[Vectordawg]

You folks have bailed me out in the past and I look forward to your expertise in remidiating my current issue. I believe I was infected with a file downloaded from a peer to peer network. I run Trend Micro internet security and while the file was detected and 'cleaned' it still infected my computer. I ran through all the pre-cleaning as recommended before posting a hijack this log and that seems to have taken care of the most significant issues. I now have no control over changing some settings to my desktop and the last scan I did utilizing PANDA online scan leads me to believe that there are still some remnants of infection. By the way, the PANDA scan ran for an inordinate amount of time, never did act like it finished, and worked best in safe mode. So, to be sure I would appreciate your scrutiny of the attached logs and I will await your advice. Thanks for the service you provide....

PANDA SCAN

;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-05-26 09:20:13
PROTECTIONS: 1
MALWARE: 6
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
Trend Micro Internet Security 16.10.1079 Yes Yes
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00101555 Application/KillApp.B HackTools No 0 Yes No C:\hp\bin\KillIt.exe
00139535 Application/Processor HackTools No 0 No No C:\Documents and Settings\Owner.KZOFFICE\Desktop\VirtumundoBeGone.exe[²ƒÇ]
00519333 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Owner.KZOFFICE\Desktop\VirtumundoBeGone.exe
02684749 Trj/Agent.GZY Virus/Trojan No 1 Yes No D:\Bearshare Downloads\Garmin MapSource City Navigator North America v8 ISO Keygen.zip[Crack.exe]
02970830 Trj/Downloader.MDW Virus/Trojan No 1 No No C:\WINDOWS\system32\g98.exe[■%%\²¬Ç]
02986019 Adware/AccesMembre Adware No 0 Yes No C:\WINDOWS\system32\logXv18\logXv182328.exe
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location nE
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description nE
;===============================================================================
=================================================================================
===================
170904 HIGH MS07-043 nE
120815 HIGH MS06-022 nE
;===============================================================================
=================================================================================
===================


SUPERAntiSpyware Scan Log
Generated 05/25/2008 at 04:21 PM

Application Version : 3.6.1000

Core Rules Database Version : 3468
Trace Rules Database Version: 1459

Scan type : Complete Scan
Total Scan Time : 03:58:55

Memory items scanned : 544
Memory threats detected : 0
Registry items scanned : 6340
Registry threats detected : 0
File items scanned : 192877
File threats detected : 90

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@2o7[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@adinterax[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adlegend[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@adrevolver[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@apmebf[2].txt
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt
C:\Documents and Settings\Owner\Cookies\owner@bizrate[1].txt
C:\Documents and Settings\Owner\Cookies\owner@bluestreak[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@burstnet[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@collective-media[1].txt
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@enhance[2].txt
C:\Documents and Settings\Owner\Cookies\owner@eyewonder[1].txt
C:\Documents and Settings\Owner\Cookies\owner@fastclick[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@hitbox[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@imrworldwide[2].txt
C:\Documents and Settings\Owner\Cookies\owner@indexstats[2].txt
C:\Documents and Settings\Owner\Cookies\owner@insightexpressai[2].txt
C:\Documents and Settings\Owner\Cookies\owner@interclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@kontera[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][3].txt
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@nocountryforoldmen[1].txt
C:\Documents and Settings\Owner\Cookies\owner@partner2profit[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[2].txt
C:\Documents and Settings\Owner\Cookies\owner@questionpro[1].txt
C:\Documents and Settings\Owner\Cookies\owner@questionpro[2].txt
C:\Documents and Settings\Owner\Cookies\owner@realmedia[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][3].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@specificclick[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@tacoda[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@trafficmp[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][10].txt
C:\Documents and Settings\Owner\Cookies\[email protected][11].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][3].txt
C:\Documents and Settings\Owner\Cookies\[email protected][4].txt
C:\Documents and Settings\Owner\Cookies\[email protected][5].txt
C:\Documents and Settings\Owner\Cookies\[email protected][6].txt
C:\Documents and Settings\Owner\Cookies\[email protected][7].txt
C:\Documents and Settings\Owner\Cookies\[email protected][8].txt
C:\Documents and Settings\Owner\Cookies\[email protected][9].txt
C:\Documents and Settings\Owner\Cookies\owner@xiti[1].txt
C:\Documents and Settings\Owner\Cookies\owner@zedo[2].txt
D:\DK Hard drive\Documents and Settings\LocalService\Cookies\system@offeroptimizer[1].txt


Malwarebytes' Anti-Malware 1.12
Database version: 775

Scan type: Quick Scan
Objects scanned: 61603
Time elapsed: 11 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\jkkijgHy.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53c92c8b-1a44-44cf-9fe2-cd6b0abdcab0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53c92c8b-1a44-44cf-9fe2-cd6b0abdcab0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM0b296eaf (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\hufjrvrv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vrvrjfuh.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkijgHy.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\yHgjikkj.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yHgjikkj.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssqRLDSl.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gtcccaxx.dll (Trojan.Agent) -> Delete on reboot.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:09:37 AM, on 5/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Documents and Settings\Owner.KZOFFICE\My Documents\Hank\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: {985717cd-729a-0138-1764-6c002271e5e2} - {2e5e1722-00c6-4671-8310-a927dc717589} - C:\WINDOWS\system32\simnopvd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe" -startup
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://acemailcls1....ov/iNotes6W.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmar...martActivia.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 10752 bytes

[Advertisements]

Hi,

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

[miekiemoes]

Hi,

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

[Vectordawg]

I started the combofix scan yesterday and it is still running. It looks as though it may be nearing the end as it has gone through 43 stages and has moved into deleting files/folders. It's not normal for the scan to take 24+ hours is it? At any rate, I'm continuing to let it run while I head off to work. Thanks for looking into my problem--Vectordawg

[miekiemoes]

Hi,

It isn't supposed to run that long. Guess your Antivirus may interfere here..

Can you try it from Windows Safe mode again?

Also, I assume you're using the latest Combofix version and not an older version?

Edited by miekiemoes, 28 May 2008 - 08:14 AM.

[Vectordawg]

If I'm not mistaken, I followed your link to COMBOFIX. The instructions there advised to terminate all programs running, which I did and that included my Trend Micro. I will run it again in safe mode. If I go home this PM and the COMBOFIX isn't finished or hasn't developed a log, can I just reboot to safe mode or do I need to invoke the recovery console to make it happen?

[miekiemoes]

Just reboot in Windows Safe mode.

If you're still having issues with Combofix then (preparing the log), try next instead..

* Download Deckard's System Scanner to your Desktop.

• Close all applications and windows.
• Double-click on dss.exe to run it, and follow the prompts.
• The scan may take a minute. When the scan is complete, a text file will open - main.txt
• Post the contents of this log in your next reply. Do not post the extra.txt present in that folder. Only post this when being asked.

Edit.. By the way, can you also explain this a bit more:

I now have no control over changing some settings to my desktop

Hmm, Combofix won't properly run here, you cannot save changes.. this *may look like a corrupted userprofile....

Edited by miekiemoes, 28 May 2008 - 03:12 PM.

[Vectordawg]

miekiemoes,

I got home from work and COMBOFIX was just finishing....24+ hours of scanning! Anyway I waited for the log, saved it and then rebooted to safe mode, ran COMBOFIX and it was over in about 10 minutes. I have both logs saved. Which one would you like to see?

QUOTE
I now have no control over changing some settings to my desktop

As far as the request for more information, I was unable to make specific changes to my desktop background. The "Browse" button was non-functional. After combofix, I was able to change the picture as the button regained functionality.

[miekiemoes]

Hi,

I need the C:\Combofix.txt log

[Vectordawg]

This is the log that was created when I ran COMBOFIX in safe mode, not the log from the first run of COMBOFIX which took 24+ hours.......


ComboFix 08-05-26.2 - Owner 2008-05-28 20:00:22.2 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.811 [GMT -5:00]
Running from: C:\Documents and Settings\Owner.KZOFFICE\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-29 )))))))))))))))))))))))))))))))
.

2008-05-28 13:34 . 2008-05-28 13:34 <DIR> d-------- C:\WINDOWS\LastGood
2008-05-26 22:44 . 2008-05-26 22:44 827,392 --a------ C:\WINDOWS\system32\FLASH.OCX
2008-05-25 12:18 . 2008-05-25 17:44 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-25 12:18 . 2008-05-25 12:18 <DIR> d-------- C:\Documents and Settings\Owner.KZOFFICE\Application Data\SUPERAntiSpyware.com
2008-05-25 12:18 . 2008-05-25 12:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-25 12:17 . 2008-05-25 12:17 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-23 22:49 . 2008-05-23 22:49 <DIR> d-------- C:\VundoFix Backups
2008-05-21 21:57 . 2008-05-21 21:57 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-21 21:57 . 2008-05-21 21:57 <DIR> d-------- C:\Documents and Settings\Owner.KZOFFICE\Application Data\Malwarebytes
2008-05-21 21:57 . 2008-05-21 21:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-21 21:57 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-21 21:57 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-21 21:56 . 2008-05-21 21:56 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-05-21 20:58 . 2008-05-21 20:58 9,662 --a------ C:\WINDOWS\system32\vaio3-011.ico
2008-05-21 16:57 . 2008-05-21 16:57 9,662 --a------ C:\WINDOWS\system32\pinkip.ico
2008-05-21 12:57 . 2008-05-21 12:57 13,942 --a------ C:\WINDOWS\system32\iphone-011.ico
2008-05-21 09:45 . 2008-05-21 09:45 <DIR> d-------- C:\Program Files\Panda Security
2008-05-20 11:34 . 2008-05-20 11:34 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-05-20 11:31 . 2008-05-20 11:31 <DIR> d-------- C:\WINDOWS\system32\logXv18
2008-05-20 11:31 . 2008-05-20 11:31 <DIR> d-------- C:\temp\dmpxp32
2008-05-20 11:31 . 2008-05-20 11:31 401,972 --a------ C:\WINDOWS\system32\g98.exe
2008-05-09 18:10 . 2008-05-09 18:10 <DIR> d-------- C:\drivers
2008-05-07 22:34 . 2008-05-07 22:34 <DIR> d-------- C:\Documents and Settings\Owner.KZOFFICE\Application Data\FaxCtr
2008-05-07 21:43 . 2008-05-07 21:43 <DIR> d-------- C:\Documents and Settings\Owner.KZOFFICE\Application Data\Lexmark Productivity Studio
2008-05-07 17:44 . 2008-05-27 10:13 <DIR> d-------- C:\Program Files\Lx_cats
2008-05-07 17:44 . 2008-05-07 17:44 <DIR> d-------- C:\logs
2008-05-07 17:43 . 2007-03-28 08:16 344,064 --a------ C:\WINDOWS\system32\lxddcoin.dll
2008-05-07 17:43 . 2001-08-17 22:36 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2008-05-07 17:43 . 2001-08-17 22:36 87,040 --a--c--- C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2008-05-07 17:43 . 2006-05-17 21:47 40,960 --a------ C:\WINDOWS\system32\lxddvs.dll
2008-05-07 17:42 . 2007-01-09 11:13 692,224 --a------ C:\WINDOWS\system32\lxdddrs.dll
2008-05-07 17:42 . 2006-10-06 12:08 69,632 --a------ C:\WINDOWS\system32\lxddcnv4.dll
2008-05-07 17:42 . 2007-01-23 13:40 65,536 --a------ C:\WINDOWS\system32\lxddcaps.dll
2008-05-07 17:41 . 2008-05-07 17:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FaxCtr
2008-05-07 17:41 . 2006-05-31 10:51 339,968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL
2008-05-07 17:41 . 2006-05-31 10:51 98,345 --a------ C:\WINDOWS\system32\IMHOST32.DLL
2008-05-07 17:41 . 2006-05-31 10:51 98,304 --a------ C:\WINDOWS\system32\IM31XPNG.DEL
2008-05-07 17:41 . 2006-05-31 10:51 69,632 --a------ C:\WINDOWS\system32\IM31XTIF.DEL
2008-05-07 17:41 . 2006-05-31 10:51 49,152 --a------ C:\WINDOWS\system32\IM31IMG.DIL
2008-05-07 17:41 . 2007-02-21 18:11 45,056 --a------ C:\WINDOWS\system32\LXF3PMON.DLL
2008-05-07 17:41 . 2006-11-07 05:02 36,864 --a------ C:\WINDOWS\system32\lxf3oem.dll
2008-05-07 17:41 . 2007-02-21 18:11 32,768 --a------ C:\WINDOWS\system32\LXF3FXPU.DLL
2008-05-07 17:41 . 2007-02-21 18:14 12,288 --a------ C:\WINDOWS\system32\LXF3PMRC.DLL
2008-05-07 17:35 . 2008-05-07 21:43 <DIR> d-------- C:\Program Files\Lexmark Toolbar
2008-05-07 17:35 . 2008-05-07 17:42 <DIR> d-------- C:\Program Files\Lexmark Fax Solutions
2008-05-07 17:35 . 2008-05-07 17:35 <DIR> d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-05-07 17:35 . 2006-12-05 23:19 44 --a------ C:\WINDOWS\system32\lxddrwrd.ini
2008-05-07 17:34 . 2008-05-07 17:42 <DIR> d-------- C:\Program Files\Lexmark 2500 Series
2008-05-06 11:52 . 2008-05-06 11:52 <DIR> d-------- C:\Documents and Settings\Owner.KZOFFICE\Application Data\Snapfish

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-22 02:44 --------- d-----w C:\Program Files\LimeWire
2008-05-21 14:32 --------- d-----w C:\Documents and Settings\Owner.KZOFFICE\Application Data\LimeWire
2008-05-19 16:37 --------- d-----w C:\Documents and Settings\Owner.KZOFFICE\Application Data\AdobeUM
2008-05-19 03:27 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-05 14:42 --------- d-----w C:\Documents and Settings\Owner.KZOFFICE\Application Data\HP
2008-05-02 21:22 205,328 ----a-w C:\WINDOWS\system32\drivers\tmxpflt.sys
2008-05-02 21:21 36,368 ----a-w C:\WINDOWS\system32\drivers\tmpreflt.sys
2008-05-02 21:17 1,169,240 ----a-w C:\WINDOWS\system32\drivers\vsapint.sys
2008-04-25 02:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\X10 Settings
2008-04-17 02:20 --------- d-----w C:\Program Files\Common Files\LogiShrd
2008-04-17 02:19 --------- d-----w C:\Program Files\Logitech
2008-04-13 16:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-09 03:31 --------- d-----w C:\Program Files\MSECache
2008-04-07 15:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-04-05 19:18 --------- d-----w C:\Documents and Settings\Owner.KZOFFICE\Application Data\Apple Computer
2008-04-05 19:13 --------- d-----w C:\Program Files\QuickTime
2008-04-05 19:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-05 19:12 --------- d-----w C:\Program Files\Apple Software Update
2008-04-05 19:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-04-05 03:55 --------- d-----w C:\Program Files\ActiveHome Pro
2008-04-04 18:26 --------- d-----w C:\Program Files\Google
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((( snapshot@2008-05-28_18.57.56.70 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-28 18:29:17 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-29 00:59:01 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2003-08-19 04:56 852038 C:\WINDOWS\system32\nview.dll]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"BackupNotify"="c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" [2003-06-22 23:25 24576]
"OE"="C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2007-09-17 19:29 488712]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-12 12:45 68856]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-25 17:44 1510640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 18:04 52736]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 09:07 114688]
"CamMonitor"="c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 09:23 90112]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [ ]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-23 04:55 483328]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 10:01 110592]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-10-10 23:58 151597]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 23:42 212992]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-08-19 04:56 4841472]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2003-08-14 21:11 139264]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 17:44 61440]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-27 03:34 172032]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37 2178832]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984]
"VTTimer"="VTTimer.exe" []
"nwiz"="nwiz.exe" [2003-08-19 04:56 323584 C:\WINDOWS\system32\nwiz.exe]
"lxddmon.exe"="C:\Program Files\Lexmark 2500 Series\lxddmon.exe" [2007-06-11 14:27 291760]
"lxddamon"="C:\Program Files\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 03:19 20480]
"LTMSG"="LTMSG.exe" [2003-07-14 19:52 40960 C:\WINDOWS\ltmsg.exe]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2007-06-11 14:28 312240]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 14:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-02-16 01:56 1398024]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024]
"Corel Photo Downloader"="C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe" [ ]
"Corel File Shell Monitor"="C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2007-10-30 20:52 16200]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-07-07 10:20:40 233472]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-01-29 21:04:58 450560]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-01-29 21:04:09 450560]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2003-07-30 06:49:48 57344]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-25 17:44 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2008-05-25 17:44 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"D:\\Recovered From Maxtor\\DIR00122\\family cd 2\\My Documents\\Anne\\Kyodai Mahjongg 2006\\KMJ.EXE"=
"C:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"C:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=
"C:\\WINDOWS\\system32\\lxddcoms.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=
"C:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020

S1 mff;mff;C:\WINDOWS\system32\drivers\mff.sys []
S2 lxdd_device;lxdd_device;C:\WINDOWS\system32\lxddcoms.exe [2007-05-25 09:41]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe [2007-05-25 04:41]
S3 BENDER;Pinnacle DV/AV Capture;C:\WINDOWS\system32\drivers\bender.sys [2003-07-09 15:35]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\AUTORUN.EXE

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-28 20:03:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-28 20:05:32
ComboFix-quarantined-files.txt 2008-05-29 01:05:01
ComboFix2.txt 2008-05-29 00:01:33

Pre-Run: 130,434,904,064 bytes free
Post-Run: 130,420,994,048 bytes free

209 --- E O F --- 2008-05-17 14:51:18

[miekiemoes]

Hi,

Please upload the files C:\ComboFix2.txt and ComboFix-quarantined-files.txt to the following webpage:
http://www.bleepingc...e.php?channel=8
Because they are the logs from your previous run and I want to see them as well.

Then,

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

File::
C:\WINDOWS\system32\g98.exe
C:\WINDOWS\system32\vbzip10.dll
Folder::
C:\VundoFix Backups
C:\WINDOWS\system32\logXv18
C:\temp\dmpxp32
DirLook::
C:\drivers
Driver::
mff
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPHUPD05"=-
"AlcxMonitor"=-
"Corel Photo Downloader"=-

Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.



This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.

[Vectordawg]

Miekiemoes,
The files you requested have been uploaded to bleepingcomputer.com. The COMBOFIX and Hijackthis logs follow. Thanks, Vectordawg


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:45:09 PM, on 5/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Owner.KZOFFICE\My Documents\Hank\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://acemailcls1....ov/iNotes6W.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmar...martActivia.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 9703 bytes





ComboFix 08-05-26.2 - Owner 2008-05-29 16:20:04.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.545 [GMT -5:00]
Running from: C:\Documents and Settings\Owner.KZOFFICE\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner.KZOFFICE\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\system32\g98.exe
C:\WINDOWS\system32\vbzip10.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\temp\dmpxp32
C:\temp\dmpxp32\sakldsr.log
C:\VundoFix Backups
C:\WINDOWS\system32\g98.exe
C:\WINDOWS\system32\logXv18
C:\WINDOWS\system32\logXv18\logXv182328.exe
C:\WINDOWS\system32\vbzip10.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MFF
-------\Service_mff


((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-29 )))))))))))))))))))))))))))))))
.

2008-05-26 22:44 . 2008-05-26 22:44 827,392 --a------ C:\WINDOWS\system32\FLASH.OCX
2008-05-25 12:18 . 2008-05-25 17:44 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-25 12:18 . 2008-05-25 12:18 <DIR> d-------- C:\Documents and Settings\Owner.KZOFFICE\Application Data\SUPERAntiSpyware.com
2008-05-25 12:18 . 2008-05-25 12:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-25 12:17 . 2008-05-25 12:17 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-21 21:57 . 2008-05-21 21:57 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-21 21:57 . 2008-05-21 21:57 <DIR> d-------- C:\Documents and Settings\Owner.KZOFFICE\Application Data\Malwarebytes
2008-05-21 21:57 . 2008-05-21 21:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-21 21:57 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-21 21:57 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-21 21:56 . 2008-05-21 21:56 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-05-21 20:58 . 2008-05-21 20:58 9,662 --a------ C:\WINDOWS\system32\vaio3-011.ico
2008-05-21 16:57 . 2008-05-21 16:57 9,662 --a------ C:\WINDOWS\system32\pinkip.ico
2008-05-21 12:57 . 2008-05-21 12:57 13,942 --a------ C:\WINDOWS\system32\iphone-011.ico
2008-05-21 09:45 . 2008-05-21 09:45 <DIR> d-------- C:\Program Files\Panda Security
2008-05-09 18:10 . 2008-05-09 18:10 <DIR> d-------- C:\drivers
2008-05-07 22:34 . 2008-05-07 22:34 <DIR> d-------- C:\Documents and Settings\Owner.KZOFFICE\Application Data\FaxCtr
2008-05-07 21:43 . 2008-05-07 21:43 <DIR> d-------- C:\Documents and Settings\Owner.KZOFFICE\Application Data\Lexmark Productivity Studio
2008-05-07 17:44 . 2008-05-27 10:13 <DIR> d-------- C:\Program Files\Lx_cats
2008-05-07 17:44 . 2008-05-07 17:44 <DIR> d-------- C:\logs
2008-05-07 17:43 . 2007-03-28 08:16 344,064 --a------ C:\WINDOWS\system32\lxddcoin.dll
2008-05-07 17:43 . 2001-08-17 22:36 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2008-05-07 17:43 . 2001-08-17 22:36 87,040 --a--c--- C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2008-05-07 17:43 . 2006-05-17 21:47 40,960 --a------ C:\WINDOWS\system32\lxddvs.dll
2008-05-07 17:42 . 2007-01-09 11:13 692,224 --a------ C:\WINDOWS\system32\lxdddrs.dll
2008-05-07 17:42 . 2006-10-06 12:08 69,632 --a------ C:\WINDOWS\system32\lxddcnv4.dll
2008-05-07 17:42 . 2007-01-23 13:40 65,536 --a------ C:\WINDOWS\system32\lxddcaps.dll
2008-05-07 17:41 . 2008-05-07 17:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FaxCtr
2008-05-07 17:41 . 2006-05-31 10:51 339,968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL
2008-05-07 17:41 . 2006-05-31 10:51 98,345 --a------ C:\WINDOWS\system32\IMHOST32.DLL
2008-05-07 17:41 . 2006-05-31 10:51 98,304 --a------ C:\WINDOWS\system32\IM31XPNG.DEL
2008-05-07 17:41 . 2006-05-31 10:51 69,632 --a------ C:\WINDOWS\system32\IM31XTIF.DEL
2008-05-07 17:41 . 2006-05-31 10:51 49,152 --a------ C:\WINDOWS\system32\IM31IMG.DIL
2008-05-07 17:41 . 2007-02-21 18:11 45,056 --a------ C:\WINDOWS\system32\LXF3PMON.DLL
2008-05-07 17:41 . 2006-11-07 05:02 36,864 --a------ C:\WINDOWS\system32\lxf3oem.dll
2008-05-07 17:41 . 2007-02-21 18:11 32,768 --a------ C:\WINDOWS\system32\LXF3FXPU.DLL
2008-05-07 17:41 . 2007-02-21 18:14 12,288 --a------ C:\WINDOWS\system32\LXF3PMRC.DLL
2008-05-07 17:35 . 2008-05-07 21:43 <DIR> d-------- C:\Program Files\Lexmark Toolbar
2008-05-07 17:35 . 2008-05-07 17:42 <DIR> d-------- C:\Program Files\Lexmark Fax Solutions
2008-05-07 17:35 . 2008-05-07 17:35 <DIR> d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-05-07 17:35 . 2006-12-05 23:19 44 --a------ C:\WINDOWS\system32\lxddrwrd.ini
2008-05-07 17:34 . 2008-05-07 17:42 <DIR> d-------- C:\Program Files\Lexmark 2500 Series
2008-05-06 11:52 . 2008-05-06 11:52 <DIR> d-------- C:\Documents and Settings\Owner.KZOFFICE\Application Data\Snapfish

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-22 02:44 --------- d-----w C:\Program Files\LimeWire
2008-05-21 14:32 --------- d-----w C:\Documents and Settings\Owner.KZOFFICE\Application Data\LimeWire
2008-05-19 16:37 --------- d-----w C:\Documents and Settings\Owner.KZOFFICE\Application Data\AdobeUM
2008-05-19 03:27 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-05 14:42 --------- d-----w C:\Documents and Settings\Owner.KZOFFICE\Application Data\HP
2008-05-02 21:22 205,328 ----a-w C:\WINDOWS\system32\drivers\tmxpflt.sys
2008-05-02 21:21 36,368 ----a-w C:\WINDOWS\system32\drivers\tmpreflt.sys
2008-05-02 21:17 1,169,240 ----a-w C:\WINDOWS\system32\drivers\vsapint.sys
2008-04-25 02:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\X10 Settings
2008-04-17 02:20 --------- d-----w C:\Program Files\Common Files\LogiShrd
2008-04-17 02:19 --------- d-----w C:\Program Files\Logitech
2008-04-13 16:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-09 03:31 --------- d-----w C:\Program Files\MSECache
2008-04-07 15:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-04-05 19:18 --------- d-----w C:\Documents and Settings\Owner.KZOFFICE\Application Data\Apple Computer
2008-04-05 19:13 --------- d-----w C:\Program Files\QuickTime
2008-04-05 19:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-05 19:12 --------- d-----w C:\Program Files\Apple Software Update
2008-04-05 19:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-04-05 03:55 --------- d-----w C:\Program Files\ActiveHome Pro
2008-04-04 18:26 --------- d-----w C:\Program Files\Google
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\drivers ----

2007-07-18 09:06 2604 --a------ C:\drivers\printer\2500\install\config\Product.ini
2007-07-18 09:06 179 --a------ C:\drivers\printer\2500\Setup.ini
2007-06-11 19:29 304048 --a------ C:\drivers\printer\2500\install\x86\Setup.exe
2007-06-11 19:29 2884528 --a------ C:\drivers\printer\2500\install\x86\Instgui.exe
2007-06-11 19:29 2790320 --a------ C:\drivers\printer\2500\install\x86\uninst.exe
2007-06-11 19:29 218032 --a------ C:\drivers\printer\2500\tools\diagnostics\ENGLISH\sysinfo.exe
2007-06-11 19:28 70576 --a------ C:\drivers\printer\2500\applications\Toolbar\EZPrintLite\ezprintL.EXE
2007-06-11 19:28 54192 --a------ C:\drivers\printer\2500\applications\Toolbar\setup.exe
2007-06-11 19:27 304048 --a------ C:\drivers\printer\2500\Setup.exe
2007-06-11 19:27 304048 --a------ C:\drivers\printer\2500\applications\Setup.exe
2007-06-11 19:27 29616 --a------ C:\drivers\printer\2500\applications\App4r\App4R.exe
2007-06-11 19:27 279472 --a------ C:\drivers\printer\2500\applications\App4r\SShow\EN\SlideShow.exe
2007-06-11 19:27 271336 --a------ C:\drivers\printer\2500\applications\AIOC\lexocr.exe
2007-06-11 19:27 124959 --a------ C:\drivers\printer\2500\applications\AIOC\lxddmon.ex_
2007-06-11 19:10 683 --a------ C:\drivers\printer\2500\install\config\nls\oem.nls
2007-06-11 19:10 349 --a------ C:\drivers\printer\2500\install\apwunst.isf
2007-06-11 19:10 274 --a------ C:\drivers\printer\2500\applications\Setup.ini
2007-06-11 19:10 182 --a------ C:\drivers\printer\2500\install\app4R.isf
2007-06-11 19:10 173 --a------ C:\drivers\printer\2500\install\appinst.isf
2007-06-11 19:10 11080 --a------ C:\drivers\printer\2500\install\config\nls\common.nls
2007-06-11 09:55 167143 --a------ C:\drivers\printer\2500\drivers\Win_XP2K\lxddcdrv.cat
2007-06-11 09:55 166854 --a------ C:\drivers\printer\2500\drivers\Win_XP2K\lxdddr64.cat
2007-06-11 09:55 12494 --a------ C:\drivers\printer\2500\drivers\scan\lxdd_x86.cat
2007-06-11 09:55 12482 --a------ C:\drivers\printer\2500\drivers\scan\lxdd_x64.cat
2007-05-30 05:12 90112 --a------ C:\drivers\printer\2500\applications\App4r\App4R.Gui.GuiEngine1.dll
2007-05-30 05:12 864256 --a------ C:\drivers\printer\2500\applications\App4r\App4R.Gui.ControlLib1.dll
2007-05-30 05:12 77581 --a------ C:\drivers\printer\2500\applications\App4r\Scripts\AppMainMenu.xml
2007-05-30 05:12 73728 --a------ C:\drivers\printer\2500\applications\App4r\App4R.Gui.GuiEngineBase.dll
2007-05-30 05:12 7066 --a------ C:\drivers\printer\2500\applications\App4r\Scripts\ScannablePaperSizes.xml
2007-05-30 05:12 7056 --a------ C:\drivers\printer\2500\applications\App4r\Scripts\PreferencePaperSizes.xml
2007-05-30 05:12 700416 --a------ C:\drivers\printer\2500\applications\App4r\App4R.Gui.FunctionDef2.dll
2007-05-30 05:12 69632 --a------ C:\drivers\printer\2500\applications\App4r\App4R.Gui.UtilCommand1.dll
2007-05-30 05:12 69632 --a------ C:\drivers\printer\2500\applications\App4r\App4R.Gui.MessageAdapter1.dll
2007-05-30 05:12 65536 --a------ C:\drivers\printer\2500\applications\App4r\App4R.Gui.UtilCommand2.dll
2007-05-30 05:12 585728 --a------ C:\drivers\printer\2500\applications\App4r\App4R.Gui.FunctionDef1.dll
2007-05-30 05:12 57344 --a------ C:\drivers\printer\2500\applications\App4r\App4R.Framework.PersistentDataStore.dll
2007-05-30 05:12 53248 --a------ C:\drivers\printer\2500\applications\App4r\App4R.Gui.MessageAdapter2.dll
2007-05-30 05:12 450560 --a------ C:\drivers\printer\2500\applications\App4r\App4R.Gui.ControlLib2.dll
2007-05-30 05:12 45056 --a------ C:\drivers\printer\2500\applications\App4r\App4R.Gui.GuiEngine2.dll
2007-05-30 05:12 45056 --a------ C:\drivers\printer\2500\applications\App4r\App4R.Framework.Public.dll
2007-05-30 05:12 40960 --a------ C:\drivers\printer\2500\applications\App4r\App4R.Monitor.Core.dll
2007-05-30 05:12 40960 --a------ C:\drivers\printer\2500\applications\App4r\App4R.Framework.Messaging.dll
2007-05-30 05:12 36864 --a------ C:\drivers\printer\2500\applications\App4r\App4R.Gui.Controller.dll
2007-05-30 05:12 28672 --a------ C:\drivers\printer\2500\applications\App4r\App4R.Monitor.Common.dll
2007-05-30 05:12 204800 --a------ C:\drivers\printer\2500\applications\App4r\App4R.Gui.Core.dll
2007-05-30 05:12 20480 --a------ C:\drivers\printer\2500\applications\App4r\App4R.Gui.SplashScreen.dll
2007-05-30 05:12 167936 --a------ C:\drivers\printer\2500\applications\App4r\App4R.Gui.FuncDefBase.dll
2007-05-30 05:12 16384 --a------ C:\drivers\printer\2500\applications\App4r\App4R.Framework.LoggingListeners.dll
2007-05-30 05:12 151552 --a------ C:\drivers\printer\2500\applications\App4r\App4R.Gui.GuiEngineBase.ControlLibBase.dll
2007-05-30 05:11 94208 --a------ C:\drivers\printer\2500\applications\App4r\App4R.Drones.Printing.dll
2007-05-30 05:11 94208 --a------ C:\drivers\printer\2500\applications\App4r\App4R.Drones.ApplicationEnum.dll
2007-05-30 05:11 94208 --a------ C:\drivers\printer\2500\applications\App4r\App4R.Drones.ApplicationControl.dll
2007-05-30 05:11 86016 --a------ C:\drivers\printer\2500\applications\App4r\App4R.Drones.FileNetworkCard.dll
2007-05-30 05:11 81920 --a------ C:\drivers\printer\2500\applications\App4r\App4R.Drones.SilentScanMgr.dll
2007-05-30 05:11 77824 --a------ C:\drivers\printer\2500\applications\App4r\App4R.Drones.PhotoCardLayout.dll
2007-05-30 05:11 61440 --a------ C:\drivers\printer\2500\applications\App4r\App4R.Framework.Core.dll
2007-05-30 05:11 57344 --a------ C:\drivers\printer\2500\applications\App4r\App4R.DevMons.MCMDevMon.dll
2007-05-30 05:11 561152 --a------ C:\drivers\printer\2500\applications\App4r\App4R.Drones.Imaging.dll
2007-05-30 05:11 53248 --a------ C:\drivers\printer\2500\applications\App4r\App4R.Drones.DownloadAppList.dll
2007-05-30 05:11 53248 --a------ C:\drivers\printer\2500\applications\App4r\App4R.Drones.DeviceEnum.dll
2007-05-30 05:11 52736 --a------ C:\drivers\printer\2500\applications\App4r\App4R.Drones.ScanMarshalling.dll
2007-05-30 05:11 49152 --a------ C:\drivers\printer\2500\applications\App4r\App4R.drones.DriveInfo.dll
2007-05-30 05:11 46080 --a------ C:\drivers\printer\2500\applications\App4r\App4R.Drones.DownloadAppListMarshalling.dll
2007-05-30 05:11 40960 --a------ C:\drivers\printer\2500\applications\App4r\App4R.Drones.ScanCommon.dll
2007-05-30 05:11 40960 --a------ C:\drivers\printer\2500\applications\App4r\App4R.Drones.FileNetworkCardCommon.dll
2007-05-30 05:11 40960 --a------ C:\drivers\printer\2500\applications\App4r\App4R.ApplicationLayer.dll
2007-05-30 05:11 36864 --a------ C:\drivers\printer\2500\applications\App4r\App4R.Framework.Discovery.dll
2007-05-30 05:11 36864 --a------ C:\drivers\printer\2500\applications\App4r\App4R.Framework.Connectables.dll
2007-05-30 05:11 36864 --a------ C:\drivers\printer\2500\applications\App4r\App4R.Drones.PhotoCardEnum.dll
2007-05-30 05:11 36864 --a------ C:\drivers\printer\2500\applications\App4r\App4R.Drones.PhotoCardDiscovery.dll
2007-05-30 05:11 36864 --a------ C:\drivers\printer\2500\applications\App4r\App4R.Drones.PageLayout.dll
2007-05-30 05:11 36864 --a------ C:\drivers\printer\2500\applications\App4r\App4R.Domain.DomainLayer.dll
2007-05-30 05:11 331776 --a------ C:\drivers\printer\2500\applications\App4r\App4R.Drones.Common.dll
2007-05-30 05:11 32768 --a------ C:\drivers\printer\2500\applications\App4r\App4R.Drones.Marshalling.dll
2007-05-30 05:11 28672 --a------ C:\drivers\printer\2500\applications\App4r\App4R.Framework.IPC.Listener.dll
2007-05-30 05:11 28672 --a------ C:\drivers\printer\2500\applications\App4r\App4R.Drones.FileMgr.dll
2007-05-30 05:11 266240 --a------ C:\drivers\printer\2500\applications\App4r\App4R.Drones.WorkflowMgr.dll
2007-05-30 05:11 24576 --a------ C:\drivers\printer\2500\applications\App4r\App4R.Framework.InterfaceLog.dll
2007-05-30 05:11 24576 --a------ C:\drivers\printer\2500\applications\App4r\App4R.Drones.Settings.dll
2007-05-30 05:11 20480 --a------ C:\drivers\printer\2500\applications\App4r\App4R.Framework.Logging.dll
2007-05-30 05:11 20480 --a------ C:\drivers\printer\2500\applications\App4r\App4R.Drones.ImagingInterfaces.dll
2007-05-30 05:11 196608 --a------ C:\drivers\printer\2500\applications\App4r\App4R.Drones.ImageMgr.dll
2007-05-30 05:11 172032 --a------ C:\drivers\printer\2500\applications\App4r\App4R.Drones.Scan.dll
2007-05-30 05:11 167936 --a------ C:\drivers\printer\2500\applications\App4r\App4R.Drones.LayoutMgr.dll
2007-05-30 05:11 167936 --a------ C:\drivers\printer\2500\applications\App4r\App4R.Drones.File.dll
2007-05-30 05:11 163840 --a------ C:\drivers\printer\2500\applications\App4r\App4R.Drones.PosterMgr.dll
2007-05-30 05:11 131072 --a------ C:\drivers\printer\2500\applications\App4r\App4R.Drones.PhotoCardManager.dll
2007-05-30 05:11 1171456 --a------ C:\drivers\printer\2500\applications\App4r\App4R.Drones.ImagingMarshalling.dll
2007-05-30 05:11 110592 --a------ C:\drivers\printer\2500\applications\App4r\App4R.Drones.SlideShowManager.dll
2007-05-30 05:11 106496 --a------ C:\drivers\printer\2500\applications\App4r\App4R.drones.MCM.dll
2007-05-30 05:11 105472 --a------ C:\drivers\printer\2500\applications\App4r\App4R.Drones.FileNetworkCardMarshal.dll
2007-05-25 09:42 70261 --a------ C:\drivers\printer\2500\drivers\Win_XP2K\i386\lxddwbgw.ex_
2007-05-25 09:42 47690 --a------ C:\drivers\printer\2500\drivers\Win_XP2K\i386\lxddtime.ex_
2007-05-25 09:42 47482 --a------ C:\drivers\printer\2500\drivers\Win_XP2K\i386\lxddupld.ex_
2007-05-25 09:42 115360 --a------ C:\drivers\printer\2500\drivers\Win_XP2K\common\lxddcfgx.exe
2007-05-25 09:41 99973 --a------ C:\drivers\printer\2500\drivers\Win_XP2K\i386\lxddppls.ex_
2007-05-25 09:41 57375 --a------ C:\drivers\printer\2500\drivers\Win_XP2K\i386\lxddserv.ex_
2007-05-25 09:41 47657 --a------ C:\drivers\printer\2500\drivers\Win_XP2K\i386\lxddview.ex_
2007-05-25 09:41 280432 --a------ C:\drivers\printer\2500\drivers\Win_XP2K\i386\lxddcoms.ex_
2007-05-25 09:41 228792 --a------ C:\drivers\printer\2500\drivers\Win_XP2K\i386\lxddjswx.ex_
2007-05-25 09:41 226484 --a------ C:\drivers\printer\2500\drivers\Win_XP2K\i386\lxddcfg.ex_
2007-05-25 09:41 220894 --a------ C:\drivers\printer\2500\drivers\Win_XP2K\i386\lxddih.ex_
2007-05-25 09:41 167555 --a------ C:\drivers\printer\2500\drivers\Win_XP2K\i386\lxddpswx.ex_
2007-05-25 09:21 3469 --a------ C:\drivers\printer\2500\drivers\scan\LXDDscan.inf
2007-05-25 09:21 1932 --a------ C:\drivers\printer\2500\drivers\Win_XP2K\common\LXDD.loc
2007-05-25 09:20 14433 --a------ C:\drivers\printer\2500\drivers\Win_XP2K\LXDDprc.inf
2007-05-25 09:06 27 --a------ C:\drivers\printer\2500\drivers\Win_XP2K\LXDDprod.ver
2007-05-24 06:34 700714 --a------ C:\drivers\printer\2500\applications\AIOC\ENGLISH\lxddatwr.dl_
2007-05-24 06:34 326864 --a------ C:\drivers\printer\2500\applications\AIOC\ENGLISH\lxddactr.dl_
2007-05-24 06:34 32488 --a------ C:\drivers\printer\2500\applications\AIOC\ENGLISH\lxddatgr.dl_
2007-05-24 06:33 56675 --a------ C:\drivers\printer\2500\applications\AIOC\lxddatw.dl_
2007-05-24 06:28 54715 --a------ C:\drivers\printer\2500\applications\AIOC\lxddatg.dl_
2007-05-24 06:23 183682 --a------ C:\drivers\printer\2500\applications\AIOC\lxddactl.dl_
2007-05-24 06:19 126016 --a------ C:\drivers\printer\2500\applications\AIOC\lxddafcn.dl_
2007-05-24 06:17 2126782 --a------ C:\drivers\printer\2500\applications\AIOC\lxddbmp.dl_
2007-05-24 06:17 133047 --a------ C:\drivers\printer\2500\applications\AIOC\lxddautl.dl_
2007-05-24 04:15 49594 --a------ C:\drivers\printer\2500\drivers\Win_XP2K\i386\english\lxddprpr.dl_
2007-05-24 04:15 26375 --a------ C:\drivers\printer\2500\drivers\Win_XP2K\i386\english\lxddinsr.dl_
2007-05-24 04:15 20995 --a------ C:\drivers\printer\2500\drivers\Win_XP2K\i386\english\lxddupdr.dl_
2007-05-24 04:15 106496 --a------ C:\drivers\printer\2500\install\ENGLISH\lxddinsr.dll
2007-05-24 04:15 10384 --a------ C:\drivers\printer\2500\drivers\Win_XP2K\i386\english\lxddcur.dl_
2007-05-24 04:14 89114 --a------ C:\drivers\printer\2500\drivers\Win_XP2K\i386\english\lxddlpar.dl_
2007-05-24 04:14 41246 --a------ C:\drivers\printer\2500\drivers\Win_XP2K\i386\english\lxddjswr.dl_
2007-05-24 04:14 41246 --a------ C:\drivers\printer\2500\applications\AIOC\ENGLISH\lxddjswr.dl_
2007-05-24 04:14 39690 --a------ C:\drivers\printer\2500\drivers\Win_XP2K\i386\english\lxddpswr.dl_
2007-05-24 04:14 143360 --a------ C:\drivers\printer\2500\install\ENGLISH\lxddjswr.dll
2007-05-24 04:12 467401 --a------ C:\drivers\printer\2500\drivers\Win_XP2K\i386\lxddpswb.dl_
2007-05-24 04:12 39837 --a------ C:\drivers\printer\2500\drivers\Win_XP2K\i386\lxddupdb.dl_
2007-05-24 04:12 1343767 --a------ C:\drivers\printer\2500\drivers\Win_XP2K\i386\lxddprpb.dl_
2007-05-24 04:12 1171709 --a------ C:\drivers\printer\2500\drivers\Win_XP2K\i386\lxddlpab.dl_
2007-05-24 04:11 74775 --a------ C:\drivers\printer\2500\drivers\Win_XP2K\i386\lxddinsb.dl_
2007-05-24 04:11 23955 --a------ C:\drivers\printer\2500\drivers\Win_XP2K\i386\lxddcub.dl_
2007-05-24 04:11 226404 --a------ C:\drivers\printer\2500\drivers\Win_XP2K\i386\lxddjswb.dl_
2007-05-24 04:11 200704 --a------ C:\drivers\printer\2500\install\lxddinsb.dll
2007-05-24 04:09 82206 --a------ C:\drivers\printer\2500\drivers\Win_XP2K\i386\lxddins.dl_
2007-05-24 04:09 579220 --a------ C:\drivers\printer\2500\drivers\Win_XP2K\i386\lxddlpa.dl_
2007-05-24 04:09 33763 --a------ C:\drivers\printer\2500\drivers\Win_XP2K\i386\lxddcu.dl_
2007-05-24 04:09 27340 --a------ C:\drivers\printer\2500\drivers\Win_XP2K\i386\lxddupd.dl_
2007-05-24 04:09 176128 --a------ C:\drivers\printer\2500\install\lxddins.dll
2007-05-24 04:08 86393 --a------ C:\drivers\printer\2500\drivers\Win_XP2K\i386\lxddjsw.dl_
2007-05-24 04:08 398851 --a------ C:\drivers\printer\2500\drivers\Win_XP2K\i386\lxddprp.dl_
2007-05-24 04:08 260229 --a------ C:\drivers\printer\2500\drivers\Win_XP2K\i386\lxddpsw.dl_
2007-05-24 04:05 507904 --a------ C:\drivers\printer\2500\install\lxddutil.dll
2007-05-24 04:05 245951 --a------ C:\drivers\printer\2500\drivers\Win_XP2K\i386\lxddutil.dl_
2007-05-24 04:05 245951 --a------ C:\drivers\printer\2500\applications\AIOC\lxddutil.dl_
2007-05-24 04:04 115845 --a------ C:\drivers\printer\2500\drivers\Win_XP2K\i386\english\lxddgrd.dl_
2007-05-24 04:04 115845 --a------ C:\drivers\printer\2500\applications\AIOC\ENGLISH\lxddgrd.dl_
2007-05-22 09:14 50622 --a------ C:\drivers\printer\2500\install\config\nls\de.nls
2007-05-22 09:14 49632 --a------ C:\drivers\printer\2500\install\config\nls\pl.nls
2007-05-22 04:07 44380 --a------ C:\drivers\printer\2500\install\config\nls\ja.nls
2007-05-21 13:56 53248 --a------ C:\drivers\printer\2500\applications\App4r\App4R.IPCListeners.dll
2007-05-21 13:18 36864 --a------ C:\drivers\printer\2500\applications\App4r\App4R.Framework.WindowsMsgService.dll
2007-05-21 09:29 48378 --a------ C:\drivers\printer\2500\install\config\nls\it.nls
2007-05-17 14:19 351884 --a------ C:\drivers\printer\2500\drivers\Win_XP2K\i386\lxddpmui.dl_
2007-05-17 14:17 614713 --a------ C:\drivers\printer\2500\drivers\Win_XP2K\i386\lxddserv.dl_
2007-05-17 14:11 234644 --a------ C:\drivers\printer\2500\drivers\Win_XP2K\i386\lxddcomm.dl_
2007-05-17 14:10 319170 --a------ C:\drivers\printer\2500\drivers\Win_XP2K\i386\lxddlmpm.dl_
2007-05-17 14:09 286720 --a------ C:\drivers\printer\2500\common\x86\LXDDinst.dll
2007-05-17 14:08 221591 --a------ C:\drivers\printer\2500\drivers\Win_XP2K\i386\lxddiesc.dl_
2007-05-17 14:07 56248 --a------ C:\drivers\printer\2500\drivers\Win_XP2K\i386\lxddpplc.dl_
2007-05-17 14:07 56248 --a------ C:\drivers\printer\2500\applications\AIOC\lxddpplc.dl_
2007-05-17 14:07 362708 --a------ C:\drivers\printer\2500\drivers\Win_XP2K\i386\lxddcomc.dl_
2007-05-17 14:07 362708 --a------ C:\drivers\printer\2500\applications\AIOC\lxddcomc.dl_
2007-05-17 14:06 57291 --a------ C:\drivers\printer\2500\drivers\Win_XP2K\i386\lxddprox.dl_
2007-05-17 14:06 57291 --a------ C:\drivers\printer\2500\applications\AIOC\lxddprox.dl_
2007-05-17 13:59 230260 --a------ C:\drivers\printer\2500\drivers\Win_XP2K\i386\lxddinpa.dl_
2007-05-17 13:58 500928 --a------ C:\drivers\printer\2500\drivers\Win_XP2K\i386\lxddusb1.dl_
2007-05-17 13:54 323584 --a------ C:\drivers\printer\2500\drivers\Win_XP2K\i386\LXDDhcp.dll
2007-05-17 13:54 323584 --a------ C:\drivers\printer\2500\common\x86\LXDDhcp.dll
2007-05-17 13:53 367824 --a------ C:\drivers\printer\2500\drivers\Win_XP2K\i386\lxddhbn3.dl_
2007-05-11 18:57 756827 --a------ C:\drivers\printer\2500\drivers\Win_XP2K\i386\LXDDhps.dl_
2007-05-09 06:07 41679 --a------ C:\drivers\printer\2500\install\config\nls\ko.nls
2007-05-04 04:53 68897 --a------ C:\drivers\printer\2500\install\config\main.xml
2007-05-04 04:53 68897 --a------ C:\drivers\printer\2500\install\config\bewtasks.xml
2007-05-04 04:53 68897 --a------ C:\drivers\printer\2500\install\config\appinst.xml
2007-05-04 04:53 11260 --a------ C:\drivers\printer\2500\install\config\Uninst.cif
2007-04-30 09:21 24576 --a------ C:\drivers\printer\2500\applications\App4r\App4R.drones.IPCSend.dll
2007-04-30 08:20 11776 --a------ C:\drivers\printer\2500\applications\App4r\App4R.DevMons.MCMDevMon.AutoPlayUtil.dll
2007-04-30 08:19 20480 --a------ C:\drivers\printer\2500\applications\App4r\lxddamon.exe
2007-04-30 08:19 20480 --a------ C:\drivers\printer\2500\applications\App4r\App4R.DevMons.ScanDevMon.dll
2007-04-30 08:19 20480 --a------ C:\drivers\printer\2500\applications\App4r\App4R.DevMons.NetworkCardDevMon.dll
2007-04-30 08:19 16384 --a------ C:\drivers\printer\2500\applications\App4r\App4R.Monitor.IPCCommObject.dll
2007-04-25 08:49 48772 --a------ C:\drivers\printer\2500\install\config\nls\pt_pt.nls
2007-04-24 14:15 16380 --a------ C:\drivers\printer\2500\install\config\fax3.cif
2007-04-20 06:51 44409 --a------ C:\drivers\printer\2500\install\config\bewtasks.cgf
2007-04-20 06:51 15675 --a------ C:\drivers\printer\2500\install\config\appinst.cgf
2007-04-19 01:03 6708 --a------ C:\drivers\printer\2500\drivers\Win_XP2K\common\lxddCfg.xml
2007-04-16 14:49 99560 --a------ C:\drivers\printer\2500\applications\AIOC\pcdlib32.dl_
2007-04-16 14:49 9650 --a------ C:\drivers\printer\2500\applications\AIOC\lfraw13n.dl_
2007-04-16 14:49 88335 --a------ C:\drivers\printer\2500\applications\AIOC\lfpng13n.dl_
2007-04-16 14:49 87237 --a------ C:\drivers\printer\2500\applications\AIOC\ltefx13n.dl_
2007-04-16 14:49 85146 --a------ C:\drivers\printer\2500\applications\AIOC\ltpnt13n.dl_
2007-04-16 14:49 84535 --a------ C:\drivers\printer\2500\applications\AIOC\lvdlg13n.dl_
2007-04-16 14:49 84077 --a------ C:\drivers\printer\2500\applications\AIOC\ltfil13n.dl_
2007-04-16 14:49 83904 --a------ C:\drivers\printer\2500\applications\AIOC\lftif13n.dl_
2007-04-16 14:49 83901 --a------ C:\drivers\printer\2500\applications\AIOC\lttls13n.dl_
2007-04-16 14:49 80733 --a------ C:\drivers\printer\2500\applications\AIOC\ltscr13n.dl_
2007-04-16 14:49 80355 --a------ C:\drivers\printer\2500\applications\AIOC\lttw213n.dl_
2007-04-16 14:49 76717 --a------ C:\drivers\printer\2500\applications\AIOC\lfpcl13n.dl_
2007-04-16 14:49 760012 --a------ C:\drivers\printer\2500\applications\AIOC\ltdlg13n.dl_
2007-04-16 14:49 65169 --a------ C:\drivers\printer\2500\applications\AIOC\lfkodak.dl_
2007-04-16 14:49 63804 --a------ C:\drivers\printer\2500\applications\AIOC\ltocr13n.dl_
2007-04-16 14:49 62881 --a------ C:\drivers\printer\2500\applications\AIOC\lfgbr13n.dl_
2007-04-16 14:49 62253 --a------ C:\drivers\printer\2500\applications\AIOC\ltaut13n.dl_
2007-04-16 14:49 622028 --a------ C:\drivers\printer\2500\applications\AIOC\ltdlgres13n.dl_
2007-04-16 14:49 62064 --a------ C:\drivers\printer\2500\applications\AIOC\ltsgm13n.dl_
2007-04-16 14:49 60872 --a------ C:\drivers\printer\2500\applications\AIOC\lfmpg13n.dl_
2007-04-16 14:49 58543 --a------ C:\drivers\printer\2500\applications\AIOC\lfvpg13n.dl_
2007-04-16 14:49 555838 --a------ C:\drivers\printer\2500\applications\AIOC\ltann13n.dl_
2007-04-16 14:49 48000 --a------ C:\drivers\printer\2500\applications\AIOC\lfjbg13n.dl_
2007-04-16 14:49 46317 --a------ C:\drivers\printer\2500\applications\AIOC\lfshp13n.dl_
2007-04-16 14:49 45858 --a------ C:\drivers\printer\2500\applications\AIOC\lffpx13n.dl_
2007-04-16 14:49 44977 --a------ C:\drivers\printer\2500\applications\AIOC\ltcon13n.dl_
2007-04-16 14:49 44770 --a------ C:\drivers\printer\2500\applications\AIOC\lfptk13n.dl_
2007-04-16 14:49 443447 --a------ C:\drivers\printer\2500\applications\AIOC\ltdic13n.dl_
2007-04-16 14:49 402108 --a------ C:\drivers\printer\2500\applications\AIOC\ltcry13n.dl_
2007-04-16 14:49 39608 --a------ C:\drivers\printer\2500\applications\AIOC\lfsct13n.dl_
2007-04-16 14:49 384959 --a------ C:\drivers\printer\2500\applications\AIOC\ltrtn13n.dl_
2007-04-16 14:49 38216 --a------ C:\drivers\printer\2500\applications\AIOC\lfpct13n.dl_
2007-04-16 14:49 370294 --a------ C:\drivers\printer\2500\applications\AIOC\ltwvc13n.dl_
2007-04-16 14:49 35376 --a------ C:\drivers\printer\2500\applications\AIOC\ltnet13n.dl_
2007-04-16 14:49 342926 --a------ C:\drivers\printer\2500\applications\AIOC\ltwen13n.dl_
2007-04-16 14:49 34169 --a------ C:\drivers\printer\2500\applications\AIOC\lfpsd13n.dl_
2007-04-16 14:49 32965 --a------ C:\drivers\printer\2500\applications\AIOC\lttlb13n.dl_
2007-04-16 14:49 30511 --a------ C:\drivers\printer\2500\applications\AIOC\ltlst13n.dl_
2007-04-16 14:49 30400 --a------ C:\drivers\printer\2500\applications\AIOC\lfxpm13n.dl_
2007-04-16 14:49 30258 --a------ C:\drivers\printer\2500\applications\AIOC\ltpdg13n.dl_
2007-04-16 14:49 28302 --a------ C:\drivers\printer\2500\applications\AIOC\lfgif13n.dl_
2007-04-16 14:49 28038 --a------ C:\drivers\printer\2500\applications\AIOC\lfxbm13n.dl_
2007-04-16 14:49 27644 --a------ C:\drivers\printer\2500\applications\AIOC\lfica13n.dl_
2007-04-16 14:49 267740 --a------ C:\drivers\printer\2500\applications\AIOC\lfsvg13n.dl_
2007-04-16 14:49 25753 --a------ C:\drivers\printer\2500\applications\AIOC\lvgl13n.dl_
2007-04-16 14:49 25167 --a------ C:\drivers\printer\2500\applications\AIOC\lfwmf13n.dl_
2007-04-16 14:49 248839 --a------ C:\drivers\printer\2500\applications\AIOC\ltimg13n.dl_
2007-04-16 14:49 24848 --a------ C:\drivers\printer\2500\applications\AIOC\lttwn13n.dl_
2007-04-16 14:49 246792 --a------ C:\drivers\printer\2500\applications\AIOC\ltkrn13n.dl_
2007-04-16 14:49 23830 --a------ C:\drivers\printer\2500\applications\AIOC\lvdx13n.dl_
2007-04-16 14:49 22477 --a------ C:\drivers\printer\2500\applications\AIOC\ltweb13n.dl_
2007-04-16 14:49 18485 --a------ C:\drivers\printer\2500\applications\AIOC\lttmb13n.dl_
2007-04-16 14:49 179949 --a------ C:\drivers\printer\2500\applications\AIOC\lffpx7.dl_
2007-04-16 14:49 17754 --a------ C:\drivers\printer\2500\applications\AIOC\lfpnm13n.dl_
2007-04-16 14:49 17631 --a------ C:\drivers\printer\2500\applications\AIOC\ltisi13n.dl_
2007-04-16 14:49 17579 --a------ C:\drivers\printer\2500\applications\AIOC\lflmb13n.dl_
2007-04-16 14:49 17045 --a------ C:\drivers\printer\2500\applications\AIOC\lfsmp13n.dl_
2007-04-16 14:49 16523 --a------ C:\drivers\printer\2500\applications\AIOC\lfwmp13n.dl_
2007-04-16 14:49 16456 --a------ C:\drivers\printer\2500\applications\AIOC\lfvec13n.dl_
2007-04-16 14:49 16284 --a------ C:\drivers\printer\2500\applications\AIOC\lfiff13n.dl_
2007-04-16 14:49 15879 --a------ C:\drivers\printer\2500\applications\AIOC\ltwnd13n.dl_
2007-04-16 14:49 15754 --a------ C:\drivers\printer\2500\applications\AIOC\lflma13n.dl_
2007-04-16 14:49 15172 --a------ C:\drivers\printer\2500\applications\AIOC\lfpcx13n.dl_
2007-04-16 14:49 144875 --a------ C:\drivers\printer\2500\applications\AIOC\lvkrn13n.dl_
2007-04-16 14:49 144704 --a------ C:\drivers\printer\2500\applications\AIOC\lfj2k13n.dl_
2007-04-16 14:49 13784 --a------ C:\drivers\printer\2500\applications\AIOC\lfxwd13n.dl_
2007-04-16 14:49 136989 --a------ C:\drivers\printer\2500\applications\AIOC\ltdis13n.dl_
2007-04-16 14:49 13362 --a------ C:\drivers\printer\2500\applications\AIOC\lftga13n.dl_
2007-04-16 14:49 1187942 --a------ C:\drivers\printer\2500\applications\AIOC\ltclr13n.dl_
2007-04-16 14:49 11523 --a------ C:\drivers\printer\2500\applications\AIOC\lfras13n.dl_
2007-04-16 14:49 11516 --a------ C:\drivers\printer\2500\applications\AIOC\lfimg13n.dl_
2007-04-16 14:49 11341 --a------ C:\drivers\printer\2500\applications\AIOC\lfsgi13n.dl_
2007-04-16 14:49 11327 --a------ C:\drivers\printer\2500\applications\AIOC\lfwpg13n.dl_
2007-04-16 14:49 11314 --a------ C:\drivers\printer\2500\applications\AIOC\lfitg13n.dl_
2007-04-16 14:49 11186 --a------ C:\drivers\printer\2500\applications\AIOC\lfwfx13n.dl_
2007-04-16 14:49 10694 --a------ C:\drivers\printer\2500\applications\AIOC\lfpcd13n.dl_
2007-04-16 14:49 104237 --a------ C:\drivers\printer\2500\applications\AIOC\lfpdf13n.dl_
2007-04-16 14:49 10353 --a------ C:\drivers\printer\2500\applications\AIOC\lfmsp13n.dl_
2007-04-16 14:49 10300 --a------ C:\drivers\printer\2500\applications\AIOC\lfmac13n.dl_
2007-04-16 14:48 78235 --a------ C:\drivers\printer\2500\applications\AIOC\lfdwg13n.dl_
2007-04-16 14:48 51535 --a------ C:\drivers\printer\2500\applications\AIOC\lfcgm13n.dl_
2007-04-16 14:48 51277 --a------ C:\drivers\printer\2500\applications\AIOC\lfcmx13n.dl_
2007-04-16 14:48 50604 --a------ C:\drivers\printer\2500\applications\AIOC\lfacs13n.dl_
2007-04-16 14:48 45427 --a------ C:\drivers\printer\2500\applications\AIOC\lfdgn13n.dl_
2007-04-16 14:48 35310 --a------ C:\drivers\printer\2500\applications\AIOC\lfdrw13n.dl_
2007-04-16 14:48 32176 --a------ C:\drivers\printer\2500\applications\AIOC\lfcal13n.dl_
2007-04-16 14:48 28479 --a------ C:\drivers\printer\2500\applications\AIOC\lfeps13n.dl_
2007-04-16 14:48 28349 --a------ C:\drivers\printer\2500\applications\AIOC\lffax13n.dl_
2007-04-16 14:48 249353 --a------ C:\drivers\printer\2500\applications\AIOC\lfcmw13n.dl_
2007-04-16 14:48 231327 --a------ C:\drivers\printer\2500\applications\AIOC\lfdwf13n.dl_
2007-04-16 14:48 21486 --a------ C:\drivers\printer\2500\applications\AIOC\lfflc13n.dl_
2007-04-16 14:48 202867 --a------ C:\drivers\printer\2500\applications\AIOC\lfcmp13n.dl_
2007-04-16 14:48 17517 --a------ C:\drivers\printer\2500\applications\AIOC\lfbmp13n.dl_
2007-04-16 14:48 16822 --a------ C:\drivers\printer\2500\applications\AIOC\lfclp13n.dl_
2007-04-16 14:48 14241 --a------ C:\drivers\printer\2500\applications\AIOC\lfani13n.dl_
2007-04-16 14:48 121609 --a------ C:\drivers\printer\2500\applications\AIOC\lfafp13n.dl_
2007-04-16 14:48 11927 --a------ C:\drivers\printer\2500\applications\AIOC\lfawd13n.dl_
2007-04-16 14:48 11462 --a------ C:\drivers\printer\2500\applications\AIOC\lfavi13n.dl_
2007-04-16 14:48 11453 --a------ C:\drivers\printer\2500\applications\AIOC\lfcut13n.dl_
2007-04-16 14:48 108329 --a------ C:\drivers\printer\2500\applications\AIOC\lfdxf13n.dl_
2007-04-16 14:47 37686 --a------ C:\drivers\printer\2500\applications\AIOC\ltbar13n.dl_
2007-04-16 10:55 341066 --a------ C:\drivers\printer\2500\drivers\Win_XP2K\common\english\lxddwavs.ex_
2007-04-16 10:05 983107 --a------ C:\drivers\printer\2500\install\lxddgf.dll
2007-04-16 10:05 559002 --a------ C:\drivers\printer\2500\drivers\Win_XP2K\i386\lxddgf.dl_
2007-04-16 10:05 559002 --a------ C:\drivers\printer\2500\applications\AIOC\lxddgf.dl_
2007-04-16 10:05 2654456 --a------ C:\drivers\printer\2500\drivers\thankyoupage.bmp
2007-04-16 10:04 57492 --a------ C:\drivers\printer\2500\drivers\Win_XP2K\common\lxddsk0.dl_
2007-04-16 10:02 7844 --a------ C:\drivers\printer\2500\install\config\image\menulogo.bmp
2007-04-13 16:15 14127 --a------ C:\drivers\printer\2500\tools\diagnostics\ENGLISH\license.txt
2007-04-13 16:15 14127 --a------ C:\drivers\printer\2500\install\ENGLISH\LXDDeula.txt
2007-04-13 16:15 14127 --a------ C:\drivers\printer\2500\drivers\Win_XP2K\common\english\LXDDeula.txt
2007-04-13 13:43 8757 --a------ C:\drivers\printer\2500\applications\AIOC\ENGLISH\lxddtemp.dl_
2007-04-13 13:43 254308 --a------ C:\drivers\printer\2500\applications\AIOC\lxddtemp.gd_
2007-04-13 07:22 56215 --a------ C:\drivers\printer\2500\drivers\Win_XP2K\i386\lxddtime.dl_
2007-04-13 07:22 44071 --a------ C:\drivers\printer\2500\drivers\Win_XP2K\i386\lxddwbgc.dl_
2007-04-13 07:22 170214 --a------ C:\drivers\printer\2500\drivers\Win_XP2K\i386\lxdduldr.dl_
2007-04-13 07:22 145166 --a------ C:\drivers\printer\2500\drivers\Win_XP2K\i386\lxddretv.dl_
2007-04-13 07:21 63746 --a------ C:\drivers\printer\2500\drivers\Win_XP2K\i386\lxdduplr.dl_
2007-04-09 13:22 24576 --a------ C:\drivers\printer\2500\applications\App4r\App4R.Gui.GuiEngine3.dll
2007-04-04 14:45 99665 --a------ C:\drivers\printer\2500\applications\App4r\PDSSeed.xml
2007-04-03 05:43 35688 --a------ C:\drivers\printer\2500\applications\App4r\Scripts\Strings2.xml
2007-04-03 05:43 10446 --a------ C:\drivers\printer\2500\applications\App4r\Scripts\Prompts1.xml
2007-04-02 17:18 9732 --a------ C:\drivers\printer\2500\applications\App4r\Scripts\CustomMainMenu.xml
2007-04-02 17:18 7463 --a------ C:\drivers\printer\2500\applications\App4r\Scripts\App4RWelcome.xml
2007-04-02 17:18 59542 --a------ C:\drivers\printer\2500\applications\App4r\Scripts\PromptDlgs.xml
2007-04-02 17:18 56658 --a------ C:\drivers\printer\2500\applications\App4r\Scripts\Strings.xml
2007-04-02 17:18 34637 --a------ C:\drivers\printer\2500\applications\App4r\Scripts\MainPanel.xml
2007-04-02 17:18 13320 --a------ C:\drivers\printer\2500\applications\App4r\Scripts\ScanEditlMenu.xml
2007-04-02 16:11 80644 --a------ C:\drivers\printer\2500\applications\App4r\App4R_Splash.png
2007-04-02 06:27 59576 --a------ C:\drivers\printer\2500\drivers\Win_XP2K\i386\lxddasnc.dl_
2007-04-02 06:19 206481 --a------ C:\drivers\printer\2500\drivers\Win_XP2K\i386\lxddppx.dl_
2007-04-02 06:17 225283 --a------ C:\drivers\printer\2500\drivers\Win_XP2K\i386\lxddcomx.dl_
2007-04-02 06:17 225283 --a------ C:\drivers\printer\2500\applications\AIOC\lxddcomx.dl_
2007-03-29 23:21 51312 --a------ C:\drivers\printer\2500\install\config\nls\el.nls
2007-03-29 23:21 50446 --a------ C:\drivers\printer\2500\install\config\nls\fr.nls
2007-03-29 23:21 49314 --a------ C:\drivers\printer\2500\install\config\nls\es.nls
2007-03-29 23:21 48860 --a------ C:\drivers\printer\2500\install\config\nls\hu.nls
2007-03-29 23:21 48354 --a------ C:\drivers\printer\2500\install\config\nls\nl.nls
2007-03-29 23:21 48036 --a------ C:\drivers\printer\2500\install\config\nls\bg.nls
2007-03-29 23:21 47938 --a------ C:\drivers\printer\2500\install\config\nls\ca.nls
2007-03-29 23:21 47936 --a------ C:\drivers\printer\2500\install\config\nls\ro.nls
2007-03-29 23:21 47849 --a------ C:\dri

[Vectordawg]

Miekiemoes,

Looks like the last post had the combofix file truncated. I will try to upload the file here.[attachment=21146:ComboFix.txt

Attached Files

•  ComboFix.txt   126.69KB   241 downloads

Edited by Vectordawg, 29 May 2008 - 07:03 PM.

[miekiemoes]

Hi,

Almost done..


* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll <== not required
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

Check the following entries if you're not aware that there are restrictive policies set in your Internet Explorer options:


O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Then,

* Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Let me know in your next reply how things are now.

[Vectordawg]

Miekiemoes...

So far so good. I'd like to put the computer through its paces for a couple of days and update you then....Vectordawg

[miekiemoes]

Ok, let me know