Jump to content

Recommended Posts

Mieke helped me clean up the problem last night - this morning everything was working perfectly. I powered down, then started the PC tonight and it is sluggish again - same problems.

I redid the steps that Mieke had me do last night (that solved the problem) but they are not working tonight.

Here is my HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:56:31, on 4/8/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\runservice.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe

C:\HP\KBD\KBD.EXE

C:\WINDOWS\LTMSG.exe

C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\ALCXMNTR.EXE

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Autobahn\mlb-nexdef-autobahn.exe

C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe

O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"

O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe

O4 - HKLM\..\Run: [Verizon Control Pad] C:\Program Files\Verizon Online\ControlPad\cpad.exe #SPLASH

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Anonymizer] C:\Program Files\Anonymizer\Anonymizer Software\Anonymizer.exe -nogui

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE

O4 - Global Startup: MLB.TV NexDef Plug-in.lnk = C:\Program Files\Autobahn\mlb-nexdef-autobahn.exe

O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: Control Pad - {28D44DAC-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\ControlPad\Misc\a_menu.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1159493326328

O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - file://E:\Bin\html\files\MotivePreQual.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Anonymizer Anti-Spyware Service (AnonAswSvc) - Anonymizer - C:\Program Files\Anonymizer\Anonymizer Software\AnonASW\AnonAswSvc.exe

O23 - Service: Anonymizer Management Service (AnonMgmtSvc) - Anonymizer - C:\Program Files\Anonymizer\Anonymizer Software\Common\AnonMgmtSvc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--

End of file - 9979 bytes

Link to post
Share on other sites

Here is my Malwarebytes log:

Malwarebytes' Anti-Malware 1.36

Database version: 1953

Windows 5.1.2600 Service Pack 2

4/8/2009 6:00:41 PM

mbam-log-2009-04-08 (18-00-41).txt

Scan type: Full Scan (C:\|)

Objects scanned: 166099

Time elapsed: 1 hour(s), 2 minute(s), 23 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

And here is my Combofix log:

ComboFix 09-04-04.01 - Owner 2009-04-08 21:13:10.8 - NTFSx86 MINIMAL

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1015.817 [GMT -5:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)

.

((((((((((((((((((((((((( Files Created from 2009-03-09 to 2009-04-09 )))))))))))))))))))))))))))))))

.

2009-04-08 21:11 . 2006-03-02 23:42 73,728 --a------ C:\pv.exe

2009-04-08 03:30 . 2009-04-08 03:30 108,552 --a------ c:\windows\system32\drivers\avgtdix.sys

2009-04-08 03:30 . 2009-04-08 03:30 10,520 --a------ c:\windows\system32\avgrsstx.dll

2009-04-08 03:29 . 2009-04-08 18:10 <DIR> d-------- c:\windows\system32\drivers\Avg

2009-04-08 03:29 . 2009-04-08 03:29 <DIR> d-------- c:\program files\AVG

2009-04-08 03:29 . 2009-04-08 03:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8

2009-04-08 03:29 . 2009-04-08 03:29 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys

2009-04-07 18:14 . 2009-04-07 18:37 <DIR> d-------- c:\documents and settings\Owner\DoctorWeb

2009-04-07 09:29 . 2009-04-07 11:11 <DIR> d-------- c:\windows\system32\CatRoot_bak

2009-04-07 09:27 . 2008-05-01 09:30 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll

2009-04-07 09:27 . 2008-06-13 08:10 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys

2009-04-07 09:26 . 2008-08-14 04:51 138,368 -----c--- c:\windows\system32\dllcache\afd.sys

2009-04-07 04:54 . 2008-12-20 18:15 6,066,688 -----c--- c:\windows\system32\dllcache\ieframe.dll

2009-04-07 04:54 . 2007-04-17 04:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat

2009-04-07 04:54 . 2007-03-08 00:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui

2009-04-07 04:54 . 2008-12-20 18:15 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll

2009-04-07 04:54 . 2008-12-20 18:15 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll

2009-04-07 04:54 . 2008-12-20 18:15 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll

2009-04-07 04:54 . 2008-12-20 18:15 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll

2009-04-07 04:54 . 2008-12-20 18:15 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll

2009-04-07 04:54 . 2008-12-19 04:10 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe

2009-04-07 04:48 . 2007-08-13 18:54 33,792 --a--c--- c:\windows\system32\dllcache\custsat.dll

2009-04-07 00:45 . 2009-04-07 00:45 <DIR> d-------- c:\documents and settings\Administrator.GARY\Application Data\SUPERAntiSpyware.com

2009-04-07 00:37 . 2009-04-07 00:37 <DIR> d-------- c:\program files\SUPERAntiSpyware

2009-04-07 00:37 . 2009-04-07 00:37 <DIR> d-------- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com

2009-04-07 00:37 . 2009-04-07 00:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2009-04-07 00:32 . 2009-04-07 00:32 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard

2009-04-06 22:11 . 2009-04-06 22:11 <DIR> d-------- c:\program files\Trend Micro

2009-04-06 19:28 . 2009-04-06 19:28 <DIR> d-------- c:\documents and settings\Administrator.GARY\Application Data\Malwarebytes

2009-04-06 19:24 . 2003-10-11 07:30 <DIR> d-------- c:\documents and settings\Administrator.GARY\WINDOWS

2009-04-06 19:24 . 2003-10-14 08:31 <DIR> d-------- c:\documents and settings\Administrator.GARY\Application Data\Symantec

2009-04-06 19:24 . 2003-10-11 07:06 <DIR> d-------- c:\documents and settings\Administrator.GARY\Application Data\Sonic

2009-04-06 19:24 . 2003-10-11 08:03 <DIR> d-------- c:\documents and settings\Administrator.GARY\Application Data\SampleView

2009-04-06 19:24 . 2003-10-14 08:35 <DIR> d-------- c:\documents and settings\Administrator.GARY\Application Data\interMute

2009-04-06 19:24 . 2009-04-08 03:30 <DIR> d-------- c:\documents and settings\Administrator.GARY

2009-04-06 17:35 . 2009-04-06 19:11 <DIR> d-------- c:\documents and settings\Administrator\Application Data\AVG7

2009-04-06 16:24 . 2009-04-06 16:24 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes

2009-04-06 16:23 . 2003-10-11 07:06 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Sonic

2009-04-06 16:23 . 2003-10-14 08:35 <DIR> d-------- c:\documents and settings\Administrator\Application Data\interMute

2009-04-06 16:23 . 2009-04-06 19:11 <DIR> d---s---- c:\documents and settings\Administrator

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-09 01:05 2,849 --sha-w c:\windows\system32\mmf.sys

2009-04-08 10:19 --------- d-----w c:\program files\Viewpoint

2009-04-08 08:34 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint

2009-04-08 08:09 --------- d-----w c:\program files\Common Files\Symantec Shared

2009-04-08 08:07 --------- d-----w c:\program files\Symantec

2009-04-08 08:07 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec

2009-04-07 09:30 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-04-07 08:18 --------- d-----w c:\program files\Google

2009-04-07 03:24 --------- d-----w c:\program files\Spybot - Search & Destroy

2009-04-07 02:56 --------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-04-07 01:56 --------- d--h--w c:\documents and settings\All Users\Application Data\{9E97B640-FCFE-4900-B18A-72FAE662D6B7}

2009-04-06 20:32 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-04-06 20:32 15,504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-03-10 15:50 --------- d-----w c:\program files\Microsoft Silverlight

2009-03-02 23:16 --------- d-----w c:\documents and settings\Owner\Application Data\eAcceleration

2009-02-09 10:19 1,846,272 ----a-w c:\windows\system32\win32k.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-24 68856]

"Anonymizer"="c:\program files\Anonymizer\Anonymizer Software\Anonymizer.exe" [2008-04-15 1557176]

"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

"Google Update"="c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-02 133104]

"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-05 4347120]

"NVIEW"="nview.dll" [2003-08-19 c:\windows\system32\nview.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]

"CamMonitor"="c:\program files\HP\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 90112]

"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-05-23 483328]

"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]

"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]

"PS2"="c:\windows\system32\ps2.exe" [2002-07-31 81920]

"Reminder"="c:\windows\Creator\Remind_XP.exe" [2003-06-17 118784]

"Motive SmartBridge"="c:\progra~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe" [2004-12-28 385024]

"Verizon Control Pad"="c:\program files\Verizon Online\ControlPad\cpad.exe" [2002-06-13 7376896]

"mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2003-07-23 53248]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-05-20 98304]

"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-12 172032]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]

"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 158208]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2002-08-29 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-06-17 185896]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-11-21 842584]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-01-15 37376]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-08 1932568]

"LTMSG"="LTMSG.exe" [2003-07-14 c:\windows\ltmsg.exe]

"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 c:\windows\ALCXMNTR.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2004-08-04 c:\windows\system32\narrator.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

Compaq Connections.lnk - c:\program files\Compaq Connections\1940576\Program\BackWeb-1940576.exe [2003-10-11 16384]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-07-07 233472]

Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2003-08-06 51776]

MLB.TV NexDef Plug-in.lnk - c:\program files\Autobahn\mlb-nexdef-autobahn.exe [2008-03-28 799496]

Verizon Online Support Center.lnk - c:\program files\Verizon Online\SupportCenter\bin\matcli.exe [2004-05-06 204800]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-12-22 12:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-04-08 03:30 10520 c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk

backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^spamsubtract.lnk]

path=c:\documents and settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk

backup=c:\windows\pss\spamsubtract.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2004-12-18 00:20 278528 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

--a------ 2003-02-19 23:49 2185800 c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]

--a------ 2007-06-17 10:37 214560 c:\program files\Real\RealOne Player\realplay.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Compaq Connections\\1940576\\Program\\BackWeb-1940576.exe"=

"c:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp"=

"c:\\Program Files\\WinMX\\WinMX.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Real\\RealOne Player\\realplay.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\WINDOWS\\system32\\fxsclnt.exe"=

"c:\\Program Files\\Real\\RealOne Player\\realplayer.exe"=

"c:\\Program Files\\Netscape\\Netscape Browser\\netscape.exe"=

"c:\\Program Files\\Real\\RealOne Player\\trueplay.exe"=

"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=

"c:\\Program Files\\Anonymizer\\Anonymizer Software\\common\\AnonProxy.exe"=

"c:\\Program Files\\Autobahn\\mlb-nexdef-autobahn.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-04-08 325640]

S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-04-08 108552]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-03-23 9968]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-03-23 72944]

S2 AnonAswSvc;Anonymizer Anti-Spyware Service;c:\program files\Anonymizer\Anonymizer Software\AnonASW\AnonAswSvc.exe [2007-10-22 37560]

S2 AnonMgmtSvc;Anonymizer Management Service;c:\program files\Anonymizer\Anonymizer Software\Common\AnonMgmtSvc.exe [2007-10-22 37560]

S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-08 298264]

S2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2005-12-10 2560]

S2 mrtRate;mrtRate; [x]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]

S3 ZD1211BU(SMC);802.11g Wireless USB2.0 Adapter Driver(SMC);c:\windows\system32\drivers\ZD1211BU.sys [2006-08-24 477696]

.

Contents of the 'Scheduled Tasks' folder

2009-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1866085676-2795454385-2280570241-1003.job

- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 18:05]

2009-04-08 c:\windows\Tasks\Symantec NetDetect.job

- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-07-19 16:26]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uDefault_Search_URL = hxxp://srch-qus10.hpwis.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mSearch Bar = hxxp://srch-qus10.hpwis.com/

uInternet Settings,ProxyOverride = localhost

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

IE: {{28D44DAC-D1FC-4d4f-BB1B-ADF037C8DDBC} - c:\program files\Verizon Online\ControlPad\Misc\a_menu.exe

LSP: SpSubLSP.dll

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\m8peguoh.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll

FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll

FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJava11.dll

FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJava12.dll

FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJava13.dll

FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJava14.dll

FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJava32.dll

FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJPI142.dll

FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPOJI610.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll

FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll

FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll

FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll

.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-08 21:18:14

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&y@^t! #^$ g9^$&pgb SDB36o \103076C71E8172E2]

"1"=hex:f3,63,02,17,10,0f,8c,72,44,b1,bf,31,22,25,c4,7d,41,89,c7,a7,5f,90,bb,

a2

"2"=hex:05,42,30,42,a7,15,e9,31,44,4c,e8,ce,26,93,4c,ff,dc,fd,7a,28,38,0d,79,

b8

"3"=hex:f3,63,02,17,10,0f,8c,72,44,b1,bf,31,22,25,c4,7d,38,a8,bc,ca,16,d6,08,

eb,9c,8b,9c,0d,35,8b,99,e4,25,24,80,ac,1f,d3,6a,72

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&y@^t! #^$ g9^$&pgb SDB36o \103076C71E8172E2\103076C71E8172E2]

"1"=hex:33,08,da,55,f6,12,dc,ab,f4,e9,74,73,21,3e,6a,85,2f,ad,11,35,1e,74,d2,

f6,35,6d,98,1b,b3,42,db,57

"2"=hex:ff,46,a9,cd,53,d2,ef,98

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&y@^t! #^$ g9^$&pgb SDB36o \103076C71E8172E2\E2D78D07BA1CEFC607EE825C5DE445EF]

"1"=hex:33,08,da,55,f6,12,dc,ab,f4,e9,74,73,21,3e,6a,85,2f,ad,11,35,1e,74,d2,

f6,35,6d,98,1b,b3,42,db,57

"2"=hex:a6,61,c0,40,f8,08,be,24

"3"=hex:5e,44,b2,f8,79,f8,c3,56,fc,84,9a,8b,51,82,df,9b,2f,77,5f,6d,51,02,c1,

db,2d,28,1f,b8,51,ed,45,02,c0,a2,38,83,13,a9,5d,2b,4f,3b,09,30,26,d4,2b,79,\

"4"=hex:2f,ad,a2,e7,8a,bf,05,5e

"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,

1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\

"6"=hex:33,08,da,55,f6,12,dc,ab,f4,e9,74,73,21,3e,6a,85,2f,ad,11,35,1e,74,d2,

f6,22,52,65,d3,e6,83,ee,c9,ec,ed,f3,43,55,72,5a,1c,5c,40,c9,af,48,22,30,c1,\

"7"=hex:33,08,da,55,f6,12,dc,ab,f4,e9,74,73,21,3e,6a,85,2f,ad,11,35,1e,74,d2,

f6,db,b7,35,cf,1a,ec,25,5d,ef,3a,0f,de,ed,ad,54,53,c0,07,76,18,d4,8c,6c,4e,\

"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,86,15,ba,ba,a8,7c,30,

6e,e7,be,f3,4e,5c,b8,67,18,68,d2,34,71,6e,be,6a,68,12,55,ff,37,2b,86,ac,b7,\

"9"=hex:81,20,8f,ab,28,6a,52,9c

"18"=hex:4b,72,8f,bc,6c,3f,e4,15

"10"=hex:81,20,8f,ab,28,6a,52,9c

"11"=hex:81,20,8f,ab,28,6a,52,9c

"12"=hex:d4,45,36,60,18,fd,62,00,dc,8a,32,fa,cd,78,aa,51,cc,14,2a,00,21,9b,8a,

16,b3,d6,f3,a1,9a,14,87,a9,ee,d6,e6,02,aa,d2,3b,5c,89,9b,74,15,d6,0f,71,a9,\

"13"=hex:27,5b,ae,74,82,ae,9c,95,c3,ad,74,46,28,ff,30,51,70,9d,48,a6,d6,41,95,

16

"14"=hex:83,34,31,f7,8e,d5,03,43,db,41,e1,35,0d,b6,15,0b,18,9e,8c,27,2c,08,ed,

cf

"24"=hex:81,20,8f,ab,28,6a,52,9c

"26"=hex:81,20,8f,ab,28,6a,52,9c

"27"=hex:81,20,8f,ab,28,6a,52,9c

"19"=hex:fb,ef,44,17,f0,2e,d6,25,2c,32,20,ab,3c,6d,4d,1b

"22"=hex:81,20,8f,ab,28,6a,52,9c

"15"=hex:ec,2f,5c,9a,be,84,57,07,f3,e7,f3,94,99,93,5e,61,0f,03,00,e0,a8,20,bc,

99,03,35,e0,7c,0f,f3,3d,7d,96,49,c6,d5,37,7d,0c,78,24,93,16,5c,49,31,9b,8a,\

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&y@^t! #^$ g9^$&pgb SDB36o \501529F2142DBB50]

"1"=hex:55,71,d5,88,d4,e8,c4,23,86,c5,84,77,3a,01,80,8c

"2"=hex:e7,27,cf,42,f4,44,fe,c6,7c,92,71,43,d3,fc,2b,88,fa,d9,fe,5d,52,9c,ef,

9a,2a,6d,72,a6,74,ac,7c,c2

"3"=hex:55,71,d5,88,d4,e8,c4,23,fd,b6,60,5b,fa,86,28,a7,15,7e,26,7e,15,53,b1,

53,45,c5,e4,e2,cb,6f,56,41,9f,13,40,18,4a,19,41,af,82,2c,15,9b,68,3b,4e,c0

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&y@^t! #^$ g9^$&pgb SDB36o \501529F2142DBB50\A9E17DC1A54D1D28BB40F338A2C6273E]

"1"=hex:80,21,ee,d1,6b,60,09,6f,f8,87,24,43,64,25,4c,aa,b2,18,c8,df,6b,eb,72,

a3,0a,b2,c0,1f,52,da,0b,fb

"2"=hex:81,20,8f,ab,28,6a,52,9c

"3"=hex:41,61,9c,ec,5d,71,e3,51,a4,97,a7,f3,c0,fb,4c,a8,48,9b,b2,7d,90,0f,24,

dd,46,c6,46,00,0e,10,34,dc,2f,c8,76,36,62,f2,90,0e,e9,7e,e6,ad,f6,0f,1e,63,\

"4"=hex:2f,ad,a2,e7,8a,bf,05,5e

"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,

1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\

"6"=hex:80,21,ee,d1,6b,60,09,6f,f8,87,24,43,64,25,4c,aa,b2,18,c8,df,6b,eb,72,

a3,c2,b5,a5,be,18,5e,8d,12,a5,96,30,c8,e8,9b,a0,07,34,11,26,76,4a,05,43,f8,\

"7"=hex:80,21,ee,d1,6b,60,09,6f,f8,87,24,43,64,25,4c,aa,b2,18,c8,df,6b,eb,72,

a3,0a,b2,c0,1f,52,da,0b,fb

"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,65,47,71,48,e9,1d,9d,

ae,8d,a8,42,08,32,10,f7,67,cf,df,52,86,31,35,e0,07,c7,f4,11,f0,ed,74,e2,7b,\

"9"=hex:81,20,8f,ab,28,6a,52,9c

"18"=hex:4b,72,8f,bc,6c,3f,e4,15

"10"=hex:b3,b5,ff,62,ba,b6,61,46

"11"=hex:81,20,8f,ab,28,6a,52,9c

"12"=hex:7e,53,02,59,ed,97,fb,2f,85,9e,9d,15,b0,2c,ad,9d,88,a7,15,e4,c0,c5,d1,

1e,24,44,79,79,8c,4d,d5,49,f9,ed,a7,ec,df,31,12,51,6c,95,86,4c,48,f0,58,42,\

"13"=hex:82,b4,e2,1e,09,ec,b3,44,b6,98,fa,e2,b3,0d,58,fb,16,03,3d,50,79,69,0a,

22

"14"=hex:a6,c1,97,cd,4d,ca,f1,2d

"24"=hex:81,20,8f,ab,28,6a,52,9c

"26"=hex:81,20,8f,ab,28,6a,52,9c

"27"=hex:81,20,8f,ab,28,6a,52,9c

"19"=hex:40,51,15,fc,cf,fd,6d,bb,0a,b5,3c,be,52,e9,4a,4d

"22"=hex:81,20,8f,ab,28,6a,52,9c

"15"=hex:66,7b,70,f8,d9,9e,1b,e5,5a,f4,29,e2,11,1e,aa,d6,be,8b,8d,c8,66,cb,b0,

af,ba,4c,5e,bc,fe,13,09,c4,5d,8d,7e,09,02,2a,ff,a9,77,58,ef,54,d0,f8,e2,89,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(200)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

.

Completion time: 2009-04-08 21:21:15

ComboFix-quarantined-files.txt 2009-04-09 02:20:28

ComboFix2.txt 2009-04-09 01:32:33

ComboFix3.txt 2009-04-09 00:57:56

ComboFix4.txt 2009-04-08 12:33:59

Pre-Run: 11,688,075,264 bytes free

Post-Run: 11,672,379,392 bytes free

308 --- E O F --- 2009-04-08 04:12:59

Link to post
Share on other sites

I am wondering if this may be the root of my recurring problem.

When I first got infested with the malware/virus, it came via an Adobe Acrobat download.

Before this happened, I never had reader_sl.exe showing up as running as a process in my Task Manager.

Now, it is always running.

Should I delete reader_sl.exe and switch to FoxIt for pdf files?

Thanks in advance.

Link to post
Share on other sites

If this helps, I just ran a quick scan on SuperAntiSpyware - this is the log:

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 04/09/2009 at 06:46 AM

Application Version : 4.26.1000

Core Rules Database Version : 3832

Trace Rules Database Version: 1788

Scan type : Quick Scan

Total Scan Time : 00:24:59

Memory items scanned : 416

Memory threats detected : 0

Registry items scanned : 500

Registry threats detected : 0

File items scanned : 23243

File threats detected : 0

Thanks in advance for any info.

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.