Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32/heur Avg Detection


  • Please log in to reply
7 replies to this topic

#1 kid_drew

kid_drew

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 24 July 2008 - 12:00 PM

AVG is reporting a Win32/Heur detection in one file, and I can't seem to do anything to it (delete, copy, upload, delete on windows boot). This line specifically points to the issue:

O20 - Winlogon Notify: djepivku - C:\WINDOWS\SYSTEM32\hunyefj.dll

Any ideas?





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:58:50 AM, on 7/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\Lexmark 5400 Series\lxctmon.exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trillian\trillian.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\Andrew Hunter\eaxc.exe \s
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {558DBB75-D56C-4F6B-94B7-03A282E5DA81} - c:\windows\system32\hunyefj.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {B010EE71-858E-4B13-B7A6-6DCCAB051D57} - C:\DOCUME~1\ANDREW~1\LOCALS~1\Temp\gtapil.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Copy of Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E702C20-E40D-46BF-B55C-2F643E3A77F1}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{1E702C20-E40D-46BF-B55C-2F643E3A77F1}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS2\Services\Tcpip\..\{1E702C20-E40D-46BF-B55C-2F643E3A77F1}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: djepivku - C:\WINDOWS\SYSTEM32\hunyefj.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 6934 bytes

BC AdBot (Login to Remove)

 


#2 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:02 AM

Posted 24 July 2008 - 01:21 PM

Hello.

Please download Malwarebytes' Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Double-click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • If you have trouble with the update process, please download the latest updates here.
  • Double-click the mbam-rules.exe file on your desktop and let it update the application.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (see extra note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Please copy and paste the entire report in your next reply. :thumbsup:
Extra note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

===

Please download Deckard's System Scanner (DSS) to your desktop.
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, a text file will open - Main.txt
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of Main.txt in your thread in the HijackThis Log Help Forum.
  • A folder, C:\Deckard\System Scanner, will also open. In it will be another text file, Extra.txt.
  • Please also copy the contents of Extra.txt to your post as well.
  • Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.
  • What DSS will do:
  • create a new System Restore point in Windows XP and Vista.
  • clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
  • check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image

#3 kid_drew

kid_drew
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 24 July 2008 - 06:05 PM

Here are the results:

Malwarebyte:
Malwarebytes' Anti-Malware 1.23
Database version: 986
Windows 5.1.2600 Service Pack 2

4:03:25 PM 7/24/2008
mbam-log-7-24-2008 (16-03-25).txt

Scan type: Quick Scan
Objects scanned: 63122
Time elapsed: 14 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 4
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WinOpts (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\toolbox.bat (Trojan.Agent) -> Quarantined and deleted successfully.


main.txt:
Deckard's System Scanner v20071014.68
Run by Andrew Hunter on 2008-07-24 16:07:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-07-24 21:07:55 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Andrew Hunter.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:08:49 PM, on 7/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\Lexmark 5400 Series\lxctmon.exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\Program Files\Trillian\trillian.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
I:\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Andrew Hunter.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\Andrew Hunter\eaxc.exe \s,
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {558DBB75-D56C-4F6B-94B7-03A282E5DA81} - c:\windows\system32\hunyefj.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Copy of Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E702C20-E40D-46BF-B55C-2F643E3A77F1}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{1E702C20-E40D-46BF-B55C-2F643E3A77F1}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS2\Services\Tcpip\..\{1E702C20-E40D-46BF-B55C-2F643E3A77F1}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: djepivku - C:\WINDOWS\SYSTEM32\hunyefj.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 6776 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080724-114718-447 O20 - Winlogon Notify: djepivku - C:\WINDOWS\SYSTEM32\hunyefj.dll
backup-20080724-120047-858 O2 - BHO: (no name) - {558DBB75-D56C-4F6B-94B7-03A282E5DA81} - c:\windows\system32\hunyefj.dll
backup-20080724-120118-400 O2 - BHO: (no name) - {B010EE71-858E-4B13-B7A6-6DCCAB051D57} - C:\DOCUME~1\ANDREW~1\LOCALS~1\Temp\gtapil.dll (file missing)
backup-20080724-120147-203 O2 - BHO: (no name) - {558DBB75-D56C-4F6B-94B7-03A282E5DA81} - c:\windows\system32\hunyefj.dll
backup-20080724-120147-660 O20 - Winlogon Notify: djepivku - C:\WINDOWS\SYSTEM32\hunyefj.dll

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 uckkagnh - c:\windows\system32\drivers\uckkagnh.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R1 BIOS - c:\windows\system32\drivers\bios.sys <Not Verified; BIOSTAR Group; BIOSTAR I/O driver fle>
R1 StyleXPHelper - c:\program files\tgtsoft\stylexp\stylexphelper.exe <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R3 pgfilter - c:\program files\peerguardian2\pgfilter.sys
R3 vsbus (Virtual Serial Bus Enumerator) - c:\windows\system32\drivers\vsb.sys <Not Verified; ELTIMA Software; ELTIMA Virtual Serial Bus>

S3 vserial (ELTIMA Virtual Serial Ports Driver) - c:\windows\system32\drivers\vserial.sys <Not Verified; ELTIMA Software; ELTIMA Virtual Serial Ports>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 Logitech Easy Synchronization - c:\program files\logitech\easy synchronization\servicestub.exe
R2 StyleXPService - "c:\program files\tgtsoft\stylexp\stylexpservice.exe" <Not Verified; ; StyleXPService Module>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: PS/2 Keyboard
Device ID: ACPI\PNP0303\3&267A616A&0
Manufacturer: Logitech
Name: PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\3&267A616A&0
Service: i8042prt


-- Scheduled Tasks -------------------------------------------------------------

2008-07-24 16:04:36 434 --a------ C:\WINDOWS\Tasks\At1.job
2008-07-16 12:29:53 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-06-24 and 2008-07-24 -----------------------------

2008-07-24 13:33:14 0 d-------- C:\Documents and Settings\Andrew Hunter\Application Data\Malwarebytes
2008-07-24 13:33:10 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-24 13:33:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-24 11:46:08 0 d-------- C:\Program Files\Trend Micro
2008-07-24 10:38:47 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-07-24 10:38:47 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-07-24 10:38:47 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-07-24 10:38:47 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-07-24 10:38:47 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-07-24 10:38:47 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-07-24 10:38:47 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-07-24 10:38:47 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-07-24 10:38:47 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-07-24 10:38:47 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-07-24 10:38:47 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-07-24 10:38:47 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-07-24 10:38:47 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-07-24 10:38:47 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-24 10:25:10 0 d--h----- C:\$AVG8.VAULT$
2008-07-24 10:24:38 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-24 10:24:34 0 d-------- C:\Program Files\AVG
2008-07-24 10:24:34 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-21 22:38:52 0 d---s---- C:\Documents and Settings\Andrew Hunter\UserData
2008-07-19 21:52:31 0 d-------- C:\Documents and Settings\Andrew Hunter\Application Data\CyberLink
2008-07-19 21:49:29 0 d-------- C:\Program Files\Cyberlink
2008-07-19 21:49:29 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-07-19 21:49:20 0 d-------- C:\Program Files\Common Files\CyberLink
2008-07-17 10:15:51 0 d-------- C:\Documents and Settings\Andrew Hunter\Application Data\WinRAR
2008-07-17 00:31:39 0 d-------- C:\Documents and Settings\Andrew Hunter\Application Data\Apple Computer
2008-07-16 13:04:41 0 d-------- C:\Program Files\eMule
2008-07-16 12:30:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-16 12:29:51 0 d-------- C:\Program Files\Apple Software Update
2008-07-16 12:29:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-07-16 12:28:29 0 d-------- C:\Program Files\QuickTime
2008-07-14 10:31:16 0 d-------- C:\Documents and Settings\Andrew Hunter\Application Data\Google
2008-07-14 10:31:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-07-14 10:31:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-14 10:31:01 0 d-------- C:\Program Files\Google
2008-07-13 22:06:48 0 d-------- C:\Program Files\uTorrent
2008-07-13 22:06:36 0 d-------- C:\Documents and Settings\Andrew Hunter\Application Data\uTorrent
2008-07-13 19:43:03 0 d-------- C:\cygwin
2008-07-13 19:32:03 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-12 13:42:39 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-07-12 13:42:39 765952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-07-12 13:42:39 0 d-------- C:\Program Files\Xvid
2008-07-12 13:35:07 0 d-------- C:\Program Files\PeerGuardian2
2008-07-11 14:51:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-07-11 14:51:16 0 d-------- C:\Program Files\Bonjour
2008-07-11 14:43:21 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-07-11 14:40:56 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-11 14:04:35 0 d-------- C:\Documents and Settings\Andrew Hunter\Application Data\5400 Series
2008-06-30 23:46:58 0 d-------- C:\Program Files\lx_cats
2008-06-30 23:45:55 12288 --a------ C:\WINDOWS\system32\lxctpmrc.dll <Not Verified; Lexmark International, Inc.; Lexmark Fax Solutions Software Print Monitor>
2008-06-30 23:45:55 40960 --a------ C:\WINDOWS\system32\lxctpmon.dll <Not Verified; ; Lexmark Fax Solutions Software>
2008-06-30 23:45:55 32768 --a------ C:\WINDOWS\system32\LXCTFXPU.DLL <Not Verified; ; Lexmark Fax Solutions Software>
2008-06-30 23:45:55 98345 --a------ C:\WINDOWS\system32\IMHOST32.DLL <Not Verified; Data Techniques, Inc.; ImageMan Image Processing Toolkit>
2008-06-30 23:45:55 339968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL <Not Verified; Data Techniques, Inc.; ImageMan Image Processing Toolkit>
2008-06-30 23:45:46 0 d-------- C:\Documents and Settings\All Users\Application Data\5400 Series
2008-06-30 23:45:39 0 d-------- C:\Program Files\Lexmark Toolbar
2008-06-30 23:44:09 0 d-------- C:\Program Files\Lexmark 5400 Series
2008-06-30 23:44:00 274432 --a------ C:\WINDOWS\system32\LXCTinst.dll
2008-06-30 23:43:39 0 d-------- C:\drivers
2008-06-30 23:31:42 0 d-------- C:\Program Files\StormII
2008-06-26 21:54:14 0 d-------- C:\Documents and Settings\Andrew Hunter\Application Data\Media Player Classic
2008-06-26 20:22:45 1566 --a------ C:\Documents and Settings\Andrew Hunter\_viminfo
2008-06-26 20:21:33 0 d-------- C:\Program Files\Vim
2008-06-26 12:38:26 0 d-------- C:\WINDOWS\Sun
2008-06-26 12:38:26 0 d-------- C:\Documents and Settings\Andrew Hunter\Application Data\Sun
2008-06-26 12:33:31 0 d-------- C:\Program Files\Java
2008-06-26 12:33:09 0 d-------- C:\Program Files\Common Files\Java
2008-06-25 16:56:52 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-06-25 16:56:52 0 d-------- C:\Documents and Settings\Andrew Hunter\Application Data\skypePM
2008-06-25 16:55:49 0 d-------- C:\Documents and Settings\Andrew Hunter\Application Data\Skype
2008-06-25 16:54:47 0 d-------- C:\Program Files\Skype
2008-06-25 16:54:47 0 d-------- C:\Program Files\Common Files\Skype
2008-06-25 16:54:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-06-25 16:36:39 31 --a------ C:\web3.bat
2008-06-25 16:36:30 31 --a------ C:\web2.bat
2008-06-25 16:36:00 31 --a------ C:\web1.bat
2008-06-25 12:20:17 0 d-------- C:\Documents and Settings\Andrew Hunter\Bluetooth Software
2008-06-25 12:20:01 0 d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-06-25 12:18:34 0 d-------- C:\Documents and Settings\LocalService\Application Data\Logitech
2008-06-25 12:18:29 0 d-------- C:\Documents and Settings\Andrew Hunter\Application Data\Logitech
2008-06-25 12:18:24 47104 --a------ C:\WINDOWS\system32\drivers\vserial.sys <Not Verified; ELTIMA Software; ELTIMA Virtual Serial Ports>
2008-06-25 12:18:24 18167 --a------ C:\WINDOWS\system32\drivers\vsb.sys <Not Verified; ELTIMA Software; ELTIMA Virtual Serial Bus>
2008-06-25 12:16:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-06-25 12:16:58 0 d-------- C:\Program Files\Common Files\Logishrd
2008-06-25 12:15:44 0 d-------- C:\Program Files\WIDCOMM
2008-06-25 12:15:33 0 d-------- C:\Program Files\Logitech
2008-06-25 12:15:32 0 d-------- C:\Documents and Settings\Andrew Hunter\Application Data\InstallShield
2008-06-25 12:13:28 0 d-------- C:\Documents and Settings\Andrew Hunter\Application Data\Macromedia
2008-06-25 12:13:26 0 d-------- C:\Documents and Settings\Andrew Hunter\Application Data\Adobe
2008-06-25 11:34:42 49152 --a------ C:\WINDOWS\system32\ChCfg.exe
2008-06-25 11:34:30 0 d-------- C:\Program Files\Realtek AC97
2008-06-25 11:34:28 315392 --a------ C:\WINDOWS\alcupd.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Update driver Tool>
2008-06-25 11:32:09 13696 -ra------ C:\WINDOWS\system32\drivers\BIOS.sys <Not Verified; BIOSTAR Group; BIOSTAR I/O driver fle>
2008-06-25 11:32:04 454656 --a------ C:\putty.exe <Not Verified; Simon Tatham; PuTTY suite>
2008-06-25 11:30:39 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-25 11:30:02 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-06-25 11:29:44 0 d-------- C:\Program Files\VIA
2008-06-25 11:29:40 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-25 11:26:48 0 d-------- C:\WINDOWS\RegisteredPackages
2008-06-25 11:26:40 0 d-------- C:\Program Files\XP Codec Pack
2008-06-25 11:26:19 0 d-------- C:\Program Files\Winamp
2008-06-25 11:26:19 0 d-------- C:\Documents and Settings\Andrew Hunter\Application Data\Winamp
2008-06-25 11:25:11 0 d-------- C:\Program Files\Trillian
2008-06-25 11:22:05 0 d-------- C:\Program Files\TGTSoft
2008-06-25 11:20:51 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-25 11:20:49 0 d-------- C:\Documents and Settings\Andrew Hunter\Application Data\Mozilla
2008-06-25 11:16:57 0 d-------- C:\Documents and Settings\Andrew Hunter\Application Data\Identities
2008-06-25 11:16:52 0 d--h----- C:\Documents and Settings\Andrew Hunter\Templates
2008-06-25 11:16:52 0 dr------- C:\Documents and Settings\Andrew Hunter\Start Menu
2008-06-25 11:16:52 0 dr-h----- C:\Documents and Settings\Andrew Hunter\SendTo
2008-06-25 11:16:52 0 dr-h----- C:\Documents and Settings\Andrew Hunter\Recent
2008-06-25 11:16:52 0 d--h----- C:\Documents and Settings\Andrew Hunter\PrintHood
2008-06-25 11:16:52 0 d--h----- C:\Documents and Settings\Andrew Hunter\NetHood
2008-06-25 11:16:52 0 d--h----- C:\Documents and Settings\Andrew Hunter\Local Settings
2008-06-25 11:16:52 0 dr------- C:\Documents and Settings\Andrew Hunter\Favorites
2008-06-25 11:16:52 0 d-------- C:\Documents and Settings\Andrew Hunter\Desktop
2008-06-25 11:16:52 0 d---s---- C:\Documents and Settings\Andrew Hunter\Cookies
2008-06-25 11:16:52 0 dr-h----- C:\Documents and Settings\Andrew Hunter\Application Data
2008-06-25 11:16:51 1835008 --ah----- C:\Documents and Settings\Andrew Hunter\NTUSER.DAT
2008-06-25 11:12:40 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-06-25 11:12:32 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-06-25 11:12:32 0 d-------- C:\WINDOWS\Prefetch
2008-06-25 11:12:31 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-06-25 11:12:31 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-06-25 11:12:31 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2008-06-25 11:12:31 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-06-25 11:12:31 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-06-25 11:12:24 262144 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-06-25 11:12:24 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-06-25 11:12:24 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-06-25 11:12:24 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-06-25 11:12:24 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-06-25 11:09:53 0 d-------- C:\WINDOWS\system32\xircom
2008-06-25 11:09:53 0 d-------- C:\Program Files\microsoft frontpage
2008-06-25 11:09:45 225280 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-06-25 11:09:38 0 -rahs---- C:\MSDOS.SYS
2008-06-25 11:09:38 0 -rahs---- C:\IO.SYS
2008-06-25 11:09:38 0 --a------ C:\CONFIG.SYS
2008-06-25 11:09:38 0 --a------ C:\AUTOEXEC.BAT
2008-06-25 11:08:34 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-06-25 11:08:26 0 dr------- C:\WINDOWS\Offline Web Pages
2008-06-25 11:08:26 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-06-25 11:08:17 0 d--h----- C:\Program Files\WindowsUpdate
2008-06-25 11:07:59 0 d-------- C:\WINDOWS\system32\DirectX
2008-06-25 11:07:28 0 d---s---- C:\WINDOWS\Tasks
2008-06-25 11:07:27 0 d-------- C:\Program Files\Common Files\MSSoap
2008-06-25 11:07:23 0 d-------- C:\WINDOWS\srchasst
2008-06-25 11:07:22 0 d-------- C:\WINDOWS\system32\Macromed
2008-06-25 11:07:15 0 d-------- C:\Program Files\Movie Maker
2008-06-25 11:07:08 0 d-------- C:\WINDOWS\system32\Restore
2008-06-25 11:06:31 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-06-25 11:06:15 0 d-------- C:\WINDOWS\Registration
2008-06-25 11:06:08 0 d-------- C:\Program Files\Online Services
2008-06-25 11:06:03 0 d-------- C:\Program Files\Messenger
2008-06-25 11:05:59 0 d-------- C:\Program Files\MSN Gaming Zone
2008-06-25 11:05:24 0 d-------- C:\Program Files\Windows NT
2008-06-25 11:05:21 0 d-------- C:\WINDOWS\system32\MsDtc
2008-06-25 11:05:20 0 d-------- C:\WINDOWS\system32\Com
2008-06-25 05:57:59 0 d--hs---- C:\WINDOWS\Installer
2008-06-25 05:57:59 0 d-------- C:\Program Files\Common Files\ODBC
2008-06-25 05:57:56 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-06-25 05:57:55 0 dr------- C:\Program Files
2008-06-25 05:57:55 0 d-------- C:\Program Files\Common Files
2008-06-25 05:57:33 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-06-25 05:57:33 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-06-25 05:57:33 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-06-25 05:57:33 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-06-25 05:57:33 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-06-25 05:57:33 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-06-25 05:57:33 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-06-25 05:57:33 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-06-25 05:57:33 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-06-25 05:57:33 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-06-25 05:57:33 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-06-25 05:57:33 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-06-25 05:57:33 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-06-25 05:57:33 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-06-25 05:57:33 0 dr------- C:\Documents and Settings\All Users\Documents
2008-06-25 05:57:33 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-06-25 05:57:20 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-06-25 05:57:19 0 d-------- C:\WINDOWS\system32\CatRoot
2008-06-25 05:57:14 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-06-25 05:57:14 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-06-25 05:57:14 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-06-25 05:57:14 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-06-25 05:56:51 0 d--hs---- C:\System Volume Information
2008-06-25 05:56:51 0 d-------- C:\Documents and Settings
2008-06-25 05:51:32 0 d-------- C:\WINDOWS
2008-06-25 05:51:32 0 d-------- C:\WINDOWS\WinSxS
2008-06-25 05:51:32 0 dr------- C:\WINDOWS\Web
2008-06-25 05:51:32 0 d-------- C:\WINDOWS\twain_32
2008-06-25 05:51:32 0 d-------- C:\WINDOWS\system32
2008-06-25 05:51:32 0 d-------- C:\WINDOWS\system32\wins
2008-06-25 05:51:32 0 d-------- C:\WINDOWS\system32\wbem
2008-06-25 05:51:32 0 d-------- C:\WINDOWS\system32\usmt
2008-06-25 05:51:32 0 d-------- C:\WINDOWS\system32\spool
2008-06-25 05:51:32 0 d-------- C:\WINDOWS\system32\ShellExt
2008-06-25 05:51:32 0 d-------- C:\WINDOWS\system32\Setup
2008-06-25 05:51:32 0 d-------- C:\WINDOWS\system32\ras
2008-06-25 05:51:32 0 d-------- C:\WINDOWS\system32\oobe
2008-06-25 05:51:32 0 d-------- C:\WINDOWS\system32\npp
2008-06-25 05:51:32 0 d-------- C:\WINDOWS\system32\mui
2008-06-25 05:51:32 0 d-------- C:\WINDOWS\system32\inetsrv
2008-06-25 05:51:32 0 d-------- C:\WINDOWS\system32\IME
2008-06-25 05:51:32 0 d-------- C:\WINDOWS\system32\icsxml
2008-06-25 05:51:32 0 d-------- C:\WINDOWS\system32\ias
2008-06-25 05:51:32 0 d-------- C:\WINDOWS\system32\export
2008-06-25 05:51:32 0 d-------- C:\WINDOWS\system32\drivers
2008-06-25 05:51:32 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-06-25 05:51:32 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-06-25 05:51:32 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-06-25 05:51:32 0 d-------- C:\WINDOWS\system32\dhcp
2008-06-25 05:51:32 0 d-------- C:\WINDOWS\system32\config
2008-06-25 05:51:32 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-06-25 05:51:32 0 d-------- C:\WINDOWS\system32\3076
2008-06-25 05:51:32 0 d-------- C:\WINDOWS\system32\2052
2008-06-25 05:51:32 0 d-------- C:\WINDOWS\system32\1054
2008-06-25 05:51:32 0 d-------- C:\WINDOWS\system32\1042
2008-06-25 05:51:32 0 d-------- C:\WINDOWS\system32\1041
2008-06-25 05:51:32 0 d-------- C:\WINDOWS\system32\1037
2008-06-25 05:51:32 0 d-------- C:\WINDOWS\system32\1033
2008-06-25 05:51:32 0 d-------- C:\WINDOWS\system32\1031
2008-06-25 05:51:32 0 d-------- C:\WINDOWS\system32\1028
2008-06-25 05:51:32 0 d-------- C:\WINDOWS\system32\1025
2008-06-25 05:51:32 0 d-------- C:\WINDOWS\system
2008-06-25 05:51:32 0 d-------- C:\WINDOWS\security
2008-06-25 05:51:32 0 d-------- C:\WINDOWS\Resources
2008-06-25 05:51:32 0 d-------- C:\WINDOWS\repair
2008-06-25 05:51:32 0 d-------- C:\WINDOWS\Provisioning
2008-06-25 05:51:32 0 d-------- C:\WINDOWS\PeerNet
2008-06-25 05:51:32 0 d-------- C:\WINDOWS\pchealth
2008-06-25 05:51:32 0 d-------- C:\WINDOWS\mui
2008-06-25 05:51:32 0 d-------- C:\WINDOWS\msapps
2008-06-25 05:51:32 0 d-------- C:\WINDOWS\msagent
2008-06-25 05:51:32 0 d-------- C:\WINDOWS\Media
2008-06-25 05:51:32 0 d-------- C:\WINDOWS\java
2008-06-25 05:51:32 0 d--h----- C:\WINDOWS\inf
2008-06-25 05:51:32 0 d-------- C:\WINDOWS\ime
2008-06-25 05:51:32 0 d-------- C:\WINDOWS\Help
2008-06-25 05:51:32 0 dr--s---- C:\WINDOWS\Fonts
2008-06-25 05:51:32 0 d-------- C:\WINDOWS\ehome
2008-06-25 05:51:32 0 d-------- C:\WINDOWS\Driver Cache
2008-06-25 05:51:32 0 d-------- C:\WINDOWS\Debug
2008-06-25 05:51:32 0 d-------- C:\WINDOWS\Cursors
2008-06-25 05:51:32 0 d-------- C:\WINDOWS\Connection Wizard
2008-06-25 05:51:32 0 d-------- C:\WINDOWS\Config
2008-06-25 05:51:32 0 d-------- C:\WINDOWS\AppPatch
2008-06-25 05:51:32 0 d-------- C:\WINDOWS\addins


-- Find3M Report ---------------------------------------------------------------

2008-06-25 05:57:33 62 --ahs---- C:\Documents and Settings\Andrew Hunter\Application Data\desktop.ini
2008-06-12 11:25:06 962560 --a------ C:\WINDOWS\system32\VSFilter.dll <Not Verified; Gabest; VSFilter>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{558DBB75-D56C-4F6B-94B7-03A282E5DA81}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [08/03/2006 05:12 AM C:\WINDOWS\soundman.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [02/29/2008 03:12 AM C:\WINDOWS\KHALMNPR.Exe]
"Bluetooth Connection Assistant"="LBTWIZ.exe" []
"lxctmon.exe"="C:\Program Files\Lexmark 5400 Series\lxctmon.exe" [01/11/2007 01:57 PM]
"Lexmark 5400 Series Fax Server"="C:\Program Files\Lexmark 5400 Series\fm3032.exe" [07/10/2006 10:30 PM]
"EzPrint"="C:\Program Files\Lexmark 5400 Series\ezprint.exe" [06/07/2006 02:05 AM]
"LXCTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [06/07/2006 11:09 AM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/24/2008 10:24 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [05/24/2006 01:31 PM]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [09/18/2005 06:40 PM]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [07/13/2008 10:06 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/14/2008 10:31 AM]

C:\Documents and Settings\Andrew Hunter\Start Menu\Programs\Startup\
Copy of Trillian.lnk - C:\Program Files\Trillian\trillian.exe [5/19/2008]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [11/29/2006 10:37:20 PM]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [6/25/2008 12:17:08 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{FE24CD78-7C63-465D-8787-4EDF7FC79895}"= C:\Program Files\Logitech\Easy Synchronization\shellexecutehook.dll [10/05/2005 12:00 PM 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\Andrew Hunter\eaxc.exe \s,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\djepivku]
hunyefj.dll 08/04/2004 07:00 AM 104960 C:\WINDOWS\system32\hunyefj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll 05/02/2008 02:42 AM 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
kgiilohl

*Newly Created Service* - PGFILTER



-- End of Deckard's System Scanner: finished at 2008-07-24 16:09:45 ------------


extra.txt:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 3200+
Percentage of Memory in Use: 22%
Physical Memory (total/avail): 2046.42 MiB / 1588.34 MiB
Pagefile Memory (total/avail): 3939.27 MiB / 3587.84 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1925.4 MiB

C: is Fixed (NTFS) - 30.05 GiB total, 20.78 GiB free.
D: is Fixed (NTFS) - 14.29 GiB total, 0.84 GiB free.
F: is Removable (No Media)
G: is CDROM (No Media)
I: is Fixed (NTFS) - 81.74 GiB total, 42.78 GiB free.

\\.\PHYSICALDRIVE1 - IBM-DTLA-307015 - 14.3 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 14.29 GiB - D:

\\.\PHYSICALDRIVE0 - WDC WD1200JB-00DUA3 - 111.79 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 30.05 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 81.74 GiB - I:

\\.\PHYSICALDRIVE2 - Lexmark USB Mass Storage USB Device



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.

AV: AVG Anti-Virus Free v8.0 (AVG Technologies)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"I:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8\\PowerDVD8.exe"="I:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8\\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\lxctcoms.exe"="C:\\WINDOWS\\system32\\lxctcoms.exe:*:Enabled:Lexmark Communications System"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\WINDOWS\\system32\\grcbqoj.exe"="C:\\WINDOWS\\system32\\grcbqoj.exe:*:Enabled:ENABLE"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"I:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8\\PowerDVD8.exe"="I:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8\\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Documents and Settings\\Andrew Hunter\\eaxc.exe"="C:\\Documents and Settings\\Andrew Hunter\\eaxc.exe:*:Enabled:ENABLE"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Andrew Hunter\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ANDREW
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Andrew Hunter
LOGONSERVER=\\ANDREW
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem; c:\;C:\Program Files\Vim\vim71;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 95 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=5f02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ANDREW~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ANDREW~1\LOCALS~1\Temp
USERDOMAIN=ANDREW
USERNAME=Andrew Hunter
USERPROFILE=C:\Documents and Settings\Andrew Hunter
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Andrew Hunter (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Setup --> MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
CDDRV_Installer --> MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
CyberLink PowerDVD 8 --> "C:\Program Files\InstallShield Installation Information\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\setup.exe" /z-uninstall
eMule --> "C:\Program Files\eMule\Uninstall.exe"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Java™ 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
KhalInstallWrapper --> MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
Lexmark 5400 Series --> C:\Program Files\Lexmark 5400 Series\Install\x86\Uninst.exe
Logitech SetPoint --> C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0009 -removeonly
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mobile Phone Suite Easy Synchronization --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC134D03-97F1-45B9-B32A-52E885AFA895}\setup.exe" -l0x9
Mozilla Firefox (3.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PeerGuardian 2.0 --> "C:\Program Files\PeerGuardian2\unins000.exe"
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
Skype™ 3.8 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
StyleXP (remove only) --> "C:\Program Files\TGTSoft\StyleXP\StyleXP-uninstall.exe"
Trillian --> C:\Program Files\Trillian\trillian.exe /uninstall
VIA Platform Device Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
Vim 7.1 (self-installing) --> C:\Program Files\Vim\vim71\uninstall-gui.exe
WIDCOMM Bluetooth Software --> MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6}
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XP Codec Pack --> C:\Program Files\XP Codec Pack\Uninstall.exe
Xvid 1.1.3 final uninstall --> "C:\Program Files\Xvid\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type311 / Error
Event Submitted/Written: 07/24/2008 11:37:28 AM
Event ID/Source: 8193 / VSS
Event Description:
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.

Event Record #/Type310 / Error
Event Submitted/Written: 07/24/2008 11:37:28 AM
Event ID/Source: 4609 / EventSystem
Event Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 800706BA from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Event Record #/Type289 / Error
Event Submitted/Written: 07/24/2008 10:28:04 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.9.0.3105, faulting module msvcr80.dll, version 8.0.50727.762, fault address 0x0004ef67.
Processing media-specific event for [firefox.exe!ws!]

Event Record #/Type236 / Error
Event Submitted/Written: 07/19/2008 10:09:39 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application mplayerc.exe, version 6.4.9.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type226 / Error
Event Submitted/Written: 07/19/2008 09:57:48 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application wmplayer.exe, version 10.0.0.3802, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type819 / Error
Event Submitted/Written: 07/24/2008 04:06:22 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Bluetooth Virtual Communications Helper service terminated with the following error:
%%5

Event Record #/Type818 / Error
Event Submitted/Written: 07/24/2008 04:06:20 PM
Event ID/Source: 19 / Print
Event Description:
Sharing printer failed + 1722, Printer Lexmark 5400 Series share name Lexmark.

Event Record #/Type813 / Error
Event Submitted/Written: 07/24/2008 11:58:14 AM
Event ID/Source: 8032 / BROWSER
Event Description:
The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{1E702C20-E40D-46BF-B55C-2F643E3A77F1}.
The backup browser is stopping.

Event Record #/Type812 / Warning
Event Submitted/Written: 07/24/2008 11:54:48 AM
Event ID/Source: 8021 / BROWSER
Event Description:
The browser was unable to retrieve a list of servers from the browser master \\ANDREW-LAPTOP on the network \Device\NetBT_Tcpip_{1E702C20-E40D-46BF-B55C-2F643E3A77F1}.
The data is the error code.

Event Record #/Type795 / Error
Event Submitted/Written: 07/24/2008 11:53:56 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Bluetooth Virtual Communications Helper service terminated with the following error:
%%5



-- End of Deckard's System Scanner: finished at 2008-07-24 16:09:45 ------------

#4 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:02 AM

Posted 24 July 2008 - 07:00 PM

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix


Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image

#5 kid_drew

kid_drew
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 25 July 2008 - 01:20 AM

ComboFix 08-07-24.1 - Andrew Hunter 2008-07-25 1:05:08.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1426 [GMT -5:00]
Running from: I:\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Tasks.\At1.job
C:\WINDOWS\system32\hunyefj.dll . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_KGIILOHL
-------\Service_kgiilohl


((((((((((((((((((((((((( Files Created from 2008-06-25 to 2008-07-25 )))))))))))))))))))))))))))))))
.

2008-07-24 13:34 . 2008-07-24 13:34 <DIR> d-------- C:\Deckard
2008-07-24 13:33 . 2008-07-24 13:33 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-24 13:33 . 2008-07-24 13:33 <DIR> d-------- C:\Documents and Settings\Andrew Hunter\Application Data\Malwarebytes
2008-07-24 13:33 . 2008-07-24 13:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-24 13:33 . 2008-07-23 20:09 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-24 13:33 . 2008-07-23 20:09 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-24 11:46 . 2008-07-24 11:46 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-24 10:38 . 2008-07-24 10:38 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-24 10:25 . 2008-07-24 17:05 <DIR> d--h----- C:\$AVG8.VAULT$
2008-07-24 10:24 . 2008-07-24 15:46 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-24 10:24 . 2008-07-24 10:24 <DIR> d-------- C:\Program Files\AVG
2008-07-24 10:24 . 2008-07-24 10:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-24 10:24 . 2008-07-24 10:24 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-24 10:24 . 2008-07-24 10:24 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-24 10:24 . 2008-07-24 10:24 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-07-21 22:38 . 2008-07-21 22:38 <DIR> d---s---- C:\Documents and Settings\Andrew Hunter\UserData
2008-07-19 21:52 . 2008-07-19 21:52 <DIR> d-------- C:\Documents and Settings\Andrew Hunter\Application Data\CyberLink
2008-07-19 21:49 . 2008-07-19 21:49 <DIR> d-------- C:\Program Files\Cyberlink
2008-07-19 21:49 . 2008-07-19 21:49 <DIR> d-------- C:\Program Files\Common Files\CyberLink
2008-07-19 21:49 . 2008-07-19 21:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-07-19 21:48 . 2008-07-19 21:47 505,128 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-07-19 21:48 . 2008-07-19 21:47 29,480 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-07-17 00:31 . 2008-07-17 00:31 <DIR> d-------- C:\Documents and Settings\Andrew Hunter\Application Data\Apple Computer
2008-07-16 13:04 . 2008-07-17 09:40 <DIR> d-------- C:\Program Files\eMule
2008-07-16 12:30 . 2008-07-16 12:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-16 12:29 . 2008-07-16 12:29 <DIR> d-------- C:\Program Files\Apple Software Update
2008-07-16 12:29 . 2008-07-16 12:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-07-16 12:28 . 2008-07-16 12:30 <DIR> d-------- C:\Program Files\QuickTime
2008-07-14 10:31 . 2008-07-14 10:31 <DIR> d-------- C:\Program Files\Google
2008-07-14 10:31 . 2008-07-24 21:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-13 22:06 . 2008-07-13 22:06 <DIR> d-------- C:\Program Files\uTorrent
2008-07-13 22:06 . 2008-07-25 01:07 <DIR> d-------- C:\Documents and Settings\Andrew Hunter\Application Data\uTorrent
2008-07-13 19:43 . 2008-07-13 19:48 <DIR> d-------- C:\cygwin
2008-07-13 19:32 . 2008-07-13 19:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-12 13:42 . 2008-07-12 13:42 <DIR> d-------- C:\Program Files\Xvid
2008-07-12 13:42 . 2008-04-27 10:33 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-07-12 13:42 . 2008-04-27 10:35 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-07-12 13:42 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2008-07-12 13:35 . 2008-07-25 01:10 <DIR> d-------- C:\Program Files\PeerGuardian2
2008-07-11 14:51 . 2008-07-11 14:51 <DIR> d-------- C:\Program Files\Bonjour
2008-07-11 14:43 . 2008-07-11 14:43 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-07-11 14:40 . 2008-07-11 14:51 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-07-11 14:04 . 2008-07-11 14:04 <DIR> d-------- C:\Documents and Settings\Andrew Hunter\Application Data\5400 Series
2008-06-30 23:46 . 2008-07-25 01:10 <DIR> d-------- C:\Program Files\lx_cats
2008-06-30 23:46 . 2006-06-20 12:40 692,224 --a------ C:\WINDOWS\system32\lxctdrs.dll
2008-06-30 23:46 . 2006-07-11 17:54 335,872 --a------ C:\WINDOWS\system32\lxctcoin.dll
2008-06-30 23:46 . 2001-08-17 22:36 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2008-06-30 23:46 . 2001-08-17 22:36 87,040 --a--c--- C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2008-06-30 23:46 . 2006-05-18 10:01 65,536 --a------ C:\WINDOWS\system32\lxctcaps.dll
2008-06-30 23:46 . 2006-05-03 13:31 61,440 --a------ C:\WINDOWS\system32\lxctcnv4.dll
2008-06-30 23:46 . 2005-06-24 01:37 40,960 --a------ C:\WINDOWS\system32\lxctvs.dll
2008-06-30 23:46 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-06-30 23:46 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-06-30 23:45 . 2008-06-30 23:45 <DIR> d-------- C:\Program Files\Lexmark Toolbar
2008-06-30 23:45 . 2008-06-30 23:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\5400 Series
2008-06-30 23:45 . 2006-04-26 09:15 339,968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL
2008-06-30 23:45 . 2006-04-26 09:15 98,345 --a------ C:\WINDOWS\system32\IMHOST32.DLL
2008-06-30 23:45 . 2006-04-26 09:15 98,304 --a------ C:\WINDOWS\system32\IM31XPNG.DEL
2008-06-30 23:45 . 2006-04-26 09:15 69,632 --a------ C:\WINDOWS\system32\IM31XTIF.DEL
2008-06-30 23:45 . 2006-04-26 09:15 49,152 --a------ C:\WINDOWS\system32\IM31IMG.DIL
2008-06-30 23:45 . 2006-07-10 22:34 40,960 --a------ C:\WINDOWS\system32\lxctpmon.dll
2008-06-30 23:45 . 2006-07-10 22:34 32,768 --a------ C:\WINDOWS\system32\LXCTFXPU.DLL
2008-06-30 23:45 . 2006-07-10 22:36 12,288 --a------ C:\WINDOWS\system32\lxctpmrc.dll
2008-06-30 23:44 . 2008-06-30 23:50 <DIR> d-------- C:\Program Files\Lexmark 5400 Series
2008-06-30 23:43 . 2008-06-30 23:43 <DIR> d-------- C:\drivers
2008-06-30 23:31 . 2008-06-30 23:31 <DIR> d-------- C:\Program Files\StormII
2008-06-26 21:56 . 2004-08-04 07:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-06-26 21:54 . 2008-06-26 21:54 <DIR> d-------- C:\Documents and Settings\Andrew Hunter\Application Data\Media Player Classic
2008-06-26 20:21 . 2008-06-26 20:21 <DIR> d-------- C:\Program Files\Vim
2008-06-26 12:38 . 2008-06-26 12:38 <DIR> d-------- C:\WINDOWS\Sun
2008-06-26 12:33 . 2008-06-26 12:33 <DIR> d-------- C:\Program Files\Java
2008-06-26 12:33 . 2008-06-26 12:33 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-26 12:33 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-25 16:56 . 2008-07-23 22:18 <DIR> d-------- C:\Documents and Settings\Andrew Hunter\Application Data\skypePM
2008-06-25 16:56 . 2008-06-25 16:56 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-06-25 16:55 . 2008-07-24 01:22 <DIR> d-------- C:\Documents and Settings\Andrew Hunter\Application Data\Skype
2008-06-25 16:54 . 2008-06-25 16:54 <DIR> d-------- C:\Program Files\Skype
2008-06-25 16:54 . 2008-06-25 16:54 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-06-25 16:54 . 2008-06-25 16:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-06-25 16:36 . 2008-06-25 16:36 31 --a------ C:\web3.bat
2008-06-25 16:36 . 2008-06-25 16:36 31 --a------ C:\web2.bat
2008-06-25 16:36 . 2008-06-25 16:36 31 --a------ C:\web1.bat
2008-06-25 12:20 . 2008-06-25 12:20 <DIR> d-------- C:\Documents and Settings\Andrew Hunter\Bluetooth Software
2008-06-25 12:20 . 2008-06-25 12:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-06-25 12:18 . 2008-06-25 12:18 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Logitech
2008-06-25 12:18 . 2008-06-25 12:19 <DIR> d-------- C:\Documents and Settings\Andrew Hunter\Application Data\Logitech
2008-06-25 12:18 . 2005-10-05 12:00 47,104 --a------ C:\WINDOWS\system32\drivers\vserial.sys
2008-06-25 12:18 . 2005-10-05 12:00 18,167 --a------ C:\WINDOWS\system32\drivers\vsb.sys
2008-06-25 12:18 . 2008-06-25 12:18 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-06-25 12:16 . 2008-06-25 12:17 <DIR> d-------- C:\Program Files\Common Files\Logishrd
2008-06-25 12:16 . 2008-06-25 12:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-06-25 12:15 . 2008-06-25 12:15 <DIR> d-------- C:\Program Files\WIDCOMM
2008-06-25 12:15 . 2008-06-25 12:18 <DIR> d-------- C:\Program Files\Logitech
2008-06-25 12:15 . 2008-06-25 12:15 <DIR> d-------- C:\Documents and Settings\Andrew Hunter\Application Data\InstallShield
2008-06-25 12:15 . 2006-12-04 14:33 863,402 --a------ C:\WINDOWS\system32\drivers\btkrnl.sys
2008-06-25 12:15 . 2006-12-04 14:33 329,901 --a------ C:\WINDOWS\system32\drivers\btaudio.sys
2008-06-25 12:15 . 2006-12-04 14:33 106,557 --a------ C:\WINDOWS\system32\btw_ci.dll
2008-06-25 12:15 . 2006-12-04 14:33 67,672 --a------ C:\WINDOWS\system32\drivers\btwusb.sys
2008-06-25 12:15 . 2006-12-04 14:33 47,907 --a------ C:\WINDOWS\system32\drivers\btwhid.sys
2008-06-25 12:15 . 2006-12-04 14:33 30,459 --a------ C:\WINDOWS\system32\drivers\btport.sys
2008-06-25 06:03 . 2004-08-03 17:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008-06-25 06:01 . 2004-08-03 17:59 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-06-25 06:01 . 2004-08-03 18:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-06-25 06:01 . 2004-08-03 19:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-06-25 06:00 . 2004-08-03 19:56 1,888,992 --a------ C:\WINDOWS\system32\ati3duag.dll
2008-06-25 06:00 . 2004-08-03 19:56 870,784 --a------ C:\WINDOWS\system32\ati3d1ag.dll
2008-06-25 06:00 . 2004-08-03 17:29 701,440 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-06-25 06:00 . 2004-08-03 19:56 516,768 --a------ C:\WINDOWS\system32\ativvaxx.dll
2008-06-25 06:00 . 2004-08-03 19:56 229,376 --a------ C:\WINDOWS\system32\ati2cqag.dll
2008-06-25 06:00 . 2004-08-03 19:56 201,728 --a------ C:\WINDOWS\system32\ati2dvag.dll
2008-06-25 06:00 . 2004-08-03 19:56 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2008-06-25 06:00 . 2001-08-17 07:13 27,165 --a------ C:\WINDOWS\system32\drivers\fetnd5.sys
2008-06-25 06:00 . 2001-08-17 08:46 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-25 05:44 --------- d-----w C:\Program Files\Trillian
2008-07-20 02:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-27 01:23 --------- d-----w C:\Documents and Settings\Andrew Hunter\Application Data\Winamp
2008-06-25 17:17 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-06-25 17:17 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2008-06-25 16:34 --------- d-----w C:\Program Files\Realtek AC97
2008-06-25 16:32 454,656 ----a-w C:\putty.exe
2008-06-25 16:32 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-25 16:29 --------- d-----w C:\Program Files\VIA
2008-06-25 16:28 --------- d-----w C:\Program Files\Winamp
2008-06-25 16:26 --------- d-----w C:\Program Files\XP Codec Pack
2008-06-25 16:22 --------- d-----w C:\Program Files\TGTSoft
2008-06-25 16:09 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-12 16:25 962,560 ----a-w C:\WINDOWS\system32\VSFilter.dll
2008-05-26 21:14 18,432 ----a-w C:\WINDOWS\system32\vIdeInst.dll
2008-05-02 07:40 84,496 ----a-w C:\WINDOWS\system32\KemXML.dll
2008-05-02 07:40 117,264 ----a-w C:\WINDOWS\system32\KemWnd.dll
2008-05-02 07:39 170,512 ----a-w C:\WINDOWS\system32\kemutb.dll
2008-05-02 07:39 145,936 ----a-w C:\WINDOWS\system32\KemUtil.dll
2008-05-02 07:38 301,656 ----a-w C:\WINDOWS\system32\BtCoreIf.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{558DBB75-D56C-4F6B-94B7-03A282E5DA81}]
2004-08-04 07:00 104960 --a------ c:\windows\system32\hunyefj.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 13:31 1372160]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 18:40 1421824]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-07-13 22:06 219952]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-14 10:31 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lxctmon.exe"="C:\Program Files\Lexmark 5400 Series\lxctmon.exe" [2007-01-11 13:57 291760]
"Lexmark 5400 Series Fax Server"="C:\Program Files\Lexmark 5400 Series\fm3032.exe" [2006-07-10 22:30 294912]
"EzPrint"="C:\Program Files\Lexmark 5400 Series\ezprint.exe" [2006-06-07 02:05 98304]
"LXCTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-06-07 11:09 106496]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-24 10:24 1232152]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 05:12 577536 C:\WINDOWS\soundman.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 03:12 76304 C:\WINDOWS\KHALMNPR.Exe]

C:\Documents and Settings\Andrew Hunter\Start Menu\Programs\Startup\
Copy of Trillian.lnk - C:\Program Files\Trillian\trillian.exe [2008-05-19 1873280]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-29 22:37:20 561213]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-06-25 12:17:08 805392]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{FE24CD78-7C63-465D-8787-4EDF7FC79895}"= "C:\Program Files\Logitech\Easy Synchronization\shellexecutehook.dll" [2005-10-05 12:00 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 02:42 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\lxctcoms.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"I:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8\\PowerDVD8.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020

R0 uckkagnh;uckkagnh;C:\WINDOWS\system32\drivers\uckkagnh.sys [2004-08-04 07:00]
R0 ViBus;ViBus;C:\WINDOWS\system32\DRIVERS\ViBus.sys [2008-04-03 15:42]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-09-21 17:49]
R0 ViPrt;VIA SATA IDE Device Driver;C:\WINDOWS\system32\DRIVERS\ViPrt.sys [2008-04-03 15:42]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-24 10:24]
R1 BIOS;BIOS;C:\WINDOWS\system32\drivers\BIOS.sys [2005-03-16 01:23]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};i:\Program Files\CyberLink\PowerDVD8\PowerDVD8\000.fcl [2008-02-01 17:24]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-24 10:24]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-24 10:24]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-24 10:24]
.
Contents of the 'Scheduled Tasks' folder
"2008-07-16 17:29:53 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Bluetooth Connection Assistant - LBTWIZ.EXE


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R0 -: HKLM-Main,Default_Search_URL = hxxp://www.google.com/ie
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
R0 -: HKCU-Search,SearchAssistant = hxxp://www.google.com/ie
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
R0 -: HKLM-Search,SearchAssistant = hxxp://www.google.com/ie
O8 -: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O17 -: HKLM\CCS\Interface\{1E702C20-E40D-46BF-B55C-2F643E3A77F1}: NameServer = 208.67.222.222,208.67.220.220


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-25 01:09:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\i:\Program Files\CyberLink\PowerDVD8\PowerDVD8\000.fcl"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-07-25 1:11:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-25 06:11:26

Pre-Run: 22,197,649,408 bytes free
Post-Run: 23,108,198,400 bytes free

294




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:20:33 AM, on 7/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\Lexmark 5400 Series\lxctmon.exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Trillian\trillian.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {558DBB75-D56C-4F6B-94B7-03A282E5DA81} - c:\windows\system32\hunyefj.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Copy of Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E702C20-E40D-46BF-B55C-2F643E3A77F1}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{1E702C20-E40D-46BF-B55C-2F643E3A77F1}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS2\Services\Tcpip\..\{1E702C20-E40D-46BF-B55C-2F643E3A77F1}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 7016 bytes

#6 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:02 AM

Posted 27 July 2008 - 03:48 AM

Open notepad and copy/paste the text in the quotebox below into it: ( Please make sure you copy everything in the code box )

( 1 )

File::
c:\windows\system32\hunyefj.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{558DBB75-D56C-4F6B-94B7-03A282E5DA81}]

Save this as CFScript.txt

Posted Image

Refering to the picture above, drag CFScript.txt into ComboFix.exe

( 2 )


Please download JavaRa and unzip it to your desktop.
  • Double-click on JavaRa.exe to start the program.
  • Click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location.
Then download and install Java Runtime Environment (JRE) 6 Update 7.

( 3 )


Perform an online scan with Internet Explorer with Panda ActiveScan
  • Click on Posted Image located at the bottom of the page.
  • A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
  • Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*
Begin the scan by selecting Posted Image
  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
  • Click on Posted Image then click Posted Image
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

Let me know the results from Javara, Combofix, and Panda online scan.

Thanks.
[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image

#7 kid_drew

kid_drew
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 28 July 2008 - 12:52 PM

It still hasn't been able to delete that file.




ComboFix 08-07-24.1 - Andrew Hunter 2008-07-28 11:19:50.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1392 [GMT -5:00]
Running from: I:\Desktop\ComboFix.exe
Command switches used :: I:\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\windows\system32\hunyefj.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\hunyefj.dll . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-28 )))))))))))))))))))))))))))))))
.

2008-07-25 20:07 . 2008-07-25 20:07 <DIR> d-------- C:\Program Files\Microsoft
2008-07-24 13:34 . 2008-07-24 13:34 <DIR> d-------- C:\Deckard
2008-07-24 13:33 . 2008-07-24 13:33 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-24 13:33 . 2008-07-24 13:33 <DIR> d-------- C:\Documents and Settings\Andrew Hunter\Application Data\Malwarebytes
2008-07-24 13:33 . 2008-07-24 13:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-24 13:33 . 2008-07-23 20:09 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-24 13:33 . 2008-07-23 20:09 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-24 11:46 . 2008-07-24 11:46 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-24 10:38 . 2008-07-24 10:38 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-24 10:25 . 2008-07-24 17:05 <DIR> d--h----- C:\$AVG8.VAULT$
2008-07-24 10:24 . 2008-07-28 10:57 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-24 10:24 . 2008-07-24 10:24 <DIR> d-------- C:\Program Files\AVG
2008-07-24 10:24 . 2008-07-24 10:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-24 10:24 . 2008-07-24 10:24 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-24 10:24 . 2008-07-24 10:24 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-24 10:24 . 2008-07-24 10:24 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-07-21 22:38 . 2008-07-21 22:38 <DIR> d---s---- C:\Documents and Settings\Andrew Hunter\UserData
2008-07-19 21:52 . 2008-07-19 21:52 <DIR> d-------- C:\Documents and Settings\Andrew Hunter\Application Data\CyberLink
2008-07-19 21:49 . 2008-07-19 21:49 <DIR> d-------- C:\Program Files\Cyberlink
2008-07-19 21:49 . 2008-07-19 21:49 <DIR> d-------- C:\Program Files\Common Files\CyberLink
2008-07-19 21:49 . 2008-07-19 21:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-07-19 21:48 . 2008-07-19 21:47 505,128 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-07-19 21:48 . 2008-07-19 21:47 29,480 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-07-17 00:31 . 2008-07-17 00:31 <DIR> d-------- C:\Documents and Settings\Andrew Hunter\Application Data\Apple Computer
2008-07-16 13:04 . 2008-07-17 09:40 <DIR> d-------- C:\Program Files\eMule
2008-07-16 12:30 . 2008-07-16 12:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-16 12:29 . 2008-07-16 12:29 <DIR> d-------- C:\Program Files\Apple Software Update
2008-07-16 12:29 . 2008-07-16 12:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-07-16 12:28 . 2008-07-16 12:30 <DIR> d-------- C:\Program Files\QuickTime
2008-07-14 10:31 . 2008-07-14 10:31 <DIR> d-------- C:\Program Files\Google
2008-07-14 10:31 . 2008-07-28 00:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-13 22:06 . 2008-07-13 22:06 <DIR> d-------- C:\Program Files\uTorrent
2008-07-13 22:06 . 2008-07-28 11:21 <DIR> d-------- C:\Documents and Settings\Andrew Hunter\Application Data\uTorrent
2008-07-13 19:43 . 2008-07-13 19:48 <DIR> d-------- C:\cygwin
2008-07-13 19:32 . 2008-07-13 19:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-12 13:42 . 2008-07-12 13:42 <DIR> d-------- C:\Program Files\Xvid
2008-07-12 13:42 . 2008-04-27 10:33 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-07-12 13:42 . 2008-04-27 10:35 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-07-12 13:42 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2008-07-12 13:35 . 2008-07-28 11:23 <DIR> d-------- C:\Program Files\PeerGuardian2
2008-07-11 14:51 . 2008-07-11 14:51 <DIR> d-------- C:\Program Files\Bonjour
2008-07-11 14:43 . 2008-07-11 14:43 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-07-11 14:40 . 2008-07-11 14:51 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-07-11 14:04 . 2008-07-11 14:04 <DIR> d-------- C:\Documents and Settings\Andrew Hunter\Application Data\5400 Series
2008-06-30 23:46 . 2008-07-28 11:23 <DIR> d-------- C:\Program Files\lx_cats
2008-06-30 23:46 . 2006-06-20 12:40 692,224 --a------ C:\WINDOWS\system32\lxctdrs.dll
2008-06-30 23:46 . 2006-07-11 17:54 335,872 --a------ C:\WINDOWS\system32\lxctcoin.dll
2008-06-30 23:46 . 2001-08-17 22:36 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2008-06-30 23:46 . 2001-08-17 22:36 87,040 --a--c--- C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2008-06-30 23:46 . 2006-05-18 10:01 65,536 --a------ C:\WINDOWS\system32\lxctcaps.dll
2008-06-30 23:46 . 2006-05-03 13:31 61,440 --a------ C:\WINDOWS\system32\lxctcnv4.dll
2008-06-30 23:46 . 2005-06-24 01:37 40,960 --a------ C:\WINDOWS\system32\lxctvs.dll
2008-06-30 23:46 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-06-30 23:46 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-06-30 23:45 . 2008-06-30 23:45 <DIR> d-------- C:\Program Files\Lexmark Toolbar
2008-06-30 23:45 . 2008-06-30 23:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\5400 Series
2008-06-30 23:45 . 2006-04-26 09:15 339,968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL
2008-06-30 23:45 . 2006-04-26 09:15 98,345 --a------ C:\WINDOWS\system32\IMHOST32.DLL
2008-06-30 23:45 . 2006-04-26 09:15 98,304 --a------ C:\WINDOWS\system32\IM31XPNG.DEL
2008-06-30 23:45 . 2006-04-26 09:15 69,632 --a------ C:\WINDOWS\system32\IM31XTIF.DEL
2008-06-30 23:45 . 2006-04-26 09:15 49,152 --a------ C:\WINDOWS\system32\IM31IMG.DIL
2008-06-30 23:45 . 2006-07-10 22:34 40,960 --a------ C:\WINDOWS\system32\lxctpmon.dll
2008-06-30 23:45 . 2006-07-10 22:34 32,768 --a------ C:\WINDOWS\system32\LXCTFXPU.DLL
2008-06-30 23:45 . 2006-07-10 22:36 12,288 --a------ C:\WINDOWS\system32\lxctpmrc.dll
2008-06-30 23:44 . 2008-06-30 23:50 <DIR> d-------- C:\Program Files\Lexmark 5400 Series
2008-06-30 23:43 . 2008-06-30 23:43 <DIR> d-------- C:\drivers
2008-06-30 23:31 . 2008-06-30 23:31 <DIR> d-------- C:\Program Files\StormII

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-28 16:21 104,960 ----a-w C:\WINDOWS\system32\lscbcvr.dll
2008-07-25 06:50 --------- d-----w C:\Program Files\Trillian
2008-07-24 06:22 --------- d-----w C:\Documents and Settings\Andrew Hunter\Application Data\Skype
2008-07-24 03:18 --------- d-----w C:\Documents and Settings\Andrew Hunter\Application Data\skypePM
2008-07-20 02:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-27 02:54 --------- d-----w C:\Documents and Settings\Andrew Hunter\Application Data\Media Player Classic
2008-06-27 01:23 --------- d-----w C:\Documents and Settings\Andrew Hunter\Application Data\Winamp
2008-06-27 01:21 --------- d-----w C:\Program Files\Vim
2008-06-26 17:33 --------- d-----w C:\Program Files\Java
2008-06-26 17:33 --------- d-----w C:\Program Files\Common Files\Java
2008-06-25 21:54 --------- d-----w C:\Program Files\Skype
2008-06-25 21:54 --------- d-----w C:\Program Files\Common Files\Skype
2008-06-25 21:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-06-25 21:36 31 ----a-w C:\web3.bat
2008-06-25 21:36 31 ----a-w C:\web2.bat
2008-06-25 21:36 31 ----a-w C:\web1.bat
2008-06-25 17:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-06-25 17:19 --------- d-----w C:\Documents and Settings\Andrew Hunter\Application Data\Logitech
2008-06-25 17:18 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-06-25 17:18 --------- d-----w C:\Program Files\Logitech
2008-06-25 17:18 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Logitech
2008-06-25 17:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2008-06-25 17:17 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-06-25 17:17 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2008-06-25 17:17 --------- d-----w C:\Program Files\Common Files\Logishrd
2008-06-25 17:15 --------- d-----w C:\Program Files\WIDCOMM
2008-06-25 17:15 --------- d-----w C:\Documents and Settings\Andrew Hunter\Application Data\InstallShield
2008-06-25 16:34 --------- d-----w C:\Program Files\Realtek AC97
2008-06-25 16:32 454,656 ----a-w C:\putty.exe
2008-06-25 16:32 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-25 16:29 --------- d-----w C:\Program Files\VIA
2008-06-25 16:28 --------- d-----w C:\Program Files\Winamp
2008-06-25 16:26 --------- d-----w C:\Program Files\XP Codec Pack
2008-06-25 16:22 --------- d-----w C:\Program Files\TGTSoft
2008-06-25 16:09 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-12 16:25 962,560 ----a-w C:\WINDOWS\system32\VSFilter.dll
2008-05-26 21:14 18,432 ----a-w C:\WINDOWS\system32\vIdeInst.dll
2008-05-02 07:40 84,496 ----a-w C:\WINDOWS\system32\KemXML.dll
2008-05-02 07:40 117,264 ----a-w C:\WINDOWS\system32\KemWnd.dll
2008-05-02 07:39 170,512 ----a-w C:\WINDOWS\system32\kemutb.dll
2008-05-02 07:39 145,936 ----a-w C:\WINDOWS\system32\KemUtil.dll
2008-05-02 07:38 301,656 ----a-w C:\WINDOWS\system32\BtCoreIf.dll
.

((((((((((((((((((((((((((((( snapshot@2008-07-25_ 1.11.09.90 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-25 15:34:24 10,134 ----a-r C:\WINDOWS\Installer\{13515135-48BB-4184-8C1F-2FAE0138E200}\ARPPRODUCTICON.exe
+ 2008-07-26 01:07:14 29,926 ----a-r C:\WINDOWS\Installer\{E7081891-BC7F-43F9-9CE6-B5DD2F497156}\_6FEFF9B68218417F98F549.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{558DBB75-D56C-4F6B-94B7-03A282E5DA81}]
2008-07-28 11:21 104960 --a------ c:\windows\system32\hunyefj.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 13:31 1372160]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 18:40 1421824]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-07-13 22:06 219952]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-14 10:31 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lxctmon.exe"="C:\Program Files\Lexmark 5400 Series\lxctmon.exe" [2007-01-11 13:57 291760]
"Lexmark 5400 Series Fax Server"="C:\Program Files\Lexmark 5400 Series\fm3032.exe" [2006-07-10 22:30 294912]
"EzPrint"="C:\Program Files\Lexmark 5400 Series\ezprint.exe" [2006-06-07 02:05 98304]
"LXCTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-06-07 11:09 106496]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-24 10:24 1232152]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 05:12 577536 C:\WINDOWS\soundman.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 03:12 76304 C:\WINDOWS\KHALMNPR.Exe]

C:\Documents and Settings\Andrew Hunter\Start Menu\Programs\Startup\
Copy of Trillian.lnk - C:\Program Files\Trillian\trillian.exe [2008-05-19 1873280]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-29 22:37:20 561213]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-06-25 12:17:08 805392]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{FE24CD78-7C63-465D-8787-4EDF7FC79895}"= "C:\Program Files\Logitech\Easy Synchronization\shellexecutehook.dll" [2005-10-05 12:00 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 02:42 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\lxctcoms.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"I:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8\\PowerDVD8.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020

R0 uckkagnh;uckkagnh;C:\WINDOWS\system32\drivers\uckkagnh.sys [2004-08-04 07:00]
R0 ViBus;ViBus;C:\WINDOWS\system32\DRIVERS\ViBus.sys [2008-04-03 15:42]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-09-21 17:49]
R0 ViPrt;VIA SATA IDE Device Driver;C:\WINDOWS\system32\DRIVERS\ViPrt.sys [2008-04-03 15:42]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-24 10:24]
R1 BIOS;BIOS;C:\WINDOWS\system32\drivers\BIOS.sys [2005-03-16 01:23]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};i:\Program Files\CyberLink\PowerDVD8\PowerDVD8\000.fcl [2008-02-01 17:24]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-24 10:24]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-24 10:24]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-24 10:24]

*Newly Created Service* - PGFILTER
.
Contents of the 'Scheduled Tasks' folder
"2008-07-16 17:29:53 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-28 11:23:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\TEMP\f91e636a-01a9-43a0-8b4a-79d72e465224.tmp 0 bytes

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\i:\Program Files\CyberLink\PowerDVD8\PowerDVD8\000.fcl"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-07-28 11:25:26 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-28 16:25:11
ComboFix2.txt 2008-07-25 06:11:35

Pre-Run: 22,936,481,792 bytes free
Post-Run: 22,949,969,920 bytes free

259




JavaRa 1.10 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Mon Jul 28 11:27:11 2008

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_06.b02\

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_06

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_06

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_06

Found and removed: Software\JavaSoft\Java2D\1.6.0_06

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_06

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\JavaPlugin.160_06

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160060}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610006

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610006

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23B06123E6D18D74FA6711404FCAC1B8

------------------------------------

Finished reporting.




;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-07-28 12:49:33
PROTECTIONS: 1
MALWARE: 42
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AVG Anti-Virus Free 8.0 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{AA071017-6D61-48DF-A5DF-FBEB11978340}\RP2\A0000075.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{AA071017-6D61-48DF-A5DF-FBEB11978340}\RP7\A0001332.EXE
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{AA071017-6D61-48DF-A5DF-FBEB11978340}\RP2\A0000035.sys
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{AA071017-6D61-48DF-A5DF-FBEB11978340}\RP7\A0001309.sys
;===================================================================================================================================================================================
SUSPECTS
Sent Location ˱
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description ˱
;===================================================================================================================================================================================
184380 MEDIUM MS08-002 ˱
184379 MEDIUM MS08-001 ˱
182048 HIGH MS07-069 ˱
182046 HIGH MS07-067 ˱
182043 HIGH MS07-064 ˱
179553 HIGH MS07-061 ˱
176382 HIGH MS07-057 ˱
176383 HIGH MS07-058 ˱
170911 HIGH MS07-050 ˱
170907 HIGH MS07-046 ˱
170906 HIGH MS07-045 ˱
170904 HIGH MS07-043 ˱
164915 HIGH MS07-035 ˱
164913 HIGH MS07-033 ˱
164911 HIGH MS07-031 ˱
160623 HIGH MS07-027 ˱
157262 HIGH MS07-022 ˱
157261 HIGH MS07-021 ˱
157260 HIGH MS07-020 ˱
157259 HIGH MS07-019 ˱
156477 HIGH MS07-017 ˱
150253 HIGH MS07-016 ˱
150249 HIGH MS07-013 ˱
150248 HIGH MS07-012 ˱
150247 HIGH MS07-011 ˱
150243 HIGH MS07-008 ˱
150242 HIGH MS07-007 ˱
150241 MEDIUM MS07-006 ˱
141034 HIGH MS06-076 ˱
141033 MEDIUM MS06-075 ˱
141030 HIGH MS06-072 ˱
137571 HIGH MS06-070 ˱
137568 HIGH MS06-067 ˱
133387 MEDIUM MS06-065 ˱
133386 MEDIUM MS06-064 ˱
133385 MEDIUM MS06-063 ˱
133379 HIGH MS06-057 ˱
131654 HIGH MS06-055 ˱
129977 MEDIUM MS06-053 ˱
129976 MEDIUM MS06-052 ˱
126093 HIGH MS06-051 ˱
126092 MEDIUM MS06-050 ˱
126087 HIGH MS06-046 ˱
126086 MEDIUM MS06-045 ˱
126083 HIGH MS06-042 ˱
126082 HIGH MS06-041 ˱
126081 HIGH MS06-040 ˱
123421 HIGH MS06-036 ˱
123420 HIGH MS06-035 ˱
120825 MEDIUM MS06-032 ˱
120823 MEDIUM MS06-030 ˱
120818 HIGH MS06-025 ˱
120815 HIGH MS06-022 ˱
120814 HIGH MS06-021 ˱
117384 MEDIUM MS06-018 ˱
114666 HIGH MS06-015 ˱
114664 HIGH MS06-013 ˱
108744 MEDIUM MS06-008 ˱
108743 MEDIUM MS06-007 ˱
108742 MEDIUM MS06-006 ˱
104567 HIGH MS06-002 ˱
104237 HIGH MS06-001 ˱
96574 HIGH MS05-053 ˱
93395 HIGH MS05-051 ˱
93394 HIGH MS05-050 ˱
93454 MEDIUM MS05-049 ˱
;===================================================================================================================================================================================

#8 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:02 AM

Posted 12 August 2008 - 05:31 PM

Hello!

Sorry for the delay getting to you!

Let us know if oyu still require help!
[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users