PDA

View Full Version : still have virus and spyware issues



griiker
2010-04-07, 08:42
I have been having popups every five minutes for an Vista Security tool" anti virus thing. I had previously started a thread entitled , however, I was only able to generate the reports shown below this introduction. I started a thread previously "can't load spybot" and Blade81 was helping me with it, however it was stopped before I could reply to one of his posts. I stilkl have this problem. furthermore, Spybot will no longer install, let alone run. when I did try to run it, it would crash during update.


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/25/2008 11:46:59 AM
System Uptime: 3/23/2010 10:10:37 AM (3 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | EP35C-DS3R
Processor: Intel(R) Core(TM)2 Duo CPU E7200 @ 2.53GHz | Socket 775 | 2533/266mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 298 GiB total, 182.494 GiB free.
D: is Removable
E: is FIXED (FAT32) - 149 GiB total, 66.599 GiB free.
F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID:
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_50011458&REV_02\3&13C0B0C5&2&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_50011458&REV_02\3&13C0B0C5&2&FB
Service:

==== System Restore Points ===================

RP528: 2/26/2010 7:45:29 PM - Windows Update
RP529: 2/27/2010 3:00:13 AM - Windows Update
RP530: 2/28/2010 12:00:08 AM - Scheduled Checkpoint
RP532: 2/28/2010 4:43:42 AM - CA Internet Security Suite
RP534: 2/28/2010 4:53:06 AM - CA Internet Security Suite
RP535: 3/1/2010 3:00:10 AM - Windows Update
RP536: 3/1/2010 3:40:10 PM - Scheduled Checkpoint
RP538: 3/7/2010 12:19:40 PM - Scheduled Checkpoint
RP539: 3/8/2010 10:45:09 AM - Scheduled Checkpoint
RP540: 3/9/2010 5:00:02 PM - Scheduled Checkpoint
RP541: 3/10/2010 7:43:21 AM - Scheduled Checkpoint
RP542: 3/10/2010 10:40:44 PM - Scheduled Checkpoint
RP543: 3/11/2010 7:39:11 PM - Scheduled Checkpoint
RP544: 3/12/2010 6:33:19 PM - Scheduled Checkpoint
RP545: 3/13/2010 7:42:14 AM - Windows Update
RP546: 3/14/2010 10:01:58 AM - Scheduled Checkpoint
RP547: 3/15/2010 7:39:32 AM - Scheduled Checkpoint
RP548: 3/16/2010 9:13:11 PM - Scheduled Checkpoint
RP549: 3/17/2010 7:49:57 PM - Scheduled Checkpoint
RP550: 3/18/2010 4:00:46 AM - Removed Bonjour
RP551: 3/19/2010 3:58:22 AM - Scheduled Checkpoint
RP552: 3/20/2010 12:00:04 AM - Scheduled Checkpoint
RP553: 3/21/2010 11:20:48 AM - Scheduled Checkpoint
RP554: 3/23/2010 9:02:24 AM - Scheduled Checkpoint

==== Installed Programs ======================


??????? 2.2
32 Bit HP CIO Components Installer
Acrobat.com
Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe Acrobat Connect Add-in
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Reader 9
Adobe Shockwave Player
AIO_CDB_ProductContext
AIO_CDB_Software
AIO_Scan
AMRT
Apple Mobile Device Support
Apple Software Update
ArcSoft Software Suite
Bonjour
Browser Defender 2.0.6.11
Browser Highlighter - Firefox
BufferChm
CA Anti-Spam
CA Anti-Virus Plus
CA Backup and Migration
CA Internet Security Suite
CA Parental Controls
CA Personal Firewall
CA Website Inspector
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCTVBox Uninstall
Cessna G1000 Trainer v6.01
Cirrus 5
Copy
CustomerResearchQFolder
Destinations
DeviceManagementQFolder
DNAMigrator
DocProc
DocProcQFolder
Dragon NaturallySpeaking 9
eSupportQFolder
Fax
Garmin USB Drivers
Garmin WebUpdater
Google Chrome
Google Earth
Google Update Helper
Google Updater
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 8.0
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Photosmart Essential
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
HP Product Assistant
HP Solution Center 8.0
HP Update
HPProductAssistant
HPSSupply
iTunes
Java(TM) 6 Update 11
Juniper Networks Setup Client
Juniper Networks Setup Client Activex Control
Logitech Desktop Messenger
MarketResearch
Microsoft .NET Framework 3.5 SP1
Microsoft LifeChat
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Motorola Software Update
Mozilla Firefox (3.6)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Nero Suite
Nikon Message Center
NJStar Communicator
NVIDIA Drivers
Octoshape add-in for Adobe Flash Player
OGA Notifier 2.0.0048.0
Photo Viewer
PHOTOfunSTUDIO HD Edition
PictureProject
Primo
QuickTime
RealPlayer
Registry Easy v5.6
Runtime
Scan
SecondLife (remove only)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Skype web features
Skype™ 4.1
SolutionCenter
Sony Picture Utility
Spyware Doctor 7.0
Status
Toolbox
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebReg
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Live installer
Windows Media Player Firefox Plugin
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
Winkflash Transporter
Yahoo! BrowserPlus
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

3/23/2010 10:46:24 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
3/21/2010 8:46:47 AM, Error: PlugPlayManager [12] - The device 'SONY DVD RW DRU-800A ATA Device' (IDE\CdRomSONY_DVD_RW_DRU-800A____________________KY01____\6&1c288e1c&0&0.0.0) disappeared from the system without first being prepared for removal.
3/21/2010 8:46:47 AM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
3/21/2010 8:46:46 AM, Error: cdrom [15] - The device, \Device\CdRom0, is not ready for access yet.
3/19/2010 8:02:50 AM, Error: EventLog [6008] - The previous system shutdown at 7:49:05 AM on 3/19/2010 was unexpected.
3/19/2010 5:01:51 AM, Error: Service Control Manager [7024] - The KtmRm for Distributed Transaction Coordinator service terminated with service-specific error 2147942405 (0x80070005).
3/19/2010 4:58:13 AM, Error: EventLog [6008] - The previous system shutdown at 4:55:19 AM on 3/19/2010 was unexpected.
3/19/2010 10:08:23 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {5F36DC27-B076-4D0C-BD8C-7AEE14022193} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

==== End Of File ===========================

griiker
2010-04-07, 08:44
This is an additional report

I also tried to run GMer, however, that would crash without completing its analysis.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Justin at 13:23:19.21 on Tue 03/23/2010
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_11
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3582.2660 [GMT -4:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft LifeChat\LifeChat.exe
C:\Program Files\CA\CA Internet Security Suite\casc.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\tbh\base\bin\tbhSystray.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe
C:\Program Files\PMBCore\SPUVolumeWatcher.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\bill103.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\CA\CA Internet Security Suite\ccEvtMgr.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\System32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe -k netsvc6
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\tbh\monitor\bin\tbhMonitor.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\System32\mdmcls32.exe
c:\Program Files\tbh\base\bin\tbhDaemon.exe
C:\Windows\System32\svcprs32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Light\CAGlobalLight.exe
C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Windows\system32\conime.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Justin\Downloads\dds.pif
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: CA Toolbar Helper: {fbf2401b-7447-4727-be5d-c19b2075ca84} - c:\program files\ca\ca internet security suite\ca website inspector\toolbar\CallingIDIE.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: CA Toolbar: {10134636-e7af-4ac5-a1dc-c7c44bb97d81} - c:\program files\ca\ca internet security suite\ca website inspector\toolbar\CallingIDIE.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking9\ereg\ereg.exe" -r "c:\programdata\nuance\naturallyspeaking9\Ereg.ini
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [LifeChat] "c:\program files\microsoft lifechat\LifeChat.exe"
mRun: [cctray] "c:\program files\ca\ca internet security suite\casc.exe"
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [Google Pinyin 2 Autoupdater] "c:\program files\google\google pinyin 2\GooglePinyinDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [tbhSystray] c:\program files\tbh\base\bin\tbhSystray.exe
mRun: [sysfbtray] c:\windows\bill103.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
StartupFolder: c:\users\justin\appdata\roaming\micros~1\windows\startm~1\programs\startup\pictur~1.lnk - c:\program files\volumewatcher\SPUVolumeWatcher.exe
StartupFolder: c:\users\justin\appdata\roaming\micros~1\windows\startm~1\programs\startup\pmbmed~1.lnk - c:\program files\pmbcore\SPUVolumeWatcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\nkbmon~1.lnk - c:\program files\nikon\pictureproject\NkbMonitor.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\photof~1.lnk - c:\program files\panasonic\photofunstudio\PhAutoRun.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\windows\system32\winsflt.dll
LSP: c:\windows\system32\VetRedir.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: PFW - UmxWnp.Dll
AppInit_DLLs: UmxSbxExw.dll
SEH: ShellHook Class: {1869181a-9f50-4fcf-8bff-1b8588ecb85c} - c:\program files\ca\ca internet security suite\ca website inspector\linkadvisor\CIDLinkAdvisor.dll

================= FIREFOX ===================

FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 KmxAMRT;KmxAMRT;c:\windows\system32\drivers\KmxAMRT.sys [2009-8-27 143352]
R0 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2009-8-7 107512]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-3-15 64288]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-2-28 207792]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2009-9-30 78840]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2009-9-2 53240]
R1 KmxFilter;HIPS Core Filter Driver;c:\windows\system32\drivers\KmxFilter.sys [2009-6-25 58360]
R1 o6ko;ML Display Class Docfile Intel;c:\windows\system32\drivers\o6ko.sys [2008-8-30 32768]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-2-28 112592]
R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus plus\isafe.exe [2010-2-28 212992]
R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\ca\ca internet security suite\ccschedulersvc.exe [2009-1-11 206064]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2009-8-14 150520]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2009-9-30 60920]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1228208]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-2-28 359624]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-2-28 1141712]
R2 srvoko6;Security List Class Service Secondary OpcEnum Fonts Control;c:\windows\system32\svchost.exe -k netsvc6 [2008-1-20 21504]
R2 tbhMonitor.exe;The Browser Highlighter Monitor;c:\program files\tbh\monitor\bin\tbhMonitor.exe [2009-10-22 70952]
R2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2009-8-4 887288]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2009-7-13 760664]
R2 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2009-7-27 227832]
R2 WinExtManager;WinSock Extention Manager;c:\windows\system32\mdmcls32.exe [2010-2-28 2339568]
R2 WinSvchostManager;WinSock Svchost Manager;c:\windows\system32\svcprs32.exe [2010-2-28 1377008]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2009-9-30 239608]
S2 gupdate1ca6f0c30d88f70;Google Update Service (gupdate1ca6f0c30d88f70);c:\program files\google\update\GoogleUpdate.exe [2009-11-26 133104]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 KmxAMVet;KmxAMVet;c:\windows\system32\drivers\KmxAMVet.sys [2009-3-27 598656]

=============== Created Last 30 ================

2010-03-21 18:02:36 151 ----a-w- c:\windows\PhotoSnapViewer.INI
2010-03-18 12:18:44 645 ----a-w- c:\windows\Cirrus.INI
2010-03-15 07:28:59 0 d-----w- c:\program files\Trend Micro
2010-03-15 06:31:53 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-03-15 04:07:02 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-03-15 04:05:48 0 dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-03-15 04:05:42 0 d-----w- c:\programdata\Lavasoft
2010-03-15 04:05:42 0 d-----w- c:\program files\Lavasoft
2010-03-15 03:25:23 0 d-----w- c:\programdata\Office Genuine Advantage
2010-03-12 22:46:59 18944 ----a-w- c:\windows\system32\captcha.dll
2010-03-10 09:55:59 42 ----a-w- c:\windows\system32\RegistryEasy.lie
2010-03-10 09:35:46 0 d-----w- c:\program files\Registry Easy
2010-03-07 12:58:56 19456 --sh--r- c:\program files\captcha21.dll
2010-03-07 12:54:40 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-03-05 08:04:14 0 d-----w- c:\users\justin\appdata\roaming\Juniper Networks
2010-03-05 07:47:30 2000880 ----a-w- c:\windows\system32\GooglePinyin2.ime
2010-03-04 13:46:20 69 ----a-w- c:\windows\NeroDigital.ini
2010-03-04 11:31:52 1 ---h--w- c:\windows\bk23567.dat
2010-03-04 11:31:52 1 ----a-w- c:\windows\fdgg34353edfgdfdf
2010-03-04 11:26:21 1 ----a-w- c:\windows\ligh
2010-03-04 11:26:03 67072 ---h--w- c:\windows\bill103.exe
2010-03-01 20:14:46 690960 ----a-w- c:\windows\system32\PerfStringBackup.TMP_001
2010-02-28 21:03:16 0 d-----w- C:\My Music
2010-02-28 12:09:59 882 ----a-w- c:\windows\RegSDImport.xml
2010-02-28 12:09:59 880 ----a-w- c:\windows\RegISSImport.xml
2010-02-28 12:09:59 767952 ----a-w- c:\windows\BDTSupport.dll
2010-02-28 12:09:59 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-02-28 12:09:59 131 ----a-w- c:\windows\IDB.zip
2010-02-28 12:09:59 1152444 ----a-w- c:\windows\UDB.zip
2010-02-28 12:09:58 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-02-28 12:09:58 1640400 ----a-w- c:\windows\PCTBDCore.dll
2010-02-28 12:08:26 98600 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-02-28 12:08:26 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2010-02-28 12:08:26 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-02-28 12:08:20 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-02-28 12:08:20 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2010-02-28 12:08:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-02-28 12:08:19 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-02-28 12:08:14 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-02-28 12:08:14 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-02-28 12:08:09 0 d-----w- c:\users\justin\appdata\roaming\PC Tools
2010-02-28 12:08:09 0 d-----w- c:\programdata\PC Tools
2010-02-28 12:08:09 0 d-----w- c:\program files\Spyware Doctor
2010-02-28 12:08:09 0 d-----w- c:\program files\common files\PC Tools
2010-02-28 12:07:39 0 d---a-w- c:\programdata\TEMP
2010-02-28 11:06:22 0 d-----w- c:\program files\CA-SupportBridge
2010-02-28 11:04:51 0 d-----w- c:\programdata\CA-SupportBridge
2010-02-28 10:49:25 80092 ----a-w- c:\windows\system32\drivers\KmxAgent.asc
2010-02-28 09:49:59 868783 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k0
2010-02-28 09:49:59 81 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k7
2010-02-28 09:49:59 81 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k6
2010-02-28 09:49:59 81 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k5
2010-02-28 09:49:59 81 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k4
2010-02-28 09:49:59 81 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k3
2010-02-28 09:49:59 81 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k2
2010-02-28 09:49:59 10181 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k1
2010-02-27 00:47:41 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-27 00:46:40 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-27 00:46:40 471552 ----a-w- c:\windows\system32\secproc.dll
2010-02-27 00:46:39 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-27 00:46:39 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-27 00:46:39 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-27 00:46:39 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-27 00:46:39 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-27 00:46:39 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-27 00:46:38 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-02-27 00:46:33 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-02-27 00:46:32 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-02-27 00:46:31 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

==================== Find3M ====================

2010-03-23 12:11:08 45 ----a-w- c:\windows\system32\drivers\kmxzone.u2k7
2010-03-23 12:11:08 45 ----a-w- c:\windows\system32\drivers\kmxzone.u2k6
2010-03-23 12:11:08 45 ----a-w- c:\windows\system32\drivers\kmxzone.u2k5
2010-03-23 12:11:08 45 ----a-w- c:\windows\system32\drivers\kmxzone.u2k4
2010-03-23 12:11:08 45 ----a-w- c:\windows\system32\drivers\kmxzone.u2k3
2010-03-23 12:11:08 45 ----a-w- c:\windows\system32\drivers\kmxzone.u2k2
2010-03-23 12:11:08 173 ----a-w- c:\windows\system32\drivers\kmxzone.u2k1
2010-03-23 12:11:08 173 ----a-w- c:\windows\system32\drivers\kmxzone.u2k0
2010-02-28 09:45:27 5845744 ----a-w- c:\windows\system32\win32cpr.dll
2010-02-28 09:45:27 1872624 ----a-w- c:\windows\system32\winsflt.dll
2010-02-24 14:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-17 18:46:48 1053936 ----a-w- c:\windows\system32\cfgmig32.dll
2010-02-15 07:58:54 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-02-15 07:58:54 51200 ----a-w- c:\windows\inf\infpub.dat
2010-02-15 07:58:52 86016 ----a-w- c:\windows\inf\infstor.dat
2010-02-15 07:32:27 81920 ------r- c:\windows\bwUnin-6.1.4.68-8876480L.exe
2009-12-20 12:15:50 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-03-03 23:55:46 12 ----a-w- c:\program files\Version.txt
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 13:25:13.08 ===============

tashi
2010-04-07, 09:35
Hello griiker,

Previous topic: http://forums.spybot.info/showthread.php?t=56304

Due to inactivity, this thread will now be closed.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh. ;)

Please start a new topic here in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22) provide the one log only and a link back to this one. :)

Best regards.