My Windows XP PC has recently been infected with what I believe to be Vundo/Virtumonde virus (in addition to others). I have been able to remove most of the issues with Spybot S&D and Ad-Aware...but the Virtumonde continues to come back. Every once in a while after I think I have cleaned the PC I notice several seconds of DL data transfer when I am not actually DL'ing files. Soon there after I get a few different pop-ups.
1) Windows Update icon appears saying I need to update (I have never usually had this turned on)
2) A yellow Triangle with an exclamation point inside it pops up in the task bar stating my computer could be infected.
3) A pop up entitled "System Integrity Scan Wizard" pops up saying my computer may have critical errors in the Windows registry and file system.
4) A bright red virus notification pop up stating something about a specific file .exe or .dll usually in the SYSTEM directory.
Also, I notice that when using IE, after I do a Yahoo search and click one of the results I usually get re-directed to some website that has nothing to do with my search. If I go back and re-click the search result link 3-4 times then I usually get to the correct result link.
I have just run the ComboFix.exe tool followed by HijackThis (renamed HJT.exe) and I have pasted the logs below.
Regards,
Jeff
ComboFix 08-04-08.7 - jedralla 2008-04-09 23:08:52.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.845 [GMT -7:00]
Running from: C:\Documents and Settings\jedralla\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
Q:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-03-10 to 2008-04-10 )))))))))))))))))))))))))))))))
.
2008-04-09 22:24 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-09 22:22 . 2008-04-09 22:22 <DIR> d-------- C:\Program Files\Common Files\Java
2008-04-09 21:47 . 2008-04-09 21:47 <DIR> d-------- C:\WINDOWS\LastGood
2008-04-09 21:45 . 2008-04-09 21:45 98,304 --a------ C:\WINDOWS\system32\groxslad.exe
2008-04-08 00:02 . 2008-04-08 10:30 499 --a------ C:\WINDOWS\wininit.ini
2008-04-07 23:12 . 2008-04-07 23:12 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-07 21:51 . 2008-04-08 00:36 698 --ahs---- C:\WINDOWS\system32\gbkxvjme.ini
2008-04-07 12:05 . 2008-04-09 21:41 8,405,015 --a------ C:\WINDOWS\TempFile
2008-04-07 10:56 . 2008-04-09 21:46 3,596 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP
2008-04-07 10:52 . 2008-04-07 10:52 2,126 --a------ C:\WINDOWS\system32\wpa.dbl
2008-04-07 04:04 . 2008-04-07 04:04 30,464 --a------ C:\WINDOWS\system32\ntnut32.exe
2008-04-07 04:02 . 2008-04-07 04:02 27,904 --a------ C:\WINDOWS\ntnut.exe
2008-04-07 04:02 . 2008-04-07 04:02 11,008 --a------ C:\WINDOWS\123messenger.per
2008-04-07 03:45 . 2008-04-09 21:45 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-06 23:48 . 2008-04-06 23:48 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-06 23:48 . 2008-04-06 23:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-06 23:47 . 2008-04-07 01:49 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-06 23:47 . 2008-04-07 01:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-06 23:30 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-04-06 23:30 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-04-06 23:30 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-04-06 23:30 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-04-06 23:29 . 2008-04-06 23:29 12,032 --a------ C:\WINDOWS\aviwrap32.dll
2008-04-06 20:40 . 2008-04-06 20:40 <DIR> d-------- C:\Documents and Settings\jefftest\Application Data\Ipswitch
2008-04-06 20:24 . 2008-04-06 20:24 <DIR> d-------- C:\Documents and Settings\jefftest\Application Data\Omnipod
2008-04-06 20:23 . 2007-08-27 14:09 <DIR> d-------- C:\Documents and Settings\jefftest\Application Data\Intel
2008-04-06 20:23 . 2005-11-21 12:21 <DIR> d-------- C:\Documents and Settings\jefftest\{6B009945-0D67-438E-B477-EF5D2EE5EA66}
2008-04-06 20:23 . 2005-11-21 12:24 <DIR> d-------- C:\Documents and Settings\jefftest\{3BC096B0-A083-41F1-A299-441401FFFA2C}
2008-04-06 20:23 . 2005-11-21 12:22 <DIR> d-------- C:\Documents and Settings\jefftest\{0bedbd4e-2d34-47b5-9973-57e62b29307c}
2008-04-06 15:02 . 2008-04-06 15:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\mjszurkz
2008-04-06 15:02 . 2008-04-06 15:02 67,584 --a------ C:\Documents and Settings\All Users\Application Data\pajutolw.dll
2008-03-24 03:25 . 2008-03-24 03:38 <DIR> d-------- C:\ADS2008
2008-03-21 20:02 . 2008-03-21 20:02 <DIR> d-------- C:\WINDOWS\EB38E3885E4F4B8FBB2267F52FF2B4B3.TMP
2008-03-20 19:17 . 2008-03-20 19:29 <DIR> d-------- C:\Documents and Settings\jedralla\Application Data\Download Manager
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-10 06:11 --------- d-----w C:\Documents and Settings\jedralla\Application Data\Skype
2008-04-10 05:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-04-10 05:24 --------- d-----w C:\Program Files\Java
2008-04-10 04:42 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-04-07 06:47 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-06 13:44 --------- d-----w C:\Documents and Settings\jedralla\Application Data\Intuit
2008-03-31 19:57 140 ----a-w C:\WINDOWS\system32\drivers\macxvi.cfg
2008-03-27 01:44 --------- d-----w C:\Program Files\QuickTime
2008-03-25 10:42 120 ----a-w C:\drmHeader.bin
2008-03-24 19:05 --------- d-----w C:\Program Files\Agilent
2008-03-24 18:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-20 19:03 --------- d-----w C:\Program Files\AgilentIE6Settings
2008-03-20 18:57 --------- d-----w C:\Program Files\Novatel Wireless
2008-01-25 03:08 516,173 ----a-w C:\WINDOWS\system32\MSVCP60D.DLL
2008-01-25 03:08 434,252 ----a-w C:\WINDOWS\system32\MSVCRTD.DLL
2008-01-19 04:12 673,610 ------w C:\WINDOWS\unins001.exe
2007-04-06 06:23 1,024 ------w C:\Documents and Settings\All Users\Application Data\imgppt2.dll
2003-06-09 18:29 57,344 ------w C:\Program Files\internet explorer\plugins\atlnudge.dll
2005-10-12 23:04 131,072 ------w C:\Program Files\internet explorer\plugins\LV80ActiveXControl.dll
.
((((((((((((((((((((((((((((( snapshot@2008-04-09_ 2.46.02.56 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-10-21 02:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-21 03:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
- 2000-08-31 14:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
+ 2000-08-31 15:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
- 2000-08-31 14:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe
+ 2000-08-31 15:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe
- 2006-11-09 21:28:20 49,248 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-02-22 08:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2006-11-09 21:28:30 53,346 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-02-22 08:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2006-11-09 23:07:32 127,078 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-02-22 09:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0063C2D9-2D75-4FF4-8701-6B34C925D17D}]
C:\WINDOWS\system32\ljJdBqQG.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06368860-DD7C-4BAB-9ED5-0A2169606D1C}]
C:\WINDOWS\system32\efcCvUkJ.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8334A30C-49E5-489a-B63D-5B927C1EF46E}]
C:\Program Files\QdrDrive\QdrDrive15.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"adcist.exe"="c:\Agilent\adci\adcist.exe" [2003-12-11 14:31 69632]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-01 16:52 68856]
"LogitechSetup"="D:\setup.exe" [ ]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-06-08 15:18 23233576]
"QdrModule15"="C:\Program Files\QdrModule\QdrModule15.exe" [ ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"qkvhhile"="C:\WINDOWS\system32\gbsnwvod.exe" [ ]
"Aim6"="" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 10:11 1388544]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 13:41 860160]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2006-05-19 14:52 86105]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-14 16:02 815104]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-07 22:05 344064]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 11:12 88209 C:\WINDOWS\AGRSMMSG.exe]
"WatchDog"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" [2005-03-09 15:54 184320]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-03 02:05 122939]
"adcius.exe"="c:\Agilent\adci\adcius.exe" [2007-07-05 11:03 49152]
"LAAM"="c:\agilent\bin\runit c:\Agilent\bin\s_user.exe" [ ]
"HostManager"="C:\Program Files\Common Files\AOL\1140899710\ee\AOLSoftware.exe" [2005-11-02 20:01 50792]
"SchedulingAgent_nDG"="C:\Program Files\ManageSoft\Schedule Agent\ndschedag.exe" [2005-10-21 17:40 1110016]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-05-29 16:33 52840]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-06-06 13:25 125632]
"DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2006-11-27 15:18 1582616]
"MBDocker.exe"="C:\WINDOWS\system32\MBDocker.exe" [2005-10-05 14:39 168208]
"AgNotificationCenter"="C:\Program Files\Agilent Technologies\Logic Analyzer\agNotificationCenter.exe" [2007-06-14 09:53 110592]
"AeXAgentLogon"="C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe" [2005-01-18 09:31 143360]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-04-16 11:24 819200]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42 267064]
"WD Button Manager"="WDBtnMgr.exe" [2007-10-22 19:54 339968 C:\WINDOWS\system32\WDBtnMgr.exe]
"KTWCM_H1100"="C:\Program Files\KT WIBRO\SPH-H1100\KTWIBROCM.exe" [ ]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-05-07 10:47 159744]
"FileZilla Server Interface"="C:\Program Files\FileZilla Server\FileZilla Server Interface.exe" [2007-12-25 14:25 937984]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="C:\Program Files\Common Files\logishrd\WUApp32.exe" [2007-05-11 17:24 441120]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BounceBack Launcher.lnk - C:\Program Files\CMS Peripherals\BounceBack Professional\BBLauncher.exe [2007-05-02 10:47:30 98304]
IO Control.lnk - c:\WINDOWS\Installer\{973FF72F-4B14-4A08-BA8C-A4FA5F0EC0F4}\NewShortcut2.53194037_DDF3_483C_97E9_67D689D47D96.exe [2007-12-04 18:48:17 155648]
POD.lnk - C:\Program Files\Omnipod\POD35\omnipod35.exe [2005-06-20 15:04:20 5787648]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
"disablecad"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoMSAppLogo5ChannelNotify"= 1 (0x1)
"NoToolbarCustomize"= 0 (0x0)
"NoBandCustomize"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"qRiasATq1c"= C:\Documents and Settings\All Users\Application Data\mjszurkz\klkzsdct.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Btn_Back"= 0 (0x0)
"Btn_Forward"= 0 (0x0)
"Btn_Stop"= 0 (0x0)
"Btn_Refresh"= 0 (0x0)
"Btn_Home"= 0 (0x0)
"Btn_Search"= 0 (0x0)
"Btn_History"= 0 (0x0)
"Btn_Favorites"= 0 (0x0)
"Btn_Media"= 0 (0x0)
"Btn_Folders"= 0 (0x0)
"Btn_Fullscreen"= 0 (0x0)
"Btn_Tools"= 0 (0x0)
"Btn_MailNews"= 0 (0x0)
"Btn_Size"= 0 (0x0)
"Btn_Print"= 0 (0x0)
"Btn_Edit"= 0 (0x0)
"Btn_Discussions"= 0 (0x0)
"Btn_Cut"= 0 (0x0)
"Btn_Copy"= 0 (0x0)
"Btn_Paste"= 0 (0x0)
"Btn_Encoding"= 0 (0x0)
"Btn_PrintPreview"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{0cab0400-7395-11d0-a5e5-0020afe2fdd9}"= qvphook.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.HFYU"= huffyuv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
"Script"=GPO_add_sdadmin.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\1\0]
"Script"=logonCI.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-198358228-527928863-167192953-277482\Scripts\Logon\0\0]
"Script"=cleanup.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Aim6"=
"HyperSend-1-www.hypersend.com"="C:\Program Files\HyperSend\HyperSend.exe" /host=www.hypersend.com /cid=1
"Microsoft Windows Installer"=C:\Documents and Settings\jedralla\Local Settings\Temp\ie.exe
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1140899710\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1140899710\\ee\\aim6.exe"=
"C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=
"C:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"C:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 Mobridg;Mobility PCI-2-PCI Bridge;C:\WINDOWS\system32\drivers\mobridg.sys [2005-10-05 14:38]
R0 premrt;premrt;C:\WINDOWS\system32\drivers\premrt.sys [2003-08-01 12:41]
R2 AgilentIOLibrariesService;Agilent IO Libraries Service;"c:\Program Files\Agilent\IO Libraries Suite\Agilent.TMFramework.Connectivity.AgilentIOLibrariesService.exe" [2007-09-28 15:32]
R2 agLogicSvc;Agilent Logic Analysis;C:\Program Files\Agilent Technologies\Logic Analyzer\agLogicSvc.exe [2007-06-14 09:55]
R2 cvintdrv;cvintdrv;C:\WINDOWS\system32\drivers\cvintdrv.sys [2004-07-26 10:00]
R2 ndGlobalLauncher;ManageSoft installation agent;"C:\Program Files\ManageSoft\Launcher\ndserv.exe" [2005-10-21 17:38]
R2 ndinit;ManageSoft managed device;"C:\Program Files\ManageSoft\Schedule Agent\ndinit.exe" [2005-10-21 17:40]
R2 portD;CMS PortIO Service;C:\WINDOWS\system32\DRIVERS\portd2k.sys [2004-02-23 09:40]
R2 SentinelKeysServer;Sentinel Keys Server;"C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe" [2007-04-27 02:00]
R3 Eacfilt;Eacfilt Miniport;C:\WINDOWS\system32\DRIVERS\eacfilt.sys [2004-09-30 14:42]
R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2004-05-03 18:26]
R3 IPSECSHM;Nortel IPSECSHM Adapter;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2004-09-30 14:43]
R3 mrtcb;mrtcb;C:\WINDOWS\system32\drivers\mrtcb.sys [2003-09-10 09:59]
R3 NWADI;NWADI Bus Enumerator;C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2007-09-06 15:30]
R3 RimSerPort;RIM Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2005-08-16 13:02]
S2 adWLANusb;Analog Devices WLAN MB - 2;C:\WINDOWS\system32\Drivers\wlanmb.sys [2006-06-19 16:44]
S2 CSW;CSW;C:\System-TestWorkbench\2005A\licenses\bin\Lmgrd.exe []
S2 EZUSB;Cypress EZ-usb 2;C:\WINDOWS\system32\Drivers\ezusb.sys [2005-05-05 13:43]
S2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" []
S3 BeceemNDIS;TarangService;C:\WINDOWS\system32\DRIVERS\BeceemNDIS.sys []
S3 BeceemNdisCardBus;Tarang;C:\WINDOWS\system32\DRIVERS\drxvi315.sys [2007-12-11 16:28]
S3 GCR410P;GEMPLUS GCR410P Serial Smart Card Reader;C:\WINDOWS\system32\DRIVERS\grserial.sys [2004-08-03 22:59]
S3 IPSECEXT;Nortel Extranet Access Protocol;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2004-09-30 14:43]
S3 Ipt1394;Agilent E8491 1394 VXI controller;C:\WINDOWS\system32\DRIVERS\1394Ipt.sys [2007-09-28 14:41]
S3 magaService;Lan Discover Agent;C:\Program Files\Sygate\SSA\maga\maga.exe []
S3 MSHUSBVideo;NX6000 Filter Driver;C:\WINDOWS\system32\Drivers\nx6000.sys [2006-08-23 17:33]
S3 N5101A;Agilent Technologies N5101A Device Driver;C:\WINDOWS\system32\DRIVERS\N5101A.sys [2003-04-03 16:08]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;C:\WINDOWS\system32\DRIVERS\nwusbser2.sys [2007-10-12 16:04]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2007-04-19 11:09]
S3 SamsungSerenum;Samsung ENUMERATER Serenum Filter Driver;C:\WINDOWS\system32\DRIVERS\VSPenum.sys []
S3 SamsungSerial;Samsung_BUS Serial port driver;C:\WINDOWS\system32\DRIVERS\Vsp.sys []
S3 SamsungWiBroNet;Wibro;C:\WINDOWS\system32\DRIVERS\SamsungWiBro.sys []
S3 Usbtmc;ausbtmc;C:\WINDOWS\system32\Drivers\ausbtmc.sys [2007-09-28 14:21]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c765c2fe-19ba-11dc-a006-444553544200}]
\Shell\Auto\command - D:\sal.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sal.xls.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{F68D3BCB-E0D4-4E62-B16C-CAA794081E26}]
wscript //b "C:\Program Files\AgilentIE6Settings\ConfigureIE6.vbs"
.
**************************************************************************
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-09 23:11:45
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-09 23:15:09
ComboFix-quarantined-files.txt 2008-04-10 06:15:05
ComboFix2.txt 2008-04-09 08:46:26
Pre-Run: 6,777,135,104 bytes free
Post-Run: 6,761,160,704 bytes free
.
2008-04-07 20:08:01 --- E O F ---
#################################################
#################################################
#################HiJackThis log below###############
#################################################
#################################################
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:19, on 2008-04-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
C:\Program Files\Agilent Technologies\Logic Analyzer\agLogicSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\WINDOWS\system32\Hummingbird\Connectivity\10.00\Inetd\inetd32.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\ManageSoft\Launcher\ndserv.exe
C:\Program Files\ManageSoft\Schedule Agent\ndinit.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\Program Files\ManageSoft\Schedule Agent\ndtask.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\ManageSoft\Usage Agent\mgsusageag.exe
c:\Program Files\Agilent\IO Libraries Suite\Agilent.TMFramework.Connectivity.AgilentIOLibrariesService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\Program Files\Agilent\IO Libraries Suite\Agilent.TMFramework.Connectivity.NkoServer.exe
c:\Program Files\Agilent\IO Libraries Suite\bin\iproc488.exe
c:\Program Files\Agilent\IO Libraries Suite\bin\iproc82357.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Documents and Settings\All Users\Application Data\mjszurkz\klkzsdct.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\AOL\1140899710\ee\AOLSoftware.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ManageSoft\Schedule Agent\ndtask.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\WINDOWS\system32\MBDocker.exe
C:\Program Files\Agilent Technologies\Logic Analyzer\agNotificationCenter.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Agilent\adci\adcist.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\groxslad.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CMS Peripherals\BounceBack Professional\BBLauncher.exe
C:\Program Files\Agilent\IO Libraries Suite\bin\iprocsvr.exe
c:\Program Files\Agilent\IO Libraries Suite\bin\iproc8491.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://be.agilent.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = web-proxy:8088
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.agilent.com; localhost; 127.0.0.1; ;<local>
O2 - BHO: (no name) - {0063C2D9-2D75-4FF4-8701-6B34C925D17D} - C:\WINDOWS\system32\ljJdBqQG.dll (file missing)
O2 - BHO: (no name) - {06368860-DD7C-4BAB-9ED5-0A2169606D1C} - C:\WINDOWS\system32\efcCvUkJ.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: StFlex IE Helper - {8334A30C-49E5-489a-B63D-5B927C1EF46E} - C:\Program Files\QdrDrive\QdrDrive15.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [adcius.exe] c:\Agilent\adci\adcius.exe
O4 - HKLM\..\Run: [LAAM] c:\agilent\bin\runit c:\Agilent\bin\s_user.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140899710\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SchedulingAgent_nDG] "C:\Program Files\ManageSoft\Schedule Agent\ndschedag.exe" -o RunNDStartup=True -o Startup=True
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [MBDocker.exe] C:\WINDOWS\system32\MBDocker.exe
O4 - HKLM\..\Run: [AgNotificationCenter] "C:\Program Files\Agilent Technologies\Logic Analyzer\agNotificationCenter.exe"
O4 - HKLM\..\Run: [AeXAgentLogon] "C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe" /logon
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [KTWCM_H1100] C:\Program Files\KT WIBRO\SPH-H1100\KTWIBROCM.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program Files\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [pajutolw] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\pajutolw.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3218] command /c del "C:\WINDOWS\system32\efcCvUkJ.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3313] cmd /c del "C:\WINDOWS\system32\efcCvUkJ.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8071] command /c del "C:\WINDOWS\system32\gtnpxeio.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC361] cmd /c del "C:\WINDOWS\system32\gtnpxeio.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3970] command /c del "C:\WINDOWS\system32\pnhplaek.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5957] cmd /c del "C:\WINDOWS\system32\pnhplaek.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5735] command /c del "C:\WINDOWS\system32\qoMffETJ.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC560] cmd /c del "C:\WINDOWS\system32\qoMffETJ.dll_old"
O4 - HKCU\..\Run: [adcist.exe] c:\Agilent\adci\adcist.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LogitechSetup] D:\setup.exe /skip_all_checks /p /start /restart driveronly /l:enu
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [QdrModule15] "C:\Program Files\QdrModule\QdrModule15.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [qkvhhile] C:\WINDOWS\system32\gbsnwvod.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [SpybotDeletingB8023] command /c del "C:\WINDOWS\system32\efcCvUkJ.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6698] cmd /c del "C:\WINDOWS\system32\efcCvUkJ.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB269] command /c del "C:\WINDOWS\system32\gtnpxeio.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3084] cmd /c del "C:\WINDOWS\system32\gtnpxeio.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8400] command /c del "C:\WINDOWS\system32\pnhplaek.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2041] cmd /c del "C:\WINDOWS\system32\pnhplaek.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8811] command /c del "C:\WINDOWS\system32\qoMffETJ.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3398] cmd /c del "C:\WINDOWS\system32\qoMffETJ.dll_old"
O4 - HKLM\..\Policies\Explorer\Run: [qRiasATq1c] C:\Documents and Settings\All Users\Application Data\mjszurkz\klkzsdct.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x0991 -f video -m logitech -d 11.0.0.1217 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x0991 -f video -m logitech -d 11.0.0.1217 (User 'Default user')
O4 - Global Startup: BounceBack Launcher.lnk = ?
O4 - Global Startup: IO Control.lnk = ?
O4 - Global Startup: POD.lnk = C:\Program Files\Omnipod\POD35\omnipod35.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://be.agilent.com
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.aka...vex-2.2.3.5.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {F9DED47C-5B9F-4119-BAAF-E772E1BB551E} (HyperSend Agent) - https://www.hypersen...tup/hsc_win.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = agilent.com
O17 - HKLM\Software\..\Telephony: DomainName = agilent.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = agilent.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = agilent.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = agilent.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Altiris Agent (AeXNSClient) - Altiris, Inc. - C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
O23 - Service: Agilent IO Libraries Service (AgilentIOLibrariesService) - Agilent - c:\Program Files\Agilent\IO Libraries Suite\Agilent.TMFramework.Connectivity.AgilentIOLibrariesService.exe
O23 - Service: Agilent Logic Analysis (agLogicSvc) - Agilent Technologies, Inc. - C:\Program Files\Agilent Technologies\Logic Analyzer\agLogicSvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: CSW - Unknown owner - C:\System-TestWorkbench\2005A\licenses\bin\Lmgrd.exe (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hummingbird InetD (HCLInetd) - Hummingbird Ltd. - C:\WINDOWS\system32\Hummingbird\Connectivity\10.00\Inetd\inetd32.exe
O23 - Service: HP WMI Interface (hpqwmi) - Unknown owner - C:\Program Files\HPQ\SHARED\HPQWMI.exe (file missing)
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Lan Discover Agent (magaService) - Unknown owner - C:\Program Files\Sygate\SSA\maga\maga.exe (file missing)
O23 - Service: MSCamSvc - Unknown owner - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (file missing)
O23 - Service: ManageSoft installation agent (ndGlobalLauncher) - ManageSoft Corp - C:\Program Files\ManageSoft\Launcher\ndserv.exe
O23 - Service: ManageSoft managed device (ndinit) - ManageSoft Corp - C:\Program Files\ManageSoft\Schedule Agent\ndinit.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: OSCM Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\system32\PCTKRNT.SYS
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
--
End of file - 18675 bytes
I also forgot to mention these further items about the virus I initially contracted....
1) It initially locked me out of "task manager". I then ran a script to get back control. I now have access.
2) The Virus somehow managed to delete ALL previous system restore points on my PC. Then it created a new one right about the time the virus was contracted.