• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
jenniferm

Have I successfully rid my 'puter of malware? XP SP2

13 posts in this topic

Howdy all. First a major THANK YOU to merijn.org and spywareinfo.com for posting resources that have (I hope) helped me to get a ton of malware off my computer. I was hit on Saturday, 3/15... today's Tuesday, 3/18 so this has been a 3-day battle. I'm posting a Hijack This log because while I am no longer being bombarded with popups (for the past half hour anyway) my computer's performance is still sluggish, and I do see that WinTouch is listed in the log. I want to make sure I got rid of all remnants of this stuff. I've read the FAQ and got as far as I could on my own... I hope I'm giving the right amount of detail here.

 

From what I can tell, I had Outerinfo and WinTouch on my machine. And probably other stuff too... Incessant popups for sites including setthetrend.com, scanner2.malware-scan.com, web.tickle.com, and a bunch of adult sites, credit scemes, and lots of others - tons of malware sites. I am running Panda Internet Security 2008 and it didn't prevent or fix the problem. System Restore didn't work. I locked down IE, disabled ActiveX, and started using Mozilla as my default and ONLY browser. IE popups were still happening, and as time went on I was getting more and more Mozilla popups. Spybot found some stuff but it promptly reinstalled itself. Ran Panda a zillion more times, no luck. I ran Adaware, but it crashed my computer (probably conflicting with Panda? who knows). Then I ran AVG Antispyware 7.5 and that seems to have done the trick. Oddly, I don't have a report but it quarantined 4 or 5 high-threat files and i recognized two of the file names as outerinfo and wintouch. Also, I installed Spyware blaster.

 

So if anyone can take a look at this log and let me what else I should do, I would be immensely appreciative. I am self employed and I've lost two days' worth of billable hours trying to get this nonsense resolved. So thanks in advance for any insights. I will continue reading these forums as well.

 

HIJACK THIS LOG FOLLOWS::::::::::::::::::::::::::::::::::::::::::

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 6:15:30 PM, on 3/18/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Brother\ControlCenter2\brctrcen.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\JavaCore\JavaCore.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe

C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\AVENGINE.EXE

C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe

c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE

C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\SRVLOAD.EXE

C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\WebProxy.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\PavBckPT.exe

C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Documents and Settings\Jennifer M\Desktop\HiJackThis_v2.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\avciman.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\psimreal.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: 0 - {0B07E1D1-9F10-4E9E-4AA1-537D03917A70} - C:\Program Files\Messenger\lavuha394.dll (file missing)

O2 - BHO: (no name) - {2191A67C-085F-48AC-8281-EF3DD813EC4C} - C:\WINDOWS\system32\pmkjj.dll

O2 - BHO: (no name) - {2B0B59B4-55A3-4737-9FD5-B93C6430BF75} - C:\WINDOWS\system32\jgdrqvur.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: (no name) - {603DC1B2-2604-0D86-0411-5200C9C68EC6} - C:\WINDOWS\system32\wrwmsu.dll (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {9DEB5082-4BDA-47A8-A27D-DE503396D205} - C:\Program Files\.\towebo89104.dll (file missing)

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll

O2 - BHO: (no name) - {E9383002-FC55-4330-B9C9-67E03BC5C840} - C:\WINDOWS\system32\nnnmlmk.dll

O2 - BHO: {358562d7-791b-e76a-5174-e7a792f9cffe} - {effc9f29-7a7e-4715-a67e-b1977d265853} - C:\WINDOWS\system32\aarcpcvt.dll

O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

O4 - HKLM\..\Run: [ATIPTA] C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [sCANINICIO] "C:\Program Files\Panda Security\Panda Internet Security 2008\Inicio.exe"

O4 - HKLM\..\Run: [f886bb38] rundll32.exe "C:\WINDOWS\system32\qlftylpl.dll",b

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [JavaCore] C:\Program Files\\JavaCore\\JavaCore.exe

O4 - HKCU\..\Run: [NoDNS] C:\Program Files\\NoDNS\\NoDNS.exe

O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\Jennifer M\Application Data\WinTouch\WinTouch.exe

O4 - HKCU\..\Run: [Ymswhox] C:\WINDOWS\system32\??sks\n?tepad.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: TotalMedia Backup Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://download.windowsupdate.com

O15 - Trusted Zone: http://*.windowsupdate.com

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O20 - Winlogon Notify: nnnmlmk - C:\WINDOWS\SYSTEM32\nnnmlmk.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE

O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Unknown owner - C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe

O23 - Service: Panda Host Service (PSHost) - Unknown owner - c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe

O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

 

--

End of file - 10326 bytes

 

 

***UPDATE**********************3/18/08 8:20pm

I had HJT fix the following items listed above:

O4 - HKCU\..\Run: [NoDNS] C:\Program Files\\NoDNS\\NoDNS.exe

O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\Jennifer M\Application Data\WinTouch\WinTouch.exe

O4 - HKCU\..\Run: [Ymswhox] C:\WINDOWS\system32\??sks\n?tepad.exe

O2 - BHO: (no name) - {2B0B59B4-55A3-4737-9FD5-B93C6430BF75} - C:\WINDOWS\system32\jgdrqvur.dll

O2 - BHO: (no name) - {E9383002-FC55-4330-B9C9-67E03BC5C840} - C:\WINDOWS\system32\nnnmlmk.dll

 

***UPDATE**********************3/19/08

The popups have subsided considerably but I am still getting them (in Mozilla). If someone could look at my log and tell me what I've missed that'd be much appreciated, thanks!

I disabled a process in msconfig startup, listed as rundl32.exe "C:\WINDOWS\system32\xuguncca.dll",b -- i googled it and looked it up on CastleCops and it wasn't listed anywhere, so I assumed it's bad.

AFG also found and deleted downloader.agent.hcn, downloader.agent.kji, downloader.agent.kha, and RootkitAgent.to

Edited by jenniferm

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

Hi,

 

Print this for you reference.

 

Familiarize yourself with this combofix tool.

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

 

It's IMPORTANT to carry out the instructions in the sequence listed below.

***************************************************

 

Download Combofix from any of the links below, and save it to your desktop.

 

Link 1

Link 2

Link 3

 

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

 

1. Disconnect from the internet. Unplug the cable from the wall.

 

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

 

3. Do not install any other programs until this if fixed.

--------------------------------------------------------------------

 

Double click on ComboFix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we can continue cleaning the system.

 

Note:

Do not mouseclick combofix's window while it's running. That may cause it to stall

Share this post


Link to post
Share on other sites

Thank you. Wow, lots of crud on there that I thought was already deleted.

 

Combofix and HJT logs follow. Please note I did a "search and replace" on both logs to replace my surname with MMMMMMM. If that's a problem, i'll repost without the change.

 

Thanks again!

 

 

 

ComboFix 08-03-20.5 - Jennifer MMMMMMM 2008-03-21 13:02:40.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.523 [GMT -4:00]

Running from: C:\Documents and Settings\Jennifer MMMMMMM\Desktop\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\Jennifer MMMMMMM\Application Data\WinTouch

C:\Documents and Settings\Jennifer MMMMMMM\Application Data\WinTouch\wintouch.cfg

C:\Documents and Settings\Jennifer MMMMMMM\Application Data\WNSXS~1

C:\Documents and Settings\Jennifer MMMMMMM\g2mdlhlpx.exe

C:\Documents and Settings\Jennifer MMMMMMM\Start Menu\Programs\Outerinfo

C:\Documents and Settings\Jennifer MMMMMMM\Start Menu\Programs\Outerinfo\Terms.lnk

C:\Documents and Settings\Jennifer MMMMMMM\Start Menu\Programs\Outerinfo\Uninstall.lnk

C:\Documents and Settings\LocalService\Application Data\NetMon

C:\Documents and Settings\NetworkService\Application Data\NetMon

C:\Documents and Settings\NetworkService\Application Data\NetMon\domains.txt

C:\Documents and Settings\NetworkService\Application Data\NetMon\log.txt

C:\Program Files\Common Files\curity~1

C:\Program Files\Common Files\curity~1\??curity\

C:\Program Files\inetget2

C:\Program Files\inetget2\YazzleBundle-1560.exe

C:\Program Files\JavaCore

C:\Program Files\JavaCore\JavaCore.exe

C:\Program Files\JavaCore\UnInstall.exe

C:\Program Files\NoDNS

C:\Program Files\NoDNS\UnInstall.exe

C:\Program Files\outerinfo

C:\Program Files\outerinfo\FF\chrome.manifest

C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt

C:\Program Files\outerinfo\FF\install.rdf

C:\Program Files\outerinfo\Terms.rtf

C:\Program Files\Temporary

C:\Program Files\Temporary\InsiDERInst.exe

C:\Temp\1cb

C:\Temp\1cb\syscheck.log

C:\Temp\sanR24

C:\Temp\sanR24\lDii.log

C:\temp\tn3

C:\WINDOWS\cookies.ini

C:\WINDOWS\icroso~1

C:\WINDOWS\system32\aarcpcvt.dll

C:\WINDOWS\system32\accnugux.ini

C:\WINDOWS\system32\caeujbpr.ini

C:\WINDOWS\system32\d4

C:\WINDOWS\system32\d4\thudll5502.exe

C:\WINDOWS\system32\drivers\core.cache(2).dsk

C:\WINDOWS\system32\drivers\core.cache(3).dsk

C:\WINDOWS\system32\drivers\core.cache(4).dsk

C:\WINDOWS\system32\drivers\core.cache(5).dsk

C:\WINDOWS\system32\drivers\core.cache.dsk

C:\WINDOWS\system32\drivers\npf.sys

C:\WINDOWS\system32\dwjfgqur.dll

C:\WINDOWS\system32\e5

C:\WINDOWS\system32\etnffqdf.dll

C:\WINDOWS\system32\g7

C:\WINDOWS\system32\iDlo01

C:\WINDOWS\system32\jjkmp.ini

C:\WINDOWS\system32\jjkmp.ini2

C:\WINDOWS\system32\kqqlymuy.ini

C:\WINDOWS\system32\lplytflq.ini

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\nnnmlmk.dll

C:\WINDOWS\system32\pac.txt

C:\WINDOWS\system32\packet.dll

C:\WINDOWS\system32\pmkjj.dll

C:\WINDOWS\system32\pthreadVC.dll

C:\WINDOWS\system32\rpbjueac.dll

C:\WINDOWS\system32\sks~1

C:\WINDOWS\system32\tuvwtur.dll

C:\WINDOWS\system32\ulysywja.dll

C:\WINDOWS\system32\w8

C:\WINDOWS\system32\w8\jecolb14.exe

C:\WINDOWS\system32\wpcap.dll

C:\WINDOWS\system32\xpwjygfd.dll

C:\WINDOWS\system32\xuguncca.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_NPF

-------\Service_NPF

 

 

((((((((((((((((((((((((( Files Created from 2008-02-21 to 2008-03-21 )))))))))))))))))))))))))))))))

.

 

2008-03-18 16:34 . 2008-03-18 16:34 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft

2008-03-18 16:24 . 2008-03-18 16:24 <DIR> d-------- C:\Documents and Settings\Jennifer MMMMMMM\Application Data\Grisoft

2008-03-18 16:24 . 2008-03-18 16:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft

2008-03-18 16:24 . 2007-05-30 08:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2008-03-18 16:02 . 2008-03-18 16:02 <DIR> d-------- C:\Program Files\Lavasoft

2008-03-18 16:02 . 2008-03-18 16:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-03-18 16:01 . 2008-03-18 16:01 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-03-18 15:50 . 2008-03-18 15:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP

2008-03-18 15:49 . 2008-03-18 15:59 <DIR> d-------- C:\Program Files\SpywareBlaster

2008-03-18 12:57 . 2008-03-18 13:20 <DIR> d-------- C:\Panda

2008-03-18 12:56 . 2008-03-18 12:56 <DIR> d--h----- C:\WINDOWS\PIF

2008-03-18 11:53 . 2008-03-18 11:53 74,334 --a------ C:\WINDOWS\system32\jgdrqvur.dll

2008-03-17 18:03 . 2008-03-17 18:03 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-03-17 18:03 . 2008-03-17 18:03 1,409 --a------ C:\WINDOWS\QTFont.for

2008-03-17 11:55 . 2008-03-18 11:55 2,096,409 ---hs---- C:\WINDOWS\system32\eifvkbhp.ini

2008-03-16 23:17 . 2008-03-16 23:17 1,158 --a------ C:\WINDOWS\mozver.dat

2008-03-16 19:51 . 2008-03-16 19:51 230 --a------ C:\WINDOWS\system32\spupdsvc.inf

2008-03-16 17:34 . 2008-03-21 12:46 13,880 --a------ C:\WINDOWS\system32\drivers\COMFiltr.sys

2008-03-16 17:33 . 2008-03-21 13:14 223,232 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT.bck

2008-03-16 17:33 . 2008-03-21 13:14 1,224 --a------ C:\WINDOWS\system32\drivers\APPFLTR.CFG.bck

2008-03-16 17:29 . 2007-09-28 13:24 83,896 --a------ C:\WINDOWS\system32\drivers\pavdrv51.sys

2008-03-16 17:29 . 2008-03-16 17:29 261 --a------ C:\WINDOWS\system32\PavCPL.dat

2008-03-16 17:28 . 2008-03-21 13:14 223,232 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT

2008-03-16 17:28 . 2008-03-21 13:14 1,224 --a------ C:\WINDOWS\system32\drivers\APPFLTR.CFG

2008-03-16 17:27 . 2007-07-11 10:39 191,672 --a------ C:\WINDOWS\system32\drivers\idsflt.sys

2008-03-16 17:27 . 2007-05-11 08:33 51,256 --a------ C:\WINDOWS\system32\drivers\dsaflt.sys

2008-03-16 17:27 . 2007-05-11 08:33 37,304 --a------ C:\WINDOWS\system32\drivers\smsflt.sys

2008-03-16 17:27 . 2007-05-11 08:33 30,648 --a------ C:\WINDOWS\system32\drivers\wnmflt.sys

2008-03-16 17:26 . 2007-10-25 17:27 292,144 --a------ C:\WINDOWS\system32\PavSHook.dll

2008-03-16 17:26 . 2007-10-16 15:37 161,072 --a------ C:\WINDOWS\system32\TpUtil.dll

2008-03-16 17:26 . 2007-11-19 13:01 143,160 --a------ C:\WINDOWS\system32\drivers\netimflt.sys

2008-03-16 17:26 . 2007-10-25 08:50 132,664 --a------ C:\WINDOWS\system32\drivers\NETFLTDI.SYS

2008-03-16 17:26 . 2007-02-08 10:53 107,568 --a------ C:\WINDOWS\system32\SYSTOOLS.DLL

2008-03-16 17:26 . 2007-09-28 13:05 71,608 --a------ C:\WINDOWS\system32\drivers\APPFLT.SYS

2008-03-16 17:26 . 2007-02-28 17:04 63,024 --a------ C:\WINDOWS\system32\pavipc.dll

2008-03-16 17:26 . 2007-03-15 18:38 54,832 --a------ C:\WINDOWS\system32\pavcpl.cpl

2008-03-16 17:26 . 2007-06-08 07:44 24,760 --a------ C:\WINDOWS\system32\drivers\cpoint.sys

2008-03-16 17:26 . 2007-11-14 17:48 21,816 --a------ C:\WINDOWS\system32\drivers\fnetmon.sys

2008-03-16 17:25 . 2008-03-16 17:25 <DIR> d-------- C:\WINDOWS\system32\PAV

2008-03-16 17:23 . 2007-07-12 13:49 178,872 --a------ C:\WINDOWS\system32\drivers\PavProc.sys

2008-03-16 17:23 . 2007-05-23 15:40 38,968 --a------ C:\WINDOWS\system32\drivers\ShlDrv51.sys

2008-03-16 17:05 . 2008-03-16 17:05 104 --a------ C:\WINDOWS\system32\SigUpdRequest_1205701512.tmp

2008-03-16 16:55 . 2006-07-27 21:54 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Gtek

2008-03-16 12:32 . 2007-02-15 19:02 50,736 --a------ C:\WINDOWS\system32\avldr.dll

2008-03-16 11:51 . 2008-03-17 11:52 1,355,698 ---hs---- C:\WINDOWS\system32\yorllywq.ini

2008-03-16 11:46 . 2008-03-16 11:46 <DIR> d-------- C:\WINDOWS\wt

2008-03-15 23:24 . 2008-03-16 11:46 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy

2008-03-15 23:24 . 2008-03-16 11:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-03-15 19:36 . 2008-03-15 19:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel

2008-03-15 19:30 . 2008-03-15 19:30 <DIR> d-------- C:\Program Files\Panda Security

2008-03-15 19:06 . 2008-03-15 19:06 63 --a------ C:\WINDOWS\system32\f886a9b6

2008-03-15 19:01 . 2008-03-16 15:03 <DIR> d--hs---- C:\WINDOWS\SmVubmlmZXIgTWVzaWFubw

2008-03-15 19:01 . 2008-03-21 13:03 <DIR> d-------- C:\Temp

2008-03-10 18:03 . 2008-03-10 18:06 <DIR> d-------- C:\Program Files\Microsoft Small Business

2008-03-10 17:59 . 2008-03-10 17:59 <DIR> d-------- C:\Program Files\MSXML 6.0

2008-03-10 17:58 . 2008-03-10 18:02 <DIR> d-------- C:\Program Files\Microsoft SQL Server

2008-02-21 23:56 . 2008-02-21 23:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-18 16:17 --------- d-----w C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor

2008-03-18 16:13 --------- d-----w C:\Program Files\Digital Line Detect

2008-03-16 21:23 --------- d-----w C:\Program Files\Common Files\Panda Software

2008-03-16 17:50 48 ----a-w C:\WINDOWS\system32\drivers\wnmsav.dat

2008-03-16 16:32 --------- d-----w C:\Program Files\Panda Software

2008-03-10 22:00 --------- d-----w C:\Program Files\Microsoft.NET

2008-02-27 12:58 --------- d-----w C:\Program Files\Common Files\Adobe

2008-02-22 22:53 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-02-12 17:42 --------- d-----w C:\Documents and Settings\Jennifer MMMMMMM\Application Data\ArcSoft

2008-02-12 17:40 --------- d-----w C:\Program Files\Common Files\ArcSoft

2008-02-12 17:40 --------- d-----w C:\Program Files\ArcSoft

2008-02-11 13:18 --------- d-----w C:\Documents and Settings\Jennifer MMMMMMM\Application Data\Amazon

2008-02-11 13:16 --------- d-----w C:\Program Files\Amazon

2008-02-07 03:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Backup

2008-02-07 02:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com

2008-02-05 21:20 --------- d-----w C:\Program Files\Brother

2008-02-01 18:40 --------- d--h--w C:\Documents and Settings\Jennifer MMMMMMM\Application Data\Move Networks

2008-01-21 23:14 --------- d-----w C:\Program Files\Citrix

2007-11-15 04:21 557,056 ----a-w C:\Documents and Settings\Jennifer MMMMMMM\GoToAssist_phone__317_en.exe

2007-11-01 13:34 630,784 ----a-w C:\Documents and Settings\Jennifer MMMMMMM\GoToAssist_chat2way__317_en.exe

2007-06-27 18:17 27,024,112 ----a-w C:\Program Files\PowerPointViewer.exe

2007-06-26 21:40 32 ----a-r C:\Documents and Settings\All Users\hash.dat

2007-06-20 13:20 8,727,496 ----a-w C:\Program Files\ICSViewer602_grants.exe

2006-12-17 19:35 88 --sh--r C:\WINDOWS\system32\406A683176.sys

2006-12-17 19:35 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0B07E1D1-9F10-4E9E-4AA1-537D03917A70}]

C:\Program Files\Messenger\lavuha394.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{603DC1B2-2604-0D86-0411-5200C9C68EC6}]

C:\WINDOWS\system32\wrwmsu.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9DEB5082-4BDA-47A8-A27D-DE503396D205}]

C:\Program Files\.\towebo89104.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SetDefPrt"="C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe" [2004-11-11 17:14 49152]

"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20 122940]

"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2007-11-19 20:33 1015808]

"ATIPTA"="C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE" [2005-08-05 21:05 344064]

"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25 6731312]

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-07-27 21:49:15 24576]

TotalMedia Backup Monitor.lnk - C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe [2008-02-12 13:40:20 270336]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableRegistryTools"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]

avldr.dll 2007-02-15 19:02 50736 C:\WINDOWS\system32\avldr.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnmlmk]

nnnmlmk.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk

backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk

backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk

backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Jennifer MMMMMMM^Start Menu^Programs^Startup^DING!.lnk]

path=C:\Documents and Settings\Jennifer MMMMMMM\Start Menu\Programs\Startup\DING!.lnk

backup=C:\WINDOWS\pss\DING!.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]

--a------ 2007-06-11 05:25 6731312 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

--a------ 2005-08-05 21:05 344064 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]

--a------ 2005-05-15 02:04 332800 C:\Program Files\Dell Support\DSAgnt.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]

--a------ 2005-11-01 03:12 94208 C:\Program Files\Dell\Media Experience\DMXLauncher.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\f886bb38]

C:\WINDOWS\system32\xuguncca.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

--a------ 2006-07-27 22:01 169984 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2005-09-24 01:08 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]

--a------ 2004-04-14 15:04 40960 C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

--a------ 2005-06-10 10:44 249856 c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

--a------ 2005-06-10 10:44 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2006-10-30 10:36 256576 C:\Program Files\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\masqform.exe]

--a------ 2003-12-03 12:43 1052672 C:\Program Files\PureEdge\Viewer 6.0\masqform.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]

c:\PROGRA~1\mcafee.com\agent\McAgent.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]

C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]

--a------ 2006-09-18 14:46 8192 C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]

C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]

C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]

--a------ 2005-08-12 16:16 1121792 C:\Program Files\McAfee\SpamKiller\MSKDetct.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]

C:\Program Files\McAfee.com\VSO\oasclnt.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]

--a------ 2004-04-14 14:46 57393 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2006-10-25 19:58 282624 C:\Program Files\QuickTime\qttask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]

--a------ 2005-03-22 23:20 339968 C:\WINDOWS\stsystra.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]

-ra------ 2003-10-14 10:22 155648 C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]

C:\Program Files\McAfee.com\VSO\mcvsshld.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]

C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"C:\\Program Files\\Internet Explorer\\iexplore.exe"=

"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=

"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

 

R1 APPFLT;App Filter Plugin;C:\WINDOWS\system32\Drivers\APPFLT.SYS [2007-09-28 13:05]

R1 DSAFLT;DSA Filter Plugin;C:\WINDOWS\system32\Drivers\DSAFLT.SYS [2007-05-11 08:33]

R1 FNETMON;NetMon Filter Plugin;C:\WINDOWS\system32\Drivers\fnetmon.SYS [2007-11-14 17:48]

R1 IDSFLT;Ids Filter Plugin;C:\WINDOWS\system32\Drivers\IDSFLT.SYS [2007-07-11 10:39]

R1 NETFLTDI;Panda Net Driver [TDI Layer];C:\WINDOWS\system32\Drivers\NETFLTDI.SYS [2007-10-25 08:50]

R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2007-05-23 15:40]

R1 SMSFLT;SMS Filter Plugin;C:\WINDOWS\system32\Drivers\SMSFLT.SYS [2007-05-11 08:33]

R1 WNMFLT;Wifi Monitor Filter Plugin;C:\WINDOWS\system32\Drivers\WNMFLT.SYS [2007-05-11 08:33]

R2 cpoint;Panda CPoint Driver;C:\WINDOWS\system32\Drivers\cpoint.sys [2007-06-08 07:44]

R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ []

R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2007-07-12 13:49]

R2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]

R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2004-10-14 23:50]

R3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2004-09-28 23:24]

R3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2004-01-10 00:28]

R3 NETIMFLT01050097;PANDA NDIS IM Filter Miniport v1.5.0.97;C:\WINDOWS\system32\DRIVERS\netimflt.sys [2007-11-19 13:01]

R3 PavTPK.sys;PavTPK.sys;C:\WINDOWS\system32\PavTPK.sys []

S1 vgaa;vgaa;C:\WINDOWS\system32\drivers\vgaa.sys []

S3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys []

S3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys []

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e0440a3e-21a5-11db-8c95-00038a000015}]

\Shell\1\Command - F:\.\tmp.exe

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\tmp.exe

 

.

Contents of the 'Scheduled Tasks' folder

"2008-03-15 23:10:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-21 13:14:35

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe

C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\AVENGINE.EXE

C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe

c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE

C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe

C:\WINDOWS\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2008-03-21 13:17:37 - machine was rebooted

ComboFix-quarantined-files.txt 2008-03-21 17:17:33

.

2008-03-21 05:17:51 --- E O F ---

 

*****************************************************HIJACKTHIS LOG********************************

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 1:49:04 PM, on 3/21/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe

C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\AVENGINE.EXE

C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe

c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE

C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Brother\ControlCenter2\brctrcen.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\ApvxdWin.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\SRVLOAD.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\WebProxy.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\PavBckPT.exe

C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\psimreal.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\avciman.exe

C:\Documents and Settings\Jennifer MMMMMMM\Desktop\HiJackThis_v2.exe

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: 0 - {0B07E1D1-9F10-4E9E-4AA1-537D03917A70} - C:\Program Files\Messenger\lavuha394.dll (file missing)

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: (no name) - {603DC1B2-2604-0D86-0411-5200C9C68EC6} - C:\WINDOWS\system32\wrwmsu.dll (file missing)

O2 - BHO: (no name) - {9DEB5082-4BDA-47A8-A27D-DE503396D205} - C:\Program Files\.\towebo89104.dll (file missing)

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll

O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun

O4 - HKLM\..\Run: [ATIPTA] C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: TotalMedia Backup Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://download.windowsupdate.com

O15 - Trusted Zone: http://*.windowsupdate.com

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O20 - Winlogon Notify: nnnmlmk - nnnmlmk.dll (file missing)

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE

O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Unknown owner - C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe

O23 - Service: Panda Host Service (PSHost) - Unknown owner - c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe

O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

 

--

End of file - 8269 bytes

Share this post


Link to post
Share on other sites

Please print this for your reference.

 

Please download and install the latest version of HijackThis v2.0.2:

 

CLICK HERE to download the HijackThis Installer:

  1. Save HJTInstall.exe to your desktop.
  2. Double-click on HJTInstall.exe to run the program.
  3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
  4. Accept the license agreement by clicking the "I Accept" button.
  5. Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
  6. Click "Save log" to save the log file and then the log will open in Notepad.
  7. Click on "Edit -> Select All" then click on "Edit -> Copy" to copy the entire contents of the log.
  8. Come back here to this thread and paste the log in your next reply.
  9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

 

Delete the older version once you have successfully downloaded and installed the latest version.

*/*

 

Open notepad and copy/paste the text in the quote box below into it:

 

File::
C:\WINDOWS\system32\jgdrqvur.dll
C:\WINDOWS\system32\eifvkbhp.ini
C:\WINDOWS\system32\drivers\COMFiltr.sys
C:\WINDOWS\system32\drivers\APPFCONT.DAT.bck
C:\WINDOWS\system32\drivers\APPFLTR.CFG.bck
C:\WINDOWS\system32\SigUpdRequest_1205701512.tmp
C:\WINDOWS\system32\yorllywq.ini
C:\WINDOWS\system32\f886a9b6
C:\WINDOWS\system32\drivers\vgaa.sys
C:\Program Files\Messenger\lavuha394.dll
C:\WINDOWS\system32\wrwmsu.dll
C:\Program Files\.\towebo89104.dll
C:\WINDOWS\system32\xuguncca.dll

Folder::
C:\WINDOWS\SmVubmlmZXIgTWVzaWFubw

Driver::
vgaa

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0B07E1D1-9F10-4E9E-4AA1-537D03917A70}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{603DC1B2-2604-0D86-0411-5200C9C68EC6}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9DEB5082-4BDA-47A8-A27D-DE503396D205}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnmlmk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\f886bb38]

 

Save this as CFScript on your desktop.

 

14.png

 

Refering to the picture above, drag CFScript into ComboFix.exe

Then post the resultant log with a fresh copy of HijackThis.

 

Restart the computer normally to reset the registry.

 

Submit the logs as requested above.

Share this post


Link to post
Share on other sites

OK. I've posted the following:

 

1. HJT log run with new version

2. Combofix log (NOTE: it got hung up after re-starting (I followed all instructions and let it sit for well over an hour) -- I closed it down and ran again. The log I'm posting is the result of the second attempt.)

3. Fresh HJT log

 

First HJT LOG:******************************************

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 4:39:35 PM, on 3/21/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe

C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\AVENGINE.EXE

C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe

c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE

C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Brother\ControlCenter2\brctrcen.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\ApvxdWin.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\SRVLOAD.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\WebProxy.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\PavBckPT.exe

C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: 0 - {0B07E1D1-9F10-4E9E-4AA1-537D03917A70} - C:\Program Files\Messenger\lavuha394.dll (file missing)

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: (no name) - {603DC1B2-2604-0D86-0411-5200C9C68EC6} - C:\WINDOWS\system32\wrwmsu.dll (file missing)

O2 - BHO: (no name) - {9DEB5082-4BDA-47A8-A27D-DE503396D205} - C:\Program Files\.\towebo89104.dll (file missing)

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll

O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun

O4 - HKLM\..\Run: [ATIPTA] C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: TotalMedia Backup Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://download.windowsupdate.com

O15 - Trusted Zone: http://*.windowsupdate.com

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O20 - Winlogon Notify: nnnmlmk - nnnmlmk.dll (file missing)

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE

O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe

O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe

O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

 

--

End of file - 7947 bytes

Combofix Log*************************************

 

 

ComboFix 08-03-20.5 - Jennifer MMMMMMM 2008-03-21 18:14:02.3 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.512 [GMT -4:00]

Running from: C:\Documents and Settings\Jennifer MMMMMMM\Desktop\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

C:\WINDOWS\SmVubmlmZXIgTWVzaWFubw

C:\WINDOWS\system32\drivers\APPFCONT.DAT.bck

C:\WINDOWS\system32\drivers\APPFLTR.CFG.bck

C:\WINDOWS\system32\drivers\COMFiltr.sys

C:\WINDOWS\system32\eifvkbhp.ini

C:\WINDOWS\system32\f886a9b6

C:\WINDOWS\system32\jgdrqvur.dll

C:\WINDOWS\system32\SigUpdRequest_1205701512.tmp

C:\WINDOWS\system32\yorllywq.ini

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_VGAA

-------\Service_vgaa

 

 

((((((((((((((((((((((((( Files Created from 2008-02-21 to 2008-03-21 )))))))))))))))))))))))))))))))

.

 

2008-03-21 16:53 . 2008-03-21 17:49 221,060 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT.bck

2008-03-21 16:53 . 2008-03-21 16:53 13,880 --a------ C:\WINDOWS\system32\drivers\COMFiltr.sys

2008-03-21 16:53 . 2008-03-21 17:49 1,224 --a------ C:\WINDOWS\system32\drivers\APPFLTR.CFG.bck

2008-03-21 16:39 . 2008-03-21 16:39 <DIR> d-------- C:\Program Files\Trend Micro

2008-03-18 16:34 . 2008-03-18 16:34 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft

2008-03-18 16:24 . 2008-03-18 16:24 <DIR> d-------- C:\Documents and Settings\Jennifer MMMMMMM\Application Data\Grisoft

2008-03-18 16:24 . 2008-03-18 16:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft

2008-03-18 16:24 . 2007-05-30 08:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2008-03-18 16:02 . 2008-03-18 16:02 <DIR> d-------- C:\Program Files\Lavasoft

2008-03-18 16:02 . 2008-03-18 16:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-03-18 16:01 . 2008-03-18 16:01 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-03-18 15:50 . 2008-03-18 15:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP

2008-03-18 15:49 . 2008-03-18 15:59 <DIR> d-------- C:\Program Files\SpywareBlaster

2008-03-18 12:57 . 2008-03-18 13:20 <DIR> d-------- C:\Panda

2008-03-18 12:56 . 2008-03-18 12:56 <DIR> d--h----- C:\WINDOWS\PIF

2008-03-17 18:03 . 2008-03-17 18:03 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-03-17 18:03 . 2008-03-17 18:03 1,409 --a------ C:\WINDOWS\QTFont.for

2008-03-16 23:17 . 2008-03-16 23:17 1,158 --a------ C:\WINDOWS\mozver.dat

2008-03-16 19:51 . 2008-03-16 19:51 230 --a------ C:\WINDOWS\system32\spupdsvc.inf

2008-03-16 17:29 . 2007-09-28 13:24 83,896 --a------ C:\WINDOWS\system32\drivers\pavdrv51.sys

2008-03-16 17:29 . 2008-03-16 17:29 261 --a------ C:\WINDOWS\system32\PavCPL.dat

2008-03-16 17:28 . 2008-03-21 17:49 221,060 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT

2008-03-16 17:28 . 2008-03-21 17:49 1,224 --a------ C:\WINDOWS\system32\drivers\APPFLTR.CFG

2008-03-16 17:27 . 2007-07-11 10:39 191,672 --a------ C:\WINDOWS\system32\drivers\idsflt.sys

2008-03-16 17:27 . 2007-05-11 08:33 51,256 --a------ C:\WINDOWS\system32\drivers\dsaflt.sys

2008-03-16 17:27 . 2007-05-11 08:33 37,304 --a------ C:\WINDOWS\system32\drivers\smsflt.sys

2008-03-16 17:27 . 2007-05-11 08:33 30,648 --a------ C:\WINDOWS\system32\drivers\wnmflt.sys

2008-03-16 17:26 . 2007-10-25 17:27 292,144 --a------ C:\WINDOWS\system32\PavSHook.dll

2008-03-16 17:26 . 2007-10-16 15:37 161,072 --a------ C:\WINDOWS\system32\TpUtil.dll

2008-03-16 17:26 . 2007-11-19 13:01 143,160 --a------ C:\WINDOWS\system32\drivers\netimflt.sys

2008-03-16 17:26 . 2007-10-25 08:50 132,664 --a------ C:\WINDOWS\system32\drivers\NETFLTDI.SYS

2008-03-16 17:26 . 2007-02-08 10:53 107,568 --a------ C:\WINDOWS\system32\SYSTOOLS.DLL

2008-03-16 17:26 . 2007-09-28 13:05 71,608 --a------ C:\WINDOWS\system32\drivers\APPFLT.SYS

2008-03-16 17:26 . 2007-02-28 17:04 63,024 --a------ C:\WINDOWS\system32\pavipc.dll

2008-03-16 17:26 . 2007-03-15 18:38 54,832 --a------ C:\WINDOWS\system32\pavcpl.cpl

2008-03-16 17:26 . 2007-06-08 07:44 24,760 --a------ C:\WINDOWS\system32\drivers\cpoint.sys

2008-03-16 17:26 . 2007-11-14 17:48 21,816 --a------ C:\WINDOWS\system32\drivers\fnetmon.sys

2008-03-16 17:25 . 2008-03-16 17:25 <DIR> d-------- C:\WINDOWS\system32\PAV

2008-03-16 17:23 . 2007-07-12 13:49 178,872 --a------ C:\WINDOWS\system32\drivers\PavProc.sys

2008-03-16 17:23 . 2007-05-23 15:40 38,968 --a------ C:\WINDOWS\system32\drivers\ShlDrv51.sys

2008-03-16 16:55 . 2006-07-27 21:54 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Gtek

2008-03-16 12:32 . 2007-02-15 19:02 50,736 --a------ C:\WINDOWS\system32\avldr.dll

2008-03-16 11:46 . 2008-03-16 11:46 <DIR> d-------- C:\WINDOWS\wt

2008-03-15 23:24 . 2008-03-16 11:46 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy

2008-03-15 23:24 . 2008-03-16 11:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-03-15 19:36 . 2008-03-15 19:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel

2008-03-15 19:30 . 2008-03-15 19:30 <DIR> d-------- C:\Program Files\Panda Security

2008-03-15 19:01 . 2008-03-21 13:03 <DIR> d-------- C:\Temp

2008-03-10 18:03 . 2008-03-10 18:06 <DIR> d-------- C:\Program Files\Microsoft Small Business

2008-03-10 17:59 . 2008-03-10 17:59 <DIR> d-------- C:\Program Files\MSXML 6.0

2008-03-10 17:58 . 2008-03-10 18:02 <DIR> d-------- C:\Program Files\Microsoft SQL Server

2008-02-21 23:56 . 2008-02-21 23:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-18 16:17 --------- d-----w C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor

2008-03-18 16:13 --------- d-----w C:\Program Files\Digital Line Detect

2008-03-16 21:23 --------- d-----w C:\Program Files\Common Files\Panda Software

2008-03-16 17:50 48 ----a-w C:\WINDOWS\system32\drivers\wnmsav.dat

2008-03-16 16:32 --------- d-----w C:\Program Files\Panda Software

2008-03-10 22:00 --------- d-----w C:\Program Files\Microsoft.NET

2008-02-27 12:58 --------- d-----w C:\Program Files\Common Files\Adobe

2008-02-22 22:53 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-02-12 17:42 --------- d-----w C:\Documents and Settings\Jennifer MMMMMMM\Application Data\ArcSoft

2008-02-12 17:40 --------- d-----w C:\Program Files\Common Files\ArcSoft

2008-02-12 17:40 --------- d-----w C:\Program Files\ArcSoft

2008-02-11 13:18 --------- d-----w C:\Documents and Settings\Jennifer MMMMMMM\Application Data\Amazon

2008-02-11 13:16 --------- d-----w C:\Program Files\Amazon

2008-02-07 03:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Backup

2008-02-07 02:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com

2008-02-05 21:20 --------- d-----w C:\Program Files\Brother

2008-02-01 18:40 --------- d--h--w C:\Documents and Settings\Jennifer MMMMMMM\Application Data\Move Networks

2008-01-21 23:14 --------- d-----w C:\Program Files\Citrix

2007-11-15 04:21 557,056 ----a-w C:\Documents and Settings\Jennifer MMMMMMM\GoToAssist_phone__317_en.exe

2007-11-01 13:34 630,784 ----a-w C:\Documents and Settings\Jennifer MMMMMMM\GoToAssist_chat2way__317_en.exe

2007-08-15 23:00 25,259 ----a-w C:\WINDOWS\Fonts\olde_english.zip

2007-06-27 18:17 27,024,112 ----a-w C:\Program Files\PowerPointViewer.exe

2007-06-26 21:40 32 ----a-r C:\Documents and Settings\All Users\hash.dat

2007-06-20 13:20 8,727,496 ----a-w C:\Program Files\ICSViewer602_grants.exe

2006-12-17 19:35 88 --sh--r C:\WINDOWS\system32\406A683176.sys

2006-12-17 19:35 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

.

 

((((((((((((((((((((((((((((( snapshot@2008-03-21_13.17.15.59 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-03-21 16:48:33 82,566 ----a-w C:\WINDOWS\system32\perfc009.dat

+ 2008-03-21 20:56:09 82,566 ----a-w C:\WINDOWS\system32\perfc009.dat

- 2008-03-21 16:48:33 457,282 ----a-w C:\WINDOWS\system32\perfh009.dat

+ 2008-03-21 20:56:09 457,282 ----a-w C:\WINDOWS\system32\perfh009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SetDefPrt"="C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe" [2004-11-11 17:14 49152]

"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20 122940]

"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2007-11-19 20:33 1015808]

"ATIPTA"="C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE" [2005-08-05 21:05 344064]

"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25 6731312]

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-07-27 21:49:15 24576]

TotalMedia Backup Monitor.lnk - C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe [2008-02-12 13:40:20 270336]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]

avldr.dll 2007-02-15 19:02 50736 C:\WINDOWS\system32\avldr.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk

backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk

backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk

backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Jennifer MMMMMMM^Start Menu^Programs^Startup^DING!.lnk]

path=C:\Documents and Settings\Jennifer MMMMMMM\Start Menu\Programs\Startup\DING!.lnk

backup=C:\WINDOWS\pss\DING!.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]

--a------ 2007-06-11 05:25 6731312 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

--a------ 2005-08-05 21:05 344064 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]

--a------ 2005-05-15 02:04 332800 C:\Program Files\Dell Support\DSAgnt.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]

--a------ 2005-11-01 03:12 94208 C:\Program Files\Dell\Media Experience\DMXLauncher.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

--a------ 2006-07-27 22:01 169984 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2005-09-24 01:08 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]

--a------ 2004-04-14 15:04 40960 C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

--a------ 2005-06-10 10:44 249856 c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

--a------ 2005-06-10 10:44 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2006-10-30 10:36 256576 C:\Program Files\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\masqform.exe]

--a------ 2003-12-03 12:43 1052672 C:\Program Files\PureEdge\Viewer 6.0\masqform.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]

c:\PROGRA~1\mcafee.com\agent\McAgent.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]

C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]

--a------ 2006-09-18 14:46 8192 C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]

C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]

C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]

--a------ 2005-08-12 16:16 1121792 C:\Program Files\McAfee\SpamKiller\MSKDetct.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]

C:\Program Files\McAfee.com\VSO\oasclnt.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]

--a------ 2004-04-14 14:46 57393 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2006-10-25 19:58 282624 C:\Program Files\QuickTime\qttask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]

--a------ 2005-03-22 23:20 339968 C:\WINDOWS\stsystra.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]

-ra------ 2003-10-14 10:22 155648 C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]

C:\Program Files\McAfee.com\VSO\mcvsshld.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]

C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"C:\\Program Files\\Internet Explorer\\iexplore.exe"=

"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=

"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

 

R1 APPFLT;App Filter Plugin;C:\WINDOWS\system32\Drivers\APPFLT.SYS [2007-09-28 13:05]

R1 DSAFLT;DSA Filter Plugin;C:\WINDOWS\system32\Drivers\DSAFLT.SYS [2007-05-11 08:33]

R1 FNETMON;NetMon Filter Plugin;C:\WINDOWS\system32\Drivers\fnetmon.SYS [2007-11-14 17:48]

R1 IDSFLT;Ids Filter Plugin;C:\WINDOWS\system32\Drivers\IDSFLT.SYS [2007-07-11 10:39]

R1 NETFLTDI;Panda Net Driver [TDI Layer];C:\WINDOWS\system32\Drivers\NETFLTDI.SYS [2007-10-25 08:50]

R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2007-05-23 15:40]

R1 SMSFLT;SMS Filter Plugin;C:\WINDOWS\system32\Drivers\SMSFLT.SYS [2007-05-11 08:33]

R1 WNMFLT;Wifi Monitor Filter Plugin;C:\WINDOWS\system32\Drivers\WNMFLT.SYS [2007-05-11 08:33]

R2 cpoint;Panda CPoint Driver;C:\WINDOWS\system32\Drivers\cpoint.sys [2007-06-08 07:44]

R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ []

R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2007-07-12 13:49]

R2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]

R3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys []

R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2004-10-14 23:50]

R3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2004-09-28 23:24]

R3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2004-01-10 00:28]

R3 NETIMFLT01050097;PANDA NDIS IM Filter Miniport v1.5.0.97;C:\WINDOWS\system32\DRIVERS\netimflt.sys [2007-11-19 13:01]

R3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys []

R3 PavTPK.sys;PavTPK.sys;C:\WINDOWS\system32\PavTPK.sys []

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e0440a3e-21a5-11db-8c95-00038a000015}]

\Shell\1\Command - F:\.\tmp.exe

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\tmp.exe

 

.

Contents of the 'Scheduled Tasks' folder

"2008-03-15 23:10:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-21 18:15:34

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vgaa]

"ImagePath"="System32\drivers\vgaa.sys"

.

Completion time: 2008-03-21 18:16:01

ComboFix-quarantined-files.txt 2008-03-21 22:15:58

ComboFix2.txt 2008-03-21 17:17:37

.

2008-03-21 05:17:51 --- E O F ---

 

Fresh HJT Log********************************

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:24:44 PM, on 3/21/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe

C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\AVENGINE.EXE

C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe

c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE

C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Brother\ControlCenter2\brctrcen.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\PavBckPT.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll

O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun

O4 - HKLM\..\Run: [ATIPTA] C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: TotalMedia Backup Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://download.windowsupdate.com

O15 - Trusted Zone: http://*.windowsupdate.com

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE

O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe

O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe

O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

 

--

End of file - 7688 bytes

Share this post


Link to post
Share on other sites

Open notepad and copy/paste the text in the quote box below into it:

 

Folder::
F:\.

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e0440a3e-21a5-11db-8c95-00038a000015}]

 

Save this as CFScript on your desktop.

 

14.png

 

Refering to the picture above, drag CFScript into ComboFix.exe

Then post the resultant log with a fresh copy of HijackThis.

 

Let me know what problem persists.

Share this post


Link to post
Share on other sites

I am posting the ComboFix log now. Then I'm going to go open up IE and do a few things I've been putting off due to the malware problems. Will come back and post as to whether or not problems persist. Thank you!!

 

 

ComboFix 08-03-20.5 - Jennifer MMMMMMM 2008-03-22 9:26:00.4 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.236 [GMT -4:00]

Running from: C:\Documents and Settings\Jennifer MMMMMMM\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Jennifer MMMMMMM\Desktop\CFScript.txt

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((( Files Created from 2008-02-22 to 2008-03-22 )))))))))))))))))))))))))))))))

.

 

2008-03-21 16:53 . 2008-03-22 09:25 221,060 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT.bck

2008-03-21 16:53 . 2008-03-21 19:07 13,880 --a------ C:\WINDOWS\system32\drivers\COMFiltr.sys

2008-03-21 16:53 . 2008-03-22 09:25 1,224 --a------ C:\WINDOWS\system32\drivers\APPFLTR.CFG.bck

2008-03-21 16:39 . 2008-03-21 16:39 <DIR> d-------- C:\Program Files\Trend Micro

2008-03-18 16:34 . 2008-03-18 16:34 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft

2008-03-18 16:24 . 2008-03-18 16:24 <DIR> d-------- C:\Documents and Settings\Jennifer MMMMMMM\Application Data\Grisoft

2008-03-18 16:24 . 2008-03-18 16:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft

2008-03-18 16:24 . 2007-05-30 08:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2008-03-18 16:02 . 2008-03-18 16:02 <DIR> d-------- C:\Program Files\Lavasoft

2008-03-18 16:02 . 2008-03-18 16:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-03-18 16:01 . 2008-03-18 16:01 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-03-18 15:50 . 2008-03-18 15:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP

2008-03-18 15:49 . 2008-03-18 15:59 <DIR> d-------- C:\Program Files\SpywareBlaster

2008-03-18 12:57 . 2008-03-18 13:20 <DIR> d-------- C:\Panda

2008-03-18 12:56 . 2008-03-18 12:56 <DIR> d--h----- C:\WINDOWS\PIF

2008-03-17 18:03 . 2008-03-17 18:03 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-03-17 18:03 . 2008-03-17 18:03 1,409 --a------ C:\WINDOWS\QTFont.for

2008-03-16 23:17 . 2008-03-16 23:17 1,158 --a------ C:\WINDOWS\mozver.dat

2008-03-16 19:51 . 2008-03-16 19:51 230 --a------ C:\WINDOWS\system32\spupdsvc.inf

2008-03-16 17:29 . 2007-09-28 13:24 83,896 --a------ C:\WINDOWS\system32\drivers\pavdrv51.sys

2008-03-16 17:29 . 2008-03-16 17:29 261 --a------ C:\WINDOWS\system32\PavCPL.dat

2008-03-16 17:28 . 2008-03-22 09:25 221,060 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT

2008-03-16 17:28 . 2008-03-22 09:25 1,224 --a------ C:\WINDOWS\system32\drivers\APPFLTR.CFG

2008-03-16 17:27 . 2007-07-11 10:39 191,672 --a------ C:\WINDOWS\system32\drivers\idsflt.sys

2008-03-16 17:27 . 2007-05-11 08:33 51,256 --a------ C:\WINDOWS\system32\drivers\dsaflt.sys

2008-03-16 17:27 . 2007-05-11 08:33 37,304 --a------ C:\WINDOWS\system32\drivers\smsflt.sys

2008-03-16 17:27 . 2007-05-11 08:33 30,648 --a------ C:\WINDOWS\system32\drivers\wnmflt.sys

2008-03-16 17:26 . 2007-10-25 17:27 292,144 --a------ C:\WINDOWS\system32\PavSHook.dll

2008-03-16 17:26 . 2007-10-16 15:37 161,072 --a------ C:\WINDOWS\system32\TpUtil.dll

2008-03-16 17:26 . 2007-11-19 13:01 143,160 --a------ C:\WINDOWS\system32\drivers\netimflt.sys

2008-03-16 17:26 . 2007-10-25 08:50 132,664 --a------ C:\WINDOWS\system32\drivers\NETFLTDI.SYS

2008-03-16 17:26 . 2007-02-08 10:53 107,568 --a------ C:\WINDOWS\system32\SYSTOOLS.DLL

2008-03-16 17:26 . 2007-09-28 13:05 71,608 --a------ C:\WINDOWS\system32\drivers\APPFLT.SYS

2008-03-16 17:26 . 2007-02-28 17:04 63,024 --a------ C:\WINDOWS\system32\pavipc.dll

2008-03-16 17:26 . 2007-03-15 18:38 54,832 --a------ C:\WINDOWS\system32\pavcpl.cpl

2008-03-16 17:26 . 2007-06-08 07:44 24,760 --a------ C:\WINDOWS\system32\drivers\cpoint.sys

2008-03-16 17:26 . 2007-11-14 17:48 21,816 --a------ C:\WINDOWS\system32\drivers\fnetmon.sys

2008-03-16 17:25 . 2008-03-16 17:25 <DIR> d-------- C:\WINDOWS\system32\PAV

2008-03-16 17:23 . 2007-07-12 13:49 178,872 --a------ C:\WINDOWS\system32\drivers\PavProc.sys

2008-03-16 17:23 . 2007-05-23 15:40 38,968 --a------ C:\WINDOWS\system32\drivers\ShlDrv51.sys

2008-03-16 16:55 . 2006-07-27 21:54 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Gtek

2008-03-16 12:32 . 2007-02-15 19:02 50,736 --a------ C:\WINDOWS\system32\avldr.dll

2008-03-16 11:46 . 2008-03-16 11:46 <DIR> d-------- C:\WINDOWS\wt

2008-03-15 23:24 . 2008-03-16 11:46 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy

2008-03-15 23:24 . 2008-03-16 11:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-03-15 19:36 . 2008-03-15 19:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel

2008-03-15 19:30 . 2008-03-15 19:30 <DIR> d-------- C:\Program Files\Panda Security

2008-03-15 19:01 . 2008-03-21 13:03 <DIR> d-------- C:\Temp

2008-03-10 18:03 . 2008-03-10 18:06 <DIR> d-------- C:\Program Files\Microsoft Small Business

2008-03-10 17:59 . 2008-03-10 17:59 <DIR> d-------- C:\Program Files\MSXML 6.0

2008-03-10 17:58 . 2008-03-10 18:02 <DIR> d-------- C:\Program Files\Microsoft SQL Server

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-18 16:17 --------- d-----w C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor

2008-03-18 16:13 --------- d-----w C:\Program Files\Digital Line Detect

2008-03-16 21:23 --------- d-----w C:\Program Files\Common Files\Panda Software

2008-03-16 17:50 48 ----a-w C:\WINDOWS\system32\drivers\wnmsav.dat

2008-03-16 16:32 --------- d-----w C:\Program Files\Panda Software

2008-03-10 22:00 --------- d-----w C:\Program Files\Microsoft.NET

2008-02-27 12:58 --------- d-----w C:\Program Files\Common Files\Adobe

2008-02-22 22:53 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-02-22 03:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir

2008-02-12 17:42 --------- d-----w C:\Documents and Settings\Jennifer MMMMMMM\Application Data\ArcSoft

2008-02-12 17:40 --------- d-----w C:\Program Files\Common Files\ArcSoft

2008-02-12 17:40 --------- d-----w C:\Program Files\ArcSoft

2008-02-11 13:18 --------- d-----w C:\Documents and Settings\Jennifer MMMMMMM\Application Data\Amazon

2008-02-11 13:16 --------- d-----w C:\Program Files\Amazon

2008-02-07 03:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Backup

2008-02-07 02:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com

2008-02-05 21:20 --------- d-----w C:\Program Files\Brother

2008-02-01 18:40 --------- d--h--w C:\Documents and Settings\Jennifer MMMMMMM\Application Data\Move Networks

2007-11-15 04:21 557,056 ----a-w C:\Documents and Settings\Jennifer MMMMMMM\GoToAssist_phone__317_en.exe

2007-11-01 13:34 630,784 ----a-w C:\Documents and Settings\Jennifer MMMMMMM\GoToAssist_chat2way__317_en.exe

2007-08-15 23:00 25,259 ----a-w C:\WINDOWS\Fonts\olde_english.zip

2007-06-27 18:17 27,024,112 ----a-w C:\Program Files\PowerPointViewer.exe

2007-06-26 21:40 32 ----a-r C:\Documents and Settings\All Users\hash.dat

2007-06-20 13:20 8,727,496 ----a-w C:\Program Files\ICSViewer602_grants.exe

2006-12-17 19:35 88 --sh--r C:\WINDOWS\system32\406A683176.sys

2006-12-17 19:35 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

.

 

((((((((((((((((((((((((((((( snapshot@2008-03-21_13.17.15.59 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-03-21 03:21:59 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

+ 2008-03-22 03:57:44 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

- 2008-03-21 03:21:59 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2008-03-22 03:57:44 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

- 2008-03-21 03:21:59 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2008-03-22 03:57:44 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

- 2008-03-21 16:48:33 82,566 ----a-w C:\WINDOWS\system32\perfc009.dat

+ 2008-03-21 20:56:09 82,566 ----a-w C:\WINDOWS\system32\perfc009.dat

- 2008-03-21 16:48:33 457,282 ----a-w C:\WINDOWS\system32\perfh009.dat

+ 2008-03-21 20:56:09 457,282 ----a-w C:\WINDOWS\system32\perfh009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SetDefPrt"="C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe" [2004-11-11 17:14 49152]

"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20 122940]

"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2007-11-19 20:33 1015808]

"ATIPTA"="C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE" [2005-08-05 21:05 344064]

"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25 6731312]

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-07-27 21:49:15 24576]

TotalMedia Backup Monitor.lnk - C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe [2008-02-12 13:40:20 270336]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]

avldr.dll 2007-02-15 19:02 50736 C:\WINDOWS\system32\avldr.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk

backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk

backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk

backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Jennifer MMMMMMM^Start Menu^Programs^Startup^DING!.lnk]

path=C:\Documents and Settings\Jennifer MMMMMMM\Start Menu\Programs\Startup\DING!.lnk

backup=C:\WINDOWS\pss\DING!.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]

--a------ 2007-06-11 05:25 6731312 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

--a------ 2005-08-05 21:05 344064 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]

--a------ 2005-05-15 02:04 332800 C:\Program Files\Dell Support\DSAgnt.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]

--a------ 2005-11-01 03:12 94208 C:\Program Files\Dell\Media Experience\DMXLauncher.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

--a------ 2006-07-27 22:01 169984 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2005-09-24 01:08 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]

--a------ 2004-04-14 15:04 40960 C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

--a------ 2005-06-10 10:44 249856 c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

--a------ 2005-06-10 10:44 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2006-10-30 10:36 256576 C:\Program Files\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\masqform.exe]

--a------ 2003-12-03 12:43 1052672 C:\Program Files\PureEdge\Viewer 6.0\masqform.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]

c:\PROGRA~1\mcafee.com\agent\McAgent.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]

C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]

--a------ 2006-09-18 14:46 8192 C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]

C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]

C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]

--a------ 2005-08-12 16:16 1121792 C:\Program Files\McAfee\SpamKiller\MSKDetct.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]

C:\Program Files\McAfee.com\VSO\oasclnt.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]

--a------ 2004-04-14 14:46 57393 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2006-10-25 19:58 282624 C:\Program Files\QuickTime\qttask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]

--a------ 2005-03-22 23:20 339968 C:\WINDOWS\stsystra.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]

-ra------ 2003-10-14 10:22 155648 C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]

C:\Program Files\McAfee.com\VSO\mcvsshld.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]

C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"C:\\Program Files\\Internet Explorer\\iexplore.exe"=

"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=

"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

 

R1 APPFLT;App Filter Plugin;C:\WINDOWS\system32\Drivers\APPFLT.SYS [2007-09-28 13:05]

R1 DSAFLT;DSA Filter Plugin;C:\WINDOWS\system32\Drivers\DSAFLT.SYS [2007-05-11 08:33]

R1 FNETMON;NetMon Filter Plugin;C:\WINDOWS\system32\Drivers\fnetmon.SYS [2007-11-14 17:48]

R1 IDSFLT;Ids Filter Plugin;C:\WINDOWS\system32\Drivers\IDSFLT.SYS [2007-07-11 10:39]

R1 NETFLTDI;Panda Net Driver [TDI Layer];C:\WINDOWS\system32\Drivers\NETFLTDI.SYS [2007-10-25 08:50]

R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2007-05-23 15:40]

R1 SMSFLT;SMS Filter Plugin;C:\WINDOWS\system32\Drivers\SMSFLT.SYS [2007-05-11 08:33]

R1 WNMFLT;Wifi Monitor Filter Plugin;C:\WINDOWS\system32\Drivers\WNMFLT.SYS [2007-05-11 08:33]

R2 cpoint;Panda CPoint Driver;C:\WINDOWS\system32\Drivers\cpoint.sys [2007-06-08 07:44]

R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ []

R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2007-07-12 13:49]

R2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]

R3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys []

R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2004-10-14 23:50]

R3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2004-09-28 23:24]

R3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2004-01-10 00:28]

R3 NETIMFLT01050097;PANDA NDIS IM Filter Miniport v1.5.0.97;C:\WINDOWS\system32\DRIVERS\netimflt.sys [2007-11-19 13:01]

R3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys []

R3 PavTPK.sys;PavTPK.sys;C:\WINDOWS\system32\PavTPK.sys []

 

.

Contents of the 'Scheduled Tasks' folder

"2008-03-15 23:10:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-22 09:29:45

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-03-22 9:30:37

ComboFix-quarantined-files.txt 2008-03-22 13:30:21

ComboFix2.txt 2008-03-21 22:16:01

ComboFix3.txt 2008-03-21 17:17:37

.

2008-03-21 05:17:51 --- E O F ---

Share this post


Link to post
Share on other sites

OK, I have posted the ComboFix log above, and then I went and used IE for a while. I still have all ActiveX locked down, but I didn't get any popups. I ran AVG and it found only 4 cookies. I took a look at Add/Remove programs, and WinTouch is still listed. Should that be a concern?

 

And here's the fresh HijackThis log:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:57:28 AM, on 3/22/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe

C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\AVENGINE.EXE

C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe

c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE

C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Brother\ControlCenter2\brctrcen.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\PavBckPT.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\Upgrader.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\apvxdwin.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\SRVLOAD.EXE

C:\Program Files\Panda Security\Panda Internet Security 2008\WebProxy.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll

O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun

O4 - HKLM\..\Run: [ATIPTA] C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: TotalMedia Backup Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://download.windowsupdate.com

O15 - Trusted Zone: http://*.windowsupdate.com

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE

O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe

O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe

O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

 

--

End of file - 7901 bytes

Share this post


Link to post
Share on other sites

I suggest you set your ActiveX this way.

 

Make your Internet Explorer more secure - This can be done by following these simple instructions:

 

From within Internet Explorer click on the Tools menu and then click on Options.

Click once on the Security tab

Click once on the Internet icon so it becomes highlighted.

Click once on the Custom Level button.

Change the Download signed ActiveX controls to Prompt

Change the Download unsigned ActiveX controls to Disable

Change the Initialise and script ActiveX controls not marked as safe to Disable

Change the Installation of desktop items to Prompt

Change the Launching programs and files in an IFRAME to Prompt

Change the Navigate sub-frames across different domains to Prompt

When all these settings have been made, click on the OK button.

If it prompts you as to whether or not you want to save the settings, press the Yes button.

Next press the Apply button and then the OK to exit the Internet Properties page.

*/*

 

I took a look at Add/Remove programs, and WinTouch is still listed.

Not doing anything bad. It can be removed manually.

 

How to Manually Remove Programs from the Add/Remove Programs List

http://support.microsoft.com/?kbid=247501

Share this post


Link to post
Share on other sites

Oddly, I couldn't find WinTouch in the registry. I'll just leave it be.

 

Thank you so very much for your help!

 

I'm sending a donation off to Dixie Internet Systems to help with your server fees.

Edited by jenniferm

Share this post


Link to post
Share on other sites

Glad we could help.

Share this post


Link to post
Share on other sites

Glad we could help. :)

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0