Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Spywarez Unremovable with Hijack... [RESOLVED]

Started by AmazingTrans , Jun 16 2008 01:46 PM

  • This topic is locked This topic is locked

#1
AmazingTrans
Posted 16 June 2008 - 01:46 PM

AmazingTrans

    Member

  • Member
  • PipPip
  • 54 posts
Hi gurus,

I am having problems with my PC. The desktop itself has these blue screen saying Warning: Spyware threats detected.... etc.
And then, I am also having pop-ups from site like this:
And there is a windows balloon popping up once in a while on the bottom right of the task bar saying that Internet attempt has detected.... etc....they have detected spyware.
One last thing is when I tried Ctrl-Alt-Del, it seems like the task manager button is disabled too.

I have tried using CWSheredder to remove some COolWebSearh, but in this hijacklog below. I have tried to remove a lot of potential risk, but they still do come back out. What can I do to stop them from threatening my PC.

Please help me out on this. I've tried safe mode and the popups are still comign back.

Thanks.
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:40:47 PM, on 6/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\system32\iftuyszv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\TEMP\KHA434.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Trend Micro\Client Server Security Agent\pccntupd.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {2F6B1C1C-181F-47DE-A3A5-7C5301C7E9FF} - C:\WINDOWS\system32\wvUoPjif.dll
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: (no name) - {57A52E74-004C-464B-96CC-4DFE5366EA02} - C:\WINDOWS\system32\cbXQhEXO.dll
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
O4 - HKLM\..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://gisrvad2.gi....ll/WinNTChk.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://gisrvad2.gi....stall/setup.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://gisrvad2.gi..../RemoveCtrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = GI.local
O17 - HKLM\Software\..\Telephony: DomainName = GI.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = GI.local
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: cbXQhEXO - C:\WINDOWS\SYSTEM32\cbXQhEXO.dll
O20 - Winlogon Notify: gemsafe - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: NTRU TSS v1.2.1.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
O23 - Service: WaveEnrollmentService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 12731 bytes
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Edited by Rorschach112, 16 June 2008 - 02:57 PM.
Removed link

  • 0

Advertisements

#2
Rorschach112
Posted 16 June 2008 - 02:58 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.


Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum.



Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
AmazingTrans
Posted 16 June 2008 - 04:15 PM

AmazingTrans

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
SDFix report...

----------------------------------------------------------------------------------------------------------------------------------------------------


SDFix: Version 1.193
Run by Administrator on Mon 06/16/2008 at 04:54 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Killing PID 780 'iftuyszv.exe'
Killing PID 780 'iftuyszv.exe'
Killing PID 772 'iftuyszv.exe'
Killing PID 772 'iftuyszv.exe'
Killing PID 776 'iftuyszv.exe'
Killing PID 776 'iftuyszv.exe'

Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default Desktop Wallpaper

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\cbXQhEXO.dll - Deleted
C:\WINDOWS\system32\cbXQhEXO.dll - Deleted
C:\WINDOWS\x.exe - Deleted
C:\WINDOWS\y.exe - Deleted
C:\WINDOWS\accesss.exe - Deleted
C:\WINDOWS\astctl32.ocx - Deleted
C:\WINDOWS\avpcc.dll - Deleted
C:\WINDOWS\clrssn.exe - Deleted
C:\WINDOWS\cpan.dll - Deleted
C:\WINDOWS\ctfmon32.exe - Deleted
C:\WINDOWS\ctrlpan.dll - Deleted
C:\WINDOWS\default.htm - Deleted
C:\WINDOWS\directx32.exe - Deleted
C:\WINDOWS\dnsrelay.dll - Deleted
C:\WINDOWS\editpad.exe - Deleted
C:\WINDOWS\explore.exe - Deleted
C:\WINDOWS\explorer32.exe - Deleted
C:\WINDOWS\funniest.exe - Deleted
C:\WINDOWS\funny.exe - Deleted
C:\WINDOWS\gfmnaaa.dll - Deleted
C:\WINDOWS\helpcvs.exe - Deleted
C:\WINDOWS\iedll.exe - Deleted
C:\WINDOWS\iexplorer.exe - Deleted
C:\WINDOWS\inetinf.exe - Deleted
C:\WINDOWS\internet.exe - Deleted
C:\WINDOWS\loader.exe - Deleted
C:\WINDOWS\msconfd.dll - Deleted
C:\WINDOWS\msspi.dll - Deleted
C:\WINDOWS\mssys.exe - Deleted
C:\WINDOWS\msupdate.exe - Deleted
C:\WINDOWS\mswsc10.dll - Deleted
C:\WINDOWS\mswsc20.dll - Deleted
C:\WINDOWS\mtwirl32.dll - Deleted
C:\WINDOWS\notepad32.exe - Deleted
C:\WINDOWS\olehelp.exe - Deleted
C:\WINDOWS\qttasks.exe - Deleted
C:\WINDOWS\quicken.exe - Deleted
C:\WINDOWS\rundll16.exe - Deleted
C:\WINDOWS\rundll32.vbe - Deleted
C:\WINDOWS\searchword.dll - Deleted
C:\WINDOWS\sistem.exe - Deleted
C:\WINDOWS\svchost32.exe - Deleted
C:\WINDOWS\svcinit.exe - Deleted
C:\WINDOWS\systeem.exe - Deleted
C:\WINDOWS\systemcritical.exe - Deleted
C:\WINDOWS\system32\hljwugsf.bin - Deleted
C:\WINDOWS\system32\iftuyszv.exe - Deleted
C:\WINDOWS\time.exe - Deleted
C:\WINDOWS\users32.exe - Deleted
C:\WINDOWS\waol.exe - Deleted
C:\WINDOWS\win32e.exe - Deleted
C:\WINDOWS\win64.exe - Deleted
C:\WINDOWS\winajbm.dll - Deleted
C:\WINDOWS\window.exe - Deleted
C:\WINDOWS\winmgnt.exe - Deleted
C:\WINDOWS\xplugin.dll - Deleted
C:\WINDOWS\xxxvideo.hta - Deleted
  • 0

#4
AmazingTrans
Posted 16 June 2008 - 04:18 PM

AmazingTrans

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
DSS Main Report...

------------------------------------------------------------------------------------------------------------------------------------------------------

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-06-16 17:08:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
47: 2008-06-16 22:08:58 UTC - RP47 - Deckard's System Scanner Restore Point
46: 2008-06-16 18:32:17 UTC - RP46 - Last known good configuration
45: 2008-06-16 18:32:00 UTC - RP45 - Restore Operation
44: 2008-06-16 18:31:59 UTC - RP44 - Installed Ad-Aware
43: 2008-06-16 18:31:59 UTC - RP43 - Installed Windows Defender


-- First Restore Point --
1: 2008-06-16 18:31:43 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:10:16 PM, on 6/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\TEMP\MO56E7.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroDist.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {E327F36B-9702-4D7B-AA5A-096B4F95A98D} - C:\WINDOWS\system32\wvUoPjif.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
O4 - HKLM\..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://gisrvad2.gi....ll/WinNTChk.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://gisrvad2.gi....stall/setup.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://gisrvad2.gi..../RemoveCtrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = GI.local
O17 - HKLM\Software\..\Telephony: DomainName = GI.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = GI.local
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: gemsafe - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: NTRU TSS v1.2.1.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
O23 - Service: WaveEnrollmentService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10663 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080616-140643-772 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,
backup-20080616-141935-116 F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,
backup-20080616-141935-126 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080319
backup-20080616-141935-129 O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
backup-20080616-141935-135 O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
backup-20080616-141935-143 O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
backup-20080616-141935-205 O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
backup-20080616-141935-209 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080319
backup-20080616-141935-301 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://partnerpage.g...amp;ibd=1080319
backup-20080616-141935-404 O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
backup-20080616-141935-573 O2 - BHO: (no name) - {57A52E74-004C-464B-96CC-4DFE5366EA02} - C:\WINDOWS\system32\cbXQhEXO.dll
backup-20080616-141935-620 O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
backup-20080616-141935-883 O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
backup-20080616-141935-906 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080319
backup-20080616-141935-938 O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
backup-20080616-141936-101 O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
backup-20080616-141936-145 O4 - HKLM\..\Run: [BMd7285c4f] Rundll32.exe "C:\WINDOWS\system32\rmbnrffq.dll",s
backup-20080616-141936-159 O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
backup-20080616-141936-173 O20 - Winlogon Notify: cbXQhEXO - C:\WINDOWS\SYSTEM32\cbXQhEXO.dll
backup-20080616-141936-210 O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
backup-20080616-141936-232 O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
backup-20080616-141936-238 O2 - BHO: {82d05a0e-c4f7-189a-3f14-d11752ad379b} - {b973da25-711d-41f3-a981-7f4ce0a50d28} - C:\WINDOWS\system32\fgbdnplv.dll
backup-20080616-141936-288 O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
backup-20080616-141936-349 O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
backup-20080616-141936-424 O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
backup-20080616-141936-432 O2 - BHO: (no name) - {EE89B8C3-9110-4C13-84AA-29A1ED23051D} - C:\WINDOWS\system32\wvUoPjif.dll
backup-20080616-141936-516 O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
backup-20080616-141936-539 O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
backup-20080616-141936-557 O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
backup-20080616-141936-574 O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
backup-20080616-141936-635 O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
backup-20080616-141936-733 O4 - HKLM\..\Run: [d41b6fd3] rundll32.exe "C:\WINDOWS\system32\mgyxekfk.dll",b
backup-20080616-141936-875 O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
backup-20080616-141936-939 O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
backup-20080616-141936-956 O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
backup-20080616-141936-960 O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
backup-20080616-142000-131 F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,
backup-20080616-142015-394 O2 - BHO: (no name) - {57A52E74-004C-464B-96CC-4DFE5366EA02} - C:\WINDOWS\system32\cbXQhEXO.dll
backup-20080616-142015-527 O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
backup-20080616-142015-627 O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
backup-20080616-142024-233 O2 - BHO: (no name) - {EE89B8C3-9110-4C13-84AA-29A1ED23051D} - C:\WINDOWS\system32\wvUoPjif.dll
backup-20080616-142030-438 O2 - BHO: (no name) - {EE89B8C3-9110-4C13-84AA-29A1ED23051D} - C:\WINDOWS\system32\wvUoPjif.dll
backup-20080616-142035-427 O2 - BHO: (no name) - {57A52E74-004C-464B-96CC-4DFE5366EA02} - C:\WINDOWS\system32\cbXQhEXO.dll
backup-20080616-142053-267 O2 - BHO: (no name) - {EE89B8C3-9110-4C13-84AA-29A1ED23051D} - C:\WINDOWS\system32\wvUoPjif.dll
backup-20080616-142053-470 O2 - BHO: (no name) - {57A52E74-004C-464B-96CC-4DFE5366EA02} - C:\WINDOWS\system32\cbXQhEXO.dll
backup-20080616-142123-792 F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,
backup-20080616-142123-965 O2 - BHO: (no name) - {57A52E74-004C-464B-96CC-4DFE5366EA02} - C:\WINDOWS\system32\cbXQhEXO.dll
backup-20080616-142123-976 O2 - BHO: (no name) - {EE89B8C3-9110-4C13-84AA-29A1ED23051D} - C:\WINDOWS\system32\wvUoPjif.dll
backup-20080616-142139-745 O2 - BHO: (no name) - {EE89B8C3-9110-4C13-84AA-29A1ED23051D} - C:\WINDOWS\system32\wvUoPjif.dll
backup-20080616-142139-937 O2 - BHO: (no name) - {57A52E74-004C-464B-96CC-4DFE5366EA02} - C:\WINDOWS\system32\cbXQhEXO.dll
backup-20080616-142308-242 O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
backup-20080616-142308-253 O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
backup-20080616-142308-262 O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
backup-20080616-142308-275 O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
backup-20080616-142308-277 O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
backup-20080616-142308-298 O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
backup-20080616-142308-313 O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
backup-20080616-142308-384 O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
backup-20080616-142308-393 O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
backup-20080616-142308-437 O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
backup-20080616-142308-451 O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
backup-20080616-142308-482 O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
backup-20080616-142308-521 O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
backup-20080616-142308-536 O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
backup-20080616-142308-602 O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
backup-20080616-142308-660 O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
backup-20080616-142308-686 O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
backup-20080616-142308-694 O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
backup-20080616-142308-701 O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
backup-20080616-142308-758 O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
backup-20080616-142308-853 F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,
backup-20080616-142308-859 O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
backup-20080616-142308-868 O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
backup-20080616-142308-907 O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
backup-20080616-142308-942 O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
backup-20080616-142308-966 O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
backup-20080616-160521-111 O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
backup-20080616-160521-114 O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
backup-20080616-160521-125 O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
backup-20080616-160521-160 O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
backup-20080616-160521-202 O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
backup-20080616-160521-203 O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
backup-20080616-160521-204 O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
backup-20080616-160521-228 O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
backup-20080616-160521-242 O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
backup-20080616-160521-278 O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
backup-20080616-160521-383 O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
backup-20080616-160521-411 O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
backup-20080616-160521-451 O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
backup-20080616-160521-470 O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
backup-20080616-160521-490 O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
backup-20080616-160521-517 O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
backup-20080616-160521-526 O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
backup-20080616-160521-640 O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
backup-20080616-160521-669 O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
backup-20080616-160521-682 O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
backup-20080616-160521-813 O2 - BHO: (no name) - {57A52E74-004C-464B-96CC-4DFE5366EA02} - C:\WINDOWS\system32\cbXQhEXO.dll
backup-20080616-160521-820 O2 - BHO: (no name) - {2F6B1C1C-181F-47DE-A3A5-7C5301C7E9FF} - C:\WINDOWS\system32\wvUoPjif.dll
backup-20080616-160521-832 O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
backup-20080616-160521-924 O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
backup-20080616-160521-928 O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
backup-20080616-160521-984 O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
backup-20080616-160521-988 O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)

-- File Associations -----------------------------------------------------------

.scr - AutoCADScriptFile - shell\open\command - "C:\Program Files\Windows NT\Accessories\WORDPAD.EXE" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R2 TM_CFW (Common Firewall Driver) - c:\program files\trend micro\client server security agent\tm_cfw.sys <Not Verified; Trend Micro Inc.; Trend Micro Common Firewall Module 1.2>
R2 WavxDMgr - c:\windows\system32\drivers\wavxdmgr.sys <Not Verified; Wave Systems Corp.; Document Manager>
R3 catchme - c:\docume~1\admini~1\locals~1\temp\catchme.sys (file missing)
R3 DXEC01 - c:\windows\system32\drivers\dxec01.sys <Not Verified; Knowles Acoustics; DXEC.01 Speech Enhancement>
R3 WaveFDE (Wave System Power Monitor Device Driver) - c:\windows\system32\drivers\wavefde.sys <Not Verified; Windows ® Codename Longhorn DDK provider; Windows ® Codename Longhorn DDK driver>

S3 SymIM (Symantec Network Security Intermediate Filter Service) - c:\windows\system32\drivers\symim.sys (file missing)
S3 SymIMMP - c:\windows\system32\drivers\symim.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 NICCONFIGSVC - c:\program files\dell\quickset\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>
R2 OfcPfwSvc (Trend Micro Client/Server Security Agent Personal Firewall) - c:\program files\trend micro\client server security agent\ofcpfwsvc.exe <Not Verified; Trend Micro Inc.; Trend Micro Client/Server/Messaging Security for SMB>
R2 tcsd_win32.exe (NTRU TSS v1.2.1.25 TCS) - "c:\program files\ntru cryptosystems\ntru tcg software stack\bin\tcsd_win32.exe"
R2 TdmService - c:\program files\wave systems corp\trusted drive manager\tdmservice.exe <Not Verified; Wave Systems Corp.; Trusted Drive Manager>

S3 SecureStorageService - "c:\program files\wave systems corp\secure storage manager\securestorageservice.exe" <Not Verified; Wave Systems Corp.; Secure Storage Manager>
S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>
S3 WaveEnrollmentService - "c:\program files\wave systems corp\authentication manager\waveenrollmentservice.exe" <Not Verified; Wave Systems Corp.; Authentication Manager>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-16 13:24:09 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-06-15 09:21:50 638 --a------ C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Administrator.job


-- Files created between 2008-05-16 and 2008-06-16 -----------------------------

2008-06-16 16:36:26 0 d-------- C:\WINDOWS\ERUNT
2008-06-16 14:16:46 0 d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2008-06-16 13:57:49 0 d---s---- C:\Documents and Settings\Administrator\UserData
2008-06-16 13:34:35 81408 --a------ C:\WINDOWS\system32\mgyxekfk.dll
2008-06-16 13:33:08 90112 --a------ C:\WINDOWS\system32\rmbnrffq.dll
2008-06-16 13:10:28 0 d-------- C:\Program Files\MSXML 6.0
2008-06-16 13:10:24 0 d-------- C:\Program Files\MSXML 4.0
2008-06-16 09:03:04 0 d-------- C:\Program Files\Lavasoft
2008-06-16 09:03:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-16 08:38:15 0 d-------- C:\WINDOWS\system32\GroupPolicy
2008-06-16 07:38:45 0 d-------- C:\Program Files\Windows Defender
2008-06-16 07:35:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-06-15 10:49:08 0 d-------- C:\Program Files\Alwil Software
2008-06-15 09:07:28 0 d-------- C:\Program Files\Windows Sidebar
2008-06-15 09:03:23 0 d-------- C:\Program Files\Norton Internet Security
2008-06-15 08:15:34 687974 --ahs---- C:\WINDOWS\system32\lRuDJRqr.ini2
2008-06-14 18:20:09 3419 --ahs---- C:\WINDOWS\system32\aaHgOXyb.ini2
2008-06-14 17:45:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-14 13:02:28 1904640 --a------ C:\Documents and Settings\Administrator\ntuser.dat
2008-06-14 13:02:25 3518464 --a------ C:\Documents and Settings\dmoore\ntuser.dat
2008-06-14 13:02:24 233472 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2008-06-14 13:01:50 692884 --ahs---- C:\WINDOWS\system32\fijPoUvw.ini2
2008-06-14 13:01:46 322048 --a------ C:\WINDOWS\system32\wvUoPjif.dll
2008-06-14 12:56:57 57344 --a------ C:\WINDOWS\system32\rqRIyWqP.dll
2008-06-14 12:12:35 0 d-------- C:\Program Files\uTorrent
2008-06-14 12:12:29 0 d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-06-09 14:47:06 0 d-------- C:\Documents and Settings\dmoore\Application Data\skypePM
2008-06-09 14:47:06 56 --ah----- C:\Documents and Settings\All Users\Application Data\ezsidmv.dat
2008-06-09 14:44:42 0 d-------- C:\Documents and Settings\dmoore\Application Data\Skype
2008-06-09 14:43:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-05-23 15:24:50 0 d-------- C:\Program Files\Trend Micro
2008-05-21 15:04:06 0 d-------- C:\Program Files\Real
2008-05-16 14:15:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia


-- Find3M Report ---------------------------------------------------------------

2008-06-16 13:13:56 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-16 09:01:42 0 d-------- C:\Program Files\Common Files
2008-06-15 18:57:31 0 d-------- C:\Program Files\Dell
2008-05-16 14:15:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-05-15 15:38:27 2528 --a------ C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc
2008-05-15 15:37:31 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-05-14 21:47:01 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-05-14 17:23:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\Autodesk
2008-05-14 16:00:11 0 d-------- C:\Documents and Settings\Administrator\Application Data\Dell
2008-04-24 12:24:57 0 d-------- C:\Program Files\Java
2008-04-24 11:41:03 0 d-------- C:\Program Files\Microsoft Works
2008-04-24 11:40:51 0 d-------- C:\Program Files\MSBuild
2008-04-24 11:35:40 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-04-24 07:41:40 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-04-24 07:41:16 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-18 20:15:42 0 --a----c- C:\WINDOWS\nsreg.dat
2008-04-18 20:13:44 0 d-------- C:\Program Files\Google
2008-04-18 14:36:15 0 d-------- C:\Program Files\Hewlett-Packard
2008-04-18 14:34:40 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-04-18 09:01:47 0 d-------- C:\Program Files\Common Files\Autodesk Shared
2008-04-18 09:00:10 0 d-------- C:\Program Files\AnswerWorks 4.0
2008-04-18 08:51:44 0 d-------- C:\Program Files\Autodesk
2008-04-18 08:22:47 0 d-------- C:\Program Files\Microsoft.NET
2008-03-18 19:55:31 22729 --a------ C:\newkey


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E327F36B-9702-4D7B-AA5A-096B4F95A98D}]
06/14/2008 01:01 PM 322048 --a------ C:\WINDOWS\system32\wvUoPjif.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [01/25/2007 03:34 AM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [05/18/2007 12:45 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [05/18/2007 12:45 PM]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [05/18/2007 12:45 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [05/14/2007 02:23 PM]
"WavXMgr"="C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [09/10/2007 09:55 AM]
"SecureUpgrade"="C:\Program Files\Wave Systems Corp\SecureUpgrade.exe" [09/14/2007 10:53 AM]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [10/09/2007 05:17 AM]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [12/05/2007 06:24 PM]
"KADxMain"="C:\WINDOWS\system32\KADxMain.exe" [11/02/2006 02:05 PM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 04:50 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [07/27/2004 04:50 PM]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [08/17/2006 09:00 AM]
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [10/20/2006 05:23 PM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" []
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [12/14/2004 02:12 AM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [08/04/2004 06:00 AM]
"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" [03/29/2007 08:10 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [11/13/2006 01:39 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [4/24/2008 7:41:36 AM]
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe [3/23/2006 9:16:32 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [3/18/2008 7:41:36 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll 11/16/2006 03:20 PM 73728 C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 wvauth C:\WINDOWS\system32\wvUoPjif

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1527580400-431555817-312552118-1165\Scripts\Logon\0\0]
"Script"=\\GI.local\SYSVOL\GI.local\scripts\login.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1527580400-431555817-312552118-500\Scripts\Logon\0\0]
"Script"=\\GI.local\SYSVOL\GI.local\scripts\login.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12




-- End of Deckard's System Scanner: finished at 2008-06-16 17:11:46 ------------

DSS Extra Report

------------------------------------------------------------------------------------------------------------------------------------------------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 Duo CPU T7500 @ 2.20GHz
CPU 1: Intel® Core™2 Duo CPU T7500 @ 2.20GHz
Percentage of Memory in Use: 30%
Physical Memory (total/avail): 2037.9 MiB / 1410.2 MiB
Pagefile Memory (total/avail): 3930.64 MiB / 3490.2 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1931.72 MiB

C: is Fixed (NTFS) - 111.72 GiB total, 91.82 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST9120823ASG - 111.79 GiB - 2 partitions
\PARTITION0 - Unknown - 70.57 MiB
\PARTITION1 (bootable) - Installable File System - 111.72 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

FW: Trend Micro Client-Server Security Agent Firewall v7.6.1095 (TrendFirewall) Disabled
AV: Trend Micro Client-Server Security Agent AntiVirus v7.6.1095 (TrendAntiVirus)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Disabled:Firefox"
"C:\\Documents and Settings\\dmoore\\Local Settings\\Application Data\\Skype\\Phone\\Skype.exe"="C:\\Documents and Settings\\dmoore\\Local Settings\\Application Data\\Skype\\Phone\\Skype.exe:*:Disabled:Skype"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"="C:\\WINDOWS\\system32\\usmt\\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard"
"C:\\Documents and Settings\\dmoore\\Local Settings\\Application Data\\Skype\\Phone\\Skype.exe"="C:\\Documents and Settings\\dmoore\\Local Settings\\Application Data\\Skype\\Phone\\Skype.exe:*:Disabled:Skype"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ENGINEERING_01
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LOGONSERVER=\\ENGINEERING_01
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\Wave Systems Corp\Gemalto\Access Client\v5\;C:\Program Files\Gemplus\GemSafe Libraries\BIN;C:\Program Files\Common Files\Roxio Shared\DLLShared\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0b
ProgramFiles=C:\Program Files
PROMPT=$P$G
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=ENGINEERING_01
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

dmoore
administrator.GRAPHIC (new local, admin, net ready)
Dan Moore (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Acrobat 7.0 Professional --> msiexec /I {AC76BA86-1033-0000-7760-000000000002}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
AuthenTec Fingerprint Sensor Minimum Install --> MsiExec.exe /I{EB4DF30B-102B-4F0C-927A-D50E037A325D}
AutoCAD Mechanical 2007 --> MsiExec.exe /I{5783F2D7-5005-0409-0002-0060B0CE6BBA}
Autodesk DWF Viewer --> C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove /q0
biolsp patch --> MsiExec.exe /I{9593C6E5-205E-45C3-B785-05CF146CA76A}
Broadcom ASF Management Applications --> MsiExec.exe /I{27E25625-DB51-42E6-BEB7-0C8DC878770C}
Broadcom Management Programs --> MsiExec.exe /X{C99C0593-3B48-41D9-B42F-6E035B320449}
Browser Address Error Redirector --> MsiExec.exe /I{62230596-37E5-4618-A329-0D21F529A86F}
Conexant HDA D330 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\UIU32m.exe -U -Idel000f5.INF
Dell Drivers MSI --> MsiExec.exe /I{5EC5F187-9D2B-4051-8906-88656819A869}
Dell Embassy Trust Suite by Wave Systems --> C:\WINDOWS\Downloaded Installations\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}\Installer.exe
Dell Touchpad --> C:\Program Files\Apoint\Uninstap.exe ADDREMOVE
Dell Wireless WLAN Card --> "C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
Digital Line Detect --> C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
Document Manager Lite --> C:\Program Files\InstallShield Installation Information\{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}\setup.exe -runfromtemp -l0x0409
EMBASSY Security Center --> C:\Program Files\InstallShield Installation Information\{EEAFE1E5-076B-430A-96D9-B567792AFA88}\setup.exe -runfromtemp -l0x0409
EMBASSY Security Setup --> C:\Program Files\InstallShield Installation Information\{53333479-6A52-4816-8497-5C52B67ED339}\setup.exe -runfromtemp -l0x0409
EMBASSY Trust Suite by Wave Systems --> C:\Program Files\InstallShield Installation Information\{F1802FA6-54E9-4B24-BD2A-B50866819795}\setup.exe -runfromtemp -l0x0009 -removeonly
ESC Home Page Plugin --> C:\Program Files\InstallShield Installation Information\{E738A392-F690-4A9D-808E-7BAF80E0B398}\setup.exe -runfromtemp -l0x0409
Gemalto --> MsiExec.exe /I{EF05BA0F-AC15-4D12-AC5C-276225F5E751}
GemSafe Standard Edition 5.1 --> MsiExec.exe /X{4BF18ED6-C888-4BCF-A4AF-AC7A16305BC1}
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Color LaserJet 4730mfp --> msiexec /x{E53F0F76-805B-4F14-AC21-25A816C81AA3}
HP MFP Send Fax (04/22/2007 60.063.462.44) --> "C:\Program Files\Common Files\Hewlett-Packard\HPDIU 2.0\HPDIU_Uninstall.exe" /d "C:\Program Files\Common Files\Hewlett-Packard\HPDIU 2.0\DriverInf\hpc4730e.inx"
Intel® Graphics Media Accelerator Driver --> C:\WINDOWS\system32\igxpun.exe -uninstall
IntelliSonic Speech Enhancement --> MsiExec.exe /X{D9FCA292-1186-421F-8D93-9A5D272AD5D0}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Macromedia Flash Player 8 --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
Microsoft ActiveSync --> MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Project Professional 2003 --> MsiExec.exe /I{903B0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Modem Diagnostic Tool --> MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NetWaiting --> C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
NTRU TCG Software Stack --> MsiExec.exe /I{FEC193E4-6C5F-40E9-A249-7D8C8404A9EC}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{281ECE39-F043-492B-8337-F2E546B5604A}\Setup.exe" -l0x9 -cluninstall
Preboot Manager --> MsiExec.exe /I{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}
Private Information Manager --> C:\Program Files\InstallShield Installation Information\{0B0A2153-58A6-4244-B458-25EDF5FCD809}\setup.exe -runfromtemp -l0x0409
QuickSet --> C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe -runfromtemp -l0x0009 APPDRVNT4 -removeonly
Rhapsody Player Engine --> MsiExec.exe /I{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}
Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator BDAV Plugin --> MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator DE --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Drag-to-Disc --> MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}
Roxio Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SearchAssist --> C:\DELL\SearchAssist\UninstSA.bat
Secure Update --> C:\Program Files\InstallShield Installation Information\{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}\setup.exe -runfromtemp -l0x0409
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
Security Wizards --> C:\Program Files\InstallShield Installation Information\{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}\setup.exe -runfromtemp -l0x0409
Skype™ 3.8 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sonic Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Trend Micro Client/Server Security Agent --> "C:\Program Files\Trend Micro\Client Server Security Agent\ntrmv.exe"
Trusted Drive Manager --> MsiExec.exe /I{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}
tsp patch --> MsiExec.exe /I{24A494F3-5B5F-4183-9F7D-9CE82812C1FC}
Update for Office 2007 (KB932080) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb950378) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E}
upekmsi --> MsiExec.exe /I{FBEC50B7-537C-4A0E-8B0B-F7A8F8BF13CE}
Wave Infrastructure Installer --> MsiExec.exe /I{ECC22AFA-B905-4A6A-8072-10F52B9E09B7}
Wave Support Software --> C:\Program Files\InstallShield Installation Information\{07D618CD-B016-438A-ADC9-A75BD23F85CE}\setup.exe -runfromtemp -l0x0409


-- Application Event Log -------------------------------------------------------

Event Record #/Type1997 / Error
Event Submitted/Written: 06/16/2008 05:10:37 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This operation returned because the timeout period expired.

Event Record #/Type1992 / Error
Event Submitted/Written: 06/16/2008 05:01:35 PM
Event ID/Source: 15 / AutoEnrollment
Event Description:
Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Event Record #/Type1989 / Error
Event Submitted/Written: 06/16/2008 05:01:16 PM
Event ID/Source: 4691 / COM+
Event Description:
The run-time environment was unable to initialize for transactions required to support transactional components. Make sure that MS-DTC is running. (DtcGetTransactionManagerEx(): hr = 0x8004d027)

Event Record #/Type1988 / Error
Event Submitted/Written: 06/16/2008 05:01:16 PM
Event ID/Source: 4427 / MSDTC Client
Event Description:
Failed to initialize the needed name objects. Error Specifics: d:\qxp_slp\com\com1x\dtc\dtc\msdt
  • 0

#5
Rorschach112
Posted 16 June 2008 - 04:42 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O2 - BHO: (no name) - {E327F36B-9702-4D7B-AA5A-096B4F95A98D} - C:\WINDOWS\system32\wvUoPjif.dll


2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.




Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
C:\WINDOWS\system32\mgyxekfk.dll
C:\WINDOWS\system32\rmbnrffq.dll
C:\WINDOWS\system32\lRuDJRqr.ini2
C:\WINDOWS\system32\aaHgOXyb.ini2
C:\WINDOWS\system32\fijPoUvw.ini2
C:\WINDOWS\system32\wvUoPjif.dll
C:\WINDOWS\system32\rqRIyWqP.dll
purity 
EmptyTemp
[start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


Reboot and post a new DSS log
  • 0

#6
AmazingTrans
Posted 17 June 2008 - 06:59 AM

AmazingTrans

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
Deckard's System Scanner v20071014.68
Run by Administrator on 2008-06-17 07:57:35
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:57:43 AM, on 6/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\TEMP\FL4A7F.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroDist.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Desktop\dss.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\PROGRA~1\TRENDM~1\HIJACK~1\ADMINI~1.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {AAFA5092-418A-46A4-B1D7-F61C28CB03C8} - C:\WINDOWS\system32\wvUoPjif.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
O4 - HKLM\..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://gisrvad2.gi....ll/WinNTChk.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://gisrvad2.gi....stall/setup.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://gisrvad2.gi..../RemoveCtrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = GI.local
O17 - HKLM\Software\..\Telephony: DomainName = GI.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = GI.local
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: gemsafe - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: NTRU TSS v1.2.1.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
O23 - Service: WaveEnrollmentService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10763 bytes

-- Files created between 2008-05-17 and 2008-06-17 -----------------------------

2008-06-16 16:36:26 0 d-------- C:\WINDOWS\ERUNT
2008-06-16 14:16:46 0 d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2008-06-16 13:57:49 0 d---s---- C:\Documents and Settings\Administrator\UserData
2008-06-16 13:10:28 0 d-------- C:\Program Files\MSXML 6.0
2008-06-16 13:10:24 0 d-------- C:\Program Files\MSXML 4.0
2008-06-16 09:03:04 0 d-------- C:\Program Files\Lavasoft
2008-06-16 09:03:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-16 08:38:15 0 d-------- C:\WINDOWS\system32\GroupPolicy
2008-06-16 07:38:45 0 d-------- C:\Program Files\Windows Defender
2008-06-16 07:35:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-06-15 10:49:08 0 d-------- C:\Program Files\Alwil Software
2008-06-15 09:07:28 0 d-------- C:\Program Files\Windows Sidebar
2008-06-15 09:03:23 0 d-------- C:\Program Files\Norton Internet Security
2008-06-14 17:45:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-14 13:02:28 1904640 --a------ C:\Documents and Settings\Administrator\ntuser.dat
2008-06-14 13:02:25 3518464 --a------ C:\Documents and Settings\dmoore\ntuser.dat
2008-06-14 13:02:24 233472 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2008-06-14 12:12:35 0 d-------- C:\Program Files\uTorrent
2008-06-14 12:12:29 0 d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-06-09 14:47:06 0 d-------- C:\Documents and Settings\dmoore\Application Data\skypePM
2008-06-09 14:47:06 56 --ah----- C:\Documents and Settings\All Users\Application Data\ezsidmv.dat
2008-06-09 14:44:42 0 d-------- C:\Documents and Settings\dmoore\Application Data\Skype
2008-06-09 14:43:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-05-23 15:24:50 0 d-------- C:\Program Files\Trend Micro
2008-05-21 15:04:06 0 d-------- C:\Program Files\Real


-- Find3M Report ---------------------------------------------------------------

2008-06-16 13:13:56 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-16 09:01:42 0 d-------- C:\Program Files\Common Files
2008-06-15 18:57:31 0 d-------- C:\Program Files\Dell
2008-05-16 14:15:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-05-16 14:15:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-05-15 15:38:27 2528 --a------ C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc
2008-05-15 15:37:31 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-05-14 21:47:01 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-05-14 17:23:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\Autodesk
2008-05-14 16:00:11 0 d-------- C:\Documents and Settings\Administrator\Application Data\Dell
2008-04-24 12:24:57 0 d-------- C:\Program Files\Java
2008-04-24 11:41:03 0 d-------- C:\Program Files\Microsoft Works
2008-04-24 11:40:51 0 d-------- C:\Program Files\MSBuild
2008-04-24 11:35:40 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-04-24 07:41:40 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-04-24 07:41:16 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-18 20:15:42 0 --a----c- C:\WINDOWS\nsreg.dat
2008-04-18 20:13:44 0 d-------- C:\Program Files\Google
2008-04-18 14:36:15 0 d-------- C:\Program Files\Hewlett-Packard
2008-04-18 14:34:40 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-04-18 09:01:47 0 d-------- C:\Program Files\Common Files\Autodesk Shared
2008-04-18 09:00:10 0 d-------- C:\Program Files\AnswerWorks 4.0
2008-04-18 08:51:44 0 d-------- C:\Program Files\Autodesk
2008-04-18 08:22:47 0 d-------- C:\Program Files\Microsoft.NET
2008-03-18 19:55:31 22729 --a------ C:\newkey


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AAFA5092-418A-46A4-B1D7-F61C28CB03C8}]
C:\WINDOWS\system32\wvUoPjif.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [01/25/2007 03:34 AM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [05/18/2007 12:45 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [05/18/2007 12:45 PM]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [05/18/2007 12:45 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [05/14/2007 02:23 PM]
"WavXMgr"="C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [09/10/2007 09:55 AM]
"SecureUpgrade"="C:\Program Files\Wave Systems Corp\SecureUpgrade.exe" [09/14/2007 10:53 AM]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [10/09/2007 05:17 AM]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [12/05/2007 06:24 PM]
"KADxMain"="C:\WINDOWS\system32\KADxMain.exe" [11/02/2006 02:05 PM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 04:50 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [07/27/2004 04:50 PM]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [08/17/2006 09:00 AM]
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [10/20/2006 05:23 PM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" []
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [12/14/2004 02:12 AM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [08/04/2004 06:00 AM]
"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" [03/29/2007 08:10 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [11/13/2006 01:39 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [4/24/2008 7:41:36 AM]
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe [3/23/2006 9:16:32 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [3/18/2008 7:41:36 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll 11/16/2006 03:20 PM 73728 C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 wvauth C:\WINDOWS\system32\wvUoPjif

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1527580400-431555817-312552118-1165\Scripts\Logon\0\0]
"Script"=\\GI.local\SYSVOL\GI.local\scripts\login.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1527580400-431555817-312552118-500\Scripts\Logon\0\0]
"Script"=\\GI.local\SYSVOL\GI.local\scripts\login.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12




-- End of Deckard's System Scanner: finished at 2008-06-17 07:58:12 ------------
  • 0

#7
Rorschach112
Posted 17 June 2008 - 08:42 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O2 - BHO: (no name) - {AAFA5092-418A-46A4-B1D7-F61C28CB03C8} - C:\WINDOWS\system32\wvUoPjif.dll (file missing)


2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.




Go to this site:
http://www.virustotal.com/
On top you'll find 'Browse'
Click the browse button and browse to the file:

C:\newkey

Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Once scanned, copy and paste the results as well in your next reply.



Backup Your Registry with ERUNT
  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe




Now we need to fix your problems by making a .reg file. Copy the code below into a Notepad file. Name the file as fix.reg, change the "Save as Type" to "All files" and save it on the desktop.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,00,73,00,76,00,31,00,5f,00,30,00,00,00,00,\
00


Then double click on the fix.reg file, when it prompts to merge click "Yes".




Reboot and post a new DSS log
  • 0

#8
AmazingTrans
Posted 17 June 2008 - 10:07 AM

AmazingTrans

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
DSS Report after backing up registry and merging fix.reg

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-06-17 11:02:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:03:08 AM, on 6/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroDist.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\TEMP\UG221C.EXE
C:\Program Files\Trend Micro\Client Server Security Agent\pccntupd.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ADMINI~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\Client Server Security Agent\TSC.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
O4 - HKLM\..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://gisrvad2.gi....ll/WinNTChk.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://gisrvad2.gi....stall/setup.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://gisrvad2.gi..../RemoveCtrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = GI.local
O17 - HKLM\Software\..\Telephony: DomainName = GI.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = GI.local
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: gemsafe - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: NTRU TSS v1.2.1.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
O23 - Service: WaveEnrollmentService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10904 bytes

-- Files created between 2008-05-17 and 2008-06-17 -----------------------------

2008-06-17 08:53:17 0 d-------- C:\WINDOWS\SchCache
2008-06-17 08:08:37 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-16 16:36:26 0 d-------- C:\WINDOWS\ERUNT
2008-06-16 14:16:46 0 d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2008-06-16 13:57:49 0 d---s---- C:\Documents and Settings\Administrator\UserData
2008-06-16 13:10:28 0 d-------- C:\Program Files\MSXML 6.0
2008-06-16 13:10:24 0 d-------- C:\Program Files\MSXML 4.0
2008-06-16 09:03:04 0 d-------- C:\Program Files\Lavasoft
2008-06-16 09:03:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-16 08:38:15 0 d-------- C:\WINDOWS\system32\GroupPolicy
2008-06-16 07:38:45 0 d-------- C:\Program Files\Windows Defender
2008-06-16 07:35:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-06-15 10:49:08 0 d-------- C:\Program Files\Alwil Software
2008-06-15 09:07:28 0 d-------- C:\Program Files\Windows Sidebar
2008-06-15 09:03:23 0 d-------- C:\Program Files\Norton Internet Security
2008-06-14 17:45:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-14 13:02:28 3145728 --a------ C:\Documents and Settings\Administrator\ntuser.dat
2008-06-14 13:02:25 3518464 --a------ C:\Documents and Settings\dmoore\ntuser.dat
2008-06-14 13:02:24 233472 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2008-06-14 12:12:35 0 d-------- C:\Program Files\uTorrent
2008-06-14 12:12:29 0 d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-06-09 14:47:06 0 d-------- C:\Documents and Settings\dmoore\Application Data\skypePM
2008-06-09 14:47:06 56 --ah----- C:\Documents and Settings\All Users\Application Data\ezsidmv.dat
2008-06-09 14:44:42 0 d-------- C:\Documents and Settings\dmoore\Application Data\Skype
2008-06-09 14:43:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-05-23 15:24:50 0 d-------- C:\Program Files\Trend Micro
2008-05-21 15:04:06 0 d-------- C:\Program Files\Real


-- Find3M Report ---------------------------------------------------------------

2008-06-17 08:08:37 0 d-------- C:\Program Files\Common Files
2008-06-16 13:13:56 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-15 18:57:31 0 d-------- C:\Program Files\Dell
2008-05-16 14:15:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-05-16 14:15:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-05-15 15:38:27 2528 --a------ C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc
2008-05-15 15:37:31 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-05-14 21:47:01 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-05-14 17:23:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\Autodesk
2008-05-14 16:00:11 0 d-------- C:\Documents and Settings\Administrator\Application Data\Dell
2008-04-24 12:24:57 0 d-------- C:\Program Files\Java
2008-04-24 11:41:03 0 d-------- C:\Program Files\Microsoft Works
2008-04-24 11:40:51 0 d-------- C:\Program Files\MSBuild
2008-04-24 11:35:40 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-04-24 07:41:40 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-04-24 07:41:16 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-18 20:15:42 0 --a----c- C:\WINDOWS\nsreg.dat
2008-04-18 20:13:44 0 d-------- C:\Program Files\Google
2008-04-18 14:36:15 0 d-------- C:\Program Files\Hewlett-Packard
2008-04-18 14:34:40 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-04-18 09:01:47 0 d-------- C:\Program Files\Common Files\Autodesk Shared
2008-04-18 09:00:10 0 d-------- C:\Program Files\AnswerWorks 4.0
2008-04-18 08:51:44 0 d-------- C:\Program Files\Autodesk
2008-04-18 08:22:47 0 d-------- C:\Program Files\Microsoft.NET
2008-03-18 19:55:31 22729 --a------ C:\newkey


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [01/25/2007 03:34 AM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [05/18/2007 12:45 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [05/18/2007 12:45 PM]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [05/18/2007 12:45 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [05/14/2007 02:23 PM]
"WavXMgr"="C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [09/10/2007 09:55 AM]
"SecureUpgrade"="C:\Program Files\Wave Systems Corp\SecureUpgrade.exe" [09/14/2007 10:53 AM]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [10/09/2007 05:17 AM]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [12/05/2007 06:24 PM]
"KADxMain"="C:\WINDOWS\system32\KADxMain.exe" [11/02/2006 02:05 PM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 04:50 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [07/27/2004 04:50 PM]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [08/17/2006 09:00 AM]
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [10/20/2006 05:23 PM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" []
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [12/14/2004 02:12 AM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [08/04/2004 06:00 AM]
"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" [03/29/2007 08:10 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [11/13/2006 01:39 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [4/24/2008 7:41:36 AM]
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe [3/23/2006 9:16:32 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [3/18/2008 7:41:36 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll 11/16/2006 03:20 PM 73728 C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1527580400-431555817-312552118-1165\Scripts\Logon\0\0]
"Script"=\\GI.local\SYSVOL\GI.local\scripts\login.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1527580400-431555817-312552118-500\Scripts\Logon\0\0]
"Script"=\\GI.local\SYSVOL\GI.local\scripts\login.bat

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12




-- End of Deckard's System Scanner: finished at 2008-06-17 11:03:44 ------------

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Virus Total scan results:

File newkey received on 06.17.2008 17:56:00 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 0/33 (0%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:


Antivirus Version Last Update Result
AhnLab-V3 2008.6.17.0 2008.06.17 -
AntiVir 7.8.0.55 2008.06.17 -
Authentium 5.1.0.4 2008.06.17 -
Avast 4.8.1195.0 2008.06.16 -
AVG 7.5.0.516 2008.06.16 -
BitDefender 7.2 2008.06.17 -
CAT-QuickHeal 9.50 2008.06.16 -
ClamAV 0.93.1 2008.06.17 -
DrWeb 4.44.0.09170 2008.06.17 -
eSafe 7.0.15.0 2008.06.16 -
eTrust-Vet 31.6.5881 2008.06.17 -
Ewido 4.0 2008.06.17 -
F-Prot 4.4.4.56 2008.06.12 -
F-Secure 6.70.13260.0 2008.06.17 -
Fortinet 3.14.0.0 2008.06.17 -
GData 2.0.7306.1023 2008.06.17 -
Ikarus T3.1.1.26.0 2008.06.17 -
Kaspersky 7.0.0.125 2008.06.17 -
McAfee 5318 2008.06.16 -
Microsoft 1.3604 2008.06.17 -
NOD32v2 3193 2008.06.17 -
Norman 5.80.02 2008.06.16 -
Panda 9.0.0.4 2008.06.16 -
Prevx1 V2 2008.06.17 -
Rising 20.49.11.00 2008.06.17 -
Sophos 4.30.0 2008.06.17 -
Sunbelt 3.0.1153.1 2008.06.15 -
Symantec 10 2008.06.17 -
TheHacker 6.2.92.352 2008.06.17 -
TrendMicro 8.700.0.1004 2008.06.17 -
VBA32 3.12.6.7 2008.06.17 -
VirusBuster 4.3.26:9 2008.06.12 -
Webwasher-Gateway 6.6.2 2008.06.17 -
Additional information
File size: 22729 bytes
MD5...: dcbd3c2c002668c4ba71aed0b1b43838
SHA1..: 75f4564dbd6bf17855781acb2fc5d9804c2ff3ab
SHA256: 480f113bffe03652a19a550fad4302779789f983f30427a3373efb3c2bf06354
SHA512: f1e97c493f0572850b300e5ccb310ed7a45d9127bdc59719b6d0b5d3f1e67588
63a449d94956863a1eed027351b8869b34ad4c68acab8e911dcb08edf116641d
PEiD..: -
PEInfo: -


ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Thank you again for all of your assistance. My system is working much better with each fix. You are the true Guru!!!
  • 0

#9
Rorschach112
Posted 17 June 2008 - 10:52 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
  • 0

#10
AmazingTrans
Posted 17 June 2008 - 11:32 AM

AmazingTrans

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
Malware Bytes Report:

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.17
Database version: 864

12:30:40 PM 6/17/2008
mbam-log-6-17-2008 (12-30-40).txt

Scan type: Quick Scan
Objects scanned: 45695
Time elapsed: 5 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{57a52e74-004c-464b-96cc-4dfe5366ea02} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IJOLA5U7\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\dmoore\Local Settings\Temp\bpxyakam.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\dmoore\Local Settings\Temp\urqRJYrO.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\dmoore\Local Settings\Temporary Internet Files\Content.IE5\6TCFAPSX\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\dmoore\Local Settings\Temporary Internet Files\Content.IE5\ATUNA1IJ\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\dmoore\Local Settings\Temporary Internet Files\Content.IE5\IJOLA5U7\CAB2CBN5 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
  • 0

#11
Rorschach112
Posted 17 June 2008 - 11:36 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean

  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt2.exe to run it.
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to rech the Internet, please allow the application to do so.
  • Click Yes to beging the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.



You now need to update your Java and remove your older versions.

Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here




Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.




Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:

SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program or there will be a conflict.

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.
  • 0

#12
Rorschach112
Posted 22 June 2008 - 10:21 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP