Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Iexplorer.exe.....help!


  • This topic is locked This topic is locked
9 replies to this topic

#1 stusto1

stusto1

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 09 September 2007 - 08:23 PM

I have some adware program that I can't remove. IEXPLORER.EXE is in the registry and I can't get rid of it. Thanks in advance for your help. Love the site. Hijack and combofix logs below.....


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:15:19 PM, on 9/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE
C:\Program Files\Lexmark 7100 Series\lxbxmon.exe
C:\Program Files\Lexmark 7100 Series\ezprint.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\WINDOWS\system32\lxbxcoms.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Logitech\QuickCam10\COCIManager.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\RegSweep\RegSweep.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TB&M=MX6426
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: rightonadz.biz browser optimizer - {36A91CEC-6C71-4758-B492-397BFC8E96A2} - C:\WINDOWS\system32\gzmrotate.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Burn4Free Toolbar Helper - {60BF5EE3-0105-4858-AD98-17C19F86B042} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Burn4Free Toolbar - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll
O3 - Toolbar: Snipestation2 - {D79559E8-9991-41C5-AA2B-A96EC766F43F} - C:\Program Files\SnipeStation\Snipebar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE /P30 "EPSON Stylus Photo R320 Series" /O6 "USB001" /M "Stylus Photo R320"
O4 - HKLM\..\Run: [LXBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxbxmon.exe] "C:\Program Files\Lexmark 7100 Series\lxbxmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7100 Series\ezprint.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [bleh flap 01 grid] C:\Documents and Settings\All Users\Application Data\part owns grid style\Mapi heart bias.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [RegSweep] C:\Program Files\RegSweep\RegSweep.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [ISMModule3] "C:\Program Files\ISM\ISMModule3.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/67/install/gtdownls.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mwmus.webex.com/client/v_mywebex-mw...bex/ieatgpc.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: lxbx_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbxcoms.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 12979 bytes












ComboFix 07-09-10.2 - "Owner" 2007-09-09 20:47:54.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.302 [GMT -4:00]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\OWNER~1.STO\APPLIC~1\macromedia\Flash Player\#SharedObjects\UYVZ67BV\www.broadcaster.com
C:\DOCUME~1\OWNER~1.STO\APPLIC~1\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\OWNER~1.STO\APPLIC~1\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
C:\Program Files\ISM
C:\Program Files\ISM\BndDrive3.dll
C:\Program Files\ISM\bndloader.exe
C:\Program Files\ISM\dictionary.gz
C:\Program Files\ISM\ism.exe
C:\Program Files\ISM\ISMModule3.exe
C:\Program Files\ISM\targets.gz
C:\Program Files\ISM\Uninstall.exe
C:\WINDOWS\DOWNLO~1.\MyWebEx
C:\WINDOWS\DOWNLO~1.\MyWebEx\419\atarm.dll
C:\WINDOWS\DOWNLO~1.\MyWebEx\419\atas32.dll
C:\WINDOWS\DOWNLO~1.\MyWebEx\419\atasanot.exe
C:\WINDOWS\DOWNLO~1.\MyWebEx\419\atasctrl.dll
C:\WINDOWS\DOWNLO~1.\MyWebEx\419\atasnt40.dll
C:\WINDOWS\DOWNLO~1.\MyWebEx\419\atcarmcl.dll
C:\WINDOWS\DOWNLO~1.\MyWebEx\419\atdl2006.dll
C:\WINDOWS\DOWNLO~1.\MyWebEx\419\atjpeg60.dll
C:\WINDOWS\DOWNLO~1.\MyWebEx\419\atkbctl.dll
C:\WINDOWS\DOWNLO~1.\MyWebEx\419\atlchat.dll
C:\WINDOWS\DOWNLO~1.\MyWebEx\419\atmemmgr.dll
C:\WINDOWS\DOWNLO~1.\MyWebEx\419\atnetext.dll
C:\WINDOWS\DOWNLO~1.\MyWebEx\419\atpack.dll
C:\WINDOWS\DOWNLO~1.\MyWebEx\419\atres.dll
C:\WINDOWS\DOWNLO~1.\MyWebEx\419\attp.dll
C:\WINDOWS\DOWNLO~1.\MyWebEx\419\atwbxui5.dll
C:\WINDOWS\DOWNLO~1.\MyWebEx\419\ieatgpc.dll
C:\WINDOWS\DOWNLO~1.\MyWebEx\419\mwm.ini
C:\WINDOWS\DOWNLO~1.\MyWebEx\419\mwmcliun.exe
C:\WINDOWS\DOWNLO~1.\MyWebEx\419\mwmproxy.dll
C:\WINDOWS\DOWNLO~1.\MyWebEx\419\mwmres.dll
C:\WINDOWS\DOWNLO~1.\MyWebEx\419\mwmtrace.txt
C:\WINDOWS\DOWNLO~1.\MyWebEx\419\mwmupd.exe
C:\WINDOWS\DOWNLO~1.\MyWebEx\419\ratrace.dll
C:\WINDOWS\DOWNLO~1.\MyWebEx\419\raurl.dll
C:\WINDOWS\DOWNLO~1.\MyWebEx\419\uilibres.dll
C:\WINDOWS\DOWNLO~1.\MyWebEx\419\wbxcrypt.dll
C:\WINDOWS\DOWNLO~1.\MyWebEx\419\webexmgr.dll
C:\WINDOWS\retadpu11.exe
D:\Autorun.inf


((((((((((((((((((((((((( Files Created from 2007-08-10 to 2007-09-10 )))))))))))))))))))))))))))))))
.

2007-09-09 20:47 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-09 19:55 <DIR> d-------- C:\Program Files\Uniblue
2007-09-09 19:49 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-09-09 19:44 <DIR> d-------- C:\Program Files\RegSweep
2007-09-09 19:44 <DIR> d-------- C:\DOCUME~1\OWNER~1.STO\APPLIC~1\RegSweep
2007-09-06 22:26 53,248 --a------ C:\WINDOWS\system32\UNRAR.DLL
2007-09-06 22:26 297,472 --a------ C:\WINDOWS\uninst.exe
2007-09-06 22:26 129,024 --a------ C:\WINDOWS\system32\ZipDll.dll
2007-09-06 22:26 115,712 --a------ C:\WINDOWS\system32\UnzDll.dll
2007-09-06 22:26 <DIR> d-------- C:\Program Files\EasyZip
2007-09-05 20:52 <DIR> d-------- C:\Program Files\Lavasoft
2007-09-05 20:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-09-05 20:35 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-04 19:40 <DIR> d-------- C:\Program Files\JumpStart
2007-09-04 19:40 <DIR> d-------- C:\Program Files\Common Files\Knowledge Adventure
2007-09-04 19:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Knowledge Adventure
2007-08-28 15:59 <DIR> d-------- C:\DOCUME~1\OWNER~1.STO\APPLIC~1\Uniblue
2007-08-20 13:58 75,264 --a------ C:\WINDOWS\system32\ninjaext.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-09 20:53 --------- d-------- C:\Program Files\SP2 Connection Patcher
2007-08-09 08:43 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-08-08 22:52 --------- d-------- C:\Program Files\DVD Shrink
2007-08-07 13:58 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-08-06 18:31 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-06 18:31 --------- d-------- C:\Program Files\Dearborn
2007-08-05 12:09 --------- d-------- C:\Program Files\Lx_cats
2007-08-03 17:32 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Style Trust Pile Heart
2007-08-03 17:25 106 --a------ C:\delete.bat
2007-08-03 16:15 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-03 15:00 --------- d-------- C:\Program Files\Gateway Games
2007-08-03 14:57 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\part owns grid style
2007-08-02 22:23 --------- d-------- C:\Program Files\LimeWire Download Accelerator
2007-08-02 22:22 359808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys
2007-08-02 22:19 --------- d-------- C:\DOCUME~1\OWNER~1.STO\APPLIC~1\LimeWire
2007-07-21 21:41 --------- d-------- C:\Program Files\Full Tilt Poker.Net
2007-07-13 19:44 --------- d-------- C:\Program Files\MTV Networks
2007-07-13 14:25 --------- d-------- C:\Program Files\Burn4Free
2007-07-11 14:37 6272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-07-10 23:14 --------- d-------- C:\Program Files\SnipeStation
2007-07-10 22:34 229727 --a------ C:\WINDOWS\Burn4Free_Toolbar_Uninstaller_265.exe
2007-07-10 22:34 --------- d-------- C:\Program Files\Burn4Free Toolbar
2007-07-10 09:00 --------- d-------- C:\Program Files\Digital Locker Assistant
2007-07-09 22:26 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
2007-06-13 06:23 1033216 --a------ C:\WINDOWS\explorer.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36A91CEC-6C71-4758-B492-397BFC8E96A2}]
2007-07-13 10:46 61440 --a------ C:\WINDOWS\system32\gzmrotate.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 23:56]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-12 20:32]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 11:47]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 11:47]
"Reminder"="%WINDIR%\Creator\Remind_XP.exe" []
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-29 01:05]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" []
"LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 10:46]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 11:34]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-11-24 13:02]
"EPSON Stylus Photo R320 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.exe" [2004-04-26 03:00]
"LXBXCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll" [2004-11-02 17:08]
"lxbxmon.exe"="C:\Program Files\Lexmark 7100 Series\lxbxmon.exe" [2005-01-18 11:43]
"EzPrint"="C:\Program Files\Lexmark 7100 Series\ezprint.exe" [2004-09-17 14:24]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-06-29 23:56]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-08-21 10:05]
"bleh flap 01 grid"="C:\Documents and Settings\All Users\Application Data\part owns grid style\Mapi heart bias.exe" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 15:53]
"RegSweep"="C:\Program Files\RegSweep\RegSweep.exe" [2007-08-13 15:45]
"RegistryMechanic"="" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" []
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-08 18:06]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-21 15:07]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-10-30 11:01]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15:00]
"SP2 Connection Patcher"="C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" [2005-07-11 07:51]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-09-06 15:27]
"ISMModule3"="C:\Program Files\ISM\ISMModule3.exe" []

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
BigFix.lnk - C:\Program Files\BigFix\bigfix.exe [2006-11-24 12:56:30]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-02-20 05:10:26]
KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 14:12:08]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-08 18:06:22]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 16:05:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys
R3 rtl8185;Realtek RTL8185 54M Wireless LAN Network Adapter Driver;C:\WINDOWS\system32\DRIVERS\rtl8185.sys
S3 GPCIEnu1;GPCIEnu1;\??\C:\WINDOWS\system32\GPCIEnum.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-09-10 00:54:24 C:\WINDOWS\Tasks\RegSweep Scheduled Scan.job"
- C:\Program Files\RegSweep\RegSweep.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-09 20:53:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-09 20:57:21 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-09 20:56
.
--- E O F ---

BC AdBot (Login to Remove)

 


#2 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 18 September 2007 - 06:20 PM

Hello stusto1, sorry for the delay. My name is Rorschach and I'll be helping you with your problems.


Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.


#3 stusto1

stusto1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 19 September 2007 - 08:32 PM

Deckard's System Scanner v20070905.67
Run by Owner on 2007-09-19 21:27:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; System Restore is disabled (service is not running).


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:29:16 PM, on 9/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lexmark 7100 Series\lxbxmon.exe
C:\Program Files\Lexmark 7100 Series\ezprint.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\system32\lxbxcoms.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Logitech\QuickCam10\COCIManager.exe
C:\Documents and Settings\Owner.STORY\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TB&M=MX6426
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Burn4Free Toolbar Helper - {60BF5EE3-0105-4858-AD98-17C19F86B042} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Burn4Free Toolbar - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll
O3 - Toolbar: Snipestation2 - {D79559E8-9991-41C5-AA2B-A96EC766F43F} - C:\Program Files\SnipeStation\Snipebar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE /P30 "EPSON Stylus Photo R320 Series" /O6 "USB001" /M "Stylus Photo R320"
O4 - HKLM\..\Run: [LXBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxbxmon.exe] "C:\Program Files\Lexmark 7100 Series\lxbxmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7100 Series\ezprint.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [bleh flap 01 grid] C:\Documents and Settings\All Users\Application Data\part owns grid style\Mapi heart bias.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [ISMModule3] "C:\Program Files\ISM\ISMModule3.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/67/install/gtdownls.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mwmus.webex.com/client/v_mywebex-mw...bex/ieatgpc.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: lxbx_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbxcoms.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 12485 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R3 GoProto (GoProto Protocol Driver) - c:\windows\system32\drivers\goprot51.sys <Not Verified; Gteko Ltd.; Gteko Diagnostics Network Module>

S3 catchme - c:\docume~1\owner~1.sto\locals~1\temp\catchme.sys (file missing)
S3 GPCIEnu1 - c:\windows\system32\gpcienum.sys <Not Verified; Gteko Ltd.; Gteko Diagnostics>
S3 SDDMI2 - c:\windows\system32\ddmi2.sys <Not Verified; Gteko Ltd.; DDMI>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\72056E0B803
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\72056E0B803
Service: NIC1394


-- Scheduled Tasks -------------------------------------------------------------

2007-09-10 09:13:39 386 --a------ C:\WINDOWS\Tasks\RegSweep Scheduled Scan.job


-- Files created between 2007-08-19 and 2007-09-19 -----------------------------

2007-09-09 21:15:07 0 d-------- C:\Program Files\Trend Micro
2007-09-09 20:27:15 0 d-------- C:\WINDOWS\Sun
2007-09-09 20:17:53 0 d-------- C:\Program Files\Common Files\Java
2007-09-09 20:15:14 0 d-------- C:\Documents and Settings\Owner.STORY\Application Data\Sun
2007-09-09 19:49:29 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-09-09 19:44:28 0 d-------- C:\Documents and Settings\Owner.STORY\Application Data\RegSweep
2007-09-09 19:44:23 0 d-------- C:\Program Files\RegSweep
2007-09-06 22:26:14 129024 --a------ C:\WINDOWS\system32\ZipDll.dll <Not Verified; ; BCB/Delphi Zip>
2007-09-06 22:26:14 115712 --a------ C:\WINDOWS\system32\UnzDll.dll <Not Verified; ; BCB/Delphi UnZip>
2007-09-06 22:26:14 53248 --a------ C:\WINDOWS\system32\UNRAR.DLL
2007-09-06 22:26:13 0 d-------- C:\Program Files\EasyZip
2007-09-06 22:26:07 297472 --a------ C:\WINDOWS\uninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>
2007-09-05 20:52:09 0 d-------- C:\Program Files\Lavasoft
2007-09-05 20:52:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-09-05 20:35:42 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-04 19:40:13 0 d-------- C:\Program Files\JumpStart
2007-09-04 19:40:13 0 d-------- C:\Program Files\Common Files\Knowledge Adventure
2007-09-04 19:40:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Knowledge Adventure
2007-08-28 15:59:19 0 d-------- C:\Documents and Settings\Owner.STORY\Application Data\Uniblue
2007-08-21 10:05:18 0 d-------- C:\Documents and Settings\NetworkService\Application Data\AVG7
2007-08-20 13:58:10 75264 --a------ C:\WINDOWS\system32\ninjaext.dll


-- Find3M Report ---------------------------------------------------------------

2007-09-19 15:52:26 273729 --a------ C:\logfile
2007-09-19 15:45:04 0 d-------- C:\Documents and Settings\Owner.STORY\Application Data\AVG7
2007-09-19 15:44:35 0 d-------- C:\Program Files\SP2 Connection Patcher
2007-09-09 20:50:41 0 d-------- C:\Program Files\Common Files
2007-09-09 20:21:53 0 d-------- C:\Program Files\Java
2007-08-08 22:52:29 0 d-------- C:\Program Files\DVD Shrink
2007-08-06 18:31:28 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-08-06 18:31:18 0 d-------- C:\Program Files\Dearborn
2007-08-05 12:09:04 0 d-------- C:\Program Files\Lx_cats
2007-08-03 17:25:39 106 --a------ C:\delete.bat
2007-08-03 15:00:26 0 d-------- C:\Program Files\Gateway Games
2007-08-03 14:57:40 0 d-------- C:\Documents and Settings\Owner.STORY\Application Data\Grisoft
2007-08-02 22:23:49 0 d-------- C:\Program Files\LimeWire Download Accelerator
2007-08-02 22:19:52 0 d-------- C:\Documents and Settings\Owner.STORY\Application Data\LimeWire
2007-07-21 21:41:36 0 d-------- C:\Program Files\Full Tilt Poker.Net
2007-07-10 22:34:18 229727 --a------ C:\WINDOWS\Burn4Free_Toolbar_Uninstaller_265.exe <Not Verified; Burn4Free; Burn4Free CD and DVD>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/05/2005 11:56 PM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [08/12/2007 08:32 PM]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [11/05/2004 11:47 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [11/05/2004 11:47 AM]
"Reminder"="%WINDIR%\Creator\Remind_XP.exe" []
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [04/29/2005 01:05 AM]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" []
"LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [06/26/2006 10:46 AM]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [06/26/2006 11:34 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [11/24/2006 01:02 PM]
"EPSON Stylus Photo R320 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.exe" [04/26/2004 03:00 AM]
"LXBXCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll" [11/02/2004 05:08 PM]
"lxbxmon.exe"="C:\Program Files\Lexmark 7100 Series\lxbxmon.exe" [01/18/2005 11:43 AM]
"EzPrint"="C:\Program Files\Lexmark 7100 Series\ezprint.exe" [09/17/2004 02:24 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [06/29/2007 11:56 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [09/14/2007 09:32 AM]
"bleh flap 01 grid"="C:\Documents and Settings\All Users\Application Data\part owns grid style\Mapi heart bias.exe" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 05:25 AM]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [08/08/2007 03:53 PM]
"RegistryMechanic"="" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" []
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [03/08/2007 06:06 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [05/21/2007 03:07 PM]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [10/30/2006 11:01 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 03:00 PM]
"SP2 Connection Patcher"="C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" [07/11/2005 07:51 AM]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []
"ISMModule3"="C:\Program Files\ISM\ISMModule3.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - C:\Program Files\BigFix\bigfix.exe [11/24/2006 12:56:30 PM]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2/20/2007 5:10:26 AM]
KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2/13/2004 2:12:08 PM]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [3/8/2007 6:06:22 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 4:05:56 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"




-- End of Deckard's System Scanner: finished at 2007-09-19 21:30:24 ------------

#4 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 21 September 2007 - 08:18 AM

Hello

We need to disable the AVG Anti-Spyware guard :

1. Open AVG Anti-Spyware by double-clicking the multi-colored box emblazoned with an 'S' in the system tray.
2. In the 'Resident Shield' section, toggle the AVG Anti-Spyware active protection 'off' by clicking 'Change state' which will then change the protection status to 'inactive'.
3. If you are instructed to reboot at any time during your cleanup, AVG Anti-Spyware will prompt you as to whether you would like to "Restart the Resident Shield".
4. Reply 'no' and set it to 'inactive' for the duration of your cleanup.



Please disable Ad-Watch, as it may hinder the removal of some HijackThis entries. You can re-enable it after your computer is clean.

To disable Ad-Watch:

1. Right click on the Ad-Watch icon in the system tray and select "Restore Ad-Watch".
2. At the bottom of the screen there will be two checkable items called "Active" and "Automatic".Active: Switches Monitoring On or Off without closing
Automatic: Switches Automatic Blocking On or Off
3. Uncheck (red X) both items.



Please go to Start > Control Panel > Add or Remove Programs > Remove ISM


Please uninstall any of the following program(s) using Add/Remove Programs if they are present. To do this, go to Start > Settings > Control Panel and double-click on Add/Remove Programs. From within Add/Remove Programs highlight each one and select Remove.
Netpumper
BitRoll
CiD Help
CiD Manager
Download Plugin for Internet Explorer
Zone Media


Be sure to reboot when done.

Please download NoLop and save it to your desktop.
alternate download link 1
alternate download link 2
  • First close any other programs you have running as this will require a reboot.
  • Double click NoLop.exe to run it.
  • Now click the button labeled "Search and Destroy"
    <>
  • When scanning is finished you will be prompted to reboot only if infected. Click OK.
  • Now click the "REBOOT" button.
  • A Message should popup from NoLop. If not, double click the program again and it will finish.
  • Please post the contents of C:\NoLop.log along with a fresh HijackThis log in your next reply.
--If you receive an error: "mscomctl.ocx or one of its dependencies are not correctly registered", please download mscomctl.ocx to your system32 folder then rerun NoLop..



1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [bleh flap 01 grid] C:\Documents and Settings\All Users\Application Data\part owns grid style\Mapi heart bias.exe
O4 - HKCU\..\Run: [ISMModule3] "C:\Program Files\ISM\ISMModule3.exe"


2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



Please download OTMoveIt by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\system32\ninjaext.dll
    C:\Program Files\ISM
    C:\Documents and Settings\All Users\Application Data\part owns grid style


  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please "Copy" the results from the "Results" window (to the right) and then "Paste" them into your next reply on the forum.

Note : If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
C:\_OTMoveIt\MovedFiles\********_******.log
(where "********_******" is the "date_time")

Click "Exit" to close OTMoveIt.



So post back with a new DSS log, the NoLop text, the OTMoveIt results, and tell me how your PC is running now and if you had any problems.

Edited by Rorschach, 21 September 2007 - 08:19 AM.


#5 stusto1

stusto1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 21 September 2007 - 07:19 PM

Things seem to be running better now! Rorschach, Thanks so much! You guys are the best. Here are the requested logs...........
BTW, Should IEXPLORER.EXE still be running in my Processes? It's still in there? Should I worry about this? Thanks again!




C:\WINDOWS\system32\ninjaext.dll NOT unregistered.
C:\WINDOWS\system32\ninjaext.dll moved successfully.
File/Folder C:\Program Files\ISM not found.
C:\Documents and Settings\All Users\Application Data\part owns grid style moved successfully.

Created on 09/21/2007 20:09:55



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:13:13 PM, on 9/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE
C:\Program Files\Lexmark 7100 Series\lxbxmon.exe
C:\Program Files\Lexmark 7100 Series\ezprint.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\lxbxcoms.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Logitech\QuickCam10\COCIManager.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TB&M=MX6426
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Burn4Free Toolbar Helper - {60BF5EE3-0105-4858-AD98-17C19F86B042} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Burn4Free Toolbar - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll
O3 - Toolbar: Snipestation2 - {D79559E8-9991-41C5-AA2B-A96EC766F43F} - C:\Program Files\SnipeStation\Snipebar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE /P30 "EPSON Stylus Photo R320 Series" /O6 "USB001" /M "Stylus Photo R320"
O4 - HKLM\..\Run: [LXBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxbxmon.exe] "C:\Program Files\Lexmark 7100 Series\lxbxmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7100 Series\ezprint.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/67/install/gtdownls.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mwmus.webex.com/client/v_mywebex-mw...bex/ieatgpc.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: lxbx_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbxcoms.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 12273 bytes












Deckard's System Scanner v20070905.67
Run by Owner on 2007-09-21 20:14:18
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:14:19 PM, on 9/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE
C:\Program Files\Lexmark 7100 Series\lxbxmon.exe
C:\Program Files\Lexmark 7100 Series\ezprint.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\lxbxcoms.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Logitech\QuickCam10\COCIManager.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner.STORY\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TB&M=MX6426
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Burn4Free Toolbar Helper - {60BF5EE3-0105-4858-AD98-17C19F86B042} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Burn4Free Toolbar - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll
O3 - Toolbar: Snipestation2 - {D79559E8-9991-41C5-AA2B-A96EC766F43F} - C:\Program Files\SnipeStation\Snipebar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE /P30 "EPSON Stylus Photo R320 Series" /O6 "USB001" /M "Stylus Photo R320"
O4 - HKLM\..\Run: [LXBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxbxmon.exe] "C:\Program Files\Lexmark 7100 Series\lxbxmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7100 Series\ezprint.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/67/install/gtdownls.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mwmus.webex.com/client/v_mywebex-mw...bex/ieatgpc.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: lxbx_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbxcoms.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 12313 bytes

-- Files created between 2007-08-21 and 2007-09-21 -----------------------------

2007-09-09 21:15:07 0 d-------- C:\Program Files\Trend Micro
2007-09-09 20:27:15 0 d-------- C:\WINDOWS\Sun
2007-09-09 20:17:53 0 d-------- C:\Program Files\Common Files\Java
2007-09-09 20:15:14 0 d-------- C:\Documents and Settings\Owner.STORY\Application Data\Sun
2007-09-09 19:49:29 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-09-09 19:44:28 0 d-------- C:\Documents and Settings\Owner.STORY\Application Data\RegSweep
2007-09-09 19:44:23 0 d-------- C:\Program Files\RegSweep
2007-09-06 22:26:14 129024 --a------ C:\WINDOWS\system32\ZipDll.dll <Not Verified; ; BCB/Delphi Zip>
2007-09-06 22:26:14 115712 --a------ C:\WINDOWS\system32\UnzDll.dll <Not Verified; ; BCB/Delphi UnZip>
2007-09-06 22:26:14 53248 --a------ C:\WINDOWS\system32\UNRAR.DLL
2007-09-06 22:26:13 0 d-------- C:\Program Files\EasyZip
2007-09-06 22:26:07 297472 --a------ C:\WINDOWS\uninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>
2007-09-05 20:52:09 0 d-------- C:\Program Files\Lavasoft
2007-09-05 20:52:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-09-05 20:35:42 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-04 19:40:13 0 d-------- C:\Program Files\JumpStart
2007-09-04 19:40:13 0 d-------- C:\Program Files\Common Files\Knowledge Adventure
2007-09-04 19:40:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Knowledge Adventure
2007-08-28 15:59:19 0 d-------- C:\Documents and Settings\Owner.STORY\Application Data\Uniblue
2007-08-21 10:05:18 0 d-------- C:\Documents and Settings\NetworkService\Application Data\AVG7


-- Find3M Report ---------------------------------------------------------------

2007-09-21 20:05:40 278116 --a------ C:\logfile
2007-09-21 20:03:41 212 --a------ C:\delete.bat
2007-09-21 19:59:20 0 d-------- C:\Program Files\SP2 Connection Patcher
2007-09-21 08:50:24 0 d-------- C:\Documents and Settings\Owner.STORY\Application Data\AVG7
2007-09-09 20:50:41 0 d-------- C:\Program Files\Common Files
2007-09-09 20:21:53 0 d-------- C:\Program Files\Java
2007-08-08 22:52:29 0 d-------- C:\Program Files\DVD Shrink
2007-08-06 18:31:28 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-08-06 18:31:18 0 d-------- C:\Program Files\Dearborn
2007-08-05 12:09:04 0 d-------- C:\Program Files\Lx_cats
2007-08-03 15:00:26 0 d-------- C:\Program Files\Gateway Games
2007-08-03 14:57:40 0 d-------- C:\Documents and Settings\Owner.STORY\Application Data\Grisoft
2007-08-02 22:23:49 0 d-------- C:\Program Files\LimeWire Download Accelerator
2007-08-02 22:19:52 0 d-------- C:\Documents and Settings\Owner.STORY\Application Data\LimeWire
2007-07-21 21:41:36 0 d-------- C:\Program Files\Full Tilt Poker.Net
2007-07-10 22:34:18 229727 --a------ C:\WINDOWS\Burn4Free_Toolbar_Uninstaller_265.exe <Not Verified; Burn4Free; Burn4Free CD and DVD>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/05/2005 11:56 PM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [08/12/2007 08:32 PM]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [11/05/2004 11:47 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [11/05/2004 11:47 AM]
"Reminder"="%WINDIR%\Creator\Remind_XP.exe" []
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [04/29/2005 01:05 AM]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" []
"LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [06/26/2006 10:46 AM]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [06/26/2006 11:34 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [11/24/2006 01:02 PM]
"EPSON Stylus Photo R320 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.exe" [04/26/2004 03:00 AM]
"LXBXCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll" [11/02/2004 05:08 PM]
"lxbxmon.exe"="C:\Program Files\Lexmark 7100 Series\lxbxmon.exe" [01/18/2005 11:43 AM]
"EzPrint"="C:\Program Files\Lexmark 7100 Series\ezprint.exe" [09/17/2004 02:24 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [06/29/2007 11:56 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [09/14/2007 09:32 AM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 05:25 AM]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [08/08/2007 03:53 PM]
"RegistryMechanic"="" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" []
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [03/08/2007 06:06 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [05/21/2007 03:07 PM]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [10/30/2006 11:01 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 03:00 PM]
"SP2 Connection Patcher"="C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" [07/11/2005 07:51 AM]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - C:\Program Files\BigFix\bigfix.exe [11/24/2006 12:56:30 PM]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2/20/2007 5:10:26 AM]
KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2/13/2004 2:12:08 PM]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [3/8/2007 6:06:22 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 4:05:56 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"




-- End of Deckard's System Scanner: finished at 2007-09-21 20:14:44 ------------

#6 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 22 September 2007 - 09:56 AM

Glad we are making progress :thumbsup:

Please download RUNSCANNER to your desktop and run it.
  • When the first page comes up select Beginner Mode
  • On the next page select Save a binary .Run file (optional) then click Start full computer scan at the bottom.
  • At this time Runscanner.exe may request access to the Internet through your firewall please allow it to do so, it will then run for two or three minutes.
  • On completion it will ask for a location to save the file and a name. It will do this for both the .run file and the log
  • Call the file "Select a file name here" and save it to your desktop. You will see the .run file on your desktop. Please zip that file by right clicking and selecting send to Zip file
Then upload that as an attachment along with the log file produced in your next post.



* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Double click the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.


#7 stusto1

stusto1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 22 September 2007 - 09:10 PM

The scan did not find anything with DrWebs-cureit. So not log was given. Here are the other uploads and logs. Thanks again for everything!


Runscanner logfile http://www.runscanner.net

* = authenticode signed file
- = file not found

000 General info
----------------
Computer name : STORY
Creation time : 9/22/2007 9:53:50 PM
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 6.0.2900.2180
OS : Microsoft Windows XP
OS Build : 2600
OS SP : Service Pack 2
RunScanner Version : 1.0.3.0
Type of scan : Full scan
User Language : English (United States)
User rights : Administrator
Windows folder : C:\WINDOWS

001 Running processes
---------------------
* c:\program files\lavasoft\ad-aware 2007\aawservice.exe (Lavasoft AB)
c:\progra~1\grisoft\avg7\avgamsvr.exe (GRISOFT, s.r.o.)
* c:\program files\grisoft\avg anti-spyware 7.5\guard.exe (GRISOFT s.r.o.)
c:\progra~1\grisoft\avg7\avgemc.exe (GRISOFT, s.r.o.)
c:\progra~1\grisoft\avg7\avgupsvc.exe (GRISOFT, s.r.o.)
c:\windows\system32\bcmwltry.exe (Broadcom Corporation)
* c:\windows\system32\lxbxcoms.exe (Lexmark International, Inc.)
* c:\program files\common files\logitech\lvmvfm\lvprcsrv.exe (Logitech Inc.)
c:\program files\common files\new boundary\prismxl\prismxl.sys (New Boundary Technologies, Inc.)
* c:\docume~1\owner~1.sto\locals~1\temp\temporary directory 1 for runscanner.zip\runscanner.exe (Runscanner.net)
c:\windows\system32\wltrysvc.exe

002 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys)
-----------------------------------------------------------------
* c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe (GRISOFT s.r.o.)
c:\program files\lavasoft\ad-aware 2007\aawtray.exe
c:\program files\ati technologies\ati control panel\atiptaxx.exe (ATI Technologies, Inc.)
c:\progra~1\grisoft\avg7\avgcc.exe (GRISOFT, s.r.o.)
C:\windows\system32\wltray.exe (Broadcom Corporation)
* c:\windows\system32\spool\drivers\w32x86\3\e_fati9fa.exe (SEIKO EPSON CORPORATION)
c:\program files\lexmark 7100 series\ezprint.exe
c:\program files\google\google desktop search\googledesktop.exe (Google)
* c:\program files\common files\logitech\lcommgr\communications_helper.exe (Logitech Inc.)
* c:\program files\logitech\quickcam10\quickcam10.exe
* c:\windows\system32\spool\drivers\w32x86\3\lxbxtime.dll
c:\program files\lexmark 7100 series\lxbxmon.exe (Lexmark International, Inc.)
c:\program files\quicktime\qttask.exe (Apple Computer, Inc.)
C:\WINDOWS\sminst\recguard.exe
C:\WINDOWS\creator\remind_xp.exe (SoftThinks)
* c:\program files\java\jre1.6.0_02\bin\jusched.exe (Sun Microsystems, Inc.)
* c:\program files\synaptics\syntp\syntpenh.exe (Synaptics, Inc.)
* c:\program files\synaptics\syntp\syntplpr.exe (Synaptics, Inc.)
* c:\program files\common files\real\update_ob\realsched.exe (RealNetworks, Inc.)

003 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys)
-----------------------------------------------------------------
* c:\program files\linksys easylink advisor\linksysagent.exe (Linksys, a Division of Cisco Systems, Inc.)
c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe (Logitech Inc.)
- na
c:\program files\sp2 connection patcher\sp2connpatcher.exe
* c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe (Google Inc.)
- c:\program files\uniblue\registrybooster 2\registrybooster.exe

005 C:\Documents and Settings\All Users\Start Menu\Programs\Startup
-------------------------------------------------------------------
* c:\progra~1\bigfix\bigfix.exe (BigFix Inc.)
c:\progra~1\kodak\kodake~1\bin\easysh~1.exe (Eastman Kodak Company)
c:\progra~1\kodak\kodaks~1\7288971\program\kodaks~1.exe
c:\progra~1\logitech\deskto~1\8876480\program\logite~1.exe (Logitech Inc.)
c:\progra~1\micros~2\office\osa9.exe (Microsoft Corporation)

008 Default user \Software\Microsoft\Windows\CurrentVersion\Run (+subkeys)
--------------------------------------------------------------------------
c:\progra~1\grisoft\avg7\avgw.exe (GRISOFT, s.r.o.)

009 System user\Software\Microsoft\Windows\CurrentVersion\Run (+subkeys)
------------------------------------------------------------------------
c:\progra~1\grisoft\avg7\avgw.exe (GRISOFT, s.r.o.)

010 HKLM\SYSTEM\CurrentControlSet\Services (Services)
-----------------------------------------------------
* c:\program files\lavasoft\ad-aware 2007\aawservice.exe (Ad-Aware 2007 Service)
* C:\WINDOWS\system32\ati2evxx.exe (ATI External Event Utility EXE Module)
* c:\program files\grisoft\avg anti-spyware 7.5\guard.exe (AVG Anti-Spyware Guard)
c:\progra~1\grisoft\avg7\avgemc.exe (AVG E-mail Scanner)
c:\progra~1\grisoft\avg7\avgamsvr.exe (AVG7 Alert Manager Server)
c:\progra~1\grisoft\avg7\avgupsvc.exe (AVG7 Update Service)
C:\WINDOWS\system32\wltrysvc.exe (Broadcom Wireless LAN Tray Service)
* c:\program files\google\common\google updater\googleupdaterservice.exe (Google Updater Service)
* c:\program files\common files\logitech\lvmvfm\lvprcsrv.exe (Logitech Process Monitor)
* c:\program files\common files\logitech\srvlnch\srvlnch.exe (LVSrvLauncher)
* c:\windows\system32\lxbxcoms.exe (lxbx_device)
c:\program files\common files\new boundary\prismxl\prismxl.sys (PrismXL)

011 HKLM\SYSTEM\CurrentControlSet\Services (drivers)
----------------------------------------------------
C:\WINDOWS\system32\drivers\aegisp.sys (AEGIS Protocol (IEEE 802.1x) v3.2.0.3)
* C:\WINDOWS\system32\drivers\amdagp.sys (AMD AGP Bus Filter Driver)
* C:\WINDOWS\system32\drivers\amdk8.sys (AMD Processor Driver)
* C:\WINDOWS\system32\drivers\avgascln.sys (AVG Anti-Spyware Clean Driver)
* c:\program files\grisoft\avg anti-spyware 7.5\guard.sys (AVG Anti-Spyware Driver)
c:\windows\system32\drivers\avgtdi.sys (AVG Network Redirector)
c:\windows\system32\drivers\avgclean.sys (AVG7 Clean Driver)
c:\windows\system32\drivers\avg7core.sys (AVG7 Kernel)
c:\windows\system32\drivers\avg7rsxp.sys (AVG7 Resident Driver XP)
c:\windows\system32\drivers\avg7rsw.sys (AVG7 Wrap Driver)
- c:\docume~1\owner~1.sto\locals~1\temp\catchme.sys (Base)
* C:\WINDOWS\system32\drivers\camc6aud.sys (Conexant AMC Audio)
* C:\WINDOWS\system32\drivers\camc6hal.sys (Conexant AmcHal Driver)
* C:\WINDOWS\system32\drivers\mdmxsdk.sys (Diagnostic Interface DRIVER)
* C:\WINDOWS\system32\drivers\ptilink.sys (Direct Parallel Link Driver)
C:\WINDOWS\system32\drivers\goprot51.sys (GoProto Protocol Driver)
c:\windows\system32\gpcienum.sys (GPCIEnu1)
* C:\WINDOWS\system32\drivers\hsf_cnxt.sys (HSF_CNXT driver)
* C:\WINDOWS\system32\drivers\hsf_dpv.sys (HSF_DP driver)
* C:\WINDOWS\system32\drivers\hsfhwati.sys (HSFHWATI WDM driver)
* C:\WINDOWS\system32\drivers\lvckap.sys (Logitech AEC Driver)
* C:\WINDOWS\system32\drivers\lvpr2mon.sys (Logitech LVPr2Mon Driver)
* C:\WINDOWS\system32\drivers\lvmvdrv.sys (Logitech Machine Vision Engine Loader)
* C:\WINDOWS\system32\drivers\lv302av.sys (Logitech QuickCam IM(PID_08A0))
* C:\WINDOWS\system32\drivers\lvusbsta.sys (Logitech USB Monitor Filter)
* C:\WINDOWS\system32\drivers\yk51x86.sys (NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller)
C:\WINDOWS\system32\drivers\pxhelp20.sys (PxHelp20)
* C:\WINDOWS\system32\drivers\rtl8185.sys (Realtek RTL8185 54M Wireless LAN Network Adapter Driver)
* C:\WINDOWS\system32\drivers\ql1080.sys (SCSI miniport)
* C:\WINDOWS\system32\drivers\sym_u3.sys (SCSI miniport)
* C:\WINDOWS\system32\drivers\ultra.sys (SCSI miniport)
* C:\WINDOWS\system32\drivers\sym_hi.sys (SCSI miniport)
* C:\WINDOWS\system32\drivers\ql12160.sys (SCSI miniport)
* C:\WINDOWS\system32\drivers\ql1280.sys (SCSI miniport)
* C:\WINDOWS\system32\drivers\symc8xx.sys (SCSI miniport)
* C:\WINDOWS\system32\drivers\symc810.sys (SCSI miniport)
* C:\WINDOWS\system32\drivers\sparrow.sys (SCSI miniport)
* C:\WINDOWS\system32\drivers\asc3550.sys (SCSI miniport)
* C:\WINDOWS\system32\drivers\asc.sys (SCSI miniport)
* C:\WINDOWS\system32\drivers\mraid35x.sys (SCSI miniport)
* C:\WINDOWS\system32\drivers\dac2w2k.sys (SCSI Miniport)
c:\windows\system32\ddmi2.sys (SDDMI2)
* C:\WINDOWS\system32\drivers\secdrv.sys (Secdrv)
* C:\WINDOWS\system32\drivers\sisagp.sys (SIS AGP Bus Filter)
* C:\WINDOWS\system32\drivers\syntp.sys (Synaptics TouchPad Driver)
* C:\WINDOWS\system32\drivers\aliide.sys (System Bus Extender)
* C:\WINDOWS\system32\drivers\cmdide.sys (System Bus Extender)
C:\WINDOWS\system32\drivers\tcpip.sys (TCP/IP Protocol Driver)
* C:\WINDOWS\system32\drivers\tifm21.sys (tifm21.sys)
* C:\WINDOWS\system32\drivers\ati2mtag.sys (Video)
* C:\WINDOWS\system32\drivers\lv302af.sys (Volume Adapter)
* C:\WINDOWS\system32\drivers\wanatw4.sys (WAN Miniport (ATW))

030 HKLM\SOFTWARE\Classes\PROTOCOLS\Filter
------------------------------------------
C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}

031 HKLM\SOFTWARE\Classes\PROTOCOLS\Handler
-------------------------------------------
c:\program files\logitech\desktop messenger\8876480\program\gaplugprotocol-8876480.dll (Logitech Inc.) {9462A756-7B47-47BC-8C80-C34B9B80B32B}
c:\program files\common files\microsoft shared\information retrieval\msitss.dll (Microsoft Corporation) {0A9007C0-4076-11D3-8789-0000F8105754}

035 HKLM-HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components
------------------------------------------------------------------
c:\windows\system32\mscories.dll (Microsoft Corporation) {89B4C1CD-B018-4511-B0A1-5476DBF70820}

040 HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks
------------------------------------------------------------
* c:\program files\yahoo!\companion\installs\cpn\yt.dll (Yahoo! Inc.) {EF99BD32-C1FB-11D2-892F-0090271D4F88}

041 HKLM-HKCU\Software\Microsoft\Internet Explorer\Toolbar
----------------------------------------------------------
c:\program files\burn4free toolbar\v3.3.0.0\burn4free_toolbar.dll {55FAF0F2-44D4-425F-B5F5-6B275B621EAB}
* c:\program files\google\googletoolbar3.dll (Google Inc.) {2318C2B1-4965-11d4-9B18-009027A5CD4F}
c:\program files\snipestation\snipebar2.dll (Klemens Schmid) {D79559E8-9991-41C5-AA2B-A96EC766F43F}
* c:\program files\yahoo!\companion\installs\cpn\yt.dll (Yahoo! Inc.) {EF99BD32-C1FB-11D2-892F-0090271D4F88}

044 HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
------------------------------------------------------------------
* c:\program files\google\googletoolbar3.dll (Google Inc.) {2318C2B1-4965-11D4-9B18-009027A5CD4F}

045 HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
----------------------------------------------------------------
c:\program files\burn4free toolbar\v3.3.0.0\burn4free_toolbar.dll {55FAF0F2-44D4-425F-B5F5-6B275B621EAB}
* c:\program files\google\googletoolbar3.dll (Google Inc.) {2318C2B1-4965-11D4-9B18-009027A5CD4F}
* c:\program files\yahoo!\companion\installs\cpn\yt.dll (Yahoo! Inc.) {EF99BD32-C1FB-11D2-892F-0090271D4F88}

050 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
-----------------------------------------------------------------------------
* c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll (GRISOFT s.r.o.) {57B86673-276A-48B2-BAE7-C6DBB3020EB8}

052 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
----------------------------------------------------------------------------------
* c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll (Adobe Systems Incorporated) {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
* c:\program files\spybot - search & destroy\sdhelper.dll (Safer Networking Limited) {53707962-6F74-2D53-2644-206D7942484F}
c:\windows\system32\bae.dll (Gateway Inc.) {CA6319C0-31B7-401E-A518-A07C3DB8F777}
c:\program files\burn4free toolbar\v3.3.0.0\burn4free_toolbar.dll {60BF5EE3-0105-4858-AD98-17C19F86B042}
* c:\program files\google\googletoolbar3.dll (Google Inc.) {AA58ED58-01DD-4d91-8333-CF10577473F7}
* c:\program files\google\googletoolbarnotifier\2.0.301.7164\swg.dll (Google Inc.) {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
* c:\program files\java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.) {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
* c:\program files\yahoo!\common\yiesrvc.dll (Yahoo! Inc.) {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
* c:\program files\yahoo!\companion\installs\cpn\yt.dll (Yahoo! Inc.) {02478D38-C3F9-4EFB-9B51-7695ECA05670}

061 HKLM-HCKU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
---------------------------------------------------------------------------------
c:\program files\grisoft\avg7\avgse.dll (GRISOFT, s.r.o.) {9F97547E-460A-42C5-AE0C-81C61FFAEBC3}
c:\program files\grisoft\avg7\avgse.dll (GRISOFT, s.r.o.) {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
- deskpan.dll {42071714-76d4-11d1-8b24-00a0c9068ff3}
c:\windows\system32\mscoree.dll (Microsoft Corporation) {1D2680C9-0E2A-469d-B787-065558BC7D43}
* c:\windows\system32\hticons.dll (Hilgraeve, Inc.) {88895560-9AA2-1069-930E-00AA0030EBC8}
c:\windows\system32\shellvrtf.dll (XSS) {7F67036B-66F1-411A-AD85-759FB9C5B0DB}
* c:\program files\real\realplayer\rpshell.dll (RealNetworks, Inc.) {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
c:\windows\system32\dfshim.dll (Microsoft Corporation) {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}
c:\windows\system32\dfshim.dll (Microsoft Corporation) {e82a2d71-5b2f-43a0-97b8-81be15854de8}
* c:\program files\synaptics\syntp\syntpcpl.dll (Synaptics, Inc.) {2F603045-309F-11CF-9774-0020AFD0CFF6}
* c:\progra~1\yahoo!\common\ymmapi.dll (Yahoo! Inc.) {5464D816-CF16-4784-B9F3-75C0DB52B499}

062 HKLM-HKCU\Software\Classes\Folder\Shellex\ColumnHandlers
------------------------------------------------------------
c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll (Adobe Systems, Inc.) {F9DB5320-233E-11D1-9F84-707F02C10627}

063 HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\BootExecute
---------------------------------------------------------------------
C:\WINDOWS\system32\lsdelete.exe

067 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
---------------------------------------------------------------------
* C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)

069 HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
--------------------------------------------------------
* C:\WINDOWS\system32\lxbxlmpm.dll (Lexmark International, Inc.)
* C:\WINDOWS\system32\e_flm9fa.dll (SEIKO EPSON CORPORATION)
C:\WINDOWS\system32\pdf995mon.dll

073 %windir%\Tasks
------------------
RegSweep Scheduled Scan.job : c:\program files\regsweep\regsweep.exe

100 Internet Explorer settings
------------------------------
CustomizeSearch HKLM : http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
Default_Page_URL HKLM : http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
Default_Search_URL HKLM : http://www.google.com/ie
Search Page HKCU : http://www.google.com
Search Page HKLM : http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
SearchAssistant HKCU : http://www.google.com/ie
SearchAssistant HKLM : http://www.google.com/ie
SearchUrl HKCU : http://www.google.com/search?q=%s
Start Page HKCU : http://www.yahoo.com/
Start Page HKLM : http://www.gateway.com/g/startpage.html?Ch...TB&M=MX6426

102 HKLM - HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars
------------------------------------------------------------------
- c:\program files\ism\bnddrive3.dll {12DA1BC4-5384-42fd-A119-3C99D2D146A2}
c:\program files\snipestation\snipebar2.dll (Klemens Schmid) {D79559E8-9991-41C5-AA2B-A96EC766F43F}

104 HKLM\Software\Microsoft\Code Store Database\Distribution Units
------------------------------------------------------------------
- c:\windows\downloaded program files\housecall_activex.dll {215B8138-A3CF-44C5-803F-8226143CFC0A}
* c:\program files\yahoo!\common\yinsthelper.dll (Yahoo! Inc.) {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
* c:\program files\java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.) {8AD9C840-044E-11D1-B3E9-00805F499D93}
* c:\windows\system32\gtdownls_125.ocx (Gteko Ltd.) {A93D84FD-641F-43AE-B963-E6FA84BE7FE7}
* c:\program files\java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.) {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
* c:\program files\java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.) {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
* c:\windows\system32\macromed\flash\flash9b.ocx (Adobe Systems, Inc.) {D27CDB6E-AE6D-11CF-96B8-444553540000}
GUID / CLSID not found {DBA230D1-8467-4e69-987E-5FAE815A3B45}
- c:\windows\downloaded program files\ieatgpc.dll {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}

105 HKCU\Software\Microsoft\Internet Explorer\MenuExt
-----------------------------------------------------
&Yahoo! Search : file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
E&xport to Microsoft Excel : res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Yahoo! &Dictionary : file:///C:\Program Files\Yahoo!\Common/ycdict.htm
Yahoo! &Maps : file:///C:\Program Files\Yahoo!\Common/ycmap.htm
Yahoo! &SMS : file:///C:\Program Files\Yahoo!\Common/ycsms.htm

121 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs
--------------------------------------------------------------------------
c:\progra~1\google\google~1\goec62~1.dll (Google)

160 HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
------------------------------------------------------------------
DisableRegistryTools : 0

161 HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System
------------------------------------------------------------------
dontdisplaylastusername : 0
InstallTheme : C:\WINDOWS\Resources\Themes\Royale.theme
InstallVisualStyle : C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
shutdownwithoutlogon : 1
undockwithoutlogon : 1

172 HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
---------------------------------------------------------------
C:\WINDOWS\system32\bcmlogon.dll (Broadcom Corporation)

173 HKCR\*\shellex\ContextMenuHandlers
--------------------------------------
GUID / CLSID not found
* c:\progra~1\yahoo!\common\ymmapi.dll (Yahoo! Inc.) {5464D816-CF16-4784-B9F3-75C0DB52B499}
* c:\program files\grisoft\avg anti-spyware 7.5\context.dll (GRISOFT s.r.o.) {8934FCEF-F5B8-468f-951F-78A921CD3920}
c:\program files\grisoft\avg7\avgse.dll (GRISOFT, s.r.o.) {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}

Attached Files



#8 stusto1

stusto1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 22 September 2007 - 09:13 PM

Oops. Here's the zip file! Thanks!

Attached Files



#9 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 23 September 2007 - 08:47 AM

Hello stusto, your logs are looking good ! We need to do a few little things.

BTW, Should IEXPLORER.EXE still be running in my Processes? It's still in there? Should I worry about this?

Yes it should be running, thats nothing to worry about.


Download the zipped attachment at the end of this post(this will be your runscanner as fixed by me)
  • Unzip it to your desktop then double click the runscanner icon this will run the program.
  • You will notice several entries in ORANGE with a tick, right click them individually and select delete.
  • Accept the warning then repeat until they are all gone.
We need to re-enable the AVG Anti-Spyware guard :

1. Open AVG Anti-Spyware by double-clicking the multi-colored box emblazoned with an 'S' in the system tray.
2. In the 'Resident Shield' section, toggle the AVG Anti-Spyware active protection 'on' by clicking 'Change state' which will then change the protection status to 'active'.
3. If you are instructed to reboot at any time during your cleanup, AVG Anti-Spyware will prompt you as to whether you would like to "Restart the Resident Shield".
4. Reply 'yes' and set it to 'active'.



Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :
http://www.adobe.com/products/acrobat/readstep2.html


Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.



Please delete the following tools that we used
  • ComboFix.exe
  • runscanner.exe
  • DSS.exe
  • NoLop.exe
Some clean up :

Please double-click OTMoveIt.exe to run it.
Click the Clean up button
Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
Click Yes to the reboot


To re-enable Ad-Watch:

1. Right click on the Ad-Watch icon in the system tray and select "Restore Ad-Watch".
2. At the bottom of the screen there will be two checkable items called "Active" and "Automatic".

Active: Switches Monitoring On or Off without closing
Automatic: Switches Automatic Blocking On or Off

3. Check (red X) both items.



Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Some good free firewalls are ZoneAlarm, Comodo, or
Outpost
Make sure you only use one firewall though. A tutorial on understanding and using firewalls may be found here.

* Take a good look at the following suggestions for malware prevention by reading Tony Kleinís article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.

Attached Files

  • Attached File  stu.zip   83.42KB   28 downloads

Edited by Rorschach, 23 September 2007 - 09:58 AM.


#10 stusto1

stusto1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 23 September 2007 - 12:52 PM

You are the BEST! Thank you so much. Everything is working great!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users