Your PC Protector Virus Complete Removal

View previous topic View next topic Go down

Your PC Protector Virus Complete Removal

Post by BNA_RICK on 23rd February 2010, 3:10 pm

I have been wrestling with the Your PC Protector virus for the last 2 weeks. I followed the processes described in various topics on this forum and beleive I have eliminated most of the viruses. My computer still seems to be acting unusually slow so I was hoping you might be able to help me put the final touches on this problem. I have pasted two logs below, Hi Jack This and Combo Fix. Help much appreciated.

Hi Jack This
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:02:03 AM, on 2/23/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\RickBailey\My Documents\Downloads and Software\Hi Jack This\winlogon.scr

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] "C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe"
O4 - HKLM\..\Run: [Persistence] "C:\WINDOWS\system32\igfxpers.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IgfxTray] "C:\WINDOWS\system32\igfxtray.exe"
O4 - HKLM\..\Run: [HotKeysCmds] "C:\WINDOWS\system32\hkcmd.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "C:\WINDOWS\system32\rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\DellTPad\Apoint.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] "C:\WINDOWS\KHALMNPR.EXE"
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKLM\..\Run: [Easy Synchronization] "C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] "C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" /background
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~2\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Sprint SmartView] "C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe" -a
O4 - HKLM\..\Run: [RDVCHG] "C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
O4 - HKLM\..\RunOnce: [Easy Synchronization] "C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe" --ports
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_1_0 -reboot 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [RIMDeviceManager] "C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe" -RunServer
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Google Sidewiki... - [You must be registered and logged in to see this link.] Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sprint RcAppSvc (SprintRcAppSvc) - SmithMicro Inc. - C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. ([You must be registered and logged in to see this link.] - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

--
End of file - 15929 bytes

Combo Fix
ComboFix 10-02-21.02 - RickBailey 02/22/2010 22:23:47.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1381 [GMT -6:00]
Running from: D:\Combo-Fix.exe
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
c:\documents and settings\RickBailey\My Documents\ZbThumbnail.info
c:\windows\AegisP.inf
c:\windows\Tasks\asufwrba.job

.
((((((((((((((((((((((((( Files Created from 2010-01-23 to 2010-02-23 )))))))))))))))))))))))))))))))
.

2010-02-22 20:30 . 2010-02-22 20:30 -------- d-----w- c:\documents and settings\RickBailey\Application Data\Malwarebytes
2010-02-22 19:16 . 2010-02-22 19:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-02-22 19:16 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-22 19:16 . 2010-02-22 19:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-22 19:16 . 2010-02-22 19:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-22 19:16 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-11 03:35 . 2010-02-11 03:35 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-02-09 19:29 . 2010-02-22 22:57 -------- d-----w- C:\QUARANTINE
2010-02-09 16:29 . 2010-02-09 16:29 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google
2010-02-08 20:55 . 2010-02-08 20:55 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-02-07 16:25 . 2010-02-07 16:25 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-23 04:32 . 2008-12-11 03:49 256 ----a-w- c:\documents and settings\RickBailey\pool.bin
2010-02-22 19:00 . 2008-11-15 17:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-02-09 01:10 . 2009-11-06 03:14 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-02-09 01:10 . 2009-11-06 03:14 -------- d-----w- c:\program files\McAfee
2010-02-07 16:24 . 2008-11-15 17:15 -------- d-----w- c:\program files\Google
2010-01-25 03:14 . 2010-01-18 15:14 892576 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-01-15 18:49 . 2010-01-15 18:49 -------- d-----w- c:\program files\Microsoft Research
2010-01-15 03:55 . 2009-02-13 16:58 -------- d-----w- c:\program files\Common Files\Intuit
2010-01-15 03:50 . 2009-02-13 16:56 -------- d-----w- c:\program files\TurboTax
2010-01-14 09:05 . 2008-11-08 01:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-01-05 02:04 . 2010-01-04 03:18 -------- d-----w- c:\documents and settings\RickBailey\Application Data\U3
2009-12-21 19:14 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-21 17:02 . 2009-12-21 17:02 69632 ----a-r- c:\documents and settings\RickBailey\Application Data\Microsoft\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut600_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-12-21 17:02 . 2009-12-21 17:02 69632 ----a-r- c:\documents and settings\RickBailey\Application Data\Microsoft\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut60_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-12-21 17:02 . 2009-12-21 17:02 69632 ----a-r- c:\documents and settings\RickBailey\Application Data\Microsoft\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut6_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-12-21 17:02 . 2009-12-21 17:02 69632 ----a-r- c:\documents and settings\RickBailey\Application Data\Microsoft\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut5_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-12-21 17:02 . 2009-12-21 17:02 69632 ----a-r- c:\documents and settings\RickBailey\Application Data\Microsoft\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut4_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-12-21 17:02 . 2009-12-21 17:02 69632 ----a-r- c:\documents and settings\RickBailey\Application Data\Microsoft\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut3_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-12-21 17:02 . 2009-12-21 17:02 69632 ----a-r- c:\documents and settings\RickBailey\Application Data\Microsoft\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut12_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-12-21 17:02 . 2009-12-21 17:02 69632 ----a-r- c:\documents and settings\RickBailey\Application Data\Microsoft\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\DesktopMgr.exe
2009-12-21 17:02 . 2009-12-21 17:02 49152 ----a-r- c:\documents and settings\RickBailey\Application Data\Microsoft\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\RedirectorEXE2_770DFD1204C24F4DA163D64FACCB5CBD.exe
2009-12-21 17:02 . 2009-12-21 17:02 49152 ----a-r- c:\documents and settings\RickBailey\Application Data\Microsoft\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\RedirectorEXE1_770DFD1204C24F4DA163D64FACCB5CBD.exe
2009-12-21 17:02 . 2009-12-21 17:02 49152 ----a-r- c:\documents and settings\RickBailey\Application Data\Microsoft\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\RedirectorEXE_770DFD1204C24F4DA163D64FACCB5CBD.exe
2009-12-21 16:58 . 2008-12-10 23:36 256 ----a-w- c:\windows\system32\pool.bin
2009-12-16 15:43 . 2009-12-16 15:44 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2009-12-16 15:43 . 2008-11-14 06:35 38784 ----a-w- c:\documents and settings\RickBailey\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2009-12-16 15:43 . 2009-12-16 15:43 144160 ----a-w- c:\documents and settings\RickBailey\Application Data\Move Networks\uninstall.exe
2009-12-16 15:43 . 2009-12-07 01:22 5603776 ----a-w- c:\documents and settings\RickBailey\Application Data\Move Networks\plugins\npqmp071705000014.dll
2009-12-07 01:22 . 2009-12-07 01:22 97216 ----a-w- c:\documents and settings\RickBailey\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-02-09 21:06 764296 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-09 764296]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-09 764296]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2009-10-22 15:43 238968 ----a-w- c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2006-03-31 313472]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-15 39408]
"RIMDeviceManager"="c:\program files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe" [2009-10-13 1590616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bluetooth Connection Assistant"="LBTWIZ.EXE -silent" [X]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-31 138008]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"Kernel and Hardware Abstraction Layer"="c:\windows\KHALMNPR.EXE" [2008-12-19 76304]
"Easy Synchronization"="c:\program files\Logitech\Easy Synchronization\LogitechEasySync.exe" [2005-10-05 53248]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-20 623960]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-07-31 1116920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~2\UPDATE~1\ISUSPM.exe" [2008-10-24 206112]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"Sprint SmartView"="c:\program files\Sprint\Sprint SmartView\SprintSV.exe" [2009-05-26 75008]
"RDVCHG"="c:\program files\Sprint\Sprint SmartView\RDVCHG.exe" [2009-05-26 316672]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2009-01-16 136512]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-09-01 124240]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-11-06 6515784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Easy Synchronization"="c:\program files\Logitech\Easy Synchronization\LogitechEasySync.exe" [2005-10-05 53248]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2008-11-15 25214]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-11-14 24576]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-2-19 809488]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{FE24CD78-7C63-465D-8787-4EDF7FC79895}"= "c:\program files\Logitech\Easy Synchronization\shellexecutehook.dll" [2005-10-05 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-02-19 05:30 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Roxio\\Media Manager 9\\MediaManager9.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"c:\\Program Files\\Sprint\\Sprint SmartView\\SwiApiMux.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [9/18/2009 1:42 PM 29808]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2/18/2009 1:43 PM 10384]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\engineserver.exe [8/31/2009 8:07 PM 21256]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [11/5/2009 9:15 PM 70728]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [11/5/2009 9:37 PM 1201640]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/7/2010 10:24 AM 135664]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [11/5/2009 9:15 PM 65448]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [5/26/2009 4:38 PM 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [5/26/2009 4:38 PM 174336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-02-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2010-02-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-15 14:24]

2010-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 16:24]

2010-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 16:24]

2010-02-23 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-02-09 21:06]

2010-02-23 c:\windows\Tasks\wrSpySweeper_L196DD35CF3D049DD8579EA5816BEBAD1.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-11-06 21:19]

2010-02-23 c:\windows\Tasks\wrSpySweeper_L196DD35CF3D049DD8579EA5816BEBAD1.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-11-06 21:19]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
LSP: bmnet.dll
Trusted Zone: intuit.com\ttlc
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -

SharedTaskScheduler-{a206abbe-a816-413f-bad9-0f1e3cfb7ec7} - c:\windows\system32\vadoyoye.dll
SharedTaskScheduler-{a43cf50e-adcb-435e-a7a8-dd74027bb90f} - (no file)
SharedTaskScheduler-{308a9f76-8ac8-494c-b314-fab3bb2c768b} - (no file)
SharedTaskScheduler-{92fd9b78-3186-4655-95a3-0f6464abdd5c} - (no file)
SharedTaskScheduler-{b6021569-fe31-4fa1-ab20-83f82b0df549} - (no file)
SharedTaskScheduler-{9ff8aadb-e383-4078-93ab-eca67562323a} - (no file)
SharedTaskScheduler-{ec2a8645-a74b-45ab-aa2d-0325d14791a0} - (no file)
SSODL-teyuvifet-{a206abbe-a816-413f-bad9-0f1e3cfb7ec7} - c:\windows\system32\vadoyoye.dll
SSODL-tarabinig-{a43cf50e-adcb-435e-a7a8-dd74027bb90f} - (no file)
SSODL-buwogajev-{308a9f76-8ac8-494c-b314-fab3bb2c768b} - (no file)
SSODL-jazubutad-{92fd9b78-3186-4655-95a3-0f6464abdd5c} - (no file)
SSODL-lihovavof-{b6021569-fe31-4fa1-ab20-83f82b0df549} - (no file)
SSODL-nuzajajon-{9ff8aadb-e383-4078-93ab-eca67562323a} - (no file)
SSODL-jokedejen-{ec2a8645-a74b-45ab-aa2d-0325d14791a0} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-02-22 22:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(964)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\windows\system32\netprovcredman.dll

- - - - - - - > 'lsass.exe'(1020)
c:\windows\system32\bmnet.dll

- - - - - - - > 'explorer.exe'(5132)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\Logishrd\Bluetooth\LBTServ.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Logitech\Easy Synchronization\servicestub.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\vstskmgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Logitech\SetPoint\LBTWiz.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\McAfee\Common Framework\McTray.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Webroot\WebrootSecurity\SpySweeper.exe
c:\program files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\McAfee\VirusScan Enterprise\mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\mfeann.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Webroot\WebrootSecurity\SSU.EXE
.
**************************************************************************
.
Completion time: 2010-02-22 22:40:46 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-23 04:40

Pre-Run: 54,284,890,112 bytes free
Post-Run: 55,968,989,184 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 334F8D472C79B132BE5F6A8CC3A5AB5C

BNA_RICK
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2010-02-22
OS OS : Windows XP
Points Points : 24843
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Your PC Protector Virus Complete Removal

Post by Belahzur on 23rd February 2010, 8:23 pm

Hello.

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Your PC Protector Virus Complete Removal

Post by BNA_RICK on 23rd February 2010, 11:08 pm

Here is the HiJackThis uninstall_list.txt

32 Bit HP CIO Components Installer
ActiveHome(TM)
Adobe Acrobat 7.1.0 Professional
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Media Player
Adobe Media Player
Adobe Shockwave Player 11
Apple Mobile Device Support
Apple Software Update
Ask.com Toolbar
BlackBerry Desktop Software 5.0.1
BlackBerry Desktop Software 5.0.1
Bonjour
Broadcom Gigabit Integrated Controller
Canon Camera Access Library
Canon Camera Support Core Library
Canon PhotoRecord
Canon PowerShot G3 WIA Driver
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities FileViewerUtility 1.0
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch 3.1
Canon Utilities RemoteCapture 2.6
Canon Utilities RemoteCapture DC
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CDDRV_Installer
Comcast Access
Comcast Access
Conexant HDA D110 MDC V.92 Modem
Coupon Printer for Windows
Dell Touchpad
Digital Line Detect
DivX
Driver Installer
Garmin Communicator Plugin
Garmin USB Drivers
Garmin WebUpdater
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
HDView for Internet Explorer
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
iTunes
Java(TM) 6 Update 18
Junk Mail filter update
KhalInstallWrapper
Logitech SetPoint
Malwarebytes' Anti-Malware
McAfee Agent
McAfee Virtual Technician
McAfee VirusScan Enterprise
mCore
mDriver
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Live Add-in 1.4
Microsoft Office Live Meeting 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard 2007
Microsoft Office Standard 2007
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (English) 2007
Microsoft Project 2000 SR-1
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
mIWA
mLogView
mMHouse
Mobile Broadband Generic Drivers
Mobile Phone Suite Easy Synchronization
Motorola Driver Installation
mPfMgr
mPfWiz
mProSafe
mSCfg
mSSO
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
MSXML 6.0 Parser (KB933579)
mWlsSafe
mWMI
mZConfig
OGA Notifier 2.0.0048.0
QuickTime
Roxio Drag-to-Disc
Roxio Media Manager
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Segoe UI
SightSpeed
SigmaTel Audio
Sprint SmartView
Spy Sweeper
Spy Sweeper Core
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wkyiper
TurboTax 2009 wrapper
TurboTax 2009 wtniper
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Visio 2007 Help (KB963666)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Windows (KB971513)
Update for Outlook 2007 Junk Email Filter (kb977719)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VZAccess Manager for Novatel
WIDCOMM Bluetooth Software
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Internet Explorer 8
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows Search 4.0
Windows XP Service Pack 3
WinZip
Xingtone Ringtone Maker

BNA_RICK
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2010-02-22
OS OS : Windows XP
Points Points : 24843
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Your PC Protector Virus Complete Removal

Post by Belahzur on 25th February 2010, 12:22 am

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Ask.com Toolbar

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Your PC Protector Virus Complete Removal

Post by BNA_RICK on 25th February 2010, 4:13 pm

Everything seems to be back to normal. Many thanks for your invaluable help. Next step is help you guys continue this great work.

BNA_RICK
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2010-02-22
OS OS : Windows XP
Points Points : 24843
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Your PC Protector Virus Complete Removal

Post by Belahzur on 25th February 2010, 10:47 pm

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
[You must be registered and logged in to see this link.]

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found [You must be registered and logged in to see this link.].

Hopefully this should take care of your problems! Good luck. Big Grin


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum