PDA

View Full Version : Need help removing Virtumonde amongst other things!!


cmoyden
2007-12-29, 06:38
HI,
Back again as you suggested but this time having followed instructions

Here's what I have done so far:

1. Ran Kaspersky Scanner - results below
2. Ran Spybot S&D in safe mode - results below
3. Ran HJT - results below

I also have Spyware Guard on my machine now and it keeps throwing up this prompt which I think is a nastie!

"A BHO has been added
E6362779-E8E5-4855-8959-2D413F000A74
c:\windows\system32.geedd.dll"

Kaspersky Report:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, December 29, 2007 3:01:03 AM
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 29/12/2007
Kaspersky Anti-Virus database records: 499254
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 65364
Number of viruses found: 14
Number of infected objects: 43
Number of suspicious objects: 0
Duration of the scan process: 01:18:14

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Accelerate 1\Application Data\Alice Systems\Alice Connect\logfile.txt Object is locked skipped
C:\Documents and Settings\Accelerate 1\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Accelerate 1\Local Settings\Application Data\ApplicationHistory\hpqgalry.exe.cf8dd223.ini.inuse Object is locked skipped
C:\Documents and Settings\Accelerate 1\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\Accelerate 1\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Accelerate 1\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Accelerate 1\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\Accelerate 1\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\Accelerate 1\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\Accelerate 1\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\Accelerate 1\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\Accelerate 1\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\Accelerate 1\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\Accelerate 1\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\Accelerate 1\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Accelerate 1\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Accelerate 1\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\Accelerate 1\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\Accelerate 1\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\Accelerate 1\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\Accelerate 1\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\Accelerate 1\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Accelerate 1\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Accelerate 1\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\Accelerate 1\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\Accelerate 1\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Accelerate 1\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Accelerate 1\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Accelerate 1\Local Settings\History\History.IE5\MSHist012007122920071230\index.dat Object is locked skipped
C:\Documents and Settings\Accelerate 1\Local Settings\Temp\ICD2.tmp\UDC6_0001_D19M1908NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.ar skipped
C:\Documents and Settings\Accelerate 1\Local Settings\Temp\ICD3.tmp\UPCTP_0001_91M1101NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.i skipped
C:\Documents and Settings\Accelerate 1\Local Settings\Temp\laf1.exe Infected: Trojan-Downloader.Win32.Agent.bkd skipped
C:\Documents and Settings\Accelerate 1\Local Settings\Temp\laf2.exe/data0000.bin Infected: Trojan.Win32.BHO.bd skipped
C:\Documents and Settings\Accelerate 1\Local Settings\Temp\laf2.exe EmbeddedEXE: infected - 1 skipped
C:\Documents and Settings\Accelerate 1\Local Settings\Temp\_bm1fZHpfbWFfa3cxX21hNQ_c29mdA_bm1fNjg1NDVfOTQwMzFkNjZhOGVmMTFkYzkwM2RmNjg1NDVmYWZmZmZfMjMxMzJjNTM4YTQ5NDVjZjg1Y2FkMjgwMjlhNDgxM2Y_.exe Infected: not-virus:Hoax.Win32.Renos.vm skipped
C:\Documents and Settings\Accelerate 1\Local Settings\Temp\_cmJybm1fZHpfMzAweDI1MF9tYTU_a2V5aW4_cmJybm1fNjg1NDVfOTQwMzFENjZBOEVGMTFEQzkwM0RGNjg1NDVGQUZGRkZfMjMxMzJDNTM4QTQ5NDVDRjg1Q0FEMjgwMjlBNDgxM0Y_.exe Infected: not-virus:Hoax.Win32.Renos.vm skipped
C:\Documents and Settings\Accelerate 1\Local Settings\Temp\_YnJubV9kel9tZXRhZ2VzX2t3X21hNQ_ZGV0ZWN0_bm1fNjg1NDVfOTQwMzFENjZBOEVGMTFEQzkwM0RGNjg1NDVGQUZGRkZfMjMxMzJDNTM4QTQ5NDVDRjg1Q0FEMjgwMjlBNDgxM0Y_.exe Infected: not-virus:Hoax.Win32.Renos.vm skipped
C:\Documents and Settings\Accelerate 1\Local Settings\Temp\~DF1CA1.tmp Object is locked skipped
C:\Documents and Settings\Accelerate 1\Local Settings\Temp\~DF1CA8.tmp Object is locked skipped
C:\Documents and Settings\Accelerate 1\Local Settings\Temp\~DF2E85.tmp Object is locked skipped
C:\Documents and Settings\Accelerate 1\Local Settings\Temp\~DF598B.tmp Object is locked skipped
C:\Documents and Settings\Accelerate 1\Local Settings\Temp\~DFCCAE.tmp Object is locked skipped
C:\Documents and Settings\Accelerate 1\Local Settings\Temporary Internet Files\Content.IE5\4713YEZ1\PCTurboProInstallerFree[1].exe Infected: not-a-virus:Downloader.Win32.WinFixer.w skipped
C:\Documents and Settings\Accelerate 1\Local Settings\Temporary Internet Files\Content.IE5\6LSBIX65\ADCFreeInstaller[1].exe Infected: not-a-virus:Downloader.Win32.AdvancedCleaner.b skipped
C:\Documents and Settings\Accelerate 1\Local Settings\Temporary Internet Files\Content.IE5\8PYNSXYV\hctp[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.dhl skipped
C:\Documents and Settings\Accelerate 1\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Accelerate 1\Local Settings\Temporary Internet Files\Content.IE5\R683JL41\SystemDoctorNewReleaseInstall[1].cab/USDR6_9999_N18M1603NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.ar skipped
C:\Documents and Settings\Accelerate 1\Local Settings\Temporary Internet Files\Content.IE5\R683JL41\SystemDoctorNewReleaseInstall[1].cab CAB: infected - 1 skipped
C:\Documents and Settings\Accelerate 1\Local Settings\Temporary Internet Files\Content.IE5\S9AN4XMF\webinst[1].cab/webinst.dll Infected: Trojan-Downloader.Win32.Adload.pi skipped
C:\Documents and Settings\Accelerate 1\Local Settings\Temporary Internet Files\Content.IE5\S9AN4XMF\webinst[1].cab CAB: infected - 1 skipped
C:\Documents and Settings\Accelerate 1\Local Settings\Temporary Internet Files\Content.IE5\XYH9STUV\PCTurboProInstallerFree[1].cab/UPCTP_0001_91M1101NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.i skipped
C:\Documents and Settings\Accelerate 1\Local Settings\Temporary Internet Files\Content.IE5\XYH9STUV\PCTurboProInstallerFree[1].cab CAB: infected - 1 skipped
C:\Documents and Settings\Accelerate 1\Local Settings\Temporary Internet Files\Content.IE5\Y1TEV6D0\gamadril20071203[1] Infected: Backdoor.Win32.Agent.dbm skipped
C:\Documents and Settings\Accelerate 1\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Accelerate 1\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\_restore{13294A19-0123-409B-BD8E-0322C0D1CDF6}\RP265\A0032561.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\System Volume Information\_restore{13294A19-0123-409B-BD8E-0322C0D1CDF6}\RP266\A0032621.dll Infected: Trojan-Downloader.Win32.Agent.bkd skipped
C:\System Volume Information\_restore{13294A19-0123-409B-BD8E-0322C0D1CDF6}\RP267\A0032692.exe Infected: not-virus:Hoax.Win32.Renos.vm skipped
C:\System Volume Information\_restore{13294A19-0123-409B-BD8E-0322C0D1CDF6}\RP268\A0033695.dll Infected: Backdoor.Win32.Agent.dlj skipped
C:\System Volume Information\_restore{13294A19-0123-409B-BD8E-0322C0D1CDF6}\RP268\A0033713.dll Infected: Backdoor.Win32.Agent.dlj skipped
C:\System Volume Information\_restore{13294A19-0123-409B-BD8E-0322C0D1CDF6}\RP272\A0033968.exe Infected: not-virus:Hoax.Win32.Renos.vm skipped
C:\System Volume Information\_restore{13294A19-0123-409B-BD8E-0322C0D1CDF6}\RP272\A0033969.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{13294A19-0123-409B-BD8E-0322C0D1CDF6}\RP272\A0033970.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{13294A19-0123-409B-BD8E-0322C0D1CDF6}\RP272\A0033971.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{13294A19-0123-409B-BD8E-0322C0D1CDF6}\RP272\A0033972.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{13294A19-0123-409B-BD8E-0322C0D1CDF6}\RP272\A0033974.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{13294A19-0123-409B-BD8E-0322C0D1CDF6}\RP272\A0033975.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{13294A19-0123-409B-BD8E-0322C0D1CDF6}\RP272\A0033976.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{13294A19-0123-409B-BD8E-0322C0D1CDF6}\RP272\A0033977.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{13294A19-0123-409B-BD8E-0322C0D1CDF6}\RP282\change.log Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UPCTP_0001_91M1101NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.i skipped
C:\WINDOWS\Downloaded Program Files\UPCTP_0001_91M1101NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.i skipped
C:\WINDOWS\Downloaded Program Files\USDR6_9999_N18M1603NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.ar skipped
C:\WINDOWS\Downloaded Program Files\webinst.dll Infected: Trojan-Downloader.Win32.Adload.pi skipped
C:\WINDOWS\Internet Logs\ACCELERATE1.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\ddeeg.ini Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\ihqxonuk.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\WINDOWS\system32\letxgpqw.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\WINDOWS\system32\mlfrllrj.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\WINDOWS\system32\qwpvcwjl.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\WINDOWS\system32\rcghaous.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\WINDOWS\system32\slcxefnh.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\WINDOWS\system32\stetcdso.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\Temp\ZLT0547a.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Spybot S&D Results:

Each time I ran it the folllowing issues were found:

Virtumonde.dll
Virtumonde
Virtumonde.generic
AstaKiller
ABetterInternet

Each time I removed them and the software told me they were sorted but each time I run SB S&D they come back again.

HJT Results:

I'll put the results in another reply as too much info in here for one go!

Thanks in advance Carl
cmoyden
2007-12-29, 07:20
Here is the report from HJT

Cheers
Carl
:bigthumb:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:05:30, on 29/12/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\WinTV\EPG Services\System\EPGClient.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\T-Mobile\Communication Center\AutoUpdateSrv.exe
C:\Program Files\Belkin\F5D7011\Belkinwcui.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\SJLabs\SJphone\SJphone.exe
C:\Program Files\WinTV\Scheduler\EPG\TvTv\HcwSyncIt.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [EPGServiceTool] C:\Program Files\WinTV\EPG Services\System\EPGClient.exe /Minimize
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: HcwSyncIt.lnk = C:\Program Files\WinTV\Scheduler\EPG\TvTv\HcwSyncIt.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Alice Automatic Updates Agent.lnk = ?
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O4 - Global Startup: Belkin Wireless Utility.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: SJphone.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: SIM Card Manager - {5F2F8F24-DA89-4DD2-AFB3-F516D4CD6558} - C:\Program Files\emobile\SIM Card Manager.exe
O9 - Extra 'Tools' menuitem: SIM Card Manager - {5F2F8F24-DA89-4DD2-AFB3-F516D4CD6558} - C:\Program Files\emobile\SIM Card Manager.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {1A26F07F-0D60-4835-91CF-1E1766A0EC56} (WebInstall Class) - http://scanner2.malware-scan.com/setup/webinst.cab
O18 - Protocol: t-mobile - {C6D89159-3467-4C2F-9918-3362DA57BCD2} - C:\PROGRA~1\T-Mobile\HOTSPO~1\TMOBIL~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: EPGService - Hauppauge Computer Works - C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 6921 bytes
cmoyden
2007-12-29, 12:21
Hi,
Because I had replied to my own first post (in order to give you all of the results from scans) and have now noticed that you guys look for zero replies I thought it best to start a new thread.

This one can be closed off now.

Sorry if I have caused some confusion.

I really could do with some help

Cheers
Carl