Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ie Popups + Virtumonde + More... Dss And Kaspersky Reports Included.


  • This topic is locked This topic is locked
15 replies to this topic

#1 Mikes Helper

Mikes Helper

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 29 May 2008 - 02:13 PM

Thanks in advance :thumbsup:

DSS main.txt

Deckard's System Scanner v20071014.68
Run by Mike Menard on 2008-05-29 14:57:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
79: 2008-05-29 18:57:28 UTC - RP833 - Deckard's System Scanner Restore Point
78: 2008-05-28 22:40:51 UTC - RP832 - Software Distribution Service 3.0
77: 2008-05-28 19:27:16 UTC - RP831 - Removed Google Earth
76: 2008-05-28 17:15:23 UTC - RP830 - Removed WebEx Record and Playback
75: 2008-05-28 17:13:58 UTC - RP829 - Removed Search Settings 1.1


-- First Restore Point -- 
1: 2008-05-25 11:49:36 UTC - RP755 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

[color=red]Total Physical Memory: 503 MiB (512 MiB recommended).[/color]


-- HijackThis (run as Mike Menard.exe) -----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:59:09, on 5/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Mike Menard\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Mike Menard.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5583] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3225] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKCU\..\Run: [SmileboxTray] "C:\Documents and Settings\Mike Menard\Application Data\Smilebox\SmileboxTray.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1154557975233
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
O23 - Service: lxct_device -   - C:\WINDOWS\system32\lxctcoms.exe
O24 - Desktop Component 0: (no name) - http://img.att.net/cobrand/bellsouth/img/ui/bg-grad-at.png

--
End of file - 3440 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080529-094605-138 O4 - HKLM\..\Policies\Explorer\Run: [0pjCQ9reFQ] C:\Documents and Settings\All Users\Application Data\kzapaxwr\ipglazar.exe
backup-20080529-094605-161 O2 - BHO: (no name) - {B1A64443-6FCA-41CE-8D51-5F8991257555} - C:\WINDOWS\system32\awtsTJax.dll
backup-20080529-094605-255 O2 - BHO: {f89575ca-fb88-70eb-b644-e013cff9865d} - {d5689ffc-310e-446b-be07-88bfac57598f} - C:\WINDOWS\system32\yucukycc.dll
backup-20080529-094605-277 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
backup-20080529-094605-381 O2 - BHO: (no name) - {6952020D-0700-4DD0-97E7-B68F6C506E87} - C:\WINDOWS\system32\ljJCuTKC.dll (file missing)
backup-20080529-094605-383 O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
backup-20080529-094605-390 O4 - HKLM\..\Run: [BM833f6284] Rundll32.exe "C:\WINDOWS\system32\ktvnfarw.dll",s
backup-20080529-094605-433 O2 - BHO: (no name) - {C3173338-459E-4027-B968-F9C14E40C324} - C:\WINDOWS\system32\rqRjjgeE.dll (file missing)
backup-20080529-094605-522 O2 - BHO: mysidesearch browser optimizer - {ea60132f-cf9f-c05f-b572-93274b95d986} - C:\WINDOWS\system32\{3ee0ae11-dbf9-4241-896f-e08b7aef00f4}.dll (file missing)
backup-20080529-094605-618 O2 - BHO: gooochi browser optimizer - {bb45f46f-06b2-7e0d-df22-d86169f102cc} - C:\WINDOWS\system32\{6026717c-af8b-7b3f-167c-b22e5d715eac}.dll (file missing)
backup-20080529-094605-721 O4 - HKLM\..\Run: [800c5118] rundll32.exe "C:\WINDOWS\system32\vcbnlvca.dll",b
backup-20080529-094605-875 O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
backup-20080529-094606-425 O20 - Winlogon Notify: awtsTJax - C:\WINDOWS\SYSTEM32\awtsTJax.dll
backup-20080529-094606-475 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20080529-094606-609 O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
backup-20080529-094606-779 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20080529-094741-162 O4 - HKCU\..\RunOnce: [SpybotDeletingB5032] command /c del "C:\WINDOWS\system32\ljJCuTKC.dll_old"
backup-20080529-094741-219 O4 - HKCU\..\RunOnce: [SpybotDeletingD4170] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
backup-20080529-094741-262 O4 - HKLM\..\RunOnce: [SpybotDeletingA5462] command /c del "C:\WINDOWS\system32\ljJCuTKC.dll_old"
backup-20080529-094741-493 O20 - Winlogon Notify: awtsTJax - C:\WINDOWS\SYSTEM32\awtsTJax.dll
backup-20080529-094741-600 O4 - HKCU\..\RunOnce: [SpybotDeletingD2592] cmd /c del "C:\WINDOWS\system32\ljJCuTKC.dll_old"
backup-20080529-094741-621 O2 - BHO: (no name) - {2C2AC224-9338-4268-B00C-1FD668A86017} - C:\WINDOWS\system32\wvUmnKda.dll (file missing)
backup-20080529-094741-685 O4 - HKLM\..\RunOnce: [SpybotDeletingA1682] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
backup-20080529-094741-764 O4 - HKLM\..\RunOnce: [SpybotDeletingC6536] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
backup-20080529-094741-867 O4 - HKCU\..\RunOnce: [SpybotDeletingB5941] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
backup-20080529-094741-956 O2 - BHO: (no name) - {B1A64443-6FCA-41CE-8D51-5F8991257555} - C:\WINDOWS\system32\awtsTJax.dll
backup-20080529-094741-984 O4 - HKLM\..\RunOnce: [SpybotDeletingC2389] cmd /c del "C:\WINDOWS\system32\ljJCuTKC.dll_old"
backup-20080529-094823-412 O2 - BHO: (no name) - {B1A64443-6FCA-41CE-8D51-5F8991257555} - C:\WINDOWS\system32\awtsTJax.dll
backup-20080529-094855-351 O2 - BHO: (no name) - {B1A64443-6FCA-41CE-8D51-5F8991257555} - C:\WINDOWS\system32\awtsTJax.dll
backup-20080529-095713-106 O4 - HKCU\..\RunOnce: [SpybotDeletingB2126] command /c del "C:\WINDOWS\system32\ddcCTmKb.dll_old"
backup-20080529-095713-578 O2 - BHO: (no name) - {B1A64443-6FCA-41CE-8D51-5F8991257555} - C:\WINDOWS\system32\awtsTJax.dll
backup-20080529-095713-711 O4 - HKCU\..\RunOnce: [SpybotDeletingD9213] cmd /c del "C:\WINDOWS\system32\wvUmnKda.dll_old"
backup-20080529-095713-743 O20 - Winlogon Notify: awtsTJax - C:\WINDOWS\SYSTEM32\awtsTJax.dll
backup-20080529-095713-920 O4 - HKCU\..\RunOnce: [SpybotDeletingD1283] cmd /c del "C:\WINDOWS\system32\ddcCTmKb.dll_old"
backup-20080529-095713-931 O4 - HKCU\..\RunOnce: [SpybotDeletingB8296] command /c del "C:\WINDOWS\system32\wvUmnKda.dll_old"
backup-20080529-095910-254 O20 - Winlogon Notify: awtsTJax - C:\WINDOWS\SYSTEM32\awtsTJax.dll
backup-20080529-095910-400 O2 - BHO: (no name) - {B1A64443-6FCA-41CE-8D51-5F8991257555} - C:\WINDOWS\system32\awtsTJax.dll
backup-20080529-095928-265 O20 - Winlogon Notify: awtsTJax - C:\WINDOWS\SYSTEM32\awtsTJax.dll
backup-20080529-095928-450 O2 - BHO: (no name) - {B1A64443-6FCA-41CE-8D51-5F8991257555} - C:\WINDOWS\system32\awtsTJax.dll
backup-20080529-122543-100 O20 - Winlogon Notify: awtsTJax - awtsTJax.dll (file missing)
backup-20080529-122543-258 O4 - HKLM\..\Run: [BM833f6284] Rundll32.exe "C:\WINDOWS\system32\ivjcrinl.dll",s
backup-20080529-122543-489 O2 - BHO: (no name) - {DB2E931E-93B7-4E94-BF69-28BB51C531F7} - C:\WINDOWS\system32\urqQkhIa.dll
backup-20080529-122543-540 O2 - BHO: {e7b038f0-8b87-4f2a-0364-b3aed5696802} - {2086965d-ea3b-4630-a2f4-78b80f830b7e} - C:\WINDOWS\system32\kyawennf.dll
backup-20080529-122543-710 O2 - BHO: (no name) - {B1A64443-6FCA-41CE-8D51-5F8991257555} - C:\WINDOWS\system32\awtsTJax.dll (file missing)
backup-20080529-122543-833 O4 - HKLM\..\Run: [800c5118] rundll32.exe "C:\WINDOWS\system32\dmayohnl.dll",b

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 mtlstrmm - c:\windows\system32\drivers\mtlstrmm.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S4 MsSecurity1.209.4 (MsSecurity Updated) - c:\windows\host service (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-04-29 and 2008-05-29 -----------------------------

2008-05-29 13:55:23		 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-29 13:55:22		 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-29 13:55:21		 0 d-------- C:\WINDOWS\LastGood
2008-05-29 11:07:48	  2560 --a------ C:\WINDOWS\system32\vxmmdikn.exe
2008-05-29 11:04:48	 84896 --a------ C:\WINDOWS\system32\dmayohnl.dll
2008-05-29 11:02:53	 91056 --a------ C:\WINDOWS\system32\ivjcrinl.dll
2008-05-29 11:01:47	798454 --ahs---- C:\WINDOWS\system32\aIhkQqru.ini2
2008-05-28 22:32:49	  1462 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-28 22:27:40	  2560 --a------ C:\WINDOWS\system32\jsgctmjs.exe
2008-05-28 22:25:30	 90992 --a------ C:\WINDOWS\system32\pocbfqpo.dll
2008-05-28 22:24:36	799273 --ahs---- C:\WINDOWS\system32\CKTuCJjl.ini2
2008-05-28 21:24:47		 0 d-------- C:\WINDOWS\CSC
2008-05-28 20:49:58	 90992 --a------ C:\WINDOWS\system32\bcteniwk.dll
2008-05-28 20:47:43	   407 --ahs---- C:\WINDOWS\system32\bKmTCcdd.ini2
2008-05-28 20:13:58		 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-05-28 20:12:37		 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-05-28 20:12:37		 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-05-28 20:12:37		 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-05-28 20:12:37		 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-05-28 20:12:37		 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-05-28 20:12:37	786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-05-28 20:12:37		 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-05-28 20:12:37		 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-05-28 20:12:37		 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-05-28 20:12:37		 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-05-28 20:12:37		 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-05-28 20:12:37		 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-05-28 20:12:37		 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-05-28 20:12:37		 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-05-28 19:49:24	  2560 --a------ C:\WINDOWS\system32\jkgmqfaa.exe
2008-05-28 19:46:35	 98736 --a------ C:\WINDOWS\system32\yucukycc.dll
2008-05-28 19:44:31		 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-28 19:44:18		 0 d-------- C:\Documents and Settings\Mike Menard\Application Data\Mozilla
2008-05-28 19:43:24	800144 --ahs---- C:\WINDOWS\system32\adKnmUvw.ini2
2008-05-28 15:49:25		 0 d-------- C:\Program Files\Safer Networking
2008-05-28 15:48:39		 0 d-------- C:\Program Files\Trend Micro
2008-05-28 14:06:03		 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-28 14:01:52	   419 --ahs---- C:\WINDOWS\system32\EegjjRqr.ini2
2008-05-28 13:03:49		 0 d--h----- C:\WINDOWS\PIF
2008-05-28 12:09:46		 0 d-------- C:\WINDOWS\pss
2008-05-27 14:43:57	100672 --a------ C:\WINDOWS\system32\vsmopagk.dll
2008-05-27 14:41:10	 90896 --a------ C:\WINDOWS\system32\eyueyukg.dll
2008-05-26 13:51:03		 0 d-------- C:\WINDOWS\fiii
2008-05-26 13:49:13	100672 --a------ C:\WINDOWS\system32\hfjpjrac.dll
2008-05-26 13:43:25	 90896 --a------ C:\WINDOWS\system32\hmkbnndi.dll
2008-05-26 13:09:29	 24576 --a------ C:\WINDOWS\searchword.dll
2008-05-26 13:09:28	  9728 --a------ C:\WINDOWS\mswsc20.dll
2008-05-26 13:09:28	  8448 --a------ C:\WINDOWS\mswsc10.dll
2008-05-26 13:09:27	 12288 --a------ C:\WINDOWS\msspi.dll
2008-05-26 13:09:27	 24576 --a------ C:\WINDOWS\msconfd.dll
2008-05-26 13:09:26	 11008 --a------ C:\WINDOWS\gfmnaaa.dll
2008-05-26 13:09:25	 23808 --a------ C:\WINDOWS\dnsrelay.dll
2008-05-25 21:37:51		 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-05-25 21:37:43		 0 d-------- C:\Documents and Settings\All Users\Application Data\HlpUi
2008-05-25 21:37:41		 0 d-------- C:\Documents and Settings\All Users\Application Data\SmartSh
2008-05-25 21:37:22		 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2008-05-25 21:37:21		 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-05-25 21:37:21		 0 d-------- C:\Documents and Settings\LocalService\Application Data\BLSTOOLBAR
2008-05-25 21:37:20		 4 --a------ C:\WINDOWS\system32\hljwugsf.bin
2008-05-25 07:50:59	100608 --a------ C:\WINDOWS\system32\dijgxgoq.dll
2008-05-25 07:50:35	 90896 --a------ C:\WINDOWS\system32\svgqjcpk.dll
2008-05-25 07:44:58	   861 --a------ C:\WINDOWS\system32\winpfz33.sys
2008-05-25 07:44:15	 86144 --a------ C:\WINDOWS\system32\drivers\mtlstrmm.sys
2008-05-25 07:44:13		 0 d-------- C:\WINDOWS\system32\hI2
2008-05-25 07:44:13		 0 d-------- C:\WINDOWS\system32\at1
2008-05-25 07:44:13		 0 d-------- C:\WINDOWS\system32\1064a
2008-05-25 07:44:07		 0 d-------- C:\WINDOWS\system32\vntiho06
2008-05-17 01:29:20	226698 --a------ C:\WINDOWS\system32\000060.exe


-- Find3M Report ---------------------------------------------------------------

2008-05-29 13:38:03	472413 --a------ C:\logfile
2008-05-29 09:21:46		 0 d-------- C:\Program Files\Yahoo!
2008-05-28 15:26:43		 0 d-------- C:\Program Files\Google
2008-05-28 13:23:09		 0 d-------- C:\Program Files\Common Files
2008-05-26 13:40:10		 0 d-------- C:\Program Files\Lx_cats
2008-05-12 20:38:14		 0 d-------- C:\Documents and Settings\Mike Menard\Application Data\Smilebox
2008-05-10 14:14:14		 0 d-------- C:\Documents and Settings\Mike Menard\Application Data\MSN6
2008-05-07 17:24:54		 0 d-------- C:\Documents and Settings\Mike Menard\Application Data\AdobeUM
2008-05-01 23:56:39		 0 d-------- C:\Documents and Settings\Mike Menard\Application Data\Adobe
2008-04-28 18:59:04		 0 d-------- C:\Program Files\Common Files\SWF Studio
2008-04-18 21:04:56		 0 d-------- C:\Program Files\Smilebox


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [10/14/2004 14:42]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [01/23/2005 10:36]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [01/23/2005 10:31]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [09/01/2006 15:57]
"lxctmon.exe"="C:\Program Files\Lexmark 5400 Series\lxctmon.exe" [06/20/2006 09:37]
"Lexmark 5400 Series Fax Server"="C:\Program Files\Lexmark 5400 Series\fm3032.exe" [07/10/2006 19:30]
"EzPrint"="C:\Program Files\Lexmark 5400 Series\ezprint.exe" [06/06/2006 23:05]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmileboxTray"="C:\Documents and Settings\Mike Menard\Application Data\Smilebox\SmileboxTray.exe" [04/30/2008 16:44]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 17:45]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"SpybotDeletingA5583"=command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
"SpybotDeletingC3225"=cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\urqQkhIa

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-05-29 14:59:36 ------------

DSS extra.txt
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 3.20GHz
Percentage of Memory in Use: 47%
Physical Memory (total/avail): 502.07 MiB / 263.53 MiB
Pagefile Memory (total/avail): 1227.36 MiB / 1041.55 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1933 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.5 GiB total, 57.61 GiB free. 
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD800JD-75JNA0 - 74.5 GiB - 1 partition
  \PARTITION0 (bootable) - Installable File System - 74.5 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before install.
Windows Internal Firewall is enabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\\Program Files\\Kodak\\Kodak EasyShare Software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare Software\\bin\\EasyShare.exe:*:Enabled:Kodak EasyShare software"
"C:\\WINDOWS\\system32\\lxctcoms.exe"="C:\\WINDOWS\\system32\\lxctcoms.exe:*:Enabled:Lexmark Communications System"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Mike Menard\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MENARD
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Mike Menard
LOGONSERVER=\\MENARD
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\MIKEME~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\MIKEME~1\LOCALS~1\Temp
USERDOMAIN=MENARD
USERNAME=Mike Menard
USERPROFILE=C:\Documents and Settings\Mike Menard
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Mike Menard [I](admin)[/I]
Administrator [I](admin)[/I]


-- Add/Remove Programs ---------------------------------------------------------

ABBYY FineReader 6.0 Sprint --> MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Broadcom Gigabit Integrated Controller --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BE6890C7-31EF-478C-812E-1E2899ABFCA9} /l1033 
CardRd81 --> MsiExec.exe /I{54C8FE84-89C4-40E8-976C-439EB0729BD6}
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
CR2 --> MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}
Dora Backpack --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D859D35F-E947-4F2A-8591-C76A4D116178}\setup.exe" -l0x9  -uninst 
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC --> MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS --> MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt --> MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
FileAlyzer --> "C:\Program Files\Safer Networking\FileAlyzer\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HLPPDOCK --> MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21}
Intel(R) Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
kgcbaby --> MsiExec.exe /I{E18B549C-5D15-45DA-8D8F-8FD2BD946344}
kgcbase --> MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
kgchday --> MsiExec.exe /I{11F3F858-4131-4FFA-A560-3FE282933B6E}
kgcinvt --> MsiExec.exe /I{9BD54685-1496-46A5-AB62-357CD140ED8B}
kgckids --> MsiExec.exe /I{693C08A7-9E76-43FF-B11E-9A58175474C4}
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140002_9f001\Setup.exe /APR-REMOVE
KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
Lexmark 5400 Series --> C:\Program Files\Lexmark 5400 Series\Install\x86\Uninst.exe
Macromedia Flash Player 8 --> MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
netbrdg --> MsiExec.exe /I{56AB063D-1450-4BDE-9F0D-E9C693429C51}
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OTtBP --> MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
OTtBPSDK --> MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
PCDADDIN --> MsiExec.exe /I{65D85050-5610-4A91-A3B1-D5C744291AD4}
PCDHELP --> MsiExec.exe /I{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}
QuickTime --> MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
RegAlyzer --> "C:\Program Files\Safer Networking\RegAlyzer\unins000.exe"
RunAlyzer --> "C:\Program Files\Safer Networking\RunAlyzer\unins000.exe"
SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SFR2 --> MsiExec.exe /I{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}
SHASTA --> MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
SKIN0001 --> MsiExec.exe /I{FDF9943A-3D5C-46B3-9679-586BD237DDEE}
SKINXSDK --> MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Smilebox --> "C:\Documents and Settings\Mike Menard\Application Data\Smilebox\uninstall.exe"
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9  -removeonly
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
staticcr --> MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
tooltips --> MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
WIRELESS --> MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}


-- Application Event Log -------------------------------------------------------

Event Record #/Type1528 / Error
Event Submitted/Written: 05/28/2008 08:05:35 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application SpybotSD.exe, version 1.5.2.20, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type1504 / Error
Event Submitted/Written: 05/28/2008 03:54:43 PM
Event ID/Source: 1802 / SecurityCenter
Event Description:
The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

Event Record #/Type1487 / Warning
Event Submitted/Written: 05/26/2008 01:38:23 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type1479 / Error
Event Submitted/Written: 05/25/2008 09:37:50 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application 24151.exe, version 0.0.0.0, faulting module 24151.exe, version 0.0.0.0, fault address 0x0001c0b9.
Processing media-specific event for [24151.exe!ws!]

Event Record #/Type1475 / Warning
Event Submitted/Written: 05/25/2008 07:54:14 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type10216 / Error
Event Submitted/Written: 05/29/2008 01:45:49 PM
Event ID/Source: 7031 / Service Control Manager
Event Description:
The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Event Record #/Type10215 / Error
Event Submitted/Written: 05/29/2008 01:42:05 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The lxct_device service terminated unexpectedly.  It has done this 1 time(s).

Event Record #/Type10186 / Error
Event Submitted/Written: 05/29/2008 00:29:24 PM
Event ID/Source: 7022 / Service Control Manager
Event Description:
The IPv6 Helper Service service hung on starting.

Event Record #/Type10168 / Error
Event Submitted/Written: 05/29/2008 00:24:49 PM
Event ID/Source: 7022 / Service Control Manager
Event Description:
The IPv6 Helper Service service hung on starting.

Event Record #/Type10150 / Error
Event Submitted/Written: 05/29/2008 10:38:24 AM
Event ID/Source: 7022 / Service Control Manager
Event Description:
The IPv6 Helper Service service hung on starting.



-- End of Deckard's System Scanner: finished at 2008-05-29 14:59:36 ------------

kaspersky
-------------------------------------------------------------------------------
 KASPERSKY ONLINE SCANNER REPORT
 Thursday, May 29, 2008 14:55:57
 Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
 Kaspersky Online Scanner version: 5.0.98.0
 Kaspersky Anti-Virus database last update: 29/05/2008
 Kaspersky Anti-Virus database records: 812777
-------------------------------------------------------------------------------

Scan Settings:
	Scan using the following antivirus database: extended
	Scan Archives: true
	Scan Mail Bases: true

Scan Target - My Computer:
	A:\
	C:\
	D:\

Scan Statistics:
	Total number of scanned objects: 63550
	Number of viruses found: 31
	Number of infected objects: 57
	Number of suspicious objects: 1
	Duration of the scan process: 00:29:26

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\Cookies\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG	Object is locked	skipped
C:\Documents and Settings\Mike Menard\Application Data\Mozilla\Firefox\Profiles\5rbdwj8t.default\cert8.db	Object is locked	skipped
C:\Documents and Settings\Mike Menard\Application Data\Mozilla\Firefox\Profiles\5rbdwj8t.default\formhistory.dat	Object is locked	skipped
C:\Documents and Settings\Mike Menard\Application Data\Mozilla\Firefox\Profiles\5rbdwj8t.default\history.dat	Object is locked	skipped
C:\Documents and Settings\Mike Menard\Application Data\Mozilla\Firefox\Profiles\5rbdwj8t.default\key3.db	Object is locked	skipped
C:\Documents and Settings\Mike Menard\Application Data\Mozilla\Firefox\Profiles\5rbdwj8t.default\parent.lock	Object is locked	skipped
C:\Documents and Settings\Mike Menard\Application Data\Mozilla\Firefox\Profiles\5rbdwj8t.default\search.sqlite	Object is locked	skipped
C:\Documents and Settings\Mike Menard\Application Data\Mozilla\Firefox\Profiles\5rbdwj8t.default\urlclassifier2.sqlite	Object is locked	skipped
C:\Documents and Settings\Mike Menard\Cookies\index.dat	Object is locked	skipped
C:\Documents and Settings\Mike Menard\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat	Object is locked	skipped
C:\Documents and Settings\Mike Menard\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\Mike Menard\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\Mike Menard\Local Settings\Application Data\Mozilla\Firefox\Profiles\5rbdwj8t.default\Cache\_CACHE_001_	Object is locked	skipped
C:\Documents and Settings\Mike Menard\Local Settings\Application Data\Mozilla\Firefox\Profiles\5rbdwj8t.default\Cache\_CACHE_002_	Object is locked	skipped
C:\Documents and Settings\Mike Menard\Local Settings\Application Data\Mozilla\Firefox\Profiles\5rbdwj8t.default\Cache\_CACHE_003_	Object is locked	skipped
C:\Documents and Settings\Mike Menard\Local Settings\Application Data\Mozilla\Firefox\Profiles\5rbdwj8t.default\Cache\_CACHE_MAP_	Object is locked	skipped
C:\Documents and Settings\Mike Menard\Local Settings\History\History.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\Mike Menard\Local Settings\History\History.IE5\MSHist012008052920080530\index.dat	Object is locked	skipped
C:\Documents and Settings\Mike Menard\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q3KLSH8X\17PHolmes[1].cmt	Infected: Trojan-Downloader.Win32.Homles.bo	skipped
C:\Documents and Settings\Mike Menard\Local Settings\Temp\Temporary Internet Files\Content.IE5\R5BRUST8\17PHolmes[1].cmt	Infected: Trojan-Downloader.Win32.Homles.bo	skipped
C:\Documents and Settings\Mike Menard\Local Settings\Temp\~DF3FFB.tmp	Object is locked	skipped
C:\Documents and Settings\Mike Menard\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat	Object is locked	skipped
C:\Documents and Settings\Mike Menard\Local Settings\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\Mike Menard\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\Mike Menard\ntuser.dat.LOG	Object is locked	skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG	Object is locked	skipped
C:\System Volume Information\MountPointManagerRemoteDatabase	Object is locked	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP826\A0037009.exe	Infected: not-a-virus:AdWare.Win32.WebHancer.423	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP826\A0037010.dll	Infected: not-a-virus:AdWare.Win32.WebHancer.390	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP826\A0037011.dll	Infected: not-a-virus:AdWare.Win32.WebHancer.390	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP826\A0037049.exe	Infected: Trojan-Downloader.Win32.Homles.bo	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP826\snapshot\MFEX-5.DAT	Infected: not-a-virus:AdWare.Win32.WebHancer.390	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP827\A0037167.exe	Infected: not-a-virus:AdWare.Win32.ZenoSearch.bg	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP827\A0037168.exe	Infected: not-a-virus:AdWare.Win32.ZenoSearch.bg	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP827\A0037172.exe	Infected: not-a-virus:AdWare.Win32.ZenoSearch.bc	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP827\A0037174.exe	Infected: not-a-virus:AdWare.Win32.ZenoSearch.bc	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP827\A0037176.dll	Infected: Trojan.Win32.BHO.cmd	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP827\A0037177.dll	Infected: not-a-virus:AdWare.Win32.Agent.byy	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP827\A0037184.exe	Infected: Trojan-Downloader.Win32.Agent.pbq	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP827\A0037186.exe	Infected: Trojan-Downloader.Win32.Agent.plz	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP827\A0037190.exe	Infected: Trojan-Downloader.Win32.Agent.qqn	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP827\A0037193.exe	Infected: Trojan-Downloader.Win32.TSUpdate.l	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP827\A0037194.exe	Infected: Trojan-Downloader.Win32.TSUpdate.f	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP827\A0037196.exe	Infected: Trojan-Downloader.Win32.Agent.jih	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP827\A0037197.exe	Infected: not-a-virus:AdWare.Win32.Rond.d	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP827\A0037198.exe/stream/data0002	Infected: Trojan-Downloader.Win32.Small.buy	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP827\A0037198.exe/stream/data0004	Infected: not-a-virus:AdWare.Win32.Mostofate.u	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP827\A0037198.exe/stream	Infected: not-a-virus:AdWare.Win32.Mostofate.u	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP827\A0037198.exe	NSIS: infected - 3	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP827\A0037199.exe	Infected: Trojan-Downloader.Win32.Agent.ezc	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP827\A0037200.exe	Infected: not-a-virus:AdWare.Win32.Insider.c	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP827\A0037201.exe	Infected: Trojan.Win32.BHO.bkm	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP827\A0037202.exe	Infected: not-a-virus:AdWare.Win32.Insider.f	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP827\A0037203.exe	Infected: not-a-virus:AdWare.Win32.ZenoSearch.bg	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP827\A0037204.exe/stream/data0002	Infected: not-a-virus:AdWare.Win32.Agent.byy	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP827\A0037204.exe/stream	Infected: not-a-virus:AdWare.Win32.Agent.byy	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP827\A0037204.exe	NSIS: infected - 2	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP827\A0037205.exe	Infected: Trojan.Win32.Agent.lom	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP827\A0037206.exe	Infected: not-a-virus:AdWare.Win32.ZenoSearch.bg	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP828\A0037221.exe	Infected: Trojan-Downloader.Win32.Homles.bo	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP828\A0037222.exe	Infected: Trojan-Downloader.Win32.Homles.bo	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP828\A0037223.exe	Infected: Trojan-Downloader.Win32.Homles.bq	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP830\A0037347.exe	Infected: not-a-virus:AdWare.Win32.AdBand.ac	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP830\A0037350.exe	Infected: Trojan-Downloader.Win32.PurityScan.gb	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP830\A0037351.exe/data0001	Infected: not-a-virus:AdWare.Win32.PurityScan.gp	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP830\A0037351.exe	NSIS: infected - 1	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP830\A0037425.exe	Infected: not-a-virus:AdWare.Win32.Rond.f	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP830\A0037500.exe	Infected: not-virus:Hoax.Win32.Renos.coh	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP830\A0037527.exe	Infected: not-virus:Hoax.Win32.Renos.coh	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP830\A0037534.exe	Suspicious: Type_Win32	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP830\A0037535.exe	Infected: not-a-virus:AdWare.Win32.Insider.c	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP831\A0037610.dll	Infected: not-a-virus:AdWare.Win32.WebHancer.390	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP831\A0037680.exe	Infected: Trojan-Downloader.Win32.Small.wbx	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP831\A0037681.exe	Infected: Trojan-Downloader.Win32.Small.wbx	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP831\A0037682.exe/data0002	Infected: Trojan-Downloader.Win32.PurityScan.gb	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP831\A0037682.exe	NSIS: infected - 1	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP832\change.log	Object is locked	skipped
C:\temp\SmitfraudFix\Reboot.exe	Infected: not-a-virus:RiskTool.Win32.Reboot.f	skipped
C:\temp\SmitfraudFix.exe/SmitfraudFix/Reboot.exe	Infected: not-a-virus:RiskTool.Win32.Reboot.f	skipped
C:\temp\SmitfraudFix.exe	RAR: infected - 1	skipped
C:\WINDOWS\Debug\PASSWD.LOG	Object is locked	skipped
C:\WINDOWS\SchedLgU.Txt	Object is locked	skipped
C:\WINDOWS\Sti_Trace.log	Object is locked	skipped
C:\WINDOWS\system32\000060.exe/stream/data0002	Infected: not-a-virus:AdWare.Win32.AdBand.ac	skipped
C:\WINDOWS\system32\000060.exe/stream	Infected: not-a-virus:AdWare.Win32.AdBand.ac	skipped
C:\WINDOWS\system32\000060.exe	NSIS: infected - 2	skipped
C:\WINDOWS\system32\CatRoot2\edb.log	Object is locked	skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb	Object is locked	skipped
C:\WINDOWS\system32\config\AppEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\default	Object is locked	skipped
C:\WINDOWS\system32\config\default.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\Internet.evt	Object is locked	skipped
C:\WINDOWS\system32\config\SAM	Object is locked	skipped
C:\WINDOWS\system32\config\SAM.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\SecEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\SECURITY	Object is locked	skipped
C:\WINDOWS\system32\config\SECURITY.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\software	Object is locked	skipped
C:\WINDOWS\system32\config\software.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\SysEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\system	Object is locked	skipped
C:\WINDOWS\system32\config\system.LOG	Object is locked	skipped
C:\WINDOWS\system32\drivers\core.cache.dsk	Object is locked	skipped
C:\WINDOWS\system32\drivers\mtlstrmm.sys	Object is locked	skipped
C:\WINDOWS\system32\h323log.txt	Object is locked	skipped
C:\WINDOWS\system32\vntiho06\vntiho061083.exe	Infected: Trojan-Downloader.Win32.VB.epp	skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP	Object is locked	skipped
C:\WINDOWS\wiadebug.log	Object is locked	skipped
C:\WINDOWS\wiaservc.log	Object is locked	skipped

Scan process completed.


BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:37 PM

Posted 29 May 2008 - 07:00 PM

Hello Mikes Helper,

Welcome to Bleeping Computer :)

Where is the AntiVirus for this system? :thumbsup:

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 Mikes Helper

Mikes Helper
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 30 May 2008 - 10:36 AM

Antivirus was Computer Associates or whatever. It was expired and didn't prevent infection, so I just removed it. Like my name implies I'm Mikes helper and this isn't my pc :)

Thanks again for your help :thumbsup:

ComboFix
ComboFix 08-05-29.1 - Mike Menard 2008-05-30 11:25:56.3 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.280 [GMT -4:00]
Running from: C:\Documents and Settings\Mike Menard\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((   Files Created from 2008-04-28 to 2008-05-30  )))))))))))))))))))))))))))))))
.

2008-05-29 17:22 . 2008-03-01 09:06	6,066,176	-----c---	C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-29 17:22 . 2007-04-17 05:32	2,455,488	-----c---	C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-29 17:22 . 2007-03-08 01:10	991,232	-----c---	C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-29 17:22 . 2008-03-01 09:06	459,264	-----c---	C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-29 17:22 . 2008-03-01 09:06	383,488	-----c---	C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-29 17:22 . 2008-03-01 09:06	267,776	-----c---	C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-29 17:22 . 2008-03-01 09:06	63,488	-----c---	C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-29 17:22 . 2008-03-01 09:06	52,224	-----c---	C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-29 17:22 . 2008-02-22 06:00	13,824	-----c---	C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-29 16:54 . 2008-05-29 16:54	<DIR>	d--------	C:\Documents and Settings\Mike Menard\Application Data\Malwarebytes
2008-05-29 16:49 . 2008-05-29 16:49	<DIR>	d--------	C:\Program Files\Malwarebytes' Anti-Malware
2008-05-29 16:49 . 2008-05-29 16:49	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-29 16:49 . 2008-05-05 20:46	27,048	--a------	C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-29 16:49 . 2008-05-05 20:46	15,864	--a------	C:\WINDOWS\system32\drivers\mbam.sys
2008-05-29 14:56 . 2008-05-29 14:56	<DIR>	d--------	C:\Deckard
2008-05-29 13:55 . 2008-05-29 13:55	<DIR>	d--------	C:\WINDOWS\system32\Kaspersky Lab
2008-05-29 13:55 . 2008-05-29 13:55	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-28 22:32 . 2008-05-28 22:32	1,462	--a------	C:\WINDOWS\system32\tmp.reg
2008-05-28 22:31 . 2008-05-28 22:59	<DIR>	d--------	C:\temp\SmitfraudFix
2008-05-28 22:28 . 2008-05-28 22:22	1,392,442	--a------	C:\temp\SmitfraudFix.exe
2008-05-28 20:49 . 2008-05-28 20:45	532,480	--a------	C:\temp\cwshredder.exe
2008-05-28 20:12 . 2008-05-28 20:12	<DIR>	d--------	C:\Documents and Settings\Administrator
2008-05-28 19:44 . 2008-05-28 19:44	0	--a------	C:\WINDOWS\nsreg.dat
2008-05-28 15:49 . 2008-05-28 15:50	<DIR>	d--------	C:\Program Files\Safer Networking
2008-05-28 15:48 . 2008-05-28 15:48	<DIR>	d--------	C:\Program Files\Trend Micro
2008-05-28 14:06 . 2008-05-28 14:06	<DIR>	d--------	C:\Program Files\Spybot - Search & Destroy
2008-05-28 14:06 . 2008-05-28 14:12	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-28 13:03 . 2008-05-28 13:03	<DIR>	d--h-----	C:\WINDOWS\PIF
2008-05-26 13:51 . 2008-05-26 13:51	<DIR>	d--------	C:\WINDOWS\fiii
2008-05-26 13:09 . 2008-05-26 13:09	24,576	--a------	C:\WINDOWS\searchword.dll
2008-05-26 13:09 . 2008-05-26 13:09	24,576	--a------	C:\WINDOWS\msconfd.dll
2008-05-26 13:09 . 2008-05-26 13:09	23,808	--a------	C:\WINDOWS\dnsrelay.dll
2008-05-26 13:09 . 2008-05-26 13:09	14,592	--a------	C:\WINDOWS\rundll32.vbe
2008-05-26 13:09 . 2008-05-26 13:09	12,288	--a------	C:\WINDOWS\msspi.dll
2008-05-26 13:09 . 2008-05-26 13:09	11,008	--a------	C:\WINDOWS\gfmnaaa.dll
2008-05-26 13:09 . 2008-05-26 13:09	9,728	--a------	C:\WINDOWS\mswsc20.dll
2008-05-26 13:09 . 2008-05-26 13:09	8,448	--a------	C:\WINDOWS\mswsc10.dll
2008-05-25 21:37 . 2008-05-25 21:37	<DIR>	d--------	C:\Documents and Settings\LocalService\Application Data\BLSTOOLBAR
2008-05-25 21:37 . 2008-05-25 21:37	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\SmartSh
2008-05-25 21:37 . 2008-05-25 21:37	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\HlpUi
2008-05-25 21:37 . 2008-05-25 21:37	4	--a------	C:\WINDOWS\system32\hljwugsf.bin
2008-05-25 07:44 . 2008-05-25 07:44	<DIR>	d--------	C:\WINDOWS\system32\vntiho06
2008-05-25 07:44 . 2008-05-27 16:49	<DIR>	d--------	C:\WINDOWS\system32\hI2
2008-05-25 07:44 . 2008-05-25 07:44	<DIR>	d--------	C:\WINDOWS\system32\at1
2008-05-25 07:44 . 2008-05-27 16:45	<DIR>	d--------	C:\WINDOWS\system32\1064a
2008-05-20 17:05 . 2008-05-20 17:05	32,768	--a------	C:\WINDOWS\system32\vntiho06\vntiho061083.exe
2008-04-28 18:59 . 2008-04-28 18:59	<DIR>	d--------	C:\Program Files\Common Files\SWF Studio
2008-04-28 18:57 . 2008-04-28 18:57	0	--ah-----	C:\WINDOWS\SwSys2.bmp
2008-04-28 18:57 . 2008-04-28 18:57	0	--ah-----	C:\WINDOWS\SwSys1.bmp
2008-04-18 21:04 . 2008-04-18 21:04	<DIR>	d--------	C:\Program Files\Smilebox

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-29 13:21	---------	d-----w	C:\Program Files\Yahoo!
2008-05-28 19:26	---------	d-----w	C:\Program Files\Google
2008-05-26 17:40	---------	d-----w	C:\Program Files\Lx_cats
2008-05-13 00:38	---------	d-----w	C:\Documents and Settings\Mike Menard\Application Data\Smilebox
2008-05-10 18:14	---------	d-----w	C:\Documents and Settings\Mike Menard\Application Data\MSN6
2008-05-07 21:24	---------	d-----w	C:\Documents and Settings\Mike Menard\Application Data\AdobeUM
2008-03-27 08:12	151,583	----a-w	C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47	1,845,248	----a-w	C:\WINDOWS\system32\win32k.sys
2008-03-01 13:06	826,368	----a-w	C:\WINDOWS\system32\wininet.dll
2008-02-26 11:59	294,912	----a-w	C:\WINDOWS\system32\msctf.dll
2008-02-20 06:51	282,624	----a-w	C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32	45,568	----a-w	C:\WINDOWS\system32\dnsrslvr.dll
2008-02-13 18:03	24,626	----a-w	C:\WINDOWS\system32\ScrrnES.dll
2008-02-13 18:03	1,376,528	----a-w	C:\WINDOWS\system32\msvbvm60.dll
.

(((((((((((((((((((((((((((((   snapshot_2008-05-30_11.21.47.87   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-30 15:15:22	2,048	--s-a-w	C:\WINDOWS\bootstat.dat
+ 2008-05-30 15:23:58	2,048	--s-a-w	C:\WINDOWS\bootstat.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmileboxTray"="C:\Documents and Settings\Mike Menard\Application Data\Smilebox\SmileboxTray.exe" [2008-04-30 16:44 201352]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 14:42 1404928]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2005-01-23 10:36 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2005-01-23 10:31 126976]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57 282624]
"lxctmon.exe"="C:\Program Files\Lexmark 5400 Series\lxctmon.exe" [2006-06-20 09:37 286720]
"Lexmark 5400 Series Fax Server"="C:\Program Files\Lexmark 5400 Series\fm3032.exe" [2006-07-10 19:30 294912]
"EzPrint"="C:\Program Files\Lexmark 5400 Series\ezprint.exe" [2006-06-06 23:05 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare Software\\bin\\EasyShare.exe"=
"C:\\WINDOWS\\system32\\lxctcoms.exe"=


.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-30 11:27:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-30 11:29:00
ComboFix-quarantined-files.txt  2008-05-30 15:28:51
ComboFix2.txt  2008-05-30 15:22:04
ComboFix3.txt  2008-05-29 21:22:13

Pre-Run: 61,729,013,760 bytes free
Post-Run: 61,718,814,720 bytes free

122	--- E O F ---	2008-05-29 21:26:16

HiJackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:31:14, on 5/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Lexmark 5400 Series\lxctmon.exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\Documents and Settings\Mike Menard\Application Data\Smilebox\SmileboxTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKCU\..\Run: [SmileboxTray] "C:\Documents and Settings\Mike Menard\Application Data\Smilebox\SmileboxTray.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1154557975233
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
O23 - Service: lxct_device -   - C:\WINDOWS\system32\lxctcoms.exe
O24 - Desktop Component 0: (no name) - http://img.att.net/cobrand/bellsouth/img/ui/bg-grad-at.png

--
End of file - 3874 bytes


#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:37 PM

Posted 30 May 2008 - 11:46 AM

Hello,

Why did you run it 3 times?? :thumbsup: I needed to see the original. :) Do you still have it?
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 Mikes Helper

Mikes Helper
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 30 May 2008 - 11:58 AM

There are only 2 files :/

EDIT: Found the 3rd file. This is the earliest.

ComboFix 08-05-29.1 - Mike Menard 2008-05-29 17:15:48.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.302 [GMT -4:00]
Running from: C:\Documents and Settings\Mike Menard\Desktop\ComboFix.exe
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\temp\tn3
C:\WINDOWS\BM833f6284.xml
C:\WINDOWS\mainms.vpi
C:\WINDOWS\megavid.cdt
C:\WINDOWS\muotr.so
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\acvlnbcv.ini
C:\WINDOWS\system32\adKnmUvw.ini
C:\WINDOWS\system32\adKnmUvw.ini2
C:\WINDOWS\system32\aIhkQqru.ini
C:\WINDOWS\system32\aIhkQqru.ini2
C:\WINDOWS\system32\bcteniwk.dll
C:\WINDOWS\system32\bKmTCcdd.ini
C:\WINDOWS\system32\bKmTCcdd.ini2
C:\WINDOWS\system32\CKTuCJjl.ini
C:\WINDOWS\system32\CKTuCJjl.ini2
C:\WINDOWS\system32\dijgxgoq.dll
C:\WINDOWS\system32\drivers\mtlstrmm.sys
C:\WINDOWS\system32\EegjjRqr.ini
C:\WINDOWS\system32\EegjjRqr.ini2
C:\WINDOWS\system32\eyueyukg.dll
C:\WINDOWS\system32\hfjpjrac.dll
C:\WINDOWS\system32\hmkbnndi.dll
C:\WINDOWS\system32\ivjcrinl.dll
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\pocbfqpo.dll
C:\WINDOWS\system32\svgqjcpk.dll
C:\WINDOWS\system32\vsmopagk.dll
C:\WINDOWS\system32\yucukycc.dll

----- BITS: Possible infected sites -----

hxxp://80.93.48.89
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSSECURITY1.209.4
-------\Legacy_MTLSTRMM
-------\Service_mtlstrmm


(((((((((((((((((((((((((   Files Created from 2008-04-28 to 2008-05-29  )))))))))))))))))))))))))))))))
.

2008-05-29 16:54 . 2008-05-29 16:54	<DIR>	d--------	C:\Documents and Settings\Mike Menard\Application Data\Malwarebytes
2008-05-29 16:49 . 2008-05-29 16:49	<DIR>	d--------	C:\Program Files\Malwarebytes' Anti-Malware
2008-05-29 16:49 . 2008-05-29 16:49	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-29 16:49 . 2008-05-05 20:46	27,048	--a------	C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-29 16:49 . 2008-05-05 20:46	15,864	--a------	C:\WINDOWS\system32\drivers\mbam.sys
2008-05-29 14:56 . 2008-05-29 14:56	<DIR>	d--------	C:\Deckard
2008-05-29 13:55 . 2008-05-29 13:55	<DIR>	d--------	C:\WINDOWS\system32\Kaspersky Lab
2008-05-29 13:55 . 2008-05-29 13:55	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-29 13:08 . 2008-05-29 13:08	167,976	---------	C:\WINDOWS\system32\drivers\core.cache.dsk
2008-05-28 22:32 . 2008-05-28 22:32	1,462	--a------	C:\WINDOWS\system32\tmp.reg
2008-05-28 22:31 . 2008-05-28 22:59	<DIR>	d--------	C:\temp\SmitfraudFix
2008-05-28 22:28 . 2008-05-28 22:22	1,392,442	--a------	C:\temp\SmitfraudFix.exe
2008-05-28 20:49 . 2008-05-28 20:45	532,480	--a------	C:\temp\cwshredder.exe
2008-05-28 20:12 . 2008-05-28 20:12	<DIR>	d--------	C:\Documents and Settings\Administrator
2008-05-28 19:44 . 2008-05-28 19:44	0	--a------	C:\WINDOWS\nsreg.dat
2008-05-28 15:49 . 2008-05-28 15:50	<DIR>	d--------	C:\Program Files\Safer Networking
2008-05-28 15:48 . 2008-05-28 15:48	<DIR>	d--------	C:\Program Files\Trend Micro
2008-05-28 14:06 . 2008-05-28 14:06	<DIR>	d--------	C:\Program Files\Spybot - Search & Destroy
2008-05-28 14:06 . 2008-05-28 14:12	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-28 13:03 . 2008-05-28 13:03	<DIR>	d--h-----	C:\WINDOWS\PIF
2008-05-26 13:51 . 2008-05-26 13:51	<DIR>	d--------	C:\WINDOWS\fiii
2008-05-26 13:09 . 2008-05-26 13:09	24,576	--a------	C:\WINDOWS\searchword.dll
2008-05-26 13:09 . 2008-05-26 13:09	24,576	--a------	C:\WINDOWS\msconfd.dll
2008-05-26 13:09 . 2008-05-26 13:09	23,808	--a------	C:\WINDOWS\dnsrelay.dll
2008-05-26 13:09 . 2008-05-26 13:09	14,592	--a------	C:\WINDOWS\rundll32.vbe
2008-05-26 13:09 . 2008-05-26 13:09	12,288	--a------	C:\WINDOWS\msspi.dll
2008-05-26 13:09 . 2008-05-26 13:09	11,008	--a------	C:\WINDOWS\gfmnaaa.dll
2008-05-26 13:09 . 2008-05-26 13:09	9,728	--a------	C:\WINDOWS\mswsc20.dll
2008-05-26 13:09 . 2008-05-26 13:09	8,448	--a------	C:\WINDOWS\mswsc10.dll
2008-05-25 21:37 . 2008-05-25 21:37	<DIR>	d--------	C:\Documents and Settings\LocalService\Application Data\BLSTOOLBAR
2008-05-25 21:37 . 2008-05-25 21:37	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\SmartSh
2008-05-25 21:37 . 2008-05-25 21:37	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\HlpUi
2008-05-25 21:37 . 2008-05-25 21:37	4	--a------	C:\WINDOWS\system32\hljwugsf.bin
2008-05-25 07:44 . 2008-05-25 07:44	<DIR>	d--------	C:\WINDOWS\system32\vntiho06
2008-05-25 07:44 . 2008-05-27 16:49	<DIR>	d--------	C:\WINDOWS\system32\hI2
2008-05-25 07:44 . 2008-05-25 07:44	<DIR>	d--------	C:\WINDOWS\system32\at1
2008-05-25 07:44 . 2008-05-27 16:45	<DIR>	d--------	C:\WINDOWS\system32\1064a
2008-05-20 17:05 . 2008-05-20 17:05	32,768	--a------	C:\WINDOWS\system32\vntiho06\vntiho061083.exe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-29 13:21	---------	d-----w	C:\Program Files\Yahoo!
2008-05-28 19:26	---------	d-----w	C:\Program Files\Google
2008-05-26 17:40	---------	d-----w	C:\Program Files\Lx_cats
2008-05-13 00:38	---------	d-----w	C:\Documents and Settings\Mike Menard\Application Data\Smilebox
2008-05-10 18:14	---------	d-----w	C:\Documents and Settings\Mike Menard\Application Data\MSN6
2008-05-07 21:24	---------	d-----w	C:\Documents and Settings\Mike Menard\Application Data\AdobeUM
2008-04-28 22:59	---------	d-----w	C:\Program Files\Common Files\SWF Studio
2008-04-19 01:04	---------	d-----w	C:\Program Files\Smilebox
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmileboxTray"="C:\Documents and Settings\Mike Menard\Application Data\Smilebox\SmileboxTray.exe" [2008-04-30 16:44 201352]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 14:42 1404928]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2005-01-23 10:36 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2005-01-23 10:31 126976]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57 282624]
"lxctmon.exe"="C:\Program Files\Lexmark 5400 Series\lxctmon.exe" [2006-06-20 09:37 286720]
"Lexmark 5400 Series Fax Server"="C:\Program Files\Lexmark 5400 Series\fm3032.exe" [2006-07-10 19:30 294912]
"EzPrint"="C:\Program Files\Lexmark 5400 Series\ezprint.exe" [2006-06-06 23:05 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare Software\\bin\\EasyShare.exe"=
"C:\\WINDOWS\\system32\\lxctcoms.exe"=


.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-29 17:18:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\lxctcoms.exe
C:\WINDOWS\system32\locator.exe
.
**************************************************************************
.
Completion time: 2008-05-29 17:22:12 - machine was rebooted
ComboFix-quarantined-files.txt  2008-05-29 21:22:09

Pre-Run: 61,935,730,688 bytes free
Post-Run: 61,879,582,720 bytes free

146	--- E O F ---	2008-05-28 22:45:12

Edited by Mikes Helper, 30 May 2008 - 12:04 PM.


#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:37 PM

Posted 30 May 2008 - 12:05 PM

Thanks. :thumbsup: I was looking to be sure a certain something had been removed, and it does look to be.......are the other scans coming up clean? How is it running? You should delete the tools you used for this clean up, like SmitfraudFix, ComboFix and its accompanying folder C:\Qoobox, etc....... Empty your Recycle bin and reboot your computer.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 Mikes Helper

Mikes Helper
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 30 May 2008 - 12:12 PM

I'm gonna remove everything. What scans should I run when I reboot?

It does seem to be running ok at the moment.

Thanks!

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:37 PM

Posted 30 May 2008 - 12:17 PM

Kaspersky, Spybot....you pick it. I'm looking for this : C:\WINDOWS\system32\drivers\core.cache.dsk ComboFix should have taken it out, and the protecting friver/file, but with you doing stuff I don't know about I can't tell. :thumbsup: Could you please see if it's still present in System32?
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 Mikes Helper

Mikes Helper
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 30 May 2008 - 12:19 PM

Its not there at the moment. I'm going to reboot 2-3 times and see if it comes back.

#10 Mikes Helper

Mikes Helper
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 30 May 2008 - 01:09 PM

C:\WINDOWS\system32\drivers\core.cache.dsk is no longer there.

However there is some stuff in system restore it appears and something in here:
C:\WINDOWS\system32\vntiho06\vntiho061083.exe Infected: Trojan-Downloader.Win32.VB.epp

Apologies for doing things out of order/without instruction :thumbsup:

HiJackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:02:59, on 5/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Lexmark 5400 Series\lxctmon.exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\Documents and Settings\Mike Menard\Application Data\Smilebox\SmileboxTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKCU\..\Run: [SmileboxTray] "C:\Documents and Settings\Mike Menard\Application Data\Smilebox\SmileboxTray.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1154557975233
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
O23 - Service: lxct_device -   - C:\WINDOWS\system32\lxctcoms.exe
O24 - Desktop Component 0: (no name) - http://img.att.net/cobrand/bellsouth/img/ui/bg-grad-at.png

--
End of file - 3532 bytes

Kaspersky
-------------------------------------------------------------------------------
 KASPERSKY ONLINE SCANNER REPORT
 Friday, May 30, 2008 13:56:52
 Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
 Kaspersky Online Scanner version: 5.0.98.0
 Kaspersky Anti-Virus database last update: 30/05/2008
 Kaspersky Anti-Virus database records: 814999
-------------------------------------------------------------------------------

Scan Settings:
	Scan using the following antivirus database: extended
	Scan Archives: true
	Scan Mail Bases: true

Scan Target - My Computer:
	A:\
	C:\
	D:\

Scan Statistics:
	Total number of scanned objects: 35785
	Number of viruses found: 32
	Number of infected objects: 53
	Number of suspicious objects: 1
	Duration of the scan process: 00:19:05

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\LocalService\Cookies\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG	Object is locked	skipped
C:\Documents and Settings\Mike Menard\Application Data\Mozilla\Firefox\Profiles\5rbdwj8t.default\cert8.db	Object is locked	skipped
C:\Documents and Settings\Mike Menard\Application Data\Mozilla\Firefox\Profiles\5rbdwj8t.default\formhistory.dat	Object is locked	skipped
C:\Documents and Settings\Mike Menard\Application Data\Mozilla\Firefox\Profiles\5rbdwj8t.default\history.dat	Object is locked	skipped
C:\Documents and Settings\Mike Menard\Application Data\Mozilla\Firefox\Profiles\5rbdwj8t.default\key3.db	Object is locked	skipped
C:\Documents and Settings\Mike Menard\Application Data\Mozilla\Firefox\Profiles\5rbdwj8t.default\parent.lock	Object is locked	skipped
C:\Documents and Settings\Mike Menard\Application Data\Mozilla\Firefox\Profiles\5rbdwj8t.default\search.sqlite	Object is locked	skipped
C:\Documents and Settings\Mike Menard\Application Data\Mozilla\Firefox\Profiles\5rbdwj8t.default\urlclassifier2.sqlite	Object is locked	skipped
C:\Documents and Settings\Mike Menard\Cookies\index.dat	Object is locked	skipped
C:\Documents and Settings\Mike Menard\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat	Object is locked	skipped
C:\Documents and Settings\Mike Menard\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\Mike Menard\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\Mike Menard\Local Settings\Application Data\Mozilla\Firefox\Profiles\5rbdwj8t.default\Cache\_CACHE_001_	Object is locked	skipped
C:\Documents and Settings\Mike Menard\Local Settings\Application Data\Mozilla\Firefox\Profiles\5rbdwj8t.default\Cache\_CACHE_002_	Object is locked	skipped
C:\Documents and Settings\Mike Menard\Local Settings\Application Data\Mozilla\Firefox\Profiles\5rbdwj8t.default\Cache\_CACHE_003_	Object is locked	skipped
C:\Documents and Settings\Mike Menard\Local Settings\Application Data\Mozilla\Firefox\Profiles\5rbdwj8t.default\Cache\_CACHE_MAP_	Object is locked	skipped
C:\Documents and Settings\Mike Menard\Local Settings\History\History.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\Mike Menard\Local Settings\History\History.IE5\MSHist012008053020080531\index.dat	Object is locked	skipped
C:\Documents and Settings\Mike Menard\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat	Object is locked	skipped
C:\Documents and Settings\Mike Menard\Local Settings\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\Mike Menard\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\Mike Menard\ntuser.dat.LOG	Object is locked	skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG	Object is locked	skipped
C:\System Volume Information\MountPointManagerRemoteDatabase	Object is locked	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP826\A0037009.exe	Infected: not-a-virus:AdWare.Win32.WebHancer.423	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP826\A0037010.dll	Infected: not-a-virus:AdWare.Win32.WebHancer.390	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP826\A0037011.dll	Infected: not-a-virus:AdWare.Win32.WebHancer.390	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP826\A0037049.exe	Infected: Trojan-Downloader.Win32.Homles.bo	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP826\snapshot\MFEX-5.DAT	Infected: not-a-virus:AdWare.Win32.WebHancer.390	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP827\A0037167.exe	Infected: not-a-virus:AdWare.Win32.ZenoSearch.bg	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP827\A0037168.exe	Infected: not-a-virus:AdWare.Win32.ZenoSearch.bg	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP827\A0037172.exe	Infected: not-a-virus:AdWare.Win32.ZenoSearch.bc	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP827\A0037174.exe	Infected: not-a-virus:AdWare.Win32.ZenoSearch.bc	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP827\A0037176.dll	Infected: Trojan.Win32.BHO.cmd	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP827\A0037177.dll	Infected: not-a-virus:AdWare.Win32.Agent.byy	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP827\A0037184.exe	Infected: Trojan-Downloader.Win32.Agent.pbq	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP827\A0037186.exe	Infected: Trojan-Downloader.Win32.Agent.plz	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP827\A0037190.exe	Infected: Trojan-Downloader.Win32.Agent.qqn	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP827\A0037193.exe	Infected: Trojan-Downloader.Win32.TSUpdate.l	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP827\A0037194.exe	Infected: Trojan-Downloader.Win32.TSUpdate.f	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP827\A0037196.exe	Infected: Trojan-Downloader.Win32.Agent.jih	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP827\A0037197.exe	Infected: not-a-virus:AdWare.Win32.Rond.d	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP827\A0037198.exe/stream/data0002	Infected: Trojan-Downloader.Win32.Small.buy	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP827\A0037198.exe/stream/data0004	Infected: not-a-virus:AdWare.Win32.Mostofate.u	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP827\A0037198.exe/stream	Infected: not-a-virus:AdWare.Win32.Mostofate.u	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP827\A0037198.exe	NSIS: infected - 3	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP827\A0037199.exe	Infected: Trojan-Downloader.Win32.Agent.ezc	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP827\A0037200.exe	Infected: not-a-virus:AdWare.Win32.Insider.c	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP827\A0037201.exe	Infected: Trojan.Win32.BHO.bkm	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP827\A0037202.exe	Infected: not-a-virus:AdWare.Win32.Insider.f	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP827\A0037203.exe	Infected: not-a-virus:AdWare.Win32.ZenoSearch.bg	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP827\A0037204.exe/stream/data0002	Infected: not-a-virus:AdWare.Win32.Agent.byy	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP827\A0037204.exe/stream	Infected: not-a-virus:AdWare.Win32.Agent.byy	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP827\A0037204.exe	NSIS: infected - 2	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP827\A0037205.exe	Infected: Trojan.Win32.Agent.lom	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP827\A0037206.exe	Infected: not-a-virus:AdWare.Win32.ZenoSearch.bg	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP828\A0037221.exe	Infected: Trojan-Downloader.Win32.Homles.bo	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP828\A0037222.exe	Infected: Trojan-Downloader.Win32.Homles.bo	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP828\A0037223.exe	Infected: Trojan-Downloader.Win32.Homles.bq	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP828\A0037230.dll	Infected: not-a-virus:AdWare.Win32.MegaSearch.w	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP830\A0037347.exe	Infected: not-a-virus:AdWare.Win32.AdBand.ac	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP830\A0037350.exe	Infected: Trojan-Downloader.Win32.PurityScan.gb	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP830\A0037351.exe/data0001	Infected: not-a-virus:AdWare.Win32.PurityScan.gp	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP830\A0037351.exe	NSIS: infected - 1	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP830\A0037425.exe	Infected: not-a-virus:AdWare.Win32.Rond.f	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP830\A0037500.exe	Infected: not-virus:Hoax.Win32.Renos.coh	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP830\A0037527.exe	Infected: not-virus:Hoax.Win32.Renos.coh	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP830\A0037534.exe	Suspicious: Type_Win32	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP830\A0037535.exe	Infected: not-a-virus:AdWare.Win32.Insider.c	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP831\A0037610.dll	Infected: not-a-virus:AdWare.Win32.WebHancer.390	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP831\A0037680.exe	Infected: Trojan-Downloader.Win32.Small.wbx	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP831\A0037681.exe	Infected: Trojan-Downloader.Win32.Small.wbx	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP831\A0037682.exe/data0002	Infected: Trojan-Downloader.Win32.PurityScan.gb	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP831\A0037682.exe	NSIS: infected - 1	skipped
C:\System Volume Information\_restore{36D2833F-302D-4A4E-8222-72769BE3950D}\RP835\change.log	Object is locked	skipped
C:\WINDOWS\Debug\PASSWD.LOG	Object is locked	skipped
C:\WINDOWS\SchedLgU.Txt	Object is locked	skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log	Object is locked	skipped
C:\WINDOWS\Sti_Trace.log	Object is locked	skipped
C:\WINDOWS\system32\config\AppEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\default	Object is locked	skipped
C:\WINDOWS\system32\config\default.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\Internet.evt	Object is locked	skipped
C:\WINDOWS\system32\config\SAM	Object is locked	skipped
C:\WINDOWS\system32\config\SAM.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\SecEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\SECURITY	Object is locked	skipped
C:\WINDOWS\system32\config\SECURITY.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\software	Object is locked	skipped
C:\WINDOWS\system32\config\software.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\SysEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\system	Object is locked	skipped
C:\WINDOWS\system32\config\system.LOG	Object is locked	skipped
C:\WINDOWS\system32\h323log.txt	Object is locked	skipped
C:\WINDOWS\system32\vntiho06\vntiho061083.exe	Infected: Trojan-Downloader.Win32.VB.epp	skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP	Object is locked	skipped
C:\WINDOWS\wiadebug.log	Object is locked	skipped
C:\WINDOWS\wiaservc.log	Object is locked	skipped
C:\WINDOWS\WindowsUpdate.log	Object is locked	skipped

Scan process completed.


#11 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:37 PM

Posted 30 May 2008 - 03:30 PM

Those are easy to fix :

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it ( something you'll remember) and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.

Now run the scan again and let me know what it finds. How is the computer running?

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#12 Mikes Helper

Mikes Helper
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 30 May 2008 - 03:47 PM

Scanning now, will post results and that will hopefully be my last post xD

AVG seems to be the favored anti-virus?

I think I'm going to install comodo firewall, AVG anti-virus, spywareblaster, adaware, and firefox with adblockplus(with subscriptions). Does this sound like a good combo?

Thanks so much for your time. :thumbsup:

#13 Mikes Helper

Mikes Helper
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 30 May 2008 - 04:58 PM

Seems to be clean now. PC is running well. Thank You. Consider this one fixed.

Don't bother answering the above questions. I'm gonna roll with what I posted above and give the PC back to Mike (then start my weekend).

Have a good weekend. :thumbsup:

HiJackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:52:23, on 5/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Lexmark 5400 Series\lxctmon.exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\Documents and Settings\Mike Menard\Application Data\Smilebox\SmileboxTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKCU\..\Run: [SmileboxTray] "C:\Documents and Settings\Mike Menard\Application Data\Smilebox\SmileboxTray.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1154557975233
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: lxct_device -   - C:\WINDOWS\system32\lxctcoms.exe
O24 - Desktop Component 0: (no name) - http://img.att.net/cobrand/bellsouth/img/ui/bg-grad-at.png

--
End of file - 3594 bytes

Kaspersky
-------------------------------------------------------------------------------
 KASPERSKY ONLINE SCANNER REPORT
 Friday, May 30, 2008 17:52:05
 Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
 Kaspersky Online Scanner version: 5.0.98.0
 Kaspersky Anti-Virus database last update: 30/05/2008
 Kaspersky Anti-Virus database records: 815499
-------------------------------------------------------------------------------

Scan Settings:
	Scan using the following antivirus database: extended
	Scan Archives: true
	Scan Mail Bases: true

Scan Target - My Computer:
	A:\
	C:\
	D:\

Scan Statistics:
	Total number of scanned objects: 31973
	Number of viruses found: 0
	Number of infected objects: 0
	Number of suspicious objects: 0
	Duration of the scan process: 00:18:17

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\LocalService\Cookies\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG	Object is locked	skipped
C:\Documents and Settings\Mike Menard\Application Data\Mozilla\Firefox\Profiles\5rbdwj8t.default\cert8.db	Object is locked	skipped
C:\Documents and Settings\Mike Menard\Application Data\Mozilla\Firefox\Profiles\5rbdwj8t.default\formhistory.dat	Object is locked	skipped
C:\Documents and Settings\Mike Menard\Application Data\Mozilla\Firefox\Profiles\5rbdwj8t.default\history.dat	Object is locked	skipped
C:\Documents and Settings\Mike Menard\Application Data\Mozilla\Firefox\Profiles\5rbdwj8t.default\key3.db	Object is locked	skipped
C:\Documents and Settings\Mike Menard\Application Data\Mozilla\Firefox\Profiles\5rbdwj8t.default\parent.lock	Object is locked	skipped
C:\Documents and Settings\Mike Menard\Application Data\Mozilla\Firefox\Profiles\5rbdwj8t.default\search.sqlite	Object is locked	skipped
C:\Documents and Settings\Mike Menard\Application Data\Mozilla\Firefox\Profiles\5rbdwj8t.default\urlclassifier2.sqlite	Object is locked	skipped
C:\Documents and Settings\Mike Menard\Cookies\index.dat	Object is locked	skipped
C:\Documents and Settings\Mike Menard\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat	Object is locked	skipped
C:\Documents and Settings\Mike Menard\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\Mike Menard\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\Mike Menard\Local Settings\Application Data\Mozilla\Firefox\Profiles\5rbdwj8t.default\Cache\_CACHE_001_	Object is locked	skipped
C:\Documents and Settings\Mike Menard\Local Settings\Application Data\Mozilla\Firefox\Profiles\5rbdwj8t.default\Cache\_CACHE_002_	Object is locked	skipped
C:\Documents and Settings\Mike Menard\Local Settings\Application Data\Mozilla\Firefox\Profiles\5rbdwj8t.default\Cache\_CACHE_003_	Object is locked	skipped
C:\Documents and Settings\Mike Menard\Local Settings\Application Data\Mozilla\Firefox\Profiles\5rbdwj8t.default\Cache\_CACHE_MAP_	Object is locked	skipped
C:\Documents and Settings\Mike Menard\Local Settings\History\History.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\Mike Menard\Local Settings\History\History.IE5\MSHist012008053020080531\index.dat	Object is locked	skipped
C:\Documents and Settings\Mike Menard\Local Settings\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\Mike Menard\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\Mike Menard\ntuser.dat.LOG	Object is locked	skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG	Object is locked	skipped
C:\System Volume Information\MountPointManagerRemoteDatabase	Object is locked	skipped
C:\WINDOWS\Debug\PASSWD.LOG	Object is locked	skipped
C:\WINDOWS\SchedLgU.Txt	Object is locked	skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{6B317C08-0A57-4CDD-8F4F-1EA37D5D6865}.bin	Object is locked	skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log	Object is locked	skipped
C:\WINDOWS\Sti_Trace.log	Object is locked	skipped
C:\WINDOWS\system32\config\AppEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\default	Object is locked	skipped
C:\WINDOWS\system32\config\default.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\Internet.evt	Object is locked	skipped
C:\WINDOWS\system32\config\SAM	Object is locked	skipped
C:\WINDOWS\system32\config\SAM.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\SecEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\SECURITY	Object is locked	skipped
C:\WINDOWS\system32\config\SECURITY.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\software	Object is locked	skipped
C:\WINDOWS\system32\config\software.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\SysEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\system	Object is locked	skipped
C:\WINDOWS\system32\config\system.LOG	Object is locked	skipped
C:\WINDOWS\system32\h323log.txt	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP	Object is locked	skipped
C:\WINDOWS\wiadebug.log	Object is locked	skipped
C:\WINDOWS\wiaservc.log	Object is locked	skipped
C:\WINDOWS\WindowsUpdate.log	Object is locked	skipped

Scan process completed.


#14 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:37 PM

Posted 30 May 2008 - 06:04 PM

Hi there,

AVG8 just came out and there have been a LOT of issues with it. Avira OR Avast are good FREE antivirus. I run Avira on my own system, and before that ran Avast!.

Use this tool to take care of the Firefox cookies, and leave it on the machine for the owner to use, if he likes it. :)

Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

You have a great weekend too! :thumbsup:

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#15 Mikes Helper

Mikes Helper
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 30 May 2008 - 06:41 PM

LMAO @ Luke Filewalker... :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users