Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Warning! Security report


  • Please log in to reply
6 replies to this topic

#1 klinejoe

klinejoe

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:33 PM

Posted 13 December 2008 - 09:02 AM

My Desktop has been taken over by a flashing warning sign and a message: Dangerous spyware Many viruses were found on your computer such as : Trojan horse, PassCapture, etc. Your personal information can fall into the "third hands". Please check up the computer with a special software. Thank

If I click on the tray icon it takes me to this url http://real-av.org/?code=14.

I ran the RSIT and here is the log and info.

Logfile of random's system information tool 1.04 (written by random/random)
Run by klinejoe at 2008-12-13 08:46:58
Microsoft Windows XP Professional Service Pack 2
System drive C: has 36 GB (37%) free of 95 GB
Total RAM: 2046 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:47:26 AM, on 12/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Altiris\AClient\AClient.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slClient.exe
C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe
C:\Program Files\SMART Technologies Inc\SMART Board Software\WebServer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Altiris\AClient\AClntUsr.EXE
C:\WINDOWS\system32\frmwrk32.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ntdll64.exe
C:\WINDOWS\system32\userinit.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre1.5.0_08\bin\jucheck.exe
C:\Documents and Settings\klinejoe\Desktop\RSIT.exe
C:\Program Files\trend micro\klinejoe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dallastown.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dallastown.net
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dallastown.net/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies Inc\Notebook Software\NotebookPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [AClntUsr] C:\Program Files\Altiris\AClient\AClntUsr.EXE
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Framework Windows] frmwrk32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HSVideo.cmd
O4 - Global Startup: INSTALL NAS.vbs
O4 - Global Startup: INSTALL TWO PRINTERS ON PC's.vbs
O4 - Global Startup: PRINT-HS-RM267.vbs
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\docume~1\klinejoe\locals~1\temp\ntdll64.dll
O10 - Unknown file in Winsock LSP: c:\docume~1\klinejoe\locals~1\temp\ntdll64.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.dallastown.net
O15 - Trusted Zone: www.compasslearningodyssey.com
O15 - Trusted Zone: www.thelearningodyssey.com
O15 - Trusted Zone: www.compasslearningodyssey.com (HKLM)
O15 - Trusted Zone: www.thelearningodyssey.com (HKLM)
O15 - ESC Trusted Zone: http://runonce.msn.com (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1159448456661
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1159448670485
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dallastown.k12.pa.us
O17 - HKLM\Software\..\Telephony: DomainName = dallastown.k12.pa.us
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dallastown.k12.pa.us
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = dallastown.k12.pa.us
O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\Program Files\Altiris\AClient\AClient.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptLogic Service (SLClient) - ScriptLogic Software Corporation - C:\WINDOWS\system32\slClient.exe
O23 - Service: SMART Board Service - SMART Technologies Inc. - C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe
O23 - Service: SMART Web Server - Unknown owner - C:\Program Files\SMART Technologies Inc\SMART Board Software\WebServer.exe

--
End of file - 8694 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67BCF957-85FC-4036-8DC4-D4D80E00A77B}]
CIEDownload Object - C:\Program Files\SMART Technologies Inc\Notebook Software\NotebookPlugin.dll [2007-05-08 574992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll [2006-07-26 434279]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll [2007-10-16 66880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-12-11 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-12-11 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-03-21 7557120]
"nwiz"=nwiz.exe /installquiet []
"NVHotkey"=C:\WINDOWS\system32\nvHotkey.dll [2006-03-21 73728]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-08 761947]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-03-24 282624]
"McAfeeUpdaterUI"=C:\Program Files\Network Associates\Common Framework\UdaterUI.exe [2007-01-24 136768]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-09-28 151552]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe [2006-07-26 49263]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-02-23 53248]
"AClntUsr"=C:\Program Files\Altiris\AClient\AClntUsr.EXE [2008-12-13 184320]
"Synchronization Manager"=C:\WINDOWS\system32\mobsync.exe [2004-08-04 143360]
"ShStatEXE"=C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [2007-10-16 111952]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Framework Windows"=C:\WINDOWS\system32\frmwrk32.exe [2008-12-12 24064]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [2008-12-11 171448]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HSVideo.cmd
INSTALL NAS.vbs
INSTALL TWO PRINTERS ON PC's.vbs
PRINT-HS-RM267.vbs

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"HideLegacyLogonScripts"=1
"DisableRegistryTools"=1
"DisableTaskMgr"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=1
"legalnoticecaption"=Security Information for DASD System Users
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSimpleStartMenu"=1
"LockTaskbar"=1
"DisablePersonalDirChange"=1
"NoWindowsUpdate"=1
"NoDesktopCleanupWizard"=1
"NoSetActiveDesktop"=1
"NoActiveDesktopChanges"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSetActiveDesktop"=
"NoActiveDesktopChanges"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Altiris\AClient\AClntUsr.EXE"="C:\Program Files\Altiris\AClient\AClntUsr.EXE:*:Enabled:AClntUsr - AClient Interactive User Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Network Associates\Common Framework\FrameworkService.exe"="C:\Program Files\Network Associates\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\Program Files\Altiris\AClient\AClntUsr.EXE"="C:\Program Files\Altiris\AClient\AClntUsr.EXE:*:Enabled:AClntUsr - AClient Interactive User Service"

======File associations======

.js - edit - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1"

======List of files/folders created in the last 1 months======

2008-12-13 08:46:59 ----D---- C:\Program Files\trend micro
2008-12-13 08:46:58 ----D---- C:\rsit
2008-12-12 23:46:34 ----D---- C:\Program Files\Spybot
2008-12-12 23:06:54 ----D---- C:\Program Files\Common Files\Download Manager
2008-12-12 22:37:16 ----A---- C:\WINDOWS\system32\ntdll64.exe
2008-12-12 22:30:21 ----A---- C:\WINDOWS\system32\frmwrk32.exe
2008-12-11 10:03:01 ----D---- C:\Documents and Settings\klinejoe\Application Data\Google
2008-12-11 10:02:46 ----D---- C:\Program Files\Adobe Media Player
2008-12-11 10:02:41 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-12-11 10:01:17 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-12-11 10:01:11 ----D---- C:\Program Files\Google
2008-12-11 09:58:09 ----D---- C:\Documents and Settings\klinejoe\Application Data\Sun
2008-12-10 13:19:01 ----D---- C:\Documents and Settings\klinejoe\Application Data\Macromedia
2008-12-08 12:07:33 ----D---- C:\Documents and Settings\klinejoe\Application Data\Publish Providers
2008-12-08 12:06:59 ----D---- C:\Documents and Settings\klinejoe\Application Data\Sony
2008-12-08 09:58:54 ----D---- C:\Documents and Settings\klinejoe\Application Data\CyberLink
2008-12-08 08:04:16 ----D---- C:\Documents and Settings\klinejoe\Application Data\Adobe
2008-12-08 07:17:14 ----D---- C:\Documents and Settings\klinejoe\Application Data\Real
2008-12-08 07:16:57 ----D---- C:\Documents and Settings\klinejoe\Application Data\Identities
2008-12-08 07:16:23 ----SD---- C:\Documents and Settings\klinejoe\Application Data\Microsoft
2008-12-08 07:16:23 ----D---- C:\Documents and Settings\klinejoe\Application Data\Intel
2008-12-08 07:16:23 ----ASH---- C:\Documents and Settings\klinejoe\Application Data\desktop.ini
2008-11-23 11:02:45 ----D---- C:\Program Files\DIFX
2008-11-23 11:02:43 ----A---- C:\WINDOWS\system32\ftserui2.dll
2008-11-23 11:02:42 ----A---- C:\WINDOWS\system32\FTLang.dll
2008-11-23 11:02:42 ----A---- C:\WINDOWS\system32\ftd2xx.dll
2008-11-23 11:02:42 ----A---- C:\WINDOWS\system32\ftbusui.dll
2008-11-23 11:02:40 ----D---- C:\Program Files\SuuntoUSBDrivers
2008-11-23 11:02:40 ----A---- C:\WINDOWS\unins001.exe
2008-11-23 11:02:35 ----A---- C:\WINDOWS\system32\suuunin2k.exe
2008-11-23 11:02:35 ----A---- C:\WINDOWS\system32\suuunin.exe
2008-11-23 11:02:35 ----A---- C:\WINDOWS\system32\setup.ini
2008-11-23 11:02:34 ----A---- C:\WINDOWS\unins000.exe
2008-11-23 11:02:34 ----A---- C:\WINDOWS\system32\PreInstaller.exe
2008-11-23 11:02:32 ----D---- C:\Program Files\Suunto Monitor
2008-11-23 11:02:23 ----D---- C:\Program Files\Suunto Training Manager
2008-11-23 11:00:52 ----D---- C:\Program Files\Suunto
2008-11-20 09:52:00 ----D---- C:\Trash
2008-11-20 09:02:39 ----D---- C:\Documents and Settings\All Users\Application Data\Macromedia
2008-11-20 08:59:32 ----D---- C:\Program Files\Macromedia
2008-11-20 08:59:32 ----D---- C:\Program Files\Common Files\Macromedia
2008-11-20 08:39:40 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-11-20 07:59:31 ----D---- C:\Documents and Settings\All Users\Application Data\ALM
2008-11-19 15:53:23 ----A---- C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-11-19 15:53:23 ----A---- C:\WINDOWS\system32\NPSWF32.dll
2008-11-19 15:45:05 ----D---- C:\Program Files\Bonjour
2008-11-19 15:33:27 ----D---- C:\Program Files\Common Files\Macrovision Shared

======List of files/folders modified in the last 1 months======

2008-12-13 08:46:59 ----RD---- C:\Program Files
2008-12-13 08:46:56 ----D---- C:\WINDOWS\Prefetch
2008-12-13 08:41:04 ----D---- C:\WINDOWS\system32
2008-12-13 08:41:04 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-13 08:27:46 ----D---- C:\QUARANTINE
2008-12-13 08:20:09 ----D---- C:\WINDOWS\Temp
2008-12-13 07:26:30 ----D---- C:\WINDOWS\system32\drivers
2008-12-12 23:11:50 ----SHD---- C:\WINDOWS\Installer
2008-12-12 23:11:38 ----D---- C:\WINDOWS
2008-12-12 23:10:33 ----D---- C:\WINDOWS\system32\Macromed
2008-12-12 23:10:01 ----D---- C:\WINDOWS\security
2008-12-12 23:09:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-12 23:06:54 ----D---- C:\Program Files\Common Files
2008-12-12 22:35:43 ----D---- C:\Documents and Settings
2008-12-12 22:30:27 ----A---- C:\WINDOWS\system32\userinit.exe
2008-12-12 22:12:04 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-11 10:02:52 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-12-11 10:01:04 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-11 10:01:03 ----HD---- C:\WINDOWS\inf
2008-12-10 09:37:08 ----A---- C:\WINDOWS\bi_group.ini
2008-12-08 09:41:22 ----A---- C:\WINDOWS\win.ini
2008-12-08 08:21:55 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-08 07:18:12 ----A---- C:\WINDOWS\ODBC.INI
2008-12-08 07:17:00 ----A---- C:\WINDOWS\OEWABLog.txt
2008-11-24 08:46:57 ----D---- C:\Program Files\Sony Setup
2008-11-23 11:02:43 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-11-20 08:03:16 ----D---- C:\Program Files\Adobe
2008-11-19 15:52:50 ----D---- C:\WINDOWS\WinSxS
2008-11-19 15:52:04 ----D---- C:\Program Files\Common Files\Adobe
2008-11-19 15:48:27 ----RSD---- C:\WINDOWS\Fonts
2008-11-19 13:29:12 ----D---- C:\WINDOWS\Minidump

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 mferkdk;VSCore mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys []
R1 mfetdik;McAfee Inc.; C:\WINDOWS\system32\drivers\mfetdik.sys [2007-10-16 51944]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-04 12544]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-11-10 142720]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-12-01 936960]
R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-12-01 192512]
R3 mfeapfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeapfk.sys [2007-10-16 64168]
R3 mfeavfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-10-16 72680]
R3 mfebopk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-10-16 33960]
R3 mfehidk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-10-16 171272]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NETw3x32;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw3x32.sys [2006-08-28 1708032]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-03-21 3652128]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-07-14 28544]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-07-12 51328]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-07-14 307968]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-04 67584]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-03-24 1156648]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-08 191872]
R3 USBCCID;USB Smart Card reader; C:\WINDOWS\system32\DRIVERS\usbccid.sys [2005-05-13 28672]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-01 669696]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2004-08-03 48128]
S3 AlKernel;Altiris Kernel Driver; C:\WINDOWS\System32\Drivers\AlKernel.sys [2008-02-26 2401]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2004-08-03 38912]
S3 AVCSTRM;AVC Streaming Filter Driver; C:\WINDOWS\system32\DRIVERS\avcstrm.sys [2004-08-03 13696]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 FTDIBUS;Suunto Sports Instrument Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2008-04-01 57536]
S3 FTSER2K;Suunto USB Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2008-04-01 72000]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2004-08-03 51328]
S3 MSTAPE;Microsoft AV/C Tape Subunit Device; C:\WINDOWS\system32\DRIVERS\mstape.sys [2004-08-03 49024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2007-01-25 47360]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AClient;Altiris Client Service; C:\Program Files\Altiris\AClient\AClient.exe [2006-04-14 5005388]
R2 AdobeActiveFileMonitor4.0;Adobe Active File Monitor V4; C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [2005-09-09 102400]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\Network Associates\Common Framework\FrameworkService.exe [2007-01-24 104000]
R2 McShield;McAfee McShield; C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [2007-10-16 144704]
R2 McTaskManager;McAfee Task Manager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [2007-10-16 54608]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-03-21 143428]
R2 SLClient;ScriptLogic Service; C:\WINDOWS\system32\slClient.exe [2008-05-29 558496]
R2 SMART Board Service;SMART Board Service; C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe [2007-05-03 1099280]
R2 SMART Web Server;SMART Web Server; C:\Program Files\SMART Technologies Inc\SMART Board Software\WebServer.exe [2007-04-19 759312]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 UPHClean;User Profile Hive Cleanup; C:\Program Files\UPHClean\uphclean.exe [2005-04-27 241725]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-09-28 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-11-19 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-11 138168]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------

BC AdBot (Login to Remove)

 


#2 Joe - London

Joe - London

  • Security Colleague
  • 327 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:33 AM

Posted 13 December 2008 - 03:55 PM

Hi klinejoe,

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Open Hijackthis,
Click Config | Misc Tools | Open Unistall Manager.
A list of the entries in Add/remove programs will appear.
Click on Save List...
The list will be saved as 'Uninstall_list.txt'
Copy & Paste the contents in your next reply.

Post the following:
  • A new Hijackthis log
  • The combofix Report..
  • The Uninstall List..

This may not remove all the infections present. It is important that you post back and complete the fix.

Please post in this thread for further review and evaluation.
Please provide details of any problems you encountered whilst performing the above steps & update us on how the Computer is running.

Joe.
If I have helped you in any way, please consider a donation:
Posted Image
Member of UNITE and ASAP.

#3 klinejoe

klinejoe
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:33 PM

Posted 13 December 2008 - 07:47 PM

I ran Combofix and the Warning screen has gone away. Below is the Combofix log. I am a little clueless about Hijackthis and the uninstll list.

THANKS A MILLION for your help!

ComboFix 08-12-13.03 - klinejoe 2008-12-13 17:44:34.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1468 [GMT -5:00]
Running from: c:\documents and settings\klinejoe\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\frmwrk32.exe
c:\windows\system32\ntdll64.exe
c:\windows\system32\setup.ini

.
((((((((((((((((((((((((( Files Created from 2008-11-13 to 2008-12-13 )))))))))))))))))))))))))))))))
.

2008-12-13 08:46 . 2008-12-13 08:47 <DIR> d-------- C:\rsit
2008-12-13 08:46 . 2008-12-13 08:47 <DIR> d-------- c:\program files\trend micro
2008-12-12 23:46 . 2008-12-12 23:50 <DIR> d-------- c:\program files\Spybot
2008-12-12 23:08 . 2008-12-13 17:23 4,785 --a------ c:\windows\system32\warning.gif
2008-12-12 23:08 . 2008-12-13 17:23 1,347 --a------ c:\windows\system32\ahtn.htm
2008-12-12 23:06 . 2008-12-12 23:06 <DIR> d-------- c:\program files\Common Files\Download Manager
2008-12-12 22:35 . 2006-09-26 09:25 <DIR> d-------- c:\documents and settings\btc\Application Data\Intel
2008-12-12 22:35 . 2008-12-12 22:35 <DIR> d-------- c:\documents and settings\btc
2008-12-12 22:30 . 2008-12-13 17:42 467 --a------ c:\windows\system32\win32hlp.cnf
2008-12-12 22:30 . 2008-12-12 22:30 1 --a------ c:\windows\system32\uniq.tll
2008-12-12 22:30 . 2008-12-12 22:30 1 --a------ c:\windows\system32\test.ttt
2008-12-11 10:02 . 2008-12-11 10:02 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2008-12-11 10:02 . 2008-12-11 10:02 <DIR> d-------- c:\program files\Adobe Media Player
2008-12-11 10:01 . 2008-12-11 10:01 <DIR> d-------- c:\program files\Google
2008-12-08 12:07 . 2008-12-08 12:07 <DIR> d-------- c:\documents and settings\klinejoe\Application Data\Publish Providers
2008-12-08 12:06 . 2008-12-08 12:06 <DIR> d-------- c:\documents and settings\klinejoe\Application Data\Sony
2008-12-08 09:58 . 2008-12-08 09:58 <DIR> d-------- c:\documents and settings\klinejoe\Application Data\CyberLink
2008-12-08 07:16 . 2006-09-26 09:25 <DIR> d-------- c:\documents and settings\klinejoe\Application Data\Intel
2008-12-08 07:16 . 2008-12-08 07:16 <DIR> d-------- c:\documents and settings\klinejoe
2008-11-23 11:02 . 2008-11-23 11:02 <DIR> d-------- c:\program files\SuuntoUSBDrivers
2008-11-23 11:02 . 2008-11-23 11:29 <DIR> d-------- c:\program files\Suunto Training Manager
2008-11-23 11:02 . 2008-11-23 11:32 <DIR> d-------- c:\program files\Suunto Monitor
2008-11-23 11:02 . 2008-11-23 11:02 <DIR> d-------- c:\program files\DIFX
2008-11-23 11:00 . 2008-11-23 11:02 <DIR> d-------- c:\program files\Suunto
2008-11-20 12:28 . 2008-12-08 08:04 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-20 12:28 . 2008-11-20 12:28 1,409 --a------ c:\windows\QTFont.for
2008-11-20 09:52 . 2008-12-02 06:42 <DIR> d-------- C:\Trash
2008-11-20 09:41 . 2008-12-11 09:26 156 --a------ c:\windows\Twunk001.MTX
2008-11-20 09:41 . 2008-12-11 09:26 3 --a------ c:\windows\Twain001.Mtx
2008-11-20 09:41 . 2008-11-20 09:41 0 --a------ c:\windows\Twunk002.MTX
2008-11-20 08:59 . 2008-11-20 09:02 <DIR> d-------- c:\program files\Macromedia
2008-11-20 08:59 . 2008-11-20 08:59 <DIR> d-------- c:\program files\Common Files\Macromedia
2008-11-20 08:39 . 2008-11-20 08:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
2008-11-20 07:59 . 2008-11-20 07:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\ALM
2008-11-19 15:53 . 2007-02-20 16:04 2,463,976 --a------ c:\windows\system32\NPSWF32.dll
2008-11-19 15:53 . 2007-02-20 16:04 190,696 --a------ c:\windows\system32\NPSWF32_FlashUtil.exe
2008-11-19 15:45 . 2008-11-19 15:45 <DIR> d-------- c:\program files\Bonjour
2008-11-19 15:33 . 2008-11-19 15:33 <DIR> d-------- c:\program files\Common Files\Macrovision Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-13 03:30 111,616 ----a-w c:\windows\system32\userinit.exe
2008-12-13 03:12 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-24 13:46 --------- d-----w c:\program files\Sony Setup
2008-11-23 16:02 673,610 ----a-w c:\windows\unins001.exe
2008-11-23 16:02 673,610 ----a-w c:\windows\unins000.exe
2008-11-19 20:52 --------- d-----w c:\program files\Common Files\Adobe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-12-11 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-21 7557120]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UdaterUI.exe" [2007-01-24 136768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-09-28 151552]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_08\bin\jusched.exe" [2006-07-26 49263]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"AClntUsr"="c:\program files\Altiris\AClient\AClntUsr.EXE" [2008-12-13 184320]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2004-08-04 143360]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-10-16 111952]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"nwiz"="nwiz.exe" [2006-03-21 c:\windows\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2006-03-21 c:\windows\system32\nvhotkey.dll]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 c:\windows\stsystra.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
HSVideo.cmd [2008-01-10 45]
INSTALL NAS.vbs [2006-08-29 137]
INSTALL TWO PRINTERS ON PC's.vbs [2005-09-24 651]
PRINT-HS-RM267.vbs [2006-10-20 902]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 1 (0x1)
"DisablePersonalDirChange"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
"Script"=\\dallastown.k12.pa.us\SysVol\dallastown.k12.pa.us\scripts\Delete Local Profiles.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-358942465-121587378-794563710-1036\Scripts\Logon\0\0]
"Script"=\\dallastown.k12.pa.us\SysVol\dallastown.k12.pa.us\scripts\DASDShareShortcut.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-358942465-121587378-794563710-1036\Scripts\Logon\1\0]
"Script"=\\dallastown.k12.pa.us\SysVol\dallastown.k12.pa.us\scripts\mapHSshared.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-358942465-121587378-794563710-18775\Scripts\Logon\0\0]
"Script"=\\dallastown.k12.pa.us\SysVol\dallastown.k12.pa.us\scripts\DASDShareShortcut.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-358942465-121587378-794563710-18775\Scripts\Logon\0\1]
"Script"=\\dallastown.k12.pa.us\SysVol\dallastown.k12.pa.us\scripts\AESOPShortcut.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-358942465-121587378-794563710-18775\Scripts\Logon\1\0]
"Script"=\\dallastown.k12.pa.us\SysVol\dallastown.k12.pa.us\scripts\mapDTshared.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-358942465-121587378-794563710-25205\Scripts\Logoff\0\0]
"Script"=\\dallastown.k12.pa.us\SysVol\dallastown.k12.pa.us\scripts\sendLogOut.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-358942465-121587378-794563710-25205\Scripts\Logon\0\0]
"Script"=\\dallastown.k12.pa.us\SysVol\dallastown.k12.pa.us\scripts\sendLogIn.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-358942465-121587378-794563710-50285\Scripts\Logon\0\0]
"Script"=\\dallastown.k12.pa.us\SysVol\dallastown.k12.pa.us\scripts\shared.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-358942465-121587378-794563710-50315\Scripts\Logon\0\0]
"Script"=\\dallastown.k12.pa.us\SysVol\dallastown.k12.pa.us\scripts\shared.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-358942465-121587378-794563710-50338\Scripts\Logon\0\0]
"Script"=\\dallastown.k12.pa.us\SysVol\dallastown.k12.pa.us\scripts\shared.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-358942465-121587378-794563710-50385\Scripts\Logon\0\0]
"Script"=\\dallastown.k12.pa.us\SysVol\dallastown.k12.pa.us\scripts\shared.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-358942465-121587378-794563710-50423\Scripts\Logon\0\0]
"Script"=\\dallastown.k12.pa.us\SysVol\dallastown.k12.pa.us\scripts\shared.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-358942465-121587378-794563710-50471\Scripts\Logon\0\0]
"Script"=\\dallastown.k12.pa.us\SysVol\dallastown.k12.pa.us\scripts\shared.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-358942465-121587378-794563710-50504\Scripts\Logon\0\0]
"Script"=\\dallastown.k12.pa.us\SysVol\dallastown.k12.pa.us\scripts\shared.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-358942465-121587378-794563710-50596\Scripts\Logon\0\0]
"Script"=\\dallastown.k12.pa.us\SysVol\dallastown.k12.pa.us\scripts\shared.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-358942465-121587378-794563710-50677\Scripts\Logon\0\0]
"Script"=\\dallastown.k12.pa.us\SysVol\dallastown.k12.pa.us\scripts\shared.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-358942465-121587378-794563710-50688\Scripts\Logon\0\0]
"Script"=\\dallastown.k12.pa.us\SysVol\dallastown.k12.pa.us\scripts\shared.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-358942465-121587378-794563710-50741\Scripts\Logon\0\0]
"Script"=\\dallastown.k12.pa.us\SysVol\dallastown.k12.pa.us\scripts\shared.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-358942465-121587378-794563710-53272\Scripts\Logon\0\0]
"Script"=\\dallastown.k12.pa.us\SysVol\dallastown.k12.pa.us\scripts\shared.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-358942465-121587378-794563710-53287\Scripts\Logon\0\0]
"Script"=\\dallastown.k12.pa.us\SysVol\dallastown.k12.pa.us\scripts\shared.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-358942465-121587378-794563710-53334\Scripts\Logon\0\0]
"Script"=\\dallastown.k12.pa.us\SysVol\dallastown.k12.pa.us\scripts\shared.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-358942465-121587378-794563710-53350\Scripts\Logon\0\0]
"Script"=\\dallastown.k12.pa.us\SysVol\dallastown.k12.pa.us\scripts\shared.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-358942465-121587378-794563710-53460\Scripts\Logon\0\0]
"Script"=\\dallastown.k12.pa.us\SysVol\dallastown.k12.pa.us\scripts\shared.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-358942465-121587378-794563710-53470\Scripts\Logon\0\0]
"Script"=\\dallastown.k12.pa.us\SysVol\dallastown.k12.pa.us\scripts\shared.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-358942465-121587378-794563710-53476\Scripts\Logon\0\0]
"Script"=\\dallastown.k12.pa.us\SysVol\dallastown.k12.pa.us\scripts\shared.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-358942465-121587378-794563710-53520\Scripts\Logon\0\0]
"Script"=\\dallastown.k12.pa.us\SysVol\dallastown.k12.pa.us\scripts\shared.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-358942465-121587378-794563710-53591\Scripts\Logon\0\0]
"Script"=\\dallastown.k12.pa.us\SysVol\dallastown.k12.pa.us\scripts\shared.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-358942465-121587378-794563710-53603\Scripts\Logon\0\0]
"Script"=\\dallastown.k12.pa.us\SysVol\dallastown.k12.pa.us\scripts\shared.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-358942465-121587378-794563710-53630\Scripts\Logon\0\0]
"Script"=\\dallastown.k12.pa.us\SysVol\dallastown.k12.pa.us\scripts\shared.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-358942465-121587378-794563710-53695\Scripts\Logon\0\0]
"Script"=\\dallastown.k12.pa.us\SysVol\dallastown.k12.pa.us\scripts\shared.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-358942465-121587378-794563710-53737\Scripts\Logon\0\0]
"Script"=\\dallastown.k12.pa.us\SysVol\dallastown.k12.pa.us\scripts\shared.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-358942465-121587378-794563710-53774\Scripts\Logon\0\0]
"Script"=\\dallastown.k12.pa.us\SysVol\dallastown.k12.pa.us\scripts\shared.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-358942465-121587378-794563710-53834\Scripts\Logon\0\0]
"Script"=\\dallastown.k12.pa.us\SysVol\dallastown.k12.pa.us\scripts\shared.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-358942465-121587378-794563710-53838\Scripts\Logon\0\0]
"Script"=\\dallastown.k12.pa.us\SysVol\dallastown.k12.pa.us\scripts\shared.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-358942465-121587378-794563710-54061\Scripts\Logon\0\0]
"Script"=\\dallastown.k12.pa.us\SysVol\dallastown.k12.pa.us\scripts\shared.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-358942465-121587378-794563710-54220\Scripts\Logon\0\0]
"Script"=\\dallastown.k12.pa.us\SysVol\dallastown.k12.pa.us\scripts\shared.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-358942465-121587378-794563710-54583\Scripts\Logon\0\0]
"Script"=\\dallastown.k12.pa.us\SysVol\dallastown.k12.pa.us\scripts\shared.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-358942465-121587378-794563710-57424\Scripts\Logoff\0\0]
"Script"=\\dallastown.k12.pa.us\SysVol\dallastown.k12.pa.us\scripts\sendLogOut.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-358942465-121587378-794563710-57424\Scripts\Logon\0\0]
"Script"=\\dallastown.k12.pa.us\SysVol\dallastown.k12.pa.us\scripts\sendLogIn.vbs

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Altiris\\AClient\\AClntUsr.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1305:TCP"= 1305:TCP:Lightspeed Security Agent (TCP)
"1305:UDP"= 1305:UDP:Lightspeed Security Agent (UDP)

R2 SLClient;ScriptLogic Service;c:\windows\system32\slClient.exe [2007-09-07 558496]
R2 SMART Web Server;SMART Web Server;c:\program files\SMART Technologies Inc\SMART Board Software\WebServer.exe [2007-04-19 759312]

*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Framework Windows - frmwrk32.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dallastown.net/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.dallastown.net/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\docume~1\klinejoe\LOCALS~1\Temp\ntdll64.dll
Trusted Zone: www.compasslearningodyssey.com
Trusted Zone: www.thelearningodyssey.com
Trusted Zone: www.compasslearningodyssey.com
Trusted Zone: www.thelearningodyssey.com
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-13 17:48:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-12-13 17:49:22
ComboFix-quarantined-files.txt 2008-12-13 22:49:18

Pre-Run: 37,167,828,992 bytes free
Post-Run: 37,233,217,536 bytes free

220

#4 klinejoe

klinejoe
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:33 PM

Posted 13 December 2008 - 08:01 PM

I was having a blonde moment here is the Hijacklog

Thanks

Logfile of random's system information tool 1.04 (written by random/random)
Run by klinejoe at 2008-12-13 19:58:22
Microsoft Windows XP Professional Service Pack 2
System drive C: has 36 GB (37%) free of 95 GB
Total RAM: 2046 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:58, on 2008-12-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Altiris\AClient\AClient.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slClient.exe
C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe
C:\Program Files\SMART Technologies Inc\SMART Board Software\WebServer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Altiris\AClient\AClntUsr.EXE
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Java\jre1.5.0_08\bin\jucheck.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\klinejoe\Desktop\RSIT.exe
C:\Program Files\trend micro\klinejoe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dallastown.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dallastown.net/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies Inc\Notebook Software\NotebookPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [AClntUsr] C:\Program Files\Altiris\AClient\AClntUsr.EXE
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HSVideo.cmd
O4 - Global Startup: INSTALL NAS.vbs
O4 - Global Startup: INSTALL TWO PRINTERS ON PC's.vbs
O4 - Global Startup: PRINT-HS-RM267.vbs
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\docume~1\klinejoe\locals~1\temp\ntdll64.dll
O10 - Unknown file in Winsock LSP: c:\docume~1\klinejoe\locals~1\temp\ntdll64.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.dallastown.net
O15 - Trusted Zone: www.compasslearningodyssey.com
O15 - Trusted Zone: www.thelearningodyssey.com
O15 - Trusted Zone: www.compasslearningodyssey.com (HKLM)
O15 - Trusted Zone: www.thelearningodyssey.com (HKLM)
O15 - ESC Trusted Zone: http://runonce.msn.com (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1159448456661
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1159448670485
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dallastown.k12.pa.us
O17 - HKLM\Software\..\Telephony: DomainName = dallastown.k12.pa.us
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dallastown.k12.pa.us
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = dallastown.k12.pa.us
O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\Program Files\Altiris\AClient\AClient.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptLogic Service (SLClient) - ScriptLogic Software Corporation - C:\WINDOWS\system32\slClient.exe
O23 - Service: SMART Board Service - SMART Technologies Inc. - C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe
O23 - Service: SMART Web Server - Unknown owner - C:\Program Files\SMART Technologies Inc\SMART Board Software\WebServer.exe

--
End of file - 8540 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67BCF957-85FC-4036-8DC4-D4D80E00A77B}]
CIEDownload Object - C:\Program Files\SMART Technologies Inc\Notebook Software\NotebookPlugin.dll [2007-05-08 574992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll [2006-07-26 434279]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-12-11 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-12-11 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-03-21 7557120]
"nwiz"=nwiz.exe /installquiet []
"NVHotkey"=C:\WINDOWS\system32\nvHotkey.dll [2006-03-21 73728]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-08 761947]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-03-24 282624]
"McAfeeUpdaterUI"=C:\Program Files\Network Associates\Common Framework\UdaterUI.exe [2007-01-24 136768]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-09-28 151552]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe [2006-07-26 49263]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-02-23 53248]
"AClntUsr"=C:\Program Files\Altiris\AClient\AClntUsr.EXE [2008-12-13 184320]
"Synchronization Manager"=C:\WINDOWS\system32\mobsync.exe [2004-08-04 143360]
"ShStatEXE"=C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [2007-10-16 111952]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [2008-12-11 171448]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HSVideo.cmd
INSTALL NAS.vbs
INSTALL TWO PRINTERS ON PC's.vbs
PRINT-HS-RM267.vbs

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=1
"legalnoticecaption"=Security Information for DASD System Users
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoSimpleStartMenu"=1
"LockTaskbar"=1
"DisablePersonalDirChange"=1
"NoDesktopCleanupWizard"=1
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Altiris\AClient\AClntUsr.EXE"="C:\Program Files\Altiris\AClient\AClntUsr.EXE:*:Enabled:AClntUsr - AClient Interactive User Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Network Associates\Common Framework\FrameworkService.exe"="C:\Program Files\Network Associates\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\Program Files\Altiris\AClient\AClntUsr.EXE"="C:\Program Files\Altiris\AClient\AClntUsr.EXE:*:Enabled:AClntUsr - AClient Interactive User Service"

======File associations======

.js - edit - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1"

======List of files/folders created in the last 1 months======

2008-12-13 17:49:23 ----A---- C:\ComboFix.txt
2008-12-13 17:42:47 ----A---- C:\WINDOWS\zip.exe
2008-12-13 17:42:47 ----A---- C:\WINDOWS\VFIND.exe
2008-12-13 17:42:47 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-13 17:42:47 ----A---- C:\WINDOWS\SWSC.exe
2008-12-13 17:42:47 ----A---- C:\WINDOWS\SWREG.exe
2008-12-13 17:42:47 ----A---- C:\WINDOWS\sed.exe
2008-12-13 17:42:47 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-13 17:42:47 ----A---- C:\WINDOWS\grep.exe
2008-12-13 17:42:47 ----A---- C:\WINDOWS\fdsv.exe
2008-12-13 17:42:43 ----D---- C:\WINDOWS\ERDNT
2008-12-13 17:42:43 ----D---- C:\Qoobox
2008-12-13 08:46:59 ----D---- C:\Program Files\trend micro
2008-12-13 08:46:58 ----D---- C:\rsit
2008-12-12 23:46:34 ----D---- C:\Program Files\Spybot
2008-12-12 23:06:54 ----D---- C:\Program Files\Common Files\Download Manager
2008-12-11 10:03:01 ----D---- C:\Documents and Settings\klinejoe\Application Data\Google
2008-12-11 10:02:46 ----D---- C:\Program Files\Adobe Media Player
2008-12-11 10:02:41 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-12-11 10:01:17 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-12-11 10:01:11 ----D---- C:\Program Files\Google
2008-12-11 09:58:09 ----D---- C:\Documents and Settings\klinejoe\Application Data\Sun
2008-12-10 13:19:01 ----D---- C:\Documents and Settings\klinejoe\Application Data\Macromedia
2008-12-08 12:07:33 ----D---- C:\Documents and Settings\klinejoe\Application Data\Publish Providers
2008-12-08 12:06:59 ----D---- C:\Documents and Settings\klinejoe\Application Data\Sony
2008-12-08 09:58:54 ----D---- C:\Documents and Settings\klinejoe\Application Data\CyberLink
2008-12-08 08:04:16 ----D---- C:\Documents and Settings\klinejoe\Application Data\Adobe
2008-12-08 07:17:14 ----D---- C:\Documents and Settings\klinejoe\Application Data\Real
2008-12-08 07:16:57 ----D---- C:\Documents and Settings\klinejoe\Application Data\Identities
2008-12-08 07:16:23 ----SD---- C:\Documents and Settings\klinejoe\Application Data\Microsoft
2008-12-08 07:16:23 ----D---- C:\Documents and Settings\klinejoe\Application Data\Intel
2008-12-08 07:16:23 ----ASH---- C:\Documents and Settings\klinejoe\Application Data\desktop.ini
2008-11-23 11:02:45 ----D---- C:\Program Files\DIFX
2008-11-23 11:02:43 ----A---- C:\WINDOWS\system32\ftserui2.dll
2008-11-23 11:02:42 ----A---- C:\WINDOWS\system32\FTLang.dll
2008-11-23 11:02:42 ----A---- C:\WINDOWS\system32\ftd2xx.dll
2008-11-23 11:02:42 ----A---- C:\WINDOWS\system32\ftbusui.dll
2008-11-23 11:02:40 ----D---- C:\Program Files\SuuntoUSBDrivers
2008-11-23 11:02:40 ----A---- C:\WINDOWS\unins001.exe
2008-11-23 11:02:35 ----A---- C:\WINDOWS\system32\suuunin2k.exe
2008-11-23 11:02:35 ----A---- C:\WINDOWS\system32\suuunin.exe
2008-11-23 11:02:34 ----A---- C:\WINDOWS\unins000.exe
2008-11-23 11:02:34 ----A---- C:\WINDOWS\system32\PreInstaller.exe
2008-11-23 11:02:32 ----D---- C:\Program Files\Suunto Monitor
2008-11-23 11:02:23 ----D---- C:\Program Files\Suunto Training Manager
2008-11-23 11:00:52 ----D---- C:\Program Files\Suunto
2008-11-20 09:52:00 ----D---- C:\Trash
2008-11-20 09:02:39 ----D---- C:\Documents and Settings\All Users\Application Data\Macromedia
2008-11-20 08:59:32 ----D---- C:\Program Files\Macromedia
2008-11-20 08:59:32 ----D---- C:\Program Files\Common Files\Macromedia
2008-11-20 08:39:40 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-11-20 07:59:31 ----D---- C:\Documents and Settings\All Users\Application Data\ALM
2008-11-19 15:53:23 ----A---- C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-11-19 15:53:23 ----A---- C:\WINDOWS\system32\NPSWF32.dll
2008-11-19 15:45:05 ----D---- C:\Program Files\Bonjour
2008-11-19 15:33:27 ----D---- C:\Program Files\Common Files\Macrovision Shared

======List of files/folders modified in the last 1 months======

2008-12-13 19:41:53 ----D---- C:\WINDOWS\Prefetch
2008-12-13 17:49:57 ----D---- C:\WINDOWS\system32
2008-12-13 17:49:40 ----D---- C:\WINDOWS\Temp
2008-12-13 17:48:30 ----D---- C:\WINDOWS
2008-12-13 17:48:30 ----A---- C:\WINDOWS\system.ini
2008-12-13 17:46:53 ----D---- C:\WINDOWS\system32\drivers
2008-12-13 17:46:51 ----D---- C:\WINDOWS\AppPatch
2008-12-13 17:46:51 ----D---- C:\Program Files\Common Files
2008-12-13 17:44:34 ----D---- C:\QUARANTINE
2008-12-13 17:43:46 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-13 08:46:59 ----RD---- C:\Program Files
2008-12-13 08:41:04 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-12 23:11:50 ----SHD---- C:\WINDOWS\Installer
2008-12-12 23:10:33 ----D---- C:\WINDOWS\system32\Macromed
2008-12-12 23:10:01 ----D---- C:\WINDOWS\security
2008-12-12 22:35:43 ----D---- C:\Documents and Settings
2008-12-12 22:30:27 ----A---- C:\WINDOWS\system32\userinit.exe
2008-12-12 22:12:04 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-11 10:02:52 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-12-11 10:01:04 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-11 10:01:03 ----HD---- C:\WINDOWS\inf
2008-12-10 09:37:08 ----A---- C:\WINDOWS\bi_group.ini
2008-12-08 09:41:22 ----A---- C:\WINDOWS\win.ini
2008-12-08 08:21:55 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-08 07:18:12 ----A---- C:\WINDOWS\ODBC.INI
2008-12-08 07:17:00 ----A---- C:\WINDOWS\OEWABLog.txt
2008-11-24 08:46:57 ----D---- C:\Program Files\Sony Setup
2008-11-23 11:02:43 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-11-20 08:03:16 ----D---- C:\Program Files\Adobe
2008-11-19 15:52:50 ----D---- C:\WINDOWS\WinSxS
2008-11-19 15:52:04 ----D---- C:\Program Files\Common Files\Adobe
2008-11-19 15:48:27 ----RSD---- C:\WINDOWS\Fonts
2008-11-19 13:29:12 ----D---- C:\WINDOWS\Minidump

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 mferkdk;VSCore mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys []
R1 mfetdik;McAfee Inc.; C:\WINDOWS\system32\drivers\mfetdik.sys [2007-10-16 51944]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-04 12544]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-11-10 142720]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-12-01 936960]
R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-12-01 192512]
R3 mfeapfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeapfk.sys [2007-10-16 64168]
R3 mfeavfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-10-16 72680]
R3 mfebopk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-10-16 33960]
R3 mfehidk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-10-16 171272]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NETw3x32;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw3x32.sys [2006-08-28 1708032]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-03-21 3652128]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-07-14 28544]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-07-12 51328]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-07-14 307968]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-04 67584]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-03-24 1156648]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-08 191872]
R3 USBCCID;USB Smart Card reader; C:\WINDOWS\system32\DRIVERS\usbccid.sys [2005-05-13 28672]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-01 669696]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2004-08-03 48128]
S3 AlKernel;Altiris Kernel Driver; C:\WINDOWS\System32\Drivers\AlKernel.sys [2008-02-26 2401]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2004-08-03 38912]
S3 AVCSTRM;AVC Streaming Filter Driver; C:\WINDOWS\system32\DRIVERS\avcstrm.sys [2004-08-03 13696]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 FTDIBUS;Suunto Sports Instrument Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2008-04-01 57536]
S3 FTSER2K;Suunto USB Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2008-04-01 72000]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2004-08-03 51328]
S3 MSTAPE;Microsoft AV/C Tape Subunit Device; C:\WINDOWS\system32\DRIVERS\mstape.sys [2004-08-03 49024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2007-01-25 47360]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AClient;Altiris Client Service; C:\Program Files\Altiris\AClient\AClient.exe [2006-04-14 5005388]
R2 AdobeActiveFileMonitor4.0;Adobe Active File Monitor V4; C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [2005-09-09 102400]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\Network Associates\Common Framework\FrameworkService.exe [2007-01-24 104000]
R2 McShield;McAfee McShield; C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [2007-10-16 144704]
R2 McTaskManager;McAfee Task Manager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [2007-10-16 54608]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-03-21 143428]
R2 SLClient;ScriptLogic Service; C:\WINDOWS\system32\slClient.exe [2008-05-29 558496]
R2 SMART Board Service;SMART Board Service; C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe [2007-05-03 1099280]
R2 SMART Web Server;SMART Web Server; C:\Program Files\SMART Technologies Inc\SMART Board Software\WebServer.exe [2007-04-19 759312]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 UPHClean;User Profile Hive Cleanup; C:\Program Files\UPHClean\uphclean.exe [2005-04-27 241725]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-09-28 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-11-19 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-11 138168]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------

#5 Joe - London

Joe - London

  • Security Colleague
  • 327 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:33 AM

Posted 14 December 2008 - 05:25 AM

Hi klinejoe,

Download LSP Fix from here and unzip into it's own folder.
Disconnect from the Internet and close all Internet Explorer Windows.

Check the "I know what I'm doing" Button and move all instances of ntdll64.dll from the left panel to the right panel then click ‘Finish’

To see a tutorial on how to use this program click this link

Open Hijackthis, take another scan and place a checkmark next to these entries.


O15 - Trusted Zone: www.thelearningodyssey.com
O15 - Trusted Zone: www.compasslearningodyssey.com (HKLM)
O15 - Trusted Zone: www.thelearningodyssey.com (HKLM)
O15 - ESC Trusted Zone: http://runonce.msn.com (HKLM)


Close all open Windows except Hijackthis and click on "fix Checked".
Reboot the computer.

Post a new Hijackthis log.

I am a little clueless about Hijackthis and the uninstll list.


To do this:

Open Hijackthis,
Click Config | Misc Tools | Open Unistall Manager.
A list of the entries in Add/remove programs will appear.
Click on Save List...
The list will be saved as 'Uninstall_list.txt'
Copy & Paste the contents in your next reply.

Joe.
If I have helped you in any way, please consider a donation:
Posted Image
Member of UNITE and ASAP.

#6 klinejoe

klinejoe
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:33 PM

Posted 14 December 2008 - 07:22 PM

I did the LSPfix. and checked the O15 items in Hijackthis and rebooted. here is the latest log & 'Uninstall_list.txt'
:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:15, on 2008-12-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Altiris\AClient\AClient.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\init32.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slClient.exe
C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe
C:\Program Files\SMART Technologies Inc\SMART Board Software\WebServer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Altiris\AClient\AClntUsr.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\userinit.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\trend micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dallastown.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dallastown.net/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies Inc\Notebook Software\NotebookPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [AClntUsr] C:\Program Files\Altiris\AClient\AClntUsr.EXE
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HSVideo.cmd
O4 - Global Startup: INSTALL NAS.vbs
O4 - Global Startup: INSTALL TWO PRINTERS ON PC's.vbs
O4 - Global Startup: PRINT-HS-RM267.vbs
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.dallastown.net
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1159448456661
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1159448670485
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dallastown.k12.pa.us
O17 - HKLM\Software\..\Telephony: DomainName = dallastown.k12.pa.us
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dallastown.k12.pa.us
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = dallastown.k12.pa.us
O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\Program Files\Altiris\AClient\AClient.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptLogic Service (SLClient) - ScriptLogic Software Corporation - C:\WINDOWS\system32\slClient.exe
O23 - Service: SMART Board Service - SMART Technologies Inc. - C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe
O23 - Service: SMART Web Server - Unknown owner - C:\Program Files\SMART Technologies Inc\SMART Board Software\WebServer.exe

--
End of file - 8086 bytes


'Uninstall_list.txt'

Add or Remove Adobe Creative Suite 3 Production Premium
Adobe After Effects 7.0
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe After Effects CS3 Template Projects & Footage
Adobe After Effects CS3 Third Party Content
Adobe After Effects CS3 Third Party Content
Adobe AIR
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge 1.0
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Common File Installer
Adobe Creative Suite 3 Production Premium
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Encore CS3
Adobe Encore CS3 Library
Adobe ExtendScript Toolkit 1.0
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 9 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Glyphlet Creation Tool CS3
Adobe Help Center 2.0
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe Linguistics CS3
Adobe Media Player
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop Elements 4.0
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Reader 7.0.8
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Scores
Adobe Stock Photos 1.0
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
CCleaner (remove only)
Conexant HDA D110 MDC V.92 Modem
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB896344)
Intel® PROSet/Wireless Software
J2SE Development Kit 5.0 Update 8
J2SE Runtime Environment 5.0 Update 8
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Flash Player 8
Macromedia Shockwave Player
McAfee AntiSpyware Enterprise Module
McAfee VirusScan Enterprise
mDriver
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Office Professional Edition 2003
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
MSN Music Assistant
MSXML 6.0 Parser (KB925673)
NVIDIA Drivers
PDF Settings
PowerDVD 5.5
PrimoDVD (English)
QuickTime
RealPlayer Enterprise
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
SigmaTel Audio
SMART Board Software
SMART Essentials for Educators
Sony ACID Music Studio 5.0
Sony ACID Music Studio 6.0a
Sony DVD Architect 3.0
Sony Media Manager 2.0
Sony Sound Forge Audio Studio 8.0
Sony Vegas 6.0d
Sony Vegas Movie Studio 6.0
Sony Vegas Pro 8.0
SureThing CD Labeler 3.1 Primera Edition
Suunto Monitor
Suunto Training Manager
Suunto USB Drive
Suunto USB Driver
Synaptics Pointing Device Driver
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB900930)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
User Profile Hive Cleanup Service
Windows Communication Foundation
Windows Driver Package - Suunto Suunto USB Driver Package (03/13/2008 2.04.06)
Windows Driver Package - Suunto Suunto USB Serial Port (03/13/2008 2.04.06)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781

#7 Joe - London

Joe - London

  • Security Colleague
  • 327 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:33 AM

Posted 15 December 2008 - 04:56 AM

Hi klinejoe,

Uninstall/delete LSP Fix.

Also Combofix as follows:
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK ](case insensitive)


  • Posted Image
  • When shown the disclaimer, Select "2"

    The above procedure will

  • Delete ComboFix and its associated files and folders.
Open Hijackthis, take another scan and place a checkmark next to these entries.

Did you or your company/collage set this, if so leave it alone. If not fix it with Hijackthis.
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present


Close all open Windows except Hijackthis and click on "fix Checked".

Reboot the computer.

Now run CCleaner

Post back and let me know if the problem is resolved and then we'll take a look at your securities etc.

Joe.
If I have helped you in any way, please consider a donation:
Posted Image
Member of UNITE and ASAP.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users