Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I'm Infected


  • Please log in to reply
45 replies to this topic

#1 amazinggrace

amazinggrace

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 11 April 2008 - 11:40 AM

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-04-11 11:20:05
Computer is in Safe Mode with Networking.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; computer is in safe mode.


-- Last 5 Restore Point(s) --
49: 2008-04-11 04:27:24 UTC - RP317 - Software Distribution Service 3.0
48: 2008-04-10 07:14:57 UTC - RP316 - System Checkpoint
47: 2008-04-09 06:48:53 UTC - RP315 - System Checkpoint
46: 2008-04-08 04:31:03 UTC - RP314 - System Checkpoint
45: 2008-04-08 08:00:31 UTC - RP313 - System Checkpoint


-- First Restore Point --
1: 2008-03-02 02:00:46 UTC - RP269 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 248 MiB (512 MiB recommended).


-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:21:39 AM, on 4/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\PROGRA~1\skum\SKUMBU~1\Administrator.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PC-Checkup] "C:\Program Files\Speeditup Free\PCCheckUp\PCCheckUp.exe" -mini
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1183737807984
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe

--
End of file - 5764 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\skum\SKUMBU~1\backups\) ---------------

backup-20080306-212731-198 O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
backup-20080306-212731-668 O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\3.bin\ASKSBAR.DLL
backup-20080306-212731-699 O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
backup-20080306-212731-877 O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\3.bin\ASKSBAR.DLL
backup-20080306-212731-878 O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
backup-20080306-212731-966 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
backup-20080321-135643-309 O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
backup-20080321-135752-209 O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
backup-20080321-135752-814 O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
backup-20080321-141015-661 O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (file missing)
backup-20080321-141015-691 O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
backup-20080321-141015-870 O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
backup-20080321-141015-901 O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
backup-20080321-141015-911 O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
backup-20080321-141015-928 O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 catchme - c:\docume~1\admini~1\locals~1\temp\catchme.sys (file missing)
S3 LVUSBSta (Logitech USB Monitor Filter) - c:\windows\system32\drivers\lvusbsta.sys (file missing)
S3 PID_0928 (Logitech QuickCam Express(PID_0928)) - c:\windows\system32\drivers\lv561av.sys (file missing)
S3 SABProcEnum - c:\program files\internet explorer\sabprocenum.sys (file missing)
S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S3 SbcpHid - c:\windows\system32\drivers\sbcphid.sys
S3 SunkFilt (Alcor Micro Corp - 9360) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt92>
S3 SunkFilt39 (Alcor Micro Corp - 3239) - c:\windows\system32\drivers\sunkfilt39.sys <Not Verified; Alcor Micro Corp.; SunkFilt39>
S3 Sunkfiltp (HP && Alcor Micro Corp for Phison) - c:\windows\system32\drivers\sunkfiltp.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
S2 Avg7Alrt (AVG7 Alert Manager Server) - c:\progra~1\grisoft\avg7\avgamsvr.exe (file missing)
S4 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-10 02:00:00 272 --a------ C:\WINDOWS\Tasks\AVG Test Center.job
2008-04-10 01:10:00 258 --a------ C:\WINDOWS\Tasks\Windows Update.job
2005-04-12 09:04:27 364 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job


-- Files created between 2008-03-11 and 2008-04-11 -----------------------------

2008-04-07 19:17:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-04-07 00:52:54 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-07 00:52:53 68096 --a------ C:\WINDOWS\zip.exe
2008-04-07 00:52:52 80412 --a------ C:\WINDOWS\grep.exe
2008-04-07 00:52:50 98816 --a------ C:\WINDOWS\sed.exe
2008-04-07 00:52:49 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-07 00:52:47 49152 --a------ C:\WINDOWS\VFind.exe
2008-04-07 00:52:46 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-07 00:52:44 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-07 00:51:20 0 d-------- C:\ComboFix[1]
2008-04-07 00:42:05 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-07 00:40:40 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-07 00:40:39 0 d-------- C:\Documents and Settings\Riley\Application Data\SUPERAntiSpyware.com
2008-04-07 00:37:44 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-05 16:46:25 91700 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-04-05 16:46:25 85860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-04-05 16:45:21 56864 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-05 16:45:21 5524768 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-05 16:45:20 0 d-------- C:\Program Files\Kaspersky Lab
2008-04-05 16:39:37 0 d-------- C:\kav
2008-04-05 11:54:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-05 11:54:43 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-31 14:30:43 0 d-------- C:\Program Files\MSECache


-- Find3M Report ---------------------------------------------------------------

2008-04-11 10:27:30 0 d-------- C:\Program Files\Lx_cats
2008-04-07 00:37:44 0 d-------- C:\Program Files\Common Files
2008-03-31 10:03:36 0 d-------- C:\Program Files\Java
2008-03-21 13:29:59 0 d-------- C:\Program Files\tothetrash
2008-03-21 13:16:10 0 d-------- C:\Program Files\Lexmark 5400 Series
2008-03-07 00:19:13 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-24 08:44:45 64 --a----c- C:\WINDOWS\tsiwinfile.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lxctmon.exe"="C:\Program Files\Lexmark 5400 Series\lxctmon.exe" [11/22/2006 04:11 AM]
"Lexmark 5400 Series Fax Server"="C:\Program Files\Lexmark 5400 Series\fm3032.exe" [11/22/2006 04:12 AM]
"Lexmark 4200 Series"="C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe" [01/16/2004 05:04 AM]
"FaxCenterServer4_in_1"="C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" [01/22/2004 11:59 AM]
"EzPrint"="C:\Program Files\Lexmark 5400 Series\ezprint.exe" [11/22/2006 04:11 AM]
"LXCTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [11/21/2006 07:27 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" []
"PC-Checkup"="C:\Program Files\Speeditup Free\PCCheckUp\PCCheckUp.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [12/11/2007 11:56 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [10/09/2006 04:12 PM]
"RegistryMechanic"="" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [12/11/2007 01:10 PM]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [02/08/2008 06:36 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 12:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
backup=C:\WINDOWS\pss\ymetray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
"C:\Program Files\Microsoft Money\System\mnyexpr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® CPU 2.66GHz
Percentage of Memory in Use: 55%
Physical Memory (total/avail): 247.48 MiB / 110.77 MiB
Pagefile Memory (total/avail): 606.32 MiB / 522.02 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1934.86 MiB

C: is Fixed (NTFS) - 111.79 GiB total, 80.23 GiB free.
D: is CDROM (No Media)
E: is Removable (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)

\\.\PHYSICALDRIVE0 - WDC WD1200BB-22FTA0 - 111.79 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 111.79 GiB - C:

\\.\PHYSICALDRIVE2 - eM Bay Reader USB Device

\\.\PHYSICALDRIVE3 - eM Bay Reader USB Device

\\.\PHYSICALDRIVE4 - eM Bay Reader USB Device

\\.\PHYSICALDRIVE5 - eM Bay Reader USB Device

\\.\PHYSICALDRIVE1 - Lexmark USB Mass Storage USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: AVG 7.5.516 v7.5.516 (Grisoft)
AV: Kaspersky Anti-Virus v7.0.1.325 (Kaspersky Lab)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\FrostWire\\FrostWire.exe"="C:\\Program Files\\FrostWire\\FrostWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\WINDOWS\\system32\\LEXPPS.EXE"="C:\\WINDOWS\\system32\\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"C:\\WINDOWS\\system32\\lxctcoms.exe"="C:\\WINDOWS\\system32\\lxctcoms.exe:*:Enabled:Lexmark Communications System"
"C:\\kav\\kav7\\setup.exe"="C:\\kav\\kav7\\setup.exe:*:Enabled:Kaspersky Anti-Virus 7.0 Setup"
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"="C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe:*:Enabled:Kaspersky Anti-Virus"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-ZR0DB6N7RW
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LOGONSERVER=\\YOUR-ZR0DB6N7RW
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn;C:\Program Files\ImageConverter Plus;C:\Program Files\ImageConverter Plus;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0303
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip
SAFEBOOT_OPTION=NETWORK
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=YOUR-ZR0DB6N7RW
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
Veo_532_INF_PATH=C:\WINDOWS\INF\oem31.inf
Veo_532_INSTALL_DIR=C:\Program Files\Veo Stingray\Driver
Veo_532_PNF_PATH=C:\WINDOWS\INF\oem31.pnf
Veo_532_PRODUCT_VER=1.1.0.0
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Riley (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\mcafee.com\antivirus\uninst.exe" /PopUpMsgBox="N" /CheckMutx="N" /S
--> C:\PROGRA~1\Yahoo!\Common\unybase.exe
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Ask Toolbar --> rundll32 C:\PROGRA~1\AskSBar\bar\3.bin\AskSBar.dll,O
BigFix --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll"
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
CopySafe Plugin --> C:\PROGRA~1\Copysafe\UNWISE.EXE C:\PROGRA~1\Copysafe\INSTALL.LOG
Family Tree Maker 2008 --> C:\Program Files\InstallShield Installation Information\{15F53CD8-552B-40D3-BEB1-13E710CA6C3F}\setup.exe -runfromtemp -l0x0409
FrostWire 4.13.4 --> C:\Program Files\FrostWire\Uninstall.exe
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
HijackThis 2.0.2 --> "C:\Program Files\skum\skumbuster\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
ImageConverter Plus 7.0 --> "C:\Program Files\ImageConverter Plus\unins000.exe"
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Internet Explorer Q903235 --> C:\WINDOWS\ieuninst.exe C:\WINDOWS\INF\Q903235.inf
iTunes --> MsiExec.exe /I{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Jasc Paint Shop Photo Album --> MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kaspersky Anti-Virus 7.0 --> MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}
Kaspersky Anti-Virus 7.0 --> MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Lexmark 4200 Series --> C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBMUN5C.EXE -dLexmark 4200 Series
Lexmark 4200 Series Fax Solutions --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{C439D065-5B64-4563-A6B9-1AA202633E13} /l1033 /z/U
Lexmark 5400 Series --> C:\Program Files\Lexmark 5400 Series\Install\x86\Uninst.exe
Lexmark Toolbar --> regsvr32.exe /s /u "C:\Program Files\Lexmark Toolbar\toolband.dll"
LiveUpdate 2.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Money 2004 --> MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft Money 2004 System Pack --> MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Project Professional 2003 Trial --> MsiExec.exe /I{91F30409-6000-11D3-8CFE-0150048383C9}
Microsoft Primary Interoperability Assemblies 2005 --> MsiExec.exe /X{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Microsoft WSE 3.0 --> MsiExec.exe /I{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
Picturetrail Photo Editor 1.9.0 --> "C:\Program Files\Picturetrail Photo Editor\Version 1.9.0\unins000.exe"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{E0D51394-1D45-460A-B62D-383BC4F8B335}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
REALTEK Gigabit and Fast Ethernet NIC Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\Setup.exe" -l0x9 REMOVE
Registry Mechanic 6.0 --> "C:\Program Files\Registry Mechanic\unins000.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Sierra Utilities --> C:\Program Files\Sierra On-Line\sutil32.exe uninstall
SmartViewer --> MsiExec.exe /I{845E20D1-0CA9-4142-B17A-C607DD877DBD}
SoftV92 Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IVEN_14F1&DEV_2F20&SUBSYS_200014F1
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Veo Stingray --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AD88E6DF-A288-4E09-A59B-68E94373BAC7}\SETUP.EXE" -l0x9
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Visualizer Photo Resize --> MsiExec.exe /I{838F0053-8744-4B63-8819-CC44C06308AC}
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Backup Utility --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

Event Record #/Type5532 / Error
Event Submitted/Written: 04/10/2008 11:38:14 PM
Event ID/Source: 454 / ESENT
Event Description:
wuauclt (3440) Database recovery/restore failed with unexpected error -501.

Event Record #/Type5531 / Error
Event Submitted/Written: 04/10/2008 11:38:08 PM
Event ID/Source: 465 / ESENT
Event Description:
wuauclt (3440) Corruption was detected during soft recovery in logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log. The failing checksum record is located at position END. Data not matching the log-file fill pattern first appeared in sector 135 (0x00000087). This logfile has been damaged and is unusable.

Event Record #/Type5530 / Error
Event Submitted/Written: 04/10/2008 11:38:07 PM
Event ID/Source: 465 / ESENT
Event Description:
wuauclt (3440) Corruption was detected during soft recovery in logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log. The failing checksum record is located at position END. Data not matching the log-file fill pattern first appeared in sector 135 (0x00000087). This logfile has been damaged and is unusable.

Event Record #/Type5529 / Error
Event Submitted/Written: 04/10/2008 11:38:06 PM
Event ID/Source: 465 / ESENT
Event Description:
wuauclt (3440) Corruption was detected during soft recovery in logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log. The failing checksum record is located at position END. Data not matching the log-file fill pattern first appeared in sector 135 (0x00000087). This logfile has been damaged and is unusable.

Event Record #/Type5520 / Error
Event Submitted/Written: 04/07/2008 07:45:13 PM
Event ID/Source: 454 / ESENT
Event Description:
wuauclt (3324) Database recovery/restore failed with unexpected error -1032.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type43805 / Error
Event Submitted/Written: 04/11/2008 11:08:06 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
Avg7Core
Avg7RsW
Avg7RsXP
Fips
intelppm
kl1
klif
SASDIFSV
SASKUTIL

Event Record #/Type43804 / Error
Event Submitted/Written: 04/11/2008 11:06:54 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type43800 / Error
Event Submitted/Written: 04/11/2008 11:05:33 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type43773 / Error
Event Submitted/Written: 04/11/2008 10:32:03 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
Avg7Core
Avg7RsW
Avg7RsXP
Fips
intelppm
kl1
klif
SASDIFSV
SASKUTIL

Event Record #/Type43772 / Error
Event Submitted/Written: 04/11/2008 10:30:52 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}



-- End of Deckard's System Scanner: finished at 2008-04-11 11:22:35 ------------





-- End of Deckard's System Scanner: finished at 2008-04-11 11:22:35 ------------

BC AdBot (Login to Remove)

 


#2 amazinggrace

amazinggrace
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 11 April 2008 - 11:53 PM

Sorry...I ran DSS in safe mode earlier and posted that scan....couldn't get it to run in reg mode. But I finally got it to run so here is the DSS scan in reg mode.

Deckard's System Scanner v20071014.68
Run by Riley on 2008-04-11 23:39:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 248 MiB (512 MiB recommended).


-- HijackThis (run as Riley.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:40, on 2008-04-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Lexmark 5400 Series\lxctmon.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Riley\Desktop\dss.exe
C:\PROGRA~1\skum\SKUMBU~1\Riley.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.igoogle.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PC-Checkup] "C:\Program Files\Speeditup Free\PCCheckUp\PCCheckUp.exe" -mini
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1183737807984
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe

--
End of file - 7347 bytes

-- Files created between 2008-03-11 and 2008-04-11 -----------------------------

2008-04-07 19:17:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-04-07 00:52:54 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-07 00:52:53 68096 --a------ C:\WINDOWS\zip.exe
2008-04-07 00:52:52 80412 --a------ C:\WINDOWS\grep.exe
2008-04-07 00:52:50 98816 --a------ C:\WINDOWS\sed.exe
2008-04-07 00:52:49 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-07 00:52:47 49152 --a------ C:\WINDOWS\VFind.exe
2008-04-07 00:52:46 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-07 00:52:44 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-07 00:51:20 0 d-------- C:\ComboFix[1]
2008-04-07 00:42:05 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-07 00:40:40 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-07 00:40:39 0 d-------- C:\Documents and Settings\Riley\Application Data\SUPERAntiSpyware.com
2008-04-07 00:37:44 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-05 16:46:25 91700 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-04-05 16:46:25 85860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-04-05 16:45:21 56864 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-05 16:45:21 5562400 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-05 16:45:20 0 d-------- C:\Program Files\Kaspersky Lab
2008-04-05 16:39:37 0 d-------- C:\kav
2008-04-05 11:54:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-05 11:54:43 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-31 14:30:43 0 d-------- C:\Program Files\MSECache


-- Find3M Report ---------------------------------------------------------------

2008-04-11 14:37:30 0 d-------- C:\Program Files\Lx_cats
2008-04-07 00:37:44 0 d-------- C:\Program Files\Common Files
2008-03-31 10:03:36 0 d-------- C:\Program Files\Java
2008-03-24 14:49:51 0 d-------- C:\Documents and Settings\Riley\Application Data\FrostWire
2008-03-21 13:29:59 0 d-------- C:\Program Files\tothetrash
2008-03-21 13:16:10 0 d-------- C:\Program Files\Lexmark 5400 Series
2008-03-07 00:19:13 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-06 22:47:37 0 d-------- C:\Documents and Settings\Riley\Application Data\Google
2008-01-24 08:44:45 64 --a----c- C:\WINDOWS\tsiwinfile.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\3.bin\ASKSBAR.DLL [ ]

[-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lxctmon.exe"="C:\Program Files\Lexmark 5400 Series\lxctmon.exe" [2006-11-22 04:11]
"Lexmark 5400 Series Fax Server"="C:\Program Files\Lexmark 5400 Series\fm3032.exe" [2006-11-22 04:12]
"Lexmark 4200 Series"="C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe" [2004-01-16 05:04]
"FaxCenterServer4_in_1"="C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" [2004-01-22 11:59]
"EzPrint"="C:\Program Files\Lexmark 5400 Series\ezprint.exe" [2006-11-22 04:11]
"LXCTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-11-21 07:27]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" []
"PC-Checkup"="C:\Program Files\Speeditup Free\PCCheckUp\PCCheckUp.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 11:56]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-10-09 16:12]
"RegistryMechanic"="" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 13:10]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
backup=C:\WINDOWS\pss\ymetray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
"C:\Program Files\Microsoft Money\System\mnyexpr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot




-- End of Deckard's System Scanner: finished at 2008-04-11 23:43:19 ------------

#3 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:37 PM

Posted 12 April 2008 - 04:07 PM

Hello!

I notice you have been fixing lines with HJT. Do you have any clue of what you've done :thumbsup: ?

Download the latest version of Java Runtime Environment (JRE) 6/05

Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.

Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.

Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.

________________________

Please download Malwarebytes' Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Double-click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • If you have trouble with the update process, please download the latest updates here.
  • Double-click the mbam-rules.exe file on your desktop and let it update the application.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (see extra note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Please copy and paste the entire report in your next reply. :blink:
Extra note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Please post the report.
[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image

#4 amazinggrace

amazinggrace
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 12 April 2008 - 09:45 PM

:thumbsup: Thank you so much for taking the time to help me. As for having fixed lines with HJT...that was all DSS's doing.

Per previous post of DSS
HijackThis Fixed Entries (C:\PROGRA~1\skum\SKUMBU~1\backups\) ---------------

backup-20080306-212731-198 O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
backup-20080306-212731-668 O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\3.bin\ASKSBAR.DLL
backup-20080306-212731-699 O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
backup-20080306-212731-877 O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\3.bin\ASKSBAR.DLL
backup-20080306-212731-878 O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
backup-20080306-212731-966 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
backup-20080321-135643-309 O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
backup-20080321-135752-209 O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
backup-20080321-135752-814 O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
backup-20080321-141015-661 O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (file missing)
backup-20080321-141015-691 O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
backup-20080321-141015-870 O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
backup-20080321-141015-901 O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
backup-20080321-141015-911 O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
backup-20080321-141015-928 O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

And in answer to your question "Do I have any clue what I've done?" Absolutely not:)



Here's the Malwarebytes' report...again, THANKS

Malwarebytes' Anti-Malware 1.11
Database version: 619

Scan type: Quick Scan
Objects scanned: 35186
Time elapsed: 9 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f3777260-7308-464a-baa2-cc492c0ce7d2} (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#5 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:37 PM

Posted 13 April 2008 - 02:43 AM

Ok then.

What kind of issues are you receiving at the moment?

Edited by Rahina Rescue, 13 April 2008 - 02:45 AM.

[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image

#6 amazinggrace

amazinggrace
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 13 April 2008 - 08:05 AM

Some CPU spikes but nothing like before when it sounded like it was constantly in a spike and heaving. Actually running pretty good right now. Thanks so much and have a great day in Finland.

#7 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:37 PM

Posted 13 April 2008 - 08:54 AM

Thanks.

Did you set any of these policies?

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=0 (0x0)


______________________

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Turn off the real time scanner of any existing antivirus program while performing the online scan
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image

#8 amazinggrace

amazinggrace
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 13 April 2008 - 10:27 PM

Did you set any of these policies?


QUOTE
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=0 (0x0)


NO I DID NOT DO THAT!



KASPERSKY ONLINE SCANNER REPORT
2008-04-13 22:21
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 13/04/2008
Kaspersky Anti-Virus database records: 702574
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\

Scan Statistics:
Total number of scanned objects: 135214
Number of viruses found: 1
Number of infected objects: 2
Number of suspicious objects: 0
Duration of the scan process: 02:18:15

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\detected.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\detected.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\report.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentqt.zip/retadpu1000106.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentqt.zip ZIP: infected - 1 skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Riley\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Riley\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Riley\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Riley\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Riley\Local Settings\History\History.IE5\MSHist012008041320080414\index.dat Object is locked skipped
C:\Documents and Settings\Riley\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Riley\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Riley\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{E1EA5651-0E42-4521-8785-6719F6C6E8E1}\RP325\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{9ABCA0BC-E68D-4020-9BBC-F37D6CA5D4A4}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

#9 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:37 PM

Posted 14 April 2008 - 05:43 AM

Please open Spybot and Empty it's Recovery.

________________________

Open notepad and copy/paste the text in the quotebox below into it: ( Please make sure you copy everything in the code box )

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=-
"HideLegacyLogonScripts"=-
"HideLogoffScripts"=-
"RunLogonScriptSync"=-
"RunStartupScriptSync"=-
"HideStartupScripts"=-

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=-

Save this as CFScript.txt

Posted Image

Refering to the picture above, drag CFScript.txt into ComboFix.exe

How are things running now?
[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image

#10 amazinggrace

amazinggrace
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 14 April 2008 - 08:32 AM

Seems to be running good.


ComboFix 08-04-13.3 - Riley 2008-04-14 7:49:10.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.51 [GMT -5:00]
Running from: C:\Documents and Settings\Riley\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Riley\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-03-14 to 2008-04-14 )))))))))))))))))))))))))))))))
.

2008-04-12 21:19 . 2008-04-12 21:19 <DIR> d-------- C:\Documents and Settings\Riley\Application Data\Malwarebytes
2008-04-12 21:18 . 2008-04-12 21:18 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-12 21:18 . 2008-04-12 21:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-12 21:14 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-12 21:12 . 2008-04-12 21:12 <DIR> d-------- C:\Program Files\Common Files\Java
2008-04-11 11:18 . 2008-04-11 11:18 <DIR> d-------- C:\Deckard
2008-04-07 19:17 . 2008-04-07 19:17 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-04-07 00:51 . 2008-04-07 02:54 <DIR> d-------- C:\ComboFix[1]
2008-04-07 00:42 . 2008-04-07 00:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-07 00:40 . 2008-04-08 23:26 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-07 00:40 . 2008-04-07 00:40 <DIR> d-------- C:\Documents and Settings\Riley\Application Data\SUPERAntiSpyware.com
2008-04-07 00:37 . 2008-04-07 00:37 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-05 16:46 . 2008-04-05 16:46 91,700 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-04-05 16:46 . 2008-04-05 16:46 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-04-05 16:45 . 2008-04-05 16:45 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-04-05 16:45 . 2008-04-14 07:54 5,908,256 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-05 16:45 . 2008-04-14 07:54 81,184 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-05 16:45 . 2008-04-13 04:17 79,052 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-05 16:45 . 2008-04-13 04:17 8,084 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-04-05 16:39 . 2008-04-05 16:39 <DIR> d-------- C:\kav
2008-04-05 11:54 . 2008-04-05 11:54 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-05 11:54 . 2008-04-13 04:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-31 14:30 . 2008-03-31 14:30 <DIR> d-------- C:\Program Files\MSECache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-13 02:13 --------- d-----w C:\Program Files\Java
2008-04-11 19:37 --------- d-----w C:\Program Files\Lx_cats
2008-03-24 19:49 --------- d-----w C:\Documents and Settings\Riley\Application Data\FrostWire
2008-03-21 18:29 --------- d-----w C:\Program Files\tothetrash
2008-03-21 18:16 --------- d-----w C:\Program Files\Lexmark 5400 Series
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-07 05:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-08 23:37 219,664 ----a-w C:\WINDOWS\system32\klogon.dll
2008-01-19 23:23 54,624 ----a-w C:\WINDOWS\system32\b502E2.sys
2007-06-30 14:55 810 ----a-w C:\Program Files\insfbsbe.txt
2006-02-19 09:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((( snapshot@2008-04-11_10.53.27.82 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-19 09:40:27 1,845,888 ----a-w C:\WINDOWS\$hf_mig$\KB941693\SP2QFE\win32k.sys
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\updspapi.dll
+ 2008-02-20 06:52:43 282,624 ----a-w C:\WINDOWS\$hf_mig$\KB948590\SP2QFE\gdi32.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB948590\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB948590\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\updspapi.dll
+ 2003-03-31 12:00:00 1,740 -c--a-w C:\WINDOWS\$NtServicePackUninstall$\dcache.bin
+ 2002-08-29 09:32:34 2,816 -c--a-w C:\WINDOWS\$NtServicePackUninstall$\drmkaud.sys
+ 2008-04-13 09:18:08 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2003-03-31 12:00:00 2,589 -c--a-w C:\WINDOWS\I386\RUNW32.BAT
+ 2007-12-07 02:21:45 124,928 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\advpack.dll
+ 2007-12-19 23:01:06 347,136 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtmsft.dll
+ 2007-12-07 02:21:45 214,528 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtrans.dll
+ 2007-12-07 02:21:45 133,120 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\extmgr.dll
+ 2007-12-07 02:21:45 63,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\icardie.dll
+ 2007-12-06 11:00:57 70,656 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ie4uinit.exe
+ 2007-12-07 02:21:45 153,088 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakeng.dll
+ 2007-12-07 02:21:45 230,400 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieaksie.dll
+ 2007-12-06 04:59:51 161,792 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakui.dll
+ 2007-12-07 02:21:45 383,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dll
+ 2007-12-07 02:21:45 384,512 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iedkcs32.dll
+ 2007-12-07 02:21:46 6,066,176 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieframe.dll
+ 2007-12-07 02:21:46 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iernonce.dll
+ 2007-12-07 02:21:46 267,776 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iertutil.dll
+ 2007-12-06 11:00:58 13,824 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieudinit.exe
+ 2007-12-06 11:01:25 625,664 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe
+ 2007-12-07 02:21:47 27,648 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\jsproxy.dll
+ 2007-12-07 02:21:47 459,264 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeeds.dll
+ 2007-12-07 02:21:47 52,224 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeedsbs.dll
+ 2007-12-08 05:21:48 3,592,192 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtml.dll
+ 2007-12-07 02:21:47 478,208 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtmled.dll
+ 2007-12-07 02:21:48 193,024 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msrating.dll
+ 2007-12-07 02:21:48 671,232 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mstime.dll
+ 2007-12-07 02:21:48 102,912 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\occache.dll
+ 2008-01-11 05:53:32 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\updspapi.dll
+ 2007-12-07 02:21:48 105,984 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\url.dll
+ 2007-12-07 02:21:48 1,159,680 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\urlmon.dll
+ 2007-12-07 02:21:48 233,472 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\webcheck.dll
+ 2007-12-07 02:21:48 824,832 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
+ 2007-01-23 20:51:30 2,678 ----a-w C:\WINDOWS\java\Packages\Data\0QB9FLNV.DAT
+ 2007-01-23 20:51:29 2,678 ----a-w C:\WINDOWS\java\Packages\Data\1BN7317D.DAT
+ 2007-01-23 20:51:46 2,232 ----a-w C:\WINDOWS\java\Packages\Data\5R5Z3LJD.DAT
+ 2007-01-23 20:51:36 2,678 ----a-w C:\WINDOWS\java\Packages\Data\M0AINX3F.DAT
+ 2007-01-23 20:51:28 2,678 ----a-w C:\WINDOWS\java\Packages\Data\NBDBRD33.DAT
+ 2007-01-23 20:51:30 2,678 ----a-w C:\WINDOWS\java\Packages\Data\V5NJ93TB.DAT
+ 2007-10-11 14:55:14 2,560 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
+ 2004-08-04 08:07:21 1,788 -c--a-w C:\WINDOWS\ServicePackFiles\i386\dcache.bin
+ 2004-08-04 06:07:57 2,944 -c--a-w C:\WINDOWS\ServicePackFiles\i386\drmkaud.sys
+ 2003-03-31 12:00:00 2,000 -c--a-w C:\WINDOWS\system\KEYBOARD.DRV
+ 2003-03-31 12:00:00 2,032 -c--a-w C:\WINDOWS\system\MOUSE.DRV
+ 2003-03-31 12:00:00 1,744 -c--a-w C:\WINDOWS\system\SOUND.DRV
+ 2003-03-31 12:00:00 2,176 -c--a-w C:\WINDOWS\system\VGA.DRV
- 2007-12-07 02:21:45 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-03-01 13:06:20 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2004-08-04 08:07:21 1,788 -c--a-w C:\WINDOWS\system32\dcache.bin
- 2007-12-07 02:21:45 124,928 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-03-01 13:06:20 124,928 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll
- 2007-12-19 23:01:06 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-03-01 13:06:21 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-12-07 02:21:45 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-03-01 13:06:21 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-12-07 02:21:45 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-03-01 13:06:21 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2007-06-19 13:31:19 282,112 -c--a-w C:\WINDOWS\system32\dllcache\gdi32.dll
+ 2008-02-20 06:51:05 282,624 -c--a-w C:\WINDOWS\system32\dllcache\gdi32.dll
- 2007-12-07 02:21:45 63,488 -c--a-w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-03-01 13:06:21 63,488 -c--a-w C:\WINDOWS\system32\dllcache\icardie.dll
- 2007-12-06 11:00:57 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-02-29 08:55:23 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2007-12-07 02:21:45 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-03-01 13:06:21 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2007-12-07 02:21:45 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-03-01 13:06:21 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2007-12-06 04:59:51 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-02-15 05:44:25 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2007-12-07 02:21:45 383,488 -c--a-w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-03-01 13:06:22 383,488 -c--a-w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2007-12-07 02:21:45 384,512 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-03-01 13:06:22 384,512 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2007-12-07 02:21:46 6,066,176 -c--a-w C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-03-01 13:06:24 6,066,176 -c--a-w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2007-12-07 02:21:46 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-03-01 13:06:24 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2007-12-07 02:21:46 267,776 -c--a-w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-03-01 13:06:25 267,776 -c--a-w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2007-12-06 11:00:58 13,824 -c--a-w C:\WINDOWS\system32\dllcache\ieudinit.exe
+ 2008-02-22 10:00:51 13,824 -c--a-w C:\WINDOWS\system32\dllcache\ieudinit.exe
- 2007-12-06 11:01:25 625,664 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-02-29 08:55:46 625,664 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2007-12-07 02:21:47 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-03-01 13:06:25 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2003-03-31 12:00:00 2,000 -c--a-w C:\WINDOWS\system32\dllcache\keyboard.drv
+ 2003-03-31 12:00:00 2,032 -c--a-w C:\WINDOWS\system32\dllcache\mouse.drv
- 2007-12-07 02:21:47 459,264 -c--a-w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-03-01 13:06:26 459,264 -c--a-w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2007-12-07 02:21:47 52,224 -c--a-w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-03-01 13:06:26 52,224 -c--a-w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2007-12-08 05:21:48 3,592,192 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-03-01 23:36:30 3,591,680 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-12-07 02:21:47 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-03-01 13:06:28 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2007-12-07 02:21:48 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-03-01 13:06:28 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2007-12-07 02:21:48 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-03-01 13:06:29 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2007-12-07 02:21:48 102,912 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-03-01 13:06:29 102,912 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll
- 2008-01-11 05:53:32 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-03-01 13:06:29 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2003-03-31 12:00:00 1,744 -c--a-w C:\WINDOWS\system32\dllcache\sound.drv
- 2007-12-07 02:21:48 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-03-01 13:06:29 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll
- 2007-12-07 02:21:48 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-03-01 13:06:30 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2003-03-31 12:00:00 2,176 -c--a-w C:\WINDOWS\system32\dllcache\vga.drv
- 2007-12-07 02:21:48 233,472 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-03-01 13:06:30 233,472 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2007-03-08 13:47:48 1,843,584 -c--a-w C:\WINDOWS\system32\dllcache\win32k.sys
+ 2008-03-19 09:47:00 1,845,248 -c--a-w C:\WINDOWS\system32\dllcache\win32k.sys
- 2007-12-07 02:21:48 824,832 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-03-01 13:06:31 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2003-03-31 12:00:00 2,864 -c--a-w C:\WINDOWS\system32\dllcache\winsock.dll
+ 2003-03-31 12:00:00 2,112 -c--a-w C:\WINDOWS\system32\dllcache\winspool.exe
+ 2003-03-31 12:00:00 2,736 -c--a-w C:\WINDOWS\system32\dllcache\wowdeb.exe
+ 2006-10-18 08:00:00 2,432 ----a-w C:\WINDOWS\system32\drivers\cdr4_xp.sys
+ 2006-10-18 08:00:00 2,560 ----a-w C:\WINDOWS\system32\drivers\cdralw2k.sys
+ 2004-08-04 06:07:57 2,944 ----a-w C:\WINDOWS\system32\drivers\drmkaud.sys
+ 2003-03-31 12:00:00 2,944 ----a-w C:\WINDOWS\system32\drivers\null.sys
- 2007-12-19 23:01:06 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-03-01 13:06:21 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-12-07 02:21:45 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-03-01 13:06:21 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-12-07 02:21:45 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-03-01 13:06:21 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2008-04-03 19:31:11 338,648 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-04-13 09:18:05 338,648 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2007-12-07 02:21:45 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2008-03-01 13:06:21 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2007-12-06 11:00:57 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-02-29 08:55:23 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2007-12-07 02:21:45 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-03-01 13:06:21 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2007-12-07 02:21:45 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-03-01 13:06:21 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2007-12-06 04:59:51 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-02-15 05:44:25 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2007-12-07 02:21:45 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-03-01 13:06:22 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2007-12-07 02:21:45 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-03-01 13:06:22 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2007-12-07 02:21:46 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2008-03-01 13:06:24 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2007-12-07 02:21:46 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-03-01 13:06:24 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2007-12-07 02:21:46 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-03-01 13:06:25 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2007-12-06 11:00:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2007-12-07 02:21:47 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-03-01 13:06:25 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2003-03-31 12:00:00 2,000 -c--a-w C:\WINDOWS\system32\keyboard.drv
+ 2003-03-31 12:00:00 2,560 ----a-w C:\WINDOWS\system32\lz32.dll
+ 2003-03-31 12:00:00 2,032 -c--a-w C:\WINDOWS\system32\mouse.drv
- 2007-12-07 02:21:47 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-03-01 13:06:26 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2007-12-07 02:21:47 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-03-01 13:06:26 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2007-12-08 05:21:48 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-03-01 23:36:30 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-12-07 02:21:47 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-03-01 13:06:28 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2007-12-07 02:21:48 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-03-01 13:06:28 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2007-12-07 02:21:48 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-03-01 13:06:29 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
- 2007-12-07 02:21:48 102,912 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-03-01 13:06:29 102,912 ----a-w C:\WINDOWS\system32\occache.dll
- 2008-01-11 05:53:32 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-03-01 13:06:29 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2003-03-31 12:00:00 1,744 -c--a-w C:\WINDOWS\system32\sound.drv
- 2007-12-07 02:21:48 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-03-01 13:06:29 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2007-12-07 02:21:48 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-03-01 13:06:30 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2003-03-31 12:00:00 2,176 -c--a-w C:\WINDOWS\system32\vga.drv
- 2007-12-07 02:21:48 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-03-01 13:06:30 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2003-03-31 12:00:00 2,864 -c--a-w C:\WINDOWS\system32\winsock.dll
+ 2003-03-31 12:00:00 2,112 -c--a-w C:\WINDOWS\system32\winspool.exe
+ 2003-03-31 12:00:00 2,736 -c--a-w C:\WINDOWS\system32\wowdeb.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\3.bin\ASKSBAR.DLL [ ]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lxctmon.exe"="C:\Program Files\Lexmark 5400 Series\lxctmon.exe" [2006-11-22 04:11 291760]
"Lexmark 5400 Series Fax Server"="C:\Program Files\Lexmark 5400 Series\fm3032.exe" [2006-11-22 04:12 304048]
"Lexmark 4200 Series"="C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe" [2004-01-16 05:04 57344]
"FaxCenterServer4_in_1"="C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" [2004-01-22 11:59 151552]
"EzPrint"="C:\Program Files\Lexmark 5400 Series\ezprint.exe" [2006-11-22 04:11 82864]
"LXCTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-11-21 07:27 106496]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [ ]
"PC-Checkup"="C:\Program Files\Speeditup Free\PCCheckUp\PCCheckUp.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 11:56 286720]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-10-09 16:12 180269]
"RegistryMechanic"="" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 13:10 267048]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
backup=C:\WINDOWS\pss\ymetray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 02:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
--a------ 2003-06-18 15:00 200704 C:\Program Files\Microsoft Money\System\mnyexpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-10-31 22:42 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-10-09 16:12 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\FrostWire\\FrostWire.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\WINDOWS\\system32\\lxctcoms.exe"=
"C:\\kav\\kav7\\setup.exe"=
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"=

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
S3 b502E2;b502E2;C:\WINDOWS\system32\b502E2.sys [2008-01-19 18:23]
S3 DCamUSBVeo532;Veo Web Camera;C:\WINDOWS\system32\Drivers\ubVeo532.sys [2002-07-01 18:30]

.
Contents of the 'Scheduled Tasks' folder
"2008-04-14 07:00:00 C:\WINDOWS\Tasks\AVG Test Center.job"
- C:\PROGRA~1\Grisoft\AVG7\avgw.exe
"2005-04-12 14:04:27 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2008-04-14 06:10:00 C:\WINDOWS\Tasks\Windows Update.job"
- C:\WINDOWS\system32\wupdmgr.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-14 07:54:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCTCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-14 7:59:59
ComboFix-quarantined-files.txt 2008-04-14 12:59:51
ComboFix2.txt 2008-04-11 15:53:55
ComboFix3.txt 2008-01-24 05:16:10
ComboFix4.txt 2008-01-23 19:58:03
ComboFix5.txt 2007-07-25 00:38:56

Pre-Run: 84,828,213,248 bytes free
Post-Run: 84,815,491,072 bytes free
.
2008-04-14 00:40:30 --- E O F ---

#11 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:37 PM

Posted 14 April 2008 - 09:07 AM

You don't have Window's Recovery Console installed. Whilst it may not be needed at this time, current infections tend to patch a lot of critical system files now, these often result to multiple problems and sometimes, they can cause unbootable machines. Having Window's Recovery Console installed on your machine will help you and I in case something goes wrong while we are in the process of cleaning your machine.

Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System


Posted Image


Download the file & save it as it's originally named, next to ComboFix.exe.



Posted Image


Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.
[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image

#12 amazinggrace

amazinggrace
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 14 April 2008 - 03:23 PM

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

#13 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:37 PM

Posted 15 April 2008 - 08:48 AM

Hello!

Could you please run a scan with deckard's system scanner and let me know the results.

Are you receiving any issues?
[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image

#14 amazinggrace

amazinggrace
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 15 April 2008 - 10:09 AM

Good Morning! Running good right now, haven't notice any problems.

Deckard's System Scanner v20071014.68
Run by Riley on 2008-04-15 10:02:58
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 248 MiB (512 MiB recommended).


-- HijackThis (run as Riley.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:03:13 AM, on 4/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Lexmark 5400 Series\lxctmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\Riley\Desktop\dss.exe
C:\PROGRA~1\skum\SKUMBU~1\Riley.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.igoogle.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PC-Checkup] "C:\Program Files\Speeditup Free\PCCheckUp\PCCheckUp.exe" -mini
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1183737807984
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe

--
End of file - 6866 bytes

-- Files created between 2008-03-15 and 2008-04-15 -----------------------------

2008-04-14 13:02:27 0 d-------- C:\cmdcons
2008-04-12 21:19:11 0 d-------- C:\Documents and Settings\Riley\Application Data\Malwarebytes
2008-04-12 21:18:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-12 21:18:54 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-12 21:12:01 0 d-------- C:\Program Files\Common Files\Java
2008-04-07 19:17:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-04-07 00:52:54 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-07 00:52:53 68096 --a------ C:\WINDOWS\zip.exe
2008-04-07 00:52:52 80412 --a------ C:\WINDOWS\grep.exe
2008-04-07 00:52:50 98816 --a------ C:\WINDOWS\sed.exe
2008-04-07 00:52:49 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-07 00:52:47 49152 --a------ C:\WINDOWS\VFind.exe
2008-04-07 00:52:46 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-07 00:52:44 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-07 00:51:20 0 d-------- C:\ComboFix[1]
2008-04-07 00:42:05 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-07 00:40:40 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-07 00:40:39 0 d-------- C:\Documents and Settings\Riley\Application Data\SUPERAntiSpyware.com
2008-04-07 00:37:44 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-05 16:46:25 91700 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-04-05 16:46:25 85860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-04-05 16:45:21 84512 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-05 16:45:21 5994272 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-05 16:45:20 0 d-------- C:\Program Files\Kaspersky Lab
2008-04-05 16:39:37 0 d-------- C:\kav
2008-04-05 11:54:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-05 11:54:43 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-31 14:30:43 0 d-------- C:\Program Files\MSECache


-- Find3M Report ---------------------------------------------------------------

2008-04-12 21:13:57 0 d-------- C:\Program Files\Java
2008-04-12 21:12:01 0 d-------- C:\Program Files\Common Files
2008-04-11 14:37:30 0 d-------- C:\Program Files\Lx_cats
2008-03-24 14:49:51 0 d-------- C:\Documents and Settings\Riley\Application Data\FrostWire
2008-03-21 13:29:59 0 d-------- C:\Program Files\tothetrash
2008-03-21 13:16:10 0 d-------- C:\Program Files\Lexmark 5400 Series
2008-03-07 00:19:13 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-06 22:47:37 0 d-------- C:\Documents and Settings\Riley\Application Data\Google
2008-01-24 08:44:45 64 --a----c- C:\WINDOWS\tsiwinfile.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\3.bin\ASKSBAR.DLL [ ]

[-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lxctmon.exe"="C:\Program Files\Lexmark 5400 Series\lxctmon.exe" [11/22/2006 04:11 AM]
"Lexmark 5400 Series Fax Server"="C:\Program Files\Lexmark 5400 Series\fm3032.exe" [11/22/2006 04:12 AM]
"Lexmark 4200 Series"="C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe" [01/16/2004 05:04 AM]
"FaxCenterServer4_in_1"="C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" [01/22/2004 11:59 AM]
"EzPrint"="C:\Program Files\Lexmark 5400 Series\ezprint.exe" [11/22/2006 04:11 AM]
"LXCTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [11/21/2006 07:27 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" []
"PC-Checkup"="C:\Program Files\Speeditup Free\PCCheckUp\PCCheckUp.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [12/11/2007 11:56 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [10/09/2006 04:12 PM]
"RegistryMechanic"="" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [12/11/2007 01:10 PM]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [02/08/2008 06:36 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 12:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
backup=C:\WINDOWS\pss\ymetray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
"C:\Program Files\Microsoft Money\System\mnyexpr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot




-- End of Deckard's System Scanner: finished at 2008-04-15 10:04:26 ------------

#15 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:37 PM

Posted 15 April 2008 - 02:34 PM

Perform an online scan with Internet Explorer with Panda online scan http://www.pandasoftware.com/products/activescan.htm

1. Click Scan your PC & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
2. Click Scan Now
3. Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls

Begin the scan by selecting My Computer

* If it finds any malware, it will offer you a report.
* Click on see report. Then click Save report

Post the contents of the report in your next reply

*You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
*Turn off the real time scanner of any existing antivirus program while performing the online scan.n
[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users