2009-09-30 15:24 . 2009-09-30 15:29   --------   d-----w-   c:\program files\Trend Micro
2009-09-30 14:54 . 2009-09-30 14:54   --------   d-----w-   c:\program files\SystemRequirementsLab
2009-09-30 14:54 . 2009-09-30 14:54   --------   d-----w-   c:\documents and settings\Tricia & Roger\Application Data\SystemRequirementsLab
2009-09-30 14:36 . 2005-02-28 13:49   294912   ----a-w-   c:\windows\system32\FlexEng.dll
2009-09-30 14:07 . 2009-08-18 17:44   53248   ----a-w-   c:\windows\system32\CSVer.dll
2009-09-30 13:59 . 2009-09-30 13:59   --------   d-----w-   C:\Intel
2009-09-30 12:00 . 2009-09-30 12:00   --------   d-----w-   c:\documents and settings\Tricia & Roger\Application Data\Malwarebytes
2009-09-30 12:00 . 2009-09-10 18:54   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-30 12:00 . 2009-09-30 12:00   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-30 12:00 . 2009-09-10 18:53   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-09-30 12:00 . 2009-09-30 12:00   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2009-09-30 04:55 . 2009-09-30 04:55   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-09-30 04:54 . 2009-09-30 04:54   --------   d-----w-   c:\program files\SUPERAntiSpyware
2009-09-30 04:54 . 2009-09-30 04:54   --------   d-----w-   c:\documents and settings\Tricia & Roger\Application Data\SUPERAntiSpyware.com
2009-09-30 03:41 . 2009-09-30 03:41   --------   d-----w-   c:\program files\CCleaner
2009-09-10 01:57 . 2009-06-21 21:44   153088   ------w-   c:\windows\system32\dllcache\triedit.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-02 21:48 . 2007-09-30 02:31   1361832224   --sha-w-   c:\windows\system32\drivers\fidbox.dat
2009-10-02 20:35 . 2009-03-15 12:23   18223820   --sha-w-   c:\windows\system32\drivers\fidbox.idx
2009-10-02 01:43 . 2008-10-25 13:17   --------   d-----w-   c:\documents and settings\All Users\Application Data\Google Updater
2009-10-01 05:13 . 2007-02-19 03:16   --------   d-----w-   c:\program files\TaxCut06
2009-10-01 05:11 . 2006-03-04 15:26   --------   d-----w-   c:\program files\TaxCut05
2009-10-01 05:10 . 2005-03-22 03:07   --------   d-----w-   c:\program files\TaxCut04
2009-10-01 05:02 . 2005-10-12 00:23   --------   d-----w-   c:\program files\EarthLink TotalAccess
2009-09-30 15:17 . 2006-01-02 23:00   --------   d-----w-   c:\program files\Common Files\Logitech
2009-09-30 15:11 . 2004-11-23 07:52   --------   d-----w-   c:\program files\Java
2009-09-30 14:57 . 2004-11-23 07:52   --------   d-----w-   c:\program files\Common Files\InstallShield
2009-09-30 14:23 . 2004-11-23 07:52   --------   d-----w-   c:\program files\Intel
2009-09-30 13:59 . 2004-11-23 07:52   --------   d--h--w-   c:\program files\InstallShield Installation Information
2009-09-30 04:52 . 2007-02-26 02:04   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2009-09-30 03:15 . 2007-12-24 19:57   --------   d-----w-   c:\program files\Windows Live
2009-09-30 03:05 . 2005-05-28 12:19   --------   d-----w-   c:\program files\The Learning Company
2009-09-30 02:57 . 2008-08-22 20:29   --------   d-----w-   c:\program files\MyPublisher
2009-09-30 02:50 . 2007-08-29 23:41   --------   d-----w-   c:\program files\Kids Cam Show and Share Creativity Center
2009-09-30 02:43 . 2005-10-08 12:11   --------   d-----w-   c:\program files\Infogrames Interactive
2009-09-30 02:43 . 2006-06-04 17:42   --------   d-----w-   c:\program files\Disney Interactive
2009-09-30 02:33 . 2007-12-26 01:06   --------   d-----w-   c:\documents and settings\Tricia & Roger\Application Data\Amazon
2009-09-30 02:33 . 2007-12-26 01:04   --------   d-----w-   c:\program files\Amazon
2009-09-30 02:32 . 2005-11-10 16:30   --------   d-----w-   c:\program files\sz8001
2009-09-29 22:53 . 2004-11-30 03:32   36412   ----a-w-   c:\documents and settings\Tricia & Roger\Application Data\wklnhst.dat
2009-09-15 10:49 . 2007-09-30 02:24   4212   ---ha-w-   c:\windows\system32\zllictbl.dat
2009-09-11 13:23 . 2004-11-30 03:17   80720   ----a-w-   c:\documents and settings\Tricia & Roger\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-10 11:02 . 2007-09-23 01:58   --------   d-----w-   c:\program files\Microsoft Silverlight
2009-08-22 04:24 . 2009-08-22 04:24   --------   d-----w-   c:\program files\MSBuild
2009-08-22 04:23 . 2009-08-22 04:23   --------   d-----w-   c:\program files\Reference Assemblies
2009-08-14 17:25 . 2009-08-14 17:25   --------   d-----w-   c:\program files\Disney
2009-08-05 09:01 . 2004-08-04 11:00   204800   ----a-w-   c:\windows\system32\mswebdvd.dll
2009-07-31 19:23 . 2008-11-24 02:33   411368   ----a-w-   c:\windows\system32\deploytk.dll
2009-07-17 19:01 . 2004-08-04 11:00   58880   ----a-w-   c:\windows\system32\atl.dll
2009-07-14 03:43 . 2004-08-04 11:00   286208   ----a-w-   c:\windows\system32\wmpdxm.dll
.

(((((((((((((((((((((((((((((   SnapShot@2009-10-01_15.49.07   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-02 20:36 . 2009-10-02 20:36   16384              c:\windows\temp\Perflib_Perfdata_754.dat
+ 2009-10-02 20:36 . 2009-10-02 20:36   16384              c:\windows\temp\Perflib_Perfdata_270.dat
+ 2009-04-15 02:11 . 2009-10-02 21:38   636480              c:\windows\SYSTEM32\ZoneLabs\avsys\bases\sfdb.dat
+ 2008-08-18 23:44 . 2008-04-21 12:08   215552              c:\windows\SYSTEM32\DLLCACHE\wordpad.exe
+ 2009-04-15 02:07 . 2009-10-01 16:43   13828992              c:\windows\SYSTEM32\ZoneLabs\spyware.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-02 68856]
"TivoTransfer"="c:\program files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" [2006-07-11 1174528]
"TivoNotify"="c:\program files\TiVo\Desktop\TiVoNotify.exe" [2006-07-11 341504]
"TivoServer"="c:\program files\TiVo\Desktop\TiVoServer.exe" [2006-07-11 1313792]
"Google Update"="c:\documents and settings\Tricia & Roger\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-03-24 133104]
"E6TaskPanel"="c:\program files\EarthLink TotalAccess\TaskPanl.exe" [2005-09-01 942080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 1388544]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-08-24 57344]
"MMTray"="c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" [2006-01-19 110592]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-12-06 50688]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~2\mimboot.exe" [2006-01-19 11776]
"LogitechCameraAssistant"="c:\program files\Logitech\Video\CameraAssistant.exe" [2005-07-28 389120]
"LogitechVideo[inspector]"="c:\program files\Logitech\Video\InstallHelper.exe" [2005-07-28 18:09 73728]
"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-07-08 282624]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
"SetDefPrt"="c:\program files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 49152]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 851968]
"AppMgrGui"="c:\program files\AppStream\WindowsClient\bin\exeForService.exe" [2006-09-27 24064]
"Elmore Music Messenger"="c:\windows\Elmore Music Messenger.exe" [2007-01-29 292658]
"eligmini"="c:\program files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe" [2009-04-28 491520]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-03-31 982408]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TBInfo"="iexplore.exe" - c:\combofix\iexplore.exe [2009-04-20 31232]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ASWLNDLL]
2007-05-14 01:45   6656   ----a-w-   c:\windows\SYSTEM32\ASWLNDLL.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\TiVo\\Desktop\\TiVoServer.exe"=
"c:\\WINDOWS\\SYSTEM32\\ZoneLabs\\vsmon.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 APPSTREAM;APPSTREAM;c:\windows\SYSTEM32\DRIVERS\AppStream.sys [5/13/2007 9:33 PM 115284]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/15/2009 11:42 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 11:42 AM 74480]
R2 AppMgrService;AWE 5.1.0 Application Manager;c:\program files\AppStream\WindowsClient\bin\AppMgrService.exe [9/27/2006 7:49 PM 1990656]
R2 EarthLinkMonitor;EarthLink Monitor Service;c:\program files\EarthLink TotalAccess\WENGINE\wmonitor.exe [1/26/2005 11:47 AM 65604]
R2 REGHOOK;REGHOOK;c:\windows\SYSTEM32\DRIVERS\RegHook.sys [9/27/2006 7:27 PM 54879]
R2 TivoBeacon2;TiVo Beacon;c:\program files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe [7/11/2006 8:22 AM 857088]
R2 VSPD;VSPD;c:\windows\SYSTEM32\DRIVERS\VSPD.sys [9/27/2006 7:27 PM 31321]
S3 ADSFilter;ADSFilter - (Aluria Filter Driver);c:\windows\SYSTEM32\DRIVERS\ADSFilter.sys [8/3/2007 7:35 AM 57456]
S3 ADSMonitor;ADSMonitor - (EarthLink Monitor Driver);c:\windows\SYSTEM32\DRIVERS\ADSMonitor.sys [8/3/2007 7:35 AM 38384]
S3 BW2NDIS5;BW2NDIS5;c:\windows\SYSTEM32\DRIVERS\BW2NDIS5.SYS [11/1/2004 2:16 PM 17536]
S3 EarthLinkSafeConnectDriver;EarthLinkSafeConnectDriver;\??\c:\program files\EarthLink\EarthLink Protection Control Center\Sana\Driver\platform_XP\SafeConnectDriver.sys --> c:\program files\EarthLink\EarthLink Protection Control Center\Sana\Driver\platform_XP\SafeConnectDriver.sys [?]
S3 EarthLinkSafeConnectFilter;EarthLinkSafeConnectFilter;\??\c:\program files\EarthLink\EarthLink Protection Control Center\Sana\Driver\platform_XP\SafeConnectFilter.sys --> c:\program files\EarthLink\EarthLink Protection Control Center\Sana\Driver\platform_XP\SafeConnectFilter.sys [?]
S3 EarthLinkSafeConnectShim;EarthLinkSafeConnectShim;\??\c:\program files\EarthLink\EarthLink Protection Control Center\Sana\Driver\platform_XP\SafeConnectShim.sys --> c:\program files\EarthLink\EarthLink Protection Control Center\Sana\Driver\platform_XP\SafeConnectShim.sys [?]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [8/4/2004 7:00 AM 14336]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 11:42 AM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc   REG_MULTI_SZ      p2psvc p2pimsvc p2pgasvc PNRPSvc
getPlusHelper   REG_MULTI_SZ      getPlusHelper

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-10-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-02 11:52]

2009-10-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-186917913-2315771567-692555066-1006Core.job
- c:\documents and settings\Tricia & Roger\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-24 11:55]

2009-10-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-186917913-2315771567-692555066-1006UA.job
- c:\documents and settings\Tricia & Roger\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-24 11:55]
.
Title: Re: Virus?
Post by: TriciaM on October 02, 2009, 04:04:55 PM
------- Supplementary Scan -------
.
uStart Page = hxxp://www.rr.com/
uDefault_Search_URL = hxxp://www.earthlink.net/partner/more/msie/button/search.html
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage}
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
LSP: c:\program files\EarthLink TotalAccess\Accelerator\prplsf.dll
Trusted Zone: broderbund.com\support
Trusted Zone: mypublisher.com\www
Trusted Zone: riverdeep.net\smartdownload
Trusted Zone: uspsoig.gov\portal2003
Trusted Zone: musicmatch.com\online
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {5DA9D8E0-5A57-11CF-9E36-00C0930198C0} - hxxp://www.ansonncrod.org/imw32o40.cab
DPF: {9841D1AE-9C0B-11D3-9452-00105A098C21} - hxxp://www.ansonncrod.org/prntpro2.CAB
FF - ProfilePath - c:\documents and settings\Tricia & Roger\Application Data\Mozilla\Firefox\Profiles\10loo8z7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\Tricia & Roger\Application Data\Mozilla\Firefox\Profiles\10loo8z7.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\Tricia & Roger\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvirtools.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-02 17:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cd20xrnt]
"ImagePath"="system32\DRIVERS\cd20xrnt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdaudio]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdrom]
"ImagePath"="system32\DRIVERS\cdrom.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Changer]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CiSvc]
"ImagePath"="%SystemRoot%\system32\cisvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ClipSrv]
"ImagePath"="%SystemRoot%\system32\clipsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\clr_optimization_v2.0.50727_32]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CmdIde]
"ImagePath"="system32\DRIVERS\cmdide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\COMSysApp]
"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentFilter]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentIndex]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cpqarray]
"ImagePath"="system32\DRIVERS\cpqarray.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CryptSvc]
"ServiceDll"="%SystemRoot%\System32\cryptsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac2w2k]
"ImagePath"="system32\DRIVERS\dac2w2k.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac960nt]
"ImagePath"="system32\DRIVERS\dac960nt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DcomLaunch]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dhcp]
"ServiceDll"="%SystemRoot%\System32\dhcpcsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Disk]
"ImagePath"="system32\DRIVERS\disk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmadmin]
"ImagePath"="%SystemRoot%\System32\dmadmin.exe /com"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmboot]
"ImagePath"="System32\drivers\dmboot.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmio]
"ImagePath"="System32\drivers\dmio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmload]
"ImagePath"="System32\drivers\dmload.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmserver]
"ServiceDll"="%SystemRoot%\System32\dmserver.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DMusic]
"ImagePath"="system32\drivers\DMusic.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dnscache]
"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dot3svc]
"ServiceDll"="%SystemRoot%\System32\dot3svc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dpti2o]
"ImagePath"="system32\DRIVERS\dpti2o.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\drmkaud]
"ImagePath"="system32\drivers\drmkaud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\drvmcdb]
"ImagePath"="system32\drivers\drvmcdb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\drvncdb]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\drvnddm]
"ImagePath"="system32\drivers\drvnddm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DSBrokerService]
"ImagePath"="\"c:\program files\DellSupport\brkrsvc.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DSproct]
"ImagePath"="\??\c:\program files\DellSupport\GTAction\triggers\DSproct.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dsunidrv]
"ImagePath"="system32\DRIVERS\dsunidrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\E100B]
"ImagePath"="system32\DRIVERS\e100b325.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EapHost]
"ServiceDll"="%SystemRoot%\System32\eapsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EarthLinkMonitor]
"ImagePath"="\"c:\program files\EarthLink TotalAccess\WENGINE\wmonitor.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EarthLinkSafeConnectAgent]
"ImagePath"="\"c:\program files\EarthLink\EarthLink Protection Control Center\Sana\Bin\SanaAgent.exe\" EarthLinkSafeConnectAgent"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EarthLinkSafeConnectDriver]
"ImagePath"="\??\c:\program files\EarthLink\EarthLink Protection Control Center\Sana\Driver\platform_XP\SafeConnectDriver.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EarthLinkSafeConnectFilter]
"ImagePath"="\??\c:\program files\EarthLink\EarthLink Protection Control Center\Sana\Driver\platform_XP\SafeConnectFilter.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EarthLinkSafeConnectShim]
"ImagePath"="\??\c:\program files\EarthLink\EarthLink Protection Control Center\Sana\Driver\platform_XP\SafeConnectShim.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ERSvc]
"ServiceDll"="%SystemRoot%\System32\ersvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Eventlog]
"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EventSystem]
"ServiceDll"="c:\windows\system32\es.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fastfat]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibility]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fax]
"ImagePath"="%systemroot%\system32\fxssvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc]
"ImagePath"="system32\DRIVERS\fdc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FilterService]
"ImagePath"="system32\DRIVERS\lvuvcflt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fips]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk]
"ImagePath"="system32\DRIVERS\flpydisk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FltMgr]
"ImagePath"="system32\drivers\fltmgr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FontCache3.0.0.0]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FSLX]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fs_Rec]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ftdisk]
"ImagePath"="system32\DRIVERS\ftdisk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GEARAspiWDM]
"ImagePath"="System32\Drivers\GEARAspiWDM.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\getPlusHelper]
"ServiceDll"="c:\program files\NOS\bin\getPlus_Helper.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Gpc]
"ImagePath"="system32\DRIVERS\msgpc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GRTdiMon]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gusvc]
"ImagePath"="\"c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\helpsvc]
"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidServ]
"ServiceDll"="%SystemRoot%\System32\hidserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidUsb]
"ImagePath"="system32\DRIVERS\hidusb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hkmsvc]
"ServiceDll"="%SystemRoot%\System32\kmsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpn]
"ImagePath"="system32\DRIVERS\hpn.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTP]
"ImagePath"="System32\Drivers\HTTP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTPFilter]
"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omgmt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omp]
"ImagePath"="system32\DRIVERS\i2omp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i8042prt]
"ImagePath"="system32\DRIVERS\i8042prt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IAANTMon]
"ImagePath"="c:\program files\Intel\Intel Application Accelerator\iaantmon.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iaStor]
"ImagePath"="system32\drivers\iaStor.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IDriverT]
"ImagePath"="\"c:\program files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\idsvc]
"ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Imapi]
"ImagePath"="system32\DRIVERS\imapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ImapiService]
"ImagePath"="%systemroot%\system32\imapi.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\inetaccs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ini910u]
"ImagePath"="system32\DRIVERS\ini910u.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Inport]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelC51]
"ImagePath"="system32\DRIVERS\IntelC51.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelC52]
"ImagePath"="system32\DRIVERS\IntelC52.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelC53]
"ImagePath"="system32\DRIVERS\IntelC53.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelIde]
"ImagePath"="system32\DRIVERS\intelide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\intelppm]
"ImagePath"="system32\DRIVERS\intelppm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ip6Fw]
"ImagePath"="system32\drivers\ip6fw.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpInIp]
"ImagePath"="system32\DRIVERS\ipinip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpNat]
"ImagePath"="system32\DRIVERS\ipnat.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IPSec]
"ImagePath"="system32\DRIVERS\ipsec.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IRENUM]
"ImagePath"="system32\DRIVERS\irenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ISAPISearch]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\isapnp]
"ImagePath"="system32\DRIVERS\isapnp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\JavaQuickStarterService]
"ImagePath"="\"c:\program files\Java\jre6\bin\jqs.exe\" -service -config \"c:\program files\Java\jre6\lib\deploy\jqs\jqs.conf\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\JL2005C]
"ImagePath"="System32\Drivers\jl2005c.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KLIF]
"ImagePath"="system32\DRIVERS\klif.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kmixer]
"ImagePath"="system32\drivers\kmixer.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KSecDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanserver]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lbrtfdc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ldap]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LicenseService]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LmHosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LPDSVC]
"ImagePath"="%SystemRoot%\system32\tcpsvcs.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Lvckap]
"ImagePath"="\??\c:\windows\system32\drivers\Lvckap.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lvmvdrv]
"ImagePath"="\??\c:\windows\system32\drivers\lvmvdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lvpopflt]
"ImagePath"="system32\DRIVERS\lvpopflt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LVUSBSta]
"ImagePath"="system32\drivers\lvusbsta.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LVUVC]
"ImagePath"="system32\DRIVERS\lvuvc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Messenger]
"ServiceDll"="%SystemRoot%\System32\msgsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmdd]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvc]
"ImagePath"="c:\windows\system32\mnmsrvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Modem]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MODEMCSA]
"ImagePath"="system32\drivers\MODEMCSA.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mohfilt]
"ImagePath"="system32\DRIVERS\mohfilt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MountMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MPE]
"ImagePath"="system32\DRIVERS\MPE.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mraid35x]
"ImagePath"="system32\DRIVERS\mraid35x.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxDAV]
"ImagePath"="system32\DRIVERS\mrxdav.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxSmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC]
"ImagePath"="c:\windows\system32\msdtc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC Bridge 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDV]
"ImagePath"="system32\DRIVERS\msdv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Msfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSIServer]
"ImagePath"="%systemroot%\system32\msiexec.exe /V"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mssmbios]
"ImagePath"="system32\DRIVERS\mssmbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSTEE]
"ImagePath"="system32\drivers\MSTEE.sys"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mup]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NABTSFEC]
"ImagePath"="system32\DRIVERS\NABTSFEC.sys"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\napagent]
"ServiceDll"="%SystemRoot%\System32\qagentrt.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDIS]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisIP]
"ImagePath"="system32\DRIVERS\NdisIP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDProxy]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBT]
"ImagePath"="system32\DRIVERS\netbt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDE]
"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdm]
"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetTcpPortSharing]
"ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIC1394]
"ImagePath"="system32\DRIVERS\nic1394.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nla]
"ServiceDll"="%SystemRoot%\System32\mswsock.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Npfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ntfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSsp]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc]
"ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Null]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nv]
"ImagePath"="system32\DRIVERS\nv4_mini.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFlt]
"ImagePath"="system32\DRIVERS\nwlnkflt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFwd]
"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ohci1394]
"ImagePath"="system32\DRIVERS\ohci1394.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\omci]
"ImagePath"="system32\DRIVERS\omci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\p2pgasvc]
"ServiceDll"="%SystemRoot%\system32\p2pgasvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\p2pimsvc]
"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\p2psvc]
"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Parport]
"ImagePath"="system32\DRIVERS\parport.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PartMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ParVdm]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCI]
"ImagePath"="system32\DRIVERS\pci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIDump]
Title: Re: Virus?
Post by: TriciaM on October 02, 2009, 04:06:50 PM
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIIde]
"ImagePath"="system32\DRIVERS\pciide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pcmcia]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDCOMP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRELI]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2]
"ImagePath"="system32\DRIVERS\perc2.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2hib]
"ImagePath"="system32\DRIVERS\perc2hib.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfDisk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfNet]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfOS]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfProc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pfc]
"ImagePath"="\??\c:\windows\system32\drivers\pfc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PlugPlay]
"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PNRPSvc]
"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PolicyAgent]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PortProxy]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSched]
"ImagePath"="system32\DRIVERS\psched.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ptilink]
"ImagePath"="system32\DRIVERS\ptilink.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PxHelp20]
"ImagePath"="System32\Drivers\PxHelp20.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1080]
"ImagePath"="system32\DRIVERS\ql1080.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ql10wnt]
"ImagePath"="system32\DRIVERS\ql10wnt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql12160]
"ImagePath"="system32\DRIVERS\ql12160.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1240]
"ImagePath"="system32\DRIVERS\ql1240.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1280]
"ImagePath"="system32\DRIVERS\ql1280.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAcd]
"ImagePath"="system32\DRIVERS\rasacd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Raspti]
"ImagePath"="system32\DRIVERS\raspti.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rdpdr]
"ImagePath"="system32\DRIVERS\rdpdr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPNP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPWD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgr]
"ImagePath"="c:\windows\system32\sessmgr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\redbook]
"ImagePath"="system32\DRIVERS\redbook.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\REGHOOK]
"ImagePath"="\??\c:\windows\System32\Drivers\REGHOOK.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccess]
"ServiceDll"="%SystemRoot%\System32\mprdim.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcSs]
"ServiceDll"="%SystemRoot%\System32\rpcss.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RSVP]
"ImagePath"="%SystemRoot%\system32\rsvp.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SASDIFSV]
"ImagePath"="\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SASENUM]
"ImagePath"="\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SASKUTIL]
"ImagePath"="\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCardSvr]
"ImagePath"="%SystemRoot%\System32\SCardSvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Schedule]
"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ScsiPort]
"ImagePath"="%SystemRoot%\system32\drivers\scsiport.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Secdrv]
"ImagePath"="system32\DRIVERS\secdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\seclogon]
"ServiceDll"="%SystemRoot%\System32\seclogon.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\senfilt]
"ImagePath"="system32\drivers\senfilt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\serenum]
"ImagePath"="system32\DRIVERS\serenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Serial]
"ImagePath"="system32\DRIVERS\serial.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelOperation 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelService 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sfloppy]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Simbad]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SimpTcp]
"ImagePath"="%SystemRoot%\system32\tcpsvcs.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sisagp]
"ImagePath"="system32\DRIVERS\sisagp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SLIP]
"ImagePath"="system32\DRIVERS\SLIP.sys"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SMSvcHost 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\smwdm]
"ImagePath"="system32\drivers\smwdm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SNMP]
"ImagePath"="%SystemRoot%\System32\snmp.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SNMPTRAP]
"ImagePath"="%SystemRoot%\System32\snmptrap.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sparrow]
"ImagePath"="system32\DRIVERS\sparrow.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\splitter]
"ImagePath"="system32\drivers\splitter.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Spooler]
"ImagePath"="%SystemRoot%\system32\spoolsv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sr]
"ImagePath"="system32\DRIVERS\sr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srescan]
"ImagePath"="system32\ZoneLabs\srescan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srservice]
"ServiceDll"="%SystemRoot%\system32\srsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Srv]
"ImagePath"="system32\DRIVERS\srv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sscdbhk5]
"ImagePath"="system32\drivers\sscdbhk5.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ssrtln]
"ImagePath"="system32\drivers\ssrtln.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvc]
"ServiceDll"="%SystemRoot%\system32\wiaservc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\streamip]
"ImagePath"="system32\DRIVERS\StreamIP.sys"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swenum]
"ImagePath"="system32\DRIVERS\swenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swmidi]
"ImagePath"="system32\drivers\swmidi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrv]
"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{A445BD1E-49EE-4607-B370-5CCA447377C4}"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swwd]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc810]
"ImagePath"="system32\DRIVERS\symc810.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc8xx]
"ImagePath"="system32\DRIVERS\symc8xx.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_hi]
"ImagePath"="system32\DRIVERS\sym_hi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_u3]
"ImagePath"="system32\DRIVERS\sym_u3.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sysaudio]
"ImagePath"="system32\drivers\sysaudio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SysmonLog]
"ImagePath"="%SystemRoot%\system32\smlogsvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip]
"ImagePath"="system32\DRIVERS\tcpip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip6]
"ImagePath"="system32\DRIVERS\tcpip6.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDPIPE]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDTCP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermDD]
"ImagePath"="system32\DRIVERS\termdd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tfsnboio]
"ImagePath"="system32\dla\tfsnboio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tfsncofs]
"ImagePath"="system32\dla\tfsncofs.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tfsndrct]
"ImagePath"="system32\dla\tfsndrct.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tfsndres]
"ImagePath"="system32\dla\tfsndres.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tfsnifs]
"ImagePath"="system32\dla\tfsnifs.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tfsnopio]
"ImagePath"="system32\dla\tfsnopio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tfsnpool]
"ImagePath"="system32\dla\tfsnpool.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tfsnudf]
"ImagePath"="system32\dla\tfsnudf.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tfsnudfa]
"ImagePath"="system32\dla\tfsnudfa.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Themes]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TivoBeacon2]
"ImagePath"="\"c:\program files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe\" /service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TosIde]
"ImagePath"="system32\DRIVERS\toside.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrkWks]
"ServiceDll"="%SystemRoot%\system32\trkwks.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TSDDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tunmp]
"ImagePath"="system32\DRIVERS\tunmp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Udfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ultra]
"ImagePath"="system32\DRIVERS\ultra.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Update]
"ImagePath"="system32\DRIVERS\update.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UPS]
"ImagePath"="%SystemRoot%\System32\ups.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbaudio]
"ImagePath"="system32\drivers\usbaudio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbccgp]
"ImagePath"="system32\DRIVERS\usbccgp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbprint]
"ImagePath"="system32\DRIVERS\usbprint.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbscan]
"ImagePath"="system32\DRIVERS\usbscan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\USBSTOR]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbuhci]
"ImagePath"="system32\DRIVERS\usbuhci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\viaagp]
"ImagePath"="system32\DRIVERS\viaagp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ViaIde]
"ImagePath"="system32\DRIVERS\viaide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VolSnap]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"="System32\vsdatant.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsmon]
"ImagePath"="c:\windows\SYSTEM32\ZoneLabs\vsmon.exe -service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VSPD]
"ImagePath"="\??\c:\windows\System32\Drivers\VSPD.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VSS]
"ImagePath"="%SystemRoot%\System32\vssvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\w32time]
"ServiceDll"="%systemroot%\system32\w32time.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W3SVC]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wanarp]
"ImagePath"="system32\DRIVERS\wanarp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wanatw]
"ImagePath"="system32\DRIVERS\wanatw4.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WDICA]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wdmaud]
"ImagePath"="system32\drivers\wdmaud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Windows Workflow Foundation 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Winsock]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinSock2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinTrust]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSN]
"ServiceDll"="c:\windows\system32\MsPMSNSv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wmi]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApRpl]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApSrv]
"ImagePath"="c:\windows\system32\wbem\wmiapsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WMPNetworkSvc]
"ImagePath"="\"c:\program files\Windows Media Player\WMPNetwk.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WpdUsb]
"ImagePath"="system32\DRIVERS\wpdusb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WS2IFSL]
"ImagePath"="\SystemRoot\System32\drivers\ws2ifsl.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wscsvc]
"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WSTCODEC]
"ImagePath"="system32\DRIVERS\WSTCODEC.SYS"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wuauserv]
"ServiceDll"="c:\windows\system32\wuauserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf]
"ImagePath"="system32\DRIVERS\WudfPf.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd]
"ImagePath"="system32\DRIVERS\wudfrd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc]
"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WZCSVC]
"ServiceDll"="%SystemRoot%\System32\wzcsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xmlprov]
"ServiceDll"="%SystemRoot%\System32\xmlprov.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{9F308F8A-7C99-4907-AE93-02A349C53899}]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{AEA69CD6-BEF8-4F41-8F9F-E3364390A66B}]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{D847D4EC-2128-4DCA-BEB1-8E73F1CC5BE3}]
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(792)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\ASWLNDLL.dll

- - - - - - - > 'lsass.exe'(856)
c:\program files\EarthLink TotalAccess\Accelerator\prplsf.dll

- - - - - - - > 'explorer.exe'(3220)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\EarthLink TotalAccess\Accelerator\prplsf.dll
.
Completion time: 2009-10-02 17:51
ComboFix-quarantined-files.txt  2009-10-02 21:51
ComboFix2.txt  2009-10-01 16:01

Pre-Run: 7,621,898,240 bytes free
Post-Run: 7,607,095,296 bytes free
Title: Re: Virus?
Post by: TriciaM on October 02, 2009, 04:10:25 PM
I could not find the Combofix.exe log after the scan was done. Not sure if I closed it out or not....searched for it......I did another Combofix scan, which, I am hoping, was not a no-no. I posted that log above.
Title: Re: Virus?
Post by: evilfantasy on October 02, 2009, 04:11:11 PM
Go to Start > Run and type Notepad.exe then click OK.

Copy and paste the following text within the code box into the new Notepad file.

Code: [Select]
@ECHO OFF
net stop winmgmt
cd /d %windir%\system32\wbem
ren repository repository.old
net start winmgmt
exit
In Notepad select File and Save as
Choose the Save to location to be the Desktop and for the File name: type in fixsecurity.bat making sure that the Save as type field says All files.

Next double click fixsecurity.bat to run it.
A black box should open and close after a short time, this is normal.
Do not continue until the black box has closed
Delete fixservice.bat from the Desktop.

----------

Also let me know how the computer is running now.

.
Title: Re: Virus?
Post by: TriciaM on October 02, 2009, 04:37:16 PM
Prior to completing the last task, the TrueVector, Tacore, and google chrome messages (I cannot remember if I told you about this one or not.) were still coming up.  I don't think google chrome is a threat....but it was just trying to gain access to my computer to update. 

I think I deleted the MSN programs (again, I may be using the wrong term) that deal with being able to send out emails to MSN addresses, by mistake. I went to respond to an email that was sent to me from a MSN address, and it got sent back to me, rejected by Hotmail.

Anyway, this morning I called Earthlink to inquire about the Total Access messages. They supposedly removed that.  I did a search of my system for total access last night and came up with TONS of their files (I may be using the wrong term there.), even though we do not have Earthlink.  Must be remnants of when we did....Also some of those files were associated with Taxcut.

Thanks for all your help.......I really appreciate it. 
Title: Re: Virus?
Post by: TriciaM on October 02, 2009, 05:15:05 PM
Well.....I just got another Truevector message. At the time, I was on a City's website (goverment).

C:\Docume~1\TRICIA~1\LOCALS~1\Temp\WERbd44.dir00\vsmon.exe.mdmp

same as above.................................. ..................................\appcompat.txt

Also got this off of the error message :       BEX - Event type
                                                                    vsmon.exe
Title: Re: Virus?
Post by: evilfantasy on October 02, 2009, 05:49:44 PM
Quote from: TriciaM on October 02, 2009, 04:37:16 PM
even though we do not have Earthlink.

Go to Add or Remove Programs and uninstall:

.
----------

TrueVector is indeed part of the Zone Alarm software. VSMON.exe is also part of the same process.

Have you updated Zone Alarm lately?
Title: Re: Virus?
Post by: TriciaM on October 02, 2009, 07:23:35 PM
I've looked for those applications, and they are not under the control panel/install uninstall.  I'm thinking that those are the applications that Earthlink told me that they uninstalled this morning.....
Title: Re: Virus?
Post by: evilfantasy on October 03, 2009, 09:43:40 AM
How about Zone Alarm. are you still getting the errors from it?
Title: Re: Virus?
Post by: TriciaM on October 03, 2009, 12:30:45 PM
Yes, the True Vector is still doing it's thing.  "True Vector must shut down".

Total Access or Tacore is still coming up, not wanting to be closed out. Saying that I am doing something invalid.

Having a hard time loading....slow...thought it was ok yesterday...
Title: Re: Virus?
Post by: evilfantasy on October 03, 2009, 02:01:27 PM
Can you try reinstalling Zone Alarm?

You might also try their support site. http://www.zonealarm.com/security/en-us/support/zonealarm-customer-service.htm

We need to finish up with the malware cleaning also.

* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
* Now type Combofix /u in the runbox
* Make sure there's a space between Combofix and /u
* Then hit Enter

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.

----------

Clean out your temporary internet files and temp files.

Download TFC by OldTimer (http://oldtimer.geekstogo.com/TFC.exe) to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

----------

ESET Online Scan

Scan your computer with the ESET FREE Online Virus Scan (http://eset.com/onlinescan)

* Click the ESET Online Scanner button.

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop
* Double click on the esetsmartinstaller_enu.exe icon on your desktop.
* Place a check mark next to YES, I accept the Terms of Use.

* Click the Start button.
* Accept any security warnings from your browser.
* Leave the check mark next to Remove found threats and place a check next to Scan archives.
* Click the Start button.
* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.
* When the scan completes, click List of found threats.
* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.
* Click the <<Back button then click Finish.

In your next reply please include the ESET Online Scan Log
Title: Re: Virus?
Post by: TriciaM on October 03, 2009, 02:11:33 PM
I got the warning of :  "it is not safe to continue, Combofix was compromised. You may be infected by the virus "VIRUT".
Title: Re: Virus?
Post by: evilfantasy on October 03, 2009, 02:12:09 PM
ComboFix told you that?
Title: Re: Virus?
Post by: TriciaM on October 03, 2009, 02:14:04 PM
It looks like a blue/grey box...with just "error" in the blue part on the top and told me to go to Bleeping Computer ? to download the new combofix. I have not even touched or closed out that window, for fear it is a virus...
Title: Re: Virus?
Post by: evilfantasy on October 03, 2009, 02:17:38 PM
Delete the copy of ComboFix on your desktop.

Now download the new version to your desktop. http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Don't run it but instead use the combofix /u command.
Title: Re: Virus?
Post by: TriciaM on October 03, 2009, 07:56:21 PM
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\evhbbweu.ini.vir   Win32/Adware.Virtumonde.NEO application   cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mxrqrqwp.ini.vir   Win32/Adware.Virtumonde.NEO application   cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1748\A0197294.ini   Win32/Adware.Virtumonde.NEO application   cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1754\A0201434.ini   Win32/Adware.Virtumonde.NEO application   cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1754\A0201435.ini   Win32/Adware.Virtumonde.NEO application   cleaned by deleting - quarantined
Title: Re: Virus?
Post by: evilfantasy on October 03, 2009, 07:59:08 PM
OK that looks fine.

Use the  Secunia Software Inspector (http://secunia.com/software_inspector) to check for out of date software.
.
----------

Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.

----------

How is the computer running now?
Title: Re: Virus?
Post by: TriciaM on October 03, 2009, 08:16:55 PM
Seems to be ok now.  I was blocking all cookies and pop ups on my Zone Alarm, which was causing the True Vector errors.  They told me to turn those filters off.

The OSI is still going, although it is telling me that there is a problem with Java Applet.
Title: Re: Virus?
Post by: evilfantasy on October 03, 2009, 08:21:05 PM
Quote
problem with Java Applet.

What browser are you using?
Title: Re: Virus?
Post by: TriciaM on October 03, 2009, 08:31:35 PM
Firefox
Title: Re: Virus?
Post by: TriciaM on October 03, 2009, 08:32:17 PM
The scan is still going..didn't think it would go on this long?
Title: Re: Virus?
Post by: evilfantasy on October 03, 2009, 08:37:47 PM
If you chose 'Enable thorough system inspection' it can take 15-20 minutes or so. Maybe longer depending on your computer speed.
Title: Re: Virus?
Post by: TriciaM on October 03, 2009, 08:40:00 PM
I just realized that it is showing "Running for 0 min and 0 seconds."
Title: Re: Virus?
Post by: evilfantasy on October 03, 2009, 08:43:08 PM
You might need to close Firefox and restart it then try again.
Title: Re: Virus?
Post by: TriciaM on October 03, 2009, 09:03:07 PM
I switched to Internet Exp and it is running correctly now.
Title: Re: Virus?
Post by: evilfantasy on October 03, 2009, 09:14:01 PM
OK, let me know how that goes.
Title: Re: Virus?
Post by: TriciaM on October 03, 2009, 09:30:57 PM
It found 7 insecure programs that I need to update.  I'll need to do those now ?
Title: Re: Virus?
Post by: evilfantasy on October 03, 2009, 09:37:56 PM
When you get a chance. Outdated software usually has some sort of security issue that updating will solve.

Final suggestions.

WOT - Web of Trust (http://www.mywot.com/). WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

 SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html) - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
*  (http://www.bleepingcomputer.com/tutorials/tutorial49.html)Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/forums/tutorial49.html)
* If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy (http://www.safer-networking.org/en/spybotsd/index.html). Guide: Use Spybot's Immunize Feature (http://www.bleepingcomputer.com/tutorials/tutorial43.html#immunize) to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ (http://www.safer-networking.org/en/faq/index.html)

Check out  Keeping Yourself Safe On The Web (http://evilfantasy.wordpress.com/2008/05/20/keeping-yourself-safe-on-the-web/) for tips and free tools to help keep you safe in the future.

Also see  Slow Computer? It May Not Be Malware (http://evilfantasy.wordpress.com/2008/05/24/slow-computer-it-may-not-be-malware/) for free cleaning/maintenance tools to help keep your computer running smooth.
Title: Re: Virus?
Post by: TriciaM on October 03, 2009, 09:43:53 PM
I went to the Windows site (from the Secunia site) and it told me that I did not need any updates.....
Title: Re: Virus?
Post by: TriciaM on October 14, 2009, 09:43:24 AM
My computer runs A LOT better now. I'd like to think that it's because we got rid of the viruses. Thanks a lot for the help.  I have a friend who had to take both her computers to a "computer doctor", and I am sure it cost her a small fortune. That is what I would have had to do if it weren't for your site. Thanks again.
Title: Re: Virus?
Post by: evilfantasy on October 14, 2009, 12:21:18 PM
Your welcome.

Safe surfing... (|
Title: Re: Virus?
Post by: TriciaM on November 01, 2009, 12:06:01 PM
Hello. I'm back.  Since our last posts, I've renewed my ZoneAlarm.  It's been blocking the appropriate viruses, etc, but my computer is running slow again.  It may just be a couple games that I installed for my daughter (which I am going to delete soon).  If I suspect a virus, should I run through all the scans that you gave me throughout our posts ? Or should I just go with what you suggested in reply 54 ?  I'm not totally convinced that Zone Alarm has kept everything out, being that my 8 and 4 yr olds have access to the computer and "allow" zone alarm to grant access to whatever tries....Thanks....
Title: Re: Virus?
Post by: SuperDave on November 01, 2009, 12:25:29 PM
Hello TriciaM. If you suspect that your computer is infected again, you should run SAS, MBAM and HJT and paste the logs in a new thread. I doubt that Evil will be looking at this thread.
Title: Re: Virus?
Post by: TriciaM on November 01, 2009, 12:37:57 PM
Thank you. I'm going to break the news to my daughter that I will need to uninstall her games  :)  and then I will do that.  Thanks again.