View Full Version : Virtumonde.dll and Smitfraud-C
I have run SpyBot SD and it finds the listed infections. Doesn't seem to get rid of them though.
Here is the latest hijackthis log.:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:14: VIRUS ALERT!, on 7/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Lexmark 7100 Series\lxbxmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Lexmark 7100 Series\ezprint.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\WINDOWS\system32\lxbxcoms.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4080623
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4080623
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: fdkowvbp - {72585F60-1D5F-4B66-8806-53E3973D64B5} - C:\WINDOWS\fdkowvbp.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [LXBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxbxmon.exe] "C:\Program Files\Lexmark 7100 Series\lxbxmon.exe"
O4 - HKLM\..\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 7100 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7100 Series\ezprint.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PC Pitstop Optimize Reminder] C:\Program Files\PCPitstop\Optimize2\Reminder.exe
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [PCmover CookieMerge] "C:\Program Files\Laplink\PCmover\CookieMerge.exe" "C:\Documents and Settings\LocalService\Local Settings\Application Data\Laplink\PCmover\Cookies" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [PCmover MapiFix] "C:\Program Files\Laplink\PCmover\mapifix.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [PCmover MapiFix] "C:\Program Files\Laplink\PCmover\mapifix.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [PCmover MapiFix] "C:\Program Files\Laplink\PCmover\mapifix.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [PCmover MapiFix] "C:\Program Files\Laplink\PCmover\mapifix.exe" (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} -
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} -
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15034/CTPID.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O21 - SSODL: wnslvxtf - {BBF6B24D-BBD9-453F-A6AD-4CF01F043BF8} - C:\WINDOWS\wnslvxtf.dll (file missing)
O21 - SSODL: eqvwamkl - {39882F94-CAC8-4E38-B07B-D916CE0C87C6} - C:\WINDOWS\eqvwamkl.dll (file missing)
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: lxbx_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbxcoms.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
--
End of file - 10924 bytes
Hi dfwood
Rename HijackThis.exe to dfwood.exe.
After that:
Download SDFix (http://downloads.andymanchesta.com/RemovalTools/SDFix.exe) and save it to your Desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.
Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
Here is the SDfix report:
SDFix: Version 1.208
Run by David Wood on Sat 07/26/2008 at 06:43
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Restoring Default HomePage Value
Restoring Default Desktop Components Value
Restoring Windows ProductId To Remove Fake Virus Alert
Restoring Time Format To Remove Fake Virus Alert
Rebooting
Checking Files :
Trojan Files Found:
C:\WINDOWS\ERFN.EXE - Deleted
C:\Documents and Settings\David Wood\Application Data\TmpRecentIcons\Vista Antivirus 2008.lnk - Deleted
C:\Program Files\PCHealthCenter\0.gif - Deleted
C:\Program Files\PCHealthCenter\1.gif - Deleted
C:\Program Files\PCHealthCenter\2.gif - Deleted
C:\Program Files\PCHealthCenter\3.gif - Deleted
C:\Program Files\PCHealthCenter\5.exe - Deleted
C:\Program Files\PCHealthCenter\sc.html - Deleted
C:\Program Files\PCHealthCenter\sex1.ico - Deleted
C:\Program Files\PCHealthCenter\sex2.ico - Deleted
C:\WINDOWS\hosts - Deleted
C:\WINDOWS\system32\WinCtrl32.dl_ - Deleted
Could Not Remove C:\WINDOWS\system32\WinCtrl32.dll
Folder C:\Program Files\PCHealthCenter - Removed
Folder C:\Program Files\VAV - Removed
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-26 06:49:34
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"="C:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX"
"C:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"="C:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Laplink\\PCmover\\PCmover.exe"="C:\\Program Files\\Laplink\\PCmover\\PCmover.exe:*:Enabled:PCmover"
"C:\\Program Files\\TurboTax\\Premier 2007\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Premier 2007\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Premier 2007\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Premier 2007\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\WINDOWS\\system32\\lxbxcoms.exe"="C:\\WINDOWS\\system32\\lxbxcoms.exe:*:Enabled:7100 Series Server"
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxbxPSWX.EXE"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxbxPSWX.EXE:*:Enabled:7100 Series Printer Status"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"="C:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX"
"C:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"="C:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files :
C:\WINDOWS\system32\WinCtrl32.dll Found
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Thu 27 Dec 2001 139 A.SH. --- "C:\AUTOEXEC.BAK"
Fri 28 Dec 2001 1,666 A.SHR --- "C:\MSDOS.BAK"
Thu 27 Dec 2001 139 A.SH. --- "C:\Drive_D\AUTOEXEC.BAK"
Fri 28 Dec 2001 1,666 A.SHR --- "C:\Drive_D\MSDOS.BAK"
Wed 21 Jan 2004 61,440 ...H. --- "C:\Program Files\MSN\msnupdate!@#@.exe"
Wed 21 Jan 2004 292,864 ...H. --- "C:\Program Files\MSN\txsrvc.dll"
Wed 21 Jan 2004 302,080 ...H. --- "C:\Program Files\MSN\unicows.dll"
Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 7 Jul 2008 2,156,368 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Thu 20 Jul 2006 4,348 A.SH. --- "C:\WINDOWS\DRM\DRMv1.bak"
Tue 15 Nov 2005 78,104 A.SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\Setup.exe"
Tue 15 Nov 2005 12,912 A.SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setupx.dll"
Fri 27 Jun 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Fri 20 Oct 2006 121,344 A..H. --- "C:\Documents and Settings\David Wood\Application Data\MSN6\msnupdate!@#@.exe"
Fri 11 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cad1b3db84542881b7f0e03133a51894\BIT1E3.tmp"
Tue 26 Dec 2006 12,698 A.SH. --- "C:\Documents and Settings\David Wood\Application Data\NewSoft\PageManager\7.12.01E\Setting\PM65.BAK"
Sat 28 Jun 2008 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\lock.tmp"
Sat 28 Jun 2008 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch5\lock.tmp"
Finished!
and now the HijackThis report:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:11:23, on 7/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Lexmark 7100 Series\lxbxmon.exe
C:\Program Files\Lexmark 7100 Series\ezprint.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\WINDOWS\system32\lxbxcoms.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\dfwood.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4080623
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4080623
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {040BA7F9-CDC9-4F2A-BAFD-5B13501B2DAD} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {8226BD7A-27E1-4CB8-ADE2-EC205BF28489} - C:\WINDOWS\system32\hgGywTnl.dll
O2 - BHO: (no name) - {A96A11E6-B7D1-495C-9597-32A093E3D88C} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {F44AAFD9-EFC0-487E-BE2E-7B918D2619B2} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: (no name) - {72585F60-1D5F-4B66-8806-53E3973D64B5} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [LXBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxbxmon.exe] "C:\Program Files\Lexmark 7100 Series\lxbxmon.exe"
O4 - HKLM\..\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 7100 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7100 Series\ezprint.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [PCmover CookieMerge] "C:\Program Files\Laplink\PCmover\CookieMerge.exe" "C:\Documents and Settings\LocalService\Local Settings\Application Data\Laplink\PCmover\Cookies" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [PCmover MapiFix] "C:\Program Files\Laplink\PCmover\mapifix.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [PCmover MapiFix] "C:\Program Files\Laplink\PCmover\mapifix.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [PCmover MapiFix] "C:\Program Files\Laplink\PCmover\mapifix.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [PCmover MapiFix] "C:\Program Files\Laplink\PCmover\mapifix.exe" (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} -
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} -
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15034/CTPID.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: qoMeDTlL - qoMeDTlL.dll (file missing)
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: lxbx_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbxcoms.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 11603 bytes
When the computer restarted after running SDFix, there was a warning that a program was trying to install a BHO. The file referenced was hgGywTnI.dll in the C:\Windows\system32 folder. I tried to rename it but could not.
Thanks for your help and I will wait to here back from you.
Hi
Yes, that is vundo dll.
We'll continue with cleaning.
We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:
1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.
1. Download combofix from any of these links and save it to Desktop:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)
**Note: It is important that it is saved directly to your desktop**
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you (C:\ComboFix.txt). Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
If you have problems with Combofix usage, see here (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
Post:
- a fresh HijackThis log
- combofix report
Ran ComboFix as directed. Here is the log file. One thing after the reboot my antivirus program was warning me of a number of registry entries that were being changed. I allowed them.
ComboFix 08-07-25.7 - David Wood 2008-07-26 8:56:09.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1377 [GMT -4:00]
Running from: C:\Documents and Settings\David Wood\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\start.exe
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\ctvsrmxr.ini
C:\WINDOWS\system32\grouppolicy\machine\scripts\scripts.ini
C:\WINDOWS\system32\hgGywTnl.dll
C:\WINDOWS\system32\lnTwyGgh.ini
C:\WINDOWS\system32\lnTwyGgh.ini2
C:\WINDOWS\system32\mdm.exe
C:\WINDOWS\system32\nmgtwovj.ini
C:\WINDOWS\system32\WinCtrl32.dl_
C:\WINDOWS\system32\WinCtrl32.dll
C:\WINDOWS\system32\windows.scr
C:\WINDOWS\Web\default.htt
.
((((((((((((((((((((((((( Files Created from 2008-06-26 to 2008-07-26 )))))))))))))))))))))))))))))))
.
2008-07-26 08:54 . 2008-07-26 08:55 <DIR> d-------- C:\327882R2FWJFW
2008-07-26 06:40 . 2008-07-26 06:40 <DIR> d-------- C:\WINDOWS\ERUNT
2008-07-26 06:29 . 2008-07-26 06:52 <DIR> d-------- C:\SDFix
2008-07-25 18:32 . 2008-07-25 18:32 <DIR> d-------- C:\Program Files\Sun
2008-07-25 13:05 . 2008-07-25 13:42 <DIR> d-------- C:\Program Files\SpywareGuard
2008-07-25 12:51 . 2008-07-25 12:53 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-07-25 08:59 . 2008-07-25 08:59 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-25 08:59 . 2008-07-25 09:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-25 07:19 . 2008-07-25 07:19 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\BitDefender
2008-07-14 20:02 . 2008-07-14 20:02 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-13 12:38 . 2008-07-26 09:06 121 --a------ C:\WINDOWS\bdagent.INI
2008-07-13 12:03 . 2008-07-26 09:09 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-07-13 12:01 . 2008-07-13 12:01 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\Bitdefender
2008-07-13 12:00 . 2008-07-13 12:01 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-07-13 12:00 . 2008-07-13 12:00 <DIR> d-------- C:\Program Files\BitDefender
2008-07-13 12:00 . 2008-07-13 12:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-07-11 07:32 . 2008-07-11 07:32 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\MSNInstaller
2008-07-03 20:55 . 2008-07-03 20:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-07-03 20:52 . 2008-07-03 20:52 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\Logitech
2008-07-03 20:51 . 2008-07-03 20:51 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-07-03 20:51 . 2008-07-03 20:51 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2008-07-03 20:51 . 2008-07-03 20:51 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-07-03 20:50 . 2008-07-03 20:50 <DIR> d-------- C:\Program Files\Common Files\Logishrd
2008-07-03 20:50 . 2008-07-03 20:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-07-03 20:50 . 2008-05-02 02:39 170,512 --a------ C:\WINDOWS\system32\kemutb.dll
2008-07-03 20:50 . 2008-05-02 02:39 145,936 --a------ C:\WINDOWS\system32\KemUtil.dll
2008-07-03 20:50 . 2008-05-02 02:40 117,264 --a------ C:\WINDOWS\system32\KemWnd.dll
2008-07-03 20:50 . 2008-05-02 02:40 84,496 --a------ C:\WINDOWS\system32\KemXML.dll
2008-07-01 19:59 . 2008-07-01 19:59 557,056 --a------ C:\Documents and Settings\David Wood\GoToAssist_phone__320_en.exe
2008-07-01 05:21 . 2008-07-05 10:34 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-06-29 21:20 . 2008-07-03 20:32 <DIR> d-------- C:\Program Files\Common Files\Logitech
2008-06-29 21:20 . 2006-01-20 18:02 36,608 --a------ C:\WINDOWS\system32\drivers\LHidUsbK.sys
2008-06-29 20:21 . 2008-06-29 20:21 151,566 --a------ C:\WINDOWS\system32\UninstIPP.isu
2008-06-29 20:20 . 2008-06-29 20:20 <DIR> d-------- C:\WINDOWS\system32\color
2008-06-29 20:19 . 2008-06-29 20:19 <DIR> d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-06-29 20:18 . 2008-06-29 20:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\7100Series
2008-06-29 20:12 . 2008-04-13 14:45 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-06-29 20:12 . 2008-04-13 14:45 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2008-06-29 20:11 . 2008-06-29 21:10 <DIR> d-------- C:\Temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15}
2008-06-29 20:11 . 2008-06-29 20:11 <DIR> d-------- C:\Temp
2008-06-29 10:21 . 2008-06-29 10:22 <DIR> d-------- C:\5da482f6ae58dfacdd173c2511b8
2008-06-29 09:12 . 2008-06-29 09:12 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2008-06-29 09:06 . 2008-06-29 09:11 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-06-28 09:12 . 2008-06-28 09:13 29,184 --a------ C:\WINDOWS\system32\drivers\goprot51.sys
2008-06-28 09:12 . 2008-06-28 09:12 3,380 --a------ C:\WINDOWS\system32\OEMINFO.PNF
2008-06-28 09:03 . 2008-06-28 09:03 <DIR> d-------- C:\Program Files\ESRI
2008-06-28 06:48 . 2008-06-28 06:48 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Symantec
2008-06-28 06:48 . 2008-06-28 06:48 <DIR> d-------- C:\Documents and Settings\Jean Santarelli\WINDOWS
2008-06-28 06:48 . 2008-06-28 06:48 <DIR> d-------- C:\Documents and Settings\Jean Santarelli\Application Data\MSNInstaller
2008-06-28 06:48 . 2008-06-28 06:48 <DIR> d-------- C:\Documents and Settings\Jean Santarelli\Application Data\MSN6
2008-06-28 06:48 . 2008-06-28 06:48 <DIR> d-------- C:\Documents and Settings\Jean Santarelli\Application Data\Motive
2008-06-28 06:48 . 2008-06-28 06:48 <DIR> d-------- C:\Documents and Settings\Jean Santarelli\Application Data\Lavasoft
2008-06-28 06:48 . 2008-06-28 06:48 <DIR> d-------- C:\Documents and Settings\Jean Santarelli\Application Data\IsolatedStorage
2008-06-28 06:48 . 2008-06-28 06:48 <DIR> d-------- C:\Documents and Settings\Jean Santarelli\Application Data\Intuit
2008-06-28 06:48 . 2008-06-28 06:48 <DIR> d--h----- C:\Documents and Settings\Jean Santarelli\Application Data\Gtek
2008-06-28 06:48 . 2008-06-28 06:48 <DIR> d-------- C:\Documents and Settings\Jean Santarelli\Application Data\7100Series
2008-06-28 06:48 . 2008-06-28 06:48 <DIR> d-------- C:\Documents and Settings\David Wood\WINDOWS
2008-06-28 06:48 . 2008-06-28 06:48 <DIR> d-------- C:\Documents and Settings\David Wood\SecurityScans
2008-06-28 06:48 . 2008-06-28 06:48 <DIR> d--h----- C:\Documents and Settings\David Wood\InstallAnywhere
2008-06-28 06:48 . 2008-06-28 06:48 <DIR> d-------- C:\Documents and Settings\David Wood\Apps
2008-06-28 06:48 . 2008-06-28 06:48 <DIR> d-------- C:\Documents and Settings\David Wood\.webrenderer
2008-06-28 06:48 . 2008-06-28 06:48 <DIR> d-------- C:\Documents and Settings\David Wood\.idlerc
2008-06-28 06:47 . 2008-06-28 06:48 <DIR> d-------- C:\Documents and Settings\David Wood\.housecall6.6
2008-06-28 06:28 . 2008-06-28 06:28 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\WMTools Downloaded Files
2008-06-28 06:28 . 2008-06-28 06:28 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\WebRenderer
2008-06-28 06:28 . 2008-06-28 06:28 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\Viewpoint
2008-06-28 06:28 . 2008-06-28 06:28 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\Uniblue
2008-06-28 06:28 . 2008-06-28 06:28 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\Symantec
2008-06-28 06:28 . 2008-06-28 06:28 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\SupportSoft
2008-06-28 06:28 . 2008-06-28 06:28 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\Simple Star
2008-06-28 06:28 . 2008-06-28 06:28 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\Quicken WillMaker
2008-06-28 06:28 . 2008-06-28 06:28 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\OfficeUpdate12
2008-06-28 06:28 . 2008-06-28 06:28 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\Nova Development
2008-06-28 06:28 . 2008-06-28 06:28 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\NewSoft
2008-06-28 06:28 . 2008-06-28 06:28 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\MTV Networks
2008-06-28 06:27 . 2008-07-25 11:37 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\MSN6
2008-06-28 06:27 . 2008-06-28 06:27 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\Motive
2008-06-28 06:27 . 2008-06-28 06:27 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\Microsoft Web Folders
2008-06-28 06:27 . 2008-06-28 06:27 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\Leadertech
2008-06-28 06:27 . 2008-06-28 06:27 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\Lavasoft
2008-06-28 06:27 . 2008-06-28 06:27 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\IsolatedStorage
2008-06-28 06:27 . 2008-06-28 06:27 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\iolo
2008-06-28 06:27 . 2008-06-28 06:27 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\Intuit
2008-06-28 06:27 . 2008-06-28 06:27 <DIR> d--h----- C:\Documents and Settings\David Wood\Application Data\GTek
2008-06-28 06:27 . 2008-06-28 06:27 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\Final Draft
2008-06-28 06:27 . 2008-06-28 06:27 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\ESRI
2008-06-28 06:26 . 2008-06-28 06:27 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\Downloaded Installations
2008-06-28 06:26 . 2008-06-28 06:26 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\DivX
2008-06-28 06:26 . 2008-06-28 06:26 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\DFX
2008-06-28 06:26 . 2008-06-28 06:26 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\Dell
2008-06-28 06:26 . 2008-06-28 06:26 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\Broderbund Software
2008-06-28 06:26 . 2008-06-28 06:26 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\Autodesk
2008-06-28 06:26 . 2008-06-28 06:26 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\ApplicationHistory
2008-06-28 06:26 . 2008-06-28 06:26 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\Apple Computer
2008-06-28 06:26 . 2008-07-06 07:54 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\AdobeUM
2008-06-28 06:26 . 2008-06-28 06:26 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\Active Disk
2008-06-28 06:26 . 2008-06-28 06:26 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\ABBYY
2008-06-28 06:26 . 2008-06-28 06:26 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\7100Series
2008-06-28 04:04 . 2008-06-28 04:04 <DIR> d--h----- C:\WUTemp
2008-06-28 04:04 . 2008-06-28 04:04 <DIR> d-------- C:\Start Menu
2008-06-28 04:04 . 2008-06-28 04:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\MSNInstaller
2008-06-28 04:04 . 2008-06-28 04:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intuit
2008-06-28 04:04 . 2008-06-28 04:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Gtek
2008-06-28 04:04 . 2008-06-28 04:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\7100Series
2008-06-28 04:03 . 2008-06-28 04:04 <DIR> d-------- C:\Python24
2008-06-28 04:03 . 2008-06-28 04:03 <DIR> d-------- C:\psfonts
2008-06-28 04:03 . 2008-06-28 04:03 <DIR> d-------- C:\My Downloads
2008-06-28 04:03 . 2008-06-28 04:03 <DIR> dr-h----- C:\MSOCache
2008-06-28 04:03 . 2008-06-28 04:03 <DIR> d-------- C:\lxk7100FX
2008-06-28 04:02 . 2008-06-28 04:02 <DIR> d-------- C:\Lexmark
2008-06-28 04:02 . 2008-06-28 04:02 <DIR> d-------- C:\Land Projects 2007
2008-06-28 04:02 . 2008-06-28 04:02 <DIR> d-------- C:\Inetpub
2008-06-28 04:02 . 2008-06-28 04:02 <DIR> d-------- C:\DIPRA
2008-06-28 04:02 . 2008-06-28 04:02 <DIR> d-------- C:\Data Lifeguard 9x
2008-06-28 04:02 . 2008-06-28 04:02 <DIR> d-------- C:\Civil 3D Projects
2008-06-28 04:02 . 2008-06-28 04:02 <DIR> d-------- C:\Adobe Albums
2008-06-27 21:06 . 2008-06-27 21:06 <DIR> d-------- C:\WINDOWS\system\URTTemp
2008-06-27 21:06 . 2008-06-27 21:06 <DIR> d-------- C:\WINDOWS\system\sfp
2008-06-27 21:06 . 2008-06-27 21:06 <DIR> d-------- C:\WINDOWS\system\RESTORE
2008-06-27 21:06 . 2008-06-27 21:06 <DIR> d-------- C:\WINDOWS\system\REINSTALLBACKUPS
2008-06-27 21:06 . 2008-06-27 21:06 <DIR> d-------- C:\WINDOWS\system\OOBE
2008-06-27 21:06 . 2008-06-27 21:06 <DIR> d-------- C:\WINDOWS\system\MUI
2008-06-27 21:06 . 2008-06-27 21:06 <DIR> d-------- C:\WINDOWS\system\Drivers
2008-06-27 21:06 . 2008-06-27 21:06 <DIR> d-------- C:\WINDOWS\system\Conexant
2008-06-27 21:06 . 2008-06-27 21:06 <DIR> d-------- C:\WINDOWS\system\CatRoot
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-26 13:07 31,104 ----a-w C:\WINDOWS\system32\drivers\Winej03.sys
2008-07-25 22:32 --------- d-----w C:\Program Files\Java
2008-07-04 00:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-30 00:20 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-28 00:32 --------- d-----w C:\Program Files\ATI Technologies
2008-06-27 13:33 --------- d-----w C:\Program Files\Google
2008-06-23 16:08 --------- d-----w C:\Program Files\CyberLink
2008-06-23 16:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-06-23 16:07 --------- d-----w C:\Program Files\Sonic
2008-06-23 16:07 --------- d-----w C:\Program Files\Roxio
2008-06-23 16:07 --------- d-----w C:\Program Files\Dell
2008-06-23 16:07 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-06-23 16:07 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-06-23 16:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-06-23 16:07 --------- d-----w C:\Documents and Settings\Administrator\Application Data\InstallShield
2008-06-23 16:06 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-06-23 16:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2008-06-23 16:06 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ATI
2008-06-23 16:04 --------- d-----w C:\Program Files\Analog Devices
2008-06-23 16:03 --------- d-----w C:\Program Files\Intel
2008-06-23 16:03 --------- d-----w C:\Program Files\Broadcom
2008-06-23 16:01 --------- d-----w C:\Program Files\Common Files\Java
2008-06-23 16:00 --------- d-----w C:\Program Files\MSXML 6.0
2008-06-23 15:46 6,928 ----a-w C:\WINDOWS\system32\drivers\1028_Dell_WOR_T5400.mrk
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2007-08-04 19:50 227,560 ----a-w C:\Documents and Settings\David Wood\Application Data\GDIPFONTCACHEV1.DAT
2004-03-24 23:18 115 ----a-w C:\Documents and Settings\David Wood\Application Data\fusioncache.dat
2003-11-17 22:38 560 ----a-w C:\Program Files\Global.sw
2001-12-28 05:27 271 --sha-w C:\Program Files\desktop.ini
2001-12-28 05:27 23,357 ---ha-w C:\Program Files\folder.htt
2001-09-17 22:00 82,206 ----a-w C:\Program Files\installScreen.jpg
2001-09-06 21:02 91,469 ----a-w C:\Program Files\installScreen2.jpg
2000-03-15 09:18 2,238 ----a-w C:\Program Files\mesa.ico
1998-11-17 16:09 24,576 ----a-w C:\WINDOWS\inf\Vizpnpin.exe
1998-10-12 16:23 40,960 ----a-w C:\WINDOWS\inf\vizPnP\Vipersti.dll
1998-07-30 17:44 19,112 ----a-w C:\WINDOWS\inf\vizPnP\Pmxscan.sys
2005-10-06 01:01 312 --sha-w C:\WINDOWS\DRM\v3ks.bla.dat
2006-12-31 12:56 16,384 --sha-w C:\WINDOWS\system32\spool\drivers\w32x86\3\%APPDATA%\Microsoft\Feeds Cache\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-23 12:07 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 10:12 90112]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-09-18 20:48 1015808]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-06-23 12:07 29744]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2008-02-26 16:16 17920]
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 11:57 128296]
"LXBXCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll" [2004-11-02 11:08 69632]
"lxbxmon.exe"="C:\Program Files\Lexmark 7100 Series\lxbxmon.exe" [2005-01-18 05:43 196608]
"FaxCenterServer4_in_1"="C:\Program Files\Lexmark 7100 Series\fm3032.exe" [2004-12-06 12:53 286720]
"EzPrint"="C:\Program Files\Lexmark 7100 Series\ezprint.exe" [2004-09-17 09:24 61440]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [2007-03-11 17:37 936960]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 16:46 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-05-23 19:16 368640]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 16:44 178712]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 03:12 76304 C:\WINDOWS\KHALMNPR.Exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 03:12 76304 C:\WINDOWS\KHALMNPR.Exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"PCmover MapiFix"="C:\Program Files\Laplink\PCmover\mapifix.exe" [2007-11-01 06:49 66864]
C:\Documents and Settings\David Wood\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-07-03 20:50:21 805392]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 02:42 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winej03.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wintq11.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winvl33.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Iomega Backup Scheduler.lnk]
backup=C:\WINDOWS\pss\Iomega Backup Scheduler.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ulead Photo Express 3.0 SE Calendar Checker.lnk]
backup=C:\WINDOWS\pss\Ulead Photo Express 3.0 SE Calendar Checker.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Launcher
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantAccess
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegisterDropHandler
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
--a------ 2006-09-11 05:40 218032 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]
--a------ 2001-11-29 02:00 28672 C:\Program Files\Creative\SBLive\Program\ADGJDet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a------ 2007-10-26 23:17 67128 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxbxmon.exe]
--a------ 2005-01-18 05:43 196608 C:\Program Files\Lexmark 7100 Series\lxbxmon.exE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
--a------ 2006-06-23 12:33 438359 C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Speed racer]
--a------ 1999-11-16 02:00 5632 C:\Program Files\Creative\PlayCenter\CTSRReg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-07-07 09:42 2156368 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]
--a------ 2002-07-02 18:56 24576 C:\WINDOWS\system32\CTHELPER.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Ati HotKey Poller"=2 (0x2)
"CCALib8"=2 (0x2)
"Creative Service for CDROM Access"=2 (0x2)
"MDM"=2 (0x2)
"RemoteRegistry"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"ADUserMon"=C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
"Deskup"=C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
"Iomega Drive Icons"=C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"LoadQM"=loadqm.exe
"QD FastAndSafe"=
"Speed racer"=C:\Program Files\Creative\PlayCenter\CTSRReg.exe
"UpdReg"=C:\WINDOWS\Updreg.exe
"WorksFUD"=C:\Program Files\Microsoft Works\wkfud.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Laplink\\PCmover\\PCmover.exe"=
"C:\\WINDOWS\\system32\\lxbxcoms.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxbxPSWX.EXE"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
R0 Winej03;Winej03;C:\WINDOWS\system32\Drivers\Winej03.sys [2008-07-26 09:07]
R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2007-07-23 15:49]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [2007-06-20 15:30]
S0 Wintq11;Wintq11;C:\WINDOWS\system32\Drivers\Wintq11.sys []
S0 Winvl33;Winvl33;C:\WINDOWS\system32\Drivers\Winvl33.sys []
S2 BCMNTIO;BCMNTIO;C:\PROGRA~1\CHECKIT\DIAGNO~1\BCMNTIO.sys [2004-03-05 17:09]
S2 MAPMEM;MAPMEM;C:\PROGRA~1\CHECKIT\DIAGNO~1\MAPMEM.sys [2004-03-05 17:09]
S3 LLUSBFLT;LLUSBFLT;C:\WINDOWS\system32\drivers\llusbflt.sys [2005-08-03 15:59]
S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc2.sys [2005-08-03 15:59]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
C:\WINDOWS\SYSTEM32\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl
.
Contents of the 'Scheduled Tasks' folder
2008-07-15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - :C:\Program Files\Apple Software Update\SoftwareUpdate.exe-TaskDF Wood0 []
2008-02-10 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job - s!2C:\Program Files\Windows Live Toolbar\MSNTBUP.EXEDF Wood []
2008-07-01 C:\WINDOWS\Tasks\jucheck.job - C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe [2007-09-25 01:11]
2008-07-23 C:\WINDOWS\Tasks\Maintenance-Defragment programs.job - s!,C:\WINDOWS\DEFRAG.EXE/SAGERUN:0David F. WoodThe Maintenance wizard scheduled this job to speed up your programs. For more information, look up Disk Defragmenter in Windows Help.0 []
2008-07-02 C:\WINDOWS\Tasks\Maintenance-Disk cleanup.job - s!C:\WINDOWS\CLEANMGR.EXE/SAGERUN:0David F. WoodThe Maintenance wizard scheduled this job to delete unnecessary files from your hard disk. For more information, look up Disk Cleanup in Windows Help.0 []
2008-07-26 C:\WINDOWS\Tasks\MP Scheduled Scan.job - sD@!/C:\Program Files\Windows Defender\MpCmdRun.exeScan -RestrictPrivilegesSYSTEMScheduled Scan0 []
.
- - - - ORPHANS REMOVED - - - -
Toolbar-{72585F60-1D5F-4B66-8806-53E3973D64B5} - (no file)
Notify-qoMeDTlL - qoMeDTlL.dll
Notify-WinCtrl32 - WinCtrl32.dll
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-Internet Settings,ProxyOverride = 127.0.0.1
O18 -: Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\SYSTEM\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd
O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
O16 -: {E856B973-45FD-4559-8F82-EAB539144667}
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-26 09:08:26
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bitpatches.dat
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bitversions.dat
scan completed successfully
hidden files: 2
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\WinCtrl32.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\lxbxcoms.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
.
**************************************************************************
.
Completion time: 2008-07-26 9:12:43 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-26 13:12:33
Pre-Run: 178,891,436,032 bytes free
Post-Run: 178,692,521,984 bytes free
379 --- E O F --- 2008-07-26 13:12:06
and the HijackThis report:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:20:50, on 7/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Lexmark 7100 Series\lxbxmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lexmark 7100 Series\ezprint.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\WINDOWS\system32\lxbxcoms.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\dfwood.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4080623
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [LXBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxbxmon.exe] "C:\Program Files\Lexmark 7100 Series\lxbxmon.exe"
O4 - HKLM\..\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 7100 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7100 Series\ezprint.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [PCmover CookieMerge] "C:\Program Files\Laplink\PCmover\CookieMerge.exe" "C:\Documents and Settings\LocalService\Local Settings\Application Data\Laplink\PCmover\Cookies" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [PCmover MapiFix] "C:\Program Files\Laplink\PCmover\mapifix.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [PCmover MapiFix] "C:\Program Files\Laplink\PCmover\mapifix.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [PCmover MapiFix] "C:\Program Files\Laplink\PCmover\mapifix.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [PCmover MapiFix] "C:\Program Files\Laplink\PCmover\mapifix.exe" (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} -
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} -
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15034/CTPID.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: WinCtrl32 - WinCtrl32.dll (file missing)
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: lxbx_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbxcoms.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 10666 bytes
Hi
Looks much better :)
Please click this link-->Jotti (http://virusscan.jotti.org/)
Copy/paste file on the list into the white Upload a file box and click Submit/Send (depends on which one you are using Jotti or VirusTotal).
C:\WINDOWS\system32\drivers\Winej03.sys
Please post back the results of the scan in your next post.
If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/
Virus Total file:
0 bytes size received / Se ha recibido un archivo vacio
Jotti file:
The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file
Hi
Are you able to locate that file?
If so, please copy it to some other folder and try again, please.
When I try to paste it somewhere else I get a message that says:
Can not copy Winej03: access is denied.
Make sure that the diask is not full or write protected and that the file is not in use.
What now?
Hi
Thanks for the info.
Open notepad and copy/paste the text in the codebox below into it:
File::
C:\WINDOWS\system32\drivers\Winej03.sys
Driver::
Winej03
Wintq11
Winvl33
Save this as "CFScript"
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
Here's the ComboFix file:
ComboFix 08-07-25.7 - David Wood 2008-07-26 13:18:48.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1406 [GMT -4:00]
Running from: C:\Documents and Settings\David Wood\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\David Wood\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\WINDOWS\system32\drivers\Winej03.sys
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\drivers\Winej03.sys
C:\WINDOWS\system32\WinCtrl32.dl_
C:\WINDOWS\system32\WinCtrl32.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_WINEJ03
-------\Legacy_WINTQ11
-------\Service_Winej03
-------\Service_Wintq11
-------\Service_Winvl33
((((((((((((((((((((((((( Files Created from 2008-06-26 to 2008-07-26 )))))))))))))))))))))))))))))))
.
2008-07-26 08:54 . 2008-07-26 13:17 <DIR> d-------- C:\327882R2FWJFW
2008-07-26 06:40 . 2008-07-26 06:40 <DIR> d-------- C:\WINDOWS\ERUNT
2008-07-26 06:29 . 2008-07-26 06:52 <DIR> d-------- C:\SDFix
2008-07-25 18:32 . 2008-07-25 18:32 <DIR> d-------- C:\Program Files\Sun
2008-07-25 13:05 . 2008-07-26 11:43 <DIR> d-------- C:\Program Files\SpywareGuard
2008-07-25 12:51 . 2008-07-25 12:53 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-07-25 08:59 . 2008-07-25 08:59 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-25 08:59 . 2008-07-25 09:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-25 07:19 . 2008-07-25 07:19 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\BitDefender
2008-07-14 20:02 . 2008-07-14 20:02 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-13 12:38 . 2008-07-26 13:23 121 --a------ C:\WINDOWS\bdagent.INI
2008-07-13 12:03 . 2008-07-26 13:23 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-07-13 12:01 . 2008-07-13 12:01 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\Bitdefender
2008-07-13 12:00 . 2008-07-13 12:01 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-07-13 12:00 . 2008-07-13 12:00 <DIR> d-------- C:\Program Files\BitDefender
2008-07-13 12:00 . 2008-07-13 12:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-07-11 07:32 . 2008-07-11 07:32 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\MSNInstaller
2008-07-03 20:55 . 2008-07-03 20:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-07-03 20:52 . 2008-07-03 20:52 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\Logitech
2008-07-03 20:51 . 2008-07-03 20:51 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-07-03 20:51 . 2008-07-03 20:51 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2008-07-03 20:51 . 2008-07-03 20:51 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-07-03 20:50 . 2008-07-03 20:50 <DIR> d-------- C:\Program Files\Common Files\Logishrd
2008-07-03 20:50 . 2008-07-03 20:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-07-03 20:50 . 2008-05-02 02:39 170,512 --a------ C:\WINDOWS\system32\kemutb.dll
2008-07-03 20:50 . 2008-05-02 02:39 145,936 --a------ C:\WINDOWS\system32\KemUtil.dll
2008-07-03 20:50 . 2008-05-02 02:40 117,264 --a------ C:\WINDOWS\system32\KemWnd.dll
2008-07-03 20:50 . 2008-05-02 02:40 84,496 --a------ C:\WINDOWS\system32\KemXML.dll
2008-07-01 19:59 . 2008-07-01 19:59 557,056 --a------ C:\Documents and Settings\David Wood\GoToAssist_phone__320_en.exe
2008-07-01 05:21 . 2008-07-05 10:34 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-06-29 21:20 . 2008-07-03 20:32 <DIR> d-------- C:\Program Files\Common Files\Logitech
2008-06-29 21:20 . 2006-01-20 18:02 36,608 --a------ C:\WINDOWS\system32\drivers\LHidUsbK.sys
2008-06-29 20:21 . 2008-06-29 20:21 151,566 --a------ C:\WINDOWS\system32\UninstIPP.isu
2008-06-29 20:20 . 2008-06-29 20:20 <DIR> d-------- C:\WINDOWS\system32\color
2008-06-29 20:19 . 2008-06-29 20:19 <DIR> d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-06-29 20:18 . 2008-06-29 20:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\7100Series
2008-06-29 20:12 . 2008-04-13 14:45 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-06-29 20:12 . 2008-04-13 14:45 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2008-06-29 20:11 . 2008-06-29 21:10 <DIR> d-------- C:\Temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15}
2008-06-29 20:11 . 2008-06-29 20:11 <DIR> d-------- C:\Temp
2008-06-29 10:21 . 2008-06-29 10:22 <DIR> d-------- C:\5da482f6ae58dfacdd173c2511b8
2008-06-29 09:12 . 2008-06-29 09:12 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2008-06-29 09:06 . 2008-06-29 09:11 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-06-28 09:12 . 2008-06-28 09:13 29,184 --a------ C:\WINDOWS\system32\drivers\goprot51.sys
2008-06-28 09:12 . 2008-06-28 09:12 3,380 --a------ C:\WINDOWS\system32\OEMINFO.PNF
2008-06-28 09:03 . 2008-06-28 09:03 <DIR> d-------- C:\Program Files\ESRI
2008-06-28 06:48 . 2008-06-28 06:48 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Symantec
2008-06-28 06:48 . 2008-06-28 06:48 <DIR> d-------- C:\Documents and Settings\Jean Santarelli\WINDOWS
2008-06-28 06:48 . 2008-06-28 06:48 <DIR> d-------- C:\Documents and Settings\Jean Santarelli\Application Data\MSNInstaller
2008-06-28 06:48 . 2008-06-28 06:48 <DIR> d-------- C:\Documents and Settings\Jean Santarelli\Application Data\MSN6
2008-06-28 06:48 . 2008-06-28 06:48 <DIR> d-------- C:\Documents and Settings\Jean Santarelli\Application Data\Motive
2008-06-28 06:48 . 2008-06-28 06:48 <DIR> d-------- C:\Documents and Settings\Jean Santarelli\Application Data\Lavasoft
2008-06-28 06:48 . 2008-06-28 06:48 <DIR> d-------- C:\Documents and Settings\Jean Santarelli\Application Data\IsolatedStorage
2008-06-28 06:48 . 2008-06-28 06:48 <DIR> d-------- C:\Documents and Settings\Jean Santarelli\Application Data\Intuit
2008-06-28 06:48 . 2008-06-28 06:48 <DIR> d--h----- C:\Documents and Settings\Jean Santarelli\Application Data\Gtek
2008-06-28 06:48 . 2008-06-28 06:48 <DIR> d-------- C:\Documents and Settings\Jean Santarelli\Application Data\7100Series
2008-06-28 06:48 . 2008-06-28 06:48 <DIR> d-------- C:\Documents and Settings\David Wood\WINDOWS
2008-06-28 06:48 . 2008-06-28 06:48 <DIR> d-------- C:\Documents and Settings\David Wood\SecurityScans
2008-06-28 06:48 . 2008-06-28 06:48 <DIR> d--h----- C:\Documents and Settings\David Wood\InstallAnywhere
2008-06-28 06:48 . 2008-06-28 06:48 <DIR> d-------- C:\Documents and Settings\David Wood\Apps
2008-06-28 06:48 . 2008-06-28 06:48 <DIR> d-------- C:\Documents and Settings\David Wood\.webrenderer
2008-06-28 06:48 . 2008-06-28 06:48 <DIR> d-------- C:\Documents and Settings\David Wood\.idlerc
2008-06-28 06:47 . 2008-06-28 06:48 <DIR> d-------- C:\Documents and Settings\David Wood\.housecall6.6
2008-06-28 06:28 . 2008-06-28 06:28 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\WMTools Downloaded Files
2008-06-28 06:28 . 2008-06-28 06:28 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\WebRenderer
2008-06-28 06:28 . 2008-06-28 06:28 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\Viewpoint
2008-06-28 06:28 . 2008-06-28 06:28 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\Uniblue
2008-06-28 06:28 . 2008-06-28 06:28 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\Symantec
2008-06-28 06:28 . 2008-06-28 06:28 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\SupportSoft
2008-06-28 06:28 . 2008-06-28 06:28 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\Simple Star
2008-06-28 06:28 . 2008-06-28 06:28 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\Quicken WillMaker
2008-06-28 06:28 . 2008-06-28 06:28 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\OfficeUpdate12
2008-06-28 06:28 . 2008-06-28 06:28 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\Nova Development
2008-06-28 06:28 . 2008-06-28 06:28 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\NewSoft
2008-06-28 06:28 . 2008-06-28 06:28 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\MTV Networks
2008-06-28 06:27 . 2008-07-25 11:37 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\MSN6
2008-06-28 06:27 . 2008-06-28 06:27 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\Motive
2008-06-28 06:27 . 2008-06-28 06:27 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\Microsoft Web Folders
2008-06-28 06:27 . 2008-06-28 06:27 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\Leadertech
2008-06-28 06:27 . 2008-06-28 06:27 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\Lavasoft
2008-06-28 06:27 . 2008-06-28 06:27 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\IsolatedStorage
2008-06-28 06:27 . 2008-06-28 06:27 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\iolo
2008-06-28 06:27 . 2008-06-28 06:27 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\Intuit
2008-06-28 06:27 . 2008-06-28 06:27 <DIR> d--h----- C:\Documents and Settings\David Wood\Application Data\GTek
2008-06-28 06:27 . 2008-06-28 06:27 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\Final Draft
2008-06-28 06:27 . 2008-06-28 06:27 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\ESRI
2008-06-28 06:26 . 2008-06-28 06:27 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\Downloaded Installations
2008-06-28 06:26 . 2008-06-28 06:26 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\DivX
2008-06-28 06:26 . 2008-06-28 06:26 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\DFX
2008-06-28 06:26 . 2008-06-28 06:26 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\Dell
2008-06-28 06:26 . 2008-06-28 06:26 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\Broderbund Software
2008-06-28 06:26 . 2008-06-28 06:26 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\Autodesk
2008-06-28 06:26 . 2008-06-28 06:26 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\ApplicationHistory
2008-06-28 06:26 . 2008-06-28 06:26 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\Apple Computer
2008-06-28 06:26 . 2008-07-06 07:54 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\AdobeUM
2008-06-28 06:26 . 2008-06-28 06:26 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\Active Disk
2008-06-28 06:26 . 2008-06-28 06:26 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\ABBYY
2008-06-28 06:26 . 2008-06-28 06:26 <DIR> d-------- C:\Documents and Settings\David Wood\Application Data\7100Series
2008-06-28 04:04 . 2008-06-28 04:04 <DIR> d--h----- C:\WUTemp
2008-06-28 04:04 . 2008-06-28 04:04 <DIR> d-------- C:\Start Menu
2008-06-28 04:04 . 2008-06-28 04:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\MSNInstaller
2008-06-28 04:04 . 2008-06-28 04:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intuit
2008-06-28 04:04 . 2008-06-28 04:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Gtek
2008-06-28 04:04 . 2008-06-28 04:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\7100Series
2008-06-28 04:03 . 2008-06-28 04:04 <DIR> d-------- C:\Python24
2008-06-28 04:03 . 2008-06-28 04:03 <DIR> d-------- C:\psfonts
2008-06-28 04:03 . 2008-06-28 04:03 <DIR> d-------- C:\My Downloads
2008-06-28 04:03 . 2008-06-28 04:03 <DIR> dr-h----- C:\MSOCache
2008-06-28 04:03 . 2008-06-28 04:03 <DIR> d-------- C:\lxk7100FX
2008-06-28 04:02 . 2008-06-28 04:02 <DIR> d-------- C:\Lexmark
2008-06-28 04:02 . 2008-06-28 04:02 <DIR> d-------- C:\Land Projects 2007
2008-06-28 04:02 . 2008-06-28 04:02 <DIR> d-------- C:\Inetpub
2008-06-28 04:02 . 2008-06-28 04:02 <DIR> d-------- C:\DIPRA
2008-06-28 04:02 . 2008-06-28 04:02 <DIR> d-------- C:\Data Lifeguard 9x
2008-06-28 04:02 . 2008-06-28 04:02 <DIR> d-------- C:\Civil 3D Projects
2008-06-28 04:02 . 2008-06-28 04:02 <DIR> d-------- C:\Adobe Albums
2008-06-27 21:06 . 2008-06-27 21:06 <DIR> d-------- C:\WINDOWS\system\URTTemp
2008-06-27 21:06 . 2008-06-27 21:06 <DIR> d-------- C:\WINDOWS\system\sfp
2008-06-27 21:06 . 2008-06-27 21:06 <DIR> d-------- C:\WINDOWS\system\RESTORE
2008-06-27 21:06 . 2008-06-27 21:06 <DIR> d-------- C:\WINDOWS\system\REINSTALLBACKUPS
2008-06-27 21:06 . 2008-06-27 21:06 <DIR> d-------- C:\WINDOWS\system\OOBE
2008-06-27 21:06 . 2008-06-27 21:06 <DIR> d-------- C:\WINDOWS\system\MUI
2008-06-27 21:06 . 2008-06-27 21:06 <DIR> d-------- C:\WINDOWS\system\Drivers
2008-06-27 21:06 . 2008-06-27 21:06 <DIR> d-------- C:\WINDOWS\system\Conexant
2008-06-27 21:06 . 2008-06-27 21:06 <DIR> d-------- C:\WINDOWS\system\CatRoot
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-25 22:32 --------- d-----w C:\Program Files\Java
2008-07-04 00:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-30 00:20 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-28 00:32 --------- d-----w C:\Program Files\ATI Technologies
2008-06-27 13:33 --------- d-----w C:\Program Files\Google
2008-06-23 16:08 --------- d-----w C:\Program Files\CyberLink
2008-06-23 16:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-06-23 16:07 --------- d-----w C:\Program Files\Sonic
2008-06-23 16:07 --------- d-----w C:\Program Files\Roxio
2008-06-23 16:07 --------- d-----w C:\Program Files\Dell
2008-06-23 16:07 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-06-23 16:07 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-06-23 16:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-06-23 16:07 --------- d-----w C:\Documents and Settings\Administrator\Application Data\InstallShield
2008-06-23 16:06 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-06-23 16:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2008-06-23 16:06 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ATI
2008-06-23 16:04 --------- d-----w C:\Program Files\Analog Devices
2008-06-23 16:03 --------- d-----w C:\Program Files\Intel
2008-06-23 16:03 --------- d-----w C:\Program Files\Broadcom
2008-06-23 16:01 --------- d-----w C:\Program Files\Common Files\Java
2008-06-23 16:00 --------- d-----w C:\Program Files\MSXML 6.0
2008-06-23 15:46 6,928 ----a-w C:\WINDOWS\system32\drivers\1028_Dell_WOR_T5400.mrk
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2007-08-04 19:50 227,560 ----a-w C:\Documents and Settings\David Wood\Application Data\GDIPFONTCACHEV1.DAT
2004-03-24 23:18 115 ----a-w C:\Documents and Settings\David Wood\Application Data\fusioncache.dat
2003-11-17 22:38 560 ----a-w C:\Program Files\Global.sw
2001-12-28 05:27 271 --sha-w C:\Program Files\desktop.ini
2001-12-28 05:27 23,357 ---ha-w C:\Program Files\folder.htt
2001-09-17 22:00 82,206 ----a-w C:\Program Files\installScreen.jpg
2001-09-06 21:02 91,469 ----a-w C:\Program Files\installScreen2.jpg
2000-03-15 09:18 2,238 ----a-w C:\Program Files\mesa.ico
2005-10-06 01:01 312 --sha-w C:\WINDOWS\DRM\v3ks.bla.dat
2006-12-31 12:56 16,384 --sha-w C:\WINDOWS\system32\spool\drivers\w32x86\3\%APPDATA%\Microsoft\Feeds Cache\index.dat
.
((((((((((((((((((((((((((((( snapshot@2008-07-26_ 9.12.18.53 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-26 13:07:51 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-07-26 16:44:00 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-07-26 13:07:51 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-07-26 16:44:00 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-07-26 13:08:19 163,840 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008072620080727\index.dat
+ 2008-07-26 16:44:48 229,376 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008072620080727\index.dat
- 2008-07-26 13:07:51 278,528 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-26 16:44:00 278,528 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-23 12:07 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 10:12 90112]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-09-18 20:48 1015808]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-06-23 12:07 29744]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2008-02-26 16:16 17920]
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 11:57 128296]
"LXBXCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll" [2004-11-02 11:08 69632]
"lxbxmon.exe"="C:\Program Files\Lexmark 7100 Series\lxbxmon.exe" [2005-01-18 05:43 196608]
"FaxCenterServer4_in_1"="C:\Program Files\Lexmark 7100 Series\fm3032.exe" [2004-12-06 12:53 286720]
"EzPrint"="C:\Program Files\Lexmark 7100 Series\ezprint.exe" [2004-09-17 09:24 61440]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [2007-03-11 17:37 936960]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 16:46 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-05-23 19:16 368640]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 16:44 178712]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 03:12 76304 C:\WINDOWS\KHALMNPR.Exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 03:12 76304 C:\WINDOWS\KHALMNPR.Exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"PCmover MapiFix"="C:\Program Files\Laplink\PCmover\mapifix.exe" [2007-11-01 06:49 66864]
C:\Documents and Settings\David Wood\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-07-03 20:50:21 805392]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 02:42 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wintq11.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winvl33.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Iomega Backup Scheduler.lnk]
backup=C:\WINDOWS\pss\Iomega Backup Scheduler.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ulead Photo Express 3.0 SE Calendar Checker.lnk]
backup=C:\WINDOWS\pss\Ulead Photo Express 3.0 SE Calendar Checker.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Launcher
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantAccess
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegisterDropHandler
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
--a------ 2006-09-11 05:40 218032 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]
--a------ 2001-11-29 02:00 28672 C:\Program Files\Creative\SBLive\Program\ADGJDet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a------ 2007-10-26 23:17 67128 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxbxmon.exe]
--a------ 2005-01-18 05:43 196608 C:\Program Files\Lexmark 7100 Series\lxbxmon.exE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
--a------ 2006-06-23 12:33 438359 C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Speed racer]
--a------ 1999-11-16 02:00 5632 C:\Program Files\Creative\PlayCenter\CTSRReg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-07-07 09:42 2156368 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]
--a------ 2002-07-02 18:56 24576 C:\WINDOWS\system32\CTHELPER.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Ati HotKey Poller"=2 (0x2)
"CCALib8"=2 (0x2)
"Creative Service for CDROM Access"=2 (0x2)
"MDM"=2 (0x2)
"RemoteRegistry"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"ADUserMon"=C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
"Deskup"=C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
"Iomega Drive Icons"=C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"LoadQM"=loadqm.exe
"QD FastAndSafe"=
"Speed racer"=C:\Program Files\Creative\PlayCenter\CTSRReg.exe
"UpdReg"=C:\WINDOWS\Updreg.exe
"WorksFUD"=C:\Program Files\Microsoft Works\wkfud.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Laplink\\PCmover\\PCmover.exe"=
"C:\\WINDOWS\\system32\\lxbxcoms.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxbxPSWX.EXE"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2007-07-23 15:49]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [2007-06-20 15:30]
S2 BCMNTIO;BCMNTIO;C:\PROGRA~1\CHECKIT\DIAGNO~1\BCMNTIO.sys [2004-03-05 17:09]
S2 MAPMEM;MAPMEM;C:\PROGRA~1\CHECKIT\DIAGNO~1\MAPMEM.sys [2004-03-05 17:09]
S3 LLUSBFLT;LLUSBFLT;C:\WINDOWS\system32\drivers\llusbflt.sys [2005-08-03 15:59]
S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc2.sys [2005-08-03 15:59]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
C:\WINDOWS\SYSTEM32\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl
.
Contents of the 'Scheduled Tasks' folder
2008-07-15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - :C:\Program Files\Apple Software Update\SoftwareUpdate.exe-TaskDF Wood0 []
2008-02-10 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job - s!2C:\Program Files\Windows Live Toolbar\MSNTBUP.EXEDF Wood []
2008-07-01 C:\WINDOWS\Tasks\jucheck.job - C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe [2007-09-25 01:11]
2008-07-23 C:\WINDOWS\Tasks\Maintenance-Defragment programs.job - s!,C:\WINDOWS\DEFRAG.EXE/SAGERUN:0David F. WoodThe Maintenance wizard scheduled this job to speed up your programs. For more information, look up Disk Defragmenter in Windows Help.0 []
2008-07-02 C:\WINDOWS\Tasks\Maintenance-Disk cleanup.job - s!C:\WINDOWS\CLEANMGR.EXE/SAGERUN:0David F. WoodThe Maintenance wizard scheduled this job to delete unnecessary files from your hard disk. For more information, look up Disk Cleanup in Windows Help.0 []
2008-07-26 C:\WINDOWS\Tasks\MP Scheduled Scan.job - sD@!/C:\Program Files\Windows Defender\MpCmdRun.exeScan -RestrictPrivilegesSYSTEMScheduled Scan0 []
.
- - - - ORPHANS REMOVED - - - -
Toolbar-{72585F60-1D5F-4B66-8806-53E3973D64B5} - (no file)
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-26 13:24:50
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\system32\lxbxcoms.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
C:\Program Files\SpywareGuard\sgbhp.exe
.
**************************************************************************
.
Completion time: 2008-07-26 13:28:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-26 17:28:30
ComboFix2.txt 2008-07-26 13:12:46
Pre-Run: 178,629,971,968 bytes free
Post-Run: 178,619,772,928 bytes free
361 --- E O F --- 2008-07-26 13:12:06
and the Hijack This file:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:32:02, on 7/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Lexmark 7100 Series\lxbxmon.exe
C:\Program Files\Lexmark 7100 Series\ezprint.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\lxbxcoms.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\Hijack This.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/default.armx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4080623
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [LXBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxbxmon.exe] "C:\Program Files\Lexmark 7100 Series\lxbxmon.exe"
O4 - HKLM\..\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 7100 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7100 Series\ezprint.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [PCmover CookieMerge] "C:\Program Files\Laplink\PCmover\CookieMerge.exe" "C:\Documents and Settings\LocalService\Local Settings\Application Data\Laplink\PCmover\Cookies" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [PCmover MapiFix] "C:\Program Files\Laplink\PCmover\mapifix.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [PCmover MapiFix] "C:\Program Files\Laplink\PCmover\mapifix.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [PCmover MapiFix] "C:\Program Files\Laplink\PCmover\mapifix.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [PCmover MapiFix] "C:\Program Files\Laplink\PCmover\mapifix.exe" (User 'Default user')
O4 - S-1-5-18 Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} -
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} -
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15034/CTPID.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: lxbx_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbxcoms.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 10871 bytes
Thank Goodness for you people like you, who use their talents to a good purpose instead of like the others who cause all of this turmoil.
Hi
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.
Here is the Kaspersky report:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:32:02, on 7/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Lexmark 7100 Series\lxbxmon.exe
C:\Program Files\Lexmark 7100 Series\ezprint.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\lxbxcoms.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\Hijack This.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/default.armx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4080623
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [LXBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxbxmon.exe] "C:\Program Files\Lexmark 7100 Series\lxbxmon.exe"
O4 - HKLM\..\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 7100 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7100 Series\ezprint.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [PCmover CookieMerge] "C:\Program Files\Laplink\PCmover\CookieMerge.exe" "C:\Documents and Settings\LocalService\Local Settings\Application Data\Laplink\PCmover\Cookies" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [PCmover MapiFix] "C:\Program Files\Laplink\PCmover\mapifix.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [PCmover MapiFix] "C:\Program Files\Laplink\PCmover\mapifix.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [PCmover MapiFix] "C:\Program Files\Laplink\PCmover\mapifix.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [PCmover MapiFix] "C:\Program Files\Laplink\PCmover\mapifix.exe" (User 'Default user')
O4 - S-1-5-18 Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} -
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} -
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15034/CTPID.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: lxbx_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbxcoms.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 10871 bytes
and the Hijack This report:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:45:38, on 7/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Lexmark 7100 Series\lxbxmon.exe
C:\Program Files\Lexmark 7100 Series\ezprint.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\lxbxcoms.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\Hijack This.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/default.armx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4080623
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [LXBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxbxmon.exe] "C:\Program Files\Lexmark 7100 Series\lxbxmon.exe"
O4 - HKLM\..\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 7100 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7100 Series\ezprint.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [PCmover CookieMerge] "C:\Program Files\Laplink\PCmover\CookieMerge.exe" "C:\Documents and Settings\LocalService\Local Settings\Application Data\Laplink\PCmover\Cookies" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [PCmover MapiFix] "C:\Program Files\Laplink\PCmover\mapifix.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [PCmover MapiFix] "C:\Program Files\Laplink\PCmover\mapifix.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [PCmover MapiFix] "C:\Program Files\Laplink\PCmover\mapifix.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [PCmover MapiFix] "C:\Program Files\Laplink\PCmover\mapifix.exe" (User 'Default user')
O4 - S-1-5-18 Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} -
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} -
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15034/CTPID.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: lxbx_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbxcoms.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 10838 bytes
Let's try that again...
Here is the Kaspersky file:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, July 26, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, July 26, 2008 17:38:30
Records in database: 1011052
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
Scan statistics:
Files scanned: 147919
Threat name: 3
Infected objects: 6
Suspicious objects: 0
Duration of the scan: 02:22:57
File name / Threat name / Threats count
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Winej03.sys.vir Infected: Trojan-Downloader.Win32.Mutant.aim 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Winej03.sys.zip Infected: Trojan-Downloader.Win32.Mutant.aim 1
C:\QooBox\Quarantine\catchme2008-07-26_132144.28.zip Infected: Trojan-Downloader.Win32.Mutant.aim 2
C:\SDFix\backups\backups.zip Infected: not-a-virus:FraudTool.Win32.UltimateAntivirus.y 1
C:\SDFix\backups\backups.zip Infected: not-a-virus:FraudTool.Win32.UltimateAntivirus.ab 1
The selected area was scanned.
and the Hijack This file:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:45:38, on 7/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Lexmark 7100 Series\lxbxmon.exe
C:\Program Files\Lexmark 7100 Series\ezprint.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\lxbxcoms.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\Hijack This.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/default.armx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4080623
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [LXBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxbxmon.exe] "C:\Program Files\Lexmark 7100 Series\lxbxmon.exe"
O4 - HKLM\..\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 7100 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7100 Series\ezprint.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [PCmover CookieMerge] "C:\Program Files\Laplink\PCmover\CookieMerge.exe" "C:\Documents and Settings\LocalService\Local Settings\Application Data\Laplink\PCmover\Cookies" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [PCmover MapiFix] "C:\Program Files\Laplink\PCmover\mapifix.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [PCmover MapiFix] "C:\Program Files\Laplink\PCmover\mapifix.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [PCmover MapiFix] "C:\Program Files\Laplink\PCmover\mapifix.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [PCmover MapiFix] "C:\Program Files\Laplink\PCmover\mapifix.exe" (User 'Default user')
O4 - S-1-5-18 Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} -
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} -
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15034/CTPID.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: lxbx_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbxcoms.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 10838 bytes
Hi
Empty these folders:
C:\QooBox\Quarantine\
C:\SDFix\backups\
Empty Recycle Bin.
Still problems?
No, it looks like everything is OK now, Thahk You so much for your help with this.
Two questions, though...
1. ComboFix set the format of the taskbar clock to 24 hours, how can I reset that to 12/12?
2. The bigger question is, how do I keep from getting in this fix again? What programs should I use for protection from these attacks?
Thanks again.
DFWood
Hi
1. Combofix /u should do it, type that in start - run and click ok.
2. I give you some tips for that soon in my final instructions :)
Hi,
I tried the ComboFix /u suggestion and it is still a 24 hour clok in the Taskbar.
What were the final sugesstions that you had mentioned?
Hi
Then go to Control panel and Regional Settings and change time format from there.
Let me know if it helped :)
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.
Note: If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.