Internet Security 2010 Infection

View previous topic View next topic Go down

Internet Security 2010 Infection

Post by gmjackson44 on 10th January 2010, 12:03 am

Hello,

My laptop has been infected by Internet Security 2010. I have gotten control back of the computer by turning task manager back on and killing the processes used by the infection. I have installed the two javas dowloads, new adobe, and run windows update. Here is my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:53:33 PM, on 1/9/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Smc.exe
C:\Program Files\Symantec AntiVirus\SNAC.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ActivCard\acautoreg.exe
C:\Program Files\Common Files\ActivCard\accoca.exe
C:\PROGRA~1\HPAVAD~1\avChgSvc.exe
C:\Program Files\CrashPlan\CrashPlanService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\cvsnt\cvsservice.exe
C:\Program Files\cvsnt\cvslock.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\radexecd.exe
C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\radsched.exe
C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\Radstgms.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\SmcGui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
C:\Program Files\Hewlett-Packard\PC COE\IDA.EXE
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Hewlett-Packard\PC COE\COEMsgDisplay.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\AccelerometerSt.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\DOCUME~1\smigrego\LOCALS~1\Temp\e5x54dg.exe
C:\DOCUME~1\smigrego\LOCALS~1\Temp\win.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\CrashPlan\CrashPlanTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Xpress Mail\Professional Editon\XpressMailDesktopClient.exe
C:\Program Files\AIM6\aolsoftware.exe
c:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NOS\bin\getPlusPlus_Adobe.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Hewlett-Packard
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = [You must be registered and logged in to see this link.]
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exe
O1 - Hosts: Copyright (c) 1993-1999 Microsoft Corp.
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P35 "EPSON Stylus CX4800 Series (Copy 1)" /O6 "USB001" /M "Stylus CX4800"
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [TaskMon] C:\WINDOWS\system32\ali.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickPassword] C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [IDA] c:\Program Files\Hewlett-Packard\PC COE\IDA.EXE
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [COEMsgDisplay] c:\Program Files\Hewlett-Packard\PC COE\COEMsgDisplay.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
O4 - HKLM\..\Run: [AT&T Communication Manager] "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [GetITIcon] C:\Program Files\Hewlett-Packard\GetITIcon\GetITShell.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [GetIT] C:\Program Files\Hewlett-Packard\GetIT\GetIT.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US [You must be registered and logged in to see this link.]
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKCU\..\Run: [LREC75DND7] C:\DOCUME~1\smigrego\LOCALS~1\Temp\c.exe
O4 - HKCU\..\Run: [ygua8e7yhuiesfha876yfauy8fe] C:\DOCUME~1\smigrego\LOCALS~1\Temp\e5x54dg.exe
O4 - HKCU\..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\DOCUME~1\smigrego\LOCALS~1\Temp\win.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: CrashPlan Tray.lnk = C:\Program Files\CrashPlan\CrashPlanTray.exe
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: WinZip Quick Pick.lnk = ?
O4 - Global Startup: Xpress Mail Professional Edition.lnk = C:\Program Files\Xpress Mail\Professional Editon\XpressMailDesktopClient.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Send to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Fix Common Internet Explorer Problems - {E270AB82-96D5-45DB-ABE3-0BC038B92334} - C:\Program Files\Hewlett-Packard\IEToolBar\HP IE Fix.exe
O9 - Extra 'Tools' menuitem: Fix Common Internet Explorer Problems - {E270AB82-96D5-45DB-ABE3-0BC038B92334} - C:\Program Files\Hewlett-Packard\IEToolBar\HP IE Fix.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\helper32.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\helper32.dll
O14 - IERESET.INF: START_PAGE_URL=http://athp.hp.com
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O15 - Trusted Zone: *.cpqcorp.net
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O15 - Trusted Zone: *.hpqcorp.net
O15 - Trusted Zone: *.hpshopping.com
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O15 - Trusted Zone: [You must be registered and logged in to see this link.] (HKLM)
O15 - Trusted Zone: [You must be registered and logged in to see this link.] (HKLM)
O15 - Trusted Zone: [You must be registered and logged in to see this link.] (HKLM)
O15 - Trusted Zone: [You must be registered and logged in to see this link.] (HKLM)
O15 - Trusted Zone: [You must be registered and logged in to see this link.] (HKLM)
O15 - Trusted Zone: [You must be registered and logged in to see this link.] (HKLM)
O16 - DPF: {00000033-9593-4264-8B29-930B3E4EDCCD} (HPVirtualRooms33 Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {00000035-9593-4264-8B29-930B3E4EDCCD} (HPVirtualRooms35 Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - [You must be registered and logged in to see this link.]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {857ABA85-8AB2-4C9E-8FAA-D2A963739859} (HPPKI Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {98C53984-8BF8-4D11-9B1C-C324FCA9CADE} (Loader Class v3) - [You must be registered and logged in to see this link.]
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} (DDRevision Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - [You must be registered and logged in to see this link.]
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = americas.cpqcorp.net
O17 - HKLM\Software\..\Telephony: DomainName = americas.hpqcorp.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = americas.cpqcorp.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = AMERICAS.cpqcorp.net,AMERICAS.hpqcorp.net,hpqcorp.net,cpqcorp.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = AMERICAS.cpqcorp.net,AMERICAS.hpqcorp.net,hpqcorp.net,cpqcorp.net
O20 - AppInit_DLLs: C:\WINDOWS\system32\kbdsock.dll, ,visegobu.dll
O23 - Service: ActivCard Gold Autoregister (acautoreg) - ActivIdentity - C:\Program Files\Common Files\ActivCard\acautoreg.exe
O23 - Service: ActivCard Gold service (Accoca) - ActivCard - C:\Program Files\Common Files\ActivCard\accoca.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - SmithMicro Inc. - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
O23 - Service: HP-AV Change Monitor Service (AvChgSvc) - Unknown owner - C:\PROGRA~1\HPAVAD~1\avChgSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CrashPlan Backup Service (CrashPlanService) - Code 42 Software - C:\Program Files\CrashPlan\CrashPlanService.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: CVSNT (CVS) - GNU - C:\Program Files\cvsnt\cvsservice.exe
O23 - Service: CVSNT Locking Service (CVSLock) - Unknown owner - C:\Program Files\cvsnt\cvslock.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lan Discover Agent (magaService) - Unknown owner - C:\Program Files\Sygate\SSA\maga\maga.exe (file missing)
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\system32\PCTKRNT.SYS
O23 - Service: HP OVCM Notify Daemon (radexecd) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\radexecd.exe
O23 - Service: HP OVCM Scheduler Daemon (radsched) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\radsched.exe
O23 - Service: HP OVCM MSI Redirector (Radstgms) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\Radstgms.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 18226 bytes

gmjackson44
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-01-08
OS OS : Windows XP
Points Points : 25433
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010 Infection

Post by Belahzur on 10th January 2010, 1:52 am

Hello.

Please download the LSPfix from here: [You must be registered and logged in to see this link.]
Unzip it to the Desktop (Important!!) and run it. Check the box that says "I know what I'm doing", and then select each instance of "helper32.dll" in the left-hand panel and click >> button to move it to the right-hand panel. Then click Finish to allow LSPfix to rebuild the LSP chain.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exe
    O1 - Hosts: Copyright (c) 1993-1999 Microsoft Corp.
    O4 - HKLM\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
    O4 - HKCU\..\Run: [LREC75DND7] C:\DOCUME~1\smigrego\LOCALS~1\Temp\c.exe
    O4 - HKCU\..\Run: [ygua8e7yhuiesfha876yfauy8fe] C:\DOCUME~1\smigrego\LOCALS~1\Temp\e5x54dg.exe
    O4 - HKCU\..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\DOCUME~1\smigrego\LOCALS~1\Temp\win.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O20 - AppInit_DLLs: C:\WINDOWS\system32\kbdsock.dll, ,visegobu.dll


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Internet Security 2010 Infection

Post by gmjackson44 on 10th January 2010, 3:04 am

Thanks Belahzur.

Here are the contents of the Malwarebytes log:

Malwarebytes' Anti-Malware 1.44
Database version: 3531
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

1/9/2010 10:00:16 PM
mbam-log-2010-01-09 (22-00-16).txt

Scan type: Quick Scan
Objects scanned: 128730
Time elapsed: 10 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 3
Registry Values Infected: 2
Registry Data Items Infected: 8
Folders Infected: 0
Files Infected: 23

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\helper32.dll (Trojan.FakeAlert) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\LREC75DND7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\E8WECRKKMV (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\helper32.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\winlogon32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dtvcpsgd7.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gokeduzo.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kisebuyu.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mimovone.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smss32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\xcpcyo.sys (Rootkit.Agent) -> Delete on reboot.
C:\Documents and Settings\smigrego\Local Settings\Temp\1171621846.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\smigrego\Local Settings\Temp\install.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\smigrego\Local Settings\Temp\3241309302.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\smigrego\Local Settings\Temp\3339550688.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\smigrego\Local Settings\Temp\3555614376.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\smigrego\Local Settings\Temp\373457092.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\smigrego\Local Settings\Temp\debug.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\smigrego\Local Settings\Temp\us7qmn8.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\smigrego\Local Settings\Temp\2013845718.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\smigrego\Local Settings\Temp\802493982.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\smigrego\Local Settings\Temp\jisfije9fjoiee.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\41.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\smigrego\Local Settings\Temp\dfgdgdfgrgdgfdrdfs.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\IS15.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\warning.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.

gmjackson44
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-01-08
OS OS : Windows XP
Points Points : 25433
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010 Infection

Post by Belahzur on 10th January 2010, 7:29 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Internet Security 2010 Infection

Post by gmjackson44 on 10th January 2010, 8:20 pm

ComboFix 10-01-04.01 - smigrego 01/10/2010 14:57:55.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1329 [GMT -5:00]
Running from: c:\documents and settings\smigrego\Desktop\Combo-Fix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Symantec Endpoint Protection *On-access scanning disabled* (Outdated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\data
c:\data\dl_equipment.txt
c:\data\view.txt
c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
c:\documents and settings\smigrego\Desktop\Internet Security 2010.lnk
c:\windows\Install.txt
c:\windows\system32\15690.exe
c:\windows\system32\16598.exe
c:\windows\system32\17712.exe
c:\windows\system32\18467.exe
c:\windows\system32\20230.exe
c:\windows\system32\21987.exe
c:\windows\system32\2253.exe
c:\windows\system32\2303.exe
c:\windows\system32\2310.exe
c:\windows\system32\2324.exe
c:\windows\system32\26465.exe
c:\windows\system32\26851.exe
c:\windows\system32\26928.exe
c:\windows\system32\28194.exe
c:\windows\system32\28817.exe
c:\windows\system32\3046.exe
c:\windows\system32\31020.exe
c:\windows\system32\31548.exe
c:\windows\system32\4291.exe
c:\windows\system32\4786.exe
c:\windows\system32\4796.exe
c:\windows\system32\5316.exe
c:\windows\system32\6334.exe
c:\windows\system32\684.exe
c:\windows\system32\7244.exe
c:\windows\system32\8094.exe
c:\windows\system32\Install.txt
c:\windows\Tasks\emijydrv.job

c:\windows\system32\DRIVERS\iaStor.sys . . . is infected!!

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IAS
-------\Legacy_SSHNAS
-------\Legacy_WINSTS


((((((((((((((((((((((((( Files Created from 2009-12-10 to 2010-01-10 )))))))))))))))))))))))))))))))
.

2010-01-10 20:05 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2010-01-10 20:05 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2010-01-09 23:51 . 2010-01-09 23:51 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Adobe
2010-01-09 23:49 . 2010-01-09 23:49 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-01-09 23:49 . 2010-01-09 23:49 -------- d-----w- c:\documents and settings\Default User\Application Data\Juniper Networks
2010-01-09 23:14 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-09 07:05 . 2010-01-09 23:51 -------- d-----w- c:\documents and settings\smigrego\Local Settings\Application Data\nos
2010-01-09 07:05 . 2010-01-10 03:06 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-01-09 06:30 . 2010-01-09 06:29 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-09 04:26 . 2010-01-09 04:29 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-01-08 16:04 . 2010-01-08 16:04 -------- d-----w- c:\program files\GetITFixes
2010-01-08 07:27 . 2010-01-08 07:27 -------- d-----w- c:\program files\Trend Micro
2010-01-07 23:50 . 2010-01-07 23:50 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2010-01-06 23:17 . 2010-01-06 23:17 -------- d-----w- C:\spoolerlogs
2010-01-06 23:09 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-06 23:09 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 21:30 . 2010-01-06 21:30 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-01-06 19:24 . 2010-01-06 19:31 -------- d-s---w- c:\windows\system32\config\systemprofile\UserData
2010-01-06 05:54 . 2010-01-07 09:12 -------- d-sh--w- c:\documents and settings\smigrego\.COMMgr

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-10 17:17 . 2007-04-20 16:13 268800 ------w- c:\windows\system32\drivers\iaStor.sys
2010-01-10 02:48 . 2009-10-24 04:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-10 02:48 . 2010-01-10 02:48 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-09 23:51 . 2008-05-20 14:38 -------- d-----w- c:\documents and settings\smigrego\Application Data\HPAppData
2010-01-09 23:50 . 2007-01-26 16:11 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-09 23:49 . 2008-03-26 16:31 -------- d-----w- c:\program files\Google
2010-01-09 23:49 . 2010-01-09 07:05 1975408 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\GoogleToolbarInstaller_en32_signed.exe
2010-01-09 23:43 . 2010-01-09 23:43 29696 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{5DBB7712-F0C4-5028-736C-558679203AAF}-smss32.exe
2010-01-09 19:28 . 2010-01-09 19:28 29696 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{4715E641-2F82-EE93-C6FB-A28AFB7F6C48}-smss32.exe
2010-01-09 07:33 . 2010-01-09 07:33 29696 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{0558C1F9-03CF-5CF1-3226-B91C4313EC58}-smss32.exe
2010-01-09 07:05 . 2010-01-09 07:05 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-01-09 06:32 . 2007-01-26 15:59 -------- d-----w- c:\program files\Java
2010-01-09 06:15 . 2010-01-09 06:15 29696 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{149A5678-9634-D037-22DF-271AE35E02CA}-smss32.exe
2010-01-09 03:41 . 2010-01-09 03:41 29696 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{F7B05C94-7867-5DF4-D1F6-F9B949207D17}-smss32.exe
2010-01-09 00:06 . 2010-01-09 00:06 29696 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{C00D58E0-3D64-B5D2-7757-2A3D25AA578C}-smss32.exe
2010-01-08 21:04 . 2010-01-08 21:04 29696 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{7E9B6BE1-6B19-24E1-0534-C23D5EE9FE84}-smss32.exe
2010-01-08 19:23 . 2010-01-08 19:23 29696 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{FCBF0855-D5A2-8050-A245-FC4CAE94655A}-smss32.exe
2010-01-08 18:35 . 2007-01-26 16:18 -------- d-----w- c:\program files\symantec antivirus
2010-01-08 17:35 . 2010-01-08 17:35 24580 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{831B347A-E14F-AFAB-A60C-39652E985A7E}-notepad.exe
2010-01-08 08:10 . 2010-01-08 08:10 29696 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{DEC5F7AE-B8FD-D748-F66E-BE720FCF392D}-smss32.exe
2010-01-08 04:34 . 2007-01-26 14:51 -------- d-----w- c:\program files\Hewlett-Packard
2009-12-10 05:07 . 2008-03-25 21:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-02 15:25 . 2009-04-07 14:25 -------- d-----w- c:\program files\CrashPlan
2009-11-21 15:51 . 1980-01-01 00:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-20 11:08 . 2010-01-09 23:51 38784 ----a-w- c:\documents and settings\smigrego\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2009-11-20 11:08 . 2010-01-09 23:50 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2009-10-29 05:38 . 1980-01-01 00:00 667136 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 1980-01-01 00:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 1980-01-01 00:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-03 23:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 1980-01-01 00:00 270336 ----a-w- c:\windows\system32\oakley.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-04-17 95536]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus CX4800 Series (Copy 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE" [2005-02-02 98304]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2006-03-31 184320]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-16 794713]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"QuickPassword"="c:\program files\ActivCard\ActivCard Gold\agquickp.exe" [2007-06-26 225280]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-05-08 131072]
"IDA"="c:\program files\Hewlett-Packard\PC COE\IDA.EXE" [2008-08-12 176128]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 454656]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"COEMsgDisplay"="c:\program files\Hewlett-Packard\PC COE\COEMsgDisplay.exe" [2007-04-12 26624]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-07-08 115560]
"AGRSMMSG"="AGRSMMSG.exe" [2006-01-30 88203]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.exe" [2006-01-17 53248]
"AT&T Communication Manager"="c:\program files\AT&T\Communication Manager\ATTCM.exe" [2008-12-01 33280]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2006-01-14 172032]
"GetITIcon"="c:\program files\Hewlett-Packard\GetITIcon\GetITShell.exe" [2009-05-05 864256]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2009-04-17 54576]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]
"GetIT"="c:\program files\Hewlett-Packard\GetIT\GetIT.exe" [2007-12-04 286720]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-09 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2009-8-11 1459392]
CrashPlan Tray.lnk - c:\program files\CrashPlan\CrashPlanTray.exe [2009-11-6 217088]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-3-24 184320]
WinZip Quick Pick.lnk - c:\windows\Installer\{9FDF923E-DB53-41E4-8CE6-8DEB8301C12E}\Icon_WZQKPICK.EXE [2008-3-24 65536]
Xpress Mail Professional Edition.lnk - c:\program files\Xpress Mail\Professional Editon\XpressMailDesktopClient.exe [2009-7-1 3082352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
"DisableNT4Policy"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoMSAppLogo5ChannelNotify"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 setuid

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^smigrego^Start Menu^Programs^Startup^HP.OutlookUtility.TaskbarNotifier.lnk]
path=c:\documents and settings\smigrego\Start Menu\Programs\Startup\HP.OutlookUtility.TaskbarNotifier.lnk
backup=c:\windows\pss\HP.OutlookUtility.TaskbarNotifier.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Altiris\\AClient\\AClntUsr.EXE"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Hewlett-Packard\\PC COE 3\\OV CMS\\radexecd.exe"=
"c:\\Program Files\\Hewlett-Packard\\PC COE 3\\OV CMS\\RadUIShell.exe"=
"c:\\Program Files\\Hewlett-Packard\\PC COE 3\\OV CMS\\radtray.exe"=
"c:\\Program Files\\symantec antivirus\\Smc.exe"=
"c:\\Program Files\\symantec antivirus\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\AT&T\\Communication Manager\\SwiApiMux.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\CrashPlan\\CrashPlanService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Hewlett-Packard\\PC COE\\coetl32.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\hpswp_clipbook.exe"=
"c:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"=

R1 NEOFLTR_610_13733;Juniper Networks TDI Filter Driver (NEOFLTR_610_13733);c:\windows\system32\drivers\NEOFLTR_610_13733.sys [11/26/2008 9:56 PM 64160]
R2 acautoreg;ActivCard Gold Autoregister;c:\program files\Common Files\ActivCard\acautoreg.exe [6/26/2007 5:06 PM 53248]
R2 Accoca;ActivCard Gold service;c:\program files\Common Files\ActivCard\accoca.exe [5/12/2004 5:51 PM 143360]
R2 AvChgSvc;HP-AV Change Monitor Service;c:\progra~1\HPAVAD~1\avChgSvc.exe [10/17/2008 4:24 PM 238080]
R2 CrashPlanService;CrashPlan Backup Service;c:\program files\CrashPlan\CrashPlanService.exe [2/2/2009 9:10 PM 150016]
R2 CVS;CVSNT;c:\program files\cvsnt\cvsservice.exe [8/19/2004 3:39 AM 35328]
R2 radexecd;HP OVCM Notify Daemon;c:\program files\Hewlett-Packard\PC COE 3\OV CMS\radexecd.exe [2/20/2007 1:59 PM 270510]
R2 radsched;HP OVCM Scheduler Daemon;c:\program files\Hewlett-Packard\PC COE 3\OV CMS\radsched.exe [3/22/2007 5:19 PM 172205]
R2 Radstgms;HP OVCM MSI Redirector;c:\program files\Hewlett-Packard\PC COE 3\OV CMS\Radstgms.exe [3/20/2007 12:03 PM 315570]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/25/2008 1:18 PM 24652]
R3 akbus;ActivCard Virtual Reader Enumerator;c:\windows\system32\drivers\akbus.sys [1/26/2007 11:05 AM 13619]
R3 akpcsc;ActivCard Virtual PC/SC Device Driver;c:\windows\system32\drivers\akpcsc.sys [1/26/2007 11:05 AM 9493]
R3 aksbus;ActivIdentity Virtual Reader Enumerator;c:\windows\system32\drivers\aksbus.sys [4/6/2007 11:46 AM 13647]
R3 akspcsc;ActivIdentity Virtual PC/SC Device Driver;c:\windows\system32\drivers\akspcsc.sys [6/28/2007 8:19 PM 10161]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/16/2009 11:52 AM 102448]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [4/10/2007 1:17 PM 88192]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [4/10/2007 1:17 PM 36608]
R3 RadiaMsi;RadiaMsi;c:\windows\system32\drivers\radiamsi.sys [8/3/2007 9:31 AM 23424]
R3 WSUSBDMAN;VMware VDM Virtual Client USB Manager;c:\windows\system32\drivers\WSUSBDMAN.sys [1/19/2008 12:43 AM 19840]
S0 cisndo;cisndo;c:\windows\system32\drivers\rxlso.sys --> c:\windows\system32\drivers\rxlso.sys [?]
S0 xcpcyo;xcpcyo; [x]
S1 ahonxsvs;ahonxsvs;\??\c:\windows\system32\drivers\ahonxsvs.sys --> c:\windows\system32\drivers\ahonxsvs.sys [?]
S1 bccsykjh;bccsykjh;\??\c:\windows\system32\drivers\bccsykjh.sys --> c:\windows\system32\drivers\bccsykjh.sys [?]
S1 cgsjtvse;cgsjtvse;\??\c:\windows\system32\drivers\cgsjtvse.sys --> c:\windows\system32\drivers\cgsjtvse.sys [?]
S1 cmpwodfd;cmpwodfd;\??\c:\windows\system32\drivers\cmpwodfd.sys --> c:\windows\system32\drivers\cmpwodfd.sys [?]
S1 cvetctjx;cvetctjx;\??\c:\windows\system32\drivers\cvetctjx.sys --> c:\windows\system32\drivers\cvetctjx.sys [?]
S1 cyffsfbr;cyffsfbr;\??\c:\windows\system32\drivers\cyffsfbr.sys --> c:\windows\system32\drivers\cyffsfbr.sys [?]
S1 elkcnahb;elkcnahb;\??\c:\windows\system32\drivers\elkcnahb.sys --> c:\windows\system32\drivers\elkcnahb.sys [?]
S1 enipttla;enipttla;\??\c:\windows\system32\drivers\enipttla.sys --> c:\windows\system32\drivers\enipttla.sys [?]
S1 eurdnxjr;eurdnxjr;\??\c:\windows\system32\drivers\eurdnxjr.sys --> c:\windows\system32\drivers\eurdnxjr.sys [?]
S1 fxgsanni;fxgsanni;\??\c:\windows\system32\drivers\fxgsanni.sys --> c:\windows\system32\drivers\fxgsanni.sys [?]
S1 grcqgdwc;grcqgdwc;\??\c:\windows\system32\drivers\grcqgdwc.sys --> c:\windows\system32\drivers\grcqgdwc.sys [?]
S1 gvaclqww;gvaclqww;\??\c:\windows\system32\drivers\gvaclqww.sys --> c:\windows\system32\drivers\gvaclqww.sys [?]
S1 hicrzubn;hicrzubn;\??\c:\windows\system32\drivers\hicrzubn.sys --> c:\windows\system32\drivers\hicrzubn.sys [?]
S1 hkdzxxfg;hkdzxxfg;\??\c:\windows\system32\drivers\hkdzxxfg.sys --> c:\windows\system32\drivers\hkdzxxfg.sys [?]
S1 hnsjkkni;hnsjkkni;\??\c:\windows\system32\drivers\hnsjkkni.sys --> c:\windows\system32\drivers\hnsjkkni.sys [?]
S1 ibrxfqoh;ibrxfqoh;\??\c:\windows\system32\drivers\ibrxfqoh.sys --> c:\windows\system32\drivers\ibrxfqoh.sys [?]
S1 jdqhzybe;jdqhzybe;\??\c:\windows\system32\drivers\jdqhzybe.sys --> c:\windows\system32\drivers\jdqhzybe.sys [?]
S1 jqnoydld;jqnoydld;\??\c:\windows\system32\drivers\jqnoydld.sys --> c:\windows\system32\drivers\jqnoydld.sys [?]
S1 jvwisrdd;jvwisrdd;\??\c:\windows\system32\drivers\jvwisrdd.sys --> c:\windows\system32\drivers\jvwisrdd.sys [?]
S1 kajxnpsl;kajxnpsl;\??\c:\windows\system32\drivers\kajxnpsl.sys --> c:\windows\system32\drivers\kajxnpsl.sys [?]
S1 kixjvkbz;kixjvkbz;\??\c:\windows\system32\drivers\kixjvkbz.sys --> c:\windows\system32\drivers\kixjvkbz.sys [?]
S1 lkjxuyis;lkjxuyis;\??\c:\windows\system32\drivers\lkjxuyis.sys --> c:\windows\system32\drivers\lkjxuyis.sys [?]
S1 llutzada;llutzada;\??\c:\windows\system32\drivers\llutzada.sys --> c:\windows\system32\drivers\llutzada.sys [?]
S1 mexzkeqy;mexzkeqy;\??\c:\windows\system32\drivers\mexzkeqy.sys --> c:\windows\system32\drivers\mexzkeqy.sys [?]
S1 mxyltugm;mxyltugm;\??\c:\windows\system32\drivers\mxyltugm.sys --> c:\windows\system32\drivers\mxyltugm.sys [?]
S1 pgfcbbmo;pgfcbbmo;\??\c:\windows\system32\drivers\pgfcbbmo.sys --> c:\windows\system32\drivers\pgfcbbmo.sys [?]
S1 pqcsnwaw;pqcsnwaw;\??\c:\windows\system32\drivers\pqcsnwaw.sys --> c:\windows\system32\drivers\pqcsnwaw.sys [?]
S1 prxrthzn;prxrthzn;\??\c:\windows\system32\drivers\prxrthzn.sys --> c:\windows\system32\drivers\prxrthzn.sys [?]
S1 puojxdro;puojxdro;\??\c:\windows\system32\drivers\puojxdro.sys --> c:\windows\system32\drivers\puojxdro.sys [?]
S1 qwmmazyp;qwmmazyp;\??\c:\windows\system32\drivers\qwmmazyp.sys --> c:\windows\system32\drivers\qwmmazyp.sys [?]
S1 rkzfeuof;rkzfeuof;\??\c:\windows\system32\drivers\rkzfeuof.sys --> c:\windows\system32\drivers\rkzfeuof.sys [?]
S1 rojhwzlg;rojhwzlg;\??\c:\windows\system32\drivers\rojhwzlg.sys --> c:\windows\system32\drivers\rojhwzlg.sys [?]
S1 sdbhtaia;sdbhtaia;\??\c:\windows\system32\drivers\sdbhtaia.sys --> c:\windows\system32\drivers\sdbhtaia.sys [?]
S1 szvvgpkk;szvvgpkk;\??\c:\windows\system32\drivers\szvvgpkk.sys --> c:\windows\system32\drivers\szvvgpkk.sys [?]
S1 tmushnuh;tmushnuh;\??\c:\windows\system32\drivers\tmushnuh.sys --> c:\windows\system32\drivers\tmushnuh.sys [?]
S1 vdiwhfbm;vdiwhfbm;\??\c:\windows\system32\drivers\vdiwhfbm.sys --> c:\windows\system32\drivers\vdiwhfbm.sys [?]
S1 vglekhpj;vglekhpj;\??\c:\windows\system32\drivers\vglekhpj.sys --> c:\windows\system32\drivers\vglekhpj.sys [?]
S1 wckltgey;wckltgey;\??\c:\windows\system32\drivers\wckltgey.sys --> c:\windows\system32\drivers\wckltgey.sys [?]
S1 wfeyshfo;wfeyshfo;\??\c:\windows\system32\drivers\wfeyshfo.sys --> c:\windows\system32\drivers\wfeyshfo.sys [?]
S1 xekyvppv;xekyvppv;\??\c:\windows\system32\drivers\xekyvppv.sys --> c:\windows\system32\drivers\xekyvppv.sys [?]
S1 xluzfwyb;xluzfwyb;\??\c:\windows\system32\drivers\xluzfwyb.sys --> c:\windows\system32\drivers\xluzfwyb.sys [?]
S1 ypxmhujq;ypxmhujq;\??\c:\windows\system32\drivers\ypxmhujq.sys --> c:\windows\system32\drivers\ypxmhujq.sys [?]
S3 AKSIM;ActivKey Sim;c:\windows\system32\drivers\aksim.sys [6/28/2007 8:18 PM 27008]
S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\AT&T\Communication Manager\RcAppSvc.exe [11/20/2008 9:07 PM 113152]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [7/8/2008 12:45 PM 23888]
S3 magaService;Lan Discover Agent;c:\program files\Sygate\SSA\maga\maga.exe --> c:\program files\Sygate\SSA\maga\maga.exe [?]
S3 ndisdrv;ndisdrv;\??\c:\windows\system32\ndisdrv.sys --> c:\windows\system32\ndisdrv.sys [?]
S3 SmartUSB;SmartReader-USB;c:\windows\system32\drivers\SmartUSB.sys [1/26/2007 11:05 AM 17024]
S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\drivers\swnc8u80.sys [8/20/2008 1:35 PM 168192]
S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\drivers\swumx80.sys [8/20/2008 1:36 PM 142976]

--- Other Services/Drivers In Memory ---

*Deregistered* - uphcleanhlp

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{922E8525-AC7E-4294-ACAA-43712D4423C0}]
2007-04-06 18:36 188416 ----a-w- c:\program files\Common Files\Hewlett-Packard\ActSet\HpActSet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9AC2D554-AC12-4F1F-AAB9-E6363ADE5381}]
2007-04-06 18:36 188416 ----a-w- c:\program files\Common Files\Hewlett-Packard\ActSet\HpActSet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}]
2008-04-14 00:12 78848 ----a-w- c:\windows\system32\msiexec.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C99D666B-62E4-461B-A346-9375D55AB9BC}]
2007-04-06 18:36 188416 ----a-w- c:\program files\Common Files\Hewlett-Packard\ActSet\HpActSet.exe
.
Contents of the 'Scheduled Tasks' folder

2010-01-10 c:\windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000.job
- c:\progra~1\HEWLET~1\PCCOE~1\Aimsi.dll [2009-03-27 21:35]

2010-01-10 c:\windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001.job
- c:\progra~1\HEWLET~1\PCCOE~1\Aimsi.dll [2009-03-27 21:35]

2010-01-10 c:\windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000.job
- c:\progra~1\HEWLET~1\PCCOE~1\clinvsi.dll [2008-09-07 22:06]

2010-01-10 c:\windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001.job
- c:\program files\Hewlett-Packard\PC COE\coetl32.exe [2007-06-24 05:27]

2010-01-10 c:\windows\Tasks\IDA{DDC3038B-D87C-4DE6-AD88-05C6E3962FA0}000.job
- c:\progra~1\HEWLET~1\PCCOE~1\SWConnSI.dll [2008-07-01 21:27]

2010-01-10 c:\windows\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000.job
- c:\progra~1\HEWLET~1\PCCOE~1\critupsi.dll [2008-09-07 21:13]

2010-01-10 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 22:36]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{E270AB82-96D5-45DB-ABE3-0BC038B92334} - c:\program files\Hewlett-Packard\IEToolBar\HP IE Fix.exe
Trusted Zone: compaq.com
Trusted Zone: compaq.com\ie.config.asia
Trusted Zone: compaq.com\ie.config.eur
Trusted Zone: compaq.com\ie.config.im.hou
Trusted Zone: compaq.com\ie.config.jp
Trusted Zone: cpqcorp.net
Trusted Zone: dcu.org
Trusted Zone: dec.com
Trusted Zone: dec.com\ie.config.ecom
Trusted Zone: hp.com
Trusted Zone: hpe-learning.com
Trusted Zone: hpqcorp.net
Trusted Zone: hpshopping.com
Trusted Zone: tandem.com
Trusted Zone: tandem.com\ie.config
Trusted Zone: compaq.com\ie.config.asia
Trusted Zone: compaq.com\ie.config.eur
Trusted Zone: compaq.com\ie.config.im.hou
Trusted Zone: compaq.com\ie.config.jp
Trusted Zone: dec.com\ie.config.ecom
Trusted Zone: tandem.com\ie.config
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: {98C53984-8BF8-4D11-9B1C-C324FCA9CADE} - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -

Notify-NavLogon - (no file)
SafeBoot-Symantec Antvirus



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-01-10 15:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1804)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1860)
c:\windows\system32\setuid.dll

- - - - - - - > 'explorer.exe'(5484)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Symantec AntiVirus\Smc.exe
c:\program files\Symantec AntiVirus\SNAC.EXE
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\cvsnt\cvslock.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\UPHClean\uphclean.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\System32\vssvc.exe
c:\program files\Symantec AntiVirus\SmcGui.exe
c:\windows\AGRSMMSG.exe
c:\progra~1\HPQ\Shared\HPQTOA~1.EXE
c:\program files\WinZip\WZQKPICK.EXE
c:\program files\Xpress Mail\Professional Editon\Connection.exe
c:\program files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2010-01-10 15:17:43 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-10 20:17

Pre-Run: 12,736,950,272 bytes free
Post-Run: 13,386,260,480 bytes free

- - End Of File - - 9C585E014BD09A47EA26E261F59BE9A6

gmjackson44
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-01-08
OS OS : Windows XP
Points Points : 25433
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010 Infection

Post by Belahzur on 10th January 2010, 8:39 pm

Please download SystemLook from one of the links below and save it to your Desktop.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code:

    :filefind
    iastor.sys

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Internet Security 2010 Infection

Post by gmjackson44 on 10th January 2010, 9:12 pm

SystemLook v1.0 by jpshortstuff (10.01.10)
Log created at 16:08 on 10/01/2010 by smigrego (Administrator - Elevation successful)

========== filefind ==========

Searching for "iastor.sys"
C:\hp\drivers\hdd\IASTOR.SYS --a--- 268800 bytes [18:17 10/04/2007] [20:31 02/10/2006] DC3B6AD2EAA99C53B82E6FBCA3630138
C:\WINDOWS\system32\drivers\iaStor.sys ------ 268800 bytes [16:13 20/04/2007] [17:17 10/01/2010] 9D1F5A94922B51F256995D8D09A2B215

-=End Of File=-

gmjackson44
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-01-08
OS OS : Windows XP
Points Points : 25433
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010 Infection

Post by Belahzur on 10th January 2010, 9:27 pm


  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    FCopy::
    C:\hp\drivers\hdd\IASTOR.SYS | C:\WINDOWS\system32\drivers\iaStor.sys

    Driver::
    cisndo
    xcpcyo
    ahonxsvs
    bccsykjh
    cgsjtvse
    cmpwodfd
    cvetctjx
    cyffsfbr
    elkcnahb
    enipttla
    eurdnxjr
    fxgsanni
    grcqgdwc
    gvaclqww
    hicrzubn
    hkdzxxfg
    hnsjkkni
    ibrxfqoh
    jdqhzybe
    jqnoydld
    jvwisrdd
    kajxnpsl
    kixjvkbz
    lkjxuyis
    llutzada
    mexzkeqy
    mxyltugm
    pgfcbbmo
    pqcsnwaw
    prxrthzn
    puojxdro
    qwmmazyp
    rkzfeuof
    rojhwzlg
    sdbhtaia
    szvvgpkk
    tmushnuh
    vdiwhfbm
    vglekhpj
    wckltgey
    wfeyshfo
    xekyvppv
    xluzfwyb
    ypxmhujq
    ndisdrv
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Internet Security 2010 Infection

Post by gmjackson44 on 10th January 2010, 9:59 pm

ComboFix 10-01-04.01 - smigrego 01/10/2010 16:41:37.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1239 [GMT -5:00]
Running from: c:\documents and settings\smigrego\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\smigrego\Desktop\CFScript.txt
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Symantec Endpoint Protection *On-access scanning disabled* (Outdated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\hp\drivers\hdd\IASTOR.SYS --> c:\windows\system32\drivers\iaStor.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NDISDRV
-------\Legacy_XCPCYO
-------\Service_ahonxsvs
-------\Service_bccsykjh
-------\Service_cgsjtvse
-------\Service_cisndo
-------\Service_cmpwodfd
-------\Service_cvetctjx
-------\Service_cyffsfbr
-------\Service_elkcnahb
-------\Service_enipttla
-------\Service_eurdnxjr
-------\Service_fxgsanni
-------\Service_grcqgdwc
-------\Service_gvaclqww
-------\Service_hicrzubn
-------\Service_hkdzxxfg
-------\Service_hnsjkkni
-------\Service_ibrxfqoh
-------\Service_jdqhzybe
-------\Service_jqnoydld
-------\Service_jvwisrdd
-------\Service_kajxnpsl
-------\Service_kixjvkbz
-------\Service_lkjxuyis
-------\Service_llutzada
-------\Service_mexzkeqy
-------\Service_mxyltugm
-------\Service_ndisdrv
-------\Service_pgfcbbmo
-------\Service_pqcsnwaw
-------\Service_prxrthzn
-------\Service_puojxdro
-------\Service_qwmmazyp
-------\Service_rkzfeuof
-------\Service_rojhwzlg
-------\Service_sdbhtaia
-------\Service_szvvgpkk
-------\Service_tmushnuh
-------\Service_vdiwhfbm
-------\Service_vglekhpj
-------\Service_wckltgey
-------\Service_wfeyshfo
-------\Service_xcpcyo
-------\Service_xekyvppv
-------\Service_xluzfwyb
-------\Service_ypxmhujq


((((((((((((((((((((((((( Files Created from 2009-12-10 to 2010-01-10 )))))))))))))))))))))))))))))))
.

2010-01-10 21:39 . 2010-01-10 21:40 -------- d-----w- C:\32788R22FWJFW
2010-01-10 20:05 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2010-01-10 20:05 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2010-01-10 19:49 . 2010-01-10 20:17 -------- d-----w- C:\Combo-Fix
2010-01-09 23:51 . 2010-01-09 23:51 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Adobe
2010-01-09 23:49 . 2010-01-09 23:49 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-01-09 23:49 . 2010-01-09 23:49 -------- d-----w- c:\documents and settings\Default User\Application Data\Juniper Networks
2010-01-09 23:14 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-09 07:05 . 2010-01-09 23:51 -------- d-----w- c:\documents and settings\smigrego\Local Settings\Application Data\nos
2010-01-09 07:05 . 2010-01-10 03:06 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-01-09 06:30 . 2010-01-09 06:29 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-09 04:26 . 2010-01-09 04:29 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-01-08 16:04 . 2010-01-08 16:04 -------- d-----w- c:\program files\GetITFixes
2010-01-08 07:27 . 2010-01-08 07:27 -------- d-----w- c:\program files\Trend Micro
2010-01-07 23:50 . 2010-01-07 23:50 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2010-01-06 23:17 . 2010-01-06 23:17 -------- d-----w- C:\spoolerlogs
2010-01-06 23:09 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-06 23:09 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 21:30 . 2010-01-06 21:30 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-01-06 19:24 . 2010-01-06 19:31 -------- d-s---w- c:\windows\system32\config\systemprofile\UserData
2010-01-06 05:54 . 2010-01-07 09:12 -------- d-sh--w- c:\documents and settings\smigrego\.COMMgr

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-10 02:48 . 2009-10-24 04:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-10 02:48 . 2010-01-10 02:48 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-09 23:51 . 2008-05-20 14:38 -------- d-----w- c:\documents and settings\smigrego\Application Data\HPAppData
2010-01-09 23:50 . 2007-01-26 16:11 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-09 23:49 . 2008-03-26 16:31 -------- d-----w- c:\program files\Google
2010-01-09 23:49 . 2010-01-09 07:05 1975408 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\GoogleToolbarInstaller_en32_signed.exe
2010-01-09 23:43 . 2010-01-09 23:43 29696 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{5DBB7712-F0C4-5028-736C-558679203AAF}-smss32.exe
2010-01-09 19:28 . 2010-01-09 19:28 29696 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{4715E641-2F82-EE93-C6FB-A28AFB7F6C48}-smss32.exe
2010-01-09 07:33 . 2010-01-09 07:33 29696 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{0558C1F9-03CF-5CF1-3226-B91C4313EC58}-smss32.exe
2010-01-09 07:05 . 2010-01-09 07:05 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-01-09 06:32 . 2007-01-26 15:59 -------- d-----w- c:\program files\Java
2010-01-09 06:15 . 2010-01-09 06:15 29696 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{149A5678-9634-D037-22DF-271AE35E02CA}-smss32.exe
2010-01-09 03:41 . 2010-01-09 03:41 29696 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{F7B05C94-7867-5DF4-D1F6-F9B949207D17}-smss32.exe
2010-01-09 00:06 . 2010-01-09 00:06 29696 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{C00D58E0-3D64-B5D2-7757-2A3D25AA578C}-smss32.exe
2010-01-08 21:04 . 2010-01-08 21:04 29696 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{7E9B6BE1-6B19-24E1-0534-C23D5EE9FE84}-smss32.exe
2010-01-08 19:23 . 2010-01-08 19:23 29696 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{FCBF0855-D5A2-8050-A245-FC4CAE94655A}-smss32.exe
2010-01-08 18:35 . 2007-01-26 16:18 -------- d-----w- c:\program files\symantec antivirus
2010-01-08 17:35 . 2010-01-08 17:35 24580 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{831B347A-E14F-AFAB-A60C-39652E985A7E}-notepad.exe
2010-01-08 08:10 . 2010-01-08 08:10 29696 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{DEC5F7AE-B8FD-D748-F66E-BE720FCF392D}-smss32.exe
2010-01-08 04:34 . 2007-01-26 14:51 -------- d-----w- c:\program files\Hewlett-Packard
2009-12-10 05:07 . 2008-03-25 21:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-02 15:25 . 2009-04-07 14:25 -------- d-----w- c:\program files\CrashPlan
2009-11-21 15:51 . 1980-01-01 00:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-20 11:08 . 2010-01-09 23:51 38784 ----a-w- c:\documents and settings\smigrego\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2009-11-20 11:08 . 2010-01-09 23:50 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2009-10-29 05:38 . 1980-01-01 00:00 667136 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 1980-01-01 00:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 1980-01-01 00:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-03 23:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 1980-01-01 00:00 270336 ----a-w- c:\windows\system32\oakley.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-04-17 95536]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus CX4800 Series (Copy 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE" [2005-02-02 98304]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2006-03-31 184320]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-16 794713]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"QuickPassword"="c:\program files\ActivCard\ActivCard Gold\agquickp.exe" [2007-06-26 225280]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-05-08 131072]
"IDA"="c:\program files\Hewlett-Packard\PC COE\IDA.EXE" [2008-08-12 176128]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 454656]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"COEMsgDisplay"="c:\program files\Hewlett-Packard\PC COE\COEMsgDisplay.exe" [2007-04-12 26624]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-07-08 115560]
"AGRSMMSG"="AGRSMMSG.exe" [2006-01-30 88203]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.exe" [2006-01-17 53248]
"AT&T Communication Manager"="c:\program files\AT&T\Communication Manager\ATTCM.exe" [2008-12-01 33280]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2006-01-14 172032]
"GetITIcon"="c:\program files\Hewlett-Packard\GetITIcon\GetITShell.exe" [2009-05-05 864256]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2009-04-17 54576]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]
"GetIT"="c:\program files\Hewlett-Packard\GetIT\GetIT.exe" [2007-12-04 286720]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-09 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2009-8-11 1459392]
CrashPlan Tray.lnk - c:\program files\CrashPlan\CrashPlanTray.exe [2009-11-6 217088]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-3-24 184320]
WinZip Quick Pick.lnk - c:\windows\Installer\{9FDF923E-DB53-41E4-8CE6-8DEB8301C12E}\Icon_WZQKPICK.EXE [2008-3-24 65536]
Xpress Mail Professional Edition.lnk - c:\program files\Xpress Mail\Professional Editon\XpressMailDesktopClient.exe [2009-7-1 3082352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
"DisableNT4Policy"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoMSAppLogo5ChannelNotify"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 setuid

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^smigrego^Start Menu^Programs^Startup^HP.OutlookUtility.TaskbarNotifier.lnk]
path=c:\documents and settings\smigrego\Start Menu\Programs\Startup\HP.OutlookUtility.TaskbarNotifier.lnk
backup=c:\windows\pss\HP.OutlookUtility.TaskbarNotifier.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Altiris\\AClient\\AClntUsr.EXE"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Hewlett-Packard\\PC COE 3\\OV CMS\\radexecd.exe"=
"c:\\Program Files\\Hewlett-Packard\\PC COE 3\\OV CMS\\RadUIShell.exe"=
"c:\\Program Files\\Hewlett-Packard\\PC COE 3\\OV CMS\\radtray.exe"=
"c:\\Program Files\\symantec antivirus\\Smc.exe"=
"c:\\Program Files\\symantec antivirus\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\AT&T\\Communication Manager\\SwiApiMux.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\CrashPlan\\CrashPlanService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Hewlett-Packard\\PC COE\\coetl32.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\hpswp_clipbook.exe"=
"c:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"=

R1 NEOFLTR_610_13733;Juniper Networks TDI Filter Driver (NEOFLTR_610_13733);c:\windows\system32\drivers\NEOFLTR_610_13733.sys [11/26/2008 9:56 PM 64160]
R2 acautoreg;ActivCard Gold Autoregister;c:\program files\Common Files\ActivCard\acautoreg.exe [6/26/2007 5:06 PM 53248]
R2 Accoca;ActivCard Gold service;c:\program files\Common Files\ActivCard\accoca.exe [5/12/2004 5:51 PM 143360]
R2 AvChgSvc;HP-AV Change Monitor Service;c:\progra~1\HPAVAD~1\avChgSvc.exe [10/17/2008 4:24 PM 238080]
R2 CrashPlanService;CrashPlan Backup Service;c:\program files\CrashPlan\CrashPlanService.exe [2/2/2009 9:10 PM 150016]
R2 CVS;CVSNT;c:\program files\cvsnt\cvsservice.exe [8/19/2004 3:39 AM 35328]
R2 radexecd;HP OVCM Notify Daemon;c:\program files\Hewlett-Packard\PC COE 3\OV CMS\radexecd.exe [2/20/2007 1:59 PM 270510]
R2 radsched;HP OVCM Scheduler Daemon;c:\program files\Hewlett-Packard\PC COE 3\OV CMS\radsched.exe [3/22/2007 5:19 PM 172205]
R2 Radstgms;HP OVCM MSI Redirector;c:\program files\Hewlett-Packard\PC COE 3\OV CMS\Radstgms.exe [3/20/2007 12:03 PM 315570]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/25/2008 1:18 PM 24652]
R3 akbus;ActivCard Virtual Reader Enumerator;c:\windows\system32\drivers\akbus.sys [1/26/2007 11:05 AM 13619]
R3 akpcsc;ActivCard Virtual PC/SC Device Driver;c:\windows\system32\drivers\akpcsc.sys [1/26/2007 11:05 AM 9493]
R3 aksbus;ActivIdentity Virtual Reader Enumerator;c:\windows\system32\drivers\aksbus.sys [4/6/2007 11:46 AM 13647]
R3 akspcsc;ActivIdentity Virtual PC/SC Device Driver;c:\windows\system32\drivers\akspcsc.sys [6/28/2007 8:19 PM 10161]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/16/2009 11:52 AM 102448]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [4/10/2007 1:17 PM 88192]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [4/10/2007 1:17 PM 36608]
R3 RadiaMsi;RadiaMsi;c:\windows\system32\drivers\radiamsi.sys [8/3/2007 9:31 AM 23424]
R3 WSUSBDMAN;VMware VDM Virtual Client USB Manager;c:\windows\system32\drivers\WSUSBDMAN.sys [1/19/2008 12:43 AM 19840]
S3 AKSIM;ActivKey Sim;c:\windows\system32\drivers\aksim.sys [6/28/2007 8:18 PM 27008]
S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\AT&T\Communication Manager\RcAppSvc.exe [11/20/2008 9:07 PM 113152]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [7/8/2008 12:45 PM 23888]
S3 magaService;Lan Discover Agent;c:\program files\Sygate\SSA\maga\maga.exe --> c:\program files\Sygate\SSA\maga\maga.exe [?]
S3 SmartUSB;SmartReader-USB;c:\windows\system32\drivers\SmartUSB.sys [1/26/2007 11:05 AM 17024]
S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\drivers\swnc8u80.sys [8/20/2008 1:35 PM 168192]
S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\drivers\swumx80.sys [8/20/2008 1:36 PM 142976]

--- Other Services/Drivers In Memory ---

*Deregistered* - uphcleanhlp

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{922E8525-AC7E-4294-ACAA-43712D4423C0}]
2007-04-06 18:36 188416 ----a-w- c:\program files\Common Files\Hewlett-Packard\ActSet\HpActSet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9AC2D554-AC12-4F1F-AAB9-E6363ADE5381}]
2007-04-06 18:36 188416 ----a-w- c:\program files\Common Files\Hewlett-Packard\ActSet\HpActSet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}]
2008-04-14 00:12 78848 ----a-w- c:\windows\system32\msiexec.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C99D666B-62E4-461B-A346-9375D55AB9BC}]
2007-04-06 18:36 188416 ----a-w- c:\program files\Common Files\Hewlett-Packard\ActSet\HpActSet.exe
.
Contents of the 'Scheduled Tasks' folder

2010-01-10 c:\windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000.job
- c:\progra~1\HEWLET~1\PCCOE~1\Aimsi.dll [2009-03-27 21:35]

2010-01-10 c:\windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001.job
- c:\progra~1\HEWLET~1\PCCOE~1\Aimsi.dll [2009-03-27 21:35]

2010-01-10 c:\windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000.job
- c:\progra~1\HEWLET~1\PCCOE~1\clinvsi.dll [2008-09-07 22:06]

2010-01-10 c:\windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001.job
- c:\program files\Hewlett-Packard\PC COE\coetl32.exe [2007-06-24 05:27]

2010-01-10 c:\windows\Tasks\IDA{DDC3038B-D87C-4DE6-AD88-05C6E3962FA0}000.job
- c:\progra~1\HEWLET~1\PCCOE~1\SWConnSI.dll [2008-07-01 21:27]

2010-01-10 c:\windows\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000.job
- c:\progra~1\HEWLET~1\PCCOE~1\critupsi.dll [2008-09-07 21:13]

2010-01-10 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 22:36]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{E270AB82-96D5-45DB-ABE3-0BC038B92334} - c:\program files\Hewlett-Packard\IEToolBar\HP IE Fix.exe
Trusted Zone: compaq.com
Trusted Zone: compaq.com\ie.config.asia
Trusted Zone: compaq.com\ie.config.eur
Trusted Zone: compaq.com\ie.config.im.hou
Trusted Zone: compaq.com\ie.config.jp
Trusted Zone: cpqcorp.net
Trusted Zone: dcu.org
Trusted Zone: dec.com
Trusted Zone: dec.com\ie.config.ecom
Trusted Zone: hp.com
Trusted Zone: hpe-learning.com
Trusted Zone: hpqcorp.net
Trusted Zone: hpshopping.com
Trusted Zone: tandem.com
Trusted Zone: tandem.com\ie.config
Trusted Zone: compaq.com\ie.config.asia
Trusted Zone: compaq.com\ie.config.eur
Trusted Zone: compaq.com\ie.config.im.hou
Trusted Zone: compaq.com\ie.config.jp
Trusted Zone: dec.com\ie.config.ecom
Trusted Zone: tandem.com\ie.config
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: {98C53984-8BF8-4D11-9B1C-C324FCA9CADE} - [You must be registered and logged in to see this link.]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-01-10 16:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1804)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1860)
c:\windows\system32\setuid.dll

- - - - - - - > 'explorer.exe'(4784)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Symantec AntiVirus\Smc.exe
c:\program files\Symantec AntiVirus\SNAC.EXE
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\cvsnt\cvslock.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\UPHClean\uphclean.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\System32\vssvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Symantec AntiVirus\SmcGui.exe
c:\windows\AGRSMMSG.exe
c:\progra~1\HPQ\Shared\HPQTOA~1.EXE
c:\program files\WinZip\WZQKPICK.EXE
c:\program files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2010-01-10 16:56:44 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-10 21:56
ComboFix2.txt 2010-01-10 20:17

Pre-Run: 13,363,138,560 bytes free
Post-Run: 13,327,261,696 bytes free

- - End Of File - - 1FEB1DDFF8CEA58D92D13629E337842C

gmjackson44
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-01-08
OS OS : Windows XP
Points Points : 25433
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010 Infection

Post by Belahzur on 10th January 2010, 10:18 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Internet Security 2010 Infection

Post by gmjackson44 on 10th January 2010, 11:22 pm

The machine is running much better right now. Nothing wrong that I can see.

gmjackson44
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-01-08
OS OS : Windows XP
Points Points : 25433
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010 Infection

Post by Belahzur on 11th January 2010, 12:46 am

Hello.
There is one more log I want to check.

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Internet Security 2010 Infection

Post by gmjackson44 on 11th January 2010, 2:03 am

Sorry for the delay. I stepped away for a little bit. Here is the log:

32 Bit HP CIO Components Installer
Acrobat.com
Acrobat.com
ActivCard Gold
ActivCard Initialization Utility
ActivIdentity Device Installer
Adobe AIR
Adobe AIR
Adobe Flash Player
Adobe Reader 9.2
Adobe Reader Chinese Simplified Fonts
Adobe Reader Chinese Traditional Fonts
Adobe Reader Japanese Fonts
Adobe Reader Korean Fonts
Agere Systems HDA Modem
AIM 6
AIM Toolbar 5.0
Amazon MP3 Downloader 1.0.5
AR System User 5.1
AT&T Communication Manager
ATI Display Driver
Compatibility Pack for the 2007 Office system
CrashPlan
Critical Update for Windows Media Player 11 (KB959772)
CutePDF Writer 2.7
CVSNT
Driver Installer
EPSON Printer Software
EPSON Scan
Free M4a to MP3 Converter 6.1
Google Talk (remove only)
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB944043-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Client Management Interface 1.00 D8
HP Deskjet 3840
HP Driver Diagnostics
HP Integrated Module with Bluetooth wireless technology
HP Mobile Data Protection System
HP One Click
HP Quick Launch Buttons 6.00 H1
HP Smart Web Printing
HP Update
HP Wireless Assistant 2.00 E1
Informatica Mapping Template
Internet Explorer Self Help Tool
InterVideo DVD Check
InterVideo WinDVD
J2SE Runtime Environment 5.0 Update 15
Java(TM) 6 Update 17
Juniper Networks Secure Application Manager
Knowledge Xpert for PLSQL V9.0
LiveUpdate 3.3 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2003 Web Components
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access 2007
Microsoft Office Access 2007
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel 2007
Microsoft Office Excel 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office FrontPage 2003
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Meeting 2007
Microsoft Office OneNote 2007
Microsoft Office OneNote 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook 2007
Microsoft Office Outlook 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Professional Plus 2007
Microsoft Office Project 2007 Service Pack 2 (SP2)
Microsoft Office Project 2007 Service Pack 2 (SP2)
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Professional 2007
Microsoft Office Project Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Essentials
Microsoft Security Essentials
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Netezza Performance Server (tm) ODBC Driver
Netflix Movie Viewer
OGA Notifier 2.0.0048.0
OLYMPUS Master 2
PAL
PowerCenter Client 8.6.1
Python 2.5.2
Qexplain2full
Quest Software Toad for Oracle Version 9.0.1
Quest SQL Tuning for Oracle
QuickTime
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB976325)
Sonic RecordNow!
Symantec Endpoint Protection
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Outlook 2007 Junk Email Filter (kb976884)
Update for Outlook 2007 Junk Email Filter (kb976884)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
User Profile Hive Cleanup Service
Viewpoint Media Player
VMware VDM Client
VPN Client
WinCvs 2.0
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinSQL
WinSQL
WinZip-9.0-01
Xpress Mail Professional Edition

gmjackson44
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-01-08
OS OS : Windows XP
Points Points : 25433
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010 Infection

Post by gmjackson44 on 11th January 2010, 2:27 am

Also, one thing I noticed is my VPN shortcut for the work intranet is not connecting.

gmjackson44
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-01-08
OS OS : Windows XP
Points Points : 25433
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010 Infection

Post by Origin on 11th January 2010, 6:05 am

Hello, can you check to see if Windows firewall isn't blocking the connection to your VPN?

Go to Start-->Control Panel-->Security center-->Windows Firewall-->Navigate to the exception tab and check if your VPN has a check next to it. If your VPN client isn't there, click on the add program button, locate your VPN and click ok. *Make sure it has a check next to it when you add it to the exceptions.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31523
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010 Infection

Post by Belahzur on 11th January 2010, 11:31 am

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    J2SE Runtime Environment 5.0 Update 15
    Viewpoint Media Player

Check the proxy too, as Origin has asked.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Internet Security 2010 Infection

Post by gmjackson44 on 11th January 2010, 3:11 pm

I have removed the two programs. There is no security center icon in the control panel.

gmjackson44
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-01-08
OS OS : Windows XP
Points Points : 25433
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010 Infection

Post by gmjackson44 on 11th January 2010, 4:01 pm

I found Windows Firewall in Network Connections. I'll call up my IT Support group for the VPN set-up. My real concern is just making sure the machine is clean.

gmjackson44
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-01-08
OS OS : Windows XP
Points Points : 25433
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010 Infection

Post by Belahzur on 11th January 2010, 4:48 pm

Logs looks clean to me. Smile


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Internet Security 2010 Infection

Post by gmjackson44 on 11th January 2010, 5:05 pm

Thank you guys very very much. I really appreciate all of the help.

gmjackson44
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-01-08
OS OS : Windows XP
Points Points : 25433
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum