Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: Search Results Reidrected and Spybot Won't Run

  1. #1
    Junior Member
    Join Date
    Apr 2009
    Location
    Ohio in the USA
    Posts
    12

    Default Search Results Reidrected and Spybot Won't Run

    I'm New here and i don't know if you need this info, but here is what i've experienced:

    So I downloaded spybot S&D because i couldn't run malwarebytes because of malware that i already had, but spybot wouldn't run either. i then found out that if i renamed MWB then it would run, which worked and got rid of that problem, but i noticed that my results were being redirected after clicking on the links, which i want to fix. I couldn;t run spybot, so i redownloaded and installed it after uninstalling and restarting my computer. Well, i had the little icon in the bottom right hand corner of my screen that said it was running, but when i double clicked on the ison on the desktop, or on SDMain in the program folder, Spybot wouldn't run. so then i renamed SDMain thinking that this would work. well, needless to say, it didn't, the only difference was i would get a vlack box that would pop up for a second and then disappear. I also have the problem that now my printer "won't communicate" with my computer when i try to print, although it is perfectly fine when i check on it in the control panel. All of these problems seem to be in accordance with each other, and i need some serious help with this crap.

    HijackThis Logfile:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:43:04 PM, on 4/24/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16827)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wuauclt.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
    O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 3375 bytes

  2. #2
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi Blktiger0,

    Download DDS and save it to your desktop from here or here or here.
    Disable any script blocker, and then double click dds.scr to run the tool.
    • When done, DDS will open two (2) logs:
      1. DDS.txt
      2. Attach.txt
    • Save both reports to your desktop. Post them back to your topic.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  3. #3
    Junior Member
    Join Date
    Apr 2009
    Location
    Ohio in the USA
    Posts
    12

    Default

    I downloaded dds.scr and tried to run it, but i got this:



    In case it doesn't show up, i'll post what the box said:

    'Findstr.exe' is not recognized as an internal or external command, operable program or batch file.

    I downloaded it from the second link because the other two wouldn't work. I'm also not sure what a script blocker is.

  4. #4
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi

    Please try this instead:

    • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized, if not you'll find it in c:\rsit folder)
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  5. #5
    Junior Member
    Join Date
    Apr 2009
    Location
    Ohio in the USA
    Posts
    12

    Default

    Thanks Blade81,

    Here are the files

    log:

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Bob and Ginny at 2009-04-27 17:35:13
    Microsoft Windows XP Professional Service Pack 3
    System drive C: has 2 GB (12%) free of 19 GB
    Total RAM: 631 MB (26% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:35:20 PM, on 4/27/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16827)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Bob and Ginny\Desktop\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Bob and Ginny.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
    O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 3471 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\Disk Cleanup.job
    C:\WINDOWS\tasks\WGASetup.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}]
    WOT Helper - C:\Program Files\WOT\WOT.dll [2009-01-28 1421984]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {71576546-354D-41c9-AAE8-31F2EC22BF0D} - WOT - C:\Program Files\WOT\WOT.dll [2009-01-28 1421984]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-10-01 111936]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
    "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-04-06 401040]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    NETGEAR WG111v3 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v3\WG111v3.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    igfxsrvc.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    WgaLogon.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Participatory Culture Foundation\Miro\Miro_Downloader.exe"="C:\Program Files\Participatory Culture Foundation\Miro\Miro_Downloader.exe:*:Enabled:Miro_Downloader"
    "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
    "C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
    "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
    "C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
    "C:\WINDOWS\system32\lxdicoms.exe"="C:\WINDOWS\system32\lxdicoms.exe:*:Enabled:Lexmark Communications System"
    "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"="C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe:*:Enabled:Lexmark Device Monitor"
    "C:\Program Files\Lexmark 3500-4500 Series\App4R.exe"="C:\Program Files\Lexmark 3500-4500 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio"
    "C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe"="C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:*:Enabled:ABBYY FineReader"
    "C:\Program Files\Lexmark Fax Solutions\FaxCtr.exe"="C:\Program Files\Lexmark Fax Solutions\FaxCtr.exe:*:Enabled:Fax software"
    "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"="C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe:*:Enabled:Device Monitor"
    "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdipswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdipswx.exe:*:Enabled:Printer Status Window Interface"
    "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxditime.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxditime.exe:*:Enabled:Lexmark Connect Time Executable"
    "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdijswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdijswx.exe:*:Enabled:Job Status Window Interface"
    "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdiwbgw.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdiwbgw.exe:*:Enabled:Lexmark Web Gateway"
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
    "C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
    "C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
    "C:\Documents and Settings\Bob and Ginny\Local Settings\Temp\ImInstaller\incredimail_installer.exe"="C:\Documents and Settings\Bob and Ginny\Local Settings\Temp\ImInstaller\incredimail_installer.exe:*:Enabled:IncrediMail Installer"
    "C:\Documents and Settings\Bob and Ginny\Application Data\U3\0000167EB7741C71\0DE4F643-C398-46ec-9339-2362F2311932\Exec\skype.exe"="C:\Documents and Settings\Bob and Ginny\Application Data\U3\0000167EB7741C71\0DE4F643-C398-46ec-9339-2362F2311932\Exec\skype.exe:*:Enabled:Skype"
    "C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
    "C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
    "C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
    "C:\Nexon\Combat Arms\NMService.exe"="C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core"
    "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
    "C:\Program Files\MySpace\IM\MySpaceIM.exe"="C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Lexmark 3500-4500 Series\app4r.exe"="C:\Program Files\Lexmark 3500-4500 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio"
    "C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
    "C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f757830-46b8-11dd-a159-001b2fc8240f}]
    shell\AutoRun\command - G:\LaunchU3.exe -a


    ======File associations======

    .reg - open - regedit.exe "%1" %*
    .scr - open - "%1" %*

    ======List of files/folders created in the last 1 months======

    2009-04-27 17:35:13 ----D---- C:\rsit
    2009-04-24 15:41:47 ----D---- C:\WINDOWS\ERDNT
    2009-04-24 15:40:33 ----D---- C:\Program Files\ERUNT
    2009-04-24 15:36:59 ----D---- C:\Program Files\Trend Micro
    2009-04-21 20:03:08 ----A---- C:\WINDOWS\system32\javaws.exe
    2009-04-21 20:03:08 ----A---- C:\WINDOWS\system32\javaw.exe
    2009-04-21 20:03:08 ----A---- C:\WINDOWS\system32\java.exe
    2009-04-21 18:04:35 ----D---- C:\WINDOWS\system32\KB905474
    2009-04-21 17:15:16 ----D---- C:\Program Files\Microsoft Silverlight
    2009-04-18 13:48:04 ----D---- C:\Program Files\Spybot - Search & Destroy
    2009-04-15 03:03:18 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
    2009-04-15 03:03:08 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
    2009-04-15 03:01:24 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
    2009-04-15 03:00:56 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
    2009-04-15 03:00:47 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
    2009-04-15 03:00:21 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
    2009-04-14 22:44:28 ----N---- C:\WINDOWS\system32\xpsp4res.dll
    2009-04-11 17:01:39 ----A---- C:\WINDOWS\system32\muweb.dll
    2009-04-11 10:47:05 ----D---- C:\Program Files\Black
    2009-04-11 10:47:05 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2009-04-11 08:24:19 ----HDC---- C:\WINDOWS\$NtUninstallWdf01005$
    2009-04-01 17:41:58 ----D---- C:\Program Files\Microsoft Xbox 360 Accessories
    2009-03-29 16:05:15 ----HD---- C:\WINDOWS\PIF

    ======List of files/folders modified in the last 1 months======

    2009-04-27 17:34:58 ----D---- C:\Program Files\Mozilla Firefox
    2009-04-26 03:54:25 ----D---- C:\WINDOWS\Prefetch
    2009-04-25 12:00:25 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2009-04-25 11:58:34 ----D---- C:\WINDOWS\system32\drivers
    2009-04-25 11:40:37 ----SHD---- C:\WINDOWS\Installer
    2009-04-25 11:40:34 ----HD---- C:\Config.Msi
    2009-04-25 11:39:42 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2009-04-25 09:28:56 ----D---- C:\WINDOWS\Temp
    2009-04-24 15:41:47 ----D---- C:\WINDOWS
    2009-04-24 15:40:33 ----RD---- C:\Program Files
    2009-04-24 06:55:37 ----D---- C:\WINDOWS\Help
    2009-04-21 20:03:08 ----D---- C:\WINDOWS\system32
    2009-04-21 20:03:01 ----D---- C:\Program Files\Java
    2009-04-21 19:31:43 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-04-21 19:30:39 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-04-21 19:18:01 ----A---- C:\WINDOWS\hpbafd.ini
    2009-04-21 18:04:35 ----SD---- C:\WINDOWS\Tasks
    2009-04-20 18:15:45 ----D---- C:\Documents and Settings\Bob and Ginny\Application Data\uTorrent
    2009-04-18 14:30:16 ----D---- C:\Documents and Settings\Bob and Ginny\Application Data\U3
    2009-04-15 03:14:12 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2009-04-15 03:09:44 ----D---- C:\WINDOWS\system32\wbem
    2009-04-15 03:09:44 ----D---- C:\WINDOWS\AppPatch
    2009-04-15 03:03:23 ----HD---- C:\WINDOWS\inf
    2009-04-15 03:03:14 ----A---- C:\WINDOWS\imsins.BAK
    2009-04-15 03:02:42 ----D---- C:\WINDOWS\system32\en-US
    2009-04-15 03:02:42 ----D---- C:\Program Files\Internet Explorer
    2009-04-15 03:02:20 ----D---- C:\WINDOWS\ie7updates
    2009-04-15 03:01:08 ----HD---- C:\WINDOWS\$hf_mig$
    2009-04-11 10:08:03 ----SD---- C:\WINDOWS\Downloaded Program Files
    2009-04-11 09:43:53 ----D---- C:\WINDOWS\network diagnostic
    2009-04-06 10:57:24 ----A---- C:\WINDOWS\system32\MRT.exe
    2009-04-01 17:42:01 ----DC---- C:\WINDOWS\system32\DRVSTORE
    2009-04-01 17:41:54 ----D---- C:\WINDOWS\system32\DirectX
    2009-03-29 15:20:09 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
    R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-02-27 21035]
    R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-03-13 100224]
    R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2002-08-06 139776]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
    R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-06-21 807998]
    R3 ltmodem5;LT Modem Driver; C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys [2004-08-03 606684]
    R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver; C:\WINDOWS\system32\DRIVERS\wg111v3.sys [2007-04-23 224896]
    R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-05-27 578304]
    R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
    R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    R4 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
    S3 Dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
    S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
    S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
    S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
    S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\WINDOWS\system32\DRIVERS\xusb21.sys [2007-08-28 55808]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
    R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
    R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
    R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
    R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
    S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
    S4 lxdi_device;lxdi_device; C:\WINDOWS\system32\lxdicoms.exe [2007-06-11 517040]
    S4 lxdiCATSCustConnectService;lxdiCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe [2007-06-11 99248]
    S4 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]

    -----------------EOF-----------------


    Here is info:

    info.txt logfile of random's system information tool 1.06 2009-04-27 17:35:23

    ======Uninstall list======

    Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
    Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
    Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
    Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
    ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
    Free Video to iPod Converter version 2.5-->"C:\Program Files\DVDVideoSoft\Free Video to iPod Converter\unins000.exe"
    Free YouTube Download 2.1-->"C:\Program Files\DVDVideoSoft\Free YouTube Download\unins000.exe"
    GIMP 2.4.7-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
    Guitar Pro 5.2-->"C:\Program Files\Guitar Pro 5\unins000.exe"
    HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
    HijackThis 2.0.2-->"C:\Documents and Settings\Bob and Ginny\Desktop\HijackThis\HijackThis.exe" /uninstall
    Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
    Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    HyperCam 2-->"C:\Program Files\HyCam2\UnHyCam2.exe"
    Intel(R) Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
    Intel(R) PRO Ethernet Adapter and Software-->Prounstl.exe
    iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
    J2SE Runtime Environment 5.0 Update 12-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150120}
    Java DB 10.3.1.4-->MsiExec.exe /X{CD49361E-3FE6-457E-90A1-9C59E29B5D02}
    Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
    Lexmark 3500-4500 Series-->C:\Program Files\Lexmark 3500-4500 Series\Install\x86\Uninst.exe
    Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
    Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
    Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Works 7.0-->MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
    Microsoft Xbox 360 Accessories 1.1-->MsiExec.exe /X{66F0AC35-4805-44BC-A3D4-347D4196F9B3}
    mIRC-->"C:\Documents and Settings\Bob and Ginny\My Documents\Devon\Xbins.exe" -uninstall
    MobileMe Control Panel-->MsiExec.exe /I{2604C0F9-BFD3-4BA0-9EB5-22537C648F03}
    Mozilla Firefox (3.0.9)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MySpaceIM-->C:\Program Files\MySpace\IM\Uninstall.exe
    NETGEAR WG111v3 wireless USB 2.0 adapter-->C:\Program Files\InstallShield Installation Information\{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}\setup.exe -runfromtemp -l0x0409
    QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
    Revo Uninstaller 1.75-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
    Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
    Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
    SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
    System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
    Uninstall 1.0.0.0-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
    Unity Web Player-->C:\Program Files\Unity\WebPlayer\Uninstall.exe
    Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
    Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
    Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
    Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
    Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
    WinAce Archiver 2.0-->C:\Program Files\WinAce\SXUNINST.EXE C:\Program Files\WinAce\SXUNINST.INI
    Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
    Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
    WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
    WOT for Internet Explorer-->MsiExec.exe /X{ABDF3DF5-71DB-4D67-A44C-DC8FB39EA81C}
    Xvid 1.1.3 final uninstall-->"C:\Program Files\Xvid\unins000.exe"
    Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
    Yahoo! Mail Advisor-->C:\PROGRA~1\Yahoo!\Common\UNINST~1.EXE
    Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
    Yahoo! Search Protection-->C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE
    Yahoo! Software Update-->C:\PROGRA~1\Yahoo!\SOFTWA~1\UNINST~1.EXE

    ======System event log======

    Computer Name: UAN-69CA545DED8
    Event Code: 1006
    Message:
    Record Number: 4050
    Source Name: OneCareMP
    Time Written: 20080824183419.000000-240
    Event Type: warning
    User:

    Computer Name: UAN-69CA545DED8
    Event Code: 1006
    Message:
    Record Number: 4049
    Source Name: OneCareMP
    Time Written: 20080824183419.000000-240
    Event Type: warning
    User:

    Computer Name: UAN-69CA545DED8
    Event Code: 3006
    Message:
    Record Number: 4047
    Source Name: OneCareMP
    Time Written: 20080824171833.000000-240
    Event Type: error
    User:

    Computer Name: UAN-69CA545DED8
    Event Code: 3004
    Message:
    Record Number: 4046
    Source Name: OneCareMP
    Time Written: 20080824171821.000000-240
    Event Type: warning
    User:

    Computer Name: UAN-69CA545DED8
    Event Code: 4226
    Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

    Record Number: 4045
    Source Name: Tcpip
    Time Written: 20080824120946.000000-240
    Event Type: warning
    User:

    =====Application event log=====

    Computer Name: UAN-69CA545DED8
    Event Code: 4113
    Message:
    Record Number: 590
    Source Name: Avira AntiVir
    Time Written: 20080707154528.000000-240
    Event Type: warning
    User: NT AUTHORITY\SYSTEM

    Computer Name: UAN-69CA545DED8
    Event Code: 1000
    Message: Faulting application wcs.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

    Record Number: 589
    Source Name: Application Error
    Time Written: 20080707142106.000000-240
    Event Type: error
    User:

    Computer Name: UAN-69CA545DED8
    Event Code: 1000
    Message: Faulting application wcs.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

    Record Number: 588
    Source Name: Application Error
    Time Written: 20080707141338.000000-240
    Event Type: error
    User:

    Computer Name: UAN-69CA545DED8
    Event Code: 1000
    Message: Faulting application wcs.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

    Record Number: 584
    Source Name: Application Error
    Time Written: 20080707140448.000000-240
    Event Type: error
    User:

    Computer Name: UAN-69CA545DED8
    Event Code: 1000
    Message: Faulting application wcs.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

    Record Number: 579
    Source Name: Application Error
    Time Written: 20080707135303.000000-240
    Event Type: error
    User:

    ======Environment variables======

    "CLASSPATH"=.;CLASSPATH=C:\Program Files\Java\jdk1.6.0_07\bin;%CLASSPATH%;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "FP_NO_HOST_CHECK"=NO
    "NUMBER_OF_PROCESSORS"=1
    "OS"=Windows_NT
    "Path"=C:\Program Files\Java\jdk1.6.0_07\bin; ;C:\Program Files\QuickTime\QTSystem\
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_REVISION"=0207
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "windir"=%SystemRoot%
    "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

    -----------------EOF-----------------
    Who's Burnin' Who Now?


  6. #6
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi again,

    Please visit this webpage for download links, and instructions for running ComboFix tool:

    http://www.bleepingcomputer.com/comb...o-use-combofix

    Please ensure you read this guide carefully and install the Recovery Console first.

    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

    Once installed, you should see a blue screen prompt that says:

    The Recovery Console was successfully installed.

    Please continue as follows:

    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
      Remember to re-enable them afterwards.

    2. Click Yes to allow ComboFix to continue scanning for malware.


    When the tool is finished, it will produce a report for you.

    Please include the following reports for further review, and so we may continue cleansing the system:

    C:\ComboFix.txt
    New HijackThis log.


    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  7. #7
    Junior Member
    Join Date
    Apr 2009
    Location
    Ohio in the USA
    Posts
    12

    Default

    Thanks again, Blade81. I reallya appreciate your time.

    Here is the ComboFix log:


    ComboFix 09-04-29.01 - Bob and Ginny 04/29/2009 16:48.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.631.403 [GMT -4:00]
    Running from: c:\documents and settings\Bob and Ginny\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\drivers\gxvxcahyufhilfcivcobgotblviqyujouovma.sys
    c:\windows\system32\gxvxccounter
    c:\windows\system32\gxvxcexikqpdwgsxuiwvypasbjsisqjtaineg.dll
    c:\windows\system32\uninstall.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_GXVXCSERV.SYS
    -------\Legacy_MYWEBSEARCHSERVICE


    ((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-29 )))))))))))))))))))))))))))))))
    .

    2009-04-27 21:35 . 2009-04-27 21:35 -------- d-----w C:\rsit
    2009-04-24 19:40 . 2009-04-24 19:40 -------- d-----w c:\program files\ERUNT
    2009-04-24 19:36 . 2009-04-24 19:36 -------- d-----w c:\program files\Trend Micro
    2009-04-21 22:04 . 2009-04-21 22:04 -------- d-----w c:\windows\system32\KB905474
    2009-04-21 22:04 . 2009-03-11 02:26 1403264 ----a-w c:\windows\system32\KB905474\wganotifypackageinner.exe
    2009-04-21 22:04 . 2009-03-11 02:18 453512 ----a-w c:\windows\system32\KB905474\wgasetup.exe
    2009-04-21 21:15 . 2009-04-25 15:38 -------- d-----w c:\program files\Microsoft Silverlight
    2009-04-18 17:48 . 2009-04-21 23:31 -------- d-----w c:\program files\Spybot - Search & Destroy
    2009-04-15 02:45 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
    2009-04-15 02:45 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
    2009-04-15 02:45 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
    2009-04-15 02:45 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
    2009-04-15 02:45 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
    2009-04-15 02:45 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
    2009-04-15 02:45 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
    2009-04-15 02:45 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
    2009-04-15 02:45 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
    2009-04-15 02:44 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
    2009-04-15 02:44 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
    2009-04-11 21:01 . 2008-10-16 18:06 208744 ----a-w c:\windows\system32\muweb.dll
    2009-04-11 14:47 . 2009-04-21 23:29 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-04-11 14:47 . 2009-04-18 17:41 -------- d-----w c:\program files\Black
    2009-04-01 21:41 . 2009-04-01 21:41 -------- d-----w c:\program files\Microsoft Xbox 360 Accessories

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-04-25 16:00 . 2008-07-07 19:38 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
    2009-04-22 00:03 . 2008-02-27 21:28 -------- d-----w c:\program files\Java
    2009-04-11 12:24 . 2009-04-11 12:24 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
    2009-04-11 12:24 . 2009-04-11 12:24 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
    2009-04-06 19:32 . 2008-12-21 17:41 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2009-04-06 19:32 . 2008-07-07 19:38 15504 ----a-w c:\windows\system32\drivers\mbam.sys
    2009-03-09 09:19 . 2009-01-12 23:31 410984 ----a-w c:\windows\system32\deploytk.dll
    2009-03-06 14:22 . 2004-08-04 12:00 284160 ----a-w c:\windows\system32\pdh.dll
    2009-03-03 00:18 . 2004-08-04 12:00 826368 ----a-w c:\windows\system32\wininet.dll
    2009-02-28 14:07 . 2008-02-22 17:43 65176 ----a-w c:\documents and settings\Bob and Ginny\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-02-20 18:09 . 2004-08-04 12:00 78336 ----a-w c:\windows\system32\ieencode.dll
    2009-02-11 20:51 . 2008-07-04 21:54 34 ----a-w c:\documents and settings\Bob and Ginny\jagex_runescape_preferences.dat
    2009-02-09 12:10 . 2004-08-04 12:00 729088 ----a-w c:\windows\system32\lsasrv.dll
    2009-02-09 12:10 . 2004-08-04 12:00 714752 ----a-w c:\windows\system32\ntdll.dll
    2009-02-09 12:10 . 2004-08-04 12:00 617472 ----a-w c:\windows\system32\advapi32.dll
    2009-02-09 12:10 . 2004-08-04 12:00 401408 ----a-w c:\windows\system32\rpcss.dll
    2009-02-09 11:13 . 2004-08-04 12:00 1846784 ----a-w c:\windows\system32\win32k.sys
    2009-02-07 23:02 . 2004-08-03 22:59 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe
    2009-02-06 11:11 . 2004-08-04 12:00 110592 ----a-w c:\windows\system32\services.exe
    2009-02-06 11:08 . 2004-08-04 12:00 2189056 ----a-w c:\windows\system32\ntoskrnl.exe
    2009-02-06 10:39 . 2004-08-04 12:00 35328 ----a-w c:\windows\system32\sc.exe
    2009-02-03 19:59 . 2004-08-04 12:00 56832 ----a-w c:\windows\system32\secur32.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2006-5-29 1527808]

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
    "MIDI1"= SYNCOR11.DLL

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\WINDOWS\\system32\\lxdicoms.exe"=
    "c:\\Program Files\\Lexmark 3500-4500 Series\\lxdiamon.exe"=
    "c:\\Program Files\\Lexmark 3500-4500 Series\\App4R.exe"=
    "c:\\Program Files\\Lexmark 3500-4500 Series\\lxdimon.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdipswx.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxditime.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdijswx.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdiwbgw.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

    R4 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe [2007-06-11 517040]
    R4 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe [2007-06-11 99248]
    R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
    S2 YahooAUService;Yahoo! Updater;c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
    S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v3.sys [2007-04-23 224896]


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f757830-46b8-11dd-a159-001b2fc8240f}]
    \Shell\AutoRun\command - G:\LaunchU3.exe -a
    .
    Contents of the 'Scheduled Tasks' folder

    2009-04-29 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

    2009-04-28 c:\windows\Tasks\Disk Cleanup.job
    - c:\windows\system32\cleanmgr.exe [2004-08-04 00:12]

    2009-04-29 c:\windows\Tasks\WGASetup.job
    - c:\windows\system32\KB905474\wgasetup.exe [2009-04-21 02:18]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    uInternet Connection Wizard,ShellNext = iexplore
    IE: &Search
    FF - ProfilePath - c:\documents and settings\Bob and Ginny\Application Data\Mozilla\Firefox\Profiles\lffxckb6.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
    FF - prefs.js: keyword.URL - hxxp://searchservice.myspace.com/index.cfm?fuseaction=sitesearch.results&type=Web&orig=IMC-FF&qry=
    FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
    FF - plugin: c:\windows\system32\npmirage.dll
    FF - plugin: c:\windows\system32\npwmsdrm.dll

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true.

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-04-29 16:53
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-972595971-1291001087-2164081420-1005\Software\TF6\U*b*e*r*L*i*g*h*t*m*a*p*T*o*o*l*"!\Layout]
    "Height"=dword:000001b9
    "Width"=dword:00000250
    "X"=dword:00000000
    "Y"=dword:00000000

    [HKEY_USERS\S-1-5-21-972595971-1291001087-2164081420-1005\Software\TF6\U*b*e*r*L*i*g*h*t*m*a*p*T*o*o*l*"!\Settings]
    "MapDirectory"="c:\\Documents and Settings\\Bob and Ginny\\My Documents\\Devon\\MODS\\"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(3384)
    c:\program files\iTunes\iTunesMiniPlayer.dll
    c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
    c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
    c:\progra~1\WINDOW~2\wmpband.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Analog Devices\SoundMAX\SMAgent.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Completion time: 2009-04-29 16:57 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-04-29 20:56

    Pre-Run: 2,307,956,736 bytes free
    Post-Run: 2,821,132,288 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    183 --- E O F --- 2009-04-21 22:04




    Here is the HijackThis log:


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:01:58 PM, on 4/29/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16827)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
    O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 3460 bytes


    Thanks, again.
    Who's Burnin' Who Now?


  8. #8
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi again



    Open notepad and copy/paste the text in the quotebox below into it:

    Code:
    Folder::
    c:\program files\utorrent
    
    Registry::
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=-

    Save this as
    CFScript

    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.



    Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
    Then post the resultant log.


    Combofix should never take more that 20 minutes including the reboot if malware is detected.
    If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
    If that happened we want to know, and also what process you had to end.


    Uninstall old Adobe Reader versions and get the latest one here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader!



    Download ATF (Atribune Temp File) Cleanerİ by Atribune to your desktop.

    Double-click ATF Cleaner.exe to open it

    Under Main choose:
    Windows Temp
    Current User Temp
    All Users Temp
    Cookies
    Temporary Internet Files
    Prefetch
    Java Cache

    *The other boxes are optional*
    Then click the Empty Selected button.

    If you use Firefox:
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    If you use Opera:
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    Click Exit on the Main menu to close the program.


    Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.


    Post back its report, a fresh hjt log and above mentioned ComboFix resultant log. How's the system running?
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  9. #9
    Junior Member
    Join Date
    Apr 2009
    Location
    Ohio in the USA
    Posts
    12

    Default

    I am working on all of this as i type, and will post the required material in my next post. I fixed my printer problem myself by deleting the drivers and reinstaling them. The search redirection is also fixed, and after my next post i will install spybot and see if it will finally work. Thanks again for all your help, and you could have just asked me to uninstall utorrent because i feel that i can't trust you since you had to have me do it in a sneaky way. I mean no disrespect by this, and will still run CFScript through ComboFix, but i feel you could have been more straightforward and honest about that. That, however is the only negative feedback that i could give, and I than you for your time and help.
    Who's Burnin' Who Now?


  10. #10
    Junior Member
    Join Date
    Apr 2009
    Location
    Ohio in the USA
    Posts
    12

    Default

    Thanks again Blade81,
    I hope you aren't angry about my previous post, but i see one of the major problems in the world today is that people can't trust one another. For example, if it weren't for the malware that you are fighting yourself, people would be much more trusting of the internet and it's services. I just felt that you could have been straightforward and honest about the removal of utorrent. If people like me can't trust people like you when it comes to computer related problems, then we are seriously in trouble. I just hope that you aren't offended that i said something to you about it. I had planned on removing utorrent anyways, and even though limewire was in the log, i removed it long ago (i wasn't sure if you could tell or not). I would like to thank you one last time for all of your time and help, and for all of the work you do.

    Sincerely, Blktiger0

    Here are the logs:


    ComboFix Log:

    ComboFix 09-04-29.01 - Bob and Ginny 05/01/2009 16:00.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.631.291 [GMT -4:00]
    Running from: c:\documents and settings\Bob and Ginny\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Bob and Ginny\Desktop\CFScript.txt
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\utorrent
    c:\program files\utorrent\uTorrent.exe
    c:\windows\system32\tmp23.tmp
    c:\windows\system32\tmp24.tmp
    c:\windows\system32\tmp25.tmp
    c:\windows\system32\tmp26.tmp

    .
    ((((((((((((((((((((((((( Files Created from 2009-06-01 to 2009-5-1 )))))))))))))))))))))))))))))))
    .

    2009-04-29 22:26 . 2009-04-29 22:26 -------- d-----w c:\program files\Lexmark Toolbar
    2009-04-29 22:24 . 2009-04-29 22:25 -------- d-----w c:\program files\Lexmark 3500-4500 Series
    2009-04-29 22:24 . 2009-04-29 22:24 -------- d-----w C:\lexmark
    2009-04-27 21:35 . 2009-04-27 21:35 -------- d-----w C:\rsit
    2009-04-24 19:40 . 2009-04-24 19:40 -------- d-----w c:\program files\ERUNT
    2009-04-24 19:36 . 2009-04-24 19:36 -------- d-----w c:\program files\Trend Micro
    2009-04-21 22:04 . 2009-04-21 22:04 -------- d-----w c:\windows\system32\KB905474
    2009-04-21 22:04 . 2009-03-11 02:26 1403264 ----a-w c:\windows\system32\KB905474\wganotifypackageinner.exe
    2009-04-21 22:04 . 2009-03-11 02:18 453512 ----a-w c:\windows\system32\KB905474\wgasetup.exe
    2009-04-21 21:15 . 2009-04-25 15:38 -------- d-----w c:\program files\Microsoft Silverlight
    2009-04-18 17:48 . 2009-04-21 23:31 -------- d-----w c:\program files\Spybot - Search & Destroy
    2009-04-15 02:45 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
    2009-04-15 02:45 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
    2009-04-15 02:45 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
    2009-04-15 02:45 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
    2009-04-15 02:45 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
    2009-04-15 02:45 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
    2009-04-15 02:45 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
    2009-04-15 02:45 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
    2009-04-15 02:45 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
    2009-04-15 02:44 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
    2009-04-15 02:44 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
    2009-04-11 21:01 . 2008-10-16 18:06 208744 ----a-w c:\windows\system32\muweb.dll
    2009-04-11 14:47 . 2009-04-21 23:29 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-04-11 14:47 . 2009-04-18 17:41 -------- d-----w c:\program files\Black
    2009-04-01 21:41 . 2009-04-01 21:41 -------- d-----w c:\program files\Microsoft Xbox 360 Accessories

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-05-01 19:55 . 2008-02-27 16:54 -------- d-----w c:\program files\Common Files\Adobe
    2009-04-25 16:00 . 2008-07-07 19:38 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
    2009-04-22 00:03 . 2008-02-27 21:28 -------- d-----w c:\program files\Java
    2009-04-11 12:24 . 2009-04-11 12:24 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
    2009-04-11 12:24 . 2009-04-11 12:24 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
    2009-04-06 19:32 . 2008-12-21 17:41 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2009-04-06 19:32 . 2008-07-07 19:38 15504 ----a-w c:\windows\system32\drivers\mbam.sys
    2009-03-09 09:19 . 2009-01-12 23:31 410984 ----a-w c:\windows\system32\deploytk.dll
    2009-03-06 14:22 . 2004-08-04 12:00 284160 ----a-w c:\windows\system32\pdh.dll
    2009-03-03 00:18 . 2004-08-04 12:00 826368 ----a-w c:\windows\system32\wininet.dll
    2009-02-28 14:07 . 2008-02-22 17:43 65176 ----a-w c:\documents and settings\Bob and Ginny\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-02-20 18:09 . 2004-08-04 12:00 78336 ----a-w c:\windows\system32\ieencode.dll
    2009-02-11 20:51 . 2008-07-04 21:54 34 ----a-w c:\documents and settings\Bob and Ginny\jagex_runescape_preferences.dat
    2009-02-09 12:10 . 2004-08-04 12:00 729088 ----a-w c:\windows\system32\lsasrv.dll
    2009-02-09 12:10 . 2004-08-04 12:00 714752 ----a-w c:\windows\system32\ntdll.dll
    2009-02-09 12:10 . 2004-08-04 12:00 617472 ----a-w c:\windows\system32\advapi32.dll
    2009-02-09 12:10 . 2004-08-04 12:00 401408 ----a-w c:\windows\system32\rpcss.dll
    2009-02-09 11:13 . 2004-08-04 12:00 1846784 ----a-w c:\windows\system32\win32k.sys
    2009-02-07 23:02 . 2004-08-03 22:59 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe
    2009-02-06 11:11 . 2004-08-04 12:00 110592 ----a-w c:\windows\system32\services.exe
    2009-02-06 11:08 . 2004-08-04 12:00 2189056 ----a-w c:\windows\system32\ntoskrnl.exe
    2009-02-06 10:39 . 2004-08-04 12:00 35328 ----a-w c:\windows\system32\sc.exe
    2009-02-03 19:59 . 2004-08-04 12:00 56832 ----a-w c:\windows\system32\secur32.dll
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-04-29_20.53.21 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-03-30 15:38 . 2007-05-17 14:54 53248 c:\windows\system32\lxdiprox.dll
    - 2008-03-30 15:38 . 2007-05-17 14:54 53248 c:\windows\system32\lxdiprox.dll
    + 2008-03-30 15:38 . 2007-03-16 07:37 77906 c:\windows\system32\lxdicfg.dll
    - 2008-03-30 15:38 . 2007-03-16 07:37 77906 c:\windows\system32\lxdicfg.dll
    + 2008-03-30 15:38 . 2007-05-22 07:04 503808 c:\windows\system32\lxdiutil.dll
    - 2008-03-30 15:38 . 2007-05-22 07:04 503808 c:\windows\system32\lxdiutil.dll
    - 2008-03-30 15:38 . 2007-05-17 14:58 942080 c:\windows\system32\lxdiusb1.dll
    + 2008-03-30 15:38 . 2007-05-17 14:58 942080 c:\windows\system32\lxdiusb1.dll
    - 2008-03-30 15:38 . 2007-05-22 07:07 143360 c:\windows\system32\lxdijswr.dll
    + 2008-03-30 15:38 . 2007-05-22 07:07 143360 c:\windows\system32\lxdijswr.dll
    - 2008-03-30 15:38 . 2007-05-17 14:59 294912 c:\windows\system32\lxdiinst.dll
    + 2008-03-30 15:38 . 2007-05-17 14:59 294912 c:\windows\system32\lxdiinst.dll
    + 2008-03-30 15:38 . 2007-05-22 07:07 106496 c:\windows\system32\lxdiinsr.dll
    - 2008-03-30 15:38 . 2007-05-22 07:07 106496 c:\windows\system32\lxdiinsr.dll
    - 2008-03-30 15:38 . 2007-05-17 14:55 356352 c:\windows\system32\lxdiinpa.dll
    + 2008-03-30 15:38 . 2007-05-17 14:55 356352 c:\windows\system32\lxdiinpa.dll
    + 2008-03-30 15:38 . 2007-06-11 14:14 320432 c:\windows\system32\lxdiih.exe
    - 2008-03-30 15:38 . 2007-06-11 14:14 320432 c:\windows\system32\lxdiih.exe
    - 2008-03-30 15:38 . 2007-05-17 15:00 311296 c:\windows\system32\lxdihcp.dll
    + 2008-03-30 15:38 . 2007-05-17 15:00 311296 c:\windows\system32\lxdihcp.dll
    - 2008-03-30 15:38 . 2007-05-17 15:00 671744 c:\windows\system32\lxdihbn3.dll
    + 2008-03-30 15:38 . 2007-05-17 15:00 671744 c:\windows\system32\lxdihbn3.dll
    - 2008-03-30 15:38 . 2007-06-11 14:14 517040 c:\windows\system32\lxdicoms.exe
    + 2008-03-30 15:38 . 2007-06-11 14:14 517040 c:\windows\system32\lxdicoms.exe
    + 2008-03-30 15:38 . 2007-05-17 15:00 360448 c:\windows\system32\lxdicomm.dll
    - 2008-03-30 15:38 . 2007-05-17 15:00 360448 c:\windows\system32\lxdicomm.dll
    - 2008-03-30 15:38 . 2007-05-17 14:58 765952 c:\windows\system32\lxdicomc.dll
    + 2008-03-30 15:38 . 2007-05-17 14:58 765952 c:\windows\system32\lxdicomc.dll
    + 2008-03-30 15:38 . 2007-06-11 14:14 340912 c:\windows\system32\lxdicfg.exe
    - 2008-03-30 15:38 . 2007-06-11 14:14 340912 c:\windows\system32\lxdicfg.exe
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
    "lxdimon.exe"="c:\program files\Lexmark 3500-4500 Series\lxdimon.exe" [2007-07-16 434864]
    "lxdiamon"="c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-07-16 25264]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2006-5-29 1527808]

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
    "MIDI1"= SYNCOR11.DLL

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\lxdicoms.exe"=
    "c:\\Program Files\\Lexmark 3500-4500 Series\\lxdiamon.exe"=
    "c:\\Program Files\\Lexmark 3500-4500 Series\\App4R.exe"=
    "c:\\Program Files\\Lexmark 3500-4500 Series\\lxdimon.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdipswx.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxditime.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdijswx.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdiwbgw.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

    R4 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe [2007-06-11 99248]
    R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
    S2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe [2007-06-11 517040]
    S2 YahooAUService;Yahoo! Updater;c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
    S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v3.sys [2007-04-23 224896]


    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - LXDI_DEVICE

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f757830-46b8-11dd-a159-001b2fc8240f}]
    \Shell\AutoRun\command - G:\LaunchU3.exe -a
    .
    Contents of the 'Scheduled Tasks' folder

    2009-04-29 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

    2009-04-28 c:\windows\Tasks\Disk Cleanup.job
    - c:\windows\system32\cleanmgr.exe [2004-08-04 00:12]

    2009-04-29 c:\windows\Tasks\WGASetup.job
    - c:\windows\system32\KB905474\wgasetup.exe [2009-04-21 02:18]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    uInternet Connection Wizard,ShellNext = iexplore
    IE: &Search
    FF - ProfilePath - c:\documents and settings\Bob and Ginny\Application Data\Mozilla\Firefox\Profiles\lffxckb6.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
    FF - prefs.js: keyword.URL - hxxp://searchservice.myspace.com/index.cfm?fuseaction=sitesearch.results&type=Web&orig=IMC-FF&qry=
    FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
    FF - plugin: c:\windows\system32\npmirage.dll
    FF - plugin: c:\windows\system32\npwmsdrm.dll

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true.

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-05-01 16:02
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-972595971-1291001087-2164081420-1005\Software\TF6\U*b*e*r*L*i*g*h*t*m*a*p*T*o*o*l*"!\Layout]
    "Height"=dword:000001b9
    "Width"=dword:00000250
    "X"=dword:00000000
    "Y"=dword:00000000

    [HKEY_USERS\S-1-5-21-972595971-1291001087-2164081420-1005\Software\TF6\U*b*e*r*L*i*g*h*t*m*a*p*T*o*o*l*"!\Settings]
    "MapDirectory"="c:\\Documents and Settings\\Bob and Ginny\\My Documents\\Devon\\MODS\\"
    .
    Completion time: 2009-05-01 16:04
    ComboFix-quarantined-files.txt 2009-05-01 20:04
    ComboFix2.txt 2009-04-29 20:57

    Pre-Run: 2,633,084,928 bytes free
    Post-Run: 2,628,792,320 bytes free

    198 --- E O F --- 2009-04-21 22:04




    Here is the HijackThis log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:36:48 PM, on 5/1/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16827)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\lxdicoms.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
    C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
    O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
    O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
    O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 4164 bytes
    Who's Burnin' Who Now?


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •