Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

This Pc Was Connected To Infected External Hard Drive


  • This topic is locked This topic is locked
67 replies to this topic

#1 londonliving

londonliving

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:14 AM

Posted 27 November 2007 - 11:21 AM

Hi there

:blink: A little bit of a vague one here:

New Dell Inspiron 1501 Laptop (about a year old).

Friend brings PhotoShop images to work on and short video clips.

Friend discovers virus/spyware - but doesn't know which. They reformatted their PC but I don't want to on this (bloatware) Dell.

Have run through the forums suggestions of:

AdAware
SpyBot Search and Destroy
SUPERAntiSpyware
NOD32 antivirus

Windows Update claims all is OK, but
http://secunia.com/software_inspector/says not all Windows patches were applied!

(Specifically:
This installation of Microsoft Internet Explorer 7.x is insecure and potentially exposes your system to security threats!

Your system does not have all security related patches from Microsoft installed. Please see list below for details about the missing patches.

Update Instructions:
You do not have the following Microsoft security updates installed:
KB939653
KB937143
KB933566
KB931768
KB928090
KB939653
KB937143
KB933566
KB931768

Visit Windows Update to install the missing patches.

Installed on Your System in:
C:\Program Files\Internet Explorer\iexplore.exe)

Despite visiting the update site and using Microsoft's own Spyware - Windows Genuine Advantage (WGA) nothing has changed

Finally resorting to HiJackThis

in the hope that things might be OK (will post log in second message).

:thumbsup: A few other things:

Firefox went belly up and used Netscape Navigator or Opera instead.

Sometimes the address bar crops up with '%20' all over the place and it didn't used to...

I am loathed to restore this Dell as I then have to uninstall a hundred pieces of software, some of which never truly go.

Still, I hope all is clean and it is just a simple matter for a clean bill of health.

BC AdBot (Login to Remove)

 


#2 londonliving

londonliving
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:14 AM

Posted 27 November 2007 - 11:24 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:09:20, on 27/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
R:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
R:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CTsvcCDA.exe
R:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
R:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
R:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\WLTRAY.exe
R:\Program Files\Eset\nod32kui.exe
R:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\svchost.exe
R:\Program Files\Rainlendar2\Rainlendar2.exe
R:\Program Files\LClock\lclock.exe
R:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\ctfmon.exe
R:\PROGRAM FILES\UNIBLUE\SPEEDUPMYPC\SPEEDUPMYPC.EXE
R:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
R:\Program Files\uTorrent\utorrent.exe
R:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=1061209
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co.uk/hws/sb/dell-usuk/e...html?channel=uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk/hws/sb/dell-usuk/e...html?channel=uk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.co.uk/hws/sb/dell-usuk/e...html?channel=uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=1061209
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - R:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - R:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: BrwIEConnector Class - {908A31E8-2A6E-4736-8E8A-AAF00C4AE38F} - r:\Program Files\Browster\Browster.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - R:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Zend Studio - {95188727-288F-4581-A48D-EAB3BD027314} - R:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - R:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WinPatrol] "R:\Program Files\BillP Studios\WinPatrol\winpatrol.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [nod32kui] "R:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [IntelliPoint] "R:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "R:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Rainlendar2] "R:\Program Files\Rainlendar2\Rainlendar2.exe"
O4 - HKCU\..\Run: [LClock] "R:\Program Files\LClock\lclock.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] R:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: Browster Prefetch On/Off - res://r:\Program Files\Browster\Browster.dll/CustomPrefetchMenu.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://R:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://R:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://R:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://R:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://R:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://R:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://R:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://R:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open and Translate in Word - res://R:\Program Files\SYSTRAN\5.0\Premium\IEShellExt.dll /10
O8 - Extra context menu item: Zend Studio - Debug current page - res://R:\Program Files\Zend\ZendStudio-5.5.0\bin\ZendIEToolbar.dll/DebugCurrent.html
O8 - Extra context menu item: Zend Studio - Debug next page - res://R:\Program Files\Zend\ZendStudio-5.5.0\bin\ZendIEToolbar.dll/DebugNext.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - R:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - R:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zend Studio Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - R:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL
O9 - Extra 'Tools' menuitem: Zend Studio - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - R:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - R:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - R:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by130fd.bay130.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1194709915390
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{72F4BB1C-8CC4-49D8-B885-1D4FDBA0CCA0}: NameServer = 195.92.195.95,195.92.195.94
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - R:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - R:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - R:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - R:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Diskeeper - Diskeeper Corporation - R:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - R:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - R:\Program Files\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - R:\Program Files\Eset\nod32krn.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 13710 bytes

#3 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,618 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:14 AM

Posted 13 December 2007 - 02:18 PM

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please post a brand new hijackthis log. If we do not hear back from you within a couple of days we will need to close your topic.

When posting your logs please post them directly into the reply. Do not attach them.

Also make sure you have already followed the steps outlined below:

Preparation Guide For Use Before Posting A Hijackthis Log

Thank you for your patience.

#4 londonliving

londonliving
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:14 AM

Posted 28 December 2007 - 02:53 PM

I imagine there is a huge backlog!

I have been through the guide, but will have to post a new log as santa brought something for my stocking...

Posting again soon.

Cheers

LL

#5 londonliving

londonliving
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:14 AM

Posted 30 January 2008 - 07:33 AM

Hi there. Sorry for the long delay at my end, ISP had problems.

In the next post I will put the up the new HiJack This log.

To summarise so far:
  • Windows update still reports that Internet Explorer 7 (IE7) does not require updates...
  • System Mechanic 7 has found a BHO / ActiveX object from trusted party ""... and it cannot remove it, even in safe mode
  • Ran SuperAntiSpyWare, which finds nothing...
  • NOD32 all upto date, full scan detects nothing...
  • Ran the online tool from Secunia which found some IE7 updates were outstanding.
  • Reinstalled IE7 - still the same updates are missing...
  • Quicktime through Apple Update came up with a bizarre EULA - too creative to be Apple - it even have a version two stops ahead of reality - downloaded update directly (Currently 7.4)
  • Flash 9 has some discrepancy according to Secunia scan - in the systems32/macromedia version

Attached Files



#6 londonliving

londonliving
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:14 AM

Posted 30 January 2008 - 07:55 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:56:39, on 30/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
R:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
R:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\WINDOWS\system32\cisvc.exe
R:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
R:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
R:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
R:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\WLTRAY.exe
R:\Program Files\Eset\nod32kui.exe
R:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\stsystra.exe
R:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
R:\Program Files\Rainlendar2\Rainlendar2.exe
R:\Program Files\LClock\lclock.exe
R:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\wamp\wampmanager.exe
C:\WINDOWS\system32\ctfmon.exe
c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
C:\Program Files\Digital Line Detect\DLG.exe
c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe
C:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
R:\PROGRAM FILES\UNIBLUE\SPEEDUPMYPC\SPEEDUPMYPC.EXE
C:\WINDOWS\system32\cidaemon.exe
R:\PROGRA~1\NETSCAPE\NAVIGA~1\NAVIGA~1.EXE
C:\WINDOWS\System32\svchost.exe
R:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=1061209
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co.uk/hws/sb/dell-usuk/e...html?channel=uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk/hws/sb/dell-usuk/e...html?channel=uk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.co.uk/hws/sb/dell-usuk/e...html?channel=uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=1061209
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: UltraEdit Toolbar - {4E7BD74F-2B8D-469E-85AA-FD60BB9AAE22} - R:\PROGRA~1\UE_TOO~1\UE_TOO~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - R:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - R:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: BrwIEConnector Class - {908A31E8-2A6E-4736-8E8A-AAF00C4AE38F} - r:\Program Files\Browster\Browster.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Zend Studio - {95188727-288F-4581-A48D-EAB3BD027314} - R:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL
O3 - Toolbar: UltraEdit Toolbar - {4E7BD74F-2B8D-469E-85AA-FD60BB9AAE22} - R:\PROGRA~1\UE_TOO~1\UE_TOO~1.DLL
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WinPatrol] "R:\Program Files\BillP Studios\WinPatrol\winpatrol.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [nod32kui] "R:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [IntelliPoint] "R:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [BtTray] "R:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
O4 - HKCU\..\Run: [Rainlendar2] "R:\Program Files\Rainlendar2\Rainlendar2.exe"
O4 - HKCU\..\Run: [LClock] R:\Program Files\LClock\lclock.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] R:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Aestan Tray Menu] C:\wamp\wampmanager.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: Browster Prefetch On/Off - res://r:\Program Files\Browster\Browster.dll/CustomPrefetchMenu.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Edit with Altova X&MLSpy - R:\Program Files\Altova\XMLSpy2008\spy.htm
O8 - Extra context menu item: Open and Translate in Word - res://R:\Program Files\SYSTRAN\5.0\Premium\IEShellExt.dll /10
O8 - Extra context menu item: Zend Studio - Debug current page - res://R:\Program Files\Zend\ZendStudio-5.5.0\bin\ZendIEToolbar.dll/DebugCurrent.html
O8 - Extra context menu item: Zend Studio - Debug next page - res://R:\Program Files\Zend\ZendStudio-5.5.0\bin\ZendIEToolbar.dll/DebugNext.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - R:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - R:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - R:\Program Files\Altova\XMLSpy2008\spy.htm
O9 - Extra 'Tools' menuitem: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - R:\Program Files\Altova\XMLSpy2008\spy.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - R:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Zend Studio Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - R:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL
O9 - Extra 'Tools' menuitem: Zend Studio - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - R:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - R:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - R:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by130fd.bay130.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1194709915390
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{72F4BB1C-8CC4-49D8-B885-1D4FDBA0CCA0}: NameServer = 195.92.195.95,195.92.195.94
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - R:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - R:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleilCS - Unknown owner - R:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - R:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: Diskeeper - Diskeeper Corporation - R:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - R:\Program Files\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - R:\Program Files\Eset\nod32krn.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 12594 bytes
:thumbsup:

The GIF is of the MS update and Secunia Reported errors.

The only other error is that Microsoft SQL Server update has not taken either.

Hope you can help!!

Attached Files



#7 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,618 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:14 AM

Posted 30 January 2008 - 01:37 PM

Secunia lists ALL of the security updates, even if they do not necessarily apply to your system. Some of these also Cumulative updates that you may have installed already as individual patches. I would go with what Windows Update is showing you rather than secunia.

For the BHO that System Mechanic cant remove try fixing this entry in HijackThis:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Make sure you shut down IE before you attempt to fix it.

Quicktime through Apple Update came up with a bizarre EULA - too creative to be Apple - it even have a version two stops ahead of reality - downloaded update directly (Currently 7.4)


Not sure what you mean by this?

#8 londonliving

londonliving
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:14 AM

Posted 01 February 2008 - 04:35 AM

Hi again.

Thanks for the fast reply :thumbsup:

Have deleted the BHO object using Hijackthis and am currently going through the cycle of checking.

SM7 still reports this BHO / ActiveX object and cannot remove it.

==========

As for the Apple Quicktime anomaly, the QT7error gif shows the screen as it appears to me - ridiculously fancy font and offering Quicktime 7.6 as opposed to the current 7.4

The EULA has an almost impossible to read font, and not in keeping with Apple style.

I have checked the iTunes version which is 7.6 but my update asks for Quicktime 7.6!

==========

As for Secunia, I didn't know it was so thorough! Just needs to filter per machine...

==========

Thanks

LL

#9 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,618 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:14 AM

Posted 01 February 2008 - 04:39 PM

Give me the exact info that SM7 is reporting. Does it give any info on the BHO at all?

As for QuickTime, I would uninstall it and install the version from Apples site.

#10 londonliving

londonliving
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:14 AM

Posted 05 February 2008 - 04:44 AM

Hello Again

I posted a screen grab of the SM7 error, which sadly has nothing between the quotes where normally explanations are found. [30 Jan - first post]

As far as Quicktime goes, I pretty much only download direct as I only use the software updates to inform me.

I have updated direct from apple.com/quicktime after uninstalling first.

(I would love to download and refernce the MS Updates rather than auto update for them too, but haven't found a way!)

Cheers

LL

Edited by londonliving, 05 February 2008 - 04:45 AM.


#11 londonliving

londonliving
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:14 AM

Posted 29 March 2008 - 04:09 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:38:06, on 29/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
R:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
R:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
R:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
R:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
R:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
R:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\WLTRAY.exe
R:\Program Files\Eset\nod32kui.exe
R:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\stsystra.exe
R:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
R:\Program Files\Synaptics\SynTP\SynTPEnh.exe
R:\Program Files\Rainlendar2\Rainlendar2.exe
R:\Program Files\LClock\lclock.exe
R:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
R:\PROGRAM FILES\UNIBLUE\SPEEDUPMYPC\SPEEDUPMYPC.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\dllhost.exe
R:\Program Files\Secunia\PSI (RC1)\psi.exe
C:\WINDOWS\System32\svchost.exe
R:\PROGRA~1\SYSTRAN\5.0\Premium\SYSTRA~3.EXE
R:\Program Files\Flock\flock\flock.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
R:\Program Files\IDM Computer Solutions\UltraEdit-32\Uedit32.exe
R:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=1061209
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: UltraEdit Toolbar - {4E7BD74F-2B8D-469E-85AA-FD60BB9AAE22} - R:\PROGRA~1\UE_TOO~1\UE_TOO~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - R:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - R:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: BrwIEConnector Class - {908A31E8-2A6E-4736-8E8A-AAF00C4AE38F} - r:\Program Files\Browster\Browster.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Zend Studio - {95188727-288F-4581-A48D-EAB3BD027314} - R:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL
O3 - Toolbar: UltraEdit Toolbar - {4E7BD74F-2B8D-469E-85AA-FD60BB9AAE22} - R:\PROGRA~1\UE_TOO~1\UE_TOO~1.DLL
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WinPatrol] R:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [nod32kui] "R:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [IntelliPoint] "R:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [BtTray] "R:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
O4 - HKLM\..\Run: [SynTPEnh] R:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\RunOnce: [getPlusUninstall_dll] rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSd.INF, DefaultUninstall
O4 - HKCU\..\Run: [Rainlendar2] "R:\Program Files\Rainlendar2\Rainlendar2.exe"
O4 - HKCU\..\Run: [LClock] R:\Program Files\LClock\lclock.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] R:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Aestan Tray Menu] C:\wamp\wampmanager.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: Browster Prefetch On/Off - res://r:\Program Files\Browster\Browster.dll/CustomPrefetchMenu.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Edit with Altova X&MLSpy - R:\Program Files\Altova\XMLSpy2008\spy.htm
O8 - Extra context menu item: Open and Translate in Word - res://R:\Program Files\SYSTRAN\5.0\Premium\IEShellExt.dll /10
O8 - Extra context menu item: Zend Studio - Debug current page - res://R:\Program Files\Zend\ZendStudio-5.5.0\bin\ZendIEToolbar.dll/DebugCurrent.html
O8 - Extra context menu item: Zend Studio - Debug next page - res://R:\Program Files\Zend\ZendStudio-5.5.0\bin\ZendIEToolbar.dll/DebugNext.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - R:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - R:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - R:\Program Files\Altova\XMLSpy2008\spy.htm
O9 - Extra 'Tools' menuitem: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - R:\Program Files\Altova\XMLSpy2008\spy.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - R:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Zend Studio Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - R:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL
O9 - Extra 'Tools' menuitem: Zend Studio - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - R:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - R:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - R:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by130fd.bay130.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1194709915390
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{72F4BB1C-8CC4-49D8-B885-1D4FDBA0CCA0}: NameServer = 195.92.195.95,195.92.195.94
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - R:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - R:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleilCS - Unknown owner - R:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - R:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: Diskeeper - Diskeeper Corporation - R:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - R:\Program Files\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - R:\Program Files\Eset\nod32krn.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 12470 bytes
================
UPDATED VERSION OF HJT LOGFILE.

Hi there still having problems, but have been away for a while.

Managed to get the following en route:

VIRTUMONDE APPLICATIONS
~WINDOWS\system32\awtustt.dll
~WINDOWS\system32\iifefcc.dll
removalfile.bat
Setupb.exe - Win32/TrojanDownloader.Small.NZM.trojan

~WINDOWS\system32\pmnnkii.dll
removalfile.bat
Win32/TrojanDownloader.Small.NZM.trojan

IMAdvertiser

------Identified by NOD32

Have used the following to date:

  • NOD32
  • Windows Update - and other major software
  • SpybotSD - Found 6 items
  • SuperAntiSpyware - Found Nothing!
  • SpywareBlaster - v4
  • Manual Intervention
  • Using :wacko: Flock Browser as Netscape Navigator 9 is now defunct. :blink:
  • Hijack This


Spybot Findings:


--- Search result list ---
Munga_Bunga: [SBI $CA361988] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{231239FA-F9CC-0C32-ACF0-2262136C2F78}

IMNames: [SBI $11EE7C28] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-472722980-2923720443-594902606-1005\Software\IMAdvertiser

ICQ-SpyMonitor: [SBI $AD464B70] Data (File, nothing done)
C:\WINDOWS\system32\emx1.dat

ICQ-SpyMonitor: [SBI $184BC4A1] Data (File, nothing done)
C:\WINDOWS\system32\emx10.dat

ICQ-SpyMonitor: [SBI $3DEFADA8] Data (File, nothing done)
C:\WINDOWS\system32\emx11.dat

ICQ-SpyMonitor: [SBI $8CC30421] Data (File, nothing done)
C:\WINDOWS\system32\emx6.dat


So far I have a PC that crawls to life, so there might still be something present.

Internet (8Mb broadband) is constantly around 160k d/l and 264k upload - yes I did say k :thumbsup:
(that may just be a faulty ADSL connection, but I thought I would include it anyway)

Tested through dslreports.com

Hope you can help

LL

#12 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,618 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:14 AM

Posted 31 March 2008 - 11:40 AM

Please visit the following link and use the instructions there to post a ComboFix log as a reply to this topic:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

When following the instructions please install the Windows XP Recovery Console if you are using XP.

After running ComboFix, please post the ComboFix log as well as a brand new HijackThis as a reply to this topic.

#13 londonliving

londonliving
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:14 AM

Posted 08 April 2008 - 11:47 AM

HERE IS THE NEW COMBOFIX LOG

ComboFix 08-04-07.5 - Tiny One 2008-04-08 17:22:22.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.388 [GMT 1:00]
Running from: C:\Documents and Settings\Tiny One\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Tiny One\Application Data\addon.dat
C:\WINDOWS\system32\azip32.dll
C:\WINDOWS\system32\drmgs.sys
C:\WINDOWS\system32\dzgtactx.dll
C:\WINDOWS\system32\FTPx.dll
C:\WINDOWS\system32\grouppolicy\machine\scripts\scripts.ini
C:\WINDOWS\system32\MabryObj.dll
C:\WINDOWS\system32\mwsysb.dll

.
((((((((((((((((((((((((( Files Created from 2008-03-08 to 2008-04-08 )))))))))))))))))))))))))))))))
.

2008-04-07 17:02 . 2008-04-07 17:02 <DIR> d-------- R:\Program Files\My Article Submitter
2008-04-07 17:02 . 2008-04-07 17:02 434,688 --a------ C:\WINDOWS\system32\ss2uinst.exe
2008-04-01 10:08 . 2008-04-01 10:08 <DIR> d-------- R:\Program Files\Analytics Reporting Suite - beta 2
2008-04-01 10:08 . 2008-04-01 10:08 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-04-01 10:08 . 2008-04-01 10:08 <DIR> d-------- C:\Documents and Settings\Tiny One\Application Data\be.boulevart.labs.google.gas.AA41F2CE43CE9D3E84FD00043FDE914C011460BD.1
2008-03-30 12:41 . 2008-03-30 12:41 <DIR> d-------- R:\Program Files\Belarc
2008-03-29 18:10 . 2008-03-29 18:10 <DIR> d-------- R:\Program Files\Windows Script Control
2008-03-29 18:09 . 2008-03-29 18:10 <DIR> d-------- R:\Program Files\PHPMaker 5
2008-03-29 18:09 . 2008-03-29 18:10 <DIR> d-------- C:\Program Files\Common Files\e.World
2008-03-29 12:56 . 2008-04-07 22:49 <DIR> d-------- R:\Program Files\EDraw Max
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-03-28 20:12 . 2008-03-28 20:12 <DIR> d-------- R:\Program Files\MSXML 6.0
2008-03-28 18:47 . 2008-03-28 18:47 <DIR> d-------- C:\Documents and Settings\Tiny One\Application Data\vlc
2008-03-27 11:39 . 2008-03-27 11:39 <DIR> d-------- R:\Program Files\Bat
2008-03-22 14:38 . 2008-03-22 14:38 <DIR> d-------- C:\Documents and Settings\Tiny One\Application Data\Alien Skin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-08 14:50 --------- d-----w R:\Program Files\Rainlendar2
2008-04-08 09:44 --------- d-----w C:\Documents and Settings\Tiny One\Application Data\ue_toolbar
2008-04-08 08:39 --------- d-----w R:\Program Files\PeerGuardian2
2008-04-07 15:06 --------- d-----w R:\Program Files\phpDesigner 2008
2008-04-07 08:21 --------- d-----w C:\Documents and Settings\Tiny One\Application Data\uTorrent
2008-04-06 22:06 --------- d-----w C:\Documents and Settings\Tiny One\Application Data\iMacros
2008-04-06 22:05 --------- d-----w R:\Program Files\Mozilla Firefox 3 Beta 3
2008-04-04 19:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-04 04:56 --------- d-----w R:\Program Files\SUPERAntiSpyware
2008-04-04 03:57 --------- d-----w R:\Program Files\Google Earth
2008-04-03 15:33 --------- d-----w R:\Program Files\Safari
2008-04-03 15:31 --------- d-----w R:\Program Files\iTunes
2008-04-03 15:28 --------- d-----w R:\Program Files\QuickTime
2008-04-02 03:24 --------- d-----w C:\Documents and Settings\Tiny One\Application Data\AbsoluteTelnet
2008-03-31 15:16 --------- d-----w R:\Program Files\FairUse Wizard 2
2008-03-31 13:21 --------- d-----w R:\Program Files\uTorrent
2008-03-31 13:21 --------- d-----w R:\Program Files\SpywareBlaster
2008-03-29 11:05 --------- d-----w R:\Program Files\Opera
2008-03-28 17:44 --------- d-----w C:\Documents and Settings\Tiny One\Application Data\Skype
2008-03-28 00:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-27 00:47 --------- d-----w R:\Program Files\SQLyog Enterprise
2008-02-29 23:09 --------- d-----w R:\Program Files\Spybot - Search & Destroy
2008-02-27 12:49 3,840 ----a-w C:\WINDOWS\system32\drivers\BANTExt.sys
2008-02-25 22:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-25 22:04 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-02-25 12:58 --------- d-----w R:\Program Files\Flock
2008-02-25 12:58 --------- d-----w C:\Documents and Settings\Tiny One\Application Data\Flock
2008-02-23 13:21 --------- d-----w R:\Program Files\Hide IP Platinum
2008-02-19 08:24 7,808 ----a-w C:\WINDOWS\system32\drivers\psi_mf.sys
2008-02-17 12:51 --------- d-----w C:\Documents and Settings\Tiny One\Application Data\dvdcss
2008-02-08 09:19 --------- d-----w R:\Program Files\Eset
2008-01-11 19:05 78 ----a-w C:\RFPEC.bat
2007-01-31 12:50 53 ----a-w C:\Program Files\Common Files\SBB_Uninstall.Bat
2006-12-13 11:09 77 --sh--w R:\Program Files\Desktop.ini
2007-01-03 12:53 58,259 --sha-w C:\WINDOWS\Winexe\klog.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\{A08FB30D-51C4-4E54-AA5E-FF18739802EA}]
@=Mediafour Mac Volume Icons

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"="R:\Program Files\Rainlendar2\Rainlendar2.exe" [2007-08-24 14:56 2932736]
"LClock"="R:\Program Files\LClock\lclock.exe" [2004-09-19 19:27 65536]
"SUPERAntiSpyware"="R:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-25 23:52 476702]
"Aestan Tray Menu"="C:\wamp\wampmanager.exe" [2007-02-18 18:07 1152512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"WinPatrol"="R:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2008-01-27 06:38 316728]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2006-11-01 12:48 1392640]
"nod32kui"="R:\Program Files\Eset\nod32kui.exe" [2007-07-31 11:51 949376]
"IntelliPoint"="R:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2005-12-04 16:39 461584]
"SigmatelSysTrayApp"="stsystra.exe" [2006-09-22 12:06 282624 C:\WINDOWS\stsystra.exe]
"BtTray"="R:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe" [2007-12-29 00:18 258134]
"FinePrint Dispatcher v5"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [2005-05-31 23:23 483328]
"pdfSaver3"="" []
"SynTPEnh"="R:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 23:45 815104]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 06:00 15360]

C:\Documents and Settings\Tiny One\Start Menu\Programs\Startup\
Secunia PSI (RC1).lnk - R:\Program Files\Secunia\PSI (RC1)\psi.exe [2008-02-22 10:09:52 626688]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-12-09 12:25:22 24576]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= R:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 14:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
R:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 14:41 294912 R:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.xvid"= xvid.dll
"MSVideo"= CSvidcap.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Shutdown\0\0]
"Script"=C:\ntosboot.bat

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Version Cue CS2]
R:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-12-09 21:29 49152 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
--------- 2003-09-10 03:24 20480 C:\Program Files\NetWaiting\netWaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"StarWindService"=2 (0x2)
"NMIndexingService"=3 (0x3)
"NICCONFIGSVC"=2 (0x2)
"gusvc"=3 (0x3)
"GoogleDesktopManager"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"R:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"R:\\Program Files\\SecondLife\\SecondLife.exe"=
"R:\\Program Files\\Opera\\Opera.exe"=
"R:\\Program Files\\Zend\\ZendStudio-5.5.0\\jre\\bin\\javaw.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"R:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"R:\\Program Files\\Nero 7\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\Media Player Classic\\mplayerc.exe"=
"R:\\Program Files\\Netscape\\Navigator 9\\navigator.exe"=
"R:\\Program Files\\ViaVoice\\Bin\\engine.exe"=
"R:\\Program Files\\ViaVoice\\Bin\\audmig.exe"=
"R:\\Program Files\\ViaVoice\\Bin\\macroeditor.exe"=
"R:\\Program Files\\ViaVoice\\Bin\\speechbar.exe"=
"R:\\Program Files\\ViaVoice\\Bin\\userwiz.exe"=
"C:\\wamp\\bin\\apache\\apache2.2.6\\bin\\httpd.exe"=
"R:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"R:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"R:\\Program Files\\phpDesigner 2008\\phpDesigner2008.exe"=
"R:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
"135:TCP"= 135:TCP:*:Disabled:TCP Port 135
"5000:TCP"= 5000:TCP:*:Disabled:TCP Port 5000
"5001:TCP"= 5001:TCP:*:Disabled:TCP Port 5001
"5002:TCP"= 5002:TCP:*:Disabled:TCP Port 5002
"5003:TCP"= 5003:TCP:*:Disabled:TCP Port 5003
"5004:TCP"= 5004:TCP:*:Disabled:TCP Port 5004
"5005:TCP"= 5005:TCP:*:Disabled:TCP Port 5005
"5006:TCP"= 5006:TCP:*:Disabled:TCP Port 5006
"5007:TCP"= 5007:TCP:*:Disabled:TCP Port 5007
"5008:TCP"= 5008:TCP:*:Disabled:TCP Port 5008
"5009:TCP"= 5009:TCP:*:Disabled:TCP Port 5009
"5010:TCP"= 5010:TCP:*:Disabled:TCP Port 5010
"5011:TCP"= 5011:TCP:*:Disabled:TCP Port 5011
"5012:TCP"= 5012:TCP:*:Disabled:TCP Port 5012
"5013:TCP"= 5013:TCP:*:Disabled:TCP Port 5013
"5014:TCP"= 5014:TCP:*:Disabled:TCP Port 5014
"5015:TCP"= 5015:TCP:*:Disabled:TCP Port 5015
"5016:TCP"= 5016:TCP:*:Disabled:TCP Port 5016
"5017:TCP"= 5017:TCP:*:Disabled:TCP Port 5017
"5018:TCP"= 5018:TCP:*:Disabled:TCP Port 5018
"5019:TCP"= 5019:TCP:*:Disabled:TCP Port 5019
"5020:TCP"= 5020:TCP:*:Disabled:TCP Port 5020
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009


R0 atiide;atiide;C:\WINDOWS\system32\DRIVERS\atiide.sys [2006-09-13 19:41]
R0 MDPMGRNT;MDPMGRNT;C:\WINDOWS\system32\drivers\MDPMGRNT.sys [2006-04-30 15:57]
R1 MDFSYSNT;MDFSYSNT;C:\WINDOWS\system32\drivers\MDFSYSNT.sys [2006-09-13 19:53]
R2 BlueSoleilCS;BlueSoleilCS;R:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [2007-12-29 00:18]
R2 CamthWDM;WebcamMax, WDM Video Capture;C:\WINDOWS\system32\DRIVERS\CamthWDM.sys [2007-10-06 09:38]
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;C:\WINDOWS\system32\DRIVERS\hnm_wrls_pkt.sys [2006-07-14 02:01]
R2 wsppkt;Wireless Security Protocol;C:\WINDOWS\system32\DRIVERS\wsp_pkt.sys [2006-07-14 02:02]
R3 BsHelpCS;BsHelpCS;R:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe [2007-08-17 16:58]
R3 PSI;PSI;C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2008-02-19 09:24]
R3 wampapache;wampapache;"c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe" -k runservice []
R3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld []
S3 n558;N558 Bluetooth USB Filter Driver;C:\WINDOWS\system32\Drivers\n558.sys [2007-07-20 06:20]
S3 SIWIO;SIWIO;C:\WINDOWS\TEMP\SiwIo.sys []
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 00:01]
S3 Z302Mic;Vimicro Z302 Mic Audio Filter Driver;C:\WINDOWS\system32\drivers\UsbMicfilt.sys [2002-05-14 20:05]
S3 ZSMC302;PCL-W310;C:\WINDOWS\system32\Drivers\usbvm302.sys [2002-11-28 18:33]
S4 0227491172140703mcinstcleanup;McAfee Application Installer Cleanup (0227491172140703);C:\WINDOWS\TEMP\022749~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini []
S4 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);R:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-10-09 19:56]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{17EF733F-75AD-46A6-B542-E21C1FC84445}]
C:\WINDOWS\system32\msiexec.exe /qn /fpu {17EF733F-75AD-46A6-B542-E21C1FC84445}

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8169E97B-3F20-C6CB-E19B-C29D99B4F767}]
C:\WINDOWS\system32\System advisory\WinIni.exe s

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BAFB867B-0BA0-4B37-A370-E4B4A02EC792}]
C:\WINDOWS\system32\msiexec.exe /qn /fpu {BAFB867B-0BA0-4B37-A370-E4B4A02EC792}
.
Contents of the 'Scheduled Tasks' folder
"2008-04-03 15:21:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-08 16:34:11 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-04-08 09:57:16 C:\WINDOWS\Tasks\User_Feed_Synchronization-{E7865968-F99A-45D6-8E9C-31BE1EEE68DE}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-08 17:33:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
R:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
R:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
R:\Program Files\Eset\nod32krn.exe
c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe
R:\PROGRAM FILES\UNIBLUE\SPEEDUPMYPC\SPEEDUPMYPC.EXE
.
**************************************************************************
.
Completion time: 2008-04-08 17:38:28 - machine was rebooted [Tiny One]
ComboFix-quarantined-files.txt 2008-04-08 16:38:05
Pre-Run: 3,916,357,632 bytes free
Post-Run: 3,756,138,496 bytes free
.
2008-04-08 16:16:38 --- E O F ---

#14 londonliving

londonliving
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:14 AM

Posted 08 April 2008 - 11:57 AM

HERE IS THE DSS (Deckard System Scan LOG

I highlighted in BOLD an unknown.
======================

Deckard's System Scanner v20071014.68
Run by Tiny One on 2008-04-08 17:49:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 81% (more than 75%).


-- HijackThis (run as Tiny One.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:49:45, on 08/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
R:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
R:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
R:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
R:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
R:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\Program Files\Windows Defender\MSASCui.exe
R:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\WLTRAY.exe
R:\Program Files\Eset\nod32kui.exe
R:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\stsystra.exe
R:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
R:\Program Files\Synaptics\SynTP\SynTPEnh.exe
R:\Program Files\Rainlendar2\Rainlendar2.exe
R:\Program Files\LClock\lclock.exe
R:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\wamp\wampmanager.exe
C:\Program Files\Digital Line Detect\DLG.exe
R:\Program Files\Secunia\PSI (RC1)\psi.exe
C:\WINDOWS\system32\ctfmon.exe
c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe
C:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
R:\PROGRAM FILES\UNIBLUE\SPEEDUPMYPC\SPEEDUPMYPC.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
R:\Program Files\IDM Computer Solutions\UltraEdit-32\Uedit32.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Tiny One\Desktop\Maintenance\dss.exe
R:\PROGRA~1\TRENDM~1\HIJACK~1\TINYON~1.EXE
R:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=1061209
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: UltraEdit Toolbar - {4E7BD74F-2B8D-469E-85AA-FD60BB9AAE22} - R:\PROGRA~1\UE_TOO~1\UE_TOO~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - R:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - R:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: BrwIEConnector Class - {908A31E8-2A6E-4736-8E8A-AAF00C4AE38F} - r:\Program Files\Browster\Browster.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Zend Studio - {95188727-288F-4581-A48D-EAB3BD027314} - R:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL
O3 - Toolbar: UltraEdit Toolbar - {4E7BD74F-2B8D-469E-85AA-FD60BB9AAE22} - R:\PROGRA~1\UE_TOO~1\UE_TOO~1.DLL
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WinPatrol] R:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [nod32kui] "R:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [IntelliPoint] "R:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [BtTray] "R:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
O4 - HKLM\..\Run: [SynTPEnh] R:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [Rainlendar2] "R:\Program Files\Rainlendar2\Rainlendar2.exe"
O4 - HKCU\..\Run: [LClock] R:\Program Files\LClock\lclock.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] R:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Aestan Tray Menu] C:\wamp\wampmanager.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Secunia PSI (RC1).lnk = R:\Program Files\Secunia\PSI (RC1)\psi.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: Browster Prefetch On/Off - res://r:\Program Files\Browster\Browster.dll/CustomPrefetchMenu.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Edit with Altova X&MLSpy - R:\Program Files\Altova\XMLSpy2008\spy.htm
O8 - Extra context menu item: Open and Translate in Word - res://R:\Program Files\SYSTRAN\5.0\Premium\IEShellExt.dll /10
O8 - Extra context menu item: Zend Studio - Debug current page - res://R:\Program Files\Zend\ZendStudio-5.5.0\bin\ZendIEToolbar.dll/DebugCurrent.html
O8 - Extra context menu item: Zend Studio - Debug next page - res://R:\Program Files\Zend\ZendStudio-5.5.0\bin\ZendIEToolbar.dll/DebugNext.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - R:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - R:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - R:\Program Files\Altova\XMLSpy2008\spy.htm
O9 - Extra 'Tools' menuitem: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - R:\Program Files\Altova\XMLSpy2008\spy.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - R:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Zend Studio Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - R:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL
O9 - Extra 'Tools' menuitem: Zend Studio - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - R:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - R:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - R:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by130fd.bay130.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1194709915390
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{72F4BB1C-8CC4-49D8-B885-1D4FDBA0CCA0}: NameServer = 195.92.195.95,195.92.195.94
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - R:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - R:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleilCS - Unknown owner - R:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - R:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: Diskeeper - Diskeeper Corporation - R:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - R:\Program Files\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - R:\Program Files\Eset\nod32krn.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 12711 bytes

-- Files created between 2008-03-08 and 2008-04-08 -----------------------------

2008-04-08 17:38:33 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-04-08 17:21:43 68096 --a------ C:\WINDOWS\zip.exe
2008-04-08 17:21:43 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-08 17:21:42 49152 --a------ C:\WINDOWS\VFind.exe
2008-04-08 17:21:42 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-08 17:21:42 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-08 17:21:42 98816 --a------ C:\WINDOWS\sed.exe
2008-04-08 17:21:42 80412 --a------ C:\WINDOWS\grep.exe
2008-04-08 17:21:42 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-07 17:02:18 0 d-------- R:\Program Files\My Article Submitter
2008-04-07 17:02:18 434688 --a------ C:\WINDOWS\system32\ss2uinst.exe <Not Verified; Virtualzone.de; SetupStream 2>
2008-04-01 10:08:13 0 d-------- C:\Documents and Settings\Tiny One\Application Data\be.boulevart.labs.google.gas.AA41F2CE43CE9D3E84FD00043FDE914C011460BD.1
2008-04-01 10:08:09 0 d-------- R:\Program Files\Analytics Reporting Suite - beta 2
2008-04-01 10:08:05 0 d-------- C:\Program Files\Common Files\Adobe AIR
2008-03-30 12:41:51 0 d-------- R:\Program Files\Belarc
2008-03-29 18:10:11 0 d-------- R:\Program Files\Windows Script Control
2008-03-29 18:09:48 0 d-------- C:\Program Files\Common Files\e.World
2008-03-29 18:09:30 0 d-------- R:\Program Files\PHPMaker 5
2008-03-29 12:56:00 0 d-------- R:\Program Files\EDraw Max
2008-03-28 20:12:04 0 d-------- R:\Program Files\MSXML 6.0
2008-03-28 18:47:30 0 d-------- C:\Documents and Settings\Tiny One\Application Data\vlc
2008-03-27 11:39:03 0 d-------- R:\Program Files\Bat
2008-03-22 14:38:21 0 d-------- C:\Documents and Settings\Tiny One\Application Data\Alien Skin


-- Find3M Report ---------------------------------------------------------------

2008-04-08 17:49:46 0 d-------- C:\Documents and Settings\Tiny One\Application Data\ue_toolbar
2008-04-08 17:33:41 0 d-------- R:\Program Files\Rainlendar2
2008-04-08 17:18:17 71880 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-04-08 09:39:41 0 d-------- R:\Program Files\PeerGuardian2
2008-04-07 17:53:53 0 d-------- C:\Documents and Settings\Tiny One\Application Data\Adobe
2008-04-07 16:07:14 23963 --a------ C:\Documents and Settings\Tiny One\Application Data\phpdesigner2008.xml
2008-04-07 16:06:46 0 d-------- R:\Program Files\phpDesigner 2008
2008-04-07 09:21:06 0 d-------- C:\Documents and Settings\Tiny One\Application Data\uTorrent
2008-04-06 23:06:06 0 d-------- C:\Documents and Settings\Tiny One\Application Data\iMacros
2008-04-06 23:05:41 0 d-------- R:\Program Files\Mozilla Firefox 3 Beta 3
2008-04-04 05:56:48 0 d-------- R:\Program Files\SUPERAntiSpyware
2008-04-04 04:57:31 0 d-------- R:\Program Files\Google Earth
2008-04-03 16:33:22 0 d-------- R:\Program Files\Safari
2008-04-03 16:31:23 0 d-------- R:\Program Files\iTunes
2008-04-03 16:28:37 0 d-------- R:\Program Files\QuickTime
2008-04-02 04:24:23 0 d-------- C:\Documents and Settings\Tiny One\Application Data\AbsoluteTelnet
2008-03-31 16:16:34 0 d-------- R:\Program Files\FairUse Wizard 2
2008-03-31 14:21:34 0 d-------- R:\Program Files\uTorrent
2008-03-31 14:21:34 0 d-------- R:\Program Files\SpywareBlaster
2008-03-29 12:05:35 0 d-------- R:\Program Files\Opera
2008-03-28 18:57:08 11587 --a------ C:\WINDOWS\mozver.dat
2008-03-28 18:44:07 0 d-------- C:\Documents and Settings\Tiny One\Application Data\Skype
2008-03-27 01:47:45 0 d-------- R:\Program Files\SQLyog Enterprise
2008-03-03 12:39:50 0 d-------- C:\Documents and Settings\Tiny One\Application Data\Mozilla
2008-02-25 23:05:33 2548 --a------ C:\WINDOWS\unins000.dat
2008-02-25 23:04:32 691545 --a------ C:\WINDOWS\unins000.exe
2008-02-25 13:58:50 0 d-------- C:\Documents and Settings\Tiny One\Application Data\Flock
2008-02-25 13:58:41 0 d-------- R:\Program Files\Flock
2008-02-23 14:21:04 0 d-------- R:\Program Files\Hide IP Platinum
2008-02-17 13:51:36 0 d-------- C:\Documents and Settings\Tiny One\Application Data\dvdcss
2008-01-22 22:43:20 4341760 --a------ C:\WINDOWS\system32\emx12.dat
2008-01-19 18:24:19 311582 --a------ C:\WINDOWS\system32\PGPlspRollback.reg
2008-01-17 11:16:27 89066 --a------ C:\Documents and Settings\Tiny One\Application Data\speech.wav
2008-01-12 02:33:07 10841 --a------ C:\WINDOWS\system32\SpoonUninstall-dMC Power Pack.dat
2008-01-12 02:33:07 164352 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2008-01-12 02:31:53 36104 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2008-01-11 20:05:11 78 --a------ C:\RFPEC.bat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 18:20]
"WinPatrol"="R:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [27/01/2008 06:38]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [01/11/2006 12:48]
"nod32kui"="R:\Program Files\Eset\nod32kui.exe" [31/07/2007 11:51]
"IntelliPoint"="R:\Program Files\Microsoft IntelliPoint\ipoint.exe" [04/12/2005 16:39]
"SigmatelSysTrayApp"="stsystra.exe" [22/09/2006 12:06 C:\WINDOWS\stsystra.exe]
"BtTray"="R:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe" [29/12/2007 00:18]
"FinePrint Dispatcher v5"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [31/05/2005 23:23]
"pdfSaver3"="" []
"SynTPEnh"="R:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [15/11/2006 23:45]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"="R:\Program Files\Rainlendar2\Rainlendar2.exe" [24/08/2007 14:56]
"LClock"="R:\Program Files\LClock\lclock.exe" [19/09/2004 19:27]
"SUPERAntiSpyware"="R:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [25/06/2007 23:52]
"Aestan Tray Menu"="C:\wamp\wampmanager.exe" [18/02/2007 18:07]

C:\Documents and Settings\Tiny One\Start Menu\Programs\Startup\
Secunia PSI (RC1).lnk - R:\Program Files\Secunia\PSI (RC1)\psi.exe [22/02/2008 10:09:52]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [09/12/2006 12:25:22]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartBanner"=01000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= R:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 14:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
R:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 14:41 294912 R:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Shutdown\0\0]
"Script"=C:\ntosboot.bat

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Version Cue CS2]
"R:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
C:\Program Files\NetWaiting\netWaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"StarWindService"=2 (0x2)
"NMIndexingService"=3 (0x3)
"NICCONFIGSVC"=2 (0x2)
"gusvc"=3 (0x3)
"GoogleDesktopManager"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{17EF733F-75AD-46A6-B542-E21C1FC84445}]
C:\WINDOWS\system32\msiexec.exe /qn /fpu {17EF733F-75AD-46A6-B542-E21C1FC84445}

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8169E97B-3F20-C6CB-E19B-C29D99B4F767}]
C:\WINDOWS\system32\System advisory\WinIni.exe s

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BAFB867B-0BA0-4B37-A370-E4B4A02EC792}]
C:\WINDOWS\system32\msiexec.exe /qn /fpu {BAFB867B-0BA0-4B37-A370-E4B4A02EC792}



-- End of Deckard's System Scanner: finished at 2008-04-08 17:50:03 ------------

#15 londonliving

londonliving
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:14 AM

Posted 08 April 2008 - 12:06 PM

Other Information

I have trawled through the registry BEFORE the usual routine of scanning.

QooBox I take it this is the ComboFix quarantine!

NOD32 Removed windows\system32\plscd.exe - when I tried to move it manually!

[HKEY_CURRENT_USER\Software\{F9D48CE8-D86E-4637-9BC7-93E4C0D407FA}]
"Name"=hex:a4,ca,ce,d2,e6,e8,ca,e4,ca,c8
- unknown key...

[HKEY_CURRENT_USER\Software\iltalia]
"klg"=hex:01
"plg1"=hex:ea,44,dc,02,a3,27,d7,5f,11,ad,b9,07,da,f2,35,03,2a,35,8e,58,1b,0e,\
11,94,d4,f9,29,05,1a,46,f6,92,d1,64,44,8e,cd,f9,b9,ba,23,bd,45,ed,15,a6,77,\
af,b8,7c,04,4d,90,91,58,5f,81,3c,53,77,15,3a,d0,06,18,5c,f4,8b,90,cf,34,56,\
48,e7,3f,84,51,41,0f,f6,cc,19,32,62,3f,0b,7e,65,bc,04,3a,c5,3e,8a,4d,8a,39,\
b7,ad,02,e6,72,55,d5,05,11,03,cf,02,2a,3f,eb,dc,db,fe,5c,c2,37,f2,b4,96,a8,\
79,50,09,9b,65,8f,07,dd,00,93,42,a5,79,3e,e1,28,66,c5,5b,99,d8,45,16,96,42,\
b7,61,11,f8,90,18,95,d1,97,77,0b,46,b8,e3,e1,73,99,45,a8,09,e9,41,64,b5,c6,\
ce,fd,87,5e,aa,4e,e8,38,e8,fe,50,d8,c2,f2,53,8c,64,6a,b0,46,71,3d,12,ae,1c,\
41,1d,9c,08,5a,d7,ef,89,7b,4b,de,5e,7b,4c,d6,c2,38,23,82,f8,db,17,4e,cf,a9,\
2a,2f,db,90,89,2a,37,2c,4b,8a,9b,3a,fd,8f,a2,18,a8,a5,f7,60,aa,b2,7b,1b,72,\
3b,b8,08,89,74,7d,b6,24,3a,35,4a,1f,3d
- another one

[HKEY_CURRENT_USER\Software\RinDi]
"klg"=hex:01
"delay"=hex:60,1f,3a,26,e5,d0,c7,01
"plg1"=hex:ea,44,dc,02,a3,27,d7,5f,11,ad,b9,07,da,f2,35,03,2a,35,8e,58,1b,0e,\
11,94,d4,f9,29,05,1a,46,f6,92,d1,64,44,8e,cd,f9,b9,ba,23,bd,45,ed,15,a6,77,\
af,b8,7c,04,4d,90,91,58,5f,81,3c,53,77,15,3a,d0,06,20,31,66,f7,97,c7,d9,a9,\
05,8f,ad,f8,c0,29,9d,8a,93,f6,de,9d,c3,8c,68,cc,2c,e6,28,c5,f7,cf,dc,f6,0d,\
56,20,02,12,80,47,d5,5f,c6,81,95,c6,8f,ae,b1,42,ec,6e,06,35,ed,9d,09,8e,5b,\
6b,50,aa,be,f5,d5,c7,2f,12,93,bd,e1,e9,64,e0,28,66,c5,63,e2,48,1f,ca,65,50,\
b7,8d,e2,ea,90,30,9c,4e,97,26,05,44,ba,cf,9a,e3,c3,ec,ee,1d,e9,d1,6a,b7,c4,\
b9,d8,17,04,05,6b,78,62,2c,5b,c1,82,cc,d9,c1,d4,0d,90,a0,44,f8,79,82,f4,b4,\
ba,90,9c,f8,a1,5a,ef,3f,d2,cb,a2,0b,87,5e,d8,7d,10,b3,d8,34,dd,17,4e,4a,6b,\
45,7b,23,67,0b,56,d9,e9,c9,d0,db,cf,ef,8f,9a,bd,b9,83,77,67,aa,b2,8c,6f,56,\
17,10,0e,89,74,81,53,a9,3a,b8,af,9d,41
- and another


[HKEY_CURRENT_USER\Software\StarSynergy]

[HKEY_CURRENT_USER\Software\StarSynergy\2]

[HKEY_CURRENT_USER\Software\StarSynergy\2\act]
"Server"=""
"Email"=""
"ccr"=dword:00000000
"crc"=dword:00000000
"value"=""
- don't know about this.


On another note:
Recently installed Joomla! but these items seem to be present before hand.

Currently this machine is very full - as I do not want to pass something on... :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users