Page 1 of 6 12345 ... LastLast
Results 1 to 10 of 58

Thread: malware infection

  1. #1
    Member sdxn2400134's Avatar
    Join Date
    Apr 2009
    Posts
    34

    Default malware infection

    For a couple of weeks, I have had a bad computer problem. I used Spybot for a week. It would detect and remove various Virtumonde strains, but Virtumonde would always come back. Most often I see virtumonde.prx.

    I also paid about $40 for Ad-Aware Pro. It does not detect virtumonde...however, it did detect and clean TR/crypt.xpack.gen and TR/dropper.gen which it listed as trojans.

    I have made numerous changes to startup using spybot and msconfig. For the last week, I have had problems lauching programs, especially spybot and ad-aware. They will usually appear, then I get a system message which states that a problem has been encountered and the program must close. I can launch these programs in safe mode. Please help me! Thanks. Steve

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:40:03 PM, on 4/2/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\WINDOWS\system32\imapi.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\Program Files\McAfee\VirusScan\McShield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\Common Files\AOL\1118558958\ee\AOLSoftware.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\tlntsvr.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: (no name) - {75a7e2c9-dbbd-4d37-8c0c-86052d585529} - (disabled by BHODemon)
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: (no name) - {97f40295-734e-479f-9efb-6a7e8d9e93b7} - C:\WINDOWS\system32\masutora.dll (disabled by BHODemon)
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1118558958\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKLM\..\Run: [CPMaf5133a0] Rundll32.exe "c:\windows\system32\zezojare.dll",a
    O4 - HKLM\..\RunOnce: [C:\Program Files\Common Files\AOL\1118558958\ee\services\safetyCore\ver210_5_4_1\SSCEvtHdlrPS.dll] regsvr32.exe /s "C:\Program Files\Common Files\AOL\1118558958\ee\services\safetyCore\ver210_5_4_1\SSCEvtHdlrPS.dll"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://download.windowsupdate.com
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
    O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
    O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1...datePortal.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1121835894750
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1208355050890
    O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - https://objects.aol.com/mcafee/molbi...20/McGDMgr.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab
    O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://livewc01.custhelp.com/7520-b.../java/RntX.cab
    O20 - AppInit_DLLs: C:\WINDOWS\system32\wonufeji.dll c:\windows\system32\negoyuhe.dll c:\windows\system32\wupobolo.dll khfduy.dll c:\windows\system32\zezojare.dll
    O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\zezojare.dll (file missing)
    O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\zezojare.dll (file missing)
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Google Update Service (gupdate1c99af84045d9ba) (gupdate1c99af84045d9ba) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

    --
    End of file - 10251 bytes

  2. #2
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hi sdxn2400134

    We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/comb...o-use-combofix

    * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    We need first to disable TeaTimer that it doesn''t interfere with fixes. You can re-enable it when you''re clean again:

    1. Run Spybot-S&D in Advanced Mode.
    2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
    3. On the left hand side, Click on Tools
    4. Then click on the Resident Icon in the List
    5. Uncheck "Resident TeaTimer" and OK any prompts.
    6. Restart your computer.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  3. #3
    Member sdxn2400134's Avatar
    Join Date
    Apr 2009
    Posts
    34

    Default Ran combofix 4-3-09

    I had two problems when I ran combofix: Since I cannot launch McAfee Security Center in normal mode, I launched it in safe mode and disabled all the components I could find. However, when I ran combofix, it complained twice that "virusscan" was running. Each time, I opened taskmanager and shut down every service that began with "mc". Combofix stated that virusscan was still running, but that is would continue anyway.

    The other problem was when combofix tried to connect with the Internet. The "ping" program (I think) encountered a problem and had to close. As a result, I didnt get the windows recovery console.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:50:43 PM, on 4/3/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\WINDOWS\system32\imapi.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\Program Files\McAfee\VirusScan\McShield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\tlntsvr.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\AOL\1118558958\ee\AOLSoftware.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    c:\PROGRA~1\mcafee\msc\mcuimgr.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1118558958\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://download.windowsupdate.com
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
    O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
    O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1...datePortal.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1121835894750
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1208355050890
    O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - https://objects.aol.com/mcafee/molbi...20/McGDMgr.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab
    O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://livewc01.custhelp.com/7520-b.../java/RntX.cab
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Google Update Service (gupdate1c99af84045d9ba) (gupdate1c99af84045d9ba) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

    --
    End of file - 8172 bytes

  4. #4
    Member sdxn2400134's Avatar
    Join Date
    Apr 2009
    Posts
    34

    Default combofix.txt 4-3-09

    Here is the combofix log. Would you like me to run combofix again? Steve

    ComboFix 09-04-01.01 - Steve 2009-04-03 13:28:49.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.583 [GMT -7:00]
    Running from: c:\documents and settings\Steve\Desktop\ComboFix.exe
    AV: McAfee VirusScan *On-access scanning enabled* (Updated)
    FW: McAfee Personal Firewall *enabled*

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Application Data\CrucialSoft Ltd
    c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090222175236703.log
    c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090223144719640.log
    c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090223161435484.log
    c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090223195039531.log
    c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090224160626250.log
    c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090224201311781.log
    c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090225152655796.log
    c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090225202748140.log
    c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090226165159875.log
    c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090226193642546.log
    c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090227161134781.log
    c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090227180605031.log
    c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090227193952109.log
    c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090228151845250.log
    c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090228194957171.log
    c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090303150337828.log
    c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090304141335953.log
    c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090304202403187.log
    c:\windows\ekekotad.dll
    c:\windows\system32\bszip.dll
    c:\windows\system32\Cache
    c:\windows\system32\dumphive.exe
    c:\windows\system32\mufovedi.dll
    c:\windows\system32\pattwk.dll
    c:\windows\system32\selulisa.dll
    c:\windows\system32\SrchSTS.exe
    c:\windows\system32\tmp.reg

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_IPRIP


    ((((((((((((((((((((((((( Files Created from 2009-03-03 to 2009-04-03 )))))))))))))))))))))))))))))))
    .

    2009-04-02 13:39 . 2009-04-02 13:39 <DIR> d-------- c:\program files\Trend Micro
    2009-04-02 13:29 . 2009-04-02 13:29 <DIR> d-------- c:\program files\ERUNT
    2009-03-30 23:45 . 2009-03-30 23:45 <DIR> d--hs---- c:\documents and settings\Administrator\PrivacIE
    2009-03-30 23:42 . 2009-03-30 23:42 <DIR> d--hs---- c:\documents and settings\Administrator\IETldCache
    2009-03-30 02:46 . 2009-03-30 02:46 <DIR> d-------- c:\documents and settings\jasmine\Application Data\Symantec
    2009-03-30 02:46 . 2009-03-30 02:46 <DIR> d-------- c:\documents and settings\jasmine\Application Data\Logitech
    2009-03-30 02:46 . 2009-03-30 02:46 <DIR> d-------- c:\documents and settings\jasmine\Application Data\Jasc Software Inc
    2009-03-30 00:38 . 2009-03-30 00:38 <DIR> d--h----- c:\documents and settings\jasmine\Application Data\GTek
    2009-03-30 00:38 . 2009-03-30 00:38 <DIR> d-------- c:\documents and settings\jasmine\Application Data\5400 Series
    2009-03-30 00:34 . 2009-03-30 00:34 <DIR> d--hs---- c:\documents and settings\jasmine\IETldCache
    2009-03-30 00:31 . 2005-06-06 07:04 <DIR> d-------- c:\documents and settings\jasmine\Application Data\Creative
    2009-03-30 00:31 . 2009-03-30 23:03 <DIR> d-------- c:\documents and settings\jasmine
    2009-03-29 21:13 . 2009-03-29 21:13 <DIR> d--hs---- c:\documents and settings\LocalService\IETldCache
    2009-03-29 17:52 . 2009-03-29 17:52 <DIR> d--hs---- c:\documents and settings\Patty\PrivacIE
    2009-03-29 17:52 . 2009-03-29 17:52 <DIR> d--hs---- c:\documents and settings\Patty\IECompatCache
    2009-03-29 12:32 . 2009-03-29 12:32 <DIR> d--hs---- c:\documents and settings\Patty\IETldCache
    2009-03-29 11:38 . 2009-03-28 23:58 15,688 --a------ c:\windows\system32\lsdelete.exe
    2009-03-29 02:16 . 2009-03-29 02:16 <DIR> d--hs---- c:\documents and settings\NetworkService\IETldCache
    2009-03-28 23:52 . 2009-03-28 23:52 <DIR> d--hs---- c:\documents and settings\Steve\IECompatCache
    2009-03-28 23:49 . 2009-03-30 02:46 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
    2009-03-28 22:31 . 2009-03-28 22:31 <DIR> d--hs---- c:\documents and settings\Steve\PrivacIE
    2009-03-28 21:25 . 2009-03-28 21:25 <DIR> d--hs---- c:\windows\system32\config\systemprofile\IETldCache
    2009-03-28 17:18 . 2009-03-28 17:18 <DIR> d--hs---- c:\documents and settings\Steve\IETldCache
    2009-03-28 16:36 . 2009-03-30 01:44 <DIR> d--h-c--- c:\windows\ie8
    2009-03-26 14:39 . 2009-03-26 14:39 40,448 --a------ C:\dmsiacq.exe
    2009-03-26 14:39 . 2009-03-26 14:39 31,744 --a------ C:\rojpcck.exe
    2009-03-25 13:20 . 2009-03-25 13:20 <DIR> d-------- c:\program files\Common Files\Adobe AIR
    2009-03-25 13:09 . 2009-03-25 13:09 <DIR> d-------- c:\documents and settings\Steve\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    2009-03-24 01:28 . 2009-03-29 23:59 <DIR> d-------- c:\program files\Lavasoft
    2009-03-24 01:28 . 2009-03-29 23:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
    2009-03-22 03:29 . 2009-03-24 01:28 <DIR> d-------- c:\program files\Spybot - Search & Destroy
    2009-03-22 03:29 . 2009-03-24 01:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-03-21 15:02 . 2009-03-24 01:25 <DIR> d-------- c:\documents and settings\Patty\Application Data\Winamp
    2009-03-21 13:31 . 2009-03-24 01:29 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\~0
    2009-03-08 14:22 . 2009-03-08 14:22 49,152 --------- c:\windows\system32\msrating.dll.mui
    2009-03-08 14:22 . 2009-03-08 14:22 2,560 --------- c:\windows\system32\mshta.exe.mui
    2009-03-08 14:21 . 2009-03-08 14:21 4,096 --------- c:\windows\system32\ie4uinit.exe.mui
    2009-03-08 14:20 . 2009-03-08 14:20 81,920 --------- c:\windows\system32\iedkcs32.dll.mui
    2009-03-08 04:33 . 2009-03-08 04:33 18,944 --------- c:\windows\system32\dllcache\corpol.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-03-30 00:47 --------- d-----w c:\program files\Lx_cats
    2009-03-24 04:22 --------- d-----w c:\documents and settings\Mikey\Application Data\LimeWire
    2009-03-02 05:36 --------- d-----w c:\program files\Google
    2009-02-23 01:59 --------- d-----w c:\documents and settings\Patty\Application Data\AOL
    2009-02-14 05:30 --------- d-----w c:\documents and settings\Patty\Application Data\Viewpoint
    2009-02-11 21:01 --------- d--h--w c:\documents and settings\Patty\Application Data\GTek
    2009-02-11 20:58 --------- d-----w c:\documents and settings\Patty\Application Data\Logitech
    2009-02-11 20:58 --------- d-----w c:\documents and settings\Patty\Application Data\5400 Series
    2009-02-10 23:16 --------- d-----w c:\documents and settings\Mikey\Application Data\5400 Series
    2008-09-13 13:19 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008091320080914\index.dat
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HostManager"="c:\program files\Common Files\AOL\1118558958\ee\AOLSoftware.exe" [2008-06-24 41824]
    "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-04-28 53248]
    "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-04 582992]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
    "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-28 515416]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-07-27 221184]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2003-07-15 34880]

    c:\documents and settings\Mikey\Start Menu\Programs\Startup\
    LimeWire On Startup.lnk.disabled [2008-11-29 1587]

    c:\documents and settings\Patty\Start Menu\Programs\Startup\
    LimeWire On Startup.lnk.disabled [2009-02-23 1587]

    c:\documents and settings\Steve\Start Menu\Programs\Startup\
    ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-04-16 805392]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2008-05-02 02:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.lsvx"= c:\windows\system32\lsvxdec.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^dlbcserv.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\dlbcserv.lnk
    backup=c:\windows\pss\dlbcserv.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
    backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Steve^Start Menu^Programs^Startup^BOINC Manager.lnk]
    path=c:\documents and settings\Steve\Start Menu\Programs\Startup\BOINC Manager.lnk
    backup=c:\windows\pss\BOINC Manager.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
    c:\windows\system32\dumprep 0 -u [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    --a------ 2007-03-09 11:09 63712 c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
    -ra------ 2006-10-23 05:50 71216 c:\program files\Common Files\AOL\ACS\AOLDial.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
    --a------ 2005-05-31 05:33 122941 c:\windows\system32\dla\tfswctrl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
    --a------ 2007-03-19 05:58 82864 c:\program files\Lexmark 5400 Series\ezprint.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    --a------ 2005-09-20 09:32 77824 c:\windows\system32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
    --a------ 2005-09-20 09:32 77824 c:\windows\system32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
    --a------ 2005-09-20 09:36 114688 c:\windows\system32\igfxpers.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    --a------ 2005-09-20 09:35 94208 c:\windows\system32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    --a------ 2004-07-27 14:50 221184 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 1200 Series]
    --a------ 2006-07-12 22:22 57344 c:\program files\Lexmark 1200 Series\lxczbmgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
    --a------ 2005-03-12 07:25 11776 c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    --a------ 2006-01-10 20:58 7286784 c:\windows\system32\nvcpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    --a------ 2006-01-10 20:58 86016 c:\windows\system32\nvmctray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-01-31 23:13 385024 c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2005-06-03 03:52 36975 c:\program files\Java\jre1.5.0_04\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
    --------- 2000-05-10 23:00 90112 c:\windows\Updreg.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    --a------ 2006-01-10 20:58 1519616 c:\windows\system32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
    --a------ 2004-06-10 14:51 60928 c:\windows\system32\P17.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "NVSvc"=2 (0x2)
    "lxct_device"=2 (0x2)
    "ITMRTSVC"=2 (0x2)
    "DSBrokerService"=3 (0x3)
    "IDriverT"=3 (0x3)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "updateMgr"=c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    "CTSysVol"=c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
    "AOLDialer"=c:\program files\Common Files\AOL\ACS\AOLDial.exe
    "NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    "NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    "nwiz"=nwiz.exe /install
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
    "WinampAgent"="c:\program files\Winamp\winampa.exe"
    "Lexmark 5400 Series Fax Server"="c:\program files\Lexmark 5400 Series\fm3032.exe" /s
    "lxctmon.exe"="c:\program files\Lexmark 5400 Series\lxctmon.exe"
    "LXCTCATS"=rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
    "MSConfig"=c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    "Wladasudevibebax"=rundll32.exe "c:\windows\ekekotad.dll",e
    "gcasServ"="c:\program files\Microsoft AntiSpyware\gcasServ.exe"
    "VirusScan Online"="c:\progra~1\mcafee.com\vso\mcvsshld.exe"
    "VSOCheckTask"="c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" -hide

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\Common Files\\AOL\\1118558958\\EE\\AOLServiceHost.exe"=
    "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
    "c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "c:\\StubInstaller.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Common Files\\AOL\\1118558958\\EE\\aolsoftware.exe"=
    "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
    "c:\\Program Files\\AOL 9.0\\waol.exe"=
    "c:\\WINDOWS\\system32\\lxctcoms.exe"=
    "c:\\Program Files\\AOL 9.1\\waol.exe"=
    "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
    "c:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe"=
    "c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=
    "c:\\Program Files\\Creative\\Sound Blaster Live! 24-bit\\Surround Mixer\\CTSysVol.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
    "3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
    "3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
    "135:TCP"= 135:TCP:TCP Port 135
    "5000:TCP"= 5000:TCP:TCP Port 5000
    "5001:TCP"= 5001:TCP:TCP Port 5001
    "5002:TCP"= 5002:TCP:TCP Port 5002
    "5003:TCP"= 5003:TCP:TCP Port 5003
    "5004:TCP"= 5004:TCP:TCP Port 5004
    "5005:TCP"= 5005:TCP:TCP Port 5005
    "5006:TCP"= 5006:TCP:TCP Port 5006
    "5007:TCP"= 5007:TCP:TCP Port 5007
    "5008:TCP"= 5008:TCP:TCP Port 5008
    "5009:TCP"= 5009:TCP:TCP Port 5009
    "5010:TCP"= 5010:TCP:TCP Port 5010
    "5011:TCP"= 5011:TCP:TCP Port 5011
    "5012:TCP"= 5012:TCP:TCP Port 5012
    "5013:TCP"= 5013:TCP:TCP Port 5013
    "5014:TCP"= 5014:TCP:TCP Port 5014
    "5015:TCP"= 5015:TCP:TCP Port 5015
    "5016:TCP"= 5016:TCP:TCP Port 5016
    "5017:TCP"= 5017:TCP:TCP Port 5017
    "5018:TCP"= 5018:TCP:TCP Port 5018
    "5019:TCP"= 5019:TCP:TCP Port 5019
    "5020:TCP"= 5020:TCP:TCP Port 5020
    "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
    "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
    "500:UDP"= 500:UDP:@xpsp2res.dll,-22017

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)

    R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
    S2 gupdate1c99af84045d9ba;Google Update Service (gupdate1c99af84045d9ba);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-01 133104]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 951632]
    S2 PDRJNDL;PDRJNDL;\??\g:\data\WORK\VitaGen\Vgen Docs\Dek\PDL\PDRJNDL.SYS --> g:\data\WORK\VitaGen\Vgen Docs\Dek\PDL\PDRJNDL.SYS [?]

    --- Other Services/Drivers In Memory ---

    *Deregistered* - sfc

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
    \Shell\AutoRun\command - E:\start.exe welcome.dbd

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    .
    Contents of the 'Scheduled Tasks' folder

    2009-03-29 c:\windows\Tasks\Ad-Aware Update (Daily).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-28 23:56]

    2009-04-03 c:\windows\Tasks\GoogleUpdateTaskMachine.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-01 22:31]

    2009-03-15 c:\windows\Tasks\McDefragTask.job
    - c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

    2009-03-01 c:\windows\Tasks\McQcTask.job
    - c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

    2009-04-03 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

    2009-04-03 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
    - c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2009-01-26 15:31]
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{75a7e2c9-dbbd-4d37-8c0c-86052d585529} - __BHODemonDisabled
    BHO-{97f40295-734e-479f-9efb-6a7e8d9e93b7} - c:\windows\system32\masutora.dll__BHODemonDisabled
    MSConfigStartUp-AIM - c:\program files\AIM\aim.exe
    MSConfigStartUp-BearShare - c:\program files\BearShare\BearShare.exe
    MSConfigStartUp-BJCFD - c:\program files\BroadJump\Client Foundation\CFD.exe
    MSConfigStartUp-Cfawakenupiyep - c:\windows\Xwedupujaxakuqe.dll
    MSConfigStartUp-CPMaf5133a0 - c:\windows\system32\zezojare.dll
    MSConfigStartUp-DellSupport - c:\program files\Dell Support\DSAgnt.exe
    MSConfigStartUp-Diagnostic Manager - c:\docume~1\Steve\LOCALS~1\Temp\1067090350.exe
    MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
    MSConfigStartUp-LWBMOUSE - c:\program files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
    MSConfigStartUp-MPFExe - c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe
    MSConfigStartUp-Pure Networks Port Magic - c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe
    MSConfigStartUp-RealTray - c:\program files\Real\RealPlayer\RealPlay.exe
    MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
    MSConfigStartUp-WhenUSave - c:\program files\Save\Save.exe
    MSConfigStartUp-Windows Resurections - c:\windows\TEMP\fvia1.exe


    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    Trusted Zone: microsoft.com\*.windowsupdate
    Trusted Zone: microsoft.com\download.windowsupdate
    Trusted Zone: microsoft.com\update
    Trusted Zone: windowsupdate.com\download
    Trusted Zone: musicmatch.com\online
    FF - ProfilePath - c:\documents and settings\Steve\Application Data\Mozilla\Firefox\Profiles\wkhqaxag.default\
    FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
    FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava11.dll
    FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava12.dll
    FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava13.dll
    FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava14.dll
    FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava32.dll
    FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJPI150_04.dll
    FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPOJI610.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    .

    **************************************************************************

    catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-04-03 13:55:02
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(828)
    c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
    c:\program files\common files\logitech\bluetooth\LBTServ.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\msdtc.exe
    c:\program files\Common Files\AOL\ACS\AOLacsd.exe
    c:\windows\system32\CTSVCCDA.EXE
    c:\windows\system32\inetsrv\inetinfo.exe
    c:\windows\system32\imapi.exe
    c:\windows\system32\tcpsvcs.exe
    c:\program files\McAfee\MPF\MpfSrv.exe
    c:\program files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    c:\windows\system32\locator.exe
    c:\windows\system32\snmp.exe
    c:\windows\system32\tlntsvr.exe
    c:\windows\system32\fxssvc.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    .
    **************************************************************************
    .
    Completion time: 2009-04-03 14:02:41 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-04-03 21:02:08

    Pre-Run: 36,419,039,232 bytes free
    Post-Run: 37,943,160,832 bytes free

    372 --- E O F --- 2009-04-03 03:32:19

  5. #5
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Before that we continue with this:

    To access the Uninstall Manager you would do the following:

    1. Start HijackThis
    2. Click on the Config button
    3. Click on the Misc Tools button
    4. Click on the Open Uninstall Manager button.

    You will now be presented with a screen similar to the one below:



    5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  6. #6
    Member sdxn2400134's Avatar
    Join Date
    Apr 2009
    Posts
    34

    Default uninstall list 4-5-09

    Since the one time I ran combofix, I am no longer having problems with opening programs and I no longer see system messages saying that some program has encountered a problem and has to close.

    Here is the list you asked for:

    ABBYY FineReader 5.0 Sprint
    ABBYY FineReader 6.0 Sprint
    Acrobat.com
    Ad-Aware
    Ad-Aware
    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
    Adobe AIR
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Reader 8.1.2
    Adobe Shockwave Player
    Adobe® Photoshop® Album Starter Edition 3.2
    AOL Coach Version 2.0(Build:20041026.5 en)
    AOL Uninstaller (Choose which Products to Remove)
    AOLIcon
    AVG Anti-Rootkit Free
    Broadband Internet Router
    BroadJump Client Foundation
    CA Pest Patrol Realtime Protection
    CDDRV_Installer
    Compatibility Pack for the 2007 Office system
    Critical Update for Windows Media Player 11 (KB959772)
    Dell Digital Jukebox Driver
    Dell Driver Reset Tool
    Dell Media Experience
    DellSupport
    DivX Codec
    DivX Converter
    DivX Player
    DivX Web Player
    Download Updater (AOL LLC)
    DTCLookup
    ERUNT 1.1j
    eViewStream
    FaxTools
    Google Earth
    Google Update Helper
    HijackThis 2.0.2
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB952287)
    Image Analyzer
    Intel(R) 537EP V9x DF PCI Modem
    Intel(R) Extreme Graphics 2 Driver
    Intel(R) PRO Network Adapters and Drivers
    Intel(R) PROSet for Wired Connections
    Internet Explorer Default Page
    iPod Updater 2004-08-06
    IrfanView (remove only)
    J2SE Runtime Environment 5.0 Update 2
    J2SE Runtime Environment 5.0 Update 4
    Jasc Paint Shop Pro Studio, Dell Editon
    Jasc Paint Shop Pro Studio.01 , Dell Edition 1.0.1.1 Patch
    Java 2 Runtime Environment, SE v1.4.1_02
    Java 2 Runtime Environment, SE v1.4.2_03
    Java Web Start
    KhalInstallWrapper
    Learn2 Player (Uninstall Only)
    Lexmark 5400 Series
    Lexmark Toolbar
    LimeWire 4.18.8
    Logitech SetPoint
    Macromedia Flash Player
    McAfee SecurityCenter
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2000 Disc 2
    Microsoft Office 2000 Professional
    Microsoft Plus! Digital Media Edition Installer
    Microsoft Plus! Photo Story 2 LE
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 Redistributable
    Mozilla Firefox (3.0.8)
    MP3 CD Converter 4.02
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    Musicmatch® Jukebox
    NVIDIA Drivers
    oggcodecs 0.69.8924
    PearsonVUE Tutorial and Practice Exam
    PowerDVD 5.6
    QuickBooks Simple Start Special Edition
    QuickTime
    RCA Memory Manager™ 2.1.0.210
    Security Update for CAPICOM (KB931906)
    Security Update for CAPICOM (KB931906)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Media Encoder (KB954156)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953155)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Sonic DLA
    Sonic RecordNow Audio
    Sonic RecordNow Copy
    Sonic RecordNow Data
    Sonic Update Manager
    Sound Blaster Live! 24-bit
    Spybot - Search & Destroy
    System Requirements Lab
    TeamSpeak 2 RC2
    Time Zone Data Update Tool for Microsoft Office Outlook
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Ventrilo Client
    Viewpoint Media Player
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    Winamp
    Windows Defender
    Windows Defender Signatures
    Windows Genuine Advantage v1.3.0254.0
    Windows Internet Explorer 8
    Windows Media Encoder 9 Series
    Windows Media Encoder 9 Series
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Player 10
    Windows Media Player 11
    Windows Media Player 11
    Windows XP Service Pack 3
    WinRAR archiver
    World of Warcraft
    Xvid Codec 1.1.3

  7. #7
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

    LimeWire 4.18.8

    I'd like you to read the this thread.

    Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

    Please run a new uninstall list scan when finished and post the log back here.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  8. #8
    Member sdxn2400134's Avatar
    Join Date
    Apr 2009
    Posts
    34

    Default new uninstall list 4-5-09

    ABBYY FineReader 5.0 Sprint
    ABBYY FineReader 6.0 Sprint
    Acrobat.com
    Ad-Aware
    Ad-Aware
    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
    Adobe AIR
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 8.1.2
    Adobe Shockwave Player
    Adobe® Photoshop® Album Starter Edition 3.2
    AOL Coach Version 2.0(Build:20041026.5 en)
    AOL Uninstaller (Choose which Products to Remove)
    AOLIcon
    AVG Anti-Rootkit Free
    Broadband Internet Router
    BroadJump Client Foundation
    CA Pest Patrol Realtime Protection
    CDDRV_Installer
    Compatibility Pack for the 2007 Office system
    Critical Update for Windows Media Player 11 (KB959772)
    Dell Digital Jukebox Driver
    Dell Driver Reset Tool
    Dell Media Experience
    DellSupport
    DivX Codec
    DivX Converter
    DivX Player
    DivX Web Player
    Download Updater (AOL LLC)
    DTCLookup
    ERUNT 1.1j
    eViewStream
    FaxTools
    Google Earth
    Google Update Helper
    HijackThis 2.0.2
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB952287)
    Image Analyzer
    Intel(R) 537EP V9x DF PCI Modem
    Intel(R) Extreme Graphics 2 Driver
    Intel(R) PRO Network Adapters and Drivers
    Intel(R) PROSet for Wired Connections
    Internet Explorer Default Page
    iPod Updater 2004-08-06
    IrfanView (remove only)
    J2SE Runtime Environment 5.0 Update 2
    J2SE Runtime Environment 5.0 Update 4
    Jasc Paint Shop Pro Studio, Dell Editon
    Jasc Paint Shop Pro Studio.01 , Dell Edition 1.0.1.1 Patch
    Java 2 Runtime Environment, SE v1.4.1_02
    Java 2 Runtime Environment, SE v1.4.2_03
    Java Web Start
    KhalInstallWrapper
    Learn2 Player (Uninstall Only)
    Lexmark 5400 Series
    Lexmark Toolbar
    Logitech SetPoint
    Macromedia Flash Player
    McAfee SecurityCenter
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2000 Disc 2
    Microsoft Office 2000 Professional
    Microsoft Plus! Digital Media Edition Installer
    Microsoft Plus! Photo Story 2 LE
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 Redistributable
    Mozilla Firefox (3.0.8)
    MP3 CD Converter 4.02
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    Musicmatch® Jukebox
    NVIDIA Drivers
    oggcodecs 0.69.8924
    PearsonVUE Tutorial and Practice Exam
    PowerDVD 5.6
    QuickBooks Simple Start Special Edition
    QuickTime
    RCA Memory Manager™ 2.1.0.210
    Security Update for CAPICOM (KB931906)
    Security Update for CAPICOM (KB931906)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Media Encoder (KB954156)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953155)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Sonic DLA
    Sonic RecordNow Audio
    Sonic RecordNow Copy
    Sonic RecordNow Data
    Sonic Update Manager
    Sound Blaster Live! 24-bit
    Spybot - Search & Destroy
    System Requirements Lab
    TeamSpeak 2 RC2
    Time Zone Data Update Tool for Microsoft Office Outlook
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Ventrilo Client
    Viewpoint Media Player
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    Winamp
    Windows Defender
    Windows Defender Signatures
    Windows Genuine Advantage v1.3.0254.0
    Windows Internet Explorer 8
    Windows Media Encoder 9 Series
    Windows Media Encoder 9 Series
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Player 10
    Windows Media Player 11
    Windows Media Player 11
    Windows XP Service Pack 3
    WinRAR archiver
    World of Warcraft
    Xvid Codec 1.1.3

  9. #9
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Open notepad and copy/paste the text in the codebox below into it:

    Code:
    File::
    C:\dmsiacq.exe
    C:\rojpcck.exe
    c:\StubInstaller.exe
    
    Folder::
    c:\documents and settings\Mikey\Application Data\LimeWire
    c:\Program Files\LimeWire
    c:\Program Files\eMule
    
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Wladasudevibebax"=-
    
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=-
    "c:\\Program Files\\eMule\\emule.exe"=-
    "c:\\StubInstaller.exe"=-
    Save this as "CFScript"

    Then drag the CFScript into ComboFix.exe as you see in the screenshot below.



    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

    Combofix should never take more that 20 minutes including the reboot if malware is detected.
    If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  10. #10
    Member sdxn2400134's Avatar
    Join Date
    Apr 2009
    Posts
    34

    Default combofix.txt 4-5-09

    Greetings! ComboFix updated to a newer version, then restarted.

    The Windows Recovery Console was also downloaded and installed.

    Here is the new ComboFix file:


    ComboFix 09-04-04.01 - Steve 2009-04-05 13:18:35.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.600 [GMT -7:00]
    Running from: c:\documents and settings\Steve\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Steve\Desktop\CFScript.txt
    AV: McAfee VirusScan *On-access scanning disabled* (Updated)
    FW: McAfee Personal Firewall *disabled*

    FILE ::
    C:\dmsiacq.exe
    C:\rojpcck.exe
    c:\StubInstaller.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Mikey\Application Data\LimeWire
    c:\documents and settings\Mikey\Application Data\LimeWire\certificate\limewire.keystore
    c:\documents and settings\Mikey\Application Data\LimeWire\createtimes.cache
    c:\documents and settings\Mikey\Application Data\LimeWire\downloads.dat
    c:\documents and settings\Mikey\Application Data\LimeWire\fileurns.bak
    c:\documents and settings\Mikey\Application Data\LimeWire\fileurns.cache
    c:\documents and settings\Mikey\Application Data\LimeWire\filters.props
    c:\documents and settings\Mikey\Application Data\LimeWire\gnutella.net
    c:\documents and settings\Mikey\Application Data\LimeWire\installation.props
    c:\documents and settings\Mikey\Application Data\LimeWire\library.dat
    c:\documents and settings\Mikey\Application Data\LimeWire\limewire.props
    c:\documents and settings\Mikey\Application Data\LimeWire\mojito.props
    c:\documents and settings\Mikey\Application Data\LimeWire\promotion\promodb.backup
    c:\documents and settings\Mikey\Application Data\LimeWire\promotion\promodb.data
    c:\documents and settings\Mikey\Application Data\LimeWire\promotion\promodb.properties
    c:\documents and settings\Mikey\Application Data\LimeWire\promotion\promodb.script
    c:\documents and settings\Mikey\Application Data\LimeWire\questions.props
    c:\documents and settings\Mikey\Application Data\LimeWire\responses.cache
    c:\documents and settings\Mikey\Application Data\LimeWire\simpp.xml
    c:\documents and settings\Mikey\Application Data\LimeWire\spam.dat
    c:\documents and settings\Mikey\Application Data\LimeWire\tables.props
    c:\documents and settings\Mikey\Application Data\LimeWire\themes\windows_theme.lwtp
    c:\documents and settings\Mikey\Application Data\LimeWire\themes\windows_theme\01_star.gif
    c:\documents and settings\Mikey\Application Data\LimeWire\themes\windows_theme\02_star.gif
    c:\documents and settings\Mikey\Application Data\LimeWire\themes\windows_theme\03_star.gif
    c:\documents and settings\Mikey\Application Data\LimeWire\themes\windows_theme\04_star.gif
    c:\documents and settings\Mikey\Application Data\LimeWire\themes\windows_theme\05_star.gif
    c:\documents and settings\Mikey\Application Data\LimeWire\themes\windows_theme\chat.gif
    c:\documents and settings\Mikey\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
    c:\documents and settings\Mikey\Application Data\LimeWire\themes\windows_theme\forward_up.gif
    c:\documents and settings\Mikey\Application Data\LimeWire\themes\windows_theme\kill.gif
    c:\documents and settings\Mikey\Application Data\LimeWire\themes\windows_theme\kill_on.gif
    c:\documents and settings\Mikey\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
    c:\documents and settings\Mikey\Application Data\LimeWire\themes\windows_theme\pause_up.gif
    c:\documents and settings\Mikey\Application Data\LimeWire\themes\windows_theme\play_dn.gif
    c:\documents and settings\Mikey\Application Data\LimeWire\themes\windows_theme\play_up.gif
    c:\documents and settings\Mikey\Application Data\LimeWire\themes\windows_theme\question.gif
    c:\documents and settings\Mikey\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
    c:\documents and settings\Mikey\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
    c:\documents and settings\Mikey\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
    c:\documents and settings\Mikey\Application Data\LimeWire\themes\windows_theme\stop_up.gif
    c:\documents and settings\Mikey\Application Data\LimeWire\themes\windows_theme\theme.txt
    c:\documents and settings\Mikey\Application Data\LimeWire\themes\windows_theme\version.txt
    c:\documents and settings\Mikey\Application Data\LimeWire\themes\windows_theme\warning.gif
    c:\documents and settings\Mikey\Application Data\LimeWire\ttrees.cache
    c:\documents and settings\Mikey\Application Data\LimeWire\ttroot.cache
    c:\documents and settings\Mikey\Application Data\LimeWire\version.xml
    c:\documents and settings\Mikey\Application Data\LimeWire\versions.props
    c:\documents and settings\Mikey\Application Data\LimeWire\xml\data\audio.sxml2
    c:\documents and settings\Mikey\Application Data\LimeWire\xml\data\video.sxml2
    c:\program files\eMule
    c:\program files\eMule\config\cancelled.met
    c:\program files\eMule\config\clients.met
    c:\program files\eMule\config\emfriends.met
    c:\program files\eMule\config\known.met
    c:\program files\eMule\config\known2.met
    c:\program files\eMule\config\known2_64.met
    c:\program files\eMule\config\preferences.ini
    c:\program files\eMule\config\server_met.old
    c:\program files\eMule\config\statistics.ini
    c:\program files\eMule\EMULE.EXE
    c:\program files\eMule\eMule.tmpl
    c:\program files\eMule\eMule_Chicane.tmpl
    c:\program files\eMule\Incoming\The Beatles - Let It Be.mp3
    c:\program files\eMule\Temp\001.part
    c:\program files\eMule\Temp\001.part.met
    c:\program files\eMule\Temp\001.part.met.bak
    c:\program files\eMule\Temp\002.part
    c:\program files\eMule\Temp\002.part.met
    c:\program files\eMule\Temp\002.part.met.bak
    c:\program files\eMule\Temp\003.part
    c:\program files\eMule\Temp\003.part.met
    c:\program files\eMule\Temp\003.part.met.bak
    c:\program files\eMule\Temp\004.part.met
    c:\program files\eMule\Temp\004.part.met.bak
    c:\program files\eMule\Temp\005.part
    c:\program files\eMule\Temp\005.part.met
    c:\program files\eMule\Temp\005.part.met.bak
    c:\program files\eMule\Temp\006.part.met
    c:\program files\eMule\Temp\006.part.met.bak
    c:\program files\eMule\Temp\007.part
    c:\program files\eMule\Temp\007.part.met
    c:\program files\eMule\Temp\007.part.met.bak
    c:\program files\eMule\Temp\008.part
    c:\program files\eMule\Temp\008.part.met
    c:\program files\eMule\Temp\008.part.met.bak
    c:\program files\eMule\Temp\009.part
    c:\program files\eMule\Temp\009.part.met
    c:\program files\eMule\Temp\009.part.met.bak
    c:\program files\eMule\Temp\010.part
    c:\program files\eMule\Temp\010.part.met
    c:\program files\eMule\Temp\010.part.met.bak
    c:\program files\eMule\Temp\011.part.met
    c:\program files\eMule\Temp\011.part.met.bak
    c:\program files\eMule\Temp\012.part.met
    c:\program files\eMule\Temp\012.part.met.bak
    c:\program files\eMule\Temp\013.part
    c:\program files\eMule\Temp\013.part.met
    c:\program files\eMule\Temp\013.part.met.bak
    c:\program files\eMule\Temp\014.part
    c:\program files\eMule\Temp\014.part.met
    c:\program files\eMule\Temp\014.part.met.bak
    c:\program files\eMule\Temp\015.part.met
    c:\program files\eMule\Temp\015.part.met.bak
    c:\program files\eMule\Temp\016.part
    c:\program files\eMule\Temp\016.part.met
    c:\program files\eMule\Temp\016.part.met.bak
    c:\program files\eMule\Temp\018.part.met
    c:\program files\eMule\Temp\018.part.met.bak
    c:\program files\eMule\Temp\019.part
    c:\program files\eMule\Temp\019.part.met
    c:\program files\eMule\Temp\019.part.met.bak
    c:\program files\eMule\Temp\020.part
    c:\program files\eMule\Temp\020.part.met
    c:\program files\eMule\Temp\020.part.met.bak
    c:\program files\eMule\Temp\021.part
    c:\program files\eMule\Temp\021.part.met
    c:\program files\eMule\Temp\021.part.met.bak
    c:\program files\eMule\Temp\022.part.met
    c:\program files\eMule\Temp\022.part.met.bak
    c:\program files\eMule\Temp\023.part
    c:\program files\eMule\Temp\023.part.met
    c:\program files\eMule\Temp\023.part.met.bak
    c:\program files\eMule\Temp\024.part.met
    c:\program files\eMule\Temp\024.part.met.bak
    c:\program files\eMule\Temp\025.part
    c:\program files\eMule\Temp\025.part.met
    c:\program files\eMule\Temp\025.part.met.bak
    c:\program files\eMule\Temp\026.part.met
    c:\program files\eMule\Temp\026.part.met.bak
    c:\program files\eMule\Temp\027.part.met
    c:\program files\eMule\Temp\027.part.met.bak
    c:\program files\eMule\Temp\028.part.met
    c:\program files\eMule\Temp\028.part.met.bak
    c:\program files\eMule\Temp\029.part
    c:\program files\eMule\Temp\029.part.met
    c:\program files\eMule\Temp\029.part.met.bak
    c:\program files\eMule\Temp\030.part.met
    c:\program files\eMule\Temp\030.part.met.bak
    c:\program files\eMule\Temp\031.part
    c:\program files\eMule\Temp\031.part.met
    c:\program files\eMule\Temp\031.part.met.bak
    c:\program files\eMule\Temp\032.part
    c:\program files\eMule\Temp\032.part.met
    c:\program files\eMule\Temp\032.part.met.bak
    c:\program files\eMule\Temp\033.part
    c:\program files\eMule\Temp\033.part.met
    c:\program files\eMule\Temp\033.part.met.bak
    c:\program files\eMule\Temp\034.part
    c:\program files\eMule\Temp\034.part.met
    c:\program files\eMule\Temp\034.part.met.bak
    c:\program files\eMule\Temp\035.part
    c:\program files\eMule\Temp\035.part.met
    c:\program files\eMule\Temp\035.part.met.bak
    c:\program files\eMule\Temp\036.part
    c:\program files\eMule\Temp\036.part.met
    c:\program files\eMule\Temp\036.part.met.bak
    c:\program files\eMule\Temp\037.part
    c:\program files\eMule\Temp\037.part.met
    c:\program files\eMule\Temp\037.part.met.bak
    c:\program files\eMule\Temp\038.part
    c:\program files\eMule\Temp\038.part.met
    c:\program files\eMule\Temp\038.part.met.bak
    c:\program files\eMule\Temp\039.part.met
    c:\program files\eMule\Temp\039.part.met.bak
    c:\program files\eMule\Temp\040.part
    c:\program files\eMule\Temp\040.part.met
    c:\program files\eMule\Temp\040.part.met.bak
    c:\program files\eMule\Temp\041.part
    c:\program files\eMule\Temp\041.part.met
    c:\program files\eMule\Temp\041.part.met.bak
    c:\program files\eMule\Temp\042.part
    c:\program files\eMule\Temp\042.part.met
    c:\program files\eMule\Temp\042.part.met.bak
    c:\program files\eMule\Temp\043.part
    c:\program files\eMule\Temp\043.part.met
    c:\program files\eMule\Temp\043.part.met.bak
    c:\program files\eMule\Temp\044.part.met
    c:\program files\eMule\Temp\044.part.met.bak
    c:\program files\eMule\Temp\045.part.met
    c:\program files\eMule\Temp\045.part.met.bak
    c:\program files\eMule\Temp\046.part.met
    c:\program files\eMule\Temp\046.part.met.bak
    c:\program files\eMule\Temp\047.part
    c:\program files\eMule\Temp\047.part.met
    c:\program files\eMule\Temp\047.part.met.bak
    c:\program files\eMule\Temp\048.part.met
    c:\program files\eMule\Temp\048.part.met.bak
    c:\program files\eMule\Temp\049.part
    c:\program files\eMule\Temp\049.part.met
    c:\program files\eMule\Temp\049.part.met.bak
    c:\program files\eMule\Temp\050.part
    c:\program files\eMule\Temp\050.part.met
    c:\program files\eMule\Temp\050.part.met.bak
    c:\program files\eMule\Temp\051.part.met
    c:\program files\eMule\Temp\051.part.met.bak
    c:\program files\eMule\Temp\052.part
    c:\program files\eMule\Temp\052.part.met
    c:\program files\eMule\Temp\052.part.met.bak
    c:\program files\eMule\Temp\053.part.met
    c:\program files\eMule\Temp\053.part.met.bak
    c:\program files\eMule\Temp\054.part
    c:\program files\eMule\Temp\054.part.met
    c:\program files\eMule\Temp\054.part.met.bak
    c:\program files\eMule\Temp\055.part
    c:\program files\eMule\Temp\055.part.met
    c:\program files\eMule\Temp\055.part.met.bak
    c:\program files\eMule\Temp\056.part
    c:\program files\eMule\Temp\056.part.met
    c:\program files\eMule\Temp\056.part.met.bak
    c:\program files\eMule\Temp\057.part
    c:\program files\eMule\Temp\057.part.met
    c:\program files\eMule\Temp\057.part.met.bak
    c:\program files\eMule\Temp\058.part
    c:\program files\eMule\Temp\058.part.met
    c:\program files\eMule\Temp\058.part.met.bak
    c:\program files\eMule\Temp\059.part.met
    c:\program files\eMule\Temp\059.part.met.bak
    c:\program files\eMule\Temp\060.part.met
    c:\program files\eMule\Temp\060.part.met.bak
    c:\program files\eMule\Temp\061.part
    c:\program files\eMule\Temp\061.part.met
    c:\program files\eMule\Temp\061.part.met.bak
    c:\program files\eMule\Temp\063.part.met
    c:\program files\eMule\Temp\063.part.met.bak
    c:\program files\eMule\Temp\066.part.met
    c:\program files\eMule\Temp\066.part.met.bak
    c:\program files\eMule\Temp\067.part
    c:\program files\eMule\Temp\067.part.met
    c:\program files\eMule\Temp\067.part.met.bak
    c:\program files\eMule\Temp\068.part.met
    c:\program files\eMule\Temp\068.part.met.bak
    c:\program files\eMule\Temp\070.part.met
    c:\program files\eMule\Temp\070.part.met.bak
    c:\program files\eMule\Temp\071.part
    c:\program files\eMule\Temp\071.part.met
    c:\program files\eMule\Temp\071.part.met.bak
    c:\program files\eMule\Temp\074.part.met
    c:\program files\eMule\Temp\074.part.met.bak
    c:\program files\eMule\Temp\078.part
    c:\program files\eMule\Temp\078.part.met
    c:\program files\eMule\Temp\078.part.met.bak
    c:\program files\eMule\Temp\080.part
    c:\program files\eMule\Temp\080.part.met
    c:\program files\eMule\Temp\080.part.met.bak
    c:\program files\eMule\Temp\081.part.met
    c:\program files\eMule\Temp\081.part.met.bak
    c:\program files\eMule\Temp\082.part
    c:\program files\eMule\Temp\082.part.met
    c:\program files\eMule\Temp\082.part.met.bak
    c:\program files\eMule\Temp\083.part.met
    c:\program files\eMule\Temp\083.part.met.bak
    c:\program files\eMule\Temp\084.part.met
    c:\program files\eMule\Temp\084.part.met.bak
    C:\rojpcck.exe
    c:\StubInstaller.exe

    .
    ((((((((((((((((((((((((( Files Created from 2009-03-05 to 2009-04-05 )))))))))))))))))))))))))))))))
    .

    2009-04-04 14:57 . 2009-04-04 14:57 <DIR> d--hs---- c:\documents and settings\Mikey\IETldCache
    2009-04-02 13:39 . 2009-04-02 13:39 <DIR> d-------- c:\program files\Trend Micro
    2009-04-02 13:29 . 2009-04-02 13:29 <DIR> d-------- c:\program files\ERUNT
    2009-03-30 23:45 . 2009-03-30 23:45 <DIR> d--hs---- c:\documents and settings\Administrator\PrivacIE
    2009-03-30 23:42 . 2009-03-30 23:42 <DIR> d--hs---- c:\documents and settings\Administrator\IETldCache
    2009-03-30 02:46 . 2009-03-30 02:46 <DIR> d-------- c:\documents and settings\jasmine\Application Data\Symantec
    2009-03-30 02:46 . 2009-03-30 02:46 <DIR> d-------- c:\documents and settings\jasmine\Application Data\Logitech
    2009-03-30 02:46 . 2009-03-30 02:46 <DIR> d-------- c:\documents and settings\jasmine\Application Data\Jasc Software Inc
    2009-03-30 00:38 . 2009-03-30 00:38 <DIR> d--h----- c:\documents and settings\jasmine\Application Data\GTek
    2009-03-30 00:38 . 2009-03-30 00:38 <DIR> d-------- c:\documents and settings\jasmine\Application Data\5400 Series
    2009-03-30 00:34 . 2009-03-30 00:34 <DIR> d--hs---- c:\documents and settings\jasmine\IETldCache
    2009-03-30 00:31 . 2005-06-06 07:04 <DIR> d-------- c:\documents and settings\jasmine\Application Data\Creative
    2009-03-30 00:31 . 2009-03-30 23:03 <DIR> d-------- c:\documents and settings\jasmine
    2009-03-29 21:13 . 2009-03-29 21:13 <DIR> d--hs---- c:\documents and settings\LocalService\IETldCache
    2009-03-29 17:52 . 2009-03-29 17:52 <DIR> d--hs---- c:\documents and settings\Patty\PrivacIE
    2009-03-29 17:52 . 2009-03-29 17:52 <DIR> d--hs---- c:\documents and settings\Patty\IECompatCache
    2009-03-29 12:32 . 2009-03-29 12:32 <DIR> d--hs---- c:\documents and settings\Patty\IETldCache
    2009-03-29 11:38 . 2009-03-28 23:58 15,688 --a------ c:\windows\system32\lsdelete.exe
    2009-03-29 02:16 . 2009-03-29 02:16 <DIR> d--hs---- c:\documents and settings\NetworkService\IETldCache
    2009-03-28 23:52 . 2009-03-28 23:52 <DIR> d--hs---- c:\documents and settings\Steve\IECompatCache
    2009-03-28 23:49 . 2009-03-30 02:46 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
    2009-03-28 22:31 . 2009-03-28 22:31 <DIR> d--hs---- c:\documents and settings\Steve\PrivacIE
    2009-03-28 21:25 . 2009-03-28 21:25 <DIR> d--hs---- c:\windows\system32\config\systemprofile\IETldCache
    2009-03-28 17:18 . 2009-03-28 17:18 <DIR> d--hs---- c:\documents and settings\Steve\IETldCache
    2009-03-28 16:36 . 2009-03-30 01:44 <DIR> d--h-c--- c:\windows\ie8
    2009-03-25 13:20 . 2009-03-25 13:20 <DIR> d-------- c:\program files\Common Files\Adobe AIR
    2009-03-25 13:09 . 2009-03-25 13:09 <DIR> d-------- c:\documents and settings\Steve\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    2009-03-24 01:28 . 2009-03-29 23:59 <DIR> d-------- c:\program files\Lavasoft
    2009-03-24 01:28 . 2009-03-29 23:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
    2009-03-22 03:29 . 2009-03-24 01:28 <DIR> d-------- c:\program files\Spybot - Search & Destroy
    2009-03-22 03:29 . 2009-03-24 01:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-03-21 15:02 . 2009-03-24 01:25 <DIR> d-------- c:\documents and settings\Patty\Application Data\Winamp
    2009-03-21 13:31 . 2009-03-24 01:29 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\~0
    2009-03-08 14:22 . 2009-03-08 14:22 49,152 --------- c:\windows\system32\msrating.dll.mui
    2009-03-08 14:22 . 2009-03-08 14:22 2,560 --------- c:\windows\system32\mshta.exe.mui
    2009-03-08 14:21 . 2009-03-08 14:21 4,096 --------- c:\windows\system32\ie4uinit.exe.mui
    2009-03-08 14:20 . 2009-03-08 14:20 81,920 --------- c:\windows\system32\iedkcs32.dll.mui
    2009-03-08 04:33 . 2009-03-08 04:33 18,944 --------- c:\windows\system32\dllcache\corpol.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-03-30 00:47 --------- d-----w c:\program files\Lx_cats
    2009-03-08 21:09 638,816 ----a-w c:\windows\system32\dllcache\iexplore.exe
    2009-03-08 21:09 391,536 ----a-w c:\windows\system32\dllcache\iedkcs32.dll
    2009-03-08 11:41 5,937,152 ----a-w c:\windows\system32\dllcache\mshtml.dll
    2009-03-08 11:39 11,063,808 ----a-w c:\windows\system32\dllcache\ieframe.dll
    2009-03-08 11:34 914,944 ----a-w c:\windows\system32\wininet.dll
    2009-03-08 11:34 914,944 ----a-w c:\windows\system32\dllcache\wininet.dll
    2009-03-08 11:34 43,008 ----a-w c:\windows\system32\licmgr10.dll
    2009-03-08 11:34 43,008 ----a-w c:\windows\system32\dllcache\licmgr10.dll
    2009-03-08 11:34 236,544 ----a-w c:\windows\system32\dllcache\webcheck.dll
    2009-03-08 11:34 193,536 ----a-w c:\windows\system32\dllcache\msrating.dll
    2009-03-08 11:34 109,568 ----a-w c:\windows\system32\dllcache\occache.dll
    2009-03-08 11:34 105,984 ----a-w c:\windows\system32\dllcache\url.dll
    2009-03-08 11:34 1,206,784 ----a-w c:\windows\system32\dllcache\urlmon.dll
    2009-03-08 11:33 759,296 ----a-w c:\windows\system32\dllcache\VGX.dll
    2009-03-08 11:33 726,528 ----a-w c:\windows\system32\dllcache\jscript.dll
    2009-03-08 11:33 420,352 ----a-w c:\windows\system32\vbscript.dll
    2009-03-08 11:33 420,352 ----a-w c:\windows\system32\dllcache\vbscript.dll
    2009-03-08 11:33 25,600 ----a-w c:\windows\system32\dllcache\jsproxy.dll
    2009-03-08 11:33 229,376 ----a-w c:\windows\system32\dllcache\ieaksie.dll
    2009-03-08 11:33 18,944 ----a-w c:\windows\system32\corpol.dll
    2009-03-08 11:33 125,952 ----a-w c:\windows\system32\dllcache\ieakeng.dll
    2009-03-08 11:32 94,720 ----a-w c:\windows\system32\dllcache\inseng.dll
    2009-03-08 11:32 72,704 ----a-w c:\windows\system32\dllcache\admparse.dll
    2009-03-08 11:32 72,704 ----a-w c:\windows\system32\admparse.dll
    2009-03-08 11:32 71,680 ----a-w c:\windows\system32\iesetup.dll
    2009-03-08 11:32 71,680 ----a-w c:\windows\system32\dllcache\iesetup.dll
    2009-03-08 11:32 611,840 ----a-w c:\windows\system32\dllcache\mstime.dll
    2009-03-08 11:32 594,432 ----a-w c:\windows\system32\dllcache\msfeeds.dll
    2009-03-08 11:32 55,808 ----a-w c:\windows\system32\dllcache\iernonce.dll
    2009-03-08 11:32 173,056 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
    2009-03-08 11:32 163,840 ----a-w c:\windows\system32\dllcache\ieakui.dll
    2009-03-08 11:32 128,512 ----a-w c:\windows\system32\dllcache\advpack.dll
    2009-03-08 11:32 1,985,024 ----a-w c:\windows\system32\dllcache\iertutil.dll
    2009-03-08 11:24 68,608 ----a-w c:\windows\system32\dllcache\hmmapi.dll
    2009-03-08 11:22 156,160 ----a-w c:\windows\system32\msls31.dll
    2009-03-08 11:22 156,160 ----a-w c:\windows\system32\dllcache\msls31.dll
    2009-03-08 11:11 445,952 ----a-w c:\windows\system32\dllcache\ieapfltr.dll
    2009-03-02 05:36 --------- d-----w c:\program files\Google
    2009-02-23 01:59 --------- d-----w c:\documents and settings\Patty\Application Data\AOL
    2009-02-14 05:30 --------- d-----w c:\documents and settings\Patty\Application Data\Viewpoint
    2009-02-11 21:01 --------- d--h--w c:\documents and settings\Patty\Application Data\GTek
    2009-02-11 20:58 --------- d-----w c:\documents and settings\Patty\Application Data\Logitech
    2009-02-11 20:58 --------- d-----w c:\documents and settings\Patty\Application Data\5400 Series
    2009-02-10 23:16 --------- d-----w c:\documents and settings\Mikey\Application Data\5400 Series
    2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
    2009-02-09 11:13 1,846,784 ------w c:\windows\system32\dllcache\win32k.sys
    2009-01-08 01:21 26,144 ----a-w c:\windows\system32\spupdsvc.exe
    2009-01-08 01:20 474,112 ------w c:\windows\system32\dllcache\shlwapi.dll
    2009-01-08 01:20 265,720 ----a-w c:\windows\system32\msdbg2.dll
    2009-01-08 01:20 26,112 ----a-w c:\windows\system32\idndl.dll
    2009-01-08 01:20 24,576 ----a-w c:\windows\system32\nlsdl.dll
    2009-01-08 01:20 23,552 ----a-w c:\windows\system32\normaliz.dll
    2009-01-08 01:20 23,552 ----a-w c:\windows\system32\normaliz(2)(2).dll
    2009-01-08 01:20 134,144 ------w c:\windows\system32\dllcache\sqmapi.dll
    2009-01-08 01:20 1,497,088 ------w c:\windows\system32\dllcache\shdocvw.dll
    2009-01-08 01:20 1,022,976 ------w c:\windows\system32\dllcache\browseui.dll
    2008-09-13 13:19 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008091320080914\index.dat
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-04-03_13.59.20.71 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\AutoBackup\4-4-2009\ERDNT.EXE
    + 2009-04-05 06:58:16 9,306,112 ----a-w c:\windows\ERDNT\AutoBackup\4-4-2009\Users\00000001\ntuser.dat
    + 2009-04-05 06:58:18 3,338,240 ----a-w c:\windows\ERDNT\AutoBackup\4-4-2009\Users\00000002\UsrClass.dat
    - 2009-04-03 20:01:15 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
    + 2009-04-05 18:36:55 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
    - 2009-04-03 20:01:15 245,760 --sha-w c:\windows\system32\config\systemprofile\IETldCache\index.dat
    + 2009-04-05 18:36:55 245,760 --sha-w c:\windows\system32\config\systemprofile\IETldCache\index.dat
    - 2009-04-03 20:01:15 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2009-04-05 18:36:55 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    - 2009-04-03 20:01:15 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2009-04-05 18:36:55 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    - 2009-04-03 20:45:13 215,468 ----a-w c:\windows\system32\inetsrv\MetaBase.bin
    + 2009-04-04 06:39:13 215,464 ----a-w c:\windows\system32\inetsrv\MetaBase.bin
    + 2009-02-03 02:15:28 3,771,296 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll
    + 2009-02-03 02:15:30 240,544 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
    + 2009-04-05 08:06:14 84,661 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
    + 2009-04-04 06:36:49 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_938.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HostManager"="c:\program files\Common Files\AOL\1118558958\ee\AOLSoftware.exe" [2008-06-24 41824]
    "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-04-28 53248]
    "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-04 582992]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
    "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-28 515416]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-07-27 221184]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2003-07-15 34880]

    c:\documents and settings\Mikey\Start Menu\Programs\Startup\
    LimeWire On Startup.lnk.disabled [2008-11-29 1587]

    c:\documents and settings\Patty\Start Menu\Programs\Startup\
    LimeWire On Startup.lnk.disabled [2009-02-23 1587]

    c:\documents and settings\Steve\Start Menu\Programs\Startup\
    ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-04-16 805392]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2008-05-02 02:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.lsvx"= c:\windows\system32\lsvxdec.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^dlbcserv.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\dlbcserv.lnk
    backup=c:\windows\pss\dlbcserv.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
    backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Steve^Start Menu^Programs^Startup^BOINC Manager.lnk]
    path=c:\documents and settings\Steve\Start Menu\Programs\Startup\BOINC Manager.lnk
    backup=c:\windows\pss\BOINC Manager.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
    c:\windows\system32\dumprep 0 -u [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    --a------ 2007-03-09 11:09 63712 c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
    -ra------ 2006-10-23 05:50 71216 c:\program files\Common Files\AOL\ACS\AOLDial.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
    --a------ 2005-05-31 05:33 122941 c:\windows\system32\dla\tfswctrl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
    --a------ 2007-03-19 05:58 82864 c:\program files\Lexmark 5400 Series\ezprint.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    --a------ 2005-09-20 09:32 77824 c:\windows\system32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
    --a------ 2005-09-20 09:32 77824 c:\windows\system32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
    --a------ 2005-09-20 09:36 114688 c:\windows\system32\igfxpers.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    --a------ 2005-09-20 09:35 94208 c:\windows\system32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    --a------ 2004-07-27 14:50 221184 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 1200 Series]
    --a------ 2006-07-12 22:22 57344 c:\program files\Lexmark 1200 Series\lxczbmgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
    --a------ 2005-03-12 07:25 11776 c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    --a------ 2006-01-10 20:58 7286784 c:\windows\system32\nvcpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    --a------ 2006-01-10 20:58 86016 c:\windows\system32\nvmctray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-01-31 23:13 385024 c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2005-06-03 03:52 36975 c:\program files\Java\jre1.5.0_04\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
    --------- 2000-05-10 23:00 90112 c:\windows\Updreg.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    --a------ 2006-01-10 20:58 1519616 c:\windows\system32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
    --a------ 2004-06-10 14:51 60928 c:\windows\system32\P17.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "NVSvc"=2 (0x2)
    "lxct_device"=2 (0x2)
    "ITMRTSVC"=2 (0x2)
    "DSBrokerService"=3 (0x3)
    "IDriverT"=3 (0x3)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "updateMgr"=c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    "CTSysVol"=c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
    "AOLDialer"=c:\program files\Common Files\AOL\ACS\AOLDial.exe
    "NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    "NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    "nwiz"=nwiz.exe /install
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
    "WinampAgent"="c:\program files\Winamp\winampa.exe"
    "Lexmark 5400 Series Fax Server"="c:\program files\Lexmark 5400 Series\fm3032.exe" /s
    "lxctmon.exe"="c:\program files\Lexmark 5400 Series\lxctmon.exe"
    "LXCTCATS"=rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
    "MSConfig"=c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    "gcasServ"="c:\program files\Microsoft AntiSpyware\gcasServ.exe"
    "VirusScan Online"="c:\progra~1\mcafee.com\vso\mcvsshld.exe"
    "VSOCheckTask"="c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" -hide

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\Common Files\\AOL\\1118558958\\EE\\AOLServiceHost.exe"=
    "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
    "c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Common Files\\AOL\\1118558958\\EE\\aolsoftware.exe"=
    "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
    "c:\\Program Files\\AOL 9.0\\waol.exe"=
    "c:\\WINDOWS\\system32\\lxctcoms.exe"=
    "c:\\Program Files\\AOL 9.1\\waol.exe"=
    "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
    "c:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe"=
    "c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=
    "c:\\Program Files\\Creative\\Sound Blaster Live! 24-bit\\Surround Mixer\\CTSysVol.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
    "3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
    "3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
    "135:TCP"= 135:TCP:TCP Port 135
    "5000:TCP"= 5000:TCP:TCP Port 5000
    "5001:TCP"= 5001:TCP:TCP Port 5001
    "5002:TCP"= 5002:TCP:TCP Port 5002
    "5003:TCP"= 5003:TCP:TCP Port 5003
    "5004:TCP"= 5004:TCP:TCP Port 5004
    "5005:TCP"= 5005:TCP:TCP Port 5005
    "5006:TCP"= 5006:TCP:TCP Port 5006
    "5007:TCP"= 5007:TCP:TCP Port 5007
    "5008:TCP"= 5008:TCP:TCP Port 5008
    "5009:TCP"= 5009:TCP:TCP Port 5009
    "5010:TCP"= 5010:TCP:TCP Port 5010
    "5011:TCP"= 5011:TCP:TCP Port 5011
    "5012:TCP"= 5012:TCP:TCP Port 5012
    "5013:TCP"= 5013:TCP:TCP Port 5013
    "5014:TCP"= 5014:TCP:TCP Port 5014
    "5015:TCP"= 5015:TCP:TCP Port 5015
    "5016:TCP"= 5016:TCP:TCP Port 5016
    "5017:TCP"= 5017:TCP:TCP Port 5017
    "5018:TCP"= 5018:TCP:TCP Port 5018
    "5019:TCP"= 5019:TCP:TCP Port 5019
    "5020:TCP"= 5020:TCP:TCP Port 5020
    "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
    "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
    "500:UDP"= 500:UDP:@xpsp2res.dll,-22017

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)

    R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
    S2 gupdate1c99af84045d9ba;Google Update Service (gupdate1c99af84045d9ba);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-01 133104]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 951632]
    S2 PDRJNDL;PDRJNDL;\??\g:\data\WORK\VitaGen\Vgen Docs\Dek\PDL\PDRJNDL.SYS --> g:\data\WORK\VitaGen\Vgen Docs\Dek\PDL\PDRJNDL.SYS [?]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
    \Shell\AutoRun\command - E:\start.exe welcome.dbd

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    .
    Contents of the 'Scheduled Tasks' folder

    2009-04-05 c:\windows\Tasks\Ad-Aware Update (Daily).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-28 23:56]

    2009-04-05 c:\windows\Tasks\GoogleUpdateTaskMachine.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-01 22:31]

    2009-03-15 c:\windows\Tasks\McDefragTask.job
    - c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

    2009-03-01 c:\windows\Tasks\McQcTask.job
    - c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

    2009-04-05 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

    2009-04-03 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
    - c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2009-01-26 15:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    Trusted Zone: microsoft.com\*.windowsupdate
    Trusted Zone: microsoft.com\download.windowsupdate
    Trusted Zone: microsoft.com\update
    Trusted Zone: windowsupdate.com\download
    Trusted Zone: musicmatch.com\online
    FF - ProfilePath - c:\documents and settings\Steve\Application Data\Mozilla\Firefox\Profiles\wkhqaxag.default\
    FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
    FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava11.dll
    FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava12.dll
    FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava13.dll
    FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava14.dll
    FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava32.dll
    FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJPI150_04.dll
    FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPOJI610.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    .

    **************************************************************************

    catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-04-05 13:22:23
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(824)
    c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
    c:\program files\common files\logitech\bluetooth\LBTServ.dll
    c:\windows\system32\igfxdev.dll

    - - - - - - - > 'winlogon.exe'(280)
    c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
    c:\program files\common files\logitech\bluetooth\LBTServ.dll
    c:\windows\system32\igfxdev.dll
    .
    Completion time: 2009-04-05 13:27:04
    ComboFix-quarantined-files.txt 2009-04-05 20:25:51
    ComboFix2.txt 2009-04-03 21:02:43

    Pre-Run: 37,769,293,824 bytes free
    Post-Run: 37,743,800,320 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    638 --- E O F --- 2009-04-03 03:32:19

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •