Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32/heur And Aorted Popups


  • This topic is locked This topic is locked
9 replies to this topic

#1 fita1440

fita1440

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:06 AM

Posted 11 July 2008 - 12:48 PM

Runnng windows XP pro
Did the scans like requestd an posted them here. hope you can help me out thanks




Friday, July 11, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, July 11, 2008 15:36:19
Records in database: 942631


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
C:\
D:\
S:\
T:\

Scan statistics
Files scanned 120466
Threat name 3
Infected objects 3
Suspicious objects 0
Duration of the scan 01:38:16

File name Threat name Threats count
C:\Documents and Settings\Chris.DENSON\Desktop\Remote Support.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c 1

C:\Documents and Settings\Chris.DENSON\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1

C:\WINDOWS\system32\clbdll.dll Infected: Rootkit.Win32.Clbd.ey 1

The scan was stopped


Deckard's System Scanner v20071014.68
Run by Chris on 2008-07-11 11:40:54
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
75: 2008-07-11 16:41:02 UTC - RP248 - Deckard's System Scanner Restore Point
74: 2008-07-11 05:16:03 UTC - RP247 - _11-Jul-2008 12:15:58 AM
73: 2008-07-10 23:51:53 UTC - RP246 - Installed AVG Free 8.0
72: 2008-07-10 22:40:19 UTC - RP245 - Last known good configuration
71: 2008-07-10 22:40:13 UTC - RP244 - _10-Jul-2008 07:29:24 AM


-- First Restore Point --
1: 2008-07-10 22:40:03 UTC - RP174 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Chris.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:41:58, on 7/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware Enterprise Client\aaclient.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\avgagent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\PROGRA~1\SAAZOD\SAAZDPMACTL.EXE
C:\PROGRA~1\SAAZOD\SAAZRemoteSupport.exe
C:\PROGRA~1\SAAZOD\SAAZServerPlus.exe
C:\PROGRA~1\SAAZOD\SAAZWatchDog.exe
c:\program files\timberline office\shared\sage.servicehost.host.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Documents and Settings\Chris.DENSON\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Chris.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070907
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {00E2E85C-91A9-42ED-B0E2-2FB2F0CF4D24} - C:\DOCUME~1\CHRIS~1.DEN\LOCALS~1\Temp\qoMeFvTm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [00d2197d] rundll32.exe "C:\WINDOWS\system32\phjmtndy.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Pervasive.SQL Workgroup Engine.lnk = C:\PVSW\Bin\w3dbsmgr.exe
O4 - Global Startup: WinMessenger StartUp.lnk = C:\Program Files\WinMessenger\WinMesgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1189773315828
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Denson.local
O17 - HKLM\Software\..\Telephony: DomainName = Denson.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Denson.local
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: wxvault.dll,avgrsstx.dll
O23 - Service: Ad-Aware Enterprise Client - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware Enterprise Client\aaclient.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG7 Remote Support Service (AvgAgent) (avgagent) - Unknown owner - avgagent.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAAZDPMACTL - Zenith Infotech Ltd - C:\PROGRA~1\SAAZOD\\SAAZDPMACTL.EXE
O23 - Service: SAAZRemoteSupport - Zenith Infotech Ltd - C:\PROGRA~1\SAAZOD\\SAAZRemoteSupport.exe
O23 - Service: SAAZServerPlus - Zenith Infotech Ltd - C:\PROGRA~1\SAAZOD\\SAAZServerPlus.exe
O23 - Service: SAAZWatchDog - Unknown owner - C:\PROGRA~1\SAAZOD\\SAAZWatchDog (file missing)
O23 - Service: Sage Service Host v1.0 (Sage.ServiceHost.Host.1.0) - Sage Software, Inc. - c:\program files\timberline office\shared\sage.servicehost.host.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe
O23 - Service: NTRU TSS v1.2.1.12 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9009 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 PBADRV - c:\windows\system32\drivers\pbadrv.sys <Not Verified; Dell Inc; Application Driver>
R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R3 DSproct - c:\program files\dell support\gtaction\triggers\dsproct.sys <Not Verified; GTek Technologies Ltd.; processt>
R3 DXEC01 - c:\windows\system32\drivers\dxec01.sys <Not Verified; Knowles Acoustics; DXEC.01 Speech Enhancement>

S3 LHidUsbK (Logitech SetPoint USB Receiver device driver) - c:\windows\system32\drivers\lhidusbk.sys <Not Verified; Logitech, Inc.; Logitech SetPoint™>
S3 LMouKE (Logitech SetPoint Mouse Filter Driver) - c:\windows\system32\drivers\lmouke.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Ad-Aware Enterprise Client - "c:\program files\lavasoft\ad-aware enterprise client\aaclient.exe" --service "ad-aware enterprise client" --ice.messagesizemax=3072
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 NICCONFIGSVC - c:\program files\dell\quickset\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>
R2 SAAZDPMACTL - c:\progra~1\saazod\\saazdpmactl.exe <Not Verified; Zenith Infotech Ltd; SAAZOD>
R2 SAAZRemoteSupport - c:\progra~1\saazod\\saazremotesupport.exe <Not Verified; Zenith Infotech Ltd; SAAZRemote Application>
R2 SAAZServerPlus - c:\progra~1\saazod\\saazserverplus.exe <Not Verified; Zenith Infotech Ltd; ZIL SAAZServerPlus>
R2 SAAZWatchDog - c:\progra~1\saazod\\saazwatchdog (file missing)
R2 Sage.ServiceHost.Host.1.0 (Sage Service Host v1.0) - c:\program files\timberline office\shared\sage.servicehost.host.exe <Not Verified; Sage Software, Inc.; Data>
R2 STacSV (SigmaTel Audio Service) - c:\windows\system32\stacsv.exe <Not Verified; SigmaTel, Inc.; C-Major Audio>
R2 tcsd_win32.exe (NTRU TSS v1.2.1.12 TCS) - "c:\program files\ntru cryptosystems\ntru tcg software stack\bin\tcsd_win32.exe"

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 SecureStorageService - "c:\program files\wave systems corp\secure storage manager\securestorageservice.exe" <Not Verified; Wave Systems Corp.; Secure Storage Manager>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Dell Wireless 1390 WLAN Mini-Card
Device ID: PCI\VEN_14E4&DEV_4311&SUBSYS_00071028&REV_01\4&AB208E&0&00E1
Manufacturer: Broadcom
Name: Dell Wireless 1390 WLAN Mini-Card
PNP Device ID: PCI\VEN_14E4&DEV_4311&SUBSYS_00071028&REV_01\4&AB208E&0&00E1
Service: BCM43XX


-- Scheduled Tasks -------------------------------------------------------------

2008-07-07 11:54:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-06-11 and 2008-07-11 -----------------------------

2008-07-11 11:40:42 0 d-------- \Deckard
2008-07-11 09:29:05 0 d-------- \Autoruns
2008-07-11 08:59:11 1063374848 --ahs---- \hiberfil.sys
2008-07-11 08:57:51 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-11 08:57:51 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-07-11 08:57:51 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-07-11 08:57:51 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-07-11 08:57:51 81920 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-07-11 08:57:50 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-07-11 08:57:50 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-07-11 08:57:50 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-11 08:31:02 0 d-------- C:\Documents and Settings\Chris.DENSON\Application Data\Timberline
2008-07-11 08:28:01 0 d-------- C:\Program Files\Trend Micro
2008-07-11 07:31:40 0 d-------- C:\Documents and Settings\Chris.DENSON\Application Data\Lavasoft
2008-07-10 23:41:28 116352 --a------ C:\WINDOWS\system32\gtowap.dll
2008-07-10 23:41:27 116352 --a------ C:\WINDOWS\system32\vajosfcm.dll
2008-07-10 23:41:23 92672 --a------ C:\WINDOWS\system32\phjmtndy.dll
2008-07-10 19:48:07 5444 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-10 18:52:04 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-10 18:51:54 0 d-------- C:\Program Files\AVG
2008-07-10 18:51:53 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-10 17:40:51 92672 -----n--- C:\WINDOWS\system32\vyeyybmd.dll
2008-07-10 17:40:47 116352 --a------ C:\WINDOWS\system32\uxjzme.dll
2008-07-10 17:40:46 116352 --a------ C:\WINDOWS\system32\lubhvytc.dll
2008-07-10 17:34:46 34816 --a------ C:\WINDOWS\system32\clbdll.dll
2008-07-10 17:30:28 163840 --a------ C:\WINDOWS\gpefaowr.exe
2008-07-10 17:30:28 258048 --a------ C:\WINDOWS\fsrpknov.dll
2008-07-10 17:30:28 376832 --a------ C:\WINDOWS\fdxbameg.dll
2008-07-10 17:30:28 163840 --a------ C:\WINDOWS\elvr.exe
2008-07-03 15:22:15 0 d-------- C:\Documents and Settings\Chris.DENSON\Application Data\Sun
2008-07-02 19:50:05 0 d-------- C:\Documents and Settings\Chris.DENSON\Application Data\Apple Computer
2008-07-02 18:37:21 0 d-------- C:\Documents and Settings\All Users\Application Data\LogMeIn
2008-07-02 18:34:50 0 d-------- C:\Program Files\LogMeIn
2008-07-02 18:32:58 0 d-------- C:\Documents and Settings\Chris.DENSON\Application Data\Macromedia
2008-07-02 18:32:24 0 d-------- C:\Documents and Settings\Chris.DENSON\Application Data\Adobe
2008-07-02 15:48:21 0 --a------ C:\WINDOWS\system32\SBRC.dat
2008-07-02 15:48:21 0 --a------ C:\WINDOWS\system32\SBFC.dat
2008-07-02 15:36:59 0 d-------- C:\Program Files\DemoForge
2008-07-02 15:36:09 0 d-------- C:\Program Files\SAAZOD
2008-07-02 15:35:29 0 d-------- C:\WINDOWS\SchCache
2008-07-02 15:34:48 0 d-------- C:\Documents and Settings\woodnet\Application Data\VyPRESS
2008-07-02 15:34:48 0 d-------- C:\Documents and Settings\woodnet\Application Data\Dell
2008-07-02 15:34:33 0 d-------- C:\Documents and Settings\woodnet\Application Data\Logitech
2008-07-02 15:34:33 0 d-------- C:\Documents and Settings\woodnet\Application Data\InstallShield
2008-07-02 15:34:33 0 d-------- C:\Documents and Settings\woodnet\Application Data\Identities
2008-07-02 15:34:33 0 d--h----- C:\Documents and Settings\woodnet\Application Data\Gtek
2008-07-02 15:34:32 0 d--h----- C:\Documents and Settings\woodnet\Templates
2008-07-02 15:34:32 0 dr------- C:\Documents and Settings\woodnet\Start Menu
2008-07-02 15:34:32 0 dr-h----- C:\Documents and Settings\woodnet\SendTo
2008-07-02 15:34:32 0 dr-h----- C:\Documents and Settings\woodnet\Recent
2008-07-02 15:34:32 0 d--h----- C:\Documents and Settings\woodnet\PrintHood
2008-07-02 15:34:32 917504 --a------ C:\Documents and Settings\woodnet\NTUSER.DAT
2008-07-02 15:34:32 0 d--h----- C:\Documents and Settings\woodnet\NetHood
2008-07-02 15:34:32 0 dr------- C:\Documents and Settings\woodnet\My Documents
2008-07-02 15:34:32 0 d--h----- C:\Documents and Settings\woodnet\Local Settings
2008-07-02 15:34:32 0 dr------- C:\Documents and Settings\woodnet\Favorites
2008-07-02 15:34:32 0 d-------- C:\Documents and Settings\woodnet\Desktop
2008-07-02 15:34:32 0 d--hs---- C:\Documents and Settings\woodnet\Cookies
2008-07-02 15:34:32 0 dr-h----- C:\Documents and Settings\woodnet\Application Data
2008-07-02 15:34:32 0 d-------- C:\Documents and Settings\woodnet\Application Data\Wave Systems Corp
2008-07-02 15:34:32 0 d---s---- C:\Documents and Settings\woodnet\Application Data\Microsoft
2008-07-02 15:32:54 0 d-------- C:\Documents and Settings\Chris.DENSON\Application Data\VyPRESS
2008-07-02 15:32:44 0 d-------- C:\Documents and Settings\Chris.DENSON\Application Data\Dell
2008-07-02 15:32:10 0 d--h----- C:\Documents and Settings\Chris.DENSON\Application Data\Gtek
2008-07-02 15:32:09 0 d--h----- C:\Documents and Settings\Chris.DENSON\Local Settings
2008-07-02 15:32:09 0 dr------- C:\Documents and Settings\Chris.DENSON\Favorites
2008-07-02 15:32:09 0 d-------- C:\Documents and Settings\Chris.DENSON\Desktop
2008-07-02 15:32:09 0 d--hs---- C:\Documents and Settings\Chris.DENSON\Cookies
2008-07-02 15:32:09 0 dr-h----- C:\Documents and Settings\Chris.DENSON\Application Data
2008-07-02 15:32:09 0 d-------- C:\Documents and Settings\Chris.DENSON\Application Data\Wave Systems Corp
2008-07-02 15:32:09 0 d---s---- C:\Documents and Settings\Chris.DENSON\Application Data\Microsoft
2008-07-02 15:32:09 0 d-------- C:\Documents and Settings\Chris.DENSON\Application Data\Logitech
2008-07-02 15:32:09 0 d-------- C:\Documents and Settings\Chris.DENSON\Application Data\InstallShield
2008-07-02 15:32:09 0 d-------- C:\Documents and Settings\Chris.DENSON\Application Data\Identities
2008-07-02 15:32:08 0 d--h----- C:\Documents and Settings\Chris.DENSON\Templates
2008-07-02 15:32:08 0 dr------- C:\Documents and Settings\Chris.DENSON\Start Menu
2008-07-02 15:32:08 0 dr-h----- C:\Documents and Settings\Chris.DENSON\SendTo
2008-07-02 15:32:08 0 dr-h----- C:\Documents and Settings\Chris.DENSON\Recent
2008-07-02 15:32:08 0 d--h----- C:\Documents and Settings\Chris.DENSON\PrintHood
2008-07-02 15:32:08 2097152 --a------ C:\Documents and Settings\Chris.DENSON\NTUSER.DAT
2008-07-02 15:32:08 0 d--h----- C:\Documents and Settings\Chris.DENSON\NetHood
2008-07-02 15:32:08 0 dr------- C:\Documents and Settings\Chris.DENSON\My Documents
2008-07-02 15:30:35 0 d--hs---- C:\WINDOWS\CSC
2008-07-01 17:05:45 512 --a------ \drmHeader.bin
2008-06-24 07:37:40 0 d-------- C:\Program Files\BW Technologies
2008-06-12 20:18:15 0 d-------- C:\Documents and Settings\Chris\Application Data\Apple Computer
2008-06-12 20:18:00 0 d-------- C:\Program Files\iPod
2008-06-12 20:17:52 0 d-------- C:\Program Files\iTunes
2008-06-12 20:17:36 0 d-------- C:\Program Files\Bonjour
2008-06-12 20:17:00 0 d-------- C:\Program Files\QuickTime
2008-06-12 20:16:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-12 20:16:40 0 d-------- C:\Program Files\Apple Software Update
2008-06-12 20:16:17 0 d-------- C:\Program Files\Common Files\Apple
2008-06-12 20:16:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple


-- Find3M Report ---------------------------------------------------------------

2008-07-11 11:36:41 1598029824 --ahs---- \pagefile.sys
2008-07-10 18:43:20 0 d-------- C:\Documents and Settings\Chris\Application Data\Wave Systems Corp
2008-07-03 17:02:14 0 d-------- C:\Program Files\The Archery Program
2008-07-02 15:54:44 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-07-02 15:40:15 0 d-------- C:\Program Files\Common Files
2008-06-13 10:38:10 0 d-------- C:\Program Files\DivX
2008-05-29 15:16:56 0 d-------- C:\Program Files\Toshiba


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00E2E85C-91A9-42ED-B0E2-2FB2F0CF4D24}]
07/10/2008 17:39 322304 --------- C:\DOCUME~1\CHRIS~1.DEN\LOCALS~1\Temp\qoMeFvTm.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [04/15/2007 21:49]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [05/18/2007 11:45]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [05/18/2007 11:45]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [05/18/2007 11:45]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [11/10/2005 13:03]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [05/14/2007 14:23]
"SigmatelSysTrayApp"="stsystra.exe" [02/18/2007 23:26 C:\WINDOWS\stsystra.exe]
"Document Manager"="C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [01/30/2007 15:32]
"SecureUpgrade"="C:\Program Files\Wave Systems Corp\SecureUpgrade.exe" [01/22/2007 11:53]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [03/16/2007 03:10]
"KADxMain"="C:\WINDOWS\system32\KADxMain.exe" [11/02/2006 14:05]
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [10/20/2006 17:23]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe" [08/16/2004 09:44]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [05/12/2004 15:18]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [09/13/2004 10:49]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" []
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [03/09/2007 11:09]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [06/08/2007 09:59]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 22:16]
"ITSecMng"="C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [07/31/2007 22:10]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [05/27/2008 10:50]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06/02/2008 11:13]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [08/03/2007 15:09]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/10/2008 18:51]
"00d2197d"="C:\WINDOWS\system32\phjmtndy.dll" [07/10/2008 23:41]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [06/08/2007 09:59]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [7/30/2007 10:54:38 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [9/7/2007 8:50:40 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/14/2004 5:15:40 PM]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [5/14/2004 5:51:12 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]
Pervasive.SQL Workgroup Engine.lnk - C:\PVSW\Bin\w3dbsmgr.exe [9/11/2007 2:45:25 PM]
WinMessenger StartUp.lnk - C:\Program Files\WinMessenger\WinMesgr.exe [9/11/2007 2:49:03 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 05/28/2008 12:32 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wxvault.dll,avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 wvauth C:\DOCUME~1\CHRIS~1.DEN\LOCALS~1\Temp\qoMeFvTm


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{AEB9D4A0-199B-4dfa-A18D-E2DD5D989EDF}]
%ProgramFiles%\WinMessenger\Setup\Setup.exe /PERUSERINIT



-- End of Deckard's System Scanner: finished at 2008-07-11 11:43:03 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 Duo CPU T7100 @ 1.80GHz
CPU 1: Intel® Core™2 Duo CPU T7100 @ 1.80GHz
Percentage of Memory in Use: 56%
Physical Memory (total/avail): 1014.04 MiB / 444.38 MiB
Pagefile Memory (total/avail): 2441.05 MiB / 1919.23 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1914.74 MiB

C: is Fixed (NTFS) - 74.45 GiB total, 59.12 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Hitachi HTS722080K9A300 - 74.53 GiB - 2 partitions
\PARTITION0 - Unknown - 78.41 MiB
\PARTITION1 (bootable) - Installable File System - 74.45 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
UpdatesDisableNotify is set.

AV: AVG Anti-Virus Free v8.0 (AVG Technologies)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\RosettaStoneLtdServices.exe"="E:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Online Component"
"E:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"="E:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application"
"C:\\WINDOWS\\avgagent.exe"="C:\\WINDOWS\\avgagent.exe:*:Enabled:avgagent.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\PVSW\\Bin\\w3dbsmgr.exe"="C:\\PVSW\\Bin\\w3dbsmgr.exe:*:Enabled:Database Service Manager"
"C:\\WINDOWS\\system32\\msiexec.exe"="C:\\WINDOWS\\system32\\msiexec.exe:*:Enabled:Windows® installer"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"E:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"="E:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application"
"E:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\RosettaStoneLtdServices.exe"="E:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Online Component"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
CLASSPATH=.;C:\PVSW\BIN\PVJDBC2X.JAR;C:\PVSW\BIN\PVJDBC2.JAR;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=CHRIS
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Timberline Office\Shared\;C:\PVSW\BIN;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\Wave Systems Corp\Dell Preboot Manager\Access Client\v5\;C:\Program Files\Common Files\Crystal Decisions\2.5\bin;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0d
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Chris\LOCALS~1\Temp
TMP=C:\DOCUME~1\Chris\LOCALS~1\Temp
USERDOMAIN=CHRIS
USERNAME=Chris
USERPROFILE=C:\Documents and Settings\Chris
VSL=C:\PVSW\BIN
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Chris.DENSON
woodnet (admin)
Chris (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Accounting Client --> MsiExec.exe /X{165A57F4-5078-4769-A645-1399FABD35BD}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.2 --> MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Applian FLV Player --> "C:\WINDOWS\Applian FLV Player\uninstall.exe" "/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml"
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
biolsp patch --> MsiExec.exe /I{E6095BEA-8C97-4342-B771-13BB72AC1D88}
Bluetooth Stack for Windows by Toshiba --> MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Broadcom ASF Management Applications --> MsiExec.exe /I{27E25625-DB51-42E6-BEB7-0C8DC878770C}
Broadcom Management Programs --> MsiExec.exe /X{C99C0593-3B48-41D9-B42F-6E035B320449}
Broadcom TPM Driver Installer --> MsiExec.exe /X{35748B06-FCFC-4700-8285-DAD41689E4FE}
Business Complete Care Services Agreement --> MsiExec.exe /X{64658686-0CD4-4CF6-983D-0A6BE32007DB}
BW Technologies Soft Tools --> "C:\Program Files\BW Technologies\Soft Tools\uninstall.exe"
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
Conexant HDA D330 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\HXFSETUP.EXE -U -Idel000f5.inf
Dell Embassy Trust Suite by Wave Systems --> C:\WINDOWS\Downloaded Installations\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}\Installer.exe
Dell Support 3.2.1 --> MsiExec.exe /X{CEE2252C-4035-4B27-8EC6-0B085DD3A413}
Dell Touchpad --> C:\Program Files\Apoint\Uninstap.exe ADDREMOVE
Dell Wireless WLAN Card --> "C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
Digital Line Detect --> C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Document Manager Lite --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2} /l1033
EMBASSY Security Center --> C:\Program Files\InstallShield Installation Information\{EEAFE1E5-076B-430A-96D9-B567792AFA88}\setup.exe -runfromtemp -l0x0409
EMBASSY Security Setup --> C:\Program Files\InstallShield Installation Information\{53333479-6A52-4816-8497-5C52B67ED339}\setup.exe -runfromtemp -l0x0409
EMBASSY Trust Suite by Wave Systems --> C:\Program Files\InstallShield Installation Information\{F1802FA6-54E9-4B24-BD2A-B50866819795}\setup.exe -runfromtemp -l0x0009 -removeonly
ESC Home Page Plugin --> C:\Program Files\InstallShield Installation Information\{E738A392-F690-4A9D-808E-7BAF80E0B398}\setup.exe -runfromtemp -l0x0409
ETS Upgrade --> C:\Program Files\InstallShield Installation Information\{72FECEA1-E87F-4192-89FA-D0FBF92885BB}\setup.exe -runfromtemp -l0x0409
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Deskjet 6600 --> C:\Program Files\Hewlett-Packard\Deskjet 6800 Installs\Installer\setup.exe /x
HP Deskjet 6600 --> MsiExec.exe /X{52A39942-A9A9-447C-B106-2C2132F505E6}
HP Photo & Imaging 4.1 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Software Update --> MsiExec.exe /X{64FC0C98-B035-4530-B15D-3D30610B6DF1}
ImTOO MP4 Video Converter --> C:\Program Files\ImTOO\MP4 Video Converter 3\Uninstall.exe
Intel® Graphics Media Accelerator Driver --> C:\WINDOWS\system32\igxpun.exe -uninstall
IntelliSonic Speech Enhancement --> MsiExec.exe /X{D9FCA292-1186-421F-8D93-9A5D272AD5D0}
ITSupport247-DPMA --> "C:\PROGRA~1\SAAZOD\Uninstall\uninstall.exe" "/U:C:\PROGRA~1\SAAZOD\Uninstall\uninstall.xml"
iTunes --> MsiExec.exe /I{9F70BF98-003C-491D-81FC-FF9792206AF0}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Kyocera Wireless USB Driver for Data Cards --> MsiExec.exe /X{209AE7EF-DEBA-46D1-BB51-E3942386B4E5}
Lavasoft Ad-Aware Enterprise Client 1.9.4.4 --> MsiExec.exe /I{F1685215-D90F-4BE1-9E73-6021B3B11F61}
LogMeIn --> MsiExec.exe /I{7E7658A2-CD3F-48A7-93EA-0882BCA4FD2A}
Microsoft Office XP Professional --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mirage Driver 1.1 --> "C:\Program Files\DemoForge\Mirage Driver\uninst\unins000.exe"
Modem Diagnostic Tool --> MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
NetWaiting --> C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
NTRU TCG Software Stack --> MsiExec.exe /I{A618BB0D-8B88-45FF-83CD-783B4AE59AA0}
O2Micro USB Smart Card Reader --> MsiExec.exe /I{9556CFD4-3F7E-4D1C-958B-759703E9CC21}
PANTECH PC USB Modem Software --> C:\Program Files\PANTECH\PANTECH USB Modem\PTDMUninstall.exe
Pervasive System Analyzer --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Common Files\Pervasive Software Shared\PSA\psa.isu"
Pervasive.SQL Workgroup v8.10 --> C:\WINDOWS\IsUninst.exe -fC:\PVSW\DeIsL1.isu -a -c"C:\PVSW\W32PTKUN.DLL" -mpsql.mif -ppWKGRP
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{281ECE39-F043-492B-8337-F2E546B5604A}\Setup.exe" -l0x9 -cluninstall
Preboot Manager --> MsiExec.exe /I{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}
Private Information Manager --> C:\Program Files\InstallShield Installation Information\{0B0A2153-58A6-4244-B458-25EDF5FCD809}\setup.exe -runfromtemp -l0x0409
QuickLink Mobile --> C:\PROGRA~1\Alltel\QUICKL~1\UNWISE.EXE C:\PROGRA~1\Alltel\QUICKL~1\INSTALL.LOG
QuickSet --> C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe -runfromtemp -l0x0009 APPDRVNT4 -removeonly
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Random Clock# Generator --> C:\Program Files\RCG\UnInstall_17782.exe
Rosetta Stone V3 --> MsiExec.exe /X{7210BCFE-ED8D-4261-8537-81B5A4BDFA2A}
Secure Update --> C:\Program Files\InstallShield Installation Information\{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}\setup.exe -runfromtemp -l0x0409
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Wizards --> C:\Program Files\InstallShield Installation Information\{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}\setup.exe -runfromtemp -l0x0409
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
The Archery Program --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\The Archery Program\ST6UNST.LOG"
The Archery Program --> MsiExec.exe /I{1E0DAD97-8DA4-49B5-90AF-B10F94289957}
tsp patch --> MsiExec.exe /I{24A494F3-5B5F-4183-9F7D-9CE82812C1FC}
upekmsi --> MsiExec.exe /I{FBEC50B7-537C-4A0E-8B0B-F7A8F8BF13CE}
Wave Infrastructure Installer --> MsiExec.exe /I{D31F958E-7353-4DEB-83E8-35B02F2EE20A}
Wave Support Software --> C:\Program Files\InstallShield Installation Information\{07D618CD-B016-438A-ADC9-A75BD23F85CE}\setup.exe -runfromtemp -l0x0409
WD Diagnostics --> MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
Windows Driver Package - Dell Inc. PBADRV System (09/25/2006 6.0.0.0) --> rundll32.exe C:\PROGRA~1\DIFX\7AA84A78695B31A503D9537A76801D74E0FD14BD\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINDOWS\system32\DRVSTORE\pbadrv_40CD90DE1AD5BDAF5E2676750520DB94FDE3886E\pbadrv.inf
Windows Driver Package - O2Micro (guardian2) SmartCardReader (02/05/2007 1.1.3.7) --> rundll32.exe C:\PROGRA~1\DIFX\7AA84A78695B31A503D9537A76801D74E0FD14BD\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINDOWS\system32\DRVSTORE\oz776_ECA62BF451D0A6F7B3E38E62F6FA5166CAF54FCE\oz776.inf
WinMessenger 2.1 --> %ProgramFiles%\WinMessenger\Setup\Setup.exe /UNINSTALL
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Search Protection --> C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE


-- Application Event Log -------------------------------------------------------

Event Record #/Type4764 / Error
Event Submitted/Written: 07/11/2008 09:33:38 AM
Event ID/Source: 0 / Broadcom ASF IP and SMBIOS Mailbox Monitor
Event Description:
!ERROR 53 Refreshing BMAPI data

Event Record #/Type4748 / Error
Event Submitted/Written: 07/11/2008 09:00:31 AM / 07/11/2008 09:00:32 AM
Event ID/Source: 15 / AutoEnrollment
Event Description:
Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Event Record #/Type4745 / Error
Event Submitted/Written: 07/11/2008 08:59:30 AM
Event ID/Source: 1054 / Userenv
Event Description:
Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Event Record #/Type4743 / Error
Event Submitted/Written: 07/11/2008 08:59:24 AM
Event ID/Source: 1054 / Userenv
Event Description:
Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Event Record #/Type4722 / Error
Event Submitted/Written: 07/11/2008 05:43:00 AM
Event ID/Source: 15 / AutoEnrollment
Event Description:
Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type13738 / Warning
Event Submitted/Written: 07/11/2008 11:35:08 AM
Event ID/Source: 256 / PlugPlayManager
Event Description:
Timed out sending notification of device interface change to window of "SAS window"

Event Record #/Type13704 / Error
Event Submitted/Written: 07/11/2008 09:33:32 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The SigmaTel Audio Service service failed to start due to the following error:
%%1053

Event Record #/Type13703 / Error
Event Submitted/Written: 07/11/2008 09:33:32 AM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the SigmaTel Audio Service service to connect.

Event Record #/Type13669 / Error
Event Submitted/Written: 07/11/2008 09:05:26 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The SigmaTel Audio Service service failed to start due to the following error:
%%1053

Event Record #/Type13668 / Error
Event Submitted/Written: 07/11/2008 09:05:26 AM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the SigmaTel Audio Service service to connect.



-- End of Deckard's System Scanner: finished at 2008-07-11 11:43:03 ------------

BC AdBot (Login to Remove)

 


#2 Simon V.

Simon V.

  • Members
  • 439 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:06 PM

Posted 14 July 2008 - 01:21 PM

Hello, and welcome to the forum.

My name is Simon V., and I'll be glad to help you with your computer problems.

Please download and install CCleaner.

Open CCleaner. On the Windows tab, leave the default options alone.
  • On the Applications tab, check (tick) all the boxes except Saved Form Information. This will remove all your saved passwords if you leave this box checked.
  • Click on the Run Cleaner button at the bottom right hand corner.
  • When the cleaner has completed, click Tools in the Left Pane.
  • Verify that Uninstall is highlighted in color, or click on it.
  • In the lower right, click Save to Text File.
  • Pull down the arrow at the top of the Save dialog and choose Desktop as the location.
  • You can leave the filename as install.txt.
  • Click Save, then exit Ccleaner.
_________________

Please visit this webpage for download links, and instructions for running ComboFix -

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says -

The Recovery Console was successfully installed.

Please continue as follows -
  • Close/Disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.
  • Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.

Please include the following reports for further review, so we may continue cleansing the system -

- the Combofix log (C:\ComboFix.txt)
- a new HijackThis log
- the CCleaner Uninstall List (install.txt)
Simon V.

Posted Image
Posted Image

So How Did I Get Infected In The First Place?
Stand Up and Be Counted!

My help at this forum is free, but if you wish to make a donation to help me continue the fight against malware - click here.

#3 fita1440

fita1440
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:06 AM

Posted 15 July 2008 - 09:45 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:38:26, on 7/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware Enterprise Client\aaclient.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\avgagent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\PROGRA~1\SAAZOD\SAAZDPMACTL.EXE
C:\PROGRA~1\SAAZOD\SAAZRemoteSupport.exe
C:\PROGRA~1\SAAZOD\SAAZServerPlus.exe
C:\PROGRA~1\SAAZOD\SAAZWatchDog.exe
c:\program files\timberline office\shared\sage.servicehost.host.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PVSW\Bin\w3dbsmgr.exe
C:\Program Files\WinMessenger\WinMesgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtKbd.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\AVG\AVG8\avgrsx.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070907
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Pervasive.SQL Workgroup Engine.lnk = C:\PVSW\Bin\w3dbsmgr.exe
O4 - Global Startup: WinMessenger StartUp.lnk = C:\Program Files\WinMessenger\WinMesgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1189773315828
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Denson.local
O17 - HKLM\Software\..\Telephony: DomainName = Denson.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Denson.local
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: wxvault.dll,avgrsstx.dll
O23 - Service: Ad-Aware Enterprise Client - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware Enterprise Client\aaclient.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG7 Remote Support Service (AvgAgent) (avgagent) - Unknown owner - avgagent.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAAZDPMACTL - Zenith Infotech Ltd - C:\PROGRA~1\SAAZOD\\SAAZDPMACTL.EXE



ComboFix 08-07-14.2 - Chris 2008-07-15 9:03:08.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.472 [GMT -5:00]
Running from: C:\Documents and Settings\Chris\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Chris\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\elvr.exe
C:\WINDOWS\fdxbameg.dll
C:\WINDOWS\fsrpknov.dll
C:\WINDOWS\gpefaowr.exe
C:\WINDOWS\system32\clbdll.dll
C:\WINDOWS\system32\djmrqi.dll
C:\WINDOWS\system32\dmbyyeyv.ini
C:\WINDOWS\system32\gjdsiyls.dll
C:\WINDOWS\system32\gtowap.dll
C:\WINDOWS\system32\hwkprxon.ini
C:\WINDOWS\system32\iadeqnnf.ini
C:\WINDOWS\system32\ibeibmmc.dll
C:\WINDOWS\system32\lubhvytc.dll
C:\WINDOWS\system32\mbnwyfxt.dll
C:\WINDOWS\system32\rnugnf.dll
C:\WINDOWS\system32\uxjzme.dll
C:\WINDOWS\system32\vajosfcm.dll
C:\WINDOWS\system32\vyeyybmd.dll
C:\WINDOWS\system32\wyvpca.dll
C:\WINDOWS\system32\x64
C:\WINDOWS\system32\ydntmjhp.ini

.
((((((((((((((((((((((((( Files Created from 2008-06-15 to 2008-07-15 )))))))))))))))))))))))))))))))
.

2008-07-15 08:39 . 2008-07-15 08:39 <DIR> d-------- C:\Program Files\CCleaner
2008-07-14 11:32 . 2008-07-14 11:32 <DIR> d--h----- C:\$AVG8.VAULT$
2008-07-11 11:40 . 2008-07-11 11:40 <DIR> d-------- C:\Deckard
2008-07-11 09:29 . 2008-07-11 09:29 <DIR> d-------- C:\Autoruns
2008-07-11 08:57 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-11 08:57 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-11 08:57 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-11 08:57 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-07-11 08:57 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-07-11 08:57 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-07-11 08:57 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-07-11 08:57 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-11 08:57 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-11 08:31 . 2008-07-11 08:31 <DIR> d-------- C:\Documents and Settings\Chris.DENSON\Application Data\Timberline
2008-07-11 08:28 . 2008-07-11 08:28 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-11 07:31 . 2008-07-11 07:31 <DIR> d-------- C:\Documents and Settings\Chris.DENSON\Application Data\Lavasoft
2008-07-10 19:48 . 2008-07-10 19:48 5,444 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-10 18:52 . 2008-07-15 09:09 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-10 18:52 . 2008-07-10 18:52 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-10 18:52 . 2008-07-10 18:52 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-07-10 18:51 . 2008-07-10 18:51 <DIR> d-------- C:\Program Files\AVG
2008-07-10 18:51 . 2008-07-10 18:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-10 17:34 . 2004-08-04 05:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-07-02 19:50 . 2008-07-02 19:50 <DIR> d-------- C:\Documents and Settings\Chris.DENSON\Application Data\Apple Computer
2008-07-02 18:37 . 2008-07-02 18:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogMeIn
2008-07-02 18:37 . 2008-07-13 11:31 178 --a------ C:\WINDOWS\wininit.ini
2008-07-02 18:35 . 2008-05-28 12:32 87,352 --a------ C:\WINDOWS\system32\LMIinit.dll
2008-07-02 18:35 . 2007-11-15 18:46 83,288 --a------ C:\WINDOWS\system32\LMIRfsClientNP.dll.000.bak
2008-07-02 18:35 . 2008-05-28 12:33 83,288 --a------ C:\WINDOWS\system32\LMIRfsClientNP.dll
2008-07-02 18:35 . 2008-03-07 13:39 45,848 --a------ C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2008-07-02 18:35 . 2008-05-28 12:32 24,608 --a------ C:\WINDOWS\system32\LMIport.dll
2008-07-02 18:35 . 2008-07-02 18:35 1,024 --a------ C:\.rnd
2008-07-02 18:34 . 2008-07-15 08:30 <DIR> d-------- C:\Program Files\LogMeIn
2008-07-02 15:54 . 2008-07-02 15:56 6,896 --a------ C:\WINDOWS\ST6UNST.000
2008-07-02 15:48 . 2008-07-02 15:48 0 --a------ C:\WINDOWS\system32\SBRC.dat
2008-07-02 15:48 . 2008-07-02 15:48 0 --a------ C:\WINDOWS\system32\SBFC.dat
2008-07-02 15:39 . 2008-07-02 10:49 397,312 --a------ C:\WINDOWS\avgagent.exe
2008-07-02 15:39 . 2008-07-02 10:49 29,533 --a------ C:\WINDOWS\avgagent.lng
2008-07-02 15:39 . 2008-07-02 15:39 147 --a------ C:\WINDOWS\avgagent.ini
2008-07-02 15:36 . 2008-07-15 09:08 <DIR> d-------- C:\Program Files\SAAZOD
2008-07-02 15:36 . 2008-07-02 15:36 <DIR> d-------- C:\Program Files\DemoForge
2008-07-02 15:35 . 2008-07-02 15:35 <DIR> d-------- C:\WINDOWS\SchCache
2008-07-02 15:34 . 2008-07-02 15:43 <DIR> d-------- C:\Documents and Settings\woodnet\Application Data\Wave Systems Corp
2008-07-02 15:34 . 2008-07-02 15:34 <DIR> d-------- C:\Documents and Settings\woodnet\Application Data\VyPRESS
2008-07-02 15:34 . 2007-09-07 20:49 <DIR> d-------- C:\Documents and Settings\woodnet\Application Data\Logitech
2008-07-02 15:34 . 2007-09-07 20:49 <DIR> d-------- C:\Documents and Settings\woodnet\Application Data\InstallShield
2008-07-02 15:34 . 2007-09-07 21:06 <DIR> d--h----- C:\Documents and Settings\woodnet\Application Data\Gtek
2008-07-02 15:34 . 2008-07-02 15:34 <DIR> d-------- C:\Documents and Settings\woodnet\Application Data\Dell
2008-07-02 15:34 . 2008-07-10 18:52 <DIR> d-------- C:\Documents and Settings\woodnet
2008-07-02 15:32 . 2008-07-15 08:56 <DIR> d-------- C:\Documents and Settings\Chris.DENSON\Application Data\Wave Systems Corp
2008-07-02 15:32 . 2008-07-02 15:32 <DIR> d-------- C:\Documents and Settings\Chris.DENSON\Application Data\VyPRESS
2008-07-02 15:32 . 2007-09-07 20:49 <DIR> d-------- C:\Documents and Settings\Chris.DENSON\Application Data\Logitech
2008-07-02 15:32 . 2007-09-07 20:49 <DIR> d-------- C:\Documents and Settings\Chris.DENSON\Application Data\InstallShield
2008-07-02 15:32 . 2007-09-07 21:06 <DIR> d--h----- C:\Documents and Settings\Chris.DENSON\Application Data\Gtek
2008-07-02 15:32 . 2008-07-02 15:32 <DIR> d-------- C:\Documents and Settings\Chris.DENSON\Application Data\Dell
2008-07-02 15:32 . 2008-07-15 08:56 <DIR> d-------- C:\Documents and Settings\Chris.DENSON
2008-07-01 17:05 . 2008-07-01 17:05 512 --a------ C:\drmHeader.bin
2008-06-24 07:37 . 2008-06-24 07:37 <DIR> d-------- C:\Program Files\BW Technologies

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-15 13:56 --------- d-----w C:\Documents and Settings\Chris\Application Data\Wave Systems Corp
2008-07-03 22:02 --------- d-----w C:\Program Files\The Archery Program
2008-07-02 20:54 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-07-02 20:54 249,856 ------w C:\WINDOWS\Setup1.exe
2008-07-02 20:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-01 21:08 --------- d-----w C:\Documents and Settings\Chris\Application Data\Apple Computer
2008-06-13 15:38 --------- d-----w C:\Program Files\DivX
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-13 01:18 --------- d-----w C:\Program Files\iTunes
2008-06-13 01:18 --------- d-----w C:\Program Files\iPod
2008-06-13 01:17 --------- d-----w C:\Program Files\QuickTime
2008-06-13 01:17 --------- d-----w C:\Program Files\Bonjour
2008-06-13 01:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-13 01:16 --------- d-----w C:\Program Files\Common Files\Apple
2008-06-13 01:16 --------- d-----w C:\Program Files\Apple Software Update
2008-06-13 01:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-05-29 20:16 --------- d-----w C:\Program Files\Toshiba
2008-05-28 17:32 23,736 ----a-w C:\WINDOWS\system32\lmimirr.dll
2008-05-28 17:32 10,040 ----a-w C:\WINDOWS\system32\lmimirr2.dll
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-24 03:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:40 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 09:59 224248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2007-04-15 21:49 159744]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-05-18 11:45 138008]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-05-18 11:45 162584]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-05-18 11:45 138008]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2007-05-14 14:23 1191936]
"Document Manager"="C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2007-01-30 15:32 102400]
"SecureUpgrade"="C:\Program Files\Wave Systems Corp\SecureUpgrade.exe" [2007-01-22 11:53 212992]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2007-03-16 03:10 1392640]
"KADxMain"="C:\WINDOWS\system32\KADxMain.exe" [2006-11-02 14:05 282624]
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 17:23 118784]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2004-08-16 09:44 172032]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18 241664]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 10:49 49152]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 09:59 224248]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 11:13 267048]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 15:09 63048]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-10 18:51 1232152]
"SigmatelSysTrayApp"="stsystra.exe" [2007-02-18 23:26 303104 C:\WINDOWS\stsystra.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-07-30 22:54:38 2158592]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-09-07 20:50:40 50688]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-14 17:15:40 241664]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-14 17:51:12 53248]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
Pervasive.SQL Workgroup Engine.lnk - C:\PVSW\Bin\w3dbsmgr.exe [2007-09-11 14:45:25 102450]
WinMessenger StartUp.lnk - C:\Program Files\WinMessenger\WinMesgr.exe [2007-09-11 14:49:03 274136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wxvault.dll,avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\PVSW\\Bin\\w3dbsmgr.exe"=
"C:\\WINDOWS\\system32\\msiexec.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10010:TCP"= 10010:TCP:192.168.1.150
"10020:TCP"= 10020:TCP:192.168.1.150
"<NO NAME>"=

R0 PBADRV;PBADRV;C:\WINDOWS\system32\DRIVERS\PBADRV.sys [2006-08-28 15:00]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-10 18:52]
R2 Ad-Aware Enterprise Client;Ad-Aware Enterprise Client;C:\Program Files\Lavasoft\Ad-Aware Enterprise Client\aaclient.exe [2007-05-09 11:02]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [2006-12-19 14:21]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-10 18:51]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2008-02-28 15:31]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39]
R2 SAAZDPMACTL;SAAZDPMACTL;C:\PROGRA~1\SAAZOD\\SAAZDPMACTL.EXE [2007-06-04 21:41]
R2 SAAZRemoteSupport;SAAZRemoteSupport;C:\PROGRA~1\SAAZOD\\SAAZRemoteSupport.exe [2007-05-26 14:56]
R2 SAAZServerPlus;SAAZServerPlus;C:\PROGRA~1\SAAZOD\\SAAZServerPlus.exe [2006-11-21 14:18]
R2 SAAZWatchDog;SAAZWatchDog;C:\PROGRA~1\SAAZOD\\SAAZWatchDog []
R2 Sage.ServiceHost.Host.1.0;Sage Service Host v1.0;c:\program files\timberline office\shared\sage.servicehost.host.exe [2007-01-19 16:04]
R2 Wave UCSPlus;Wave UCSPlus;C:\WINDOWS\system32\dllhost.exe [2004-08-04 05:00]
R3 dfmirage;dfmirage;C:\WINDOWS\system32\DRIVERS\dfmirage.sys [2005-11-25 17:43]
R3 DXEC01;DXEC01;C:\WINDOWS\system32\drivers\dxec01.sys [2006-11-02 12:32]
S3 DCamUSBVeo532;Veo Stingray/Connect Web Camera;C:\WINDOWS\system32\Drivers\ubVeo532.sys [2002-07-01 19:30]
S3 kwkpcusb;Kyocera CDMA Wireless Modem Driver for KPC;C:\WINDOWS\system32\DRIVERS\kwusbnt.sys [2007-02-08 19:28]
S3 PTDMBus;PANTECH USB Modem Composite Device Driver ;C:\WINDOWS\system32\DRIVERS\PTDMBus.sys [2007-08-17 20:56]
S3 PTDMMdm;PANTECH USB Modem Drivers ;C:\WINDOWS\system32\DRIVERS\PTDMMdm.sys [2007-08-17 20:56]
S3 PTDMVsp;PANTECH USB Modem Serial Port ;C:\WINDOWS\system32\DRIVERS\PTDMVsp.sys [2007-08-17 20:56]
S3 PTDMWWAN;PANTECH USB Modem WWAN Driver;C:\WINDOWS\system32\DRIVERS\PTDMWWAN.sys [2007-08-17 20:56]
S3 SecureStorageService;SecureStorageService;C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [2007-01-29 21:59]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{AEB9D4A0-199B-4dfa-A18D-E2DD5D989EDF}]
%ProgramFiles%\WinMessenger\Setup\Setup.exe /PERUSERINIT
.
Contents of the 'Scheduled Tasks' folder
"2008-07-07 16:54:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
- - - - ORPHANS REMOVED - - - -

BHO-{AEAE996D-5FF4-42BB-9DC5-88575AAB5E16} - C:\DOCUME~1\CHRIS~1.DEN\LOCALS~1\Temp\qoMeFvTm.dll
HKLM-Run-00d2197d - C:\WINDOWS\system32\noxrpkwh.dll
HKLM-Run-Logitech Hardware Abstraction Layer - KHALMNPR.EXE
Notify-NavLogon - (no file)


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-15 09:08:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\DOCUME~1\Chris\LOCALS~1\Temp\af4438ad-0ab0-4922-8ec6-59e13560973e.tmp 0 bytes
C:\DOCUME~1\Chris\LOCALS~1\Temp\dc1111a8-cf89-4841-992c-8f423e00ce97.tmp 0 bytes
C:\DOCUME~1\Chris\LOCALS~1\Temp\e2e76a5f-701d-4ab8-9f25-d6296f8c56c9.tmp 0 bytes

scan completed successfully
hidden files: 3

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SAAZWatchDog]
"ImagePath"="C:\PROGRA~1\SAAZOD\\SAAZWatchDog"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\WINDOWS\system32\scardsvr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\avgagent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LogMeIn\x86\ramaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\PROGRA~1\SAAZOD\SAAZDPMACTL.exe
C:\PROGRA~1\SAAZOD\SAAZRemoteSupport.exe
C:\PROGRA~1\SAAZOD\SAAZServerPlus.exe
C:\PROGRA~1\SAAZOD\SAAZWatchDog.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\WINDOWS\system32\stacsv.exe
C:\Program Files\Apoint\hidfind.exe
C:\Program Files\Apoint\ApntEx.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtKbd.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-07-15 9:12:53 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-15 14:12:47

Pre-Run: 63,307,124,736 bytes free
Post-Run: 63,200,079,872 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

288 --- E O F --- 2008-06-20 15:37:38

#4 fita1440

fita1440
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:06 AM

Posted 15 July 2008 - 09:50 AM

ccounting Client
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.2
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.2
Apple Mobile Device Support
Apple Software Update
Applian FLV Player
AVG Free 8.0
Bluetooth Stack for Windows by Toshiba
Bonjour
Broadcom ASF Management Applications
Broadcom Management Programs
Business Complete Care Services Agreement
BW Technologies Soft Tools
CCleaner (remove only)
CleanUp!
Conexant HDA D330 MDC V.92 Modem
Dell Support 3.2.1
Dell Touchpad
Dell Wireless WLAN Card
Digital Line Detect
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
EMBASSY Trust Suite by Wave Systems
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
HP Deskjet 6600
HP Photo & Imaging 4.1
HP Software Update
ImTOO MP4 Video Converter
Intel® Graphics Media Accelerator Driver
IntelliSonic Speech Enhancement
ITSupport247-DPMA
iTunes
J2SE Runtime Environment 5.0 Update 6
Kyocera Wireless USB Driver for Data Cards
Lavasoft Ad-Aware Enterprise Client 1.9.4.4
LogMeIn
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Office XP Professional
Microsoft Visual C++ 2005 Redistributable
Mirage Driver 1.1
Modem Diagnostic Tool
MSXML 4.0 SP2 (KB936181)
NetWaiting
O2Micro USB Smart Card Reader
Overland
PANTECH PC USB Modem Software
Pervasive System Analyzer
Pervasive.SQL Workgroup v8.10
PowerDVD
QuickLink Mobile
QuickSet
QuickTime
Random Clock# Generator
Rosetta Stone V3
SigmaTel Audio
The Archery Program
WD Diagnostics
Windows Driver Package - Dell Inc. PBADRV System (09/25/2006 6.0.0.0)
Windows Driver Package - O2Micro (guardian2) SmartCardReader (02/05/2007 1.1.3.7)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
WinMessenger 2.1
Yahoo! Messenger
Yahoo! Search Protection

#5 Simon V.

Simon V.

  • Members
  • 439 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:06 PM

Posted 15 July 2008 - 10:31 AM

Hi :thumbsup:

Step 1

Please download JavaRa and unzip it to your desktop.
  • Double-click on JavaRa.exe to start the program.
  • Click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location.
Then download and install Java Runtime Environment (JRE) 6 Update 7.

Step 2

Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • You can also access the log by doing the following:
  • Click on the Malwarebytes' Anti-Malware icon to launch the program.
  • Click on the Logs tab.
  • Click on the log at the bottom of those listed to highlight it.
  • Click Open.
Step 3

In your next reply, please post:
  • the JavaRa log (C:\JavaRa.log)
  • the Malwarebytes' Anti-Malware log
  • a new HijackThis log
  • a description of how your computer is running

Simon V.

Posted Image
Posted Image

So How Did I Get Infected In The First Place?
Stand Up and Be Counted!

My help at this forum is free, but if you wish to make a donation to help me continue the fight against malware - click here.

#6 fita1440

fita1440
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:06 AM

Posted 15 July 2008 - 12:14 PM

Malwarebytes' Anti-Malware 1.20
Database version: 954
Windows 5.1.2600 Service Pack 2

12:12:25 PM 7/15/2008
mbam-log-7-15-2008 (12-12-25).txt

Scan type: Quick Scan
Objects scanned: 46131
Time elapsed: 4 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{6cf0a05e-7d6b-4e00-b836-b3f23513657c} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

#7 fita1440

fita1440
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:06 AM

Posted 15 July 2008 - 12:17 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:14:32, on 7/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware Enterprise Client\aaclient.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\avgagent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\PROGRA~1\SAAZOD\SAAZDPMACTL.EXE
C:\PROGRA~1\SAAZOD\SAAZRemoteSupport.exe
C:\PROGRA~1\SAAZOD\SAAZServerPlus.exe
C:\PROGRA~1\SAAZOD\SAAZWatchDog.exe
c:\program files\timberline office\shared\sage.servicehost.host.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\Program Files\Apoint\HidFind.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtKbd.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PVSW\Bin\w3dbsmgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\WinMessenger\WinMesgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070907
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Pervasive.SQL Workgroup Engine.lnk = C:\PVSW\Bin\w3dbsmgr.exe
O4 - Global Startup: WinMessenger StartUp.lnk = C:\Program Files\WinMessenger\WinMesgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1189773315828
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Denson.local
O17 - HKLM\Software\..\Telephony: DomainName = Denson.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Denson.local
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: wxvault.dll,avgrsstx.dll,
O23 - Service: Ad-Aware Enterprise Client - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware Enterprise Client\aaclient.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG7 Remote Support Service (AvgAgent) (avgagent) - Unknown owner - avgagent.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAAZDPMACTL - Zenith Infotech Ltd - C:\PROGRA~1\SAAZOD\\SAAZDPMACTL.EXE
O23 - Service: SAAZRemoteSupport - Zenith Infotech Ltd - C:\PROGRA~1\SAAZOD\\SAAZRemoteSupport.exe
O23 - Service: SAAZServerPlus - Zenith Infotech Ltd - C:\PROGRA~1\SAAZOD\\SAAZServerPlus.exe
O23 - Service: SAAZWatchDog - Unknown owner - C:\PROGRA~1\SAAZOD\\SAAZWatchDog (file missing)
O23 - Service: Sage Service Host v1.0 (Sage.ServiceHost.Host.1.0) - Sage Software, Inc. - c:\program files\timberline office\shared\sage.servicehost.host.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe
O23 - Service: NTRU TSS v1.2.1.12 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 11069 bytes


havent seen any popups lately so i will see how its going

#8 Simon V.

Simon V.

  • Members
  • 439 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:06 PM

Posted 15 July 2008 - 12:22 PM

Hi :thumbsup:

Congratulations, your log looks clean. Please advise of any problems you are still experiencing, or follow these simple steps to keep your computer clean in the future:

Click Start then Run....
  • Type Combofix /u in the runbox and click OK. (Note: The space between the x and the /u needs to be there)

    Posted Image

  • This will uninstall Combofix.
Make your Internet Explorer More Secure - Please read and follow the recommendations at this site - http://surfthenetsafely.com/ieseczone8.htm

Use a Firewall - Without a firewall your computer is susceptible to being hacked and taken over. The Windows firewall isn't sufficient as it only monitors incoming connections.

Here are a few (free) firewalls, please download and install one of them:
Visit Microsoft's Update Site Frequently - It is important that you visit http://update.microsoft.com/ regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Install WinPatrol - An excellent startup manager, notifies you if programs are added to startup, allows delayed startup, ... A must have! An installation guide can be found here: http://www.winpatrol.com/download.html

Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A tutorial can be found here: http://www.bleepingcomputer.com/tutorials/use-spywareblaster-to-protect-your-computer/

Update All Your Security Programs Regularly - Make sure you update all your security programs (Anti-Virus, Firewall, Anti-Spyware) regularly (once a weak, at least). Without regular updates you WILL NOT be protected when new malicious programs are released.

You can also read this excellent article by TonyKlein: So how did I get infected in the first place?

Follow this list and your potential for being infected again will reduce dramatically.

Stand Up and Be Counted! - Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints: Malware Complaints. You have to be registered to post. After registering just find your country room and register your complaint. The infection you had was Vundo (Virtumundo).
Simon V.

Posted Image
Posted Image

So How Did I Get Infected In The First Place?
Stand Up and Be Counted!

My help at this forum is free, but if you wish to make a donation to help me continue the fight against malware - click here.

#9 fita1440

fita1440
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:06 AM

Posted 15 July 2008 - 12:27 PM

Thanks a bunch, i really appreciate this. Its my work computer and heaven forbid i should have problems. LOL Have a great day.
Chris

#10 Simon V.

Simon V.

  • Members
  • 439 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:06 PM

Posted 15 July 2008 - 12:53 PM

Thanks a bunch, i really appreciate this.

You're welcome :thumbsup:

Since this issue appears to be resolved ... this topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a new topic.


Simon V.

Posted Image
Posted Image

So How Did I Get Infected In The First Place?
Stand Up and Be Counted!

My help at this forum is free, but if you wish to make a donation to help me continue the fight against malware - click here.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users