Jump to content

Vundo infection?


Recommended Posts

Hi,

Last weekend we noticed that google search in Firefox was being redirected to advertising sites which then spawn pop-up ads telling us we need to download their anti-malware products (we did not fall for that unless they managed to trick us somehow). Google search is not affected when using Explorer. Computer is slow and some websites won't load. After much websearching for possible fixes for problem, I downloaded MBAM yesterday. It detected Trojan.vundo and stated that it had successfully quarantined and removed it, but the google search problem is unchanged. I updated MBAM today and reran it, and it did not detect any infections. But I think there must still be something persisting.

Help and thanks in advance.

Here is my current HJT log.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:59:47 PM, on 1/29/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\WINDOWS\system32\fxssvc.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe

C:\WINDOWS\SM1BG.EXE

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program Files\Roxio\Easy Media Creator 7\Napster\napster.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\NetWaiting\netWaiting.exe

C:\Program Files\Dell Support\DSAgnt.exe

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\Program Files\Common Files\efax\HotTray.exe

C:\Program Files\Common Files\efax\Dllcmd32.exe

C:\Program Files\SetPoint\SetPoint.exe

C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Kimberly Cassida\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070406

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070406

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"

O4 - HKLM\..\Run: [sM1BG] C:\WINDOWS\SM1BG.EXE

O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Roxio\Easy Media Creator 7\Napster\napster.exe /systray

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = ?

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: CorelCENTRAL 10.lnk = ?

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: eFax.com Tray Menu.lnk = C:\Program Files\Common Files\efax\HotTray.exe

O4 - Global Startup: Live Menu.lnk = C:\Program Files\Common Files\efax\Dllcmd32.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: SetPoint.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--

End of file - 10782 bytes

Here is todays MBAM log.

Malwarebytes' Anti-Malware 1.33

Database version: 1704

Windows 5.1.2600 Service Pack 3

1/30/2009 12:26:03 AM

mbam-log-2009-01-30 (00-26-02).txt

Scan type: Quick Scan

Objects scanned: 89571

Time elapsed: 13 minute(s), 49 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

And here is yesterdays MBAM log, where it located an infection.

Malwarebytes' Anti-Malware 1.33

Database version: 1704

Windows 5.1.2600 Service Pack 3

1/29/2009 12:45:06 AM

mbam-log-2009-01-29 (00-45-06).txt

Scan type: Full Scan (C:\|)

Objects scanned: 273922

Time elapsed: 1 hour(s), 42 minute(s), 42 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00420f9 (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Hi. :)

Download ComboFix from one of the locations below, and save it to your Desktop.

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

When finished, it shall produce a log for you. Post that log and a HijackThis log in your next reply

Note: Do not mouseclick Combofix's window while its running. That may cause it to stall

Link to post
Share on other sites

Hi, thanks for the help. I had to disable Norton Antivirus and SpyBot to load the ComboFix, so I hope that is ok. ComboFix also said its date had expired but I was able to load and run it in "reduced functionality" mode.

Kim

Here is the ComboFix log.

ComboFix 09-01-21.04 - Kimberly Cassida 2009-01-30 22:58:19.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1385 [GMT -5:00]

Running from: c:\documents and settings\Kimberly Cassida\Desktop\ComboFix.exe

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)

* Created a new restore point

.

- REDUCED FUNCTIONALITY MODE -

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\IE4 Error Log.txt

c:\windows\system32\wdmaud.sys

C:\xcrashdump.dat

.

((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-31 )))))))))))))))))))))))))))))))

.

2009-01-29 21:32 . 2009-01-29 21:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo!

2009-01-29 00:50 . 2009-01-30 22:30 <DIR> d-------- c:\program files\Spybot - Search & Destroy

2009-01-29 00:50 . 2009-01-30 22:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-01-28 22:52 . 2009-01-29 00:45 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-01-28 22:52 . 2009-01-28 22:52 <DIR> d-------- c:\documents and settings\Kimberly Cassida\Application Data\Malwarebytes

2009-01-28 22:52 . 2009-01-28 22:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-01-28 22:52 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-01-28 22:52 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-01-28 18:54 . 2009-01-28 18:54 410,984 --a------ c:\windows\system32\deploytk.dll

2009-01-28 01:31 . 2009-01-30 22:37 <DIR> d-------- c:\program files\Symantec AntiVirus

2009-01-28 01:31 . 2006-05-05 16:19 107,696 --a------ c:\windows\system32\drivers\SYMEVENT.SYS

2009-01-28 01:31 . 2006-05-05 16:19 87,808 --a------ c:\windows\system32\S32EVNT1.DLL

2009-01-27 16:43 . 2009-01-27 16:43 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2

2009-01-27 12:18 . 2009-01-27 12:18 0 --a------ c:\windows\VPC32.INI

2009-01-27 11:32 . 2009-01-28 01:31 <DIR> d-------- c:\program files\Symantec

2009-01-27 11:32 . 2009-01-28 01:32 <DIR> d-------- c:\program files\Common Files\Symantec Shared

2009-01-27 11:32 . 2009-01-28 01:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Symantec

2009-01-10 18:37 . 2009-01-10 18:37 223 --a------ c:\windows\HP PrecisionScan Pro.INI

2008-12-25 23:05 . 2008-12-25 23:05 <DIR> d-------- c:\documents and settings\Kimberly Cassida\Application Data\Canon

2008-12-25 22:33 . 2008-04-13 20:12 159,232 --a------ c:\windows\system32\ptpusd.dll

2008-12-25 22:33 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll

2008-12-25 22:24 . 2008-12-25 22:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\ZoomBrowser

2008-12-25 22:23 . 2008-12-25 22:26 <DIR> d-------- c:\program files\Canon

2008-12-25 22:16 . 2008-12-25 22:16 <DIR> d-------- c:\program files\Common Files\Canon

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-30 02:30 --------- d-----w c:\program files\Common Files\Ahead

2009-01-29 04:56 --------- d--h--r c:\documents and settings\Kimberly Cassida\Application Data\yahoo!

2009-01-29 04:56 --------- d-----w c:\program files\Hewlett-Packard

2009-01-29 04:55 --------- d-----w c:\program files\Ahead

2009-01-28 23:54 --------- d-----w c:\program files\Java

2009-01-28 01:41 --------- d-----w c:\program files\Mozilla Thunderbird

2009-01-27 16:27 --------- d-----w c:\documents and settings\All Users\Application Data\avg8

2009-01-23 18:26 --------- d-----w c:\documents and settings\Kimberly Cassida\Application Data\U3

2008-12-24 20:07 --------- d-----w c:\program files\Microsoft Picture It! PhotoPub

2008-12-12 17:01 3,067,904 ------w c:\windows\system32\dllcache\mshtml.dll

2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys

2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys

2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys

2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll

2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll

2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll

2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll

2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll

2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll

2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll

2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe

2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll

2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll

2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll

2008-10-16 01:00 666,112 ----a-w c:\windows\system32\wininet.dll

2008-10-16 01:00 666,112 ------w c:\windows\system32\dllcache\wininet.dll

2008-10-16 01:00 619,520 ------w c:\windows\system32\dllcache\urlmon.dll

2008-10-16 01:00 1,499,136 ------w c:\windows\system32\dllcache\shdocvw.dll

2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll

2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll

2008-10-03 10:02 247,326 ------w c:\windows\system32\dllcache\strmdll.dll

2007-04-11 05:07 0 ----a-w c:\documents and settings\Kimberly Cassida\Application Data\wklnhst.dat

2003-08-27 18:19 36,963 ----a-r c:\program files\Common Files\SM1updtr.dll

2004-08-04 10:00 94,784 --sh--w c:\windows\twain.dll

2008-04-14 00:12 50,688 --sh--w c:\windows\twain_32.dll

2008-09-21 20:41 88 --sh--r c:\windows\system32\73BD85BFFC.sys

2007-10-19 14:46 88 --sh--r c:\windows\system32\C75F8B4167.sys

2008-09-21 20:41 6,110 --sha-w c:\windows\system32\KGyGaAvL.sys

2008-04-14 00:11 1,028,096 --sha-w c:\windows\system32\mfc42.dll

2008-04-14 00:12 57,344 --sh--w c:\windows\system32\msvcirt.dll

2008-04-14 00:12 413,696 --sha-w c:\windows\system32\msvcp60.dll

2008-04-14 00:12 343,040 --sha-w c:\windows\system32\msvcrt.dll

2008-04-14 00:12 551,936 --sh--w c:\windows\system32\oleaut32.dll

2008-04-14 00:12 84,992 --sh--w c:\windows\system32\olepro32.dll

2008-04-14 00:12 11,776 --sh--w c:\windows\system32\regsvr32.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]

"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-28 395776]

"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-28 136600]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]

"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]

"RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2005-03-08 1695744]

"SM1BG"="c:\windows\SM1BG.EXE" [2003-08-27 94208]

"QuickFinder Scheduler"="c:\program files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE" [2001-10-02 77887]

"WorksFUD"="c:\program files\Microsoft Works\wkfud.exe" [2000-08-08 24576]

"Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2006-06-04 749568]

"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [2000-08-08 28739]

"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]

"NapsterShell"="c:\program files\Roxio\Easy Media Creator 7\Napster\napster.exe" [2007-12-10 323216]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 53408]

"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-06-15 124656]

"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 c:\windows\stsystra.exe]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-12-20 c:\windows\KHALMNPR.Exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-04-12 113664]

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-24 622653]

CorelCENTRAL 10.lnk - c:\windows\Installer\{F73E7B59-F951-11D4-884D-00902761A46D}\I_26dadCC.exe [2007-04-11 5222]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-04-06 24576]

eFax.com Tray Menu.lnk - c:\program files\Common Files\efax\HotTray.exe [2007-05-30 23040]

Live Menu.lnk - c:\program files\Common Files\efax\Dllcmd32.exe [2007-05-30 18432]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-08-08 65588]

SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2007-04-06 532480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"SENTINEL"= snti386.dll

"aux"= wdmaud.sys

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys [2009-01-28 99376]

S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-06-15 115952]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08a6eff4-eafe-11db-87d3-00197de1e8df}]

\Shell\AutoRun\command - e:\jdsecure\Windows\JDSecure31.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ab03c52-e961-11db-87cb-00197de1e8df}]

\Shell\AutoRun\command - E:\LaunchU3.exe -a

.

- - - - ORPHANS REMOVED - - - -

HKCU-Run-PhotoShow Deluxe Media Manager - c:\progra~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe

HKCU-Run-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070406

mStart Page = hxxp://www.dell.com

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

FF - ProfilePath - c:\documents and settings\Kimberly Cassida\Application Data\Mozilla\Firefox\Profiles\0dh1925c.default\

FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - plugin: c:\program files\Mozilla Firefox\plugins\npstrlnk.dll

---- FIREFOX POLICIES ----

FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-30 23:00:23

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sentinel\ImagePath]

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1036)

c:\windows\system32\Ati2evxx.dll

.

Completion time: 2009-01-30 23:03:17

ComboFix-quarantined-files.txt 2009-01-31 04:01:59

Pre-Run: 53,271,572,480 bytes free

Post-Run: 53,559,926,784 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

198 --- E O F --- 2009-01-27 21:43:48

And here is the HJT log.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:21:03 PM, on 1/30/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\WINDOWS\system32\fxssvc.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe

C:\WINDOWS\SM1BG.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program Files\Roxio\Easy Media Creator 7\Napster\napster.exe

C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\NetWaiting\netWaiting.exe

C:\Program Files\Dell Support\DSAgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Common Files\efax\HotTray.exe

C:\Program Files\Common Files\efax\Dllcmd32.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\Program Files\SetPoint\SetPoint.exe

C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Kimberly Cassida\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070406

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"

O4 - HKLM\..\Run: [sM1BG] C:\WINDOWS\SM1BG.EXE

O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Roxio\Easy Media Creator 7\Napster\napster.exe /systray

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - Global Startup: Adobe Gamma Loader.lnk = ?

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: CorelCENTRAL 10.lnk = ?

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: eFax.com Tray Menu.lnk = C:\Program Files\Common Files\efax\HotTray.exe

O4 - Global Startup: Live Menu.lnk = C:\Program Files\Common Files\efax\Dllcmd32.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: SetPoint.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--

End of file - 10122 bytes

Link to post
Share on other sites

Hi,

Sorry for slow response. I am traveling and finding limited web access here. I may not be able to read this forum again until Wednesday (Feb 4).

Thanks again! :D

Here is the new ComboFix log. I had no trouble running it this time.

ComboFix 09-02-01.01 - Kimberly Cassida 2009-02-01 23:30:39.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1349 [GMT -5:00]

Running from: c:\documents and settings\Kimberly Cassida\Desktop\ComboFix.exe

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)

* Created a new restore point

.

((((((((((((((((((((((((( Files Created from 2009-01-02 to 2009-02-02 )))))))))))))))))))))))))))))))

.

2009-01-29 21:32 . 2009-01-29 21:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo!

2009-01-29 00:50 . 2009-01-30 22:30 <DIR> d-------- c:\program files\Spybot - Search & Destroy

2009-01-29 00:50 . 2009-01-30 22:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-01-28 22:52 . 2009-01-29 00:45 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-01-28 22:52 . 2009-01-28 22:52 <DIR> d-------- c:\documents and settings\Kimberly Cassida\Application Data\Malwarebytes

2009-01-28 22:52 . 2009-01-28 22:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-01-28 22:52 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-01-28 22:52 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-01-28 18:54 . 2009-01-28 18:54 410,984 --a------ c:\windows\system32\deploytk.dll

2009-01-28 01:31 . 2009-02-01 23:29 <DIR> d-------- c:\program files\Symantec AntiVirus

2009-01-28 01:31 . 2006-05-05 16:19 107,696 --a------ c:\windows\system32\drivers\SYMEVENT.SYS

2009-01-28 01:31 . 2006-05-05 16:19 87,808 --a------ c:\windows\system32\S32EVNT1.DLL

2009-01-27 16:43 . 2009-01-27 16:43 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2

2009-01-27 12:18 . 2009-01-27 12:18 0 --a------ c:\windows\VPC32.INI

2009-01-27 11:32 . 2009-01-28 01:31 <DIR> d-------- c:\program files\Symantec

2009-01-27 11:32 . 2009-01-28 01:32 <DIR> d-------- c:\program files\Common Files\Symantec Shared

2009-01-27 11:32 . 2009-01-28 01:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Symantec

2009-01-10 18:37 . 2009-01-10 18:37 223 --a------ c:\windows\HP PrecisionScan Pro.INI

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-02 03:50 --------- d-----w c:\documents and settings\Kimberly Cassida\Application Data\U3

2009-01-30 02:30 --------- d-----w c:\program files\Common Files\Ahead

2009-01-29 04:56 --------- d--h--r c:\documents and settings\Kimberly Cassida\Application Data\yahoo!

2009-01-29 04:56 --------- d-----w c:\program files\Hewlett-Packard

2009-01-29 04:55 --------- d-----w c:\program files\Ahead

2009-01-28 23:54 --------- d-----w c:\program files\Java

2009-01-28 01:41 --------- d-----w c:\program files\Mozilla Thunderbird

2009-01-27 16:27 --------- d-----w c:\documents and settings\All Users\Application Data\avg8

2008-12-26 04:05 --------- d-----w c:\documents and settings\Kimberly Cassida\Application Data\Canon

2008-12-26 03:26 --------- d-----w c:\program files\Canon

2008-12-26 03:24 --------- d-----w c:\documents and settings\All Users\Application Data\ZoomBrowser

2008-12-26 03:16 --------- d-----w c:\program files\Common Files\Canon

2008-12-24 20:07 --------- d-----w c:\program files\Microsoft Picture It! PhotoPub

2008-12-12 17:01 3,067,904 ------w c:\windows\system32\dllcache\mshtml.dll

2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys

2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys

2007-04-11 05:07 0 ----a-w c:\documents and settings\Kimberly Cassida\Application Data\wklnhst.dat

2003-08-27 18:19 36,963 ----a-r c:\program files\Common Files\SM1updtr.dll

2004-08-04 10:00 94,784 --sh--w c:\windows\twain.dll

2008-04-14 00:12 50,688 --sh--w c:\windows\twain_32.dll

2008-09-21 20:41 88 --sh--r c:\windows\system32\73BD85BFFC.sys

2007-10-19 14:46 88 --sh--r c:\windows\system32\C75F8B4167.sys

2008-09-21 20:41 6,110 --sha-w c:\windows\system32\KGyGaAvL.sys

2008-04-14 00:11 1,028,096 --sha-w c:\windows\system32\mfc42.dll

2008-04-14 00:12 57,344 --sh--w c:\windows\system32\msvcirt.dll

2008-04-14 00:12 413,696 --sha-w c:\windows\system32\msvcp60.dll

2008-04-14 00:12 343,040 --sha-w c:\windows\system32\msvcrt.dll

2008-04-14 00:12 551,936 --sh--w c:\windows\system32\oleaut32.dll

2008-04-14 00:12 84,992 --sh--w c:\windows\system32\olepro32.dll

2008-04-14 00:12 11,776 --sh--w c:\windows\system32\regsvr32.exe

.

((((((((((((((((((((((((((((( snapshot@2009-01-30_23.01.08.29 )))))))))))))))))))))))))))))))))))))))))

.

- 2005-10-21 01:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE

+ 2005-10-20 12:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE

- 2000-08-31 13:00:00 161,792 ----a-w c:\windows\SWREG.exe

+ 2000-08-31 13:00:00 286,720 ----a-w c:\windows\SWREG.exe

+ 2009-02-02 00:42:23 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_350.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]

"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-28 395776]

"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-28 136600]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]

"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]

"RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2005-03-08 1695744]

"SM1BG"="c:\windows\SM1BG.EXE" [2003-08-27 94208]

"QuickFinder Scheduler"="c:\program files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE" [2001-10-02 77887]

"WorksFUD"="c:\program files\Microsoft Works\wkfud.exe" [2000-08-08 24576]

"Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2006-06-04 749568]

"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [2000-08-08 28739]

"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]

"NapsterShell"="c:\program files\Roxio\Easy Media Creator 7\Napster\napster.exe" [2007-12-10 323216]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 53408]

"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-06-15 124656]

"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 c:\windows\stsystra.exe]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-12-20 c:\windows\KHALMNPR.Exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-04-12 113664]

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-24 622653]

CorelCENTRAL 10.lnk - c:\windows\Installer\{F73E7B59-F951-11D4-884D-00902761A46D}\I_26dadCC.exe [2007-04-11 5222]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-04-06 24576]

eFax.com Tray Menu.lnk - c:\program files\Common Files\efax\HotTray.exe [2007-05-30 23040]

Live Menu.lnk - c:\program files\Common Files\efax\Dllcmd32.exe [2007-05-30 18432]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-08-08 65588]

SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2007-04-06 532480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"SENTINEL"= snti386.dll

"aux"= wdmaud.sys

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys [2009-01-28 99376]

S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-06-15 115952]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08a6eff4-eafe-11db-87d3-00197de1e8df}]

\Shell\AutoRun\command - e:\jdsecure\Windows\JDSecure31.exe

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070406

mStart Page = hxxp://www.dell.com

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

FF - ProfilePath - c:\documents and settings\Kimberly Cassida\Application Data\Mozilla\Firefox\Profiles\0dh1925c.default\

FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - plugin: c:\program files\Mozilla Firefox\plugins\npstrlnk.dll

---- FIREFOX POLICIES ----

FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-01 23:34:53

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sentinel\ImagePath]

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(988)

c:\windows\system32\Ati2evxx.dll

.

Completion time: 2009-02-01 23:39:01

ComboFix-quarantined-files.txt 2009-02-02 04:37:43

ComboFix2.txt 2009-01-31 04:03:18

Pre-Run: 54,162,657,280 bytes free

Post-Run: 54,150,643,712 bytes free

158 --- E O F --- 2009-01-27 21:43:48

And the HJT log....

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:42:32 PM, on 2/1/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\WINDOWS\system32\fxssvc.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe

C:\WINDOWS\SM1BG.EXE

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program Files\Roxio\Easy Media Creator 7\Napster\napster.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\NetWaiting\netWaiting.exe

C:\Program Files\Dell Support\DSAgnt.exe

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Common Files\efax\HotTray.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\Program Files\Common Files\efax\Dllcmd32.exe

C:\Program Files\SetPoint\SetPoint.exe

C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe

C:\Documents and Settings\Kimberly Cassida\Application Data\U3\0000060515093374\LaunchPad.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Kimberly Cassida\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070406

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"

O4 - HKLM\..\Run: [sM1BG] C:\WINDOWS\SM1BG.EXE

O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Roxio\Easy Media Creator 7\Napster\napster.exe /systray

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - Global Startup: Adobe Gamma Loader.lnk = ?

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: CorelCENTRAL 10.lnk = ?

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: eFax.com Tray Menu.lnk = C:\Program Files\Common Files\efax\HotTray.exe

O4 - Global Startup: Live Menu.lnk = C:\Program Files\Common Files\efax\Dllcmd32.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: SetPoint.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--

End of file - 10349 bytes

Link to post
Share on other sites

1. Please open Notepad

  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::

c:\windows\system32\73BD85BFFC.sys

c:\windows\system32\C75F8B4167.sys

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

  • Combofix.txt
  • A new HijackThis log.
Link to post
Share on other sites

Done.

Thanks!

New ComboFix log:

ComboFix 09-02-02.04 - Kimberly Cassida 2009-02-02 18:44:05.3 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1379 [GMT -5:00]

Running from: c:\documents and settings\Kimberly Cassida\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Kimberly Cassida\Desktop\CFScript.txt

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)

* Created a new restore point

FILE ::

c:\windows\system32\73BD85BFFC.sys

c:\windows\system32\C75F8B4167.sys

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\73BD85BFFC.sys

c:\windows\system32\C75F8B4167.sys

.

((((((((((((((((((((((((( Files Created from 2009-01-02 to 2009-02-02 )))))))))))))))))))))))))))))))

.

2009-01-29 21:32 . 2009-01-29 21:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo!

2009-01-29 00:50 . 2009-01-30 22:30 <DIR> d-------- c:\program files\Spybot - Search & Destroy

2009-01-29 00:50 . 2009-01-30 22:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-01-28 22:52 . 2009-01-29 00:45 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-01-28 22:52 . 2009-01-28 22:52 <DIR> d-------- c:\documents and settings\Kimberly Cassida\Application Data\Malwarebytes

2009-01-28 22:52 . 2009-01-28 22:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-01-28 22:52 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-01-28 22:52 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-01-28 18:54 . 2009-01-28 18:54 410,984 --a------ c:\windows\system32\deploytk.dll

2009-01-28 01:31 . 2009-02-02 18:43 <DIR> d-------- c:\program files\Symantec AntiVirus

2009-01-28 01:31 . 2006-05-05 16:19 107,696 --a------ c:\windows\system32\drivers\SYMEVENT.SYS

2009-01-28 01:31 . 2006-05-05 16:19 87,808 --a------ c:\windows\system32\S32EVNT1.DLL

2009-01-27 16:43 . 2009-01-27 16:43 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2

2009-01-27 12:18 . 2009-01-27 12:18 0 --a------ c:\windows\VPC32.INI

2009-01-27 11:32 . 2009-01-28 01:31 <DIR> d-------- c:\program files\Symantec

2009-01-27 11:32 . 2009-01-28 01:32 <DIR> d-------- c:\program files\Common Files\Symantec Shared

2009-01-27 11:32 . 2009-01-28 01:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Symantec

2009-01-10 18:37 . 2009-01-10 18:37 223 --a------ c:\windows\HP PrecisionScan Pro.INI

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-02 03:50 --------- d-----w c:\documents and settings\Kimberly Cassida\Application Data\U3

2009-01-30 02:30 --------- d-----w c:\program files\Common Files\Ahead

2009-01-29 04:56 --------- d--h--r c:\documents and settings\Kimberly Cassida\Application Data\yahoo!

2009-01-29 04:56 --------- d-----w c:\program files\Hewlett-Packard

2009-01-29 04:55 --------- d-----w c:\program files\Ahead

2009-01-28 23:54 --------- d-----w c:\program files\Java

2009-01-28 01:41 --------- d-----w c:\program files\Mozilla Thunderbird

2009-01-27 16:27 --------- d-----w c:\documents and settings\All Users\Application Data\avg8

2008-12-26 04:05 --------- d-----w c:\documents and settings\Kimberly Cassida\Application Data\Canon

2008-12-26 03:26 --------- d-----w c:\program files\Canon

2008-12-26 03:24 --------- d-----w c:\documents and settings\All Users\Application Data\ZoomBrowser

2008-12-26 03:16 --------- d-----w c:\program files\Common Files\Canon

2008-12-24 20:07 --------- d-----w c:\program files\Microsoft Picture It! PhotoPub

2008-12-12 17:01 3,067,904 ------w c:\windows\system32\dllcache\mshtml.dll

2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys

2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys

2007-04-11 05:07 0 ----a-w c:\documents and settings\Kimberly Cassida\Application Data\wklnhst.dat

2003-08-27 18:19 36,963 ----a-r c:\program files\Common Files\SM1updtr.dll

2004-08-04 10:00 94,784 --sh--w c:\windows\twain.dll

2008-04-14 00:12 50,688 --sh--w c:\windows\twain_32.dll

2008-09-21 20:41 6,110 --sha-w c:\windows\system32\KGyGaAvL.sys

2008-04-14 00:11 1,028,096 --sha-w c:\windows\system32\mfc42.dll

2008-04-14 00:12 57,344 --sh--w c:\windows\system32\msvcirt.dll

2008-04-14 00:12 413,696 --sha-w c:\windows\system32\msvcp60.dll

2008-04-14 00:12 343,040 --sha-w c:\windows\system32\msvcrt.dll

2008-04-14 00:12 551,936 --sh--w c:\windows\system32\oleaut32.dll

2008-04-14 00:12 84,992 --sh--w c:\windows\system32\olepro32.dll

2008-04-14 00:12 11,776 --sh--w c:\windows\system32\regsvr32.exe

.

((((((((((((((((((((((((((((( snapshot@2009-01-30_23.01.08.29 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-02-02 23:03:10 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_444.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]

"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-28 395776]

"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-28 136600]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]

"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]

"RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2005-03-08 1695744]

"SM1BG"="c:\windows\SM1BG.EXE" [2003-08-27 94208]

"QuickFinder Scheduler"="c:\program files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE" [2001-10-02 77887]

"WorksFUD"="c:\program files\Microsoft Works\wkfud.exe" [2000-08-08 24576]

"Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2006-06-04 749568]

"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [2000-08-08 28739]

"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]

"NapsterShell"="c:\program files\Roxio\Easy Media Creator 7\Napster\napster.exe" [2007-12-10 323216]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 53408]

"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-06-15 124656]

"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 c:\windows\stsystra.exe]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-12-20 c:\windows\KHALMNPR.Exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-04-12 113664]

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-24 622653]

CorelCENTRAL 10.lnk - c:\windows\Installer\{F73E7B59-F951-11D4-884D-00902761A46D}\I_26dadCC.exe [2007-04-11 5222]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-04-06 24576]

eFax.com Tray Menu.lnk - c:\program files\Common Files\efax\HotTray.exe [2007-05-30 23040]

Live Menu.lnk - c:\program files\Common Files\efax\Dllcmd32.exe [2007-05-30 18432]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-08-08 65588]

SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2007-04-06 532480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"SENTINEL"= snti386.dll

"aux"= wdmaud.sys

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys [2009-01-28 99376]

S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-06-15 115952]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08a6eff4-eafe-11db-87d3-00197de1e8df}]

\Shell\AutoRun\command - e:\jdsecure\Windows\JDSecure31.exe

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070406

mStart Page = hxxp://www.dell.com

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

FF - ProfilePath - c:\documents and settings\Kimberly Cassida\Application Data\Mozilla\Firefox\Profiles\0dh1925c.default\

FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - plugin: c:\program files\Mozilla Firefox\plugins\npstrlnk.dll

---- FIREFOX POLICIES ----

FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-02 18:47:50

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sentinel\ImagePath]

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1024)

c:\windows\system32\Ati2evxx.dll

.

Completion time: 2009-02-02 18:51:14

ComboFix-quarantined-files.txt 2009-02-02 23:49:56

ComboFix2.txt 2009-02-02 04:39:02

ComboFix3.txt 2009-01-31 04:03:18

Pre-Run: 54,115,569,664 bytes free

Post-Run: 54,099,296,256 bytes free

162 --- E O F --- 2009-01-27 21:43:48

New HJT log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:54:31 PM, on 2/2/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe

C:\WINDOWS\SM1BG.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program Files\Roxio\Easy Media Creator 7\Napster\napster.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\fxssvc.exe

C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\NetWaiting\netWaiting.exe

C:\Program Files\Dell Support\DSAgnt.exe

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Common Files\efax\HotTray.exe

C:\Program Files\Common Files\efax\Dllcmd32.exe

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\Program Files\SetPoint\SetPoint.exe

C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Kimberly Cassida\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070406

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"

O4 - HKLM\..\Run: [sM1BG] C:\WINDOWS\SM1BG.EXE

O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Roxio\Easy Media Creator 7\Napster\napster.exe /systray

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - Global Startup: Adobe Gamma Loader.lnk = ?

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: CorelCENTRAL 10.lnk = ?

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: eFax.com Tray Menu.lnk = C:\Program Files\Common Files\efax\HotTray.exe

O4 - Global Startup: Live Menu.lnk = C:\Program Files\Common Files\efax\Dllcmd32.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: SetPoint.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--

End of file - 10207 bytes

Link to post
Share on other sites

Done. I ran HJT too, just in case.

If my system is clean now, how do I keep from getting reinfected? I was using AVG Free (virus and spyware) at the time of infection and it did not detect it.

Do I understand correctly that the purchased version of Malwarebytes can provide infection protection? If so it will be well worth the price.

Thanks!

Malwarebytes' Anti-Malware 1.33

Database version: 1718

Windows 5.1.2600 Service Pack 3

2/2/2009 8:58:01 PM

mbam-log-2009-02-02 (20-58-01).txt

Scan type: Quick Scan

Objects scanned: 56912

Time elapsed: 4 minute(s), 57 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

HJT log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:00:08 PM, on 2/2/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe

C:\WINDOWS\SM1BG.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program Files\Roxio\Easy Media Creator 7\Napster\napster.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\fxssvc.exe

C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\NetWaiting\netWaiting.exe

C:\Program Files\Dell Support\DSAgnt.exe

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Common Files\efax\HotTray.exe

C:\Program Files\Common Files\efax\Dllcmd32.exe

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\Program Files\SetPoint\SetPoint.exe

C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Outlook Express\msimn.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Kimberly Cassida\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070406

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"

O4 - HKLM\..\Run: [sM1BG] C:\WINDOWS\SM1BG.EXE

O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Roxio\Easy Media Creator 7\Napster\napster.exe /systray

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - Global Startup: Adobe Gamma Loader.lnk = ?

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: CorelCENTRAL 10.lnk = ?

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: eFax.com Tray Menu.lnk = C:\Program Files\Common Files\efax\HotTray.exe

O4 - Global Startup: Live Menu.lnk = C:\Program Files\Common Files\efax\Dllcmd32.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: SetPoint.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--

End of file - 10307 bytes

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.