Do I have a virus?

2 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

Re: Do I have a virus?5th December 2009, 9:58 pm

It is probably the Startup. Post a new HijackThis log, and I can help you have a faster startup.

Re: Do I have a virus?5th December 2009, 10:32 pm

I don't have hijackthis anymore and the link to it is not working anymore and also what is teatimer.exe ever since I got spybot and spyware, my computer has gone slower and my adobe flashplayer 10 is unresponding sometimes.

Re: Do I have a virus?6th December 2009, 3:33 am

Please download: HijackThis to your Desktop.

Double Click the HijackThis icon, located on your Desktop.
By Default, it will install to: C:\Program Files\Trend Micro\HijackThis
It will also create a shortcut on your Desktop.
Accept the license agreement.
Click Do a System Scan and Save a Logfile.
Please post the log in your next reply.

Re: Do I have a virus?6th December 2009, 8:26 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:25:08 PM, on 12/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
C:\PROGRA~1\COMMON~1\McAfee\MSC\McUICnt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Google\Chrome\Application\chrome.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [SymLnch] "C:\Documents and Settings\Justino Binalinbing\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070828\Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\Justino Binalinbing\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070828\Setup.exe" "/REALUPREBOOT /temp /patched"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [Reg Tool] C:\Program Files\Reg Tool\Reg Tool.exe -boot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll (file missing)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c9e3ee33015cfe) (gupdate1c9e3ee33015cfe) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

--
End of file - 14137 bytes

Re: Do I have a virus?6th December 2009, 9:53 pm

Please go to Start > Control Panel > Add or Remove Programs and remove the following (if present):

Reg Tool

Please re-open HijackThis and scan. Check the boxes to the left of all the entries listed below.

O4 - HKCU\..\Run: [Reg Tool] C:\Program Files\Reg Tool\Reg Tool.exe -boot

Then, please exit all programs except for HijackThis (System Tray (bottom right of screen): right-click on each program icon and click an Exit or shut down option, etc.), then click Fix Checked.

After it completes its process, please close HijackThis and reboot your computer.

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\Program Files\Reg Tool

Please reboot your computer again, and post a new HijackThis log here in your next reply.

Re: Do I have a virus?6th December 2009, 11:01 pm

It wouldn't let me remove it on add/remove programs and also the spyware blaster and spyware search and destroy has slowed down my computer. Should I uninstall it?

Re: Do I have a virus?6th December 2009, 11:02 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:58:34 PM, on 12/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [SymLnch] "C:\Documents and Settings\Justino Binalinbing\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070828\Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\Justino Binalinbing\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070828\Setup.exe" "/REALUPREBOOT /temp /patched"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll (file missing)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c9e3ee33015cfe) (gupdate1c9e3ee33015cfe) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

--
End of file - 12899 bytes

Re: Do I have a virus?7th December 2009, 5:38 am

No need to. There may be more malware.

Download OTL.exe by OldTimer to your Desktop.

Close all windows and double click OTL.exe.
Click Run Scan and let the program run uninterrupted.
It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
You may need to use two posts to get it all.

Re: Do I have a virus?30th December 2009, 1:27 pm

OTL logfile created on: 12/8/2009 7:05:44 PM - Run 1
OTL by OldTimer - Version 3.1.11.9 Folder = C:\Documents and Settings\Justino Binalinbing\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.04 Mb Total Physical Memory | 584.18 Mb Available Physical Memory | 57.61% Memory free
2.38 Gb Paging File | 2.00 Gb Available in Paging File | 83.96% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 92.15 Gb Total Space | 22.59 Gb Free Space | 24.52% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC197321389864
Current User Name: Justino Binalinbing
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/12/07 16:44:31 | 00,536,576 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Justino Binalinbing\Desktop\OTL.exe
PRC - [2009/11/15 20:32:26 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/11/15 20:32:25 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/11/12 17:06:04 | 00,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/11/04 17:53:39 | 02,923,192 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2009/10/29 06:54:44 | 01,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/28 20:21:26 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/08 13:48:48 | 00,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/06/02 17:53:43 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/12/08 14:50:04 | 00,054,576 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
PRC - [2008/04/13 16:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/04/11 20:54:16 | 00,102,400 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Hp\QuickPlay\QPService.exe
PRC - [2006/03/31 21:01:48 | 00,761,946 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2006/03/23 10:38:38 | 00,131,072 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
PRC - [2006/03/23 04:17:50 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2006/03/23 04:13:40 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2006/03/15 14:28:32 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
PRC - [2006/02/17 14:26:32 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2006/02/14 18:49:22 | 00,454,656 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
PRC - [2005/08/11 15:30:30 | 00,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

========== Modules (SafeList) ==========

MOD - [2009/12/07 16:44:31 | 00,536,576 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Justino Binalinbing\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (odserv)
SRV - [2009/11/15 20:32:25 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/11/15 15:08:04 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/11/12 17:06:04 | 00,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/16 10:23:32 | 00,365,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/09 03:05:17 | 00,190,448 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/07/08 19:22:22 | 00,068,112 | ---- | M] (McAfee) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe -- (MBackMonitor)
SRV - [2009/07/08 13:48:48 | 00,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\program files\common files\mcafee\mna\mcnasvc.exe -- (McNASvc)
SRV - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/06/02 17:53:43 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9e3ee33015cfe) Google Update Service (gupdate1c9e3ee33015cfe)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/10/06 09:18:06 | 00,033,752 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus(R) Helper) getPlus(R)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/03/15 14:28:32 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
SRV - [2006/02/17 14:26:32 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)

========== Driver Services (SafeList) ==========

DRV - [2009/09/16 09:22:48 | 00,214,664 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 09:22:48 | 00,079,816 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 09:22:48 | 00,040,552 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 09:22:48 | 00,035,272 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 09:22:14 | 00,034,248 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/08/28 18:42:52 | 00,040,448 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/06/17 00:29:59 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/05/18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/04/09 13:23:02 | 00,120,136 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2008/11/20 09:32:46 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2008/11/06 08:37:28 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/04/13 10:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 10:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 08:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/11/13 02:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2006/04/17 12:29:06 | 00,569,856 | ---- | M] (Conexant Systems Inc.) -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006/03/31 20:41:40 | 00,193,056 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/03/23 04:47:06 | 01,166,972 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2006/03/14 10:02:54 | 01,428,480 | ---- | M] (Intel

Corporation) -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2006/02/15 02:57:46 | 00,012,672 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2005/12/22 16:02:22 | 00,051,840 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/11/16 19:28:32 | 00,028,928 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/11/03 00:31:38 | 00,157,696 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel(R)
DRV - [2005/11/01 17:08:00 | 00,308,992 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/10/13 01:07:12 | 00,874,240 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2005/09/19 13:24:20 | 00,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/09/19 13:24:10 | 00,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005/09/19 13:23:52 | 00,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2005/08/22 07:07:00 | 01,035,008 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/08/22 07:06:16 | 00,201,600 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/08/22 07:06:10 | 00,718,464 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/08/04 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/03 22:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/04/14 11:08:00 | 00,044,064 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2004/04/14 11:08:00 | 00,021,280 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2004/04/14 11:08:00 | 00,010,144 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2004/04/14 11:08:00 | 00,005,600 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2001/08/17 22:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 22:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 22:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 22:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 22:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 21:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 21:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 21:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 21:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 21:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 21:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 21:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 21:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 21:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 21:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaulturl: "http://search.live.com/results.aspx?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:3.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.1
FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..keyword.URL: "http://search.live.com/results.aspx?FORM=IEFM1&q="

FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/12/02 01:48:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/12/03 12:20:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/03 12:19:46 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/03 12:19:41 | 00,000,000 | ---D | M]

[2008/12/02 19:22:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Justino Binalinbing\Application Data\Mozilla\Extensions
[2009/11/21 10:07:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Justino Binalinbing\Application Data\Mozilla\Firefox\Profiles\vxipa4zv.default\extensions
[2009/03/12 18:02:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Justino Binalinbing\Application Data\Mozilla\Firefox\Profiles\vxipa4zv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/11/15 20:47:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Justino Binalinbing\Application Data\Mozilla\Firefox\Profiles\vxipa4zv.default\extensions\illimitux@illimitux.net
[2009/03/22 19:40:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Justino Binalinbing\Application Data\Mozilla\Firefox\Profiles\vxipa4zv.default\extensions\moveplayer@movenetworks.com
[2009/06/17 17:45:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Justino Binalinbing\Application Data\Mozilla\Firefox\Profiles\vxipa4zv.default\extensions\searchrecs@veoh.com
[2009/04/18 04:02:09 | 00,001,632 | ---- | M] () -- C:\Documents and Settings\Justino Binalinbing\Application Data\Mozilla\Firefox\Profiles\vxipa4zv.default\searchplugins\live-search.xml
[2008/12/12 10:23:54 | 00,002,158 | ---- | M] () -- C:\Documents and Settings\Justino Binalinbing\Application Data\Mozilla\Firefox\Profiles\vxipa4zv.default\searchplugins\MySpace.xml
[2009/11/21 10:07:03 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/03/02 23:31:29 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/03/09 12:29:05 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\google-cjk@partners.mozilla.com
[2009/04/16 16:40:11 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\searchme@searchme.com
[2008/09/03 16:11:24 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2009/11/04 17:53:37 | 00,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2007/04/16 09:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: (509 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [SymLnch] C:\Documents and Settings\Justino Binalinbing\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070828\Support\SymLnch\SymLnch.exe (Symantec Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll File not found
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll File not found
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{c48985d8-cd51-11dd-aa3e-0016d3098e73}\Shell - "" = AutoRun
O33 - MountPoints2\{c48985d8-cd51-11dd-aa3e-0016d3098e73}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c48985d8-cd51-11dd-aa3e-0016d3098e73}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2009/12/08 16:09:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Justino Binalinbing\Application Data\GTek
[2009/12/07 16:44:26 | 00,536,576 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Justino Binalinbing\Desktop\OTL.exe
[2009/12/06 12:24:25 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/12/05 11:33:10 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Justino Binalinbing\Recent
[2009/12/05 11:28:51 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/12/05 11:06:35 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/12/05 11:06:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/12/05 11:03:36 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2009/12/02 18:00:20 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009/11/23 22:11:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Justino Binalinbing\Desktop\Root
[2009/11/15 20:42:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Justino Binalinbing\Application Data\Reg Tool
[2009/11/15 20:32:45 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/11/15 20:32:45 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/11/15 20:32:45 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/11/15 20:32:45 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/11/15 20:31:56 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/11/15 15:17:35 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2009/11/15 15:10:10 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/11/11 21:16:25 | 00,000,000 | ---D | C] -- C:\Program Files\Jumi
[2005/09/24 08:49:16 | 00,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/08 18:31:28 | 00,521,766 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/08 18:31:28 | 00,441,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/08 18:31:28 | 00,071,462 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/08 18:27:41 | 00,001,957 | ---- | M] () -- C:\hpqp.ini
[2009/12/08 18:27:33 | 00,000,039 | ---- | M] () -- C:\XP_TV.ini
[2009/12/08 18:27:15 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/12/08 18:27:04 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/08 18:27:01 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/08 18:26:54 | 10,633,74848 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/08 18:25:54 | 00,034,149 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/12/08 18:25:51 | 06,029,312 | ---- | M] () -- C:\Documents and Settings\Justino Binalinbing\ntuser.dat
[2009/12/08 18:25:51 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Justino Binalinbing\ntuser.ini
[2009/12/08 16:09:52 | 00,043,452 | ---- | M] () -- C:\WINDOWS\System32\OEMINFO.PNF
[2009/12/07 16:44:31 | 00,536,576 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Justino Binalinbing\Desktop\OTL.exe
[2009/12/06 12:24:26 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Justino Binalinbing\Desktop\HijackThis.lnk
[2009/12/05 12:12:52 | 00,003,165 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2009/12/05 11:29:03 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Justino Binalinbing\Desktop\CCleaner.lnk
[2009/12/04 23:19:19 | 01,575,732 | -H-- | M] () -- C:\Documents and Settings\Justino Binalinbing\Local Settings\Application Data\IconCache.db
[2009/11/27 21:41:51 | 56,120,885 | ---- | M] () -- C:\Documents and Settings\Justino Binalinbing\Desktop\Bowling for Soup - Drunk Enough to Dance.zip
[2009/11/27 02:41:23 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\Justino Binalinbing\Application Data\winscp.rnd
[2009/11/26 21:05:52 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/15 20:32:23 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/11/15 20:32:23 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/11/15 20:32:23 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/11/15 20:32:23 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/11/15 20:32:22 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/11/11 20:53:56 | 00,283,720 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/11 20:49:43 | 00,000,624 | ---- | M] () -- C:\WINDOWS\win.ini
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/08 16:09:51 | 00,043,452 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.PNF
[2009/12/06 12:24:26 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Justino Binalinbing\Desktop\HijackThis.lnk
[2009/12/05 11:29:01 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\Justino Binalinbing\Desktop\CCleaner.lnk
[2009/11/27 21:37:42 | 56,120,885 | ---- | C] () -- C:\Documents and Settings\Justino Binalinbing\Desktop\Bowling for Soup - Drunk Enough to Dance.zip
[2009/11/15 20:51:26 | 06,029,312 | ---- | C] () -- C:\Documents and Settings\Justino Binalinbing\ntuser.dat
[2009/10/15 17:08:39 | 00,742,388 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate
[2009/10/12 21:38:52 | 01,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2009/08/03 20:34:46 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\Justino Binalinbing\Application Data\winscp.rnd
[2009/07/23 16:52:04 | 00,000,004 | ---- | C] () -- C:\Documents and Settings\Justino Binalinbing\Application Data\AB12F4
[2009/07/23 16:52:03 | 00,870,128 | ---- | C] () -- C:\Documents and Settings\Justino Binalinbing\Application Data\mcs.rma
[2009/01/04 22:02:53 | 00,000,806 | ---- | C] () -- C:\Documents and Settings\Justino Binalinbing\Application Data\wklnhst.dat
[2008/12/25 17:58:26 | 00,017,408 | ---- | C] () -- C:\Documents and Settings\Justino Binalinbing\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/03 23:25:04 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/12/03 23:25:04 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/12/02 18:16:06 | 00,000,142 | ---- | C] () -- C:\Documents and Settings\Justino Binalinbing\Local Settings\Application Data\fusioncache.dat
[2008/12/02 18:16:06 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Justino Binalinbing\Local Settings\Application Data\DSwitch.txt
[2008/12/02 18:16:06 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Justino Binalinbing\Local Settings\Application Data\AtStart.txt
[2008/12/02 18:16:05 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Justino Binalinbing\Local Settings\Application Data\QSwitch.txt
[2008/11/06 08:37:32 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/01/14 15:47:06 | 00,099,712 | ---- | C] () -- C:\WINDOWS\HPBroker.dll
[2007/07/03 21:16:13 | 00,000,175 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/05/03 22:46:41 | 00,003,303 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/10/03 23:36:46 | 00,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/09/14 11:14:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2006/08/11 21:40:32 | 00,000,074 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/08/11 21:37:36 | 00,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/08/11 21:11:54 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/11 21:07:38 | 00,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/03/27 09:00:36 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/27 08:24:48 | 00,000,368 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/03/27 08:20:24 | 00,003,165 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/03/27 08:17:12 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/12/02 10:09:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/05/05 18:06:32 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 175 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7631EA83
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

Re: Do I have a virus?30th December 2009, 8:38 pm

Please download ComboFix Do I have a virus? - Page 1 Combofix

from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Do I have a virus? - Page 1 RC_successful

Do I have a virus? - Page 1 RC_successful

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

Re: Do I have a virus?31st December 2009, 12:36 am

ComboFix 09-12-29.06 - Justino Binalinbing 12/30/2009 16:21:06.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.509 [GMT -8:00]
Running from: c:\documents and settings\Justino Binalinbing\Desktop\commy.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Cheat Engine\dbk32.sys

.
((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-31 )))))))))))))))))))))))))))))))
.

2009-12-30 23:48 . 2008-04-14 00:12 82432 ---h-tw- c:\windows\system32\2c0d9a04.dll
2009-12-30 23:48 . 2008-04-14 00:12 82432 ---h-tw- c:\windows\system32\2b7f89de.dll
2009-12-30 23:03 . 2008-04-14 00:12 82432 ---h-tw- c:\windows\system32\380ac2c0.dll
2009-12-30 23:03 . 2008-04-14 00:12 82432 ---h-tw- c:\windows\system32\f86fb80.dll
2009-12-26 05:00 . 2009-10-26 13:47 4221952 ----a-w- c:\windows\system32\drivers\NETw5x32.sys
2009-12-26 05:00 . 2008-06-20 17:33 2756608 ----a-w- c:\windows\system32\NETw5r32.dll
2009-12-26 05:00 . 2008-06-20 17:32 663552 ----a-w- c:\windows\system32\NETw5c32.dll
2009-12-26 03:24 . 2009-12-26 03:24 -------- d-----w- c:\program files\SP36869
2009-12-26 02:36 . 2009-12-26 02:36 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-12-26 02:27 . 2006-12-11 19:05 2732032 ------w- c:\windows\system32\NETw3r32.dll
2009-12-26 02:27 . 2006-12-11 19:05 1711488 ----a-w- c:\windows\system32\drivers\NETw3x32.sys
2009-12-26 02:27 . 2006-12-11 19:05 561152 ------w- c:\windows\system32\NETw3c32.dll
2009-12-09 00:09 . 2009-12-09 00:09 -------- d-----w- c:\documents and settings\Justino Binalinbing\Application Data\GTek
2009-12-06 20:24 . 2009-12-06 20:24 -------- d-----w- c:\program files\Trend Micro
2009-12-05 19:28 . 2009-12-05 19:29 -------- d-----w- c:\program files\CCleaner
2009-12-05 19:06 . 2009-12-06 22:57 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-05 19:06 . 2009-12-06 22:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-05 19:03 . 2009-12-05 19:05 -------- d-----w- c:\program files\SpywareBlaster
2009-12-03 20:18 . 2009-12-03 20:18 33558 ----a-w- c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\Firefox_Toolbar_Uninstaller.exe
2009-12-03 02:00 . 2009-12-03 02:00 -------- d-----w- c:\program files\ESET
2009-12-03 01:54 . 2009-12-03 01:54 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-31 00:30 . 2009-10-13 05:38 -------- d-----w- c:\program files\Cheat Engine
2009-12-29 19:47 . 2009-03-11 06:33 -------- d-----w- c:\program files\McAfee
2009-12-04 05:28 . 2009-09-14 23:15 -------- d-----w- c:\documents and settings\Justino Binalinbing\Application Data\HpUpdate
2009-12-02 07:37 . 2009-01-09 07:11 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-11-24 19:30 . 2009-04-10 20:29 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-22 23:34 . 2009-10-17 20:24 -------- d-----w- c:\program files\Stellar Phoenix Photo Recovery
2009-11-16 04:51 . 2009-11-16 04:42 -------- d-----w- c:\documents and settings\Justino Binalinbing\Application Data\Reg Tool
2009-11-16 04:32 . 2008-12-03 03:05 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-16 04:31 . 2009-11-16 04:31 -------- d-----w- c:\program files\Java
2009-11-15 23:17 . 2009-11-15 23:17 -------- d-----w- c:\program files\Adobe Media Player
2009-11-15 23:16 . 2006-09-17 07:20 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-15 23:10 . 2009-11-15 23:10 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-11-12 05:21 . 2009-11-12 05:16 -------- d-----w- c:\program files\Jumi
2009-11-05 02:35 . 2009-11-05 02:35 45056 ----a-r- c:\documents and settings\Justino Binalinbing\Application Data\Microsoft\Installer\{08C2044E-9E98-4005-8E3C-E438A10501EC}\MapleStory.exe1_08C2044E9E9840058E3CE438A10501EC.exe
2009-11-05 02:35 . 2009-11-05 02:35 45056 ----a-r- c:\documents and settings\Justino Binalinbing\Application Data\Microsoft\Installer\{08C2044E-9E98-4005-8E3C-E438A10501EC}\MapleStory.exe_08C2044E9E9840058E3CE438A10501EC.exe
2009-11-05 02:35 . 2009-11-05 02:35 10134 ----a-r- c:\documents and settings\Justino Binalinbing\Application Data\Microsoft\Installer\{08C2044E-9E98-4005-8E3C-E438A10501EC}\ARPPRODUCTICON.exe
2009-11-05 01:54 . 2008-12-03 03:43 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2009-11-04 03:26 . 2009-11-04 03:26 85504 ----a-w- c:\windows\Inherit.exe
2009-11-04 03:26 . 2008-10-04 02:52 -------- d-----w- c:\program files\iTunes
2009-11-04 03:25 . 2008-10-04 02:52 -------- d-----w- c:\program files\iPod
2009-11-04 03:15 . 2009-11-04 03:15 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-04 00:50 . 2007-07-24 23:58 95616 ----a-w- c:\windows\junction.exe
2009-10-29 07:45 . 2004-08-04 21:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-08-04 21:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 21:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 21:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-14 18:30 . 2008-12-03 02:16 71384 ----a-w- c:\documents and settings\Justino Binalinbing\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-13 10:30 . 2004-08-04 21:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-08-04 21:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-08-04 21:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 -c--a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 -c--a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[7] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

c:\windows\System32\eventlog.dll ... is missing !!
.
((((((((((((((((((((((((((((( SnapShot@2009-10-28_02.43.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-30 22:22 . 2009-12-30 22:22 16384 c:\windows\temp\Perflib_Perfdata_6bc.dat
+ 2008-12-04 23:56 . 2009-10-28 15:07 46080 c:\windows\system32\tzchange.exe
- 2008-12-04 23:56 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe
+ 2007-11-01 12:45 . 2007-11-01 12:45 69632 c:\windows\system32\TWUNK_32.EXE
+ 2007-11-01 12:45 . 2007-11-01 12:45 48560 c:\windows\system32\TWUNK_16.EXE
+ 2007-11-01 12:45 . 2007-11-01 12:45 77312 c:\windows\system32\TWAIN_32.DLL
+ 2006-03-27 16:07 . 2009-12-26 05:08 71462 c:\windows\system32\perfc009.dat
- 2006-03-27 16:07 . 2009-10-16 21:41 71462 c:\windows\system32\perfc009.dat
+ 2007-08-14 02:54 . 2009-10-29 07:45 55296 c:\windows\system32\msfeedsbs.dll
- 2007-08-14 02:54 . 2009-07-03 17:09 55296 c:\windows\system32\msfeedsbs.dll
- 2004-08-04 21:00 . 2009-07-03 17:09 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-04 21:00 . 2009-10-29 07:45 25600 c:\windows\system32\jsproxy.dll
+ 2009-10-30 04:15 . 2009-09-10 21:54 38224 c:\windows\system32\drivers\mbamswissarmy.sys
+ 2009-10-30 04:15 . 2009-09-10 21:53 19160 c:\windows\system32\drivers\mbam.sys
+ 2009-06-20 07:33 . 2009-10-29 07:45 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-06-20 07:33 . 2009-07-03 17:09 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-10-21 05:38 . 2009-10-21 05:38 75776 c:\windows\system32\dllcache\strmfilt.dll
+ 2009-10-12 13:38 . 2009-10-12 13:38 79872 c:\windows\system32\dllcache\raschap.dll
- 2008-08-26 07:24 . 2009-07-03 17:09 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-08-26 07:24 . 2009-10-29 07:45 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2004-08-04 21:00 . 2009-07-03 17:09 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-04 21:00 . 2009-10-29 07:45 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-10-21 05:38 . 2009-10-21 05:38 25088 c:\windows\system32\dllcache\httpapi.dll
+ 2008-12-03 00:57 . 2009-12-30 23:02 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-12-03 00:57 . 2009-10-27 23:12 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-10-28 04:04 . 2009-12-30 23:02 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-12-03 00:57 . 2009-10-27 23:12 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2006-08-12 05:13 . 2006-12-11 19:05 53248 c:\windows\iwlandrvxpver.dll
- 2006-08-12 05:13 . 2006-03-14 18:02 53248 c:\windows\iwlandrvxpver.dll
+ 2009-11-03 04:19 . 2009-11-03 04:19 22528 c:\windows\Installer\1b4e7.msi
+ 2009-11-15 23:17 . 2009-11-15 23:17 23552 c:\windows\Installer\155fef.msi
+ 2009-11-15 23:10 . 2009-11-15 23:10 26112 c:\windows\Installer\155f97.msi
+ 2009-11-25 00:38 . 2009-11-25 00:38 32768 c:\windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe
- 2006-08-12 05:11 . 2009-10-16 21:33 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2006-08-12 05:11 . 2009-12-26 02:29 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2006-08-12 05:11 . 2009-12-26 02:29 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2006-08-12 05:11 . 2009-10-16 21:33 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2006-08-12 05:11 . 2009-12-26 02:29 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2006-08-12 05:11 . 2009-10-16 21:33 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2006-08-12 05:11 . 2009-12-26 02:29 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2006-08-12 05:11 . 2009-10-16 21:33 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-12-26 02:27 . 2009-07-03 17:09 12800 c:\windows\ie8updates\KB976325-IE8\xpshims.dll
+ 2009-12-26 02:27 . 2009-07-03 17:09 55296 c:\windows\ie8updates\KB976325-IE8\msfeedsbs.dll
+ 2009-12-26 02:27 . 2009-07-03 17:09 25600 c:\windows\ie8updates\KB976325-IE8\jsproxy.dll
+ 2009-11-25 00:41 . 2009-07-14 11:03 46080 c:\windows\$NtUninstallKB976098-v2$\tzchange.exe
+ 2009-11-25 00:41 . 2009-10-29 02:03 16896 c:\windows\$NtUninstallKB976098-v2$\spuninst\tzchange.dll
+ 2009-11-25 00:41 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB973687\update\spcustom.dll
+ 2009-11-25 00:41 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB973687\spmsg.dll
+ 2009-11-12 04:29 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB969947\update\spcustom.dll
+ 2009-11-12 04:29 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB969947\spmsg.dll
+ 2006-08-12 05:11 . 2009-12-26 02:29 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2006-08-12 05:11 . 2009-10-16 21:33 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-07-12 09:12 . 2009-07-12 09:12 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
+ 2009-07-12 09:09 . 2009-07-12 09:09 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
+ 2009-07-12 09:08 . 2009-07-12 09:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll
+ 2006-06-05 22:14 . 2006-06-05 22:14 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll
+ 2006-06-05 22:14 . 2006-06-05 22:14 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll
+ 2006-06-05 22:14 . 2006-06-05 22:14 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll
+ 2004-08-04 21:00 . 2009-08-25 09:17 354816 c:\windows\system32\winhttp.dll
+ 2006-03-27 16:07 . 2009-12-26 05:08 441692 c:\windows\system32\perfh009.dat
- 2006-03-27 16:07 . 2009-10-16 21:41 441692 c:\windows\system32\perfh009.dat
- 2004-08-04 21:00 . 2009-07-03 17:09 206848 c:\windows\system32\occache.dll
+ 2004-08-04 21:00 . 2009-10-29 07:45 206848 c:\windows\system32\occache.dll
+ 2008-07-31 18:16 . 2008-07-31 18:16 947472 c:\windows\system32\msjava.dll
+ 2007-08-14 02:54 . 2009-10-29 07:45 594432 c:\windows\system32\msfeeds.dll
- 2007-08-14 02:54 . 2009-07-03 17:09 594432 c:\windows\system32\msfeeds.dll
+ 2009-11-16 04:32 . 2009-11-16 04:32 149280 c:\windows\system32\javaws.exe
+ 2009-11-16 04:32 . 2009-11-16 04:32 145184 c:\windows\system32\javaw.exe
+ 2009-11-16 04:32 . 2009-11-16 04:32 145184 c:\windows\system32\java.exe
+ 2005-07-03 10:11 . 2009-10-29 07:45 184320 c:\windows\system32\iepeers.dll
- 2005-07-03 10:11 . 2009-07-03 17:09 184320 c:\windows\system32\iepeers.dll
+ 2004-08-04 21:00 . 2009-10-29 07:45 387584 c:\windows\system32\iedkcs32.dll
- 2004-08-04 21:00 . 2009-07-03 11:01 173056 c:\windows\system32\ie4uinit.exe
+ 2004-08-04 21:00 . 2009-10-28 14:40 173056 c:\windows\system32\ie4uinit.exe
- 2006-03-27 16:03 . 2009-10-16 00:42 283720 c:\windows\system32\FNTCACHE.DAT
+ 2006-03-27 16:03 . 2009-11-12 04:53 283720 c:\windows\system32\FNTCACHE.DAT
+ 2009-12-26 05:00 . 2009-11-11 12:26 557056 c:\windows\system32\DRVSTORE\w29n51_AEF466EE116FDF742A02BFF75E6143DB4A91003C\Netw2c32.dll
+ 2009-12-26 05:00 . 2008-06-20 17:32 663552 c:\windows\system32\DRVSTORE\netw5x32_82B9AE35153F0147942779E59FCCBAEDA8F5CF94\NETw5c32.dll
+ 2009-12-26 02:27 . 2006-12-11 19:05 646656 c:\windows\system32\DRVSTORE\netw39x5_5141F197023A2B6445613A88DC7CF47353D18D69\NETw3c64.dll
+ 2009-12-26 02:27 . 2006-12-11 19:05 561152 c:\windows\system32\DRVSTORE\netw39x5_5141F197023A2B6445613A88DC7CF47353D18D69\NETw3c32.dll
+ 2008-12-04 23:56 . 2009-10-29 07:45 916480 c:\windows\system32\dllcache\wininet.dll
+ 2008-12-16 12:30 . 2009-08-25 09:17 354816 c:\windows\system32\dllcache\winhttp.dll
+ 2009-10-12 13:38 . 2009-10-12 13:38 149504 c:\windows\system32\dllcache\rastls.dll
+ 2007-08-14 02:44 . 2009-10-29 07:45 206848 c:\windows\system32\dllcache\occache.dll
- 2007-08-14 02:44 . 2009-07-03 17:09 206848 c:\windows\system32\dllcache\occache.dll
+ 2009-10-13 10:30 . 2009-10-13 10:30 270336 c:\windows\system32\dllcache\oakley.dll
+ 2008-08-26 07:24 . 2009-10-29 07:45 594432 c:\windows\system32\dllcache\msfeeds.dll
- 2008-08-26 07:24 . 2009-07-03 17:09 594432 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-06-20 07:33 . 2009-10-29 07:45 246272 c:\windows\system32\dllcache\ieproxy.dll
- 2009-06-20 07:33 . 2009-07-03 17:09 246272 c:\windows\system32\dllcache\ieproxy.dll
- 2008-12-04 23:56 . 2009-07-03 17:09 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2008-12-04 23:56 . 2009-10-29 07:45 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2007-08-14 02:39 . 2009-10-29 07:45 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-08-14 02:39 . 2009-10-28 14:40 173056 c:\windows\system32\dllcache\ie4uinit.exe
- 2007-08-14 02:39 . 2009-07-03 11:01 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-10-20 16:20 . 2009-10-20 16:20 265728 c:\windows\system32\dllcache\http.sys
+ 2009-12-26 02:36 . 2009-12-26 02:36 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-11-25 00:38 . 2009-11-25 00:38 429568 c:\windows\Installer\f75da.msi
+ 2009-11-05 02:35 . 2009-11-05 02:35 550912 c:\windows\Installer\cb465b.msi
+ 2009-11-04 03:18 . 2009-11-04 03:18 796672 c:\windows\Installer\8afba4.msi
+ 2009-09-09 23:40 . 2009-09-09 23:40 632320 c:\windows\Installer\2d7067.msp
+ 2009-12-04 05:25 . 2009-12-04 05:25 816640 c:\windows\Installer\1f76fa4.msi
+ 2009-11-04 03:27 . 2009-11-04 03:27 102400 c:\windows\Installer\{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}\iTunesIco.exe
- 2006-08-12 05:11 . 2009-10-16 21:33 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2006-08-12 05:11 . 2009-12-26 02:29 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2006-08-12 05:11 . 2009-12-26 02:29 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2006-08-12 05:11 . 2009-10-16 21:33 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2006-08-12 05:11 . 2009-10-16 21:33 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2006-08-12 05:11 . 2009-12-26 02:29 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2006-08-12 05:11 . 2009-12-26 02:29 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2006-08-12 05:11 . 2009-10-16 21:33 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2006-08-12 05:11 . 2009-12-26 02:29 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2006-08-12 05:11 . 2009-10-16 21:33 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-12-04 05:25 . 2009-12-04 05:25 102400 c:\windows\Installer\{74DC0593-6BC6-4001-AD5F-D810AFB68D86}\NewShortcut1_47F36D92E58E456DB73C3382737E4C42.exe
+ 2009-12-26 02:27 . 2009-07-03 17:09 915456 c:\windows\ie8updates\KB976325-IE8\wininet.dll
+ 2009-12-26 02:27 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB976325-IE8\spuninst\updspapi.dll
+ 2009-12-26 02:27 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB976325-IE8\spuninst\spuninst.exe
+ 2009-12-26 02:27 . 2009-07-03 17:09 206848 c:\windows\ie8updates\KB976325-IE8\occache.dll
+ 2009-12-26 02:27 . 2009-07-03 17:09 594432 c:\windows\ie8updates\KB976325-IE8\msfeeds.dll
+ 2009-12-26 02:27 . 2009-07-03 17:09 246272 c:\windows\ie8updates\KB976325-IE8\ieproxy.dll
+ 2009-12-26 02:27 . 2009-07-03 17:09 184320 c:\windows\ie8updates\KB976325-IE8\iepeers.dll
+ 2009-12-26 02:27 . 2009-07-03 17:09 386048 c:\windows\ie8updates\KB976325-IE8\iedkcs32.dll
+ 2009-12-26 02:27 . 2009-07-03 11:01 173056 c:\windows\ie8updates\KB976325-IE8\ie4uinit.exe
+ 2009-10-20 16:20 . 2009-10-20 16:20 265728 c:\windows\Driver Cache\i386\http.sys
+ 2009-11-25 00:41 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB976098-v2$\spuninst\updspapi.dll
+ 2009-11-25 00:41 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB976098-v2$\spuninst\spuninst.exe
+ 2009-11-25 00:41 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB973687$\spuninst\updspapi.dll
+ 2009-11-25 00:41 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB973687$\spuninst\spuninst.exe
+ 2009-11-12 04:29 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB969947$\spuninst\updspapi.dll
+ 2009-11-12 04:29 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB969947$\spuninst\spuninst.exe
+ 2009-11-25 00:41 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB973687\update\updspapi.dll
+ 2009-11-25 00:41 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB973687\update\update.exe
+ 2009-11-25 00:41 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB973687\spuninst.exe
+ 2009-11-12 04:29 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB969947\update\updspapi.dll
+ 2009-11-12 04:29 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB969947\update\update.exe
+ 2009-11-12 04:29 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB969947\spuninst.exe
+ 2009-07-21 08:03 . 2009-07-21 08:03 1348432 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9876.0_x-ww_a621d1d5\msxml4.dll
+ 2004-08-04 21:00 . 2009-08-14 13:21 1850624 c:\windows\system32\win32k.sys
+ 2004-08-04 21:00 . 2009-10-29 07:45 1208832 c:\windows\system32\urlmon.dll
- 2004-08-04 21:00 . 2009-07-03 17:09 1208832 c:\windows\system32\urlmon.dll
+ 2008-12-06 09:46 . 2009-07-31 18:05 1372672 c:\windows\system32\msxml6.dll
+ 2009-07-21 08:05 . 2009-07-21 08:05 1348432 c:\windows\system32\msxml4.dll
+ 2004-08-04 21:00 . 2009-07-31 04:35 1172480 c:\windows\system32\msxml3.dll
+ 2004-08-04 21:00 . 2009-10-29 07:45 5940736 c:\windows\system32\mshtml.dll
- 2007-08-14 02:34 . 2009-07-03 17:09 1985536 c:\windows\system32\iertutil.dll
+ 2007-08-14 02:34 . 2009-10-29 07:45 1985536 c:\windows\system32\iertutil.dll
+ 2009-12-26 05:00 . 2009-11-11 12:26 2216064 c:\windows\system32\DRVSTORE\w29n51_AEF466EE116FDF742A02BFF75E6143DB4A91003C\w29n51.sys
+ 2009-12-26 05:00 . 2009-11-11 12:26 2212352 c:\windows\system32\DRVSTORE\w29n51_AEF466EE116FDF742A02BFF75E6143DB4A91003C\w29n50.sys
+ 2009-12-26 05:00 . 2009-11-11 12:26 2732032 c:\windows\system32\DRVSTORE\w29n51_AEF466EE116FDF742A02BFF75E6143DB4A91003C\Netw2r32.dll
+ 2009-12-26 05:00 . 2009-10-26 13:47 4221952 c:\windows\system32\DRVSTORE\netw5x32_82B9AE35153F0147942779E59FCCBAEDA8F5CF94\NETw5x32.sys
+ 2009-12-26 05:00 . 2008-06-20 17:33 2756608 c:\windows\system32\DRVSTORE\netw5x32_82B9AE35153F0147942779E59FCCBAEDA8F5CF94\NETw5r32.dll
+ 2009-12-26 02:27 . 2006-12-11 19:05 2056704 c:\windows\system32\DRVSTORE\netw39x5_5141F197023A2B6445613A88DC7CF47353D18D69\NETw3x64.sys
+ 2009-12-26 02:27 . 2006-12-11 19:05 1711488 c:\windows\system32\DRVSTORE\netw39x5_5141F197023A2B6445613A88DC7CF47353D18D69\NETw3x32.sys
+ 2009-12-26 02:27 . 2006-12-11 19:05 2628096 c:\windows\system32\DRVSTORE\netw39x5_5141F197023A2B6445613A88DC7CF47353D18D69\NETw3r64.dll
+ 2009-12-26 02:27 . 2006-12-11 19:05 2732032 c:\windows\system32\DRVSTORE\netw39x5_5141F197023A2B6445613A88DC7CF47353D18D69\NETw3r32.dll
+ 2009-12-26 02:27 . 2006-12-11 19:05 1706752 c:\windows\system32\DRVSTORE\netw39x5_5141F197023A2B6445613A88DC7CF47353D18D69\NETw3k32.sys
+ 2008-12-04 23:57 . 2009-08-14 13:21 1850624 c:\windows\system32\dllcache\win32k.sys
+ 2008-12-04 23:56 . 2009-10-29 07:45 1208832 c:\windows\system32\dllcache\urlmon.dll
- 2008-12-04 23:56 . 2009-07-03 17:09 1208832 c:\windows\system32\dllcache\urlmon.dll
+ 2008-12-06 09:46 . 2009-07-31 18:05 1372672 c:\windows\system32\dllcache\msxml6.dll
+ 2008-12-04 23:56 . 2009-07-31 04:35 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2008-12-04 23:56 . 2009-10-29 07:45 5940736 c:\windows\system32\dllcache\mshtml.dll
+ 2008-08-26 07:24 . 2009-10-29 07:45 1985536 c:\windows\system32\dllcache\iertutil.dll
- 2008-08-26 07:24 . 2009-07-03 17:09 1985536 c:\windows\system32\dllcache\iertutil.dll
- 2009-10-13 05:38 . 2007-12-27 00:30 1970176 c:\windows\system32\d3dx9.dll
+ 2009-10-13 05:38 . 2007-12-27 01:30 1970176 c:\windows\system32\d3dx9.dll
+ 2009-10-22 20:46 . 2009-10-22 20:46 6821888 c:\windows\Installer\b17cd.msp
+ 2009-10-07 02:40 . 2009-10-07 02:40 7681024 c:\windows\Installer\b17bb.msp
+ 2009-10-22 20:28 . 2009-10-22 20:28 5521408 c:\windows\Installer\b17a9.msp
+ 2009-11-04 03:27 . 2009-11-04 03:27 4454912 c:\windows\Installer\8b0345.msi
+ 2009-11-16 05:25 . 2009-11-16 05:25 2435584 c:\windows\Installer\42efbd.msi
+ 2009-11-16 05:13 . 2009-11-16 05:13 1767936 c:\windows\Installer\42ef93.msi
+ 2009-11-16 06:45 . 2009-11-16 06:45 2435584 c:\windows\Installer\3a58b.msi
+ 2009-11-16 06:42 . 2009-11-16 06:42 1767936 c:\windows\Installer\3a582.msi
+ 2009-11-20 23:00 . 2009-11-20 23:00 5521408 c:\windows\Installer\2d7079.msp
+ 2009-12-17 06:58 . 2009-12-17 06:58 5382144 c:\windows\Installer\2d7056.msp
+ 2009-11-15 23:20 . 2009-11-15 23:20 4057088 c:\windows\Installer\155ff5.msi
+ 2009-11-15 23:16 . 2009-11-15 23:16 3285504 c:\windows\Installer\155fe4.msi
+ 2009-11-15 23:15 . 2009-11-15 23:15 3178496 c:\windows\Installer\155fdf.msi
+ 2009-11-15 23:14 . 2009-11-15 23:14 3075072 c:\windows\Installer\155fda.msi
+ 2009-11-15 23:14 . 2009-11-15 23:14 3089408 c:\windows\Installer\155fd5.msi
+ 2009-11-15 23:14 . 2009-11-15 23:14 3078656 c:\windows\Installer\155fd0.msi
+ 2009-11-15 23:13 . 2009-11-15 23:13 3146240 c:\windows\Installer\155fcb.msi
+ 2009-11-15 23:13 . 2009-11-15 23:13 3083776 c:\windows\Installer\155fc6.msi
+ 2009-11-15 23:12 . 2009-11-15 23:12 3076096 c:\windows\Installer\155fbf.msi
+ 2009-11-15 23:12 . 2009-11-15 23:12 3079680 c:\windows\Installer\155fba.msi
+ 2009-11-15 23:12 . 2009-11-15 23:12 3087360 c:\windows\Installer\155fb5.msi
+ 2009-11-15 23:11 . 2009-11-15 23:11 3094016 c:\windows\Installer\155fb0.msi
+ 2009-11-15 23:11 . 2009-11-15 23:11 3831808 c:\windows\Installer\155fab.msi
+ 2009-11-15 23:10 . 2009-11-15 23:10 3073024 c:\windows\Installer\155fa5.msi
+ 2009-11-15 23:10 . 2009-11-15 23:10 3110912 c:\windows\Installer\155f9e.msi
+ 2009-11-15 23:09 . 2009-11-15 23:09 3150848 c:\windows\Installer\155f7f.msi
+ 2009-11-15 23:09 . 2009-11-15 23:09 3273216 c:\windows\Installer\155f77.msi
+ 2009-11-15 23:08 . 2009-11-15 23:08 3186176 c:\windows\Installer\155f72.msi
+ 2009-11-15 23:08 . 2009-11-15 23:08 3228160 c:\windows\Installer\155f6d.msi
+ 2009-11-15 23:08 . 2009-11-15 23:08 3070976 c:\windows\Installer\155f68.msi
+ 2009-11-15 23:06 . 2009-11-15 23:06 3174400 c:\windows\Installer\155f63.msi
+ 2009-11-16 04:32 . 2009-11-16 04:32 1757696 c:\windows\Installer\13b2ae.msi
+ 2009-12-26 02:27 . 2009-07-03 17:09 1208832 c:\windows\ie8updates\KB976325-IE8\urlmon.dll
+ 2009-12-26 02:27 . 2009-07-19 13:18 5937152 c:\windows\ie8updates\KB976325-IE8\mshtml.dll
+ 2009-12-26 02:27 . 2009-07-03 17:09 1985536 c:\windows\ie8updates\KB976325-IE8\iertutil.dll
+ 2009-12-04 05:25 . 2009-12-04 05:25 1729024 c:\windows\Hewlett-Packard\Setup Files\HP Software Update\{2CA9E997-73DA-4996-BEF1-58DABC19657C}\HP Update.msi
+ 2009-11-25 00:41 . 2008-09-10 01:14 1307648 c:\windows\$NtUninstallKB973687$\msxml6.dll
+ 2009-11-25 00:41 . 2008-09-04 17:15 1106944 c:\windows\$NtUninstallKB973687$\msxml3.dll
+ 2009-11-12 04:29 . 2009-04-17 12:26 1847168 c:\windows\$NtUninstallKB969947$\win32k.sys
+ 2009-11-25 00:26 . 2009-07-31 04:24 1447424 c:\windows\$hf_mig$\KB973687\SP3QFE\msxml6.dll
+ 2009-11-25 00:26 . 2009-07-31 04:24 1172480 c:\windows\$hf_mig$\KB973687\SP3QFE\msxml3.dll
+ 2009-08-14 12:19 . 2009-08-14 12:19 1859712 c:\windows\$hf_mig$\KB969947\SP3QFE\win32k.sys
+ 2008-12-05 06:53 . 2009-12-01 20:06 25966024 c:\windows\system32\MRT.exe
+ 2007-08-14 02:54 . 2009-10-29 07:45 11069952 c:\windows\system32\ieframe.dll
+ 2008-10-03 17:41 . 2009-10-29 07:45 11069952 c:\windows\system32\dllcache\ieframe.dll
+ 2009-12-26 02:27 . 2009-07-20 01:48 11067392 c:\windows\ie8updates\KB976325-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-20 68856]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2009-11-05 2923192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-15 454656]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-17 61952]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 761946]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-04-12 102400]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-23 131072]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-01-26 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-16 149280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SymLnch"="c:\documents and settings\Justino Binalinbing\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070828\Support\SymLnch\SymLnch.exe" [2007-08-27 687976]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57961:TCP"= 57961:TCP:Pando Media Booster
"57961:UDP"= 57961:UDP:Pando Media Booster
"59115:TCP"= 59115:TCP:Pando Media Booster
"59115:UDP"= 59115:UDP:Pando Media Booster
"56514:TCP"= 56514:TCP:Pando Media Booster
"56514:UDP"= 56514:UDP:Pando Media Booster
"56664:TCP"= 56664:TCP:Pando Media Booster
"56664:UDP"= 56664:UDP:Pando Media Booster
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [3/11/2009 10:37 PM 93320]
S2 gupdate1c9e3ee33015cfe;Google Update Service (gupdate1c9e3ee33015cfe);c:\program files\Google\Update\GoogleUpdate.exe [6/2/2009 5:54 PM 133104]
S3 Flash1;Flash1;c:\program files\SP36869\winphlash\FLASH1.sys [3/1/2006 5:54 PM 3456]
S3 maxD20081102;maxD20081102; [x]
.
Contents of the 'Scheduled Tasks' folder

2009-10-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-12-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-03-04 11:05]

2009-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ca5c3cc42995c2.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-03 01:53]

2009-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-03 01:53]

2009-08-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2009-03-11 19:22]

2009-08-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2009-03-11 19:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949}
FF - ProfilePath - c:\documents and settings\Justino Binalinbing\Application Data\Mozilla\Firefox\Profiles\vxipa4zv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\Justino Binalinbing\Application Data\Mozilla\Firefox\Profiles\vxipa4zv.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

AddRemove-HijackThis - c:\documents and settings\Justino Binalinbing\Desktop\HijackThis.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-30 16:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ????c????????@???????@

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(564)
c:\windows\system32\igfxdev.dll
.
Completion time: 2009-12-30 16:34:42
ComboFix-quarantined-files.txt 2009-12-31 00:34
ComboFix2.txt 2009-10-28 02:48

Pre-Run: 19,831,078,912 bytes free
Post-Run: 19,826,909,184 bytes free

- - End Of File - - 13001769BBD950F86DB0BB7A0574C2D3

Re: Do I have a virus?31st December 2009, 3:10 am

Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:

ADS::
C:\Documents and Settings\All Users\Application Data\TEMP:7631EA83
C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

File::
C:\WINDOWS\SMINST\Recguard.exe

FCopy::
c:\windows\ServicePackFiles\i386\eventlog.dll | C:\windows\system32\eventlog.dll

NetSvc::
maxD20081102
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

Re: Do I have a virus?2nd January 2010, 12:05 am

ComboFix 09-12-31.A1 - Justino Binalinbing 01/01/2010 15:50:47.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.541 [GMT -8:00]
Running from: c:\documents and settings\Justino Binalinbing\Desktop\commy.exe
Command switches used :: c:\documents and settings\Justino Binalinbing\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"c:\windows\SMINST\Recguard.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\ServicePackFiles\i386\eventlog.dll --> c:\windows\system32\eventlog.dll
.
((((((((((((((((((((((((( Files Created from 2009-12-02 to 2010-01-02 )))))))))))))))))))))))))))))))
.

2010-01-01 12:15 . 2008-04-14 00:11 56320 ----a-w- c:\windows\system32\eventlog.dll
2010-01-01 12:15 . 2008-04-14 00:11 56320 ----a-w- c:\windows\system32\dllcache\eventlog.dll
2009-12-26 05:00 . 2009-10-26 13:47 4221952 ----a-w- c:\windows\system32\drivers\NETw5x32.sys
2009-12-26 05:00 . 2008-06-20 17:33 2756608 ----a-w- c:\windows\system32\NETw5r32.dll
2009-12-26 05:00 . 2008-06-20 17:32 663552 ----a-w- c:\windows\system32\NETw5c32.dll
2009-12-26 03:24 . 2009-12-26 03:24 -------- d-----w- c:\program files\SP36869
2009-12-26 02:36 . 2009-12-26 02:36 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-12-26 02:27 . 2006-12-11 19:05 2732032 ------w- c:\windows\system32\NETw3r32.dll
2009-12-26 02:27 . 2006-12-11 19:05 1711488 ----a-w- c:\windows\system32\drivers\NETw3x32.sys
2009-12-26 02:27 . 2006-12-11 19:05 561152 ------w- c:\windows\system32\NETw3c32.dll
2009-12-09 00:09 . 2009-12-09 00:09 -------- d-----w- c:\documents and settings\Justino Binalinbing\Application Data\GTek
2009-12-06 20:24 . 2009-12-06 20:24 -------- d-----w- c:\program files\Trend Micro
2009-12-05 19:28 . 2009-12-05 19:29 -------- d-----w- c:\program files\CCleaner
2009-12-05 19:06 . 2009-12-06 22:57 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-05 19:06 . 2009-12-06 22:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-05 19:03 . 2009-12-05 19:05 -------- d-----w- c:\program files\SpywareBlaster
2009-12-03 20:18 . 2009-12-03 20:18 33558 ----a-w- c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\Firefox_Toolbar_Uninstaller.exe
2009-12-03 02:00 . 2009-12-03 02:00 -------- d-----w- c:\program files\ESET
2009-12-03 01:54 . 2009-12-03 01:54 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-31 00:30 . 2009-10-13 05:38 -------- d-----w- c:\program files\Cheat Engine
2009-12-29 19:47 . 2009-03-11 06:33 -------- d-----w- c:\program files\McAfee
2009-12-04 05:28 . 2009-09-14 23:15 -------- d-----w- c:\documents and settings\Justino Binalinbing\Application Data\HpUpdate
2009-12-02 07:37 . 2009-01-09 07:11 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-11-24 19:30 . 2009-04-10 20:29 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-22 23:34 . 2009-10-17 20:24 -------- d-----w- c:\program files\Stellar Phoenix Photo Recovery
2009-11-16 04:51 . 2009-11-16 04:42 -------- d-----w- c:\documents and settings\Justino Binalinbing\Application Data\Reg Tool
2009-11-16 04:32 . 2008-12-03 03:05 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-16 04:31 . 2009-11-16 04:31 -------- d-----w- c:\program files\Java
2009-11-15 23:17 . 2009-11-15 23:17 -------- d-----w- c:\program files\Adobe Media Player
2009-11-15 23:16 . 2006-09-17 07:20 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-15 23:10 . 2009-11-15 23:10 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-11-12 05:21 . 2009-11-12 05:16 -------- d-----w- c:\program files\Jumi
2009-11-05 02:35 . 2009-11-05 02:35 45056 ----a-r- c:\documents and settings\Justino Binalinbing\Application Data\Microsoft\Installer\{08C2044E-9E98-4005-8E3C-E438A10501EC}\MapleStory.exe1_08C2044E9E9840058E3CE438A10501EC.exe
2009-11-05 02:35 . 2009-11-05 02:35 45056 ----a-r- c:\documents and settings\Justino Binalinbing\Application Data\Microsoft\Installer\{08C2044E-9E98-4005-8E3C-E438A10501EC}\MapleStory.exe_08C2044E9E9840058E3CE438A10501EC.exe
2009-11-05 02:35 . 2009-11-05 02:35 10134 ----a-r- c:\documents and settings\Justino Binalinbing\Application Data\Microsoft\Installer\{08C2044E-9E98-4005-8E3C-E438A10501EC}\ARPPRODUCTICON.exe
2009-11-05 01:54 . 2008-12-03 03:43 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2009-11-04 03:26 . 2009-11-04 03:26 85504 ----a-w- c:\windows\Inherit.exe
2009-11-04 03:26 . 2008-10-04 02:52 -------- d-----w- c:\program files\iTunes
2009-11-04 03:25 . 2008-10-04 02:52 -------- d-----w- c:\program files\iPod
2009-11-04 03:15 . 2009-11-04 03:15 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-04 00:50 . 2007-07-24 23:58 95616 ----a-w- c:\windows\junction.exe
2009-10-29 07:45 . 2004-08-04 21:00 916480 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-08-04 21:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 21:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 21:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-14 18:30 . 2008-12-03 02:16 71384 ----a-w- c:\documents and settings\Justino Binalinbing\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-13 10:30 . 2004-08-04 21:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-08-04 21:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-08-04 21:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 -c--a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 -c--a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-12-31_00.31.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-01 23:29 . 2010-01-01 23:29 16384 c:\windows\temp\Perflib_Perfdata_6c0.dat
+ 2008-12-03 00:57 . 2010-01-01 23:38 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-12-03 00:57 . 2009-12-30 23:02 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-12-31 03:28 . 2010-01-01 23:38 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-10-28 04:04 . 2009-12-30 23:02 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-20 68856]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2009-11-05 2923192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-15 454656]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-17 61952]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 761946]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-04-12 102400]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-23 131072]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-01-26 40960]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-16 149280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SymLnch"="c:\documents and settings\Justino Binalinbing\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070828\Support\SymLnch\SymLnch.exe" [2007-08-27 687976]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57961:TCP"= 57961:TCP:Pando Media Booster
"57961:UDP"= 57961:UDP:Pando Media Booster
"59115:TCP"= 59115:TCP:Pando Media Booster
"59115:UDP"= 59115:UDP:Pando Media Booster
"56514:TCP"= 56514:TCP:Pando Media Booster
"56514:UDP"= 56514:UDP:Pando Media Booster
"56664:TCP"= 56664:TCP:Pando Media Booster
"56664:UDP"= 56664:UDP:Pando Media Booster
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [3/11/2009 10:37 PM 93320]
S2 gupdate1c9e3ee33015cfe;Google Update Service (gupdate1c9e3ee33015cfe);c:\program files\Google\Update\GoogleUpdate.exe [6/2/2009 5:54 PM 133104]
S3 Flash1;Flash1;c:\program files\SP36869\winphlash\FLASH1.sys [3/1/2006 5:54 PM 3456]
S3 maxD20081102;maxD20081102; [x]
.
Contents of the 'Scheduled Tasks' folder

2009-10-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-01-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-03-04 11:05]

2010-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ca5c3cc42995c2.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-03 01:53]

2009-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-03 01:53]

2009-08-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2009-03-11 19:22]

2009-08-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2009-03-11 19:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949}
FF - ProfilePath - c:\documents and settings\Justino Binalinbing\Application Data\Mozilla\Firefox\Profiles\vxipa4zv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\Justino Binalinbing\Application Data\Mozilla\Firefox\Profiles\vxipa4zv.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-RecGuard - c:\windows\SMINST\RecGuard.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-01 15:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ????c????????@???????@

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2588)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~1\wmpband.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-01-01 16:03:32
ComboFix-quarantined-files.txt 2010-01-02 00:03
ComboFix2.txt 2009-12-31 00:34
ComboFix3.txt 2009-10-28 02:48

Pre-Run: 20,275,879,936 bytes free
Post-Run: 20,264,464,384 bytes free

- - End Of File - - 144CED8DC44FAC3E31C0B5931DF12503

Re: Do I have a virus?2nd January 2010, 12:24 am

Please do a scan with Kaspersky Online Scanner

Click on the Accept button and install any components it needs.

The program will install and then begin downloading the latest definition files.
After the files have been downloaded on the left side of the page in the Scan section select My Computer.
This will start the program and scan your system.
The scan will take a while, so be patient and let it run.
Once the scan is complete, click on View scan report
Now, click on the Save Report as button.
Save the file to your desktop.
Copy and paste that information in your next post.

Re: Do I have a virus?2nd January 2010, 2:01 pm

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, January 2, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, January 02, 2010 05:44:20
Records in database: 3397396
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
E:\

Scan statistics:
Objects scanned: 135539
Threats found: 7
Infected objects found: 17
Suspicious objects found: 0
Scan duration: 04:29:18

File name / Threat / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\040F3BB6.exe Infected: Packed.Win32.Black.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1D0548E4.exe Infected: Trojan.Win32.Genome.ecoj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1D0548E4.exe Infected: Packed.Win32.Black.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\22E34FDA.exe Infected: Trojan.Win32.Genome.ecoj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\22E34FDA.exe Infected: Packed.Win32.Black.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\57395D14.exe Infected: Packed.Win32.Black.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\57C2407D.exe Infected: Packed.Win32.Black.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\57EA3852.exe Infected: Packed.Win32.Black.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\58357DFF.exe Infected: Packed.Win32.Black.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02C00000\47EBE58D.VBN Infected: Hoax.Win32.Renos.kd 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04140000\471C0A36.VBN Infected: Hoax.Win32.Renos.kd 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A140000\4AFFE5B6.VBN Infected: Packed.Win32.Black.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A240000\4AA7FF4A.VBN Infected: Trojan-Downloader.Win32.Zlob.nak 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A580000\4AFD6C11.VBN Infected: VirTool.Win32.Patcher.i 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A7C0000\4FFE106C.VBN Infected: Trojan-Downloader.Win32.Delf.dct 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AC40000\4FEF6622.VBN Infected: Trojan-Downloader.Win32.Delf.dct 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E640000\4F7FC9F9.VBN Infected: Trojan-Downloader.JS.Agent.nw 1

Selected area has been scanned.

Re: Do I have a virus?2nd January 2010, 2:30 pm

Please download ATF Cleaner by Atribune.

ATF-Cleaner.exe

Main

Select All

Empty Selected

If you use Firefox browser

Firefox

Select All

Empty Selected

NOTE:

If you use Opera browser

Opera

Select All

Empty Selected

NOTE:

Click Exit on the Main menu to close the program.

==

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Also tell me how your computer is running.

Re: Do I have a virus?3rd January 2010, 5:20 am

What if I use Google Chrome?

Re: Do I have a virus?3rd January 2010, 10:10 am

ATF Cleaner is not supported. No big deal.

In Chrome, go to Tool> Options. Click Personal Stuff. Then click Clear Browsing Data. Make sure at least Empty Cache is checked.

Re: Do I have a virus?4th January 2010, 6:29 am

Results of screen317's Security Check version 0.99.1
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
ESET Online Scanner v3
McAfee SecurityCenter
``````````````````````````````
Anti-malware/Other Utilities Check:
SpywareBlaster 4.2
CCleaner
Java(TM) 6 Update 17
Adobe Flash Player 10
Adobe Reader 9.1.2
``````````````````````````````
Process Check:
objlist.exe by Laurent
McAfee VIRUSS~1 mcshield.exe
McAfee VIRUSS~1 mcsysmon.exe
``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

Re: Do I have a virus?4th January 2010, 7:22 am

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

AntiSpyware

SpywareBlaster
SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found here.
Spybot - Search & Destroy.
Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).

NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Securing your computer

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.

Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:

Firefox may be downloaded from here: http://www.getfirefox.com
Opera is available here: http://www.opera.com/download/

Thank you for choosing GeekPolice. Please see this page if you would like to leave feedback or contribute to our site. Do you have any more questions?

Do I have a virus?

descriptionRe: Do I have a virus?5th December 2009, 9:58 pm

descriptionRe: Do I have a virus?5th December 2009, 10:32 pm

descriptionRe: Do I have a virus?6th December 2009, 3:33 am

descriptionRe: Do I have a virus?6th December 2009, 8:26 pm

descriptionRe: Do I have a virus?6th December 2009, 9:53 pm

descriptionRe: Do I have a virus?6th December 2009, 11:01 pm

descriptionRe: Do I have a virus?6th December 2009, 11:02 pm

descriptionRe: Do I have a virus?7th December 2009, 5:38 am

descriptionRe: Do I have a virus?30th December 2009, 1:27 pm

descriptionRe: Do I have a virus?30th December 2009, 8:38 pm

descriptionRe: Do I have a virus?31st December 2009, 12:36 am

descriptionRe: Do I have a virus?31st December 2009, 3:10 am

descriptionRe: Do I have a virus?2nd January 2010, 12:05 am

descriptionRe: Do I have a virus?2nd January 2010, 12:24 am

descriptionRe: Do I have a virus?2nd January 2010, 2:01 pm

descriptionRe: Do I have a virus?2nd January 2010, 2:30 pm

descriptionRe: Do I have a virus?3rd January 2010, 5:20 am

descriptionRe: Do I have a virus?3rd January 2010, 10:10 am

descriptionRe: Do I have a virus?4th January 2010, 6:29 am

descriptionRe: Do I have a virus?4th January 2010, 7:22 am

descriptionRe: Do I have a virus?

Re: Do I have a virus?5th December 2009, 9:58 pm

Re: Do I have a virus?5th December 2009, 10:32 pm

Re: Do I have a virus?6th December 2009, 3:33 am

Re: Do I have a virus?6th December 2009, 8:26 pm

Re: Do I have a virus?6th December 2009, 9:53 pm

Re: Do I have a virus?6th December 2009, 11:01 pm

Re: Do I have a virus?6th December 2009, 11:02 pm

Re: Do I have a virus?7th December 2009, 5:38 am

Re: Do I have a virus?30th December 2009, 1:27 pm

Re: Do I have a virus?30th December 2009, 8:38 pm

Re: Do I have a virus?31st December 2009, 12:36 am

Re: Do I have a virus?31st December 2009, 3:10 am

Re: Do I have a virus?2nd January 2010, 12:05 am

Re: Do I have a virus?2nd January 2010, 12:24 am

Re: Do I have a virus?2nd January 2010, 2:01 pm

Re: Do I have a virus?2nd January 2010, 2:30 pm

Re: Do I have a virus?3rd January 2010, 5:20 am

Re: Do I have a virus?3rd January 2010, 10:10 am

Re: Do I have a virus?4th January 2010, 6:29 am

Re: Do I have a virus?4th January 2010, 7:22 am

Re: Do I have a virus?