 Stubborn Virus - Js/zquest - Can't Get Rid Of It! Please Help! |
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive General Support Issues  |
 Apr 1 2007, 07:59 PM
Post
#1
|
|
|
Newbie  Group: Members Posts: 7 Joined: 1-April 07 Member No.: 24,249  |
I started having tons of pop-ups last night. Managed to get rid of Web Buying & NewDotNet (I think), but I keep getting several program files reinstalled after I've deleted them. Apparently they're part of js/zquest, as my antivirus is telling me my computer's infected with that. Slow speed & I can't access task manager. Any help will be greatly appreciated!!!!
All righty - I'm adding my hijack this logfile - I really have no idea what to do with this. Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 4:07:40 PM, on 4/1/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\Atiptaxx.exe C:\WINDOWS\System32\ati2evxx.exe C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe C:\Program Files\Yahoo!\Antivirus\CAVTray.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\Yahoo!\Antivirus\CAVRID.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dllhost.exe C:\Program Files\Yahoo!\Antivirus\ISafe.exe C:\WINDOWS\System32\cisvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Yahoo!\Antivirus\VetMsg.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe C:\WINDOWS\system32\lxcrcoms.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Yahoo!\YOP\yop.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\hh.exe D:\OFFICE11\WINWORD.EXE C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\Documents and Settings\Laine\Local Settings\Temporary Internet Files\Content.IE5\O4Z1X7F7\HiJackThis_v2[1].exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: (no name) - {0407CEC2-D037-43C1-81DB-8783E2F55695} - \ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: (no name) - {149D5305-8DE2-4E1A-BAC5-096CAB28403C} - \ O2 - BHO: (no name) - {35E81754-44FF-491C-A264-8BB5EF6329D1} - \ O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll O2 - BHO: (no name) - {6E752FC6-70E6-4E94-AD9B-77314B57F857} - \ O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: (no name) - {AB8B508D-5F8D-4E35-B2D2-AC593C0956F6} - \ O2 - BHO: (no name) - {AE23F2E0-9FF9-4D61-A650-0F9A861750BA} - \ O2 - BHO: (no name) - {BCAC519C-F7A9-4A42-9A9A-17A421FE5ADC} - \ O2 - BHO: 0 - {D0AA8B26-2FE5-4B96-B096-B9EF05B35FDA} - C:\Program Files\MSN Gaming Zone\quha.dll O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll (file missing) O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs O4 - HKLM\..\Run: [CleanupProgram] C:\Sonysys\cleanup.exe O4 - HKLM\..\Run: [POINTER] point32.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: dllhost.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/EN/mdldetect/VaioInfo.CAB O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.livingnaturally.com/common/e_coupons/smsx.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinst.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\ati2evxx.exe O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.EXE (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbtcoms.exe O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE -- End of file - 10855 bytes This post has been edited by Laine: Apr 1 2007, 09:43 PM |
 |
 
|
|
Apr 1 2007, 10:15 PM
Post
#2
|
|
|
Newbie Group: Members Posts: 7 Joined: 1-April 07 Member No.: 24,249 |
Hello - I'm not sure where to post this help request, so if this is in the wrong place, I apologize!
I started having tons of pop-ups last night. Managed to get rid of Web Buying & NewDotNet (I think), but I keep getting several program files reinstalled after I've deleted them. Apparently they're part of js/zquest, as my antivirus is telling me my computer's infected with that. Slow speed & I can't access task manager. Any help will be greatly appreciated!!!! All righty - I'm adding my hijackthis logfile - I really have no idea what to do with this. Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 4:07:40 PM, on 4/1/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\Atiptaxx.exe C:\WINDOWS\System32\ati2evxx.exe C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe C:\Program Files\Yahoo!\Antivirus\CAVTray.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\Yahoo!\Antivirus\CAVRID.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dllhost.exe C:\Program Files\Yahoo!\Antivirus\ISafe.exe C:\WINDOWS\System32\cisvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Yahoo!\Antivirus\VetMsg.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe C:\WINDOWS\system32\lxcrcoms.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Yahoo!\YOP\yop.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\hh.exe D:\OFFICE11\WINWORD.EXE C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\Documents and Settings\Laine\Local Settings\Temporary Internet Files\Content.IE5\O4Z1X7F7\HiJackThis_v2[1].exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: (no name) - {0407CEC2-D037-43C1-81DB-8783E2F55695} - \ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: (no name) - {149D5305-8DE2-4E1A-BAC5-096CAB28403C} - \ O2 - BHO: (no name) - {35E81754-44FF-491C-A264-8BB5EF6329D1} - \ O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll O2 - BHO: (no name) - {6E752FC6-70E6-4E94-AD9B-77314B57F857} - \ O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: (no name) - {AB8B508D-5F8D-4E35-B2D2-AC593C0956F6} - \ O2 - BHO: (no name) - {AE23F2E0-9FF9-4D61-A650-0F9A861750BA} - \ O2 - BHO: (no name) - {BCAC519C-F7A9-4A42-9A9A-17A421FE5ADC} - \ O2 - BHO: 0 - {D0AA8B26-2FE5-4B96-B096-B9EF05B35FDA} - C:\Program Files\MSN Gaming Zone\quha.dll O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll (file missing) O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs O4 - HKLM\..\Run: [CleanupProgram] C:\Sonysys\cleanup.exe O4 - HKLM\..\Run: [POINTER] point32.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: dllhost.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/EN/mdldetect/VaioInfo.CAB O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.livingnaturally.com/common/e_coupons/smsx.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinst.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\ati2evxx.exe O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.EXE (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbtcoms.exe O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE -- End of file - 10855 bytes |
|
|
|
 Apr 2 2007, 06:10 PM
Post
#3
|
|
 Advanced Member Group: Volunteer Security Advisor Posts: 4,076 Joined: 17-July 06 Member No.: 6,745 |
Hello,Laine & Welcome
I'm going to have you download and run some tools for me.please make sure to come back here with all logfiles. and if asked to update tools first do so before you move on. --------------- First Hijackthis needs to be in it's own folder Create a folder on the C: drive called C:\HJT. You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT. then move Hijackthis.exe to that folder --------------- Please download SUPERAntiSpyware Home Edition (free version) Install it and double-click the icon on your desktop to run it. It will ask if you want to update the program definitions, click Yes. Under Configuration and Preferences, click the Preferences button. Click the Scanning Control tab. Under Scanner Options make sure the following are checked: Close browsers before scanning Scan for tracking cookies Terminate memory threats before quarantining. Please leave the others unchecked. Click the Close button to leave the control center screen. On the main screen, under Scan for Harmful Software click Scan your computer. On the left check C:\Fixed Drive. On the right, under Complete Scan, choose Perform Complete Scan. Click Next to start the scan. Please be patient while it scans your computer. After the scan is complete a summary box will appear. Click OK. Make sure everything in the white box has a check next to it, then click Next. It will quarantine what it found and if it asks if you want to reboot, click Yes. To retrieve the removal information for me please do the following: After reboot, double-click the SUPERAntispyware icon on your desktop. Click Preferences. Click the Statistics/Logs tab. Under Scanner Logs, double-click SUPERAntiSpyware Scan Log. It will open in your default text editor (such as Notepad/Wordpad). Please highlight everything in the notepad, then right-click and choose copy. Click close and close again to exit the program. Please paste that information here for me with a new HijackThis log. --------------- Please do an online scan with Kaspersky Online Scanner: 1. Click on Kaspersky Online Scanner. 2. You will be prompted to install an ActiveX component from Kaspersky, click Yes. 3. The program will launch and then begin downloading the latest definition files. 4. Once the files have been downloaded click on Next. 5. Now click on Scan Settings. 6. In the scan settings make sure that the following are selected: * Scan using the following Anti-Virus database: Extended * Scan Options: Scan Archives Scan Mail Bases 7. Click OK. 8. Now under select a target to scan: * Select My Computer. 9. This program will start and scan your system. 10. The scan will take a while so be patient and let it run. 11. Once the scan is complete it will display if your system has been infected. * Now click on the Save Report As button. * In the File name: field, type kavscan. * In the Save as type: field, select Text file (*.txt). 12. Save the file to your desktop. 13. Copy and paste that information in your next post. Note for Internet Explorer 7 users: If at any time you have trouble with the Accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%. ----------------- If having a problme doing the above Make sure that your Internet security settings are set to default values. To set default security settings for Internet Explorer: * Open Internet Explorer. * Go to the Tools menu, then choose Internet Options. * Click on the Security tab. * Make sure that all four item (Internet, Local intranet, Trusted sites, and Restricted sites) are set to their default settings. ----------------- Please download ComboFix and save it to your desktop. Double click combofix.exe and follow the prompts. When it's done running it will produce a log for you. Please post that log in your next reply. Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall. ----------------- Again come back here with all logfiles. Gogo  -------------------- Die Hijacker Die
Member of ALLIANCE OF SECURITY ANALYSIS PROFESSIONALS Since 2004 Warning My killer dog at work. QUOTE |
|
|
|
|
Apr 3 2007, 05:12 AM
Post
#4
|
|
|
Newbie Group: Members Posts: 7 Joined: 1-April 07 Member No.: 24,249 |
Hi there - thanks for your help! I'm going to have to put this up piece by piece because my computer keeps crashing - there's a ton of nasty stuff on here.
SUPERAntiSpyware Scan Log Generated 04/02/2007 at 08:56 PM Application Version : 3.6.1000 Core Rules Database Version : 3210 Trace Rules Database Version: 1220 Scan type : Complete Scan Total Scan Time : 02:34:21 Memory items scanned : 399 Memory threats detected : 0 Registry items scanned : 6084 Registry threats detected : 6 File items scanned : 53947 File threats detected : 89 Worm.Rbot Variant [p2p networking] C:\WINDOWS\SYSTEM32\P2PNETWORKING.EXE C:\WINDOWS\SYSTEM32\P2PNETWORKING.EXE Trojan.ZQuest HKLM\Software\Classes\CLSID\{D0AA8B26-2FE5-4B96-B096-B9EF05B35FDA} HKCR\CLSID\{D0AA8B26-2FE5-4B96-B096-B9EF05B35FDA} HKCR\CLSID\{D0AA8B26-2FE5-4B96-B096-B9EF05B35FDA}\InProcServer32 HKCR\CLSID\{D0AA8B26-2FE5-4B96-B096-B9EF05B35FDA}\InProcServer32#ThreadingModel C:\PROGRAM FILES\MSN GAMING ZONE\QUHA.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0AA8B26-2FE5-4B96-B096-B9EF05B35FDA} Adware.Tracking Cookie C:\Documents and Settings\Laine\Cookies\laine@kanoodle[1].txt C:\Documents and Settings\Laine\Cookies\laine@edge.ru4[2].txt C:\Documents and Settings\Laine\Cookies\laine@www.googleadservices[1].txt C:\Documents and Settings\Laine\Cookies\laine@www.3dstats[1].txt C:\Documents and Settings\Laine\Cookies\laine@media.adrevolver[2].txt C:\Documents and Settings\Laine\Cookies\laine@ads.revsci[1].txt C:\Documents and Settings\Laine\Cookies\laine@adinterax[1].txt C:\Documents and Settings\Laine\Cookies\laine@tacoda[2].txt C:\Documents and Settings\Laine\Cookies\laine@precisionclick[1].txt C:\Documents and Settings\Laine\Cookies\laine@zedo[2].txt C:\Documents and Settings\Laine\Cookies\laine@www.googleadservices[5].txt C:\Documents and Settings\Laine\Cookies\laine@atlas.fixionmedia[1].txt C:\Documents and Settings\Laine\Cookies\laine@count1.exitexchange[1].txt C:\Documents and Settings\Laine\Cookies\laine@statse.webtrendslive[1].txt C:\Documents and Settings\Laine\Cookies\laine@www.googleadservices[2].txt C:\Documents and Settings\Laine\Cookies\laine@partner2profit[1].txt C:\Documents and Settings\Laine\Cookies\laine@server.lon.liveperson[1].txt C:\Documents and Settings\Laine\Cookies\laine@www3.addfreestats[1].txt C:\Documents and Settings\Laine\Cookies\laine@ads.ratemyprofessors[1].txt C:\Documents and Settings\Laine\Cookies\laine@media.hotels[1].txt C:\Documents and Settings\Laine\Cookies\laine@casalemedia[2].txt C:\Documents and Settings\Laine\Cookies\laine@adv.webmd[2].txt C:\Documents and Settings\Laine\Cookies\laine@enhance[1].txt C:\Documents and Settings\Laine\Cookies\laine@ads.pointroll[1].txt C:\Documents and Settings\Laine\Cookies\laine@adrevolver[1].txt C:\Documents and Settings\Laine\Cookies\laine@fastclick[2].txt C:\Documents and Settings\Laine\Cookies\laine@adultswim[1].txt C:\Documents and Settings\Laine\Cookies\laine@ads.addynamix[1].txt C:\Documents and Settings\Laine\Cookies\laine@ads.k8l[2].txt C:\Documents and Settings\Laine\Cookies\laine@www.googleadservices[4].txt C:\Documents and Settings\Laine\Cookies\laine@adbrite[1].txt C:\Documents and Settings\Laine\Cookies\laine@ads.adbrite[1].txt C:\Documents and Settings\Laine\Cookies\laine@server.iad.liveperson[1].txt C:\Documents and Settings\Laine\Cookies\laine@imrworldwide[2].txt C:\Documents and Settings\Laine\Cookies\laine@linkstattrack[1].txt C:\Documents and Settings\Laine\Cookies\laine@ads.adultswim[2].txt C:\Documents and Settings\Laine\Cookies\laine@serving-sys[2].txt C:\Documents and Settings\Laine\Cookies\laine@exitexchange[2].txt C:\Documents and Settings\Laine\Cookies\laine@atdmt[2].txt C:\Documents and Settings\Laine\Cookies\laine@sales.liveperson[2].txt C:\Documents and Settings\Laine\Cookies\laine@ads.habbogroup[1].txt C:\Documents and Settings\Laine\Cookies\laine@www.googleadservices[3].txt C:\Documents and Settings\Laine\Cookies\laine@anat.tacoda[1].txt C:\Documents and Settings\Laine\Cookies\laine@overture[1].txt C:\Documents and Settings\Laine\Cookies\laine@advertising[2].txt C:\Documents and Settings\Laine\Cookies\laine@realmedia[2].txt C:\Documents and Settings\Laine\Cookies\laine@doubleclick[1].txt C:\Documents and Settings\Laine\Cookies\laine@revsci[1].txt C:\Documents and Settings\Laine\Cookies\laine@icc.intellisrv[2].txt C:\Documents and Settings\Laine\Cookies\laine@www1.addfreestats[1].txt C:\Documents and Settings\Laine\Cookies\laine@as-eu.falkag[1].txt C:\Documents and Settings\Laine\Cookies\laine@tripod.lycos[1].txt C:\Documents and Settings\Laine\Cookies\laine@ads.as4x.tmcs.ticketmaster[1].txt C:\Documents and Settings\Laine\Cookies\laine@coolsavings[2].txt C:\Documents and Settings\Laine\Cookies\laine@bs.serving-sys[2].txt C:\Documents and Settings\Laine\Cookies\laine@trafficmp[2].txt C:\Documents and Settings\Laine\Cookies\laine@ctxtad.tribalfusion[1].txt C:\Documents and Settings\Laine\Cookies\laine@ehg-independent.hitbox[1].txt C:\Documents and Settings\Laine\Cookies\laine@clicktracks.aristotle[2].txt C:\Documents and Settings\Laine\Cookies\laine@hotelinternetstrategies.122.2o7[1].txt C:\Documents and Settings\Laine\Cookies\laine@4.adbrite[1].txt C:\Documents and Settings\Laine\Cookies\laine@sales.liveperson[1].txt C:\Documents and Settings\Laine\Cookies\laine@cpvfeed[2].txt C:\Documents and Settings\Laine\Cookies\laine@www.coolsavings[2].txt C:\Documents and Settings\Laine\Cookies\laine@qnsr[1].txt C:\Documents and Settings\Laine\Cookies\laine@cf-db01.clickfacts[1].txt C:\Documents and Settings\Laine\Cookies\laine@www.googleadservices[6].txt C:\Documents and Settings\Laine\Cookies\laine@track.bestbuy[2].txt C:\Documents and Settings\Laine\Cookies\laine@count2.exitexchange[1].txt C:\Documents and Settings\Laine\Cookies\laine@login.revenueloop[2].txt C:\Documents and Settings\Laine\Cookies\laine@serving.rpowermedia[1].txt C:\Documents and Settings\Laine\Cookies\laine@server.lon.liveperson[2].txt C:\Documents and Settings\Laine\Cookies\laine@interclick[2].txt C:\Documents and Settings\Laine\Cookies\laine@anad.tacoda[2].txt C:\Documents and Settings\Laine\Cookies\laine@adopt.hbmediapro[2].txt C:\Documents and Settings\Laine\Cookies\laine@adopt.euroclick[2].txt C:\Documents and Settings\Laine\Cookies\laine@tremor.adbureau[1].txt C:\Documents and Settings\Laine\Cookies\laine@ad.yieldmanager[1].txt C:\Documents and Settings\Laine\Cookies\laine@www.trackspace[1].txt C:\Documents and Settings\Laine\Cookies\laine@tribalfusion[1].txt C:\Documents and Settings\Laine\Cookies\laine@mediaplex[1].txt C:\Documents and Settings\Laine\Cookies\laine@tradedoubler[1].txt Trojan.Freeprod C:\DOCUMENTS AND SETTINGS\LAINE\INSTALL.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B0BEA88A-6491-4653-8138-16C48361FE45}\RP369\A0174640.EXE C:\WINDOWS\SYSTEM32\INSTALL.EXE Adware.k8l C:\PROGRAM FILES\MSN GAMING ZONE\RTEQE.HTML Trojan.Downloader-TTC/AX C:\TTC.DLL Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 11:21:24 PM, on 4/2/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Yahoo!\Antivirus\ISafe.exe C:\WINDOWS\System32\cisvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Yahoo!\Antivirus\VetMsg.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe C:\WINDOWS\system32\Atiptaxx.exe C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe C:\Program Files\Yahoo!\Antivirus\CAVTray.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\Yahoo!\Antivirus\CAVRID.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dllhost.exe C:\WINDOWS\system32\lxcrcoms.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\WINDOWS\system32\cidaemon.exe C:\HJT\HiJackThis_v2.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: (no name) - {0407CEC2-D037-43C1-81DB-8783E2F55695} - \ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: (no name) - {126CBE9F-9D40-4B6D-9957-C06E2841D8B3} - \ O2 - BHO: (no name) - {149D5305-8DE2-4E1A-BAC5-096CAB28403C} - \ O2 - BHO: (no name) - {35E81754-44FF-491C-A264-8BB5EF6329D1} - \ O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll O2 - BHO: (no name) - {6E752FC6-70E6-4E94-AD9B-77314B57F857} - \ O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: (no name) - {AB8B508D-5F8D-4E35-B2D2-AC593C0956F6} - \ O2 - BHO: (no name) - {AE23F2E0-9FF9-4D61-A650-0F9A861750BA} - \ O2 - BHO: (no name) - {BCAC519C-F7A9-4A42-9A9A-17A421FE5ADC} - \ O2 - BHO: (no name) - {D0AA8B26-2FE5-4B96-B096-B9EF05B35FDA} - (no file) O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll (file missing) O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs O4 - HKLM\..\Run: [CleanupProgram] C:\Sonysys\cleanup.exe O4 - HKLM\..\Run: [POINTER] point32.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: dllhost.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/EN/mdldetect/VaioInfo.CAB O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.livingnaturally.com/common/e_coupons/smsx.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinst.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\ati2evxx.exe O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.EXE (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbtcoms.exe O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE -- End of file - 10844 bytes "Laine" - 07-04-03 8:45:22 Service Pack 2 ComboFix 07-04-03.3 - Running from: "C:\Documents and Settings\Laine\Desktop" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\bund1\ClientBundle1.exe C:\WINDOWS\system32\bund1\temp.txt C:\Program Files\Common Files\{30875~1\Bar888.dll C:\Program Files\Common Files\{30875~1\UnInstall.exe C:\Program Files\Common Files\{30875~2\Bar888.dll C:\Program Files\Common Files\{30875~2\UnInstall.exe C:\WINDOWS\system32\bund1 C:\Program Files\Common Files\{30875~1 C:\Program Files\Common Files\{30875~2 ((((((((((((((((((((((((((((((( Files Created from 2007-03-03 to 2007-04-03 )))))))))))))))))))))))))))))))))) 2007-04-02 23:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab 2007-04-02 23:44 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-04-02 23:44 <DIR> d-------- C:\WINDOWS\LastGood 2007-04-02 18:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com 2007-04-02 18:12 <DIR> d-------- C:\DOCUME~1\Laine\APPLIC~1\SUPERAntiSpyware.com 2007-04-02 17:46 <DIR> d-------- C:\HJT 2007-04-01 14:08 93,736 --a------ C:\WINDOWS\VTTC.exe 2007-04-01 10:01 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-04-01 01:41 167 --a------ C:\DOCUME~1\Laine\4036.bat 2007-04-01 01:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2007-04-01 00:47 167 --a------ C:\DOCUME~1\Laine\9645.bat 2007-04-01 00:22 167 --a------ C:\DOCUME~1\Laine\2593.bat 2007-04-01 00:21 32,768 --a------ C:\DOCUME~1\Laine\setup9x.exe 2007-03-31 20:26 167 --a------ C:\DOCUME~1\Laine\2800.bat 2007-03-31 20:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google 2007-03-31 18:45 8,464 --a------ C:\WINDOWS\system32\sporder.dll 2007-03-31 18:45 167 --a------ C:\WINDOWS\system32\7838.bat 2007-03-31 18:44 41,792 --a------ C:\WINDOWS\system32\app.exe 2007-03-31 18:44 32,768 --a------ C:\WINDOWS\system32\setup9x.exe 2007-03-31 18:44 0 --a------ C:\WINDOWS\system32\taskkill.exe 2007-03-31 18:44 <DIR> d-------- C:\WINDOWS\system32\micro1 2007-03-31 18:43 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll 2007-03-30 18:53 417,792 --a------ C:\Program Files\Video.exe 2007-03-30 18:53 417,792 --a------ C:\Program Files\Track_03.exe 2007-03-30 18:53 417,792 --a------ C:\Program Files\Setup.exe 2007-03-27 22:13 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2007-03-25 21:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Amazon 2007-03-25 21:04 <DIR> d-------- C:\Amazon Unbox 2007-03-24 09:23 409,600 --a------ C:\WINDOWS\system32\lxcrinpa.dll 2007-03-24 09:23 40,960 --a------ C:\WINDOWS\system32\lxcrvs.dll 2007-03-24 09:23 393,216 --a------ C:\WINDOWS\system32\lxcriesc.dll 2007-03-24 09:23 303,104 --a------ C:\WINDOWS\system32\lxcrcoin.dll 2007-03-24 09:21 684,032 --a------ C:\WINDOWS\system32\lxcrdrs.dll 2007-03-24 09:21 65,536 --a------ C:\WINDOWS\system32\lxcrcaps.dll 2007-03-24 09:21 61,440 --a------ C:\WINDOWS\system32\lxcrcnv4.dll 2007-03-24 09:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FaxCtr 2007-03-24 09:17 <DIR> d-------- C:\Program Files\Lexmark Fax Solutions 2007-03-24 09:16 <DIR> d-------- C:\Program Files\Lexmark Toolbar 2007-03-24 09:16 <DIR> d-------- C:\Program Files\Lexmark 2400 Series 2007-03-24 09:13 995,328 --a------ C:\WINDOWS\system32\lxcrusb1.dll 2007-03-24 09:13 983,107 --a------ C:\WINDOWS\system32\lxcrgf.dll 2007-03-24 09:13 86,016 --a------ C:\WINDOWS\system32\lxcrcub.dll 2007-03-24 09:13 73,728 --a------ C:\WINDOWS\system32\lxcrcu.dll 2007-03-24 09:13 73,728 --a------ C:\WINDOWS\system32\LXCRcfg.dll 2007-03-24 09:13 667,648 --a------ C:\WINDOWS\system32\lxcrpmui.dll 2007-03-24 09:13 610,304 --a------ C:\WINDOWS\system32\lxcrcomc.dll 2007-03-24 09:13 536,576 --a------ C:\WINDOWS\system32\lxcrlmpm.dll 2007-03-24 09:13 495,616 --a------ C:\WINDOWS\system32\lxcrcoms.exe 2007-03-24 09:13 446,464 --a------ C:\WINDOWS\system32\lxcrutil.dll 2007-03-24 09:13 421,888 --a------ C:\WINDOWS\system32\lxcrcomm.dll 2007-03-24 09:13 380,928 --a------ C:\WINDOWS\system32\lxcrih.exe 2007-03-24 09:13 36,864 --a------ C:\WINDOWS\system32\lxcrcur.dll 2007-03-24 09:13 233,472 --a------ C:\WINDOWS\system32\LXCRinst.dll 2007-03-24 09:13 200,704 --a------ C:\WINDOWS\system32\lxcrinsb.dll 2007-03-24 09:13 163,840 --a------ C:\WINDOWS\system32\lxcrprox.dll 2007-03-24 09:13 155,648 --a------ C:\WINDOWS\system32\lxcrins.dll 2007-03-24 09:13 139,264 --a------ C:\WINDOWS\system32\lxcrjswr.dll 2007-03-24 09:13 114,688 --a------ C:\WINDOWS\system32\lxcrpplc.dll 2007-03-24 09:13 106,496 --a------ C:\WINDOWS\system32\lxcrinsr.dll 2007-03-24 09:13 1,183,744 --a------ C:\WINDOWS\system32\lxcrserv.dll 2007-03-24 09:13 <DIR> d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint 2007-03-18 20:35 20,747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys 2007-03-18 20:34 94,208 --a------ C:\WINDOWS\system32\GTW32N50.dll 2007-03-18 20:34 32,768 --a------ C:\WINDOWS\system32\GTGina.dll 2007-03-18 20:34 245,504 --a------ C:\WINDOWS\system32\rt73.sys 2007-03-18 20:34 245,504 --a------ C:\WINDOWS\system32\drivers\rt73.sys 2007-03-18 20:34 2,048 --a------ C:\WINDOWS\system32\rt73.bin 2007-03-18 20:34 2,048 --a------ C:\WINDOWS\system32\drivers\rt73.bin 2007-03-18 20:34 17,992 --a------ C:\WINDOWS\system32\drivers\bcm42rly.sys 2007-03-18 20:34 17,992 --a------ C:\WINDOWS\system32\bcm42rly.sys 2007-03-18 20:34 17,992 --a------ C:\WINDOWS\bcm42rly.sys 2007-03-18 20:34 15,872 --a------ C:\WINDOWS\system32\GTNDIS5.sys 2007-03-18 20:32 <DIR> d-------- C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-04-02 23:08 25214 --a------ C:\Program Files\b.ico 2007-04-02 23:08 25214 --a------ C:\Program Files\a.ico 2007-04-02 23:08 218599 --a------ C:\Program Files\c.zip 2007-04-02 23:08 217699 --a------ C:\Program Files\b.zip 2007-04-02 23:08 217699 --a------ C:\Program Files\a.zip 2007-04-02 22:35 -------- d-------- C:\Program Files\msn gaming zone 2007-04-02 08:30 -------- d-------- C:\Program Files\lx_cats 2007-04-01 10:02 -------- d-------- C:\DOCUME~1\Laine\APPLIC~1\lavasoft 2007-03-31 22:58 -------- d-------- C:\DOCUME~1\Laine\APPLIC~1\google 2007-03-31 20:23 -------- d-------- C:\Program Files\google 2007-03-25 21:04 -------- d--h----- C:\Program Files\installshield installation information 2007-03-24 08:50 -------- d-------- C:\Program Files\java 2007-03-23 12:36 -------- d--h----- C:\DOCUME~1\Laine\APPLIC~1\move networks 2007-02-19 16:20 1184984 -ra------ C:\WINDOWS\system32\wvc1dmod.dll 2007-01-08 20:01 17408 --a------ C:\WINDOWS\system32\corpol.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe" "SUPERAntiSpyware"="D:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "Apoint"="C:\\Program Files\\Apoint\\Apoint.exe" "AtiPTA"="Atiptaxx.exe" "ZTgServerSwitch"="c:\\program files\\support.com\\client\\lserver\\server.vbs" "CleanupProgram"="C:\\Sonysys\\cleanup.exe" "POINTER"="point32.exe" "Microsoft Works Portfolio"="C:\\Program Files\\Microsoft Works\\WksSb.exe /AllUsers" "Microsoft Works Update Detection"="C:\\Program Files\\Microsoft Works\\WkDetect.exe" "LXBTCATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LXBTtime.dll,_RunDLLEntry@16" "UserFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,\ 6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,75,00 "Disc Detector"="C:\\Program Files\\Creative\\ShareDLL\\CtNotify.exe" "Motive SmartBridge"="C:\\PROGRA~1\\SBCSEL~1\\SMARTB~1\\MotiveSB.exe" "CaAvTray"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVTray.exe\"" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\"" "LXCRCATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LXCRtime.dll,_RunDLLEntry@16" "CAVRID"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVRID.exe\"" "MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\AT&T Self Support Tool.lnk" "backup"="C:\\WINDOWS\\pss\\AT&T Self Support Tool.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\SBCSEL~1\\bin\\matcli.exe -boot" "item"="AT&T Self Support Tool" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk" "backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup" "location"="Common Startup" "command"="C:\\Program Files\\Microsoft Office\\Office10\\OSA.EXE -b -l" "item"="Microsoft Office" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Works Calendar Reminders.lnk" "backup"="C:\\WINDOWS\\pss\\Microsoft Works Calendar Reminders.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\COMMON~1\\MICROS~1\\WORKSS~1\\wkcalrem.exe " "item"="Microsoft Works Calendar Reminders" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BearShare" "hkey"="HKLM" "command"="\"C:\\Program Files\\BearShare\\BearShare.exe\" /pause" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ezprint" "hkey"="HKLM" "command"="\"C:\\Program Files\\Lexmark 2400 Series\\ezprint.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="fm3032" "hkey"="HKLM" "command"="\"C:\\Program Files\\Lexmark Fax Solutions\\fm3032.exe\" /s" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 5200 series] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="lxbtbmgr" "hkey"="HKLM" "command"="\"C:\\Program Files\\Lexmark 5200 series\\lxbtbmgr.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcrmon.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="lxcrmon" "hkey"="HKLM" "command"="\"C:\\Program Files\\Lexmark 2400 Series\\lxcrmon.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msmsgs" "hkey"="HKCU" "command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="MySpaceIM" "hkey"="HKCU" "command"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NEWDOT~2" "hkey"="HKLM" "command"="rundll32 C:\\PROGRA~1\\NEWDOT~1\\NEWDOT~2.DLL,ClientStartup -s" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "command"="\"D:\\QuickTime\\qttask.exe\" -atboottime" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ypager" "hkey"="HKCU" "command"="\"C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe\" -quiet" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ybrwicon" "hkey"="HKLM" "command"="C:\\PROGRA~1\\Yahoo!\\browser\\ybrwicon.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="yop" "hkey"="HKLM" "command"="C:\\PROGRA~1\\Yahoo!\\YOP\\yop.exe /autostart" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "MySpaceIM"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] @="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run] HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\ Security Packages REG_MULTI_SZ kerberosmsv1_0schannelwdigest\ Notification Packages REG_MULTI_SZ scecli\ [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\ NetworkService REG_MULTI_SZ DnsCache\ rpcss REG_MULTI_SZ RpcSs\ imgsvc REG_MULTI_SZ StiSvc\ termsvcs REG_MULTI_SZ TermService\ HTTPFilter REG_MULTI_SZ HTTPFilter\ DcomLaunch REG_MULTI_SZ DcomLaunchTermService\ WudfServiceGroup REG_MULTI_SZ WUDFSvc\ Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\Disk Cleanup.job C:\WINDOWS\tasks\PC-cillin 2000.job C:\WINDOWS\tasks\Registration reminder 2.job ******************************************************************** catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run LXBTCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? Disc Detector = C:\Program Files\Creative\ShareDLL\CtNotify.exe?X???????????????? C?????Disc Detector?B???A???????A???????B???@?$?@?? C?????U?@?????????@?B???A???????A?? ????B???@?????P???$?@????????????w??????????@?s? ???????????????B?????? ????????????????????????????B LXCRCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 This post has been edited by Laine: Apr 3 2007, 03:37 PM |
|
|
|
|
Apr 3 2007, 06:35 PM
Post
#5
|
|
 Advanced Member Group: Volunteer Security Advisor Posts: 2,462 Joined: 13-June 06 From: Belgium Member No.: 4,097 |
1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts. 3. When finished, it shall produce a log for you. Post that log in your next reply with a new hijackthis log. Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall. -------------------- Greets Jurgenv.
|
|
|
|
|
Apr 4 2007, 01:57 AM
Post
#6
|
|
|
Newbie Group: Members Posts: 7 Joined: 1-April 07 Member No.: 24,249 |
I also previously ran a housecall scan if that log would help.
|
|
|
|
|
Apr 5 2007, 03:32 PM
Post
#7
|
|
|
Newbie Group: Members Posts: 7 Joined: 1-April 07 Member No.: 24,249 |
Hi, jurgenv - thanks for the help!
The combofix log is posted above; here's the new hijackthis log. Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 9:34:48 AM, on 4/5/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\ati2evxx.exe C:\Program Files\Yahoo!\Antivirus\ISafe.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\Atiptaxx.exe C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe C:\Program Files\Yahoo!\Antivirus\CAVTray.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\Yahoo!\Antivirus\CAVRID.exe C:\WINDOWS\system32\ctfmon.exe D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dllhost.exe C:\WINDOWS\system32\lxcrcoms.exe C:\Program Files\Yahoo!\Antivirus\VetMsg.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\HJT\HiJackThis_v2.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: (no name) - {0407CEC2-D037-43C1-81DB-8783E2F55695} - \ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: (no name) - {126CBE9F-9D40-4B6D-9957-C06E2841D8B3} - \ O2 - BHO: (no name) - {149D5305-8DE2-4E1A-BAC5-096CAB28403C} - \ O2 - BHO: (no name) - {35E81754-44FF-491C-A264-8BB5EF6329D1} - \ O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll O2 - BHO: (no name) - {6E752FC6-70E6-4E94-AD9B-77314B57F857} - \ O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: (no name) - {AB8B508D-5F8D-4E35-B2D2-AC593C0956F6} - \ O2 - BHO: (no name) - {AE23F2E0-9FF9-4D61-A650-0F9A861750BA} - \ O2 - BHO: (no name) - {BCAC519C-F7A9-4A42-9A9A-17A421FE5ADC} - \ O2 - BHO: (no name) - {D0AA8B26-2FE5-4B96-B096-B9EF05B35FDA} - (no file) O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll (file missing) O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs O4 - HKLM\..\Run: [CleanupProgram] C:\Sonysys\cleanup.exe O4 - HKLM\..\Run: [POINTER] point32.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: dllhost.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/EN/mdldetect/VaioInfo.CAB O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.livingnaturally.com/common/e_coupons/smsx.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinst.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\ati2evxx.exe O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.EXE (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbtcoms.exe O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE -- End of file - 10305 bytes |
|
|
|
|
Apr 8 2007, 07:33 PM
Post
#8
|
|
|
Newbie Group: Members Posts: 7 Joined: 1-April 07 Member No.: 24,249 |
is there anybody out there?
|
|
|
|
|
Apr 13 2007, 06:44 AM
Post
#9
|
|
|
Advanced Member Group: Members Posts: 1,372 Joined: 10-August 06 Member No.: 9,088 |
submit
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dllhost.exe to http://www.virustotal.com/en/indexx.html and post the results here. Then, download http://swandog46.geekstogo.com/avenger.exe to your desktop run avenger.exe from your desktop copy all of the bold text below: FILES TO DELETE: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dllhost.exe then choose "input script manually" next click on the Magnifying Glass then paste the bold text you copied in there (ctrl+v) and click done then click the traffic light button and allow it to reboot your computer. post the log from C:\avenger.txt, and post a new comboscan log. |
|
|
|
|
Apr 17 2007, 01:46 AM
Post
#10
|
|
|
Newbie Group: Members Posts: 7 Joined: 1-April 07 Member No.: 24,249 |
Hi there - thank you so much for your help! I didn't think anyone was going to reply!
ComboScan v20070306.20 run by Laine on 2007-04-16 at 19:56:49 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created ComboScan Restore Point. -- Last 1 Restore Point(s) -- 1: 2007-04-17 00:57:13 UTC - RP375 - ComboScan Restore Point Performed disk cleanup. -- HijackThis (run as Laine.exe) ----------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 8:03:41 PM, on 4/16/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Yahoo!\Antivirus\ISafe.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe C:\Program Files\Yahoo!\Antivirus\VetMsg.exe C:\WINDOWS\system32\Atiptaxx.exe C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe C:\Program Files\Yahoo!\Antivirus\CAVTray.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\Yahoo!\Antivirus\CAVRID.exe D:\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\lxcrcoms.exe C:\Documents and Settings\Laine\Desktop\comboscan.exe C:\PROGRA~1\HIJACK~1\Laine.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: (no name) - {0407CEC2-D037-43C1-81DB-8783E2F55695} - \ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: (no name) - {126CBE9F-9D40-4B6D-9957-C06E2841D8B3} - \ O2 - BHO: (no name) - {149D5305-8DE2-4E1A-BAC5-096CAB28403C} - \ O2 - BHO: (no name) - {35E81754-44FF-491C-A264-8BB5EF6329D1} - \ O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll O2 - BHO: (no name) - {6E752FC6-70E6-4E94-AD9B-77314B57F857} - \ O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: (no name) - {AB8B508D-5F8D-4E35-B2D2-AC593C0956F6} - \ O2 - BHO: (no name) - {AE23F2E0-9FF9-4D61-A650-0F9A861750BA} - \ O2 - BHO: (no name) - {BCAC519C-F7A9-4A42-9A9A-17A421FE5ADC} - \ O2 - BHO: (no name) - {D0AA8B26-2FE5-4B96-B096-B9EF05B35FDA} - (no file) O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll (file missing) O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs O4 - HKLM\..\Run: [CleanupProgram] C:\Sonysys\cleanup.exe O4 - HKLM\..\Run: [POINTER] point32.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" O4 - HKLM\..\Run: [QuickTime Task] "D:\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/EN/mdldetect/VaioInfo.CAB O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.livingnaturally.com/common/e_coupons/smsx.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinst.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\ati2evxx.exe O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.EXE (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbtcoms.exe O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe O23 - Service: WUSB54GCSVC - Unknown owner - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe" "WUSB54GC.exe (file missing) O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE -- File Associations ----------------------------------------------------------- .bat - batfile - "%1" %* .chm - chm.file - "C:\WINDOWS\hh.exe" %1 .cmd - cmdfile - "%1" %* .com - comfile - "%1" %* .exe - exefile - "%1" %* .hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1 .inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1 .ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1 .js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %* .lnk - lnkfile - {00021401-0000-0000-C000-000000000046} .pif - piffile - "%1" %* .reg - regfile - regedit.exe "%1" .scr - scrfile - "%1" /S .txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1 .vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %* -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- 2R AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.3.0) - C:\WINDOWS\system32\drivers\AegisP.sys 1R AFS2K - C:\WINDOWS\system32\drivers\AFS2K.SYS 1R AmdK7 (AMD K7 Processor Driver) - C:\WINDOWS\system32\drivers\amdk7.sys 3S ApfiltrService (Alps Pointing-device Filter Driver) - C:\WINDOWS\system32\drivers\Apfiltr.sys 3S Arp1394 (1394 ARP Client Protocol) - C:\WINDOWS\system32\drivers\arp1394.sys 3R ati2mpab - C:\WINDOWS\system32\drivers\ati2mpab.sys 3S atimpab - C:\WINDOWS\system32\drivers\atimpab.sys 3S BCM42RLY - C:\WINDOWS\system32\bcm42rly.sys 1R DMICall (Sony DMI Call service) - C:\WINDOWS\system32\drivers\DMICall.sys 2R Fallback - C:\WINDOWS\system32\drivers\fallback.sys 2R Fsks - C:\WINDOWS\system32\drivers\fsksnt.sys 3R HidUsb (Microsoft HID Class Driver) - C:\WINDOWS\system32\drivers\hidusb.sys 3R IPFilter (Microsoft IntelliPoint Features driver) - C:\WINDOWS\system32\drivers\ipfilter.sys 2R K56 - C:\WINDOWS\system32\drivers\k56nt.sys 2R mdmxsdk - C:\WINDOWS\system32\drivers\mdmxsdk.sys 3R mouhid (Mouse HID Driver) - C:\WINDOWS\system32\drivers\mouhid.sys 3S NIC1394 (1394 Net Driver) - C:\WINDOWS\system32\drivers\nic1394.sys 0R ohci1394 (Texas Instruments OHCI Compliant IEEE 1394 Host Controller) - C:\WINDOWS\system32\drivers\ohci1394.sys 3S Pcouffin (Low level access layer for CD devices) - C:\WINDOWS\system32\Drivers\Pcouffin.sys (not found) 2S PfModNT - C:\WINDOWS\system32\PfModNT.sys (not found) 0R PxHelp20 - C:\WINDOWS\system32\drivers\pxhelp20.sys 3R Rksample - C:\WINDOWS\system32\drivers\rksample.sys 3S RT73 (Linksys Home Wireless-G USB Adapter Driver) - C:\WINDOWS\system32\drivers\rt73.sys 3R rtl8139 (Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver) - C:\WINDOWS\system32\drivers\rtl8139.sys 1R SASDIFSV - D:\Program Files\SUPERAntiSpyware\sasdifsv.sys 3R SASENUM - D:\Program Files\SUPERAntiSpyware\SASENUM.SYS 1R SASKUTIL - D:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 2R SoftFax - C:\WINDOWS\system32\drivers\faxnt.sys 2R Tones - C:\WINDOWS\system32\drivers\tonesnt.sys 3S usbccgp (Microsoft USB Generic Parent Driver) - C:\WINDOWS\system32\drivers\usbccgp.sys 3S usbprint (Microsoft USB PRINTER Class) - C:\WINDOWS\system32\drivers\usbprint.sys 3S usbscan (USB Scanner Driver) - C:\WINDOWS\system32\drivers\usbscan.sys 3S USBSTOR (USB Mass Storage Driver) - C:\WINDOWS\system32\drivers\usbstor.sys 3S USB_RNDIS (USB Remote NDIS Network Device Driver) - C:\WINDOWS\system32\drivers\usb8023.sys 2R V124 - C:\WINDOWS\system32\drivers\v124nt.sys 0R va16w2 - C:\WINDOWS\system32\drivers\va16w2.sys 1R VET-FILT (VET File System Filter) - C:\WINDOWS\system32\drivers\Vet-Filt.sys 1R VET-REC (VET File System Recognizer) - C:\WINDOWS\system32\drivers\Vet-Rec.sys 3R VETEBOOT (VET Boot Scan Engine) - C:\WINDOWS\system32\drivers\VetEBoot.sys 1R VETEFILE (VET File Scan Engine) - C:\WINDOWS\system32\drivers\VetEFile.sys 1R VETFDDNT (VET Floppy Boot Sector Monitor) - C:\WINDOWS\system32\drivers\VetFDDNT.sys 1R VETMONNT (VET File Monitor) - C:\WINDOWS\system32\drivers\vetmonnt.sys 0R viaagp (VIA AGP Bus Filter) - C:\WINDOWS\system32\drivers\viaagp.sys 3R VIAMODEM - C:\WINDOWS\system32\drivers\VIAMODEM.sys 3R VIAudio (VIA AC'97 Audio Controller (WDM)) - C:\WINDOWS\system32\drivers\viaudio.sys 3R winachsf - C:\WINDOWS\system32\drivers\HSF_CNXT.sys 3S WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - C:\WINDOWS\system32\drivers\WudfPf.sys 3S WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - C:\WINDOWS\system32\drivers\WudfRd.sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- 3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 2S Ati HotKey Poller - C:\WINDOWS\System32\ati2evxx.exe 2R CAISafe - C:\Program Files\Yahoo!\Antivirus\ISafe.exe 3S clr_optimization_v2.0.50727_32 (.NET Runtime Optimization Service v2.0.50727_X86) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 2S Creative Service for CDROM Access - C:\WINDOWS\system32\CTsvcCDA.EXE 3S gusvc (Google Updater Service) - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" 3S IDriverT (InstallDriver Table Manager) - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" 3S lxbt_device - C:\WINDOWS\System32\lxbtcoms.exe -service 3R lxcr_device - C:\WINDOWS\system32\lxcrcoms.exe -service 3S ose (Office Source Engine) - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" 3S SPTISRV (Sony SPTI Service) - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe 2R VETMSGNT (VET Message Service) - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe 2R WMDM PMSP Service - C:\WINDOWS\system32\MsPMSPSv.exe 2R WUSB54GCSVC - "C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe" "WUSB54GC.exe" 3S YPCService - C:\WINDOWS\system32\YPCSER~1.EXE -- Scheduled Tasks ------------------------------------------------------------- 2007-04-12 19:30:21 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job<APPLES~1.JOB> 2007-04-08 13:11:25 476 --a------ C:\WINDOWS\Tasks\PC-cillin 2000.job<PC-CIL~1.JOB> 2007-04-01 10:08:00 260 --a------ C:\WINDOWS\Tasks\Disk Cleanup.job<DISKCL~1.JOB> 2004-03-06 10:07:34 258 --a------ C:\WINDOWS\Tasks\Registration reminder 2.job<REGIST~2.JOB> -- Files created between 2007-03-16 and 2007-04-16 ----------------------------- 2007-04-16 19:51:44 0 d-------- C:\avenger 2007-04-14 03:51:56 0 d--h----- C:\BJPrinter<BJPRIN~1> 2007-04-11 00:47:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe 2007-04-02 23:45:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab<KASPER~1> 2007-04-02 23:44:53 0 d-------- C:\WINDOWS\system32\Kaspersky Lab<KASPER~1> 2007-04-02 18:13:42 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com<SUPERA~1.COM> 2007-04-02 18:12:32 0 d-------- C:\Documents and Settings\Laine\Application Data\SUPERAntiSpyware.com<SUPERA~1.COM> 2007-04-02 17:46:16 0 d-------- C:\HJT 2007-04-01 14:08:00 93736 --a------ C:\WINDOWS\VTTC.exe 2007-04-01 10:01:18 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1> 2007-04-01 01:41:08 167 --a------ C:\Documents and Settings\Laine\4036.bat 2007-04-01 01:11:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy<SPYBOT~1> 2007-04-01 00:47:22 167 --a------ C:\Documents and Settings\Laine\9645.bat 2007-04-01 00:22:15 167 --a------ C:\Documents and Settings\Laine\2593.bat 2007-04-01 00:21:03 32768 --a------ C:\Documents and Settings\Laine\setup9x.exe 2007-03-31 20:26:43 167 --a------ C:\Documents and Settings\Laine\2800.bat 2007-03-31 20:06:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Google 2007-03-31 18:45:37 167 --a------ C:\WINDOWS\system32\7838.bat 2007-03-31 18:45:07 8464 --a------ C:\WINDOWS\system32\sporder.dll 2007-03-31 18:44:48 0 d-------- C:\WINDOWS\system32\micro1 2007-03-31 18:44:41 41792 --a------ C:\WINDOWS\system32\app.exe 2007-03-31 18:44:36 32768 --a------ C:\WINDOWS\system32\setup9x.exe 2007-03-31 18:44:28 0 --a------ C:\WINDOWS\system32\taskkill.exe 2007-03-31 18:43:46 147456 --a------ C:\WINDOWS\system32\vbzip10.dll 2007-03-30 18:53:52 417792 --a------ C:\Program Files\Video.exe 2007-03-30 18:53:52 417792 --a------ C:\Program Files\Track_03.exe 2007-03-30 18:53:52 417792 --a------ C:\Program Files\Setup.exe 2007-03-27 22:13:14 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2007-03-25 21:04:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Amazon 2007-03-24 09:23:15 40960 --a------ C:\WINDOWS\system32\lxcrvs.dll 2007-03-24 09:23:11 409600 --a------ C:\WINDOWS\system32\lxcrinpa.dll 2007-03-24 09:23:10 393216 --a------ C:\WINDOWS\system32\lxcriesc.dll 2007-03-24 09:23:07 303104 --a------ C:\WINDOWS\system32\lxcrcoin.dll 2007-03-24 09:21:48 684032 --a------ C:\WINDOWS\system32\lxcrdrs.dll 2007-03-24 09:21:48 61440 --a------ C:\WINDOWS\system32\lxcrcnv4.dll 2007-03-24 09:21:48 65536 --a------ C:\WINDOWS\system32\lxcrcaps.dll 2007-03-24 09:18:55 0 d-------- C:\Documents and Settings\All Users\Application Data\FaxCtr 2007-03-24 09:17:57 0 d-------- C:\Program Files\Lexmark Fax Solutions<LEXMAR~4> 2007-03-24 09:16:30 0 d-------- C:\Program Files\Lexmark Toolbar<LEXMAR~3> 2007-03-24 09:16:19 0 d-------- C:\Program Files\Lexmark 2400 Series<LEXMAR~2> 2007-03-24 09:13:47 0 d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint<ABBYYF~1.0SP> 2007-03-24 09:13:09 233472 --a------ C:\WINDOWS\system32\LXCRinst.dll 2007-03-24 09:13:08 446464 --a------ C:\WINDOWS\system32\lxcrutil.dll 2007-03-24 09:13:07 995328 --a------ C:\WINDOWS\system32\lxcrusb1.dll 2007-03-24 09:13:07 1183744 --a------ C:\WINDOWS\system32\lxcrserv.dll 2007-03-24 09:13:06 163840 --a------ C:\WINDOWS\system32\lxcrprox.dll 2007-03-24 09:13:06 114688 --a------ C:\WINDOWS\system32\lxcrpplc.dll 2007-03-24 09:13:06 667648 --a------ C:\WINDOWS\system32\lxcrpmui.dll 2007-03-24 09:13:05 536576 --a------ C:\WINDOWS\system32\lxcrlmpm.dll 2007-03-24 09:13:05 139264 --a------ C:\WINDOWS\system32\lxcrjswr.dll 2007-03-24 09:13:05 106496 --a------ C:\WINDOWS\system32\lxcrinsr.dll 2007-03-24 09:13:05 200704 --a------ C:\WINDOWS\system32\lxcrinsb.dll 2007-03-24 09:13:04 155648 --a------ C:\WINDOWS\system32\lxcrins.dll 2007-03-24 09:13:04 380928 --a------ C:\WINDOWS\system32\lxcrih.exe 2007-03-24 09:13:04 983107 --a------ C:\WINDOWS\system32\lxcrgf.dll 2007-03-24 09:13:03 36864 --a------ C:\WINDOWS\system32\lxcrcur.dll 2007-03-24 09:13:03 86016 --a------ C:\WINDOWS\system32\lxcrcub.dll 2007-03-24 09:13:02 73728 --a------ C:\WINDOWS\system32\lxcrcu.dll 2007-03-24 09:13:02 495616 --a------ C:\WINDOWS\system32\lxcrcoms.exe 2007-03-24 09:13:01 421888 --a------ C:\WINDOWS\system32\lxcrcomm.dll 2007-03-24 09:13:01 610304 --a------ C:\WINDOWS\system32\lxcrcomc.dll 2007-03-24 09:13:00 73728 --a------ C:\WINDOWS\system32\LXCRcfg.dll 2007-03-18 20:35:33 20747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys 2007-03-18 20:34:52 245504 --a------ C:\WINDOWS\system32\rt73.sys 2007-03-18 20:34:51 94208 --a------ C:\WINDOWS\system32\GTW32N50.dll 2007-03-18 20:34:51 15872 --a------ C:\WINDOWS\system32\GTNDIS5.sys 2007-03-18 20:34:49 245504 --a------ C:\WINDOWS\system32\drivers\rt73.sys 2007-03-18 20:34:25 17992 --a------ C:\WINDOWS\bcm42rly.sys 2007-03-18 20:34:24 17992 --a------ C:\WINDOWS\system32\drivers\bcm42rly.sys 2007-03-18 20:34:22 32768 --a------ C:\WINDOWS\system32\GTGina.dll 2007-03-18 20:34:22 17992 --a------ C:\WINDOWS\system32\bcm42rly.sys 2007-03-18 20:32:58 0 d-------- C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor<COMPAC~1> -- Find3M Report --------------------------------------------------------------- 2007-04-16 18:01:19 218599 --a------ C:\Program Files\c.zip 2007-04-16 18:01:18 217699 --a------ C:\Program Files\b.zip 2007-04-16 18:01:16 217699 --a------ C:\Program Files\a.zip 2007-04-16 18:01:06 25214 --a------ C:\Program Files\A.ico 2007-04-16 18:01:05 25214 --a------ C:\Program Files\B.ico 2007-04-15 17:11:16 0 d-------- C:\Program Files\Lx_cats 2007-04-13 21:15:26 0 d-------- C:\Documents and Settings\Laine\Application Data\AdobeUM 2007-04-02 22:35:50 0 d-------- C:\Program Files\MSN Gaming Zone<MSNGAM~1> 2007-04-01 10:02:36 0 d-------- C:\Documents and Settings\Laine\Application Data\Lavasoft 2007-03-31 22:58:49 0 d-------- C:\Documents and Settings\Laine\Application Data\Google 2007-03-31 20:23:07 0 d-------- C:\Program Files\Google 2007-03-25 21:04:07 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1> 2007-03-24 08:50:04 0 d-------- C:\Program Files\Java 2007-03-23 12:36:36 0 d--h----- C:\Documents and Settings\Laine\Application Data\Move Networks<MOVENE~1> 2007-03-17 08:43:01 292864 --a------ C:\WINDOWS\system32\winsrv.dll 2007-03-08 10:36:28 577536 --a------ C:\WINDOWS\system32\user32.dll 2007-03-08 10:36:28 40960 --a------ C:\WINDOWS\system32\mf3216.dll 2007-03-08 10:36:28 281600 --a------ C:\WINDOWS\system32\gdi32.dll 2007-03-08 08:47:48 1843584 --a------ C:\WINDOWS\system32\win32k.sys 2007-02-19 16:20:44 1184984 -ra------ C:\WINDOWS\system32\wvc1dmod.dll 2007-02-05 15:17:02 185344 --a------ C:\WINDOWS\system32\upnphost.dll 2007-01-29 03:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe -- Registry Dump --------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe" "SUPERAntiSpyware"="D:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe" "updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_9 -reboot 1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "Apoint"="C:\\Program Files\\Apoint\\Apoint.exe" "AtiPTA"="Atiptaxx.exe" "ZTgServerSwitch"="c:\\program files\\support.com\\client\\lserver\\server.vbs" "CleanupProgram"="C:\\Sonysys\\cleanup.exe" "POINTER"="point32.exe" "Microsoft Works Portfolio"="C:\\Program Files\\Microsoft Works\\WksSb.exe /AllUsers" "Microsoft Works Update Detection"="C:\\Program Files\\Microsoft Works\\WkDetect.exe" "LXBTCATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LXBTtime.dll,_RunDLLEntry@16" "UserFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,\ 6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,75,00 "Disc Detector"="C:\\Program Files\\Creative\\ShareDLL\\CtNotify.exe" "Motive SmartBridge"="C:\\PROGRA~1\\SBCSEL~1\\SMARTB~1\\MotiveSB.exe" "CaAvTray"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVTray.exe\"" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\"" "LXCRCATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LXCRtime.dll,_RunDLLEntry@16" "CAVRID"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVRID.exe\"" "QuickTime Task"="\"D:\\QuickTime\\qttask.exe\" -atboottime" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\AT&T Self Support Tool.lnk" "backup"="C:\\WINDOWS\\pss\\AT&T Self Support Tool.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\SBCSEL~1\\bin\\matcli.exe -boot" "item"="AT&T Self Support Tool" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk" "backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup" "location"="Common Startup" "command"="C:\\Program Files\\Microsoft Office\\Office10\\OSA.EXE -b -l" "item"="Microsoft Office" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Works Calendar Reminders.lnk" "backup"="C:\\WINDOWS\\pss\\Microsoft Works Calendar Reminders.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\COMMON~1\\MICROS~1\\WORKSS~1\\wkcalrem.exe " "item"="Microsoft Works Calendar Reminders" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BearShare" "hkey"="HKLM" "command"="\"C:\\Program Files\\BearShare\\BearShare.exe\" /pause" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ezprint" "hkey"="HKLM" "command"="\"C:\\Program Files\\Lexmark 2400 Series\\ezprint.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="fm3032" "hkey"="HKLM" "command"="\"C:\\Program Files\\Lexmark Fax Solutions\\fm3032.exe\" /s" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 5200 series] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="lxbtbmgr" "hkey"="HKLM" "command"="\"C:\\Program Files\\Lexmark 5200 series\\lxbtbmgr.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcrmon.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="lxcrmon" "hkey"="HKLM" "command"="\"C:\\Program Files\\Lexmark 2400 Series\\lxcrmon.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msmsgs" "hkey"="HKCU" "command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="MySpaceIM" "hkey"="HKCU" "command"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NEWDOT~2" "hkey"="HKLM" "command"="rundll32 C:\\PROGRA~1\\NEWDOT~1\\NEWDOT~2.DLL,ClientStartup -s" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "command"="\"D:\\QuickTime\\qttask.exe\" -atboottime" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ypager" "hkey"="HKCU" "command"="\"C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe\" -quiet" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ybrwicon" "hkey"="HKLM" "command"="C:\\PROGRA~1\\Yahoo!\\browser\\ybrwicon.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="yop" "hkey"="HKLM" "command"="C:\\PROGRA~1\\Yahoo!\\YOP\\yop.exe /autostart" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "MySpaceIM"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "MySpaceIM"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] @="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run] Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\logo1_.exe] "debugger"="nircmd execmd del /a/f c:\\windows\\Logo1_.exe" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\ NetworkService REG_MULTI_SZ DnsCache\ rpcss REG_MULTI_SZ RpcSs\ imgsvc REG_MULTI_SZ StiSvc\ termsvcs REG_MULTI_SZ TermService\ HTTPFilter REG_MULTI_SZ HTTPFilter\
Attached File(s)
|
|
|
|
|
Apr 18 2007, 05:19 AM
Post
#11
|
|
|
Advanced Member Group: Members Posts: 1,372 Joined: 10-August 06 Member No.: 9,088 |
Did you follow my other instructions? If so please post the log files, also post the housecall log file you mentioned.
|
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
|
Lo-Fi Version | Time is now: 31st July 2010 - 11:22 PM |