Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91844 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Malware -spywareisolator


  • This topic is locked This topic is locked
24 replies to this topic

#1 snifferdogg

snifferdogg

    New Member

  • New Member
  • Pip
  • 13 posts

Posted 09 April 2008 - 06:58 PM

Hi, I have read a previous topic about the same;

I tried downloading some application around 22:45pm - Wed 9th April (cpl of hour ago) and I am now getting the usual popups frozen screen etc..

It has hijacked my browser (see screen dump) and if i click on either; remove popups, scan spyware, spam protection etc.. it pops up the message (see screen dump);
Warning! Serious malicious objects and spyware have been detected on your pc
We highly recommend you to scan the system completely and download the latest version of SpywareIsolator
program.
..etc..etc..

From the attached screen dump you can also see it has added the message bar; Warning: Possible spyware or adware infection! Click here to scan your computer..etc..etc..

I also have another message;
NOTICE: If your computer is infected, you could suffer data loss, erratic PC behavior, PC freezes and crashes.
Detect and remove viruses before they activate themselves on your PC to prevent all these problems.


If i use ctrl, alt delete then task manager does not appear, instead the popup; Task Manager has been disabled by your Administrator


Now, I downloaded (from a previous thread) the "Deckard System Scanner" and have the Extra and Main logs;

Do you wish to see these? OR shall i use another file?
Please advise, as I use this laptop for work! So could you also tell me if this Malware will infect my outlook emails?? (very urgent response is appreciated!)

Thanks in advance

Attached Thumbnails

  • pic1___trojan.JPG

Edited by snifferdogg, 09 April 2008 - 08:35 PM.

    Advertisements

Register to Remove


#2 Trevuren

Trevuren

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,632 posts
  • Interests:Woodworking

Posted 09 April 2008 - 09:16 PM

Hello David and welcome to the What the Tech Forums

My name is Trevuren and I will be helping you with your problem.


Please copy/paste both reports from DSS into your next reply.


Thanks,


Trevuren
Microsoft MVP Consumer Security 2008 - 2009


Proud graduate of TC/WTT Classroom



The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.


Posted Image

#3 snifferdogg

snifferdogg

    New Member

  • New Member
  • Pip
  • 13 posts

Posted 10 April 2008 - 03:45 AM

Hi Trevuren,

Can I use my outlook emails? Or could this cause problems? please advise, as I use this for work and need to use outlook constantly.

Thanks and please find the following reports;


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® M processor 1.60GHz
Percentage of Memory in Use: 63%
Physical Memory (total/avail): 1023.36 MiB / 378.29 MiB
Pagefile Memory (total/avail): 1693.99 MiB / 1089 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1902.19 MiB

C: is Fixed (NTFS) - 37.25 GiB total, 1.39 GiB free.
D: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - FUJITSU MHT2040AH PL - 37.26 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.25 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: Norton Internet Security v15.0.0.60 (Symantec Corporation)
AV: Norton Internet Security v15.0.0.60 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"="C:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"D:\\setup\\HPZnet01.exe"="D:\\setup\\HPZnet01.exe:*:Enabled:hpznet01.exe"
"D:\\setup\\hponicifs01.exe"="D:\\setup\\hponicifs01.exe:*:Enabled:hponicifs01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\WINDOWS\\kdx\\KHost.exe"="C:\\WINDOWS\\kdx\\KHost.exe:*:Enabled:Delivery Manager"
"C:\\Program Files\\KService\\KService.exe"="C:\\Program Files\\KService\\KService.exe:*:Enabled:Delivery Manager Service"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Kontiki\\KService.exe"="C:\\Program Files\\Kontiki\\KService.exe:*:Enabled:Delivery Manager Service"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HPLAPTOP
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d06
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
RNLOG_BASEKEY=Software\RealNetworks\RealPlayer\6.0\Preferences\BrowserRecordPluginLog
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1.HPL\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1.HPL\LOCALS~1\Temp
USERDOMAIN=HPLAPTOP
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator.HPLAPTOP
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Jeremy (admin)
David Rainford (new local, admin)
Administrator.HPLAPTOP (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Agere Systems AC'97 Modem --> agrsmdel
Aimersoft 3GP Video Converter(Build 1.0.20) --> "C:\Program Files\Aimersoft\3GP Video Converter\unins000.exe"
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
Bluetooth by hp --> MsiExec.exe /X{E837279E-4C3F-411A-8E3D-0EFD97F818E3}
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Broadcom 802.11 Driver --> C:\WINDOWS\system32\BCMWLU00.exe verbose /rootkey=Software\Broadcom\802.11\UninstallInfo
Broadcom NetXtreme Ethernet Controller --> MsiExec.exe /X{B7F54262-AB66-44B3-88BF-9FC69941B643}
ccCommon --> MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Component Framework --> MsiExec.exe /I{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}
CoPilot Central --> C:\Program Files\InstallShield Installation Information\{3E3BA36D-A7EA-41FC-B690-2EA5F98F4D57}\setup.exe -runfromtemp -l0x0809
Free 3GP Video Converter version 2.4 --> "C:\Program Files\DVDVideoSoft\Free 3GP Video Converter\unins000.exe"
Free M4a to MP3 Converter 5.9 --> "C:\Program Files\Free M4a to MP3 Converter\unins000.exe"
Freez FLV to MP3 Converter --> "C:\Program Files\Smallvideosoft\Freez FLV to MP3 Converter\unins000.exe"
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Document Viewer 7.0 --> C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Imaging Device Functions 7.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Integrated Wireless LAN W400-W500 Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C3DA2A1-03B2-44BD-B5AA-A44BD6E0C0C1}\setup.exe" -l0x9
HP Photosmart Essential --> MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Photosmart Premier Software 6.5 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Photosmart, Officejet and Deskjet 7.0.A --> C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat
HP Solution Center 7.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{25F6C900-C138-4888-A56C-91D3D063023A}
HPSetupUtility --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\HPQ\HPSetupUtility\Uninst.isu" -c"C:\Program Files\HPQ\HPSetupUtility\uninst32.dll"
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LiveUpdate (Symantec Corporation) --> MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\Documents and Settings\All Users.WINDOWS\Application Data\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation) --> MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Microsoft ActiveSync --> MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISER /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{91120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 7 Premium --> MsiExec.exe /X{A20A58C4-6784-4B4B-86CC-94E2E3671033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Norton AntiVirus --> MsiExec.exe /X{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}
Norton AntiVirus Help --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Confidential Core --> MsiExec.exe /I{55A6283C-638A-4EE0-B491-51118554BDA2}
Norton Internet Security --> MsiExec.exe /I{C1C185CA-C531-49F5-A6FA-B838405A049D}
Norton Internet Security (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_0_0_60\Setup.exe" /X
Norton Protection Center --> MsiExec.exe /I{62120008-8E1E-4807-860D-A8B48F8552DB}
OCR Software by I.R.I.S 7.0 --> C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
Philips ToUcam Pro Camera --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\PROGRA~1\PHILIP~2\Kill840.exe" 840 ToUcamVProperty VProperty
Quick Launch Buttons 5.10 B5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}\Setup.exe" -l0x9 -uninst
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Safari --> MsiExec.exe /I{F0E8F94D-6E68-4B35-92DF-3AA6DC6A6768}
ScanSoft PDF Converter 4 --> MsiExec.exe /I{6C6D024B-BBD8-49B0-B755-D930B3A87868}
Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Office 2007 (KB934062) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for Publisher 2007 (KB936646) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {A32E4BAF-6477-45FA-B8AB-E743FA8D63FF}
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
Security Update for Visio 2007 (KB947590) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Sky Anytime --> MsiExec.exe /X{DD30C2FD-F485-46A8-8153-88EC2650BC79}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SpeedTouch USB Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}\setup.exe" /l0009 -Control_Panel
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Uniblue RegistryBooster 2 --> "C:\Program Files\Uniblue\RegistryBooster 2\unins000.exe"
Update for Office 2007 (KB932080) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB934391) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB934393) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {92FBAD46-E7F6-49FA-89B5-C39FC5BFAD15}
Update for Office 2007 (KB946691) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb949037) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {B4F188C6-6DBF-42A5-A8A3-3086D1A384F2}
Update for Word 2007 (KB934173) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {C6A89125-5473-45E3-B413-ED8186437475}
WebEx PCNow --> C:\WINDOWS\DOWNLO~1\mwcliun.exe
Windows Desktop Search 3.01 --> MsiExec.exe /X {E72019B8-1287-4093-BE9B-1CFA7BA1A8D2}
Windows Desktop Search 3.01 --> MsiExec.exe /X{E72019B8-1287-4093-BE9B-1CFA7BA1A8D2}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Mobile® Device Handbook --> C:\Program Files\Windows Mobile Device Handbook\Windows Mobile Device Handbook\Bin\DHUninstall.exe
WinZip 11.1 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}


-- Application Event Log -------------------------------------------------------

Event Record #/Type29631 / Warning
Event Submitted/Written: 04/10/2008 00:13:50 AM / 04/10/2008 00:13:51 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type29622 / Warning
Event Submitted/Written: 04/09/2008 11:17:03 PM
Event ID/Source: 1008 / Windows Search Service
Event Description:
The Windows Search Service is attempting to remove the old catalog.

Event Record #/Type29616 / Warning
Event Submitted/Written: 04/09/2008 11:13:48 PM
Event ID/Source: 4356 / EventSystem
Event Description:
The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{58FC39EB-9DBD-4EA7-B7B4-9404CC6ACFAB}. CoGetObject returned HRESULT 8000401A.

Event Record #/Type29613 / Warning
Event Submitted/Written: 04/09/2008 11:13:33 PM
Event ID/Source: 1008 / Windows Search Service
Event Description:
The Windows Search Service is attempting to remove the old catalog.

Event Record #/Type29612 / Error
Event Submitted/Written: 04/09/2008 11:13:33 PM
Event ID/Source: 3058 / Windows Search Service
Event Description:
The application cannot be initialized.

Context: Windows Application

Details:
The content index cannot be read. (0xc0041800)



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type85277 / Error
Event Submitted/Written: 04/09/2008 09:00:32 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {C1B389E5-7DF7-417B-837C-876F1355121B} did not register with DCOM within the required timeout.

Event Record #/Type85272 / Error
Event Submitted/Written: 04/09/2008 07:48:38 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {C1B389E5-7DF7-417B-837C-876F1355121B} did not register with DCOM within the required timeout.

Event Record #/Type85271 / Error
Event Submitted/Written: 04/09/2008 07:47:36 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {C1B389E5-7DF7-417B-837C-876F1355121B} did not register with DCOM within the required timeout.

Event Record #/Type85270 / Error
Event Submitted/Written: 04/09/2008 07:47:04 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {C1B389E5-7DF7-417B-837C-876F1355121B} did not register with DCOM within the required timeout.

Event Record #/Type85269 / Error
Event Submitted/Written: 04/09/2008 07:46:33 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {C1B389E5-7DF7-417B-837C-876F1355121B} did not register with DCOM within the required timeout.



-- End of Deckard's System Scanner: finished at 2008-04-10 00:31:48 ------------



Deckard's System Scanner v20071014.68
Run by Administrator on 2008-04-10 00:24:14
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
24: 2008-04-09 23:24:32 UTC - RP327 - Deckard's System Scanner Restore Point
23: 2008-04-09 22:14:59 UTC - RP326 - Last known good configuration
22: 2008-04-09 22:14:44 UTC - RP325 - Restore Operation
21: 2008-04-09 22:14:42 UTC - RP324 - Last known good configuration
20: 2008-04-09 22:14:41 UTC - RP323 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-04-09 22:14:31 UTC - RP304 - Installed iProtectYou


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 1.39 GiB (less than 15%) free.


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-10 00:29:19
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\DOWNLO~1\MyWebEx\319\atnthost.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\searchindexer.exe
C:\WINDOWS\system32\searchprotocolhost.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator.HPLAPTOP\Local Settings\Temporary Internet Files\Content.IE5\FTYSVH6Y\dss[1].exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.co.uk
R3 - Default URLSearchHook is missing
O1 - Hosts: 192.168.1.99 itqserver
O1 - Hosts: 192.168.1.4 HP001B78C7FDE3
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {26B53969-E376-4E1B-AE2B-8B1E6F18A68A} - C:\WINDOWS\system32\xxywXPGA.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DVA Media - {3808C05F-CFB0-4C9B-858D-851CC3EBB3BC} - C:\WINDOWS\temlxopqmlf.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A98D0065-7326-41B5-B8D9-C5B692CDB82F} - C:\WINDOWS\system32\fccbATji.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: vnbptxlf - {49D8D988-6D77-4E24-8A27-914FBCCC782F} - C:\WINDOWS\vnbptxlf.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PDF4 Registry Controller] "C:\Program Files\ScanSoft\PDF Converter 4\\RegistryController.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [kdx] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe
O4 - HKLM\..\Policies\Explorer\Run: [sp2YGbuslK] C:\Documents and Settings\All Users.WINDOWS\Application Data\jqhqjuxk\venalmzs.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.ma...t/ultrashim.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mwpcuk.webex.../ra/ieatgpc.cab
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: fccbATji - C:\WINDOWS\system32\fccbATji.dll
O21 - SSODL: BootUnknown - {51b2f2c5-a956-4e8b-a6fc-ec5938677d9d} - C:\WINDOWS\Resources\BootUnknown.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: AT Host Service (atnthost) - WebEx Communications, Inc. - C:\WINDOWS\DOWNLO~1\MyWebEx\319\atnthost.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CBRContentFilter - Unknown owner - c:\CBR\WebJiniPlus\wrapper.exe -s c:\CBR\WebJiniPlus\conf\contentwrapper.conf
O23 - Service: CBRContentFilterFree - Unknown owner - C:\CBR\webjinifree\wrapper.exe -s C:\CBR\webjinifree\conf\contentwrapper.conf
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


--
End of file - 14609 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 ClntMgmt.sys - c:\windows\system32\drivers\clntmgmt.sys <Not Verified; Hewlett-Packard; Client Management Driver>
R2 BTSERIAL (Bluetooth Serial Driver) - c:\windows\system32\drivers\btserial.sys
R2 BTSLBCSP (Bluetooth Port Client Driver) - c:\windows\system32\drivers\btslbcsp.sys <Not Verified; WIDCOMM, Inc.; Bluetooth Software 1.4.2 Build 19 SP1>

S3 k750bus (Sony Ericsson 750 driver (WDM)) - c:\windows\system32\drivers\k750bus.sys <Not Verified; MCCI; Sony Ericsson 750>
S3 k750mdfl (Sony Ericsson 750 USB WMC Modem Filter) - c:\windows\system32\drivers\k750mdfl.sys <Not Verified; MCCI; Sony Ericsson 750 USB WMC Modem Filter Driver>
S3 k750mdm (Sony Ericsson 750 USB WMC Modem Drivers) - c:\windows\system32\drivers\k750mdm.sys <Not Verified; MCCI; Sony Ericsson 750 USB WMC Modem>
S3 k750mgmt (Sony Ericsson 750 USB WMC Device Management Drivers) - c:\windows\system32\drivers\k750mgmt.sys <Not Verified; MCCI; Sony Ericsson 750 USB WMC Device Management>
S3 k750obex (Sony Ericsson 750 USB WMC OBEX Interface Drivers) - c:\windows\system32\drivers\k750obex.sys <Not Verified; MCCI; Sony Ericsson 750 USB WMC OBEX Interface>
S3 usbsermpt (Motorola USB Modem Driver for MPT) - c:\windows\system32\drivers\usbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>

S2 CBRContentFilter - c:\cbr\webjiniplus\wrapper.exe -s c:\cbr\webjiniplus\conf\contentwrapper.conf (file missing)
S2 CBRContentFilterFree - c:\cbr\webjinifree\wrapper.exe -s c:\cbr\webjinifree\conf\contentwrapper.conf (file missing)
S3 hpqwmi (HP WMI Interface) - c:\program files\hpq\shared\hpqwmi.exe <Not Verified; Hewlett-Packard Development Company, L.P.; hpqwmi Module>
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S3 ServiceLayer - "c:\program files\common files\pcsuite\services\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_8086&DEV_24CD&SUBSYS_0890103C&REV_03\3&61AAA01&0&EF
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_8086&DEV_24CD&SUBSYS_0890103C&REV_03\3&61AAA01&0&EF
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Base System Device
Device ID: PCI\VEN_1217&DEV_7110&SUBSYS_0890103C&REV_00\4&16793A72&0&32F0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1217&DEV_7110&SUBSYS_0890103C&REV_00\4&16793A72&0&32F0
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-04-09 20:36:56 542 --a------ C:\WINDOWS\Tasks\WinZip Job-Itecnique LTD.job
2008-04-09 20:25:47 492 --a------ C:\WINDOWS\Tasks\WinZip Job-Itecnique backup.job
2008-04-07 22:11:06 640 --a------ C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Jeremy.job
2008-04-05 18:41:05 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-03-10 and 2008-04-10 -----------------------------

2008-04-10 00:23:51 0 d-------- \Deckard
2008-04-09 22:23:17 6767 --ahs---- C:\WINDOWS\system32\AGPXwyxx.ini2
2008-04-09 22:23:06 270336 --a------ C:\WINDOWS\system32\xxywXPGA.dll
2008-04-09 22:21:51 4096 --a------ C:\WINDOWS\userconfig9x.dll
2008-04-09 22:21:51 4096 --a------ C:\WINDOWS\system32winlogonpc.exe
2008-04-09 22:21:51 4096 --a------ C:\WINDOWS\system32taack.exe
2008-04-09 22:21:51 4096 --a------ C:\WINDOWS\system32taack.dat
2008-04-09 22:21:51 4096 --a------ C:\WINDOWS\system32sncntr.exe
2008-04-09 22:21:51 4096 --a------ C:\WINDOWS\system32mwin32.exe
2008-04-09 22:21:51 4096 --a------ C:\WINDOWS\system32hxiwlgpm.exe
2008-04-09 22:21:51 4096 --a------ C:\WINDOWS\system32hxiwlgpm.dat
2008-04-09 22:21:51 4096 --a------ C:\WINDOWS\system32hoproxy.dll
2008-04-09 22:21:51 4096 --a------ C:\WINDOWS\FVProtect.exe
2008-04-09 22:21:51 4096 --a------ C:\WINDOWS\a.bat
2008-04-09 22:21:50 0 d-------- C:\Documents and Settings\Jeremy\Desktopvirii
2008-04-09 22:21:49 4096 --a------ C:\WINDOWS\system32psoft1.exe
2008-04-09 22:21:49 4096 --a------ C:\WINDOWS\system32psof1.exe
2008-04-09 22:21:49 4096 --a------ C:\WINDOWS\system32ps1.exe
2008-04-09 22:21:49 4096 --a------ C:\WINDOWS\system32bsva-egihsg52.exe
2008-04-09 22:21:49 4096 --a------ C:\WINDOWS\iTunesMusic.exe
2008-04-09 22:21:48 4096 --a------ C:\WINDOWS\system32msnbho.dll
2008-04-09 22:21:47 4096 --a------ C:\WINDOWS\system32ssurf022.dll
2008-04-09 22:21:47 0 d-------- C:\WINDOWS\system32smp
2008-04-09 22:21:47 4096 --a------ C:\WINDOWS\system32netode.exe
2008-04-09 22:21:47 4096 --a------ C:\WINDOWS\system32mtr2.exe
2008-04-09 22:21:47 4096 --a------ C:\WINDOWS\system32msgp.exe
2008-04-09 22:21:47 4096 --a------ C:\WINDOWS\system32medup020.dll
2008-04-09 22:21:47 4096 --a------ C:\WINDOWS\system32medup012.dll
2008-04-09 22:21:46 4096 --a------ C:\WINDOWS\system32temp#01.exe
2008-04-09 22:21:46 4096 --a------ C:\WINDOWS\system32h@tkeysh@@k.dll
2008-04-09 22:21:46 4096 --a------ C:\WINDOWS\system32dpcproxy.exe
2008-04-09 22:21:46 0 d-------- C:\Program Files\Inet Delivery
2008-04-09 22:21:45 4096 --a------ C:\WINDOWS\system32ssvchost.exe
2008-04-09 22:21:45 4096 --a------ C:\WINDOWS\system32ssvchost.com
2008-04-09 22:21:45 4096 --a------ C:\WINDOWS\system32regm64.dll
2008-04-09 22:21:45 4096 --a------ C:\WINDOWS\system32regc64.dll
2008-04-09 22:21:45 4096 --a------ C:\WINDOWS\system32msvchost.exe
2008-04-09 22:21:45 4096 --a------ C:\Documents and Settings\Jeremy\Desktopfilemanagerclient.exe
2008-04-09 22:21:44 4096 --a------ C:\WINDOWS\system32thun32.dll
2008-04-09 22:21:44 4096 --a------ C:\WINDOWS\system32thun.dll
2008-04-09 22:21:42 4096 --a------ C:\WINDOWS\system32Rundl1.exe
2008-04-09 22:21:42 4096 --a------ C:\WINDOWS\system32newsd32.exe
2008-04-09 22:21:42 4096 --a------ C:\WINDOWS\system32emesx.dll
2008-04-09 22:21:42 4096 --a------ C:\WINDOWS\system32akttzn.exe
2008-04-09 22:21:42 4096 --a------ C:\Documents and Settings\Jeremy\DesktopFWebdEditor.exe
2008-04-09 22:21:42 4096 --a------ C:\Documents and Settings\Jeremy\Desktopfwebd.exe
2008-04-09 22:21:41 4096 --a------ C:\WINDOWS\winsystem.exe
2008-04-09 22:21:41 4096 --a------ C:\WINDOWS\system32WINWGPX.EXE
2008-04-09 22:21:41 4096 --a------ C:\WINDOWS\system32winsystem.exe
2008-04-09 22:21:41 4096 --a------ C:\WINDOWS\system32vcatchpi.dll
2008-04-09 22:21:41 4096 --a------ C:\WINDOWS\system32sysreq.exe
2008-04-09 22:21:41 4096 --a------ C:\WINDOWS\system32mssecu.exe
2008-04-09 22:21:41 4096 --a------ C:\WINDOWS\system32bdn.com
2008-04-09 22:21:41 4096 --a------ C:\WINDOWS\system32awtoolb.dll
2008-04-09 22:21:41 4096 --a------ C:\WINDOWS\system32anticipator.dll
2008-04-09 22:21:41 4096 --a------ C:\WINDOWS\mssecu.exe
2008-04-09 22:21:41 4096 --a------ C:\WINDOWS\bdn.com
2008-04-09 22:21:40 4096 --a------ C:\WINDOWS\system32vbsys2.dll
2008-04-09 22:21:40 0 d-------- C:\WINDOWS\mslagent
2008-04-09 22:21:40 0 d-------- C:\Program Files\akl
2008-04-09 22:21:09 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\jqhqjuxk
2008-04-09 22:21:05 98304 --a------ C:\WINDOWS\system32\xyzqnebk.exe
2008-04-09 22:19:14 212992 --a------ C:\WINDOWS\temlxopqmlf.dll
2008-04-09 22:19:14 81920 --a------ C:\WINDOWS\apoxqwfv.exe
2008-04-09 22:19:13 151552 --a------ C:\WINDOWS\vnbptxlf.dll
2008-04-09 22:19:12 241664 --a------ C:\WINDOWS\qdnkewfa.dll
2008-04-09 22:18:02 36864 --a------ C:\WINDOWS\system32\fccbATji.dll
2008-04-05 19:16:06 0 d-------- C:\Program Files\Safari
2008-03-31 20:02:19 0 d-------- C:\Documents and Settings\Administrator.HPLAPTOP\Application Data\Apple Computer
2008-03-31 17:17:30 0 d-------- C:\Documents and Settings\Administrator.HPLAPTOP\Application Data\Mozilla
2008-03-30 06:19:25 0 d-------- C:\Documents and Settings\Administrator.HPLAPTOP\Application Data\Ahead
2008-03-30 06:18:55 0 d-------- C:\Documents and Settings\Administrator.HPLAPTOP\Application Data\Identities
2008-03-27 04:25:51 0 d-------- C:\Documents and Settings\Administrator.HPLAPTOP\Application Data\Sun
2008-03-17 19:32:28 0 d-------- C:\Documents and Settings\Administrator.HPLAPTOP\Application Data\Real
2008-03-17 17:46:38 45316 --a------ C:\WINDOWS\system32\mssusr.dat
2008-03-17 17:46:38 8 --a------ C:\WINDOWS\system32\msfffff2b7.dll
2008-03-17 17:46:11 11264 --a------ C:\WINDOWS\system32\SPORDER.DLL <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
2008-03-17 17:46:11 221184 --a------ C:\WINDOWS\system32\ipsp.dll <Not Verified; SoftForYou; iProtectYou>
2008-03-15 21:01:57 0 d-------- C:\Program Files\Microsoft Silverlight
2008-03-14 04:25:42 0 d-------- C:\Program Files\CoPilot
2008-03-14 03:50:52 0 d-------- C:\Program Files\Windows Mobile Device Handbook


-- Find3M Report ---------------------------------------------------------------

2008-04-10 00:28:19 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-09 23:12:06 805306368 --ahs---- \pagefile.sys
2008-04-06 21:37:36 0 d-------- C:\Documents and Settings\Administrator.HPLAPTOP\Application Data\Google
2008-04-06 20:44:24 0 d-------- C:\Program Files\Google
2008-04-05 21:31:13 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-04-05 19:13:05 0 d-------- C:\Program Files\iTunes
2008-04-05 19:12:51 0 d-------- C:\Program Files\iPod
2008-04-05 19:04:53 0 d-------- C:\Program Files\QuickTime
2008-03-31 17:44:31 2528 --a------ C:\Documents and Settings\Administrator.HPLAPTOP\Application Data\$_hpcst$.hpc
2008-03-28 16:58:07 0 d---s---- C:\Documents and Settings\Administrator.HPLAPTOP\Application Data\Microsoft
2008-03-28 13:34:12 0 d-------- C:\Program Files\Java
2008-03-17 17:49:40 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-09 01:56:45 0 d-------- C:\Program Files\Philips ToUcam Camera
2008-03-09 01:53:53 0 d-------- C:\Program Files\philips toUcam
2008-02-19 14:26:19 0 d-------- C:\Program Files\Smallvideosoft
2008-02-19 13:50:54 0 d-------- C:\Program Files\Free M4a to MP3 Converter
2008-02-19 12:29:12 0 d-------- C:\Documents and Settings\Administrator.HPLAPTOP\Application Data\Macromedia
2008-02-18 16:16:58 0 d-------- C:\Program Files\Bonjour
2008-02-18 16:13:41 0 d-------- C:\Program Files\Apple Software Update
2008-02-18 16:12:57 0 d-------- C:\Program Files\Common Files
2008-02-18 16:12:57 0 d-------- C:\Program Files\Common Files\Apple
2008-02-15 11:59:15 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-14 11:47:47 0 d-------- C:\Program Files\MSN Messenger
2008-02-13 20:33:13 0 d-------- C:\Program Files\Uniblue
2008-02-13 03:04:12 0 d-------- C:\Program Files\Kontiki
2008-02-13 03:04:00 0 d-------- C:\Program Files\Sky
2008-02-10 13:52:04 1324 --a------ \script.bat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{26B53969-E376-4E1B-AE2B-8B1E6F18A68A}]
09/04/2008 22:23 270336 --a------ C:\WINDOWS\system32\xxywXPGA.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3808C05F-CFB0-4C9B-858D-851CC3EBB3BC}]
09/04/2008 18:49 212992 --a------ C:\WINDOWS\temlxopqmlf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
25/08/2007 04:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
13/02/2008 21:18 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A98D0065-7326-41B5-B8D9-C5B692CDB82F}]
09/04/2008 22:18 36864 --a------ C:\WINDOWS\system32\fccbATji.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [25/08/2007 04:51 316784]

[-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [19/04/2005 10:03 C:\WINDOWS\AGRSMMSG.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [04/11/2004 18:40]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [04/11/2004 18:38]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [03/12/2004 13:24]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [07/06/2005 21:05]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [26/01/2004 11:38]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 23:46]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 05:25]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [30/09/2003 00:14]
"PDF4 Registry Controller"="C:\Program Files\ScanSoft\PDF Converter 4\\RegistryController.exe" [22/08/2006 00:43]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [17/04/2004 12:41]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [13/04/2004 06:07]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [08/05/2007 16:24]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [31/01/2008 14:15]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [25/08/2007 05:53]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [23/04/2007 11:23]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 23:16]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [31/03/2008 17:31]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [28/03/2008 23:37]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/03/2008 10:36]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 00:56]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [30/04/2007 14:35]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [16/05/2007 09:27]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"NeroHomeFirstStart"=C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [19/02/2006 04:21:22]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [10/02/2006 07:56:20]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [05/02/2007 15:40:46]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [06/06/2007 11:10:02]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"sp2YGbuslK"=C:\Documents and Settings\All Users.WINDOWS\Application Data\jqhqjuxk\venalmzs.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [05/02/2007 15:39 294400]
"{A98D0065-7326-41B5-B8D9-C5B692CDB82F}"= C:\WINDOWS\system32\fccbATji.dll [09/04/2008 22:18 36864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"BootUnknown"= {51b2f2c5-a956-4e8b-a6fc-ec5938677d9d} - C:\WINDOWS\Resources\BootUnknown.dll [09/04/2008 22:18 12330]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccbATji]
fccbATji.dll 09/04/2008 22:18 36864 C:\WINDOWS\system32\fccbATji.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\xxywXPGA

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2008-04-10 00:31:48 ------------

Edited by snifferdogg, 10 April 2008 - 06:23 AM.


#4 snifferdogg

snifferdogg

    New Member

  • New Member
  • Pip
  • 13 posts

Posted 10 April 2008 - 05:17 AM

Hi Trevuren, You will probably be aware if this, after you have seen the log - but my desktop keeps dissappearing..everything and browsers (both explorer and firefox) keep crashing. I will be monitoring your replies all day/night, so once you have given me instructions I will do this immediately. Thanks again for your help. Very much appreciated. David

#5 Trevuren

Trevuren

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,632 posts
  • Interests:Woodworking

Posted 10 April 2008 - 10:35 AM

Your system is badly infected as you have probably already guessed. I will try my best to help you clean it up. I would refrain from using it until you get the all Clear. One thing that may hamper our efforts is that you very little free space available on your hard drive to allow our tools to work as they are designed. We will try some work arounds.


A. First we must disable some of your security programs so that they do not interfere with the running of our tools:

NORTON ANTIVIRUS
Please navigate to the system tray on the bottom right hand corner and look for a Posted Image sign.
  • right-click it -> chose "Disable Auto-Protect."
  • select a duration of 5 hours (this assures no interference with the cleanup of your pc)
  • click "Ok."
  • a popup will warn that protection will now be disabled and the sign will now look like this: Posted Image
You succesfully disabled the Norton Antivirus Guard.


B. Please download ComboFix by sUBs from HERE or HERE directly to your Desktop.

Note: If you already have ComboFix on your machine, please DELETE it from your desktop before downloading the newest version.

Go to Posted Image -> Run -> copy/paste the following single line command in the runbox & click OK

"%userprofile%\desktop\combofix.exe" /killall

Posted Image
  • ComboFix will automatically start. Any monitoring programs will be shut down like your antivirus, antispyware programs for example.
  • ComboFix may restart your computer, this is normal.
  • When finished, it will produce a log, ComboFix.txt.
  • Please post ComboFix.txt in your next reply along with a new HijackThis log.


Notes:

1.Do not mouse-click Combofix's window while it is running or use your machine in any manner. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Microsoft MVP Consumer Security 2008 - 2009


Proud graduate of TC/WTT Classroom



The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.


Posted Image

#6 snifferdogg

snifferdogg

    New Member

  • New Member
  • Pip
  • 13 posts

Posted 10 April 2008 - 01:04 PM

Trevuren,

I did the combofix, but my desktop dissappeared - so i had to hold standby. I couldn't even restart my pc! So not sure if I lost the combofix.text doc?
In the folder the only combofix.text doc showed the following information;

ComboFix 08-04-09.9 - Jeremy 2008-04-10 19:22:52.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.517 [GMT 1:00]
Running from: C:\Documents and Settings\Jeremy\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!



I then ran dss.exe again;

Deckard's System Scanner v20071014.68
Run by Jeremy on 2008-04-10 20:13:54
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 3.37 GiB (less than 15%) free.


-- HijackThis (run as Jeremy.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:13, on 2008-04-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Documents and Settings\All Users.WINDOWS\Application Data\jqhqjuxk\venalmzs.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\xyzqnebk.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\HPZinw12.exe
C:\Documents and Settings\Jeremy\Desktop\dss.exe
C:\DOCUME~1\Jeremy\Desktop\Jeremy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.co.uk
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DVA Media - {3808C05F-CFB0-4C9B-858D-851CC3EBB3BC} - C:\WINDOWS\temlxopqmlf.dll
O2 - BHO: (no name) - {3CAB59B4-55A3-4737-9FD5-B93C6430BF75} - C:\WINDOWS\system32\nqcwtfyj.dll
O2 - BHO: (no name) - {4EBB0F4E-F171-4D56-9B72-4D58E1218995} - C:\WINDOWS\system32\xxywXPGA.dll (file missing)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: vnbptxlf - {49D8D988-6D77-4E24-8A27-914FBCCC782F} - C:\WINDOWS\vnbptxlf.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PDF4 Registry Controller] "C:\Program Files\ScanSoft\PDF Converter 4\\RegistryController.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [kdx] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe /NoDialog
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [kvbqofej] C:\WINDOWS\system32\xyzqnebk.exe
O4 - HKLM\..\Policies\Explorer\Run: [sp2YGbuslK] C:\Documents and Settings\All Users.WINDOWS\Application Data\jqhqjuxk\venalmzs.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Search - http://edits.mywebse...arch.jhtml?p=ZK
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with ScanSoft PDF Converter 4.0 - res://C:\Program Files\ScanSoft\PDF Converter 4\cnvres_eng.dll /100
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mwpcuk.webex.../ra/ieatgpc.cab
O21 - SSODL: BootUnknown - {51b2f2c5-a956-4e8b-a6fc-ec5938677d9d} - C:\WINDOWS\Resources\BootUnknown.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AT Host Service (atnthost) - Unknown owner - C:\WINDOWS\DOWNLO~1\MyWebEx\319\atnthost.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CBRContentFilter - Unknown owner - c:\CBR\WebJiniPlus\wrapper.exe (file missing)
O23 - Service: CBRContentFilterFree - Unknown owner - C:\CBR\webjinifree\wrapper.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 14515 bytes

-- Files created between 2008-03-10 and 2008-04-10 -----------------------------

2008-04-10 19:21:09 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-04-10 19:18:28 68096 --a------ C:\WINDOWS\zip.exe
2008-04-10 19:18:28 49152 --a------ C:\WINDOWS\VFind.exe
2008-04-10 19:18:28 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-10 19:18:28 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-10 19:18:28 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-10 19:18:28 98816 --a------ C:\WINDOWS\sed.exe
2008-04-10 19:18:28 80412 --a------ C:\WINDOWS\grep.exe
2008-04-10 19:18:28 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-10 11:18:11 53312 --a------ C:\WINDOWS\system32\nqcwtfyj.dll
2008-04-10 02:34:58 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2008-04-10 02:31:41 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-09 22:21:09 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\jqhqjuxk
2008-04-09 22:21:05 98304 --a------ C:\WINDOWS\system32\xyzqnebk.exe
2008-04-09 22:19:14 212992 --a------ C:\WINDOWS\temlxopqmlf.dll
2008-04-09 22:19:14 81920 --a------ C:\WINDOWS\apoxqwfv.exe
2008-04-09 22:19:13 151552 --a------ C:\WINDOWS\vnbptxlf.dll
2008-04-05 19:16:06 0 d-------- C:\Program Files\Safari
2008-03-31 20:02:19 0 d-------- C:\Documents and Settings\Administrator.HPLAPTOP\Application Data\Apple Computer
2008-03-31 17:17:30 0 d-------- C:\Documents and Settings\Administrator.HPLAPTOP\Application Data\Mozilla
2008-03-30 06:19:25 0 d-------- C:\Documents and Settings\Administrator.HPLAPTOP\Application Data\Ahead
2008-03-30 06:18:55 0 d-------- C:\Documents and Settings\Administrator.HPLAPTOP\Application Data\Identities
2008-03-27 04:25:51 0 d-------- C:\Documents and Settings\Administrator.HPLAPTOP\Application Data\Sun
2008-03-17 19:32:28 0 d-------- C:\Documents and Settings\Administrator.HPLAPTOP\Application Data\Real
2008-03-17 17:46:38 45316 --a------ C:\WINDOWS\system32\mssusr.dat
2008-03-17 17:46:11 11264 --a------ C:\WINDOWS\system32\SPORDER.DLL <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
2008-03-17 17:46:11 221184 --a------ C:\WINDOWS\system32\ipsp.dll <Not Verified; SoftForYou; iProtectYou>
2008-03-15 21:01:57 0 d-------- C:\Program Files\Microsoft Silverlight
2008-03-14 04:25:42 0 d-------- C:\Program Files\CoPilot
2008-03-14 03:50:52 0 d-------- C:\Program Files\Windows Mobile Device Handbook


-- Find3M Report ---------------------------------------------------------------

2008-04-10 20:14:32 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-10 02:35:02 0 d-------- C:\Program Files\Lavasoft
2008-04-10 02:31:41 0 d-------- C:\Program Files\Common Files
2008-04-08 10:37:40 0 d-------- C:\Documents and Settings\Jeremy\Application Data\Google
2008-04-06 20:44:24 0 d-------- C:\Program Files\Google
2008-04-05 21:31:13 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-04-05 21:05:01 0 d-------- C:\Documents and Settings\Jeremy\Application Data\Apple Computer
2008-04-05 19:13:05 0 d-------- C:\Program Files\iTunes
2008-04-05 19:12:51 0 d-------- C:\Program Files\iPod
2008-04-05 19:04:53 0 d-------- C:\Program Files\QuickTime
2008-03-28 13:34:12 0 d-------- C:\Program Files\Java
2008-03-17 17:49:40 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-14 03:53:36 2528 --a------ C:\Documents and Settings\Jeremy\Application Data\$_hpcst$.hpc
2008-03-09 01:56:45 0 d-------- C:\Program Files\Philips ToUcam Camera
2008-03-09 01:53:53 0 d-------- C:\Program Files\philips toUcam
2008-02-19 14:26:19 0 d-------- C:\Program Files\Smallvideosoft
2008-02-19 13:50:54 0 d-------- C:\Program Files\Free M4a to MP3 Converter
2008-02-18 16:16:58 0 d-------- C:\Program Files\Bonjour
2008-02-18 16:13:41 0 d-------- C:\Program Files\Apple Software Update
2008-02-18 16:12:57 0 d-------- C:\Program Files\Common Files\Apple
2008-02-15 11:59:15 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-14 11:47:47 0 d-------- C:\Program Files\MSN Messenger
2008-02-13 20:33:31 0 d-------- C:\Documents and Settings\Jeremy\Application Data\Uniblue
2008-02-13 20:33:13 0 d-------- C:\Program Files\Uniblue
2008-02-13 03:04:12 0 d-------- C:\Program Files\Kontiki
2008-02-13 03:04:00 0 d-------- C:\Program Files\Sky
2008-02-10 13:52:04 1324 --a------ C:\script.bat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3808C05F-CFB0-4C9B-858D-851CC3EBB3BC}]
2008-04-09 18:49 212992 --a------ C:\WINDOWS\temlxopqmlf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3CAB59B4-55A3-4737-9FD5-B93C6430BF75}]
2008-04-10 11:18 53312 --a------ C:\WINDOWS\system32\nqcwtfyj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4EBB0F4E-F171-4D56-9B72-4D58E1218995}]
C:\WINDOWS\system32\xxywXPGA.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-25 04:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-02-13 21:18 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-25 04:51 316784]

[-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-19 10:03 C:\WINDOWS\AGRSMMSG.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 18:40]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 18:38]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 13:24]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-07 21:05]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 00:14]
"PDF4 Registry Controller"="C:\Program Files\ScanSoft\PDF Converter 4\\RegistryController.exe" [2006-08-22 00:43]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 12:41]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 06:07]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-31 14:15]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-25 05:53]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [2007-04-23 11:23]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-31 17:31]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" []
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [2007-04-23 11:23]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 13:39]
"kvbqofej"="C:\WINDOWS\system32\xyzqnebk.exe" [2008-04-09 22:21]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 07:56:20]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-06-06 11:10:02]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"sp2YGbuslK"=C:\Documents and Settings\All Users.WINDOWS\Application Data\jqhqjuxk\venalmzs.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"BootUnknown"= {51b2f2c5-a956-4e8b-a6fc-ec5938677d9d} - C:\WINDOWS\Resources\BootUnknown.dll [2008-04-09 22:18 12330]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\xxywXPGA

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2008-04-10 20:14:49 ------------



Thanks
David

Edited by snifferdogg, 10 April 2008 - 01:18 PM.


#7 snifferdogg

snifferdogg

    New Member

  • New Member
  • Pip
  • 13 posts

Posted 10 April 2008 - 01:20 PM

I can inform you that so far my ctrl, alt, delete now brings up my task manager ;-) and not the disabled message ;-) Would you like me to remove some applications now to free some space? Or shall I wait? David

Edited by snifferdogg, 10 April 2008 - 01:27 PM.


#8 Trevuren

Trevuren

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,632 posts
  • Interests:Woodworking

Posted 10 April 2008 - 03:03 PM

Is there a file in C:\ComboFix ?
Microsoft MVP Consumer Security 2008 - 2009


Proud graduate of TC/WTT Classroom



The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.


Posted Image

#9 snifferdogg

snifferdogg

    New Member

  • New Member
  • Pip
  • 13 posts

Posted 10 April 2008 - 03:19 PM

Loads of files Trevuren; Iv done a screen dump of them all. see attached And attached the combofix.txt file Thanks David

Attached Thumbnails

  • combofix_folder.JPG

Attached Files



#10 Trevuren

Trevuren

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,632 posts
  • Interests:Woodworking

Posted 10 April 2008 - 03:40 PM

What works and what doesn't Try a out all system modules.
Microsoft MVP Consumer Security 2008 - 2009


Proud graduate of TC/WTT Classroom



The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.


Posted Image

    Advertisements

Register to Remove


#11 snifferdogg

snifferdogg

    New Member

  • New Member
  • Pip
  • 13 posts

Posted 10 April 2008 - 04:10 PM

Trevuren, ctrl, alt, delete now brings up my task manager ;-) and not the disabled message ;-) However, all other problems mentioned still exist. Thanks David

#12 Trevuren

Trevuren

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,632 posts
  • Interests:Woodworking

Posted 10 April 2008 - 04:37 PM

I need to know exactly what is working and what is not working. We may have to try and undo all that was done but I will not know until you yell me exactly what all your problems are and what does not work on your system. Please provide me with as much knowledge as possible. Also: 1. Did you disable your antivirus as directed? Important to know 2. Did you do anything at all while CF was running?
Microsoft MVP Consumer Security 2008 - 2009


Proud graduate of TC/WTT Classroom



The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.


Posted Image

#13 snifferdogg

snifferdogg

    New Member

  • New Member
  • Pip
  • 13 posts

Posted 10 April 2008 - 05:02 PM

Trevuren,

I ran the combofix again (after deleting it from desktop) and this time it rebooted my pc and also ran the full log. (this is attached)
Last time my screen (desktop) froze. This time it was ok.

I have then ran the hijackthis.exe again. (below)

Now, i still get the popups from the explorer tool bar buttons (still there) I have again attached this.

David


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:52:28, on 10/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Documents and Settings\All Users.WINDOWS\Application Data\jqhqjuxk\venalmzs.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\xyzqnebk.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Jeremy\Desktop\HijackThis.exe
C:\WINDOWS\system32\HPZinw12.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.co.uk
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DVA Media - {3808C05F-CFB0-4C9B-858D-851CC3EBB3BC} - C:\WINDOWS\temlxopqmlf.dll
O2 - BHO: (no name) - {3CAB59B4-55A3-4737-9FD5-B93C6430BF75} - C:\WINDOWS\system32\nqcwtfyj.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: vnbptxlf - {49D8D988-6D77-4E24-8A27-914FBCCC782F} - C:\WINDOWS\vnbptxlf.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PDF4 Registry Controller] "C:\Program Files\ScanSoft\PDF Converter 4\\RegistryController.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [kdx] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe /NoDialog
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [kvbqofej] C:\WINDOWS\system32\xyzqnebk.exe
O4 - HKLM\..\Policies\Explorer\Run: [sp2YGbuslK] C:\Documents and Settings\All Users.WINDOWS\Application Data\jqhqjuxk\venalmzs.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Search - http://edits.mywebse...arch.jhtml?p=ZK
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with ScanSoft PDF Converter 4.0 - res://C:\Program Files\ScanSoft\PDF Converter 4\cnvres_eng.dll /100
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mwpcuk.webex.../ra/ieatgpc.cab
O21 - SSODL: BootUnknown - {51b2f2c5-a956-4e8b-a6fc-ec5938677d9d} - C:\WINDOWS\Resources\BootUnknown.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AT Host Service (atnthost) - Unknown owner - C:\WINDOWS\DOWNLO~1\MyWebEx\319\atnthost.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CBRContentFilter - Unknown owner - c:\CBR\WebJiniPlus\wrapper.exe (file missing)
O23 - Service: CBRContentFilterFree - Unknown owner - C:\CBR\webjinifree\wrapper.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 14281 bytes


ComboFix 08-04-10.4 - Jeremy 2008-04-10 23:36:27.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.522 [GMT 1:00]
Running from: C:\Documents and Settings\Jeremy\desktop\combofix.exe
Command switches used :: /killall
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\rs.txt
C:\WINDOWS\system32\xxywXPGA.dll
.
---- Previous Run -------
.
C:\Documents and Settings\Jeremy\Desktopblackbird.jpg
C:\Documents and Settings\Jeremy\DesktopEditorFKWP1.5.exe
C:\Documents and Settings\Jeremy\DesktopEditorFKWP2.0.exe
C:\Documents and Settings\Jeremy\Desktopfilemanagerclient.exe
C:\Documents and Settings\Jeremy\Desktopfkwp1.5.exe
C:\Documents and Settings\Jeremy\Desktopfkwp2.0.exe
C:\Documents and Settings\Jeremy\Desktopfwebd.exe
C:\Documents and Settings\Jeremy\DesktopFWebdEditor.exe
C:\Documents and Settings\Jeremy\DesktopTrojan.Win32.BlackBird.exe
C:\Documents and Settings\Jeremy\Desktopvirii
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.exe
C:\Program Files\Inet Delivery
C:\Program Files\Inet Delivery\inetdl.exe
C:\Program Files\Inet Delivery\intdel.exe
C:\WINDOWS\a.bat
C:\WINDOWS\base64.tmp
C:\WINDOWS\bdn.com
C:\WINDOWS\Downloaded Program Files\MyWebEx
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\aasetup.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atagtctl.exe
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atarm.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atas32.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atasanot.exe
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atasctrl.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atasnt40.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\ataudio.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atauthor.exe
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atcarmcl.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atdl2006.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\ateditor.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atinet.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atjpeg60.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atkbctl.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atmemmgr.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atnetext.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atnthost.exe
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atpack.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atpcapnt.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atpdrvnt.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atpng12.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atprint.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atprint.gpd
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atprtses.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atrares.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atrcp.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atrecply.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atres.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atrpui.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atscr.scr
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atstmget.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\attp.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atwbxui5.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atwbxui6.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\cmcrypto.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\h264dec.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\h264enc.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\Install.ini
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\mac.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\mmssl32.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\msess.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\mticket.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\mutiltpd.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\mvc.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\mwpc.ini
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\raagt.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\raagtapp.exe
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\racfg.exe
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\rafilesp.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\ramtmgr.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\rapanel.exe
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\ratrace.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\Ratrace\ratrace.txt
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\raupdate.exe
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\raurl.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\stdnames.gpd
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\trace.txt
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\uilibres.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\unidrv.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\unidrv.hlp
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\unidrvui.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\unires.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\wbxcrypt.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\WbxDLDrv.exe
C:\WINDOWS\Downloaded Program Files\MyWebEx\319\WbxDLMgr.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\atarm.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\atas32.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\atasanot.exe
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\atasctrl.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\atcarmcl.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\atdl2006.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\atinet.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\atjpeg60.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\atkbctl.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\atmemmgr.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\atnetext.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\atpack.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\atpng12.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\atprtses.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\atrares.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\atres.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\attp.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\atwbxui5.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\rafilesp.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\ramtmgr.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\ratrace.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\trace.txt
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\uilibres.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\394\wbxcrypt.dll
C:\WINDOWS\FVProtect.exe
C:\WINDOWS\iTunesMusic.exe
C:\WINDOWS\mslagent
C:\WINDOWS\mslagent\2_mslagent.dll
C:\WINDOWS\mslagent\mslagent.exe
C:\WINDOWS\mslagent\uninstall.exe
C:\WINDOWS\mssecu.exe
C:\WINDOWS\qdnkewfa.dll
C:\WINDOWS\rs.txt
C:\WINDOWS\system32\AGPXwyxx.ini
C:\WINDOWS\system32\AGPXwyxx.ini2
C:\WINDOWS\system32\ajysntbl.dll
C:\WINDOWS\system32\fccbATji.dll
C:\WINDOWS\system32\lbtnsyja.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\msfffff2b7.dll
C:\WINDOWS\system32akttzn.exe
C:\WINDOWS\system32anticipator.dll
C:\WINDOWS\system32awtoolb.dll
C:\WINDOWS\system32bdn.com
C:\WINDOWS\system32bsva-egihsg52.exe
C:\WINDOWS\system32dpcproxy.exe
C:\WINDOWS\system32emesx.dll
C:\WINDOWS\system32h@tkeysh@@k.dll
C:\WINDOWS\system32hoproxy.dll
C:\WINDOWS\system32hxiwlgpm.dat
C:\WINDOWS\system32hxiwlgpm.exe
C:\WINDOWS\system32medup012.dll
C:\WINDOWS\system32medup020.dll
C:\WINDOWS\system32msgp.exe
C:\WINDOWS\system32msnbho.dll
C:\WINDOWS\system32mssecu.exe
C:\WINDOWS\system32msvchost.exe
C:\WINDOWS\system32mtr2.exe
C:\WINDOWS\system32mwin32.exe
C:\WINDOWS\system32netode.exe
C:\WINDOWS\system32newsd32.exe
C:\WINDOWS\system32ps1.exe
C:\WINDOWS\system32psof1.exe
C:\WINDOWS\system32psoft1.exe
C:\WINDOWS\system32regc64.dll
C:\WINDOWS\system32regm64.dll
C:\WINDOWS\system32Rundl1.exe
C:\WINDOWS\system32smp
C:\WINDOWS\system32smp\msrc.exe
C:\WINDOWS\system32sncntr.exe
C:\WINDOWS\system32ssurf022.dll
C:\WINDOWS\system32ssvchost.com
C:\WINDOWS\system32ssvchost.exe
C:\WINDOWS\system32sysreq.exe
C:\WINDOWS\system32taack.dat
C:\WINDOWS\system32taack.exe
C:\WINDOWS\system32temp#01.exe
C:\WINDOWS\system32thun.dll
C:\WINDOWS\system32thun32.dll
C:\WINDOWS\system32VBIEWER.OCX
C:\WINDOWS\system32vbsys2.dll
C:\WINDOWS\system32vcatchpi.dll
C:\WINDOWS\system32winlogonpc.exe
C:\WINDOWS\system32winsystem.exe
C:\WINDOWS\system32WINWGPX.EXE
C:\WINDOWS\userconfig9x.dll
C:\WINDOWS\Web\def.htm
C:\WINDOWS\winsystem.exe
C:\WINDOWS\zip1.tmp
C:\WINDOWS\zip2.tmp
C:\WINDOWS\zip3.tmp
C:\WINDOWS\zipped.tmp

.
((((((((((((((((((((((((( Files Created from 2008-03-10 to 2008-04-10 )))))))))))))))))))))))))))))))
.

2008-04-10 11:18 . 2008-04-10 11:18 53,312 --a------ C:\WINDOWS\system32\nqcwtfyj.dll
2008-04-10 02:34 . 2008-04-10 02:37 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2008-04-10 02:31 . 2008-04-10 02:31 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-10 00:23 . 2008-04-10 00:23 <DIR> d-------- C:\Deckard
2008-04-09 22:21 . 2008-04-09 22:21 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\jqhqjuxk
2008-04-09 22:21 . 2008-04-09 22:21 98,304 --a------ C:\WINDOWS\system32\xyzqnebk.exe
2008-04-09 22:19 . 2008-04-09 18:49 212,992 --a------ C:\WINDOWS\temlxopqmlf.dll
2008-04-09 22:19 . 2008-04-09 18:49 151,552 --a------ C:\WINDOWS\vnbptxlf.dll
2008-04-09 22:19 . 2008-04-09 18:49 81,920 --a------ C:\WINDOWS\apoxqwfv.exe
2008-04-05 19:16 . 2008-04-05 19:16 <DIR> d-------- C:\Program Files\Safari
2008-04-05 19:14 . 2008-04-10 23:45 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-05 19:14 . 2008-04-05 19:14 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-31 20:02 . 2008-03-31 20:02 <DIR> d-------- C:\Documents and Settings\Administrator.HPLAPTOP\Application Data\Apple Computer
2008-03-30 06:19 . 2008-03-30 06:19 <DIR> d-------- C:\Documents and Settings\Administrator.HPLAPTOP\Application Data\Ahead
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-03-17 17:46 . 1999-05-07 01:00 1,009,136 --a------ C:\WINDOWS\system32\MSCHRT20.OCX
2008-03-17 17:46 . 2003-03-02 21:11 221,184 --a------ C:\WINDOWS\system32\ipsp.dll
2008-03-17 17:46 . 2008-03-17 17:49 45,316 --a------ C:\WINDOWS\system32\mssusr.dat
2008-03-17 17:46 . 1997-06-07 02:52 11,264 --a------ C:\WINDOWS\system32\SPORDER.DLL
2008-03-17 17:45 . 2008-03-17 17:45 <DIR> d-------- C:\Documents and Settings\ADMINI~1~HPL\LOCALS~1
2008-03-15 21:01 . 2008-04-10 10:11 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-03-14 04:25 . 2008-03-14 04:25 <DIR> d-------- C:\Program Files\CoPilot
2008-03-14 03:50 . 2008-03-14 03:50 <DIR> d-------- C:\Program Files\Windows Mobile Device Handbook

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-10 22:46 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Kontiki
2008-04-10 19:55 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec
2008-04-10 19:14 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-10 01:35 --------- d-----w C:\Program Files\Lavasoft
2008-04-09 18:09 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2008-04-06 19:44 --------- d-----w C:\Program Files\Google
2008-04-05 20:31 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-04-05 20:05 --------- d-----w C:\Documents and Settings\Jeremy\Application Data\Apple Computer
2008-04-05 18:13 --------- d-----w C:\Program Files\iTunes
2008-04-05 18:12 --------- d-----w C:\Program Files\iPod
2008-04-05 18:04 --------- d-----w C:\Program Files\QuickTime
2008-03-28 12:34 --------- d-----w C:\Program Files\Java
2008-03-17 16:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-09 00:56 --------- d-----w C:\Program Files\Philips ToUcam Camera
2008-03-09 00:53 --------- d-----w C:\Program Files\philips toUcam
2008-03-06 21:32 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-03-06 21:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-03-06 21:32 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2008-02-19 13:26 --------- d-----w C:\Program Files\Smallvideosoft
2008-02-19 12:50 --------- d-----w C:\Program Files\Free M4a to MP3 Converter
2008-02-18 20:12 --------- d-----w C:\Documents and Settings\Default User.WINDOWS\Application Data\Apple Computer
2008-02-18 15:18 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2008-02-18 15:16 --------- d-----w C:\Program Files\Bonjour
2008-02-18 15:13 --------- d-----w C:\Program Files\Apple Software Update
2008-02-18 15:12 --------- d-----w C:\Program Files\Common Files\Apple
2008-02-18 15:12 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
2008-02-15 10:59 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-14 10:47 --------- d-----w C:\Program Files\MSN Messenger
2008-02-13 19:33 --------- d-----w C:\Program Files\Uniblue
2008-02-13 19:33 --------- d-----w C:\Documents and Settings\Jeremy\Application Data\Uniblue
2008-02-13 03:27 --------- d-----w C:\Documents and Settings\David Rainford\Application Data\Symantec
2008-02-13 03:26 --------- d-----w C:\Documents and Settings\David Rainford\Application Data\Windows Desktop Search
2008-02-13 02:04 --------- d-----w C:\Program Files\Sky
2008-02-13 02:04 --------- d-----w C:\Program Files\Kontiki
2008-02-10 12:52 1,324 ----a-w C:\script.bat
2007-05-27 14:09 24,192 ----a-w C:\Documents and Settings\Jeremy\usbsermptxp.sys
2007-05-27 14:09 22,768 ----a-w C:\Documents and Settings\Jeremy\usbsermpt.sys
2006-02-19 02:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2003-03-24 21:36 9,389 ----a-r C:\Documents and Settings\disasm\ia32.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3808C05F-CFB0-4C9B-858D-851CC3EBB3BC}]
2008-04-09 18:49 212992 --a------ C:\WINDOWS\temlxopqmlf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3CAB59B4-55A3-4737-9FD5-B93C6430BF75}]
2008-04-10 11:18 53312 --a------ C:\WINDOWS\system32\nqcwtfyj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-25 04:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-02-13 21:18 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll" [2007-08-25 04:51 316784]
"{49D8D988-6D77-4E24-8A27-914FBCCC782F}"= "C:\WINDOWS\vnbptxlf.dll" [2008-04-09 18:49 151552]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CLASSES_ROOT\clsid\{49d8d988-6d77-4e24-8a27-914fbccc782f}]
[HKEY_CLASSES_ROOT\vnbptxlf.1]
[HKEY_CLASSES_ROOT\TypeLib\{92BB994E-B563-4281-BBC0-29A3D32BE7C0}]
[HKEY_CLASSES_ROOT\vnbptxlf]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-25 04:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [ ]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54 5674352]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [2007-04-23 11:23 1032640]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 13:39 1289000]
"kvbqofej"="C:\WINDOWS\system32\xyzqnebk.exe" [2008-04-09 22:21 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-19 10:03 88209 C:\WINDOWS\AGRSMMSG.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 18:40 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 18:38 688218]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 13:24 290816]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-07 21:05 344064]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38 866816]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 00:14 155648]
"PDF4 Registry Controller"="C:\Program Files\ScanSoft\PDF Converter 4\\RegistryController.exe" [2006-08-22 00:43 40960]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 12:41 196608]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 06:07 69632]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-31 14:15 51048]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-25 05:53 714608]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [2007-04-23 11:23 1032640]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-31 17:31 185896]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:56 15360]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 09:01 437160]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 07:56:20 73728]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46 118784]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-06-06 11:10:02 394856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"sp2YGbuslK"= C:\Documents and Settings\All Users.WINDOWS\Application Data\jqhqjuxk\venalmzs.exe

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"BootUnknown"= {51b2f2c5-a956-4e8b-a6fc-ec5938677d9d} - C:\WINDOWS\Resources\BootUnknown.dll [2008-04-09 22:18 12330]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-05-16 09:27 153136 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Kontiki\\KService.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
S2 atnthost;AT Host Service;"C:\WINDOWS\DOWNLO~1\MyWebEx\319\atnthost.exe" []
S2 CBRContentFilter;CBRContentFilter;c:\CBR\WebJiniPlus\wrapper.exe []
S2 CBRContentFilterFree;CBRContentFilterFree;C:\CBR\webjinifree\wrapper.exe []
S3 camvid20;Philips ToUcam Camera; Video;C:\WINDOWS\system32\DRIVERS\camdrv21.sys []
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 22:32]

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-04-05 17:41:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-07 21:11:06 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Jeremy.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exep/TASK:
"2008-04-10 19:01:43 C:\WINDOWS\Tasks\WinZip Job-Itecnique backup.job"
- C:\Program Files\WinZip\WINZIP32.EXEU/autorunjobfile
"2008-04-10 19:00:06 C:\WINDOWS\Tasks\WinZip Job-Itecnique LTD.job"
- C:\Program Files\WinZip\WINZIP32.EXE`/autorunjobfile
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-10 23:45:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\searchindexer.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\searchprotocolhost.exe
C:\WINDOWS\system32\searchfilterhost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\HPZinw12.exe
.
**************************************************************************
.
Completion time: 2008-04-10 23:50:47 - machine was rebooted [Jeremy]
ComboFix-quarantined-files.txt 2008-04-10 22:50:39
Pre-Run: 3,540,021,248 bytes free
Post-Run: 3,451,817,984 bytes free
.
2008-04-09 18:09:24 --- E O F ---


Edit: Post edited to show CF.txt in reply

Attached Thumbnails

  • pic1___trojan.JPG

Attached Files


Edited by Trevuren, 10 April 2008 - 05:31 PM.


#14 Trevuren

Trevuren

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,632 posts
  • Interests:Woodworking

Posted 10 April 2008 - 05:34 PM

I have edited your post to make the ComboFix.txt easier to read for everyone. Please do not attach any reports/images without being requested to do so. I will now take about 30 minutes +/- to analyze your logs.
Microsoft MVP Consumer Security 2008 - 2009


Proud graduate of TC/WTT Classroom



The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.


Posted Image

#15 snifferdogg

snifferdogg

    New Member

  • New Member
  • Pip
  • 13 posts

Posted 10 April 2008 - 05:36 PM

Sorry posted this before i saw your last message

I also keep getting this and various messages from my task bar - please see attached

Thanks
David

Attached Thumbnails

  • message_from_taskbar.JPG

Edited by snifferdogg, 10 April 2008 - 05:37 PM.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users