[Resolved] Blue Screen -- Warning: Spyware threat has been detect
#16
Posted 29 April 2008 - 03:06 PM
Register to Remove
#17
Posted 29 April 2008 - 06:07 PM
A. First, we must ensure that your security programs are still disabled.
B. 1. Please open Notepad
- Click Start , then Run
- Type notepad .exe in the Run Box.
KillAll:: File:: C:\Documents and Settings\Mikaela Thepvongsa\My Documents\My Downloads\waterfalls2free.exe C:\Documents and Settings\Singha Thepvongsa\My Documents\Downloads\OregonTrail-dm.exe C:\Program Files\Windows Media Player\rteqepranek.html C:\WINDOWS\system32\dktmvnnk.exe C:\WINDOWS\system32\gllnmicj.exe C:\WINDOWS\system32\gyfrbamj.exe C:\WINDOWS\system32\mgpqcmvt.exe C:\WINDOWS\system32\raruvwlh.exe C:\WINDOWS\system32\reqiemqs.exe C:\WINDOWS\system32\sodknaek.exe C:\WINDOWS\system32\xbcvhmmx.exe C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA7P_0001_N91M0809NetInstaller.exe C:\WINDOWS\Downloaded Program Files\vzbb.dll C:\WINDOWS\system32\aycqlayw.exe Folder:: C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFixNote: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Save the above as CFScript.txt
4. Now drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again. Do not use your computer for any other purpose while ComboFix is running.
5. All your monitoring programs (Antivirus/Antispyware, Guards and Shields) will be stopped.
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
6. ComboFix will automatically REBOOT your machine when the KillAll:: switch is used..
7. Post the following logs/Reports:
- ComboFix.txt
- Fresh HijackThis log run after all the other tools have performed their cleanup.
Proud graduate of TC/WTT Classroom
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Join the ClassRoom and learn how.
#18
Posted 29 April 2008 - 09:02 PM
ComboFix 08-04-27.3 - Brandon Thepvongsa 2008-04-29 19:25:17.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.539 [GMT -7:00]
Running from: C:\Documents and Settings\Brandon Thepvongsa\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Brandon Thepvongsa\Desktop\CFScript.txt
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\Documents and Settings\Mikaela Thepvongsa\My Documents\My Downloads\waterfalls2free.exe
C:\Documents and Settings\Singha Thepvongsa\My Documents\Downloads\OregonTrail-dm.exe
C:\Program Files\Windows Media Player\rteqepranek.html
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA7P_0001_N91M0809NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\vzbb.dll
C:\WINDOWS\system32\aycqlayw.exe
C:\WINDOWS\system32\dktmvnnk.exe
C:\WINDOWS\system32\gllnmicj.exe
C:\WINDOWS\system32\gyfrbamj.exe
C:\WINDOWS\system32\mgpqcmvt.exe
C:\WINDOWS\system32\raruvwlh.exe
C:\WINDOWS\system32\reqiemqs.exe
C:\WINDOWS\system32\sodknaek.exe
C:\WINDOWS\system32\xbcvhmmx.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\assosfix.reg
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\cliptext.exe
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\download.exe
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\dummy.sys
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\Enable_Command_Prompt.reg
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\ERDNT.E_E
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\ERDNTDOS.LOC
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\ERDNTWIN.LOC
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\ERUNT.EXE
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\ERUNT.LOC
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\fix.reg
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\FixBH.reg
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\FixComponents.reg
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\FIXCU.reg
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\FIXLM.reg
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\FixPath.exe
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\FixRedir.reg
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\FixSchedule.reg
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\FixWebCheck.reg
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\fixXP.reg
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\FixXPsp2.reg
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\grep.exe
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\HPFix.reg
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\HPFix2.reg
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\HPFix3.reg
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\HPFix4.reg
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\HPFix5.reg
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\HPFix6.reg
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\HPFix7.reg
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\isadmin.exe
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\leg2.txt
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\legacy.txt
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\legacybk.txt
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\locate.com
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\LS.exe
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\MD5File.exe
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\MyGcpvFix.reg
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\MyGkFix2.reg
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\Process.exe
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\procs.exe
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\psservice.exe
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\Rem.txt
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\Rem2.txt
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\Replace\regedit.exe
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\Replace\W2K.exe
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\Replace\w2k\beep.sys
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\Replace\w2k\null.sys
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\Replace\XP.exe
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\Replace\xp\beep.sys
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\Replace\xp\null.sys
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\Reset_AppInit_DLLs.reg
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\RestartIt!.exe
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\Restore_SecurityCenter.reg
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\Restore_SharedAccess.reg
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\sc.exe
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\sed.exe
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\SF.exe
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\shutdown.exe
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\srv2.txt
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\srv2bk.txt
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\svc.txt
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\svcbk.txt
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\swreg.exe
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\swsc.exe
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\unzip.exe
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\vfind.exe
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\WINMSG.EXE
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\winsec.reg
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\zip.exe
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\backups\backupreg.zip
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\backups\backups.zip
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\backups\catchme.log
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\backups\catchme.zip
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\backups\HOSTS
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\catchme.exe
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\dummy.sys
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\Report.txt
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\RunThis.bat
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\SDFIX_ReadMe_Online.url
C:\Documents and Settings\Mikaela Thepvongsa\My Documents\My Downloads\waterfalls2free.exe
C:\Program Files\Windows Media Player\rteqepranek.html
C:\WINDOWS\Downloaded Program Files\vzbb.dll
C:\WINDOWS\system32\dktmvnnk.exe
C:\WINDOWS\system32\mgpqcmvt.exe
C:\WINDOWS\system32\sodknaek.exe
C:\WINDOWS\system32\xbcvhmmx.exe
.
((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-30 )))))))))))))))))))))))))))))))
.
2008-04-28 21:29 . 2008-04-28 21:29 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-28 21:29 . 2008-04-28 21:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-28 21:07 . 2008-04-28 21:07 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-04-28 20:49 . 2008-04-28 20:49 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-04-28 20:49 . 2008-04-28 20:49 <DIR> d-------- C:\Documents and Settings\Brandon Thepvongsa\Application Data\Webroot
2008-04-28 20:49 . 2007-12-04 23:24 145,208 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-04-28 20:49 . 2007-12-04 23:24 21,816 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-04-28 20:49 . 2007-12-04 23:24 20,792 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-04-28 20:49 . 2007-12-04 23:24 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2008-04-28 20:43 . 2008-04-28 20:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-04-28 17:28 . 2008-04-28 17:29 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-28 17:18 . 2008-04-28 17:18 578 --a------ C:\WINDOWS\index.html
2008-04-28 12:02 . 2008-04-28 12:02 <DIR> d-------- C:\Documents and Settings\Brandon Thepvongsa\Application Data\SUPERAntiSpyware.com
2008-04-28 11:08 . 2008-04-28 11:08 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-04-28 11:01 . 2008-04-28 16:19 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-28 11:01 . 2008-04-28 11:01 <DIR> d-------- C:\Documents and Settings\Singha Thepvongsa\Application Data\SUPERAntiSpyware.com
2008-04-28 11:01 . 2008-04-28 11:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-28 11:00 . 2008-04-28 11:00 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-27 22:15 . 2008-04-27 22:18 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\McAfee.com Personal Firewall
2008-04-27 14:09 . 2004-08-04 05:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-04-25 17:08 . 2008-04-25 17:08 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-04-18 16:42 . 2008-04-29 15:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-04-18 10:06 . 2008-04-18 10:06 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Earthlink
2008-04-17 18:44 . 2008-04-17 18:44 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\McAfee.com Personal Firewall
2008-04-17 15:48 . 2007-10-17 13:53 43,816 --a------ C:\WINDOWS\system32\drivers\fssfltr.sys
2008-04-14 18:24 . 2008-04-14 18:24 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-14 12:02 . 2008-04-27 14:08 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-03 10:32 . 2008-04-03 10:32 <DIR> d-------- C:\Program Files\Citrix
2008-03-21 21:15 . 2008-03-21 21:16 <DIR> d-------- C:\Program Files\PHP
2008-03-21 21:09 . 2008-03-21 21:09 <DIR> d-------- C:\Program Files\Apache Software Foundation
2008-03-19 00:19 . 2008-03-19 00:19 <DIR> d-------- C:\Documents and Settings\Brandon Thepvongsa\Application Data\gtk-2.0
2008-03-18 23:23 . 2008-03-18 23:23 1,158 --a------ C:\WINDOWS\mozver.dat
2008-03-17 11:30 . 2008-03-17 11:30 <DIR> d-------- C:\Documents and Settings\Brandon Thepvongsa\Application Data\Inkscape
2008-03-17 11:27 . 2008-03-17 11:30 <DIR> d-------- C:\Program Files\Inkscape
2008-03-10 11:33 . 2008-03-10 11:33 <DIR> d-------- C:\Program Files\Inno Setup 5
2008-03-10 10:45 . 2008-03-10 10:46 <DIR> d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-03-10 10:43 . 2007-02-19 13:00 1,645,320 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-03-06 13:44 . 2008-03-06 13:44 <DIR> d-------- C:\Program Files\Cheat Engine
2008-03-06 13:44 . 2007-12-26 18:30 1,970,176 --a------ C:\WINDOWS\system32\d3dx9.dll
2008-03-06 13:44 . 2007-12-26 18:30 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll
2008-03-04 17:12 . 2008-03-04 17:25 <DIR> d-------- C:\Program Files\Spanish CD
2008-03-04 16:16 . 2008-03-04 16:16 30 --a------ C:\WINDOWS\RESULT.QTW
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-29 19:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-29 19:28 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-29 19:26 --------- d-----w C:\Documents and Settings\Singha Thepvongsa\Application Data\Viewpoint
2008-04-29 19:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-04-29 03:49 --------- d-----w C:\Program Files\EarthLink TotalAccess
2008-04-28 23:58 --------- d-----w C:\Documents and Settings\Singha Thepvongsa\Application Data\DNA
2008-04-27 20:43 --------- d-----w C:\Documents and Settings\Singha Thepvongsa\Application Data\MSN6
2008-04-27 18:28 --------- d-----w C:\Program Files\Axis & Allies
2008-04-26 00:07 --------- d-----w C:\Program Files\Common Files\Real
2008-04-21 04:06 --------- d-----w C:\Documents and Settings\Brandon Thepvongsa\Application Data\MSN6
2008-04-18 23:44 --------- d-----w C:\Program Files\Google
2008-04-18 05:02 --------- d-----w C:\Documents and Settings\Singha Thepvongsa\Application Data\Lexmark Productivity Studio
2008-04-17 22:48 --------- d-----w C:\Program Files\Windows Live
2008-04-17 22:47 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-17 22:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-15 05:16 --------- d-----w C:\Program Files\Jasc Software Inc
2008-04-13 10:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-22 00:29 --------- d-----w C:\Program Files\No-IP
2008-03-18 04:11 --------- d-----w C:\Documents and Settings\Brandon Thepvongsa\Application Data\Intuit
2008-03-11 16:41 --------- d-----w C:\Program Files\Lexmark 3500-4500 Series
2008-03-10 17:52 --------- d-----w C:\Documents and Settings\Brandon Thepvongsa\Application Data\Lexmark Productivity Studio
2008-03-10 17:47 --------- d-----w C:\Program Files\Lexmark Fax Solutions
2008-03-07 05:51 --------- d-----w C:\Program Files\GrassSoft
2008-03-07 05:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grasssoft
2008-03-07 05:49 --------- d-----w C:\Program Files\Flash Website Design
2008-03-07 05:48 --------- d-----w C:\Program Files\Perfect Sound Recorder
2008-03-05 03:00 --------- d-----w C:\Documents and Settings\Brandon Thepvongsa\Application Data\Dev-Cpp
2008-03-03 05:04 --------- d-----w C:\Program Files\Microsoft Money 2006
2008-03-01 00:52 --------- d-----w C:\Program Files\Common Files\Bcgsoft
2008-03-01 00:43 --------- d-----w C:\Program Files\The Game Creators
2008-02-29 23:46 --------- d-----w C:\Documents and Settings\Brandon Thepvongsa\Application Data\CoreFTP
2008-02-29 22:04 --------- d-----w C:\Program Files\CoreFTP
2008-02-29 03:22 --------- d-----w C:\Program Files\Conquer 2.0
2008-02-28 00:48 --------- d-----w C:\Program Files\Microsoft Visual Studio 9.0
2008-02-28 00:48 --------- d-----w C:\Program Files\Microsoft Synchronization Services
2008-02-28 00:48 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-07 19:20 439,296 ----a-w C:\Documents and Settings\Brandon Thepvongsa\GoToAssist_phone__317_en.exe
2007-09-18 22:17 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2007-05-26 22:39 64,280 -c--a-w C:\Documents and Settings\Singha Thepvongsa\Application Data\GDIPFONTCACHEV1.DAT
2006-05-09 03:43 57,312 -c--a-w C:\Documents and Settings\Brandon Thepvongsa\Application Data\GDIPFONTCACHEV1.DAT
2005-10-19 03:32 51,000 -c--a-w C:\Documents and Settings\Nancy Thepvongsa\Application Data\GDIPFONTCACHEV1.DAT
2005-10-06 23:51 389,632 -c--a-w C:\Documents and Settings\Singha Thepvongsa\remote.exe
.
((((((((((((((((((((((((((((( snapshot@2008-04-28_19.43.36.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-07-26 04:20:23 110,080 -c--a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatex.dll
+ 2005-07-26 04:20:24 498,688 -c--a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatq.dll
+ 2004-08-04 12:00:00 110,080 -c----w C:\WINDOWS\$NtUninstallKB902400$\clbcatex.dll
+ 2004-08-04 12:00:00 501,248 -c----w C:\WINDOWS\$NtUninstallKB902400$\clbcatq.dll
- 2008-04-29 02:30:47 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-30 02:30:17 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2004-08-04 12:00:00 10,752 -c--a-w C:\WINDOWS\system32\dllcache\clb.dll
+ 2005-07-26 04:39:43 110,080 -c--a-w C:\WINDOWS\system32\dllcache\clbcatex.dll
+ 2005-07-26 04:39:43 498,688 -c--a-w C:\WINDOWS\system32\dllcache\clbcatq.dll
+ 2005-05-24 19:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 22:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 22:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2007-12-05 06:28:22 10,240 ----a-w C:\WINDOWS\system32\ssiefr.EXE
+ 2007-12-05 06:28:56 232,760 ----a-w C:\WINDOWS\system32\WRLogonNtf.dll
+ 2007-12-05 06:28:54 26,424 ----a-w C:\WINDOWS\system32\wrlzma.dll
+ 2007-12-05 06:28:52 612,152 ----a-w C:\WINDOWS\WRUninstall.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"SpySweeper"="" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24 1694208]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-16 20:52 155648]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"DellTransferAgent"="C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 14:46 135168]
"Aim6"="" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 17:42 1404928]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 18:12 221184]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 14:54 57344]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-06 23:01 110592]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-05 23:05 127035]
"A Verizon App"="C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE" [2005-05-23 13:20 50744]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-04-05 14:41 950272]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 19:29 303104]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 13:05 212992]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2005-03-02 19:19 143360]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2005-03-18 20:28 196608]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-09-13 21:36 50688]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 03:00 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 03:00 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00 455168]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 14:49 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 14:46 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 14:50 114688]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-16 20:52 155648]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2008-01-11 18:54 166304]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 04:42 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"lxdimon.exe"="C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe" [2007-05-07 11:07 435120]
"lxdiamon"="C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-03-05 05:40 20480]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2007-05-07 11:10 312240]
"fssui"="C:\Program Files\Windows Live\Family Safety\fssui.exe" [2007-12-17 11:12 243240]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-25 17:06 185896]
"combofix"="C:\WINDOWS\system32\CF546.exe" [2004-08-04 05:00 388608]
"SpySweeper"="C:\Program Files\EarthLink TotalAccess\Spyware Blocker\SpySweeperUI.exe" [2007-12-04 23:28 5081400]
C:\Documents and Settings\Singha Thepvongsa\Start Menu\Programs\Startup\
OneNote Table Of Contents.onetoc2 [2007-11-14 09:30:45 3656]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-18 16:42:00 124400]
Monitor Apache Servers.lnk - C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2008-01-18 00:38:50 41041]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\clbdriver.sys]
@="driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Singha Thepvongsa^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\Singha Thepvongsa\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Singha Thepvongsa^Start Menu^Programs^Startup^OneNote Table Of Contents.onetoc2]
path=C:\Documents and Settings\Singha Thepvongsa\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2
backup=C:\WINDOWS\pss\OneNote Table Of Contents.onetoc2Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2007-03-15 11:09 460784 C:\Program Files\DellSupport\DSAgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a--c--- 2004-09-13 16:49 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdiamon]
--a------ 2007-03-05 05:40 20480 C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdimon.exe]
--a------ 2007-05-07 11:07 435120 C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
--a------ 2005-04-13 19:51 385024 C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 09:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2005-11-16 20:52 155648 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-04-18 16:42 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-04-25 17:06 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewpointPhotosDeviceConnect]
C:\Program Files\Viewpoint\Viewpoint Toolbar V35\FotomatDeviceConnect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\Lexmark 3500-4500 Series\\lxdimon.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdipswx.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxditime.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdijswx.exe"=
"C:\\Program Files\\Lexmark 3500-4500 Series\\Wireless\\lxdiwpss.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdiwbgw.exe"=
"C:\\Program Files\\Java\\jdk1.6.0_03\\bin\\java.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\WINDOWS\\system32\\lxdicoms.exe"=
"C:\\Program Files\\Lexmark 3500-4500 Series\\lxdiamon.exe"=
"C:\\Program Files\\Lexmark 3500-4500 Series\\App4r.exe"=
"C:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"=
"C:\\Program Files\\Lexmark Fax Solutions\\faxctr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"43594:TCP"= 43594:TCP:PkScape
R2 fssfltr;FssFltr;C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2007-10-17 13:53]
R2 fsssvc;Windows Live OneCare Family Safety;"C:\Program Files\Windows Live\Family Safety\fsssvc.exe" [2007-12-17 11:13]
R2 lxdi_device;lxdi_device;C:\WINDOWS\system32\lxdicoms.exe [2007-04-26 08:38]
R2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe [2007-04-26 08:38]
R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 06:29]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-01-11 18:39]
R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2008-01-11 18:54]
R3 kbdcap;kbdcap;C:\WINDOWS\system32\drivers\kbdcap.sys [2008-02-02 23:36]
S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-04 05:00]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-01-11 18:54]
.
Contents of the 'Scheduled Tasks' folder
"2008-04-29 15:53:55 C:\WINDOWS\Tasks\dfrg.job"
- C:\WINDOWS\system32\dfrg.msc
"2008-04-29 15:53:59 C:\WINDOWS\Tasks\Disk Cleanup.job"
- C:\WINDOWS\system32\cleanmgr.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-29 19:33:21
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdiserv.exe
C:\Program Files\McAfee.com\Agent\Mcdetect.exe
C:\PROGRA~1\McAfee.com\Agent\McTskshd.exe
C:\PROGRA~1\McAfee.com\VSO\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\EarthLink TotalAccess\Spyware Blocker\SpySweeper.exe
C:\WINDOWS\system32\fxssvc.exe
C:\PROGRA~1\McAfee.com\VSO\McShield.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\McAfee.com\VSO\McVSEscn.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\McAfee.com\VSO\mcvsftsn.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2008-04-29 19:43:10 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-30 02:43:03
ComboFix2.txt 2008-04-29 04:27:54
ComboFix3.txt 2008-04-29 02:44:13
Pre-Run: 47,836,418,048 bytes free
Post-Run: 48,077,361,152 bytes free
397 --- E O F --- 2008-04-19 10:08:31
Hijack This Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:03:08 PM, on 4/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdiserv.exe
C:\WINDOWS\system32\lxdicoms.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\EarthLink TotalAccess\Spyware Blocker\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\fxssvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\Program Files\Windows Live\Family Safety\fssui.exe
C:\Program Files\EarthLink TotalAccess\Spyware Blocker\SpySweeperUI.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll (file missing)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\CF546.exe /c C:\ComboFix\Combobatch.bat
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\EarthLink TotalAccess\Spyware Blocker\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.micr...abs/MSDcode.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zon...nt.cab50997.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://by135fd.bay13...es/MsnPUpld.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.h...nosticsxp2k.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zon...ro.cab50997.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B54F3AD8-23D1-4C34-B421-525200FCDA81}: NameServer = 206.124.64.253,206.124.65.253
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\EarthLink TotalAccess\Spyware Blocker\SpySweeper.exe
--
End of file - 12187 bytes
#19
Posted 29 April 2008 - 10:05 PM
B. Launch Notepad, and copy/paste everything in the codebox below into the new document, including the word REGEDIT4. Go up to "File Save As" and click the drop-down box to change the "Save As Type" to "All Files" and save it to your desktop as fixme.reg.
REGEDIT4 [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\clbdriver.sys]
C. Please RUN HijackThis.
- Click the SCAN button to produce a log.
- Place a check mark beside each one of the following items:
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll (file missing)
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll (file missing)
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
- Now with all the items selected, and all windows closed except for HJT, delete them by clicking the FIX checked button. Close the HijackThis window.
D. Locate fixme.reg on your Desktop and double-click on it. You will receive a prompt similar to: "Do you wish to merge the information into the registry?". Answer Yes and wait for a message to appear similar to Merged Successfully.
E. REBOOT BACK INTO NORMAL MODE
F. Finally, RUN Hijackthis again and produce a new HJT log. Post it in the forum so we can check how everything looks now.[/list]
Please also report if there is any improvement in your startup issues.
Proud graduate of TC/WTT Classroom
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Join the ClassRoom and learn how.
#20
Posted 30 April 2008 - 09:52 AM
#21
Posted 30 April 2008 - 10:06 AM
1. Please go to Start -> Run -> type cmd and press Enter.
2. At the command prompt type sfc /scannow, making sure to put a space between the "c" and the slash, and then press Enter. This will run the System File Checker.
3. Follow the prompts, and insert your Windows installation CD if requested.
4. Then please REBOOT your computer.
Proud graduate of TC/WTT Classroom
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Join the ClassRoom and learn how.
#22
Posted 30 April 2008 - 06:41 PM
#23
Posted 30 April 2008 - 06:59 PM
Does the file clb.dll exist on your system and if it does, where is it?
Make sure all files are visible:
To enable the viewing of Hidden files follow these steps:
1. Close all programs so that you are at your desktop.
2. Double-click on the My Computer icon.
3. Select the Tools menu and click Folder Options.
4. After the new window appears select the View tab.
5. Put a checkmark in the checkbox labeled Display the contents of system folders.
6. Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
7. Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
8. Remove the checkmark from the checkbox labeled Hide protected operating system files.
9. Press the Apply button and then the OK button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.
Now use the Windows Search tool and perform a search for clb.dll
Please post the complete path of all instances of that file found on your system, if any exist.
Proud graduate of TC/WTT Classroom
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Join the ClassRoom and learn how.
#24
Posted 30 April 2008 - 09:12 PM
Edited by brandon99337, 30 April 2008 - 09:13 PM.
#25
Posted 30 April 2008 - 09:16 PM
Register to Remove
#27
Posted 30 April 2008 - 09:27 PM
A. Go to Start » Run, and type:
expand C:\i386\clb.dl_ C:\Windows\System32\clb.dll
Click OK
B. Then, go to Start » Run, and type:
regsvr32 clb.dll
Click OK
C. Restart your computer. Post back with the results as in error messages yes/no and which ones if any.
D. If all is well we will, we will proceed with the final cleanup procedures.
Proud graduate of TC/WTT Classroom
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Join the ClassRoom and learn how.
#28
Posted 30 April 2008 - 09:29 PM
Edited by brandon99337, 30 April 2008 - 09:30 PM.
#29
Posted 30 April 2008 - 09:51 PM
Proud graduate of TC/WTT Classroom
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Join the ClassRoom and learn how.
#30
Posted 30 April 2008 - 10:18 PM
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users