Jump to content

Antivirus / Spyware 2009/2010 Issues


Recommended Posts

Hello,

I have a computer that was infected with a version of that anti-virus/anti-spyware application. I initially ran Super Anti Spyware, and it seemed to fix it, but low and behold, it has come back. I have been unable to run Malwarebytes, even as a renamed exe, and have had similar problems with running Super Anti-Spyware.

I ran ComboFix in Safe Mode and this is what I came up with:

ComboFix 09-09-08.07 - Administrator 09/09/2009 11:05.1.2 - NTFSx86 NETWORK

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.805 [GMT -4:00]

Running from: c:\leon\kahdah.exe

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\test.txt

c:\windows\Installer\21586.msi

c:\windows\system32\41.exe

c:\windows\system32\dllcache\figaro.sys

C:\xvhu.exe

Infected copy of c:\windows\system32\eventlog.dll was found and disinfected

Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}

((((((((((((((((((((((((( Files Created from 2009-08-09 to 2009-09-09 )))))))))))))))))))))))))))))))

.

2009-09-09 14:29 . 2009-09-09 14:29 -------- d-----w- c:\program files\sas

2009-09-09 12:40 . 2009-07-28 20:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-09-09 12:40 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2009-09-09 12:40 . 2009-02-13 16:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2009-09-09 12:40 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2009-09-09 12:40 . 2009-09-09 12:40 -------- d-----w- c:\program files\Avira

2009-09-09 12:40 . 2009-09-09 12:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2009-09-09 12:05 . 2009-09-09 12:05 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2009-09-09 11:49 . 2009-09-09 11:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2009-09-09 11:49 . 2009-09-09 11:49 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2009-09-08 20:01 . 2009-09-08 20:01 -------- d-----w- c:\documents and settings\Leon Test

2009-09-08 19:54 . 2009-09-08 19:54 -------- d-----w- c:\program files\CCleaner

2009-09-08 18:37 . 2009-09-08 19:05 -------- d-----w- C:\$AVG8.VAULT$

2009-09-08 18:33 . 2009-09-08 18:33 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-09-08 18:33 . 2009-09-08 18:33 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2009-09-08 18:33 . 2009-09-08 18:33 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-09-08 18:33 . 2009-09-08 18:33 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-09-08 18:33 . 2009-09-09 12:23 -------- d-----w- c:\windows\system32\drivers\Avg

2009-09-08 18:33 . 2009-09-08 18:33 -------- d-----w- c:\program files\AVG

2009-09-08 18:33 . 2009-09-09 12:38 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8

2009-09-08 18:30 . 2009-09-08 18:30 -------- d-----w- c:\documents and settings\Jeremy\Application Data\Windows Search

2009-09-08 18:29 . 2009-09-08 18:29 -------- d-----w- c:\documents and settings\Jeremy\Application Data\AVG8

2009-09-08 18:23 . 2009-09-09 15:05 -------- d--h--w- c:\windows\PIF

2009-09-08 18:17 . 2009-09-08 18:17 -------- d-----w- c:\documents and settings\Jeremy\Application Data\Malwarebytes

2009-09-08 18:17 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-08 18:17 . 2009-09-09 14:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-09-08 18:17 . 2009-09-08 18:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-09-08 18:17 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-09-08 18:16 . 2009-09-09 14:21 -------- d-----w- C:\Leon

2009-09-08 13:23 . 2009-09-08 13:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Broderbund

2009-09-08 13:21 . 2002-05-07 05:09 274432 ----a-w- c:\windows\TLCUninstall.exe

2009-09-08 13:21 . 2009-09-08 13:21 -------- d-----w- c:\program files\Broderbund

2009-09-04 22:27 . 2009-09-04 22:27 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2009-09-04 22:26 . 2009-09-09 12:06 -------- d-----w- c:\program files\SUPERAntiSpyware

2009-09-04 22:26 . 2009-09-04 22:26 -------- d-----w- c:\documents and settings\Jeremy\Application Data\SUPERAntiSpyware.com

2009-09-04 22:06 . 2009-09-05 05:17 -------- d-----w- c:\program files\Windows Defender

2009-09-03 15:08 . 2009-09-03 15:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage

2009-09-03 15:07 . 2009-09-03 15:07 -------- d-----w- c:\documents and settings\Jeremy\Application Data\Office Genuine Advantage

2009-08-24 15:05 . 2009-08-24 15:05 -------- d-----w- c:\program files\EA Games

2009-08-23 21:05 . 2009-08-24 15:07 717 ----a-w- c:\windows\eReg.dat

2009-08-23 02:41 . 2009-08-23 02:41 -------- d-----w- c:\documents and settings\Jeremy\Local Settings\Application Data\WMTools Downloaded Files

2009-08-15 19:57 . 2009-08-15 19:57 -------- d-----w- c:\program files\HeavenWord, Inc

2009-08-15 19:56 . 1998-10-29 20:45 306688 ----a-w- c:\windows\IsUninst.exe

2009-08-15 19:56 . 2009-08-15 19:56 -------- d-----w- c:\documents and settings\Jeremy\WINDOWS

2009-08-13 16:44 . 2009-08-13 16:44 -------- d-----w- c:\documents and settings\Jeremy\Local Settings\Application Data\Identities

2009-08-13 16:44 . 2009-08-13 16:44 -------- d-----w- c:\documents and settings\Jeremy\Application Data\Windows Desktop Search

2009-08-13 16:43 . 2009-08-15 05:03 -------- d-----w- c:\program files\Windows Desktop Search

2009-08-13 16:43 . 2009-08-13 16:43 -------- d-----w- c:\windows\system32\GroupPolicy

2009-08-13 16:42 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll

2009-08-13 16:42 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll

2009-08-13 16:42 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll

2009-08-12 23:44 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-09 15:05 . 2009-04-30 21:14 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\TeamViewer

2009-09-08 20:02 . 2009-09-08 20:02 -------- d-----w- c:\documents and settings\Leon Test\Application Data\Windows Desktop Search

2009-09-05 07:03 . 2009-04-30 19:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-09-05 06:12 . 2009-06-23 20:53 -------- d-----w- c:\program files\Google

2009-09-05 05:37 . 2009-05-22 18:54 -------- d-----w- c:\documents and settings\Jeremy\Application Data\ZoomBrowser EX

2009-09-03 15:09 . 2009-04-30 22:49 98096 ----a-w- c:\documents and settings\Jeremy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-09-03 15:00 . 2009-04-30 19:06 -------- d-----w- c:\program files\Microsoft Works

2009-08-28 05:13 . 2009-05-12 15:31 -------- d-----w- c:\documents and settings\Jeremy\Application Data\dvdcss

2009-08-23 21:46 . 2009-07-08 15:19 25 ----a-w- c:\windows\popcinfot.dat

2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-08-03 19:07 . 2009-08-03 19:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll

2009-08-03 19:07 . 2009-08-03 19:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll

2009-08-03 19:07 . 2009-08-03 19:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe

2009-07-23 03:53 . 2009-07-23 03:52 -------- d-----w- c:\program files\iTunes

2009-07-23 03:53 . 2009-07-23 03:53 -------- d-----w- c:\program files\iPod

2009-07-23 03:53 . 2009-04-30 22:06 -------- d-----w- c:\program files\Common Files\Apple

2009-07-20 02:37 . 2009-07-15 22:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2009-07-20 02:37 . 2009-06-04 22:51 -------- d-----w- c:\program files\Norton Security Scan

2009-07-20 02:37 . 2009-06-04 22:51 -------- d-----w- c:\program files\Common Files\Symantec Shared

2009-07-19 03:57 . 2009-07-19 03:57 -------- d-----w- c:\program files\Windows Media Connect 2

2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-15 22:01 . 2009-07-15 22:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec

2009-07-15 22:01 . 2009-07-15 22:01 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller

2009-07-14 03:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-09 01:08 . 2009-07-09 01:08 0 ----a-w- c:\windows\popcreg.dat

2009-07-03 17:50 . 2009-07-03 17:50 410984 ----a-w- c:\windows\system32\deploytk.dll

2009-07-03 17:09 . 2004-08-04 12:00 915456 ----a-w- c:\windows\system32\wininet.dll

2009-06-25 08:25 . 2004-08-04 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll

2009-06-25 08:25 . 2004-08-04 12:00 56832 ----a-w- c:\windows\system32\secur32.dll

2009-06-25 08:25 . 2004-08-04 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll

2009-06-25 08:25 . 2004-08-04 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll

2009-06-25 08:25 . 2004-08-04 12:00 147456 ----a-w- c:\windows\system32\schannel.dll

2009-06-25 08:25 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-06-24 11:18 . 2004-08-04 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2009-06-16 14:36 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-12 12:31 . 2004-08-04 12:00 80896 ----a-w- c:\windows\system32\tlntsess.exe

2009-06-12 12:31 . 2004-08-04 12:00 76288 ----a-w- c:\windows\system32\telnet.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-26 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-10 344064]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]

"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 65536]

"RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2004-01-09 868352]

"lxdvmon.exe"="c:\program files\Lexmark X5400 Series\lxdvmon.exe" [2007-11-02 455336]

"lxdvamon"="c:\program files\Lexmark X5400 Series\lxdvamon.exe" [2007-11-02 25256]

"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-23 198160]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-03 148888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-08 2007832]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CtHelper.exe [2007-04-09 19456]

"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\Ctxfihlp.exe [2007-04-09 19968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\sas\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-12-22 16:05 356352 ----a-w- c:\program files\sas\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-09-08 18:33 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\WINDOWS\\system32\\lxctcoms.exe"=

"c:\\WINDOWS\\system32\\lxdvcoms.exe"=

"c:\\Program Files\\Lexmark X5400 Series\\lxdvmon.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdvpswx.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdvtime.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdvjswx.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdvwbgw.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/8/2009 2:33 PM 335240]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/8/2009 2:33 PM 108552]

R1 SASDIFSV;SASDIFSV;c:\program files\sas\sasdifsv.sys [5/26/2009 10:05 AM 9968]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9/9/2009 8:40 AM 108289]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/8/2009 2:33 PM 297752]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [5/1/2009 8:04 AM 55152]

R2 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]

R2 lxdv_device;lxdv_device;c:\windows\system32\lxdvcoms.exe -service --> c:\windows\system32\lxdvcoms.exe -service [?]

R2 lxdvCATSCustConnectService;lxdvCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdvserv.exe [4/30/2009 10:49 PM 98984]

R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [4/29/2009 9:17 AM 185640]

S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]

S3 getPlus

Link to post
Share on other sites

Also, after running the above, I was able to run Malwarebytes and here is my log:

Malwarebytes' Anti-Malware 1.40

Database version: 2763

Windows 5.1.2600 Service Pack 3

9/9/2009 1:00:39 PM

mbam-log-2009-09-09 (13-00-39).txt

Scan type: Quick Scan

Objects scanned: 113395

Time elapsed: 6 minute(s), 28 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Also, (sorry if this is inappropriate, I'm just trying to get all of the info out there possible)

Here are my Hijackthis logs:

Logfile of HijackThis v1.99.1

Scan saved at 2:18:59 PM, on 9/9/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Windows Live\Family Safety\fsssvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\lxctcoms.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdvserv.exe

C:\WINDOWS\system32\lxdvcoms.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\TeamViewer\Version4\TeamViewer.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

C:\Program Files\Lexmark X5400 Series\lxdvmon.exe

C:\Program Files\Lexmark X5400 Series\lxdvamon.exe

C:\Program Files\Windows Live\Family Safety\fsui.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\explorer.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.family.org/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

O4 - HKLM\..\Run: [lxdvmon.exe] "C:\Program Files\Lexmark X5400 Series\lxdvmon.exe"

O4 - HKLM\..\Run: [lxdvamon] "C:\Program Files\Lexmark X5400 Series\lxdvamon.exe"

O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1241113615187

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1241130796609

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\sas\SASWINLO.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe

O23 - Service: lxdvCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdvserv.exe

O23 - Service: lxdv_device - - C:\WINDOWS\system32\lxdvcoms.exe

O23 - Service: TeamViewer 4 (TeamViewer4) - Unknown owner - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe" -service (file missing)

Link to post
Share on other sites

  • 5 weeks later...
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.