eminm3

Members
  • Content Count

    13
  • Joined

  • Last visited

Community Reputation

0 Neutral

About eminm3

  • Rank
    Member
  1. is there any more that needs doing? must admit computer seems so much better!
  2. next log OTL logfile created on: 9/18/2010 10:21:04 PM - Run 3 OTL by OldTimer - Version 3.2.12.1 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 55.90 Gb Total Space | 24.12 Gb Free Space | 43.15% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: KERRIE Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal [color="#E56717"]========== Custom Scans ==========[/color] [color="#A23BEC"]< >[/color] [color="#A23BEC"]< >[/color] [color="#A23BEC"]< type c:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Logs\Scan_2010-09-14-17-04-33.log /c >[/color] [color="#A23BEC"]< type c:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Logs\Scan_2010-09-17-11-05-58.log /c >[/color] [color="#A23BEC"]< type c:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Logs\Service_2010-09-05-14-54-47.log /c >[/color] < End of report >
  3. there you go OTL logfile created on: 9/18/2010 8:46:15 AM - Run 2 OTL by OldTimer - Version 3.2.12.1 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 67.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 55.90 Gb Total Space | 24.10 Gb Free Space | 43.11% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: KERRIE Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal [color="#E56717"]========== Custom Scans ==========[/color] [color="#A23BEC"]< c:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Logs\*.* >[/color] [2010/09/17 11:05:58 | 000,023,404 | ---- | M] () -- c:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Logs\aawadmin.log [2010/09/05 14:54:45 | 000,000,172 | ---- | M] () -- c:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Logs\DriverTool.log [2010/09/17 11:12:49 | 000,000,178 | ---- | M] () -- c:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Logs\runningScanLog.log [2010/09/14 18:10:12 | 000,045,938 | ---- | M] () -- c:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Logs\Scan_2010-09-14-17-04-33.log [2010/09/17 11:18:57 | 000,045,364 | ---- | M] () -- c:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Logs\Scan_2010-09-17-11-05-58.log [2010/09/05 14:55:52 | 000,000,316 | ---- | M] () -- c:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Logs\Service_2010-09-05-14-54-47.log [2010/09/17 11:05:58 | 000,033,902 | ---- | M] () -- c:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Logs\Update.log [color="#A23BEC"]< c:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Quarantine\*.* >[/color] [color="#A23BEC"]< c:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\*.* >[/color] < End of report >
  4. here you go OTL logfile created on: 9/17/2010 9:14:08 PM - Run 1 OTL by OldTimer - Version 3.2.12.1 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 55.90 Gb Total Space | 24.10 Gb Free Space | 43.12% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: KERRIE Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal [color="#E56717"]========== Custom Scans ==========[/color] [color="#A23BEC"]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring >[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color="#A23BEC"]< c:\program files\Trend Micro\*. /s >[/color] [2010/09/17 17:24:41 | 000,000,000 | ---D | M] -- c:\Program Files\Trend Micro\HiJackThis [color="#A23BEC"]< C:\Qoobox\Quarantine\*.* /s >[/color] [2010/09/15 19:47:11 | 000,000,102 | ---- | M] () -- C:\Qoobox\Quarantine\catchme.log [2009/03/02 13:12:48 | 000,104,545 | ---- | M] () -- C:\Qoobox\Quarantine\C\tt.com.vir [2010/04/07 06:43:12 | 000,116,224 | ---- | M] () -- C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Akan\hoity.exe.vir [2004/08/04 01:59:42 | 000,005,504 | ---- | M] () -- C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\intelide.sys.vir [2010/09/15 23:28:36 | 000,001,476 | ---- | M] () -- C:\Qoobox\Quarantine\Registry_backups\AddRemove-{E2883E8F-472F-4fb0-9522-AC9BF37916A7}.reg.dat [2010/09/15 23:28:15 | 000,000,204 | ---- | M] () -- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-{01207D10-FE90-7969-7414-1EC11C8AFFC5}.reg.dat [2010/09/15 19:55:22 | 000,006,982 | ---- | M] () -- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg [color="#A23BEC"]< c:\documents and settings\All Users\Application Data\Lavasoft\*. /s >[/color] [2010/09/17 11:12:51 | 000,000,000 | ---D | M] -- c:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware [2010/08/20 20:11:12 | 000,000,000 | ---D | M] -- c:\Documents and Settings\All Users\Application Data\Lavasoft\License [2010/09/05 14:54:28 | 000,000,000 | ---D | M] -- c:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Crashdumps [2010/09/17 11:00:00 | 000,000,000 | ---D | M] -- c:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs [2010/09/17 11:09:51 | 000,000,000 | ---D | M] -- c:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Logs [2010/09/05 14:55:50 | 000,000,000 | ---D | M] -- c:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\MiniMessage [2010/09/05 14:54:47 | 000,000,000 | ---D | M] -- c:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Quarantine [2010/09/17 16:28:57 | 000,000,000 | ---D | M] -- c:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Statistics [2010/09/05 14:54:47 | 000,000,000 | ---D | M] -- c:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\ThreatWork Alliance [2010/09/17 11:05:46 | 000,000,000 | ---D | M] -- c:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update [2010/09/17 11:09:52 | 000,000,000 | ---D | M] -- c:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended [2010/09/17 11:12:51 | 000,000,000 | ---D | M] -- c:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\ThreatWork Alliance\Submit [color="#A23BEC"]< c:\program files\Lavasoft\*. /s >[/color] [2010/09/17 16:28:46 | 000,000,000 | ---D | M] -- c:\Program Files\Lavasoft\Ad-Aware [2010/09/05 14:53:53 | 000,000,000 | ---D | M] -- c:\Program Files\Lavasoft\Ad-Aware\Drivers [2010/09/05 14:53:46 | 000,000,000 | ---D | M] -- c:\Program Files\Lavasoft\Ad-Aware\Languages [2010/09/05 14:53:48 | 000,000,000 | ---D | M] -- c:\Program Files\Lavasoft\Ad-Aware\Resources [2010/09/05 14:53:46 | 000,000,000 | ---D | M] -- c:\Program Files\Lavasoft\Ad-Aware\ToolBox [2010/09/05 14:53:46 | 000,000,000 | ---D | M] -- c:\Program Files\Lavasoft\Ad-Aware\Drivers\32 [2010/09/05 14:53:46 | 000,000,000 | ---D | M] -- c:\Program Files\Lavasoft\Ad-Aware\Drivers\64 [2010/09/05 14:53:52 | 000,000,000 | ---D | M] -- c:\Program Files\Lavasoft\Ad-Aware\Drivers\i386 [2010/09/05 14:53:55 | 000,000,000 | ---D | M] -- c:\Program Files\Lavasoft\Ad-Aware\ToolBox\AutoStart Manager [2010/09/05 14:53:55 | 000,000,000 | ---D | M] -- c:\Program Files\Lavasoft\Ad-Aware\ToolBox\LT [2010/09/05 14:53:46 | 000,000,000 | ---D | M] -- c:\Program Files\Lavasoft\Ad-Aware\ToolBox\AutoStart Manager\Skins [2010/09/05 14:53:55 | 000,000,000 | ---D | M] -- c:\Program Files\Lavasoft\Ad-Aware\ToolBox\AutoStart Manager\Translations [2010/09/05 14:53:54 | 000,000,000 | ---D | M] -- c:\Program Files\Lavasoft\Ad-Aware\ToolBox\AutoStart Manager\Skins\grey [2010/09/05 14:53:54 | 000,000,000 | ---D | M] -- c:\Program Files\Lavasoft\Ad-Aware\ToolBox\LT\Lang [color="#A23BEC"]< c:\documents and settings\LocalService\Application Data\McAfee\*. /s >[/color] [2010/08/20 19:33:23 | 000,000,000 | ---D | M] -- c:\Documents and Settings\LocalService\Application Data\McAfee\sacore [color="#A23BEC"]< c:\documents and settings\All Users\Application Data\McAfee\*. /s >[/color] [2010/08/20 19:31:40 | 000,000,000 | ---D | M] -- c:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS [2010/08/20 19:31:40 | 000,000,000 | ---D | M] -- c:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\Common [2010/08/20 19:31:08 | 000,000,000 | ---D | M] -- c:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\McUICnt [2010/08/20 19:31:25 | 000,000,000 | ---D | M] -- c:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\PartnerCustom [2010/08/20 19:31:15 | 000,000,000 | ---D | M] -- c:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\SecurityScanner [2010/08/20 19:31:40 | 000,000,000 | ---D | M] -- c:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\Common\McCHSvc [2010/08/20 19:31:08 | 000,000,000 | ---D | M] -- c:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\McUICnt\McUICnt [2010/08/20 19:31:25 | 000,000,000 | ---D | M] -- c:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\PartnerCustom\McCHSvc [2010/08/20 19:31:07 | 000,000,000 | ---D | M] -- c:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\PartnerCustom\McUICnt [2010/08/20 01:16:10 | 000,000,000 | ---D | M] -- c:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\PartnerCustom\SSScheduler [2010/08/20 19:31:15 | 000,000,000 | ---D | M] -- c:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\SecurityScanner\McUICnt < End of report >
  5. and new hjt log Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 5:24:41 PM, on 9/17/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\HPQ\IAM\bin\asghost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\IFXSPMGT.exe C:\WINDOWS\system32\IFXTCS.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\lxcycoms.exe C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\mqsvc.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\mqtgsvc.exe C:\Program Files\ProtectTools\Embedded Security Software\PSDrt.exe C:\Program Files\Trusteer\Rapport\bin\RapportService.exe C:\WINDOWS\notepad.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\WINDOWS\Sminst\Recguard.exe C:\WINDOWS\SMINST\Scheduler.exe C:\Program Files\Lexmark 3400 Series\lxcymon.exe C:\Program Files\Lexmark 3400 Series\ezprint.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.hp.com"]http://www.hp.com[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [url="http://www.hp.com/"]http://www.hp.com/[/url] O1 - Hosts: ÿþ127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe" O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe" O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O16 - DPF: {00000035-9593-4264-8B29-930B3E4EDCCD} (HPVirtualRooms35 Class) - [url="https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall35.cab"]https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall35.cab[/url] O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- End of file - 8697 bytes
  6. new otm log All processes killed ========== PROCESSES ========== ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== FILES ========== [color="#A23BEC"]< ipconfig /flushdns /c >[/color] Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully. C:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully. C:\My Backup -- 19-08-10 2350\Documents and Settings\kerrie\Application Data\Ehyn folder moved successfully. C:\My Backup -- 19-08-10 2350\WINDOWS\system32\3958AB folder moved successfully. C:\My Backup -- 19-08-10 2350\WINDOWS\system32\78D80E folder moved successfully. ========== COMMANDS ========== C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: Administrator ->Temp folder emptied: 108054954 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 128101 bytes ->FireFox cache emptied: 40064889 bytes ->Flash cache emptied: 3137 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->FireFox cache emptied: 0 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 483 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 142.00 mb Restore point Set: OTM Restore Point (0) OTM by OldTimer - Version 3.1.16.1 log created on 09172010_171034 Files moved on Reboot... Registry entries deleted on Reboot...
  7. [quote name='Rorschach112' post='122644' date='Sep 16 2010, 06:52 PM']and kaspersky[/quote] here you go, thanks KASPERSKY ONLINE SCANNER 7.0: scan report Friday, September 17, 2010 Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Thursday, September 16, 2010 11:52:17 Records in database: 4216890 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ E:\ Scan statistics: Objects scanned: 89322 Threats found: 9 Infected objects found: 23 Suspicious objects found: 0 Scan duration: 04:24:49 File name / Threat / Threats count C:\My Backup -- 19-08-10 2350\Documents and Settings\kerrie\Application Data\Ehyn\odyh.exe Infected: Trojan-Spy.Win32.Zbot.alxt 1 C:\My Backup -- 19-08-10 2350\WINDOWS\system32\3958AB\9C2A2F.EXE Infected: Trojan-Dropper.Win32.Flystud.yo 1 C:\My Backup -- 19-08-10 2350\WINDOWS\system32\3958AB\9C2A2F.EXE Infected: Trojan.Win32.FlyStudio.df 1 C:\My Backup -- 19-08-10 2350\WINDOWS\system32\78D80E\NV35F927.EXE Infected: Trojan.Win32.FlyStudio.uj 1 C:\My Backup -- 19-08-10 2350\WINDOWS\system32\78D80E\VC-G8.EXE Infected: Trojan.Win32.FlyStudio.uj 1 C:\Qoobox\Quarantine\C\tt.com.vir Infected: Trojan-GameThief.Win32.Magania.avym 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\intelide.sys.vir Infected: Virus.Win32.TDSS.b 1 C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP14\A0007202.dll Infected: Backdoor.Win32.TDSS.adi 1 C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP15\A0007324.exe Infected: Trojan-Spy.Win32.Zbot.alxt 1 C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP15\A0007325.EXE Infected: Trojan-Dropper.Win32.Flystud.yo 1 C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP15\A0007325.EXE Infected: Trojan.Win32.FlyStudio.df 1 C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP15\A0007327.com Infected: Trojan-GameThief.Win32.Magania.avym 1 C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP15\A0007328.EXE Infected: Trojan.Win32.FlyStudio.uj 1 C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP15\A0007329.EXE Infected: Trojan.Win32.FlyStudio.uj 1 C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP15\A0007330.EXE Infected: Trojan.Win32.FlyStudio.uj 1 C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP15\A0007331.EXE Infected: Trojan.Win32.FlyStudio.uj 1 C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP17\A0007383.exe Infected: Packed.Win32.Krap.hd 1 C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP17\A0007416.dll Infected: Backdoor.Win32.TDSS.adi 1 C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP47\A0013728.dll Infected: Trojan.Win32.TDSS.bktc 1 C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP47\A0014022.sys Infected: Virus.Win32.TDSS.b 1 C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP47\A0014190.com Infected: Trojan-GameThief.Win32.Magania.avym 1 C:\_OTM\MovedFiles9162010_155838\c_windows\system32\78D80E\NV35F927.EXE Infected: Trojan.Win32.FlyStudio.uj 1 C:\_OTM\MovedFiles9162010_155838\c_windows\system32\78D80E\VC-G8.EXE Infected: Trojan.Win32.FlyStudio.uj 1 Selected area has been scanned.
  8. mbam report here Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4629 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 9/16/2010 4:25:01 PM mbam-log-2010-09-16 (16-25-01).txt Scan type: Quick scan Objects scanned: 131247 Time elapsed: 7 minute(s), 4 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Administrator\Desktop\MyFunCardsSetup2.3.50.24.ZUfox000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
  9. hi, this is what i got from otm All processes killed ========== PROCESSES ========== ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== FILES ========== [color="#A23BEC"]< ipconfig /flushdns /c >[/color] Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully. C:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully. c:\documents and settings\All Users\Application Data\~0 folder moved successfully. c:\windows\system32\78D80E folder moved successfully. c:\windows\system32\3958AB folder moved successfully. c:\windows\system32\6BD97A folder moved successfully. c:\windows\system32\53BB40 folder moved successfully. c:\documents and settings\Administrator\Application Data\Yqnae folder moved successfully. ========== COMMANDS ========== C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: Administrator ->Temp folder emptied: 1798 bytes ->Temporary Internet Files folder emptied: 32902 bytes ->Java cache emptied: 9312 bytes ->FireFox cache emptied: 92894134 bytes ->Flash cache emptied: 14848 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 49286 bytes ->FireFox cache emptied: 21970424 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 2577 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 483 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 110.00 mb Restore point Set: OTM Restore Point (0) OTM by OldTimer - Version 3.1.16.1 log created on 09162010_155838 All processes killed OTM by OldTimer - Version 3.1.16.1 log created on 09162010_155838 Files moved on Reboot... Registry entries deleted on Reboot... just about to do the other bits now, thanks
  10. thanks, here is the report, its quite long! ComboFix 10-09-14.05 - Administrator 09/15/2010 19:48:42.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1919.1518 [GMT 1:00] Running from: c:\documents and settings\Administrator\Desktop\vchost.com.exe AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Administrator\Application Data\Akan c:\documents and settings\Administrator\Application Data\Akan\hoity.exe C:\tt.com Infected copy of c:\windows\system32\drivers\intelide.sys was found and disinfected Restored copy from - Kitty had a snack . ((((((((((((((((((((((((( Files Created from 2010-08-15 to 2010-09-15 ))))))))))))))))))))))))))))))) . 2010-09-15 17:38 . 2003-03-25 07:32 94208 ----a-w- c:\windows\system32\scapflex.dll 2010-09-15 17:38 . 2003-03-25 07:32 69632 ----a-w- c:\windows\system32\gpa.dll 2010-09-15 17:38 . 2003-03-25 07:32 65536 ----a-w- c:\windows\system32\scagplus.dll 2010-09-15 17:38 . 2003-03-25 07:32 65536 ----a-w- c:\windows\system32\scagpl8k.dll 2010-09-15 17:38 . 2003-03-25 07:32 57344 ----a-w- c:\windows\system32\gparm.dll 2010-09-15 17:38 . 2003-03-25 07:32 471040 ----a-w- c:\windows\system32\eppgplus.dll 2010-09-15 17:38 . 2003-03-25 07:32 471040 ----a-w- c:\windows\system32\eppgpl8k.dll 2010-09-15 17:38 . 2003-03-25 07:32 36864 ----a-w- c:\windows\system32\msgeppg1.dll 2010-09-15 17:38 . 2003-03-25 07:32 24576 ----a-w- c:\windows\system32\std201mt.dll 2010-09-15 17:38 . 2003-03-25 07:32 163840 ----a-w- c:\windows\system32\epppflex.dll 2010-09-15 17:38 . 2003-03-25 07:32 139264 ----a-w- c:\windows\system32\gpatools.dll 2010-09-15 17:38 . 2003-03-25 07:32 12288 ----a-w- c:\windows\system32\hp-common-msg.dll 2010-09-15 17:28 . 2005-07-05 07:18 32768 ------w- c:\windows\biwlandrvxpver.dll 2010-09-15 17:25 . 2006-02-07 09:33 9728 ------w- c:\windows\HPNICVersion.dll 2010-09-15 17:25 . 2010-09-15 17:28 -------- d-----w- c:\program files\Broadcom 2010-09-14 18:57 . 2010-09-14 18:57 -------- d-----w- c:\program files\Trend Micro 2010-09-05 13:54 . 2010-08-12 12:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2010-09-05 13:54 . 2010-09-05 13:54 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70} 2010-09-04 17:49 . 2010-09-04 17:49 -------- d-----w- c:\windows\system32\wbem\Repository 2010-09-03 13:29 . 2010-09-03 13:29 -------- d-----w- C:\spoolerlogs 2010-08-27 16:59 . 2010-08-27 16:59 -------- d-----w- c:\windows\Sun 2010-08-25 19:52 . 2010-08-25 19:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\PrimoPDF 2010-08-23 16:56 . 2010-08-23 16:56 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-08-22 21:05 . 2010-08-22 21:05 -------- d-----w- c:\windows\system32\XPSViewer 2010-08-22 21:05 . 2010-08-22 21:05 -------- d-----w- c:\program files\MSBuild 2010-08-22 21:04 . 2010-08-22 21:04 -------- d-----w- c:\program files\Reference Assemblies 2010-08-22 21:04 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll 2010-08-22 21:04 . 2010-08-22 21:04 -------- d-----w- C:\fefafe34f6af767acf1b5fd492b201 2010-08-22 21:04 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2010-08-22 21:04 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2010-08-22 21:04 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll 2010-08-22 21:04 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2010-08-22 21:04 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll 2010-08-22 21:04 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2010-08-22 21:04 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2010-08-22 21:04 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2010-08-22 21:00 . 2010-08-22 21:00 -------- d-----w- c:\program files\MSXML 6.0 2010-08-22 14:24 . 2010-08-22 14:24 -------- d-----w- c:\windows\ServicePackFiles 2010-08-22 14:23 . 2010-08-22 14:23 -------- d-----w- c:\program files\MSXML 4.0 2010-08-22 14:11 . 2010-08-22 14:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\Trusteer 2010-08-22 14:11 . 2010-08-22 14:11 -------- d-----w- c:\program files\Trusteer 2010-08-22 14:10 . 2010-08-22 14:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Trusteer 2010-08-22 10:28 . 2009-10-15 17:21 82432 ------w- c:\windows\system32\dllcache\fontsub.dll 2010-08-22 10:28 . 2009-06-21 22:04 153088 ------w- c:\windows\system32\dllcache\triedit.dll 2010-08-22 10:27 . 2009-10-23 14:27 3555328 ------w- c:\windows\system32\dllcache\moviemk.exe 2010-08-22 10:27 . 2008-05-08 12:28 202752 ------w- c:\windows\system32\dllcache\rmcast.sys 2010-08-22 10:27 . 2008-05-01 14:30 331776 ------w- c:\windows\system32\dllcache\msadce.dll 2010-08-22 10:26 . 2009-11-21 16:36 470528 ------w- c:\windows\system32\dllcache\aclayers.dll 2010-08-22 10:26 . 2010-06-14 14:30 743936 ------w- c:\windows\system32\dllcache\helpsvc.exe 2010-08-22 10:18 . 2008-10-15 16:57 332800 ------w- c:\windows\system32\dllcache\netapi32.dll 2010-08-21 16:39 . 2009-12-21 01:42 176235 ----a-w- c:\windows\system32\Primomonnt.dll 2010-08-21 16:39 . 2010-08-21 16:39 -------- d-----w- c:\program files\Nitro PDF 2010-08-21 10:12 . 2010-09-03 19:34 -------- d-----w- c:\program files\lx_cats 2010-08-21 10:12 . 2006-03-23 02:33 40960 ----a-w- c:\windows\system32\lxcyvs.dll 2010-08-21 10:12 . 2006-11-27 01:50 117760 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\lxcypp5c.dll 2010-08-21 10:12 . 2006-11-07 10:30 344064 ----a-w- c:\windows\system32\lxcycoin.dll 2010-08-21 10:12 . 2004-08-03 21:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2010-08-21 10:12 . 2004-08-03 21:58 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys 2010-08-21 10:12 . 2001-08-17 21:36 87040 ----a-w- c:\windows\system32\wiafbdrv.dll 2010-08-21 10:12 . 2001-08-17 21:36 87040 ----a-w- c:\windows\system32\dllcache\wiafbdrv.dll 2010-08-21 10:12 . 2006-08-14 15:07 65536 ----a-w- c:\windows\system32\lxcycaps.dll 2010-08-21 10:12 . 2006-08-08 13:58 692224 ----a-w- c:\windows\system32\lxcydrs.dll 2010-08-21 09:53 . 2010-08-21 09:53 -------- d-----w- C:\temp 2010-08-21 08:08 . 2010-08-21 08:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\AdobeUM 2010-08-21 07:28 . 2010-08-22 10:17 -------- d-----w- c:\windows\system32\CatRoot_bak 2010-08-21 07:28 . 2009-12-14 07:35 33280 ------w- c:\windows\system32\dllcache\csrsrv.dll 2010-08-21 07:26 . 2010-01-29 15:08 683520 ------w- c:\windows\system32\dllcache\inetcomm.dll 2010-08-21 07:25 . 2010-02-24 12:31 454016 ------w- c:\windows\system32\dllcache\mrxsmb.sys 2010-08-21 07:17 . 2010-05-02 05:56 1850880 ------w- c:\windows\system32\dllcache\win32k.sys 2010-08-20 20:51 . 2010-08-20 21:57 -------- d-----w- c:\program files\Win 32. Trojan PWS. Magania Removal Tool 2010-08-20 19:33 . 2010-08-20 19:33 -------- d-----w- c:\windows\system32\LogFiles 2010-08-20 19:16 . 2008-04-21 10:02 215552 ------w- c:\windows\system32\dllcache\wordpad.exe 2010-08-20 19:15 . 2010-01-13 14:10 85504 ------w- c:\windows\system32\dllcache\cabview.dll 2010-08-20 19:10 . 2010-08-20 19:10 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-08-20 18:56 . 2010-08-20 18:56 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Sunbelt Software 2010-08-20 18:54 . 2010-09-05 13:44 -------- dc-h--w- c:\documents and settings\All Users\Application Data\~0 2010-08-20 18:54 . 2010-09-05 13:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-08-20 18:54 . 2010-08-20 18:54 -------- d-----w- c:\program files\Lavasoft 2010-08-20 18:34 . 2010-08-20 18:34 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Mozilla 2010-08-20 18:33 . 2010-08-20 18:33 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee 2010-08-20 14:56 . 2010-08-20 14:56 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\HPVirtualRooms 2010-08-20 14:50 . 2010-08-23 16:21 35152 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-08-20 13:51 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe 2010-08-20 13:51 . 2009-07-31 04:57 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll 2010-08-20 07:42 . 2010-08-21 08:08 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe 2010-08-20 07:42 . 2010-08-20 07:42 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities 2010-08-20 07:41 . 2010-08-20 07:41 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google 2010-08-20 07:41 . 2010-09-15 17:36 -------- d-----w- c:\program files\Google 2010-08-20 07:40 . 2010-08-20 07:40 -------- d-----w- c:\documents and settings\Administrator\Application Data\Infineon 2010-08-20 07:40 . 2010-08-20 07:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Infineon 2010-08-20 07:39 . 2010-08-20 07:39 -------- d-----w- c:\program files\ProtectTools 2010-08-20 07:37 . 2010-09-15 17:24 -------- d-----w- c:\windows\tiinst 2010-08-20 07:37 . 2002-11-21 17:57 204800 ----a-w- c:\windows\system32\IVIresizeW7.dll 2010-08-20 07:37 . 2002-11-21 17:57 200704 ----a-w- c:\windows\system32\IVIresizeA6.dll 2010-08-20 07:37 . 2002-11-21 17:57 192512 ----a-w- c:\windows\system32\IVIresizeP6.dll 2010-08-20 07:37 . 2002-11-21 17:57 192512 ----a-w- c:\windows\system32\IVIresizeM6.dll 2010-08-20 07:37 . 2002-11-21 17:57 188416 ----a-w- c:\windows\system32\IVIresizePX.dll 2010-08-20 07:37 . 2002-11-21 17:57 20480 ----a-w- c:\windows\system32\IVIresize.dll 2010-08-20 07:36 . 2010-09-15 17:41 -------- d-----w- c:\program files\InterVideo 2010-08-20 07:35 . 2010-08-20 07:35 -------- d-----w- c:\program files\AuthenTec 2010-08-20 07:34 . 2010-08-20 06:58 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Symantec 2010-08-20 07:34 . 2010-08-20 06:58 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\ATI 2010-08-20 07:34 . 2006-07-11 06:35 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SampleView 2010-08-20 07:33 . 2010-08-20 07:33 -------- d-----w- c:\program files\Program Shortcuts 2010-08-20 07:30 . 2004-08-04 13:00 185344 ----a-w- c:\windows\system32\Thawbrkr.dll 2010-08-20 07:30 . 2004-08-04 13:00 10752 ----a-w- c:\windows\system32\c_iscii.dll 2010-08-20 07:30 . 2004-08-04 13:00 5632 ----a-w- c:\windows\system32\kbdusa.dll 2010-08-20 07:30 . 2004-08-04 13:00 6144 ----a-w- c:\windows\system32\ftlx041e.dll 2010-08-20 07:24 . 2010-08-20 07:24 -------- d-----w- c:\windows\i386 2010-08-20 07:06 . 2010-08-20 07:54 -------- d-----w- c:\windows\system32\NtmsData 2010-08-20 07:04 . 2010-09-04 17:49 -------- d--h--w- c:\windows\system32\78D80E 2010-08-20 07:04 . 2010-08-20 19:20 -------- d--h--w- c:\windows\system32\3958AB 2010-08-20 07:04 . 2010-08-20 07:20 -------- d--h--w- c:\windows\system32\6BD97A 2010-08-20 07:04 . 2010-08-20 07:20 -------- d--h--w- c:\windows\system32\53BB40 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-15 17:38 . 2006-07-11 05:40 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-09-15 17:38 . 2006-07-11 05:40 -------- d-----w- c:\program files\Hewlett-Packard 2010-09-15 17:20 . 2010-09-15 17:20 848 ----a-w- c:\windows\system32\drivers\OCA_LOG.TXT 2010-09-14 18:57 . 2010-09-14 18:57 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-09-08 06:39 . 2009-04-08 21:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\Yqnae 2010-08-21 10:13 . 2010-08-21 10:11 -------- d-----w- c:\program files\Lexmark Toolbar 2010-08-21 10:11 . 2010-08-21 10:11 -------- d-----w- c:\program files\Lexmark 3400 Series 2010-08-20 19:13 . 2006-07-11 06:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2010-08-20 19:13 . 2006-07-11 06:07 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-08-20 07:29 . 2006-07-11 05:40 -------- d-----w- c:\program files\HPQ 2010-08-20 07:17 . 2006-07-11 06:12 -------- d-----w- c:\program files\Windows Media Connect 2010-08-20 07:16 . 2006-07-11 05:59 -------- d-----w- c:\program files\Sonic 2010-08-20 07:15 . 2006-07-11 05:30 -------- d-----w- c:\program files\microsoft frontpage 2010-08-20 07:15 . 2006-07-11 05:57 -------- d-----w- c:\program files\Hp 2010-08-20 07:15 . 2006-07-11 06:12 -------- d-----w- c:\program files\Fingerprint Sensor 2010-08-20 07:15 . 2006-07-11 05:41 -------- d-----w- c:\program files\DIFX 2010-08-20 07:15 . 2006-07-11 06:00 -------- d-----w- c:\program files\Common Files\TiVo Shared 2010-08-20 07:15 . 2006-07-11 05:42 -------- d-----w- c:\program files\CONEXANT 2010-08-20 07:14 . 2006-07-11 06:00 -------- d-----w- c:\program files\Common Files\SureThing Shared 2010-08-20 07:14 . 2006-07-11 05:59 -------- d-----w- c:\program files\Common Files\Sonic Shared 2010-08-20 07:14 . 2006-07-11 06:11 -------- d-----w- c:\program files\Common Files\LightScribe 2010-08-20 07:14 . 2006-07-11 05:56 -------- d-----w- c:\program files\Common Files\Adobe 2010-08-20 07:14 . 2006-07-11 05:40 -------- d-----w- c:\program files\Common Files\InstallShield 2010-08-20 07:01 . 2006-07-11 05:42 -------- d-----w- c:\program files\Analog Devices 2010-08-20 06:58 . 2006-07-11 05:30 -------- d-----w- c:\documents and settings\All Users\Application Data\SBSI 2010-08-20 06:58 . 2006-07-11 06:01 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield 2010-08-20 06:58 . 2006-07-11 05:57 -------- d-----w- c:\documents and settings\All Users\Application Data\hpqLog 2010-08-20 06:58 . 2006-07-11 06:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\ATI 2010-08-20 06:34 . 2010-08-20 06:34 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Infineon 2010-08-20 00:16 . 2010-08-20 00:16 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2010-08-19 23:59 . 2010-08-19 23:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\Sonic 2010-08-19 23:58 . 2010-08-19 23:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\Leadertech 2010-08-19 23:58 . 2006-07-11 05:47 -------- d-----w- c:\program files\Common Files\Java 2010-08-19 23:58 . 2010-08-19 23:58 503808 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-10a51f24-n\msvcp71.dll 2010-08-19 23:58 . 2010-08-19 23:58 499712 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-10a51f24-n\jmc.dll 2010-08-19 23:58 . 2010-08-19 23:58 348160 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-10a51f24-n\msvcr71.dll 2010-08-19 23:58 . 2010-08-19 23:58 61440 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6dc1cd11-n\decora-sse.dll 2010-08-19 23:58 . 2010-08-19 23:58 12800 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6dc1cd11-n\decora-d3d.dll 2010-08-19 23:57 . 2010-08-19 23:57 423656 ----a-w- c:\windows\system32\deployJava1.dll 2010-08-19 23:57 . 2006-07-11 05:47 -------- d-----w- c:\program files\Java 2010-08-19 23:51 . 2010-08-19 23:51 0 ----a-w- c:\windows\nsreg.dat 2010-08-12 12:16 . 2010-09-05 13:54 2979848 -c--a-w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe 2010-08-05 18:29 . 2010-08-05 18:29 434176 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\18481\RapportMS.dll 2010-08-05 18:29 . 2010-08-05 18:29 468200 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\18130\RapportCerberus.dll 2010-08-05 18:29 . 2010-08-05 18:29 34536 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\18130\RapportCerberus_18130.sys 2010-08-05 18:19 . 2010-08-05 18:19 58984 ----a-w- c:\windows\system32\drivers\RapportKELL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112] "PTHOSTTR"="c:\program files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-02-14 122880] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-31 122940] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-31 761946] "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-03-28 454656] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-23 131072] "Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-04-21 40960] "Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840] "Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-10 806912] "Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-02-15 892928] "WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2006-03-31 184320] "lxcymon.exe"="c:\program files\Lexmark 3400 Series\lxcymon.exe" [2007-01-11 291760] "EzPrint"="c:\program files\Lexmark 3400 Series\ezprint.exe" [2006-11-29 82864] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696] DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2010-8-20 184320] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN] 2006-03-03 15:08 434176 ----a-w- c:\windows\system32\IfxWlxEN.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard] 2005-07-25 18:41 40960 ----a-w- c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\SMINST\\Scheduler.exe"= "c:\\WINDOWS\\system32\\lxcycoms.exe"= "c:\\Program Files\\Lavasoft\\Ad-Aware\\Ad-Aware.exe"= "c:\\Program Files\\Lavasoft\\Ad-Aware\\ToolBox\\LT\\ProcessWatch.exe"= "c:\\Program Files\\Lavasoft\\Ad-Aware\\threatwork.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/5/2010 2:54 PM 64288] R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [8/5/2010 7:19 PM 58984] R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [11/29/2005 5:56 PM 36768] R1 RapportCerberus_18130;RapportCerberus_18130;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\18130\RapportCerberus_18130.sys [8/5/2010 7:29 PM 34536] R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [8/5/2010 7:19 PM 168936] R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [8/4/2004 9:00 AM 14336] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/12/2010 1:15 PM 1355416] R2 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?] R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [8/5/2010 7:19 PM 763112] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [10/21/2005 12:19 PM 36352] S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/12/2010 1:15 PM 15008] S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/4/2004 9:00 AM 14336] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Cognizance REG_MULTI_SZ ASChannel nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . Contents of the 'Scheduled Tasks' folder 2010-09-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 12:15] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.hp.com uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/ IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7f6fp04q.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ig?hl=en&source=iglk FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS REMOVED - - - - HKCU-Run-{01207D10-FE90-7969-7414-1EC11C8AFFC5} - c:\documents and settings\Administrator\Application Data\Akan\hoity.exe AddRemove-{E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\program files\NOS\bin\getPlus_Helper_3004.dll ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit scan 2010-09-15 23:22 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????,[email protected]? ????[[email protected]?????,[email protected] scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(888) c:\windows\system32\Ati2evxx.dll c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll c:\windows\system32\IfxWlxEN.dll c:\program files\HPQ\IAM\Bin\ASChnl.dll c:\program files\HPQ\IAM\Bin\ItMsg.dll - - - - - - - > 'explorer.exe'(7032) c:\program files\Trusteer\Rapport\bin\rooksbas.dll c:\program files\HPQ\IAM\Bin\SFSShell.dll c:\program files\HPQ\IAM\bin\ItMsg.dll c:\windows\system32\browselc.dll c:\program files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll c:\windows\System32\DLA\DLASHX_W.DLL c:\windows\system32\DLAAPI_W.DLL c:\windows\System32\DLA\DLACResW.dll c:\program files\HPQ\IAM\Bin\ItIeAddIN.dll c:\windows\system32\Audiodev.dll c:\windows\system32\WMVCore.DLL c:\windows\system32\WMASF.DLL . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\DllHost.exe c:\windows\system32\msdtc.exe c:\windows\system32\IFXSPMGT.exe c:\windows\system32\IFXTCS.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\windows\system32\lxcycoms.exe c:\program files\ProtectTools\Embedded Security Software\PSDsrvc.EXE c:\windows\system32\wdfmgr.exe c:\windows\system32\mqsvc.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\windows\system32\mqtgsvc.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\system32\Ati2evxx.exe c:\program files\ProtectTools\Embedded Security Software\PSDrt.exe c:\program files\HPQ\IAM\bin\asghost.exe c:\program files\Lavasoft\Ad-Aware\AAWTray.exe c:\progra~1\hpq\Shared\HPQTOA~1.EXE c:\program files\ATI Technologies\ATI.ACE\CLI.EXE c:\program files\ATI Technologies\ATI.ACE\cli.exe c:\windows\system32\wbem\wmiapsrv.exe . ************************************************************************** . Completion time: 2010-09-15 23:28:57 - machine was rebooted ComboFix-quarantined-files.txt 2010-09-15 22:28 Pre-Run: 22,789,206,016 bytes free Post-Run: 25,933,336,576 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer - - End Of File - - 00D0D20A745857CCDBE55269F4E0624A
  11. hi, thanks for the reply, I have downloaded cobofix, but when i double click on it, i get the prompt run this program, and when i click on run, nothing happens?
  12. Hi, new member here, I have followed this link [url="http://www.lavasoftsupport.com/index.php?showtopic=13639"]http://www.lavasoftsupport.com/index.php?showtopic=13639[/url] and here are my results, is there anything suspicious here? Have been unable to update ad-aware and also when clicking on links to sites ect.. it sometimes takes me to other sites. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 7:58:02 PM, on 9/14/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\IFXSPMGT.exe C:\WINDOWS\system32\IFXTCS.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\lxcycoms.exe C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\mqsvc.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\mqtgsvc.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\HPQ\IAM\bin\asghost.exe C:\Program Files\Trusteer\Rapport\bin\RapportService.exe C:\Program Files\ProtectTools\Embedded Security Software\PSDrt.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\WINDOWS\Sminst\Recguard.exe C:\WINDOWS\SMINST\Scheduler.exe C:\Program Files\Lexmark 3400 Series\lxcymon.exe C:\Program Files\Lexmark 3400 Series\ezprint.exe C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://www.hp.com"]http://www.hp.com[/url] R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [url="http://www.hp.com/"]http://www.hp.com/[/url] O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe" O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe" O4 - HKCU\..\Run: [{01207D10-FE90-7969-7414-1EC11C8AFFC5}] "C:\Documents and Settings\Administrator\Application Data\Akan\hoity.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O16 - DPF: {00000035-9593-4264-8B29-930B3E4EDCCD} (HPVirtualRooms35 Class) - [url="https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall35.cab"]https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall35.cab[/url] O17 - HKLM\System\CCS\Services\Tcpip\..\{072035AE-B8C7-4BA2-BF2F-CBEE4214105F}: NameServer = 93.188.163.182,93.188.166.182 O17 - HKLM\System\CCS\Services\Tcpip\..\{980CFE38-C04D-4EA8-83DD-9FF677A32BB4}: NameServer = 93.188.163.182,93.188.166.182 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.163.182,93.188.166.182 O17 - HKLM\System\CS1\Services\Tcpip\..\{072035AE-B8C7-4BA2-BF2F-CBEE4214105F}: NameServer = 93.188.163.182,93.188.166.182 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.163.182,93.188.166.182 O17 - HKLM\System\CS2\Services\Tcpip\..\{072035AE-B8C7-4BA2-BF2F-CBEE4214105F}: NameServer = 93.188.163.182,93.188.166.182 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.182,93.188.166.182 O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- End of file - 9298 bytes