Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Infected with Pop-ups HIJACKTHIS LOG [CLOSED]

Started by G BLAZE , Jun 25 2008 12:53 PM

  • This topic is locked This topic is locked

#1
G BLAZE
Posted 25 June 2008 - 12:53 PM

G BLAZE

    Member

  • Member
  • PipPip
  • 15 posts
This is the UNISTALL LIST from hijack this:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:07:57 PM, on 6/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\WINDOWS\system32\dlbtcoms.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\LANDesk\LDClient\tmcsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\LANDesk\LDClient\softmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\ProtectTools\Embedded Security Software\PSDrt.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SDClientMonitor] "C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [LTAClientEnforcer] C:\Program Files\LANDesk\LDClient\LTAClientEnforcer.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IntelAPMClient] "C:\Program Files\LANDesk\LDClient\amclient.exe" /apm /s /ro /Retry=2 /Tspan=60 /Rstart
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod4\v6\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod4\v6\yhexbmes.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: APSHook.dll gvwsdlrm.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: LANDesk® Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe
O23 - Service: dlbt_device - - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - c:\WINDOWS\system32\flcdlock.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: Intel Local Scheduler Service - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: LANDesk Targeted Multicast (Intel Targeted Multicast) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\tmcsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: LANDesk® Software Monitoring Service (Softmon) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\softmon.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 11272 bytes


Can anyone help me please? Am I infeted?

Edited by G BLAZE, 25 June 2008 - 01:15 PM.

  • 0

Advertisements

#2
Essexboy
Posted 25 June 2008 - 03:05 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yep you are infected - so lets start to clean you up

I will need you to run two programmes in this order

FIRST

Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

SECOND

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.


Logs required : Vundofix and DSS Main and Extra
  • 0

#3
G BLAZE
Posted 25 June 2008 - 03:34 PM

G BLAZE

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
This is the Hijack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:33:19 PM, on 6/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\WINDOWS\system32\dlbtcoms.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\LANDesk\LDClient\tmcsvc.exe
C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\Program Files\LANDesk\LDClient\softmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ProtectTools\Embedded Security Software\PSDrt.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {0A9C88D4-6F70-4BF5-8BEF-572D0FFA9E71} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {AF32E93A-52DE-7D2E-AE4A-7DA2E7E71FE7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.914.9778\swg.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SDClientMonitor] "C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [LTAClientEnforcer] C:\Program Files\LANDesk\LDClient\LTAClientEnforcer.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IntelAPMClient] "C:\Program Files\LANDesk\LDClient\amclient.exe" /apm /s /ro /Retry=2 /Tspan=60 /Rstart
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod4\v6\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod4\v6\yhexbmes.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O20 - AppInit_DLLs: APSHook.dll gvwsdlrm.dll
O20 - Winlogon Notify: DeviceNP - C:\WINDOWS\SYSTEM32\DeviceNP.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: LANDesk® Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe
O23 - Service: dlbt_device - - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - c:\WINDOWS\system32\flcdlock.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: Intel Local Scheduler Service - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: LANDesk Targeted Multicast (Intel Targeted Multicast) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\tmcsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: LANDesk® Software Monitoring Service (Softmon) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\softmon.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 12059 bytes

and this is the vundofix.txt:


VundoFix V7.0.6

Scan started at 4:08:52 PM 6/25/2008

Listing files found while scanning....

C:\Windows\system32\me.exe

Beginning removal...

Attempting to delete C:\Windows\system32\me.exe
C:\Windows\system32\me.exe Has been deleted!

Performing Repairs to the registry.
Done!

=========

Main.TXT:

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-06-25 16:36:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
11: 2008-06-25 21:36:30 UTC - RP11 - Deckard's System Scanner Restore Point
10: 2008-06-25 20:51:32 UTC - RP10 - Removed Ad-Aware 2007
9: 2008-06-25 20:47:39 UTC - RP9 - Installed Windows Internet Explorer 7.
8: 2008-06-25 20:46:55 UTC - RP8 - Installed Windows IDNMitigationAPIs.
7: 2008-06-25 20:46:02 UTC - RP7 - Installed Windows NLSDownlevelMapping.


-- First Restore Point --
1: 2008-06-25 18:07:59 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:37:29 PM, on 6/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\WINDOWS\system32\dlbtcoms.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\LANDesk\LDClient\tmcsvc.exe
C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\Program Files\LANDesk\LDClient\softmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ProtectTools\Embedded Security Software\PSDrt.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {0A9C88D4-6F70-4BF5-8BEF-572D0FFA9E71} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {AF32E93A-52DE-7D2E-AE4A-7DA2E7E71FE7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.914.9778\swg.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SDClientMonitor] "C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [LTAClientEnforcer] C:\Program Files\LANDesk\LDClient\LTAClientEnforcer.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IntelAPMClient] "C:\Program Files\LANDesk\LDClient\amclient.exe" /apm /s /ro /Retry=2 /Tspan=60 /Rstart
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod4\v6\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod4\v6\yhexbmes.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O20 - AppInit_DLLs: APSHook.dll gvwsdlrm.dll
O20 - Winlogon Notify: DeviceNP - C:\WINDOWS\SYSTEM32\DeviceNP.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: LANDesk® Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe
O23 - Service: dlbt_device - - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - c:\WINDOWS\system32\flcdlock.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: Intel Local Scheduler Service - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: LANDesk Targeted Multicast (Intel Targeted Multicast) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\tmcsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: LANDesk® Software Monitoring Service (Softmon) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\softmon.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 12020 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 LxrHP30d - c:\windows\system32\drivers\lxrhp30d.sys
R3 btwmodem (Bluetooth Modem) - c:\windows\system32\drivers\btwmodem.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 4.0.1.3400>

S1 SABKUTIL - c:\program files\superadblocker.com\super ad blocker\sabkutil.sys (file missing)
S1 usbportt - c:\windows\system32\drivers\usbportt.sys (file missing)
S3 SABProcEnum - c:\program files\superadblocker.com\super ad blocker\sabprocenum.sys (file missing)
S3 ZD1211BU(Hawking) (Hawking Hi-Gain Wireless-G USB Dish Adapter(Hawking)) - c:\windows\system32\drivers\zd1211bu.sys <Not Verified; ZyDAS Technology Corporation; ZD1211B 802.11 b+g USB LAN Adapter>
S3 ZDPSp50 (ZDPSp50 NDIS Protocol Driver) - c:\windows\system32\drivers\zdpsp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AdobeActiveFileMonitor4.0 (Adobe Active File Monitor V4) - c:\program files\adobe\photoshop elements 4.0\photoshopelementsfileagent.exe
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 CBA8 (LANDesk® Management Agent) - "c:\program files\landesk\shared files\residentagent.exe" <Not Verified; LANDesk Software, Ltd.; LANDesk® Management Agent>
R2 IFXSpMgtSrv (Security Platform Management Service) - c:\windows\system32\ifxspmgt.exe <Not Verified; Infineon Technologies AG; Infineon TPM Software>
R2 IFXTCS (Trusted Platform Core Service) - c:\windows\system32\ifxtcs.exe <Not Verified; Infineon Technologies AG; Infineon TPM Software>
R2 Intel Local Scheduler Service - "c:\program files\landesk\ldclient\localsch.exe" <Not Verified; LANDesk Software, Ltd.; LANDesk Management Suite>
R2 Intel PDS - c:\windows\system32\cba\pds.exe <Not Verified; LANDesk Software Ltd.; Intel Common Base Agent>
R2 Intel Targeted Multicast (LANDesk Targeted Multicast) - c:\program files\landesk\ldclient\tmcsvc.exe <Not Verified; LANDesk Software, Ltd.; LANDesk Software>
R2 Softmon (LANDesk® Software Monitoring Service) - "c:\program files\landesk\ldclient\softmon.exe" <Not Verified; LANDesk Software, Ltd.; LANDesk Management Suite>

S3 FLCDLOCK (HP ProtectTools Device Locking / Auditing) - c:\windows\system32\flcdlock.exe <Not Verified; Hewlett-Packard Ltd; Device Access Manager>
S3 WLSetupSvc (Windows Live Setup Service) - "c:\program files\windows live\installer\wlsetupsvc.exe" <Not Verified; Microsoft Corporation; Windows Live installer>
S4 LxrHP30s (Lexar HP30) - lxrhp30s.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-25 16:29:44 502 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job
2008-06-25 15:50:00 270 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-06-17 10:13:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-05-25 and 2008-06-25 -----------------------------

2008-06-25 16:08:52 0 d-------- C:\VundoFix Backups
2008-06-25 16:04:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\Yahoo!
2008-06-25 15:48:07 0 d--h----- C:\WINDOWS\msdownld.tmp
2008-06-25 14:44:41 0 d-------- C:\Documents and Settings\Administrator\Application Data\SuperAdBlocker.com
2008-06-25 14:44:29 0 d-------- C:\Program Files\SuperAdBlocker.com
2008-06-25 14:04:01 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-06-25 14:03:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-25 14:03:51 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-25 14:03:38 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-25 13:56:47 0 d-------- C:\Program Files\Trend Micro
2008-06-25 13:32:22 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-25 13:32:01 0 d-------- C:\Program Files\Spyware Doctor
2008-06-25 13:32:01 0 d-------- C:\Documents and Settings\Administrator\Application Data\PC Tools
2008-06-25 13:05:34 0 d-------- C:\WINDOWS\Prefetch
2008-06-25 12:59:43 0 d-------- C:\Program Files\msn gaming zone
2008-06-25 12:37:53 0 d-------- C:\$WIN_NT$.~BT
2008-06-25 12:25:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-25 12:24:46 0 d-------- C:\Documents and Settings\Administrator\Application Data\WinRAR
2008-06-25 12:05:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-25 11:53:00 0 d-------- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
2008-06-25 11:52:50 0 d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-06-25 11:52:43 0 d-------- C:\Program Files\TuneUp Utilities 2008
2008-06-25 11:51:58 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-25 11:21:57 0 d-------- C:\WINDOWS\spywareb
2008-06-25 11:16:17 0 d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-06-24 23:54:05 99840 --a------ C:\WINDOWS\system32\pcalcgdq.dll
2008-06-24 23:51:17 91136 --a------ C:\WINDOWS\system32\sakvwfpk.dll
2008-06-24 23:48:48 91136 --a------ C:\WINDOWS\system32\tmsgthfk.dll
2008-06-24 23:47:08 0 d-------- C:\WINDOWS\pss
2008-06-24 23:21:02 30146560 --a------ C:\WINDOWS\system32\D
2008-06-24 23:18:25 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-06-24 23:10:27 0 d-------- C:\WINDOWS\ccleaner
2008-06-24 21:09:51 99840 --a------ C:\WINDOWS\system32\rvrstycq.dll
2008-06-24 21:07:35 91136 --a------ C:\WINDOWS\system32\xaoxjlrm.dll
2008-06-24 21:06:50 640266 --ahs---- C:\WINDOWS\system32\JQAGQXyb.ini2
2008-06-24 20:42:54 5702 --ah----- C:\WINDOWS\nod32restoretemdono.reg
2008-06-24 20:42:54 568 --ah----- C:\WINDOWS\nod32fixtemdono.reg
2008-06-24 20:41:37 0 d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-06-24 20:28:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-24 20:17:13 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-24 20:17:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-06-23 22:47:24 162321 --a------ C:\WINDOWS\rti2.exe
2008-06-20 21:41:32 60928 --a------ C:\WINDOWS\system32\blphccavj0e39p.scr <Not Verified; Sysinternals; Sysinternals Blue Screen>
2008-06-19 20:09:54 0 --ahs---- C:\Documents and Settings\Administrator\Application Data\0000000000CHEV1.dat
2008-06-18 22:38:58 0 --ahs---- C:\Documents and Settings\Administrator\Application Data\-100000000.dat
2008-06-18 21:06:41 14336 --a------ C:\Documents and Settings\Administrator\Application Data\fgdig.exe
2008-06-14 08:43:04 0 d-------- C:\WINDOWS\system32\3898
2008-06-14 01:27:41 0 d-------- C:\Documents and Settings\Administrator\Application Data\Credential Manager
2008-06-14 01:15:33 653130 --ahs---- C:\WINDOWS\system32\rYadgfii.ini2
2008-06-14 01:15:23 385024 --a------ C:\WINDOWS\installer.exe <Not Verified; ZINAPS Corporation; Zinaps Anti Spyware>
2008-06-14 01:14:43 14336 --a------ C:\Documents and Settings\Administrator\Application Data\rdkaa.exe
2008-06-14 01:12:36 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-06-14 01:10:55 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-06-14 01:10:37 213 --a------ C:\WINDOWS\system32\5055.bat
2008-06-14 01:10:23 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2008-06-14 01:10:22 0 d--hs---- C:\WINDOWS\TkM2NDAwLVhQUFJP
2008-06-14 01:10:22 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-06-14 01:10:13 0 d-------- C:\WINDOWS\system32\stk
2008-06-14 01:10:13 0 d-------- C:\WINDOWS\system32\rLM
2008-06-14 01:10:13 0 d-------- C:\WINDOWS\system32\mgi
2008-06-14 01:10:04 0 d-------- C:\WINDOWS\W?nSxS
2008-06-14 01:09:57 0 d-------- C:\WINDOWS\system32\?ystem32
2008-05-29 21:32:22 0 d-------- C:\Program Files\Windows Media Connect 2
2008-05-29 21:31:20 0 d-------- C:\WINDOWS\system32\drivers\UMDF


-- Find3M Report ---------------------------------------------------------------

2008-06-25 16:28:35 0 d-------- C:\Program Files\Google
2008-06-25 14:03:38 0 d-------- C:\Program Files\Common Files
2008-06-25 12:56:20 23444 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-06-25 00:00:06 4096 --ahs---- C:\Program Files\Thumbs.db
2008-06-24 00:11:14 0 d-------- C:\Program Files\Windows Live Toolbar
2008-06-24 00:10:51 0 d-------- C:\Program Files\QuickTime
2008-06-18 22:39:06 33 --a------ C:\Documents and Settings\Administrator\Application Data\install.ini
2008-06-04 15:55:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\Roxio
2008-06-04 12:17:58 0 d-------- C:\Program Files\LimeWire
2008-05-30 00:40:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\U3
2008-05-19 10:07:54 0 d-------- C:\Documents and Settings\Administrator\Application Data\LimeWire
2008-05-03 00:06:27 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-05-03 00:06:18 0 d-------- C:\Program Files\Windows Live
2008-05-02 14:56:00 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-02 14:53:02 0 d-------- C:\Program Files\Windows Live Favorites
2008-05-02 14:51:14 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-01 23:58:47 0 d-------- C:\Documents and Settings\Administrator\Application Data\WeatherBug
2008-05-01 23:58:43 0 d-------- C:\Program Files\AWS


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0A9C88D4-6F70-4BF5-8BEF-572D0FFA9E71}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF32E93A-52DE-7D2E-AE4A-7DA2E7E71FE7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
06/02/2008 03:56 PM 160496 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [02/20/2008 11:06 AM]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [03/03/2006 11:48 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [03/03/2006 11:46 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 02:11 AM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [05/20/2005 10:11 AM]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [05/06/2005 03:06 PM]
"SDClientMonitor"="C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe" [12/09/2005 04:47 AM]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe" [01/04/2006 12:37 AM]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe" [01/04/2006 12:38 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [03/02/2006 04:39 PM]
"PTHOSTTR"="C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.exe" [06/08/2006 03:02 PM]
"LTAClientEnforcer"="C:\Program Files\LANDesk\LDClient\LTAClientEnforcer.exe" [02/08/2006 08:51 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/04/2008 03:18 PM]
"IntelAPMClient"="C:\Program Files\LANDesk\LDClient\amclient.exe" [12/09/2005 04:56 AM]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [10/12/2005 01:30 PM]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [02/14/2006 11:49 AM]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [02/22/2006 09:03 AM]
"CognizanceTS"="C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll" [12/23/2003 05:12 PM]
"AGRSMMSG"="AGRSMMSG.exe" [12/12/2005 04:00 PM C:\WINDOWS\AGRSMMSG.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [09/09/2005 02:18 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/25/2008 02:29 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2/27/2006 6:02:06 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 2:01:04 AM]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [12/3/2007 11:10:00 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
DeviceNP.dll 01/12/2006 03:05 PM 49152 C:\WINDOWS\system32\DeviceNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
IfxWlxEN.dll 03/03/2006 04:08 PM 434176 C:\WINDOWS\system32\IfxWlxEN.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll 09/09/2006 03:15 AM 63488 C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=APSHook.dll gvwsdlrm.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli AsWlnPkg

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance ASBroker ASChannel


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\bootcd\wintools\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09d4109e-ace3-11dc-af3c-001641f528f1}]
AutoRun\command- E:\JDSecure\Windows\JDSecure31.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a878c218-9f9f-11dc-af2e-0018ded52762}]
AutoRun\command- E:\HPSecure\Windows\HPSecure30.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7f7e9fe-1185-11dd-afc2-001641f528f1}]
AutoRun\command- E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7f7e9ff-1185-11dd-afc2-001641f528f1}]
AutoRun\command- F:\setupSNK.exe




-- End of Deckard's System Scanner: finished at 2008-06-25 16:38:00 ------------

======

DSS Main and Extra



Extra.TXT:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 CPU T7200 @ 2.00GHz
CPU 1: Intel® Core™2 CPU T7200 @ 2.00GHz
Percentage of Memory in Use: 50%
Physical Memory (total/avail): 1023.36 MiB / 508.68 MiB
Pagefile Memory (total/avail): 2459.54 MiB / 2065.83 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1925.17 MiB

C: is Fixed (NTFS) - 74.53 GiB total, 58.01 GiB free.
D: is CDROM (CDFS)
E: is Removable (FAT)

\\.\PHYSICALDRIVE0 - ST980825AS - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.53 GiB - C:

\\.\PHYSICALDRIVE1 - Imation USB Device - 54.91 MiB - 1 partition
\PARTITION0 - 16-bit FAT - 62.5 MiB - E:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.

AV: ESET NOD32 Antivirus 3.0 v3.0 (ESET, spol. s r. o.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\LANDesk\\LDClient\\LTAClientEnforcer.exe"="C:\\Program Files\\LANDesk\\LDClient\\LTAClientEnforcer.exe:*:Enabled:LTAClientEnforcer"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\cba\\pds.exe"="C:\\WINDOWS\\system32\\cba\\pds.exe:*:Enabled:LANDesk Ping Discovery Service"
"C:\\WINDOWS\\system32\\msgsys.exe"="C:\\WINDOWS\\system32\\msgsys.exe:*:Enabled:LANDesk Message Service"
"C:\\Program Files\\LANDesk\\LDClient\\issuser.exe"="C:\\Program Files\\LANDesk\\LDClient\\issuser.exe:*:Enabled:LANDesk Remote Control Agent"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\WINDOWS\\system32\\dlbtcoms.exe"="C:\\WINDOWS\\system32\\dlbtcoms.exe:*:Enabled:Photo AIO Printer 922 Server"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\LANDesk\\Shared Files\\residentagent.exe"="C:\\Program Files\\LANDesk\\Shared Files\\residentagent.exe:*:Enabled:LANDesk® Management Agent"
"C:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe"="C:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe:*:Enabled:Roxio Upnp Service"
"C:\\Program Files\\LANDesk\\LDClient\\LTAClientEnforcer.exe"="C:\\Program Files\\LANDesk\\LDClient\\LTAClientEnforcer.exe:*:Enabled:LTAClientEnforcer"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JOSE
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LDMS_LOCAL_DIR=C:\Program Files\LANDesk\LDClient\Data
LOGONSERVER=\\JOSE
MOZ_CRASHREPORTER_DATA_DIRECTORY=C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Crash Reports
MOZ_CRASHREPORTER_RESTART_ARG_0=C:\Program Files\Mozilla Firefox\firefox.exe
MOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:\Program Files\Mozilla Firefox\crashreporter-override.ini
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\HPQ\IAM\bin;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\Roxio Central\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=JOSE
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINDOWS

-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {637099FB-45FD-4BC7-9651-6FB540DBB749}
--> MsiExec.exe /I{0D330013-4A99-46D6-83C6-2C959C68DBFF}
--> MsiExec.exe /I{26792CA7-D87A-4DBE-896B-C2F66B344511}
--> MsiExec.exe /I{26DE0F0B-9CF1-4796-A1B5-01B912E35B46}
--> MsiExec.exe /I{4355F416-21FD-48E5-8B93-6F8DE5D9F67A}
--> MsiExec.exe /I{637099FB-45FD-4BC7-9651-6FB540DBB749}
--> MsiExec.exe /I{6D4F02C4-F6AF-4659-A933-7FC06235A8D5}
--> MsiExec.exe /I{7FD9FD10-9F7F-4DDF-B9F0-911209FF0CEA}
--> MsiExec.exe /I{8C60949A-46F9-4DD7-BA9F-78C00D9D4C8D}
--> MsiExec.exe /I{C98E5F1B-5C2B-4FD1-BDF9-F3779DCAAA16}
--> MsiExec.exe /I{EB748B9B-F872-4E95-98E8-5CA7E5425DAF}
--> MsiExec.exe /I{F0EACC27-A729-406C-9BF6-C8F10CEC36F8}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 2.0 --> MsiExec.exe /I{8FFC924C-ED06-44CB-8867-3CA778ECE903}
Adobe Photoshop Elements 4.0 --> msiexec /I {EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Agere Systems HDA Modem --> agrsmdel
Apple Mobile Device Support --> MsiExec.exe /I{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}<b



Thank you

Edited by G BLAZE, 25 June 2008 - 03:49 PM.

  • 0

#4
Essexboy
Posted 25 June 2008 - 03:50 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
And moving swiftly on before I go to bed :)

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: (no name) - {0A9C88D4-6F70-4BF5-8BEF-572D0FFA9E71} - (no file)
O9 - Extra button: (no name) - AutorunsDisabled - (no file)

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

THEN

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\system32\pcalcgdq.dll
C:\WINDOWS\system32\sakvwfpk.dll
C:\WINDOWS\system32\tmsgthfk.dll
C:\WINDOWS\system32\rvrstycq.dll
C:\WINDOWS\system32\xaoxjlrm.dll
C:\WINDOWS\system32\JQAGQXyb.ini2
C:\WINDOWS\rti2.exe
C:\WINDOWS\system32\blphccavj0e39p.scr
C:\Documents and Settings\Administrator\Application Data\0000000000CHEV1.dat
C:\Documents and Settings\Administrator\Application Data\-100000000.dat
C:\Documents and Settings\Administrator\Application Data\fgdig.exe
C:\WINDOWS\system32\3898
C:\WINDOWS\system32\rYadgfii.ini2
C:\Documents and Settings\Administrator\Application Data\rdkaa.exe
C:\WINDOWS\system32\5055.bat
C:\WINDOWS\TkM2NDAwLVhQUFJP
C:\WINDOWS\system32\stk
C:\WINDOWS\system32\mgi
C:\WINDOWS\system32\IfxWlxEN.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN
Purity
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

FINALLY FOR NOW

Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet. It is imperative that you install this as it will enable a system recovery in the event of problems

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log and OTMoveit report .
  • 0

#5
G BLAZE
Posted 25 June 2008 - 04:01 PM

G BLAZE

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Results for OTMOVEIT2:

DllUnregisterServer procedure not found in C:\WINDOWS\system32\pcalcgdq.dll
C:\WINDOWS\system32\pcalcgdq.dll NOT unregistered.
C:\WINDOWS\system32\pcalcgdq.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\sakvwfpk.dll
C:\WINDOWS\system32\sakvwfpk.dll NOT unregistered.
C:\WINDOWS\system32\sakvwfpk.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\tmsgthfk.dll
C:\WINDOWS\system32\tmsgthfk.dll NOT unregistered.
C:\WINDOWS\system32\tmsgthfk.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\rvrstycq.dll
C:\WINDOWS\system32\rvrstycq.dll NOT unregistered.
C:\WINDOWS\system32\rvrstycq.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\xaoxjlrm.dll
C:\WINDOWS\system32\xaoxjlrm.dll NOT unregistered.
C:\WINDOWS\system32\xaoxjlrm.dll moved successfully.
C:\WINDOWS\system32\JQAGQXyb.ini2 moved successfully.
C:\WINDOWS\rti2.exe moved successfully.
C:\WINDOWS\system32\blphccavj0e39p.scr moved successfully.
C:\Documents and Settings\Administrator\Application Data\0000000000CHEV1.dat moved successfully.
C:\Documents and Settings\Administrator\Application Data\-100000000.dat moved successfully.
C:\Documents and Settings\Administrator\Application Data\fgdig.exe moved successfully.
C:\WINDOWS\system32\3898 moved successfully.
C:\WINDOWS\system32\rYadgfii.ini2 moved successfully.
C:\Documents and Settings\Administrator\Application Data\rdkaa.exe moved successfully.
C:\WINDOWS\system32\5055.bat moved successfully.
C:\WINDOWS\TkM2NDAwLVhQUFJP moved successfully.
C:\WINDOWS\system32\stk moved successfully.
C:\WINDOWS\system32\mgi moved successfully.
C:\WINDOWS\system32\IfxWlxEN.dll unregistered successfully.
C:\WINDOWS\system32\IfxWlxEN.dll moved successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN\\ not found.
< Purity >
C:\WINDOWS\WіnSxS moved successfully.
C:\WINDOWS\system32\ѕystem32\ѕystem32 moved successfully.
C:\WINDOWS\system32\ѕystem32 moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06252008_165938
====

Thank You A Lot1
  • 0

#6
Essexboy
Posted 26 June 2008 - 01:09 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Coould you please run combofix now

Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet. It is imperative that you install this as it will enable a system recovery in the event of problems

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
  • 0

#7
Essexboy
Posted 02 July 2008 - 01:51 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP