Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

VIRUS ALERT removed via Combofix - Still need help! [RESOLVED]


  • This topic is locked This topic is locked

#1
ujp2pm

ujp2pm

    New Member

  • Member
  • Pip
  • 4 posts
I would greatly appreciate the help! Below is the log file....I am a huge believer in fate and so did not install the recovery console before running Combofix.

Looking forward.

Cheers,
Uday

----
ComboFix 08-06-20.4 - Uday.Parmar 2008-06-26 18:35:43.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1301 [GMT 5.5:30]
Running from: C:\Documents and Settings\uday.parmar\Desktop\Applications\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\ebot.exe
C:\WINDOWS\system32\cIPpWvut.ini
C:\WINDOWS\system32\cIPpWvut.ini2
C:\WINDOWS\system32\gmtwnrja.ini
C:\WINDOWS\system32\huyovagj.ini
C:\WINDOWS\system32\mcrh.tmp

.
((((((((((((((((((((((((( Files Created from 2008-05-26 to 2008-06-26 )))))))))))))))))))))))))))))))
.

2008-06-26 11:14 . 2008-06-26 12:36 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-06-26 11:14 . 2008-06-26 11:14 <DIR> d-------- C:\Documents and Settings\uday.parmar\Application Data\PC Tools
2008-06-26 11:14 . 2008-06-26 18:40 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-26 11:14 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-06-26 11:14 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-06-26 11:14 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-06-26 11:14 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-06-26 10:55 . 2008-06-26 10:55 <DIR> d-------- C:\Documents and Settings\uday.parmar\Application Data\Sammsoft
2008-06-26 10:51 . 2008-06-26 10:51 <DIR> d-------- C:\Program Files\Advanced Registry Optimizer
2008-06-26 10:39 . 2008-06-26 10:39 <DIR> d-------- C:\WINDOWS\system32\runtime
2008-06-26 10:30 . 2008-06-26 11:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-26 10:01 . 2008-06-26 10:01 <DIR> d-------- C:\Program Files\SpyGuarder
2008-06-26 10:00 . 2008-06-26 10:01 669,184 --a------ C:\Documents and Settings\uday.parmar\Application Data\spyguarder.exe
2008-06-25 13:02 . 2008-06-25 13:02 0 --a------ C:\WINDOWS\VPC32.INI
2008-06-25 12:15 . 2008-06-25 12:15 28,288 --a------ C:\WINDOWS\system32\iifgHbcb.dll
2008-06-25 12:11 . 2008-06-25 12:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd
2008-06-25 12:11 . 2008-06-25 10:14 245,760 --a------ C:\WINDOWS\gfetqaxsmnw.dll
2008-06-25 12:11 . 2008-06-25 10:14 229,376 --a------ C:\WINDOWS\pntqkflv.dll
2008-06-25 12:11 . 2008-06-25 10:14 180,224 --a------ C:\WINDOWS\qegbdmwf.dll
2008-06-25 12:11 . 2008-06-25 10:14 155,648 --a------ C:\WINDOWS\gxvpsafm.dll
2008-06-25 12:11 . 2008-06-25 10:15 81,920 --a------ C:\WINDOWS\tovafrnm.exe
2008-06-20 19:16 . 2008-06-20 19:16 <DIR> d-------- C:\WINDOWS\Sun
2008-06-20 15:33 . 2008-06-20 15:33 56,312 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-06-20 14:44 . 2008-06-20 14:44 <DIR> d-------- C:\Program Files\Safari
2008-06-20 14:44 . 2008-06-20 14:44 <DIR> d-------- C:\Program Files\Bonjour
2008-06-20 12:49 . 2008-06-20 12:49 <DIR> d-------- C:\Program Files\iTunes
2008-06-20 12:49 . 2008-06-20 12:49 <DIR> d-------- C:\Program Files\iPod
2008-06-20 12:48 . 2008-06-20 12:48 <DIR> d-------- C:\Program Files\QuickTime
2008-06-20 12:45 . 2008-06-20 12:45 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-06-20 11:49 . 2008-06-20 11:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-06-20 11:40 . 2008-06-20 11:40 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-20 11:40 . 2008-06-20 11:40 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-19 21:20 . 2008-06-19 21:22 <DIR> d-------- C:\Program Files\Picasa2
2008-06-19 15:24 . 2008-06-19 15:24 <DIR> d-------- C:\Documents and Settings\uday.parmar\Application Data\Blackberry Desktop
2008-06-19 13:10 . 2008-06-19 13:10 <DIR> d-------- C:\Documents and Settings\uday.parmar\Application Data\Research In Motion
2008-06-19 13:04 . 2008-06-19 13:05 <DIR> d-------- C:\Program Files\Common Files\Research In Motion
2008-06-19 11:24 . 2008-06-19 11:24 <DIR> d--hs---- C:\Documents and Settings\uday.parmar\UserData
2008-06-19 01:02 . 2008-06-19 11:36 <DIR> d-------- C:\Documents and Settings\uday.parmar\Application Data\Yahoo!
2008-06-19 00:58 . 2008-06-19 11:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-06-19 00:48 . 2008-06-19 13:06 <DIR> d-------- C:\Program Files\Yahoo!
2008-06-18 15:24 . 2008-06-18 15:24 <DIR> d-------- C:\0c5de81afebb1b72f2ed93cc35
2008-06-18 13:31 . 2008-06-20 14:44 <DIR> d-------- C:\Documents and Settings\uday.parmar\Application Data\Apple Computer
2008-06-18 13:29 . 2008-06-20 12:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-18 13:28 . 2008-06-20 15:30 <DIR> d-------- C:\Program Files\Apple Software Update
2008-06-17 10:33 . 2008-06-17 10:33 <DIR> d--h----- C:\WINDOWS\PIF
2008-06-17 10:33 . 2001-08-17 13:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2008-06-17 10:33 . 2001-08-17 13:56 7,552 --a------ C:\WINDOWS\system32\dllcache\sonypvu1.sys
2008-06-16 15:41 . 2008-06-22 18:52 <DIR> d-------- C:\Documents and Settings\uday.parmar\Application Data\skypePM
2008-06-16 15:41 . 2008-06-16 15:41 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-06-16 15:37 . 2008-06-22 19:22 <DIR> d-------- C:\Documents and Settings\uday.parmar\Application Data\Skype
2008-06-16 15:35 . 2008-06-16 15:35 <DIR> d-------- C:\Program Files\Seabyrd Technologies
2008-06-16 14:10 . 2008-06-16 17:07 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared
2008-06-16 13:59 . 2008-06-16 13:59 <DIR> d-------- C:\Program Files\Research In Motion
2008-06-16 12:06 . 2008-06-24 14:36 256 --a------ C:\WINDOWS\system32\pool.bin
2008-06-16 12:02 . 2008-06-16 12:02 <DIR> d-------- C:\2afddc8408863366f3b00a
2008-06-16 11:59 . 2008-06-16 17:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Roxio
2008-06-16 11:55 . 2007-01-18 10:24 26,496 -ra------ C:\WINDOWS\system32\drivers\RimSerial.sys
2008-06-16 11:50 . 2008-06-16 11:50 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-06-16 11:48 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-06-16 11:48 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys
2008-06-14 21:59 . 2006-08-21 14:44 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-06-14 21:59 . 2006-08-21 14:44 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-06-14 21:59 . 2006-08-21 17:51 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-06-14 21:57 . 2008-06-14 21:57 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-06-14 20:44 . 2008-06-14 20:44 <DIR> d-------- C:\Documents and Settings\uday.parmar\Application Data\Toshiba
2008-06-14 18:16 . 2008-06-14 18:17 <DIR> d-------- C:\temp\ext18866
2008-06-14 18:16 . 2008-06-16 14:02 <DIR> d-------- C:\temp
2008-06-14 18:16 . 2008-06-14 18:16 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-06-14 18:14 . 2008-06-14 18:39 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-06-14 18:14 . 2008-06-14 18:14 <DIR> d-------- C:\WINDOWS\Logs
2008-06-14 18:00 . 2008-06-26 10:36 <DIR> d-------- C:\Program Files\Norton Security Scan
2008-06-14 17:53 . 2008-06-14 17:57 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-06-14 12:09 . 2008-06-17 19:19 97 --a------ C:\WINDOWS\WirelessFTP.INI
2008-06-14 12:06 . 2008-06-13 18:40 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 12:06 . 2008-06-13 18:40 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-14 00:22 . 2004-08-04 03:38 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2008-05-27 10:50 . 2008-05-27 10:50 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-05-27 10:50 . 2008-05-27 10:50 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-26 13:10 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-06-26 05:24 --------- d-----w C:\Program Files\Google
2008-06-26 04:19 --------- d-----w C:\Program Files\Online Backup
2008-06-18 14:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-18 14:28 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-16 11:37 --------- d-----w C:\Program Files\Roxio
2008-06-16 11:36 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-06-16 06:36 --------- d-----w C:\Documents and Settings\uday.parmar\Application Data\InstallShield
2008-06-13 10:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
2008-06-13 10:32 --------- d--h--w C:\Documents and Settings\uday.parmar\Application Data\GTek
2008-06-13 10:30 --------- d-----w C:\Documents and Settings\uday.parmar\Application Data\Wave Systems Corp
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83798BB2-00CD-4CF4-84CC-D814DC7A510F}]
2008-06-26 10:01 27648 --a------ C:\Program Files\SpyGuarder\redir.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83EB5BB1-B24D-41FB-8D66-7F570E5BFA80}]
2008-06-25 10:14 245760 --a------ C:\WINDOWS\gfetqaxsmnw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7D1DDA59-1111-444F-95B3-2B3B9264BB4E}"= "C:\WINDOWS\gxvpsafm.dll" [2008-06-25 10:14 155648]

[HKEY_CLASSES_ROOT\clsid\{7d1dda59-1111-444f-95b3-2b3b9264bb4e}]
[HKEY_CLASSES_ROOT\gxvpsafm.1]
[HKEY_CLASSES_ROOT\TypeLib\{B74C2292-C9E7-439C-ACF0-632399AB2A6C}]
[HKEY_CLASSES_ROOT\gxvpsafm]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 17:39 460784]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-16 16:08 68856]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 04:40 218032]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:30 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 06:53 443968]
"AROReminder"="C:\Program Files\Advanced Registry Optimizer\aro.exe" [2008-04-09 14:22 2135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2007-09-19 23:55 159744]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-05-31 21:20 8429568]
"nwiz"="nwiz.exe" [2007-05-31 21:20 1626112 C:\WINDOWS\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2007-05-31 21:20 67584 C:\WINDOWS\system32\nvhotkey.dll]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-05-31 21:20 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 18:33 36975]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-12-05 22:54 405504]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2007-07-20 22:25 1228800]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2007-10-09 09:47 2183168]
"systray"="C:\Program Files\Dell\Dell Mobile Broadband\systray.exe" [2007-04-13 19:57 331851]
"WavXMgr"="C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 15:25 92160]
"SecureUpgrade"="C:\Program Files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 16:23 218424]
"KADxMain"="C:\WINDOWS\system32\KADxMain.exe" [2006-11-02 19:35 282624]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-11 04:40 218032]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 04:40 86960]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 14:30 1116920]
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 22:53 118784]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-16 16:08 1838592]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2007-05-24 12:33 17920]
"SMA6.8"="c:\SvcTools\6.8\bin\lnchr.exe" [2006-02-02 23:14 364544]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-05-30 05:03 52840]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-06-07 01:55 125632]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-02 02:52 3739648]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 11:13 267048]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 12:55 1103240]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 10:30 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 07:18:20 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 05:31:50 734872]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-01-12 02:13:46 2150400]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-03-16 15:51:54 50688]
Online Backup TaskBar Icon.LNK - C:\Program Files\Online Backup\CBSysTray.exe [2008-03-20 20:15:12 118851]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"qegbdmwf"= {30046B9B-6FF2-42AA-A6AD-A19333A87E39} - C:\WINDOWS\qegbdmwf.dll [2008-06-25 10:14 180224]
"pntqkflv"= {707746E7-76C3-47BC-8EB1-91A90EB4AE80} - C:\WINDOWS\pntqkflv.dll [2008-06-25 10:14 229376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll 2006-11-16 20:50 73728 C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvUlKDS]
tuvUlKDS.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\SonicWALL\\SonicWALL Global VPN Client\\SWGVpnClient.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R0 PBADRV;PBADRV;C:\WINDOWS\system32\DRIVERS\PBADRV.sys [2007-09-07 15:27]
R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 16:05]
R1 RCFOX;SonicWALL IPsec Driver;C:\WINDOWS\system32\Drivers\RCFOX.sys [2004-10-15 16:16]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;"C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe" -service []
R2 SMA6.8;Software Management Agent 6.8;c:\SvcTools\6.8\bin\lnchr.exe [2006-02-02 23:14]
R2 TdmService;TdmService;C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe [2007-09-07 22:59]
R2 Wave UCSPlus;Wave UCSPlus;C:\WINDOWS\system32\dllhost.exe [2004-08-04 10:30]
R2 WavxDMgr;WavxDMgr;C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys [2007-09-10 15:25]
R3 DXEC01;DXEC01;C:\WINDOWS\system32\drivers\dxec01.sys [2006-11-02 18:02]
R3 NWDellModem;Dell Wireless Mobile Broadband Modem Driver;C:\WINDOWS\system32\DRIVERS\nwdelmdm.sys [2007-08-15 21:56]
R3 NWDellPort;Dell Wireless Mobile Broadband Status Port Driver;C:\WINDOWS\system32\DRIVERS\nwdelser.sys [2007-08-15 21:56]
R3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2007-03-22 19:42]
R3 rcvpn;SonicWALL VPN Adapter;C:\WINDOWS\system32\DRIVERS\rcvpn.sys [2003-08-20 19:31]
R3 WaveFDE;Wave System Power Monitor Device Driver;C:\WINDOWS\system32\DRIVERS\WaveFDE.sys [2007-09-06 14:48]
S3 SecureStorageService;SecureStorageService;"C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe" [2007-08-31 23:09]
S3 WaveEnrollmentService;WaveEnrollmentService;"C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe" [2007-09-13 20:01]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e795b1da-3979-11dd-b885-001e37afdc3f}]
\Shell\AutoRun\command - E:\ino6.com
\Shell\explore\Command - E:\ino6.com
\Shell\open\Command - E:\ino6.com

.
Contents of the 'Scheduled Tasks' folder
"2008-06-20 06:20:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-22 13:29:46 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-26 18:40:46
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\WINDOWS\system32\scardsvr.exe
C:\Program Files\Online Backup\AGENTSRV.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\stacsv.exe
C:\svctools\6.8\bin\hbeat.exe
C:\svctools\pkg\swmeter\swmeter.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\RealVNC\VNC4\winvnc4.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\hidfind.exe
C:\Program Files\DellTPad\ApntEx.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
.
**************************************************************************
.
Completion time: 2008-06-26 18:43:19 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-26 13:13:13

Pre-Run: 100,933,910,528 bytes free
Post-Run: 101,255,868,416 bytes free

277 --- E O F --- 2008-06-24 16:55:27
  • 0

Advertisements


#2
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hi,

I strongly recommend that you install the Recovery Console though, because this computer is still infected.
The reason why Recovery Console is recommended is because malware damages a lot and causes an instable system - and because of that, it may happen that your computer won't be able to boot anymore. With the Recovery Console installed, there are extra options present to repair whatever malware damaged. Also, even though you're not infected, the presence of the Recovery Console is a useful feature in case a computer won't boot anymore because of several other reasons. Read here what you can do with the Recovery Console.

Extra note: After you have installed the Recovery Console - if you reboot your computer, right after reboot, you'll see the option for the Recovery Console now as well.
Don't select to run the Recovery Console as we don't need it.
By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows.

Please uninstall SpyGuarder since this is a rogue scanner.
Also uninstall Advanced Registry Optimizer since it's also a rogue program and Registry Cleaning etc is dangerous in the first place.
Also see here: http://miekiemoes.bl...weaking_13.html
Reboot after uninstall.

Then, * Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

File::
C:\Documents and Settings\uday.parmar\Application Data\spyguarder.exe
C:\WINDOWS\system32\iifgHbcb.dll
C:\WINDOWS\gfetqaxsmnw.dll
C:\WINDOWS\pntqkflv.dll
C:\WINDOWS\qegbdmwf.dll
C:\WINDOWS\gxvpsafm.dll
C:\WINDOWS\tovafrnm.exe
Folder::
C:\Program Files\SpyGuarder
C:\Program Files\Advanced Registry Optimizer
Dirlook::
C:\temp\ext18866
C:\WINDOWS\system32\runtime
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83798BB2-00CD-4CF4-84CC-D814DC7A510F}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83EB5BB1-B24D-41FB-8D66-7F570E5BFA80}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7D1DDA59-1111-444F-95B3-2B3B9264BB4E}"=-
[-HKEY_CLASSES_ROOT\clsid\{7d1dda59-1111-444f-95b3-2b3b9264bb4e}]
[-HKEY_CLASSES_ROOT\gxvpsafm.1]
[-HKEY_CLASSES_ROOT\TypeLib\{B74C2292-C9E7-439C-ACF0-632399AB2A6C}]
[-HKEY_CLASSES_ROOT\gxvpsafm]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"qegbdmwf"=-
"pntqkflv"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvUlKDS]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e795b1da-3979-11dd-b885-001e37afdc3f}]


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.

Also, do you still have one of the problems related with Virus alert as I described here?
http://miekiemoes.bl...to-restore.html
  • 0

#3
ujp2pm

ujp2pm

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hi,

Thanks a ton for your help! Give my non-tech brain to assimilate all this information and I will get back on this for sure.

1. I have uninstalled SpyGuarder but the folder "C:\Program Files\SpyGuarder" cannot be deleted.

2. How do I uninstall Advanced Registry Optimizer?

3. I guess the next thing before I proceed to run Combofix again is install the Recovery Console...but how do I do that? My comp was sent from the UK and doesnt have any installation CD with it. I believe there is a remote install option but I am very confused as to how to use it.

Looking forward to your 2nd post.

Nice dog btw! I just got owned by a Pug :-)

Cheers,
Uday
  • 0

#4
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hi,

If you can't delete the SpyGuarder folder, don't worry, the steps with Combofix covers it.
But, did you reboot after uninstalling? Because that's important.

To uninstall Advanced Registry Optimizer, uninstall it via software > add & remove programs. If it's not listed there, don't worry either. Combofix deletes it as well afterwards.

For the Recovery console.. I guess you didn't read the instructions how to run Combofix in the first place. You should always read instructions, because as a matter of fact, we don't recommend to run Combofix without guidance.
http://www.bleepingc...to-use-combofix

There it is explained how to install the Recovery console with the use of Combofix, so you don't need your CD for that.
I'll explain it how to do this:

* Download WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe from here: http://www.microsoft...0c-0a0205368124

Drag the file you've downloaded from the Microsoft website into Combofix.exe as you see in the image below:

Posted Image

This will install the Recovery console and run Combofix once again.
After the Recovery console has been installed, and Combofix has finished, perform the step with the CFScript. :)
  • 0

#5
ujp2pm

ujp2pm

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hi,

Phew, this isn't easy stuff....

--------
--------
HERE IS THE LOG FILE BEFORE CFSCRIPT:

ComboFix 08-06-20.4 - Uday.Parmar 2008-06-27 17:42:15.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1302 [GMT 5.5:30]
Running from: C:\Documents and Settings\uday.parmar\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\uday.parmar\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-05-27 to 2008-06-27 )))))))))))))))))))))))))))))))
.

2008-06-27 11:42 . 2008-06-27 11:42 321,522 --a------ C:\Documents and Settings\uday.parmar\Application Data\sg.dll
2008-06-27 02:44 . 2008-06-27 02:45 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-06-26 20:21 . 2008-06-26 20:21 <DIR> d-------- C:\Documents and Settings\uday.parmar\Application Data\Talkback
2008-06-26 20:21 . 2008-06-26 20:21 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-06-26 11:14 . 2008-06-26 18:57 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-06-26 11:14 . 2008-06-26 11:14 <DIR> d-------- C:\Documents and Settings\uday.parmar\Application Data\PC Tools
2008-06-26 11:14 . 2008-06-27 17:46 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-26 11:14 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-06-26 11:14 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-06-26 11:14 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-06-26 11:14 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-06-26 10:39 . 2008-06-26 10:39 <DIR> d-------- C:\WINDOWS\system32\runtime
2008-06-26 10:30 . 2008-06-27 12:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-26 10:01 . 2008-06-27 11:45 <DIR> d-------- C:\Program Files\SpyGuarder
2008-06-26 10:00 . 2008-06-26 10:01 669,184 --a------ C:\Documents and Settings\uday.parmar\Application Data\spyguarder.exe
2008-06-25 13:02 . 2008-06-25 13:02 0 --a------ C:\WINDOWS\VPC32.INI
2008-06-25 12:15 . 2008-06-25 12:15 28,288 --a------ C:\WINDOWS\system32\iifgHbcb.dll
2008-06-25 12:11 . 2008-06-25 12:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd
2008-06-25 12:11 . 2008-06-25 10:14 245,760 --a------ C:\WINDOWS\gfetqaxsmnw.dll
2008-06-25 12:11 . 2008-06-25 10:14 229,376 --a------ C:\WINDOWS\pntqkflv.dll
2008-06-25 12:11 . 2008-06-25 10:14 180,224 --a------ C:\WINDOWS\qegbdmwf.dll
2008-06-25 12:11 . 2008-06-25 10:14 155,648 --a------ C:\WINDOWS\gxvpsafm.dll
2008-06-25 12:11 . 2008-06-25 10:15 81,920 --a------ C:\WINDOWS\tovafrnm.exe
2008-06-20 19:16 . 2008-06-20 19:16 <DIR> d-------- C:\WINDOWS\Sun
2008-06-20 15:33 . 2008-06-20 15:33 56,312 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-06-20 14:44 . 2008-06-20 14:44 <DIR> d-------- C:\Program Files\Safari
2008-06-20 14:44 . 2008-06-20 14:44 <DIR> d-------- C:\Program Files\Bonjour
2008-06-20 12:49 . 2008-06-20 12:49 <DIR> d-------- C:\Program Files\iTunes
2008-06-20 12:49 . 2008-06-20 12:49 <DIR> d-------- C:\Program Files\iPod
2008-06-20 12:48 . 2008-06-20 12:48 <DIR> d-------- C:\Program Files\QuickTime
2008-06-20 12:45 . 2008-06-20 12:45 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-06-20 11:49 . 2008-06-20 11:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-06-20 11:40 . 2008-06-20 11:40 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-20 11:40 . 2008-06-20 11:40 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-19 21:20 . 2008-06-19 21:22 <DIR> d-------- C:\Program Files\Picasa2
2008-06-19 15:24 . 2008-06-19 15:24 <DIR> d-------- C:\Documents and Settings\uday.parmar\Application Data\Blackberry Desktop
2008-06-19 13:10 . 2008-06-19 13:10 <DIR> d-------- C:\Documents and Settings\uday.parmar\Application Data\Research In Motion
2008-06-19 13:04 . 2008-06-19 13:05 <DIR> d-------- C:\Program Files\Common Files\Research In Motion
2008-06-19 11:24 . 2008-06-19 11:24 <DIR> d--hs---- C:\Documents and Settings\uday.parmar\UserData
2008-06-19 01:02 . 2008-06-19 11:36 <DIR> d-------- C:\Documents and Settings\uday.parmar\Application Data\Yahoo!
2008-06-19 00:58 . 2008-06-19 11:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-06-19 00:48 . 2008-06-19 13:06 <DIR> d-------- C:\Program Files\Yahoo!
2008-06-18 15:24 . 2008-06-18 15:24 <DIR> d-------- C:\0c5de81afebb1b72f2ed93cc35
2008-06-18 13:31 . 2008-06-20 14:44 <DIR> d-------- C:\Documents and Settings\uday.parmar\Application Data\Apple Computer
2008-06-18 13:29 . 2008-06-20 12:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-18 13:28 . 2008-06-20 15:30 <DIR> d-------- C:\Program Files\Apple Software Update
2008-06-17 10:33 . 2008-06-17 10:33 <DIR> d--h----- C:\WINDOWS\PIF
2008-06-17 10:33 . 2001-08-17 13:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2008-06-17 10:33 . 2001-08-17 13:56 7,552 --a------ C:\WINDOWS\system32\dllcache\sonypvu1.sys
2008-06-16 15:41 . 2008-06-22 18:52 <DIR> d-------- C:\Documents and Settings\uday.parmar\Application Data\skypePM
2008-06-16 15:41 . 2008-06-16 15:41 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-06-16 15:37 . 2008-06-22 19:22 <DIR> d-------- C:\Documents and Settings\uday.parmar\Application Data\Skype
2008-06-16 15:35 . 2008-06-16 15:35 <DIR> d-------- C:\Program Files\Seabyrd Technologies
2008-06-16 14:10 . 2008-06-16 17:07 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared
2008-06-16 13:59 . 2008-06-16 13:59 <DIR> d-------- C:\Program Files\Research In Motion
2008-06-16 12:06 . 2008-06-24 14:36 256 --a------ C:\WINDOWS\system32\pool.bin
2008-06-16 12:02 . 2008-06-16 12:02 <DIR> d-------- C:\2afddc8408863366f3b00a
2008-06-16 11:59 . 2008-06-16 17:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Roxio
2008-06-16 11:55 . 2007-01-18 10:24 26,496 -ra------ C:\WINDOWS\system32\drivers\RimSerial.sys
2008-06-16 11:50 . 2008-06-16 11:50 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-06-16 11:48 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-06-16 11:48 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys
2008-06-14 21:59 . 2006-08-21 14:44 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-06-14 21:59 . 2006-08-21 14:44 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-06-14 21:59 . 2006-08-21 17:51 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-06-14 21:57 . 2008-06-14 21:57 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-06-14 20:44 . 2008-06-14 20:44 <DIR> d-------- C:\Documents and Settings\uday.parmar\Application Data\Toshiba
2008-06-14 18:16 . 2008-06-14 18:17 <DIR> d-------- C:\temp\ext18866
2008-06-14 18:16 . 2008-06-16 14:02 <DIR> d-------- C:\temp
2008-06-14 18:16 . 2008-06-14 18:16 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-06-14 18:14 . 2008-06-14 18:39 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-06-14 18:14 . 2008-06-14 18:14 <DIR> d-------- C:\WINDOWS\Logs
2008-06-14 18:00 . 2008-06-26 10:36 <DIR> d-------- C:\Program Files\Norton Security Scan
2008-06-14 17:53 . 2008-06-14 17:57 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-06-14 12:09 . 2008-06-17 19:19 97 --a------ C:\WINDOWS\WirelessFTP.INI
2008-06-14 12:06 . 2008-06-13 18:40 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 12:06 . 2008-06-13 18:40 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-14 00:22 . 2004-08-04 03:38 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2008-05-27 10:50 . 2008-05-27 10:50 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-05-27 10:50 . 2008-05-27 10:50 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-27 12:16 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-06-26 20:18 --------- d-----w C:\Program Files\Online Backup
2008-06-26 05:24 --------- d-----w C:\Program Files\Google
2008-06-18 14:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-18 14:28 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-16 11:37 --------- d-----w C:\Program Files\Roxio
2008-06-16 11:36 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-06-16 06:36 --------- d-----w C:\Documents and Settings\uday.parmar\Application Data\InstallShield
2008-06-13 10:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
2008-06-13 10:32 --------- d--h--w C:\Documents and Settings\uday.parmar\Application Data\GTek
2008-06-13 10:30 --------- d-----w C:\Documents and Settings\uday.parmar\Application Data\Wave Systems Corp
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83EB5BB1-B24D-41FB-8D66-7F570E5BFA80}]
2008-06-25 10:14 245760 --a------ C:\WINDOWS\gfetqaxsmnw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7D1DDA59-1111-444F-95B3-2B3B9264BB4E}"= "C:\WINDOWS\gxvpsafm.dll" [2008-06-25 10:14 155648]

[HKEY_CLASSES_ROOT\clsid\{7d1dda59-1111-444f-95b3-2b3b9264bb4e}]
[HKEY_CLASSES_ROOT\gxvpsafm.1]
[HKEY_CLASSES_ROOT\TypeLib\{B74C2292-C9E7-439C-ACF0-632399AB2A6C}]
[HKEY_CLASSES_ROOT\gxvpsafm]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 17:39 460784]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-16 16:08 68856]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 04:40 218032]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:30 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 06:53 443968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2007-09-19 23:55 159744]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-05-31 21:20 8429568]
"nwiz"="nwiz.exe" [2007-05-31 21:20 1626112 C:\WINDOWS\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2007-05-31 21:20 67584 C:\WINDOWS\system32\nvhotkey.dll]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-05-31 21:20 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 18:33 36975]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-12-05 22:54 405504]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2007-07-20 22:25 1228800]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2007-10-09 09:47 2183168]
"systray"="C:\Program Files\Dell\Dell Mobile Broadband\systray.exe" [2007-04-13 19:57 331851]
"WavXMgr"="C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 15:25 92160]
"SecureUpgrade"="C:\Program Files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 16:23 218424]
"KADxMain"="C:\WINDOWS\system32\KADxMain.exe" [2006-11-02 19:35 282624]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-11 04:40 218032]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 04:40 86960]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 14:30 1116920]
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 22:53 118784]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-16 16:08 1838592]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2007-05-24 12:33 17920]
"SMA6.8"="c:\SvcTools\6.8\bin\lnchr.exe" [2006-02-02 23:14 364544]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-05-30 05:03 52840]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-06-07 01:55 125632]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-02 02:52 3739648]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 11:13 267048]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 12:55 1103240]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 10:30 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-01-12 02:13:46 2150400]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-03-16 15:51:54 50688]
Online Backup TaskBar Icon.LNK - C:\Program Files\Online Backup\CBSysTray.exe [2008-03-20 20:15:12 118851]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"qegbdmwf"= {30046B9B-6FF2-42AA-A6AD-A19333A87E39} - C:\WINDOWS\qegbdmwf.dll [2008-06-25 10:14 180224]
"pntqkflv"= {707746E7-76C3-47BC-8EB1-91A90EB4AE80} - C:\WINDOWS\pntqkflv.dll [2008-06-25 10:14 229376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll 2006-11-16 20:50 73728 C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvUlKDS]
tuvUlKDS.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\SonicWALL\\SonicWALL Global VPN Client\\SWGVpnClient.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R0 PBADRV;PBADRV;C:\WINDOWS\system32\DRIVERS\PBADRV.sys [2007-09-07 15:27]
R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 16:05]
R1 RCFOX;SonicWALL IPsec Driver;C:\WINDOWS\system32\Drivers\RCFOX.sys [2004-10-15 16:16]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;"C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe" -service []
R2 SMA6.8;Software Management Agent 6.8;c:\SvcTools\6.8\bin\lnchr.exe [2006-02-02 23:14]
R2 TdmService;TdmService;C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe [2007-09-07 22:59]
R2 Wave UCSPlus;Wave UCSPlus;C:\WINDOWS\system32\dllhost.exe [2004-08-04 10:30]
R2 WavxDMgr;WavxDMgr;C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys [2007-09-10 15:25]
R3 DXEC01;DXEC01;C:\WINDOWS\system32\drivers\dxec01.sys [2006-11-02 18:02]
R3 NWDellModem;Dell Wireless Mobile Broadband Modem Driver;C:\WINDOWS\system32\DRIVERS\nwdelmdm.sys [2007-08-15 21:56]
R3 NWDellPort;Dell Wireless Mobile Broadband Status Port Driver;C:\WINDOWS\system32\DRIVERS\nwdelser.sys [2007-08-15 21:56]
R3 rcvpn;SonicWALL VPN Adapter;C:\WINDOWS\system32\DRIVERS\rcvpn.sys [2003-08-20 19:31]
R3 WaveFDE;Wave System Power Monitor Device Driver;C:\WINDOWS\system32\DRIVERS\WaveFDE.sys [2007-09-06 14:48]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2007-03-22 19:42]
S3 SecureStorageService;SecureStorageService;"C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe" [2007-08-31 23:09]
S3 WaveEnrollmentService;WaveEnrollmentService;"C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe" [2007-09-13 20:01]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e795b1da-3979-11dd-b885-001e37afdc3f}]
\Shell\AutoRun\command - E:\ino6.com
\Shell\explore\Command - E:\ino6.com
\Shell\open\Command - E:\ino6.com

.
Contents of the 'Scheduled Tasks' folder
"2008-06-20 06:20:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-22 13:29:46 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-27 17:47:04
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\WINDOWS\system32\scardsvr.exe
C:\Program Files\Online Backup\AGENTSRV.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\stacsv.exe
C:\svctools\pkg\swmeter\swmeter.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\RealVNC\VNC4\winvnc4.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\hidfind.exe
C:\Program Files\DellTPad\ApntEx.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
.
**************************************************************************
.
Completion time: 2008-06-27 17:49:38 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-27 12:19:31

Pre-Run: 100,927,864,832 bytes free
Post-Run: 100,901,453,824 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

272 --- E O F --- 2008-06-24 16:55:27
--------
--------



--------
--------
HERE IT IS AFTER RUNNING WITH CFSCRIPT

ComboFix 08-06-20.4 - Uday.Parmar 2008-06-27 17:51:49.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1322 [GMT 5.5:30]
Running from: C:\Documents and Settings\uday.parmar\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\uday.parmar\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Documents and Settings\uday.parmar\Application Data\spyguarder.exe
C:\WINDOWS\gfetqaxsmnw.dll
C:\WINDOWS\gxvpsafm.dll
C:\WINDOWS\pntqkflv.dll
C:\WINDOWS\qegbdmwf.dll
C:\WINDOWS\system32\iifgHbcb.dll
C:\WINDOWS\tovafrnm.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\uday.parmar\Application Data\spyguarder.exe
C:\Program Files\SpyGuarder
C:\Program Files\SpyGuarder\redir.dll
C:\Program Files\SpyGuarder\Uninstall.exe
C:\WINDOWS\gfetqaxsmnw.dll
C:\WINDOWS\gxvpsafm.dll
C:\WINDOWS\pntqkflv.dll
C:\WINDOWS\qegbdmwf.dll
C:\WINDOWS\system32\iifgHbcb.dll
C:\WINDOWS\tovafrnm.exe

.
((((((((((((((((((((((((( Files Created from 2008-05-27 to 2008-06-27 )))))))))))))))))))))))))))))))
.

2008-06-27 11:42 . 2008-06-27 11:42 321,522 --a------ C:\Documents and Settings\uday.parmar\Application Data\sg.dll
2008-06-27 02:44 . 2008-06-27 02:45 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-06-26 20:21 . 2008-06-26 20:21 <DIR> d-------- C:\Documents and Settings\uday.parmar\Application Data\Talkback
2008-06-26 20:21 . 2008-06-26 20:21 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-06-26 11:14 . 2008-06-26 18:57 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-06-26 11:14 . 2008-06-26 11:14 <DIR> d-------- C:\Documents and Settings\uday.parmar\Application Data\PC Tools
2008-06-26 11:14 . 2008-06-27 17:56 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-26 11:14 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-06-26 11:14 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-06-26 11:14 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-06-26 11:14 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-06-26 10:39 . 2008-06-26 10:39 <DIR> d-------- C:\WINDOWS\system32\runtime
2008-06-26 10:30 . 2008-06-27 12:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-25 13:02 . 2008-06-25 13:02 0 --a------ C:\WINDOWS\VPC32.INI
2008-06-25 12:11 . 2008-06-25 12:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd
2008-06-20 19:16 . 2008-06-20 19:16 <DIR> d-------- C:\WINDOWS\Sun
2008-06-20 15:33 . 2008-06-20 15:33 56,312 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-06-20 14:44 . 2008-06-20 14:44 <DIR> d-------- C:\Program Files\Safari
2008-06-20 14:44 . 2008-06-20 14:44 <DIR> d-------- C:\Program Files\Bonjour
2008-06-20 12:49 . 2008-06-20 12:49 <DIR> d-------- C:\Program Files\iTunes
2008-06-20 12:49 . 2008-06-20 12:49 <DIR> d-------- C:\Program Files\iPod
2008-06-20 12:48 . 2008-06-20 12:48 <DIR> d-------- C:\Program Files\QuickTime
2008-06-20 12:45 . 2008-06-20 12:45 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-06-20 11:49 . 2008-06-20 11:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-06-20 11:40 . 2008-06-20 11:40 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-20 11:40 . 2008-06-20 11:40 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-19 21:20 . 2008-06-19 21:22 <DIR> d-------- C:\Program Files\Picasa2
2008-06-19 15:24 . 2008-06-19 15:24 <DIR> d-------- C:\Documents and Settings\uday.parmar\Application Data\Blackberry Desktop
2008-06-19 13:10 . 2008-06-19 13:10 <DIR> d-------- C:\Documents and Settings\uday.parmar\Application Data\Research In Motion
2008-06-19 13:04 . 2008-06-19 13:05 <DIR> d-------- C:\Program Files\Common Files\Research In Motion
2008-06-19 11:24 . 2008-06-19 11:24 <DIR> d--hs---- C:\Documents and Settings\uday.parmar\UserData
2008-06-19 01:02 . 2008-06-19 11:36 <DIR> d-------- C:\Documents and Settings\uday.parmar\Application Data\Yahoo!
2008-06-19 00:58 . 2008-06-19 11:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-06-19 00:48 . 2008-06-19 13:06 <DIR> d-------- C:\Program Files\Yahoo!
2008-06-18 15:24 . 2008-06-18 15:24 <DIR> d-------- C:\0c5de81afebb1b72f2ed93cc35
2008-06-18 13:31 . 2008-06-20 14:44 <DIR> d-------- C:\Documents and Settings\uday.parmar\Application Data\Apple Computer
2008-06-18 13:29 . 2008-06-20 12:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-18 13:28 . 2008-06-20 15:30 <DIR> d-------- C:\Program Files\Apple Software Update
2008-06-17 10:33 . 2008-06-17 10:33 <DIR> d--h----- C:\WINDOWS\PIF
2008-06-17 10:33 . 2001-08-17 13:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2008-06-17 10:33 . 2001-08-17 13:56 7,552 --a------ C:\WINDOWS\system32\dllcache\sonypvu1.sys
2008-06-16 15:41 . 2008-06-22 18:52 <DIR> d-------- C:\Documents and Settings\uday.parmar\Application Data\skypePM
2008-06-16 15:41 . 2008-06-16 15:41 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-06-16 15:37 . 2008-06-22 19:22 <DIR> d-------- C:\Documents and Settings\uday.parmar\Application Data\Skype
2008-06-16 15:35 . 2008-06-16 15:35 <DIR> d-------- C:\Program Files\Seabyrd Technologies
2008-06-16 14:10 . 2008-06-16 17:07 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared
2008-06-16 13:59 . 2008-06-16 13:59 <DIR> d-------- C:\Program Files\Research In Motion
2008-06-16 12:06 . 2008-06-24 14:36 256 --a------ C:\WINDOWS\system32\pool.bin
2008-06-16 12:02 . 2008-06-16 12:02 <DIR> d-------- C:\2afddc8408863366f3b00a
2008-06-16 11:59 . 2008-06-16 17:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Roxio
2008-06-16 11:55 . 2007-01-18 10:24 26,496 -ra------ C:\WINDOWS\system32\drivers\RimSerial.sys
2008-06-16 11:50 . 2008-06-16 11:50 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-06-16 11:48 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-06-16 11:48 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys
2008-06-14 21:59 . 2006-08-21 14:44 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-06-14 21:59 . 2006-08-21 14:44 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-06-14 21:59 . 2006-08-21 17:51 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-06-14 21:57 . 2008-06-14 21:57 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-06-14 20:44 . 2008-06-14 20:44 <DIR> d-------- C:\Documents and Settings\uday.parmar\Application Data\Toshiba
2008-06-14 18:16 . 2008-06-14 18:17 <DIR> d-------- C:\temp\ext18866
2008-06-14 18:16 . 2008-06-16 14:02 <DIR> d-------- C:\temp
2008-06-14 18:16 . 2008-06-14 18:16 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-06-14 18:14 . 2008-06-14 18:39 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-06-14 18:14 . 2008-06-14 18:14 <DIR> d-------- C:\WINDOWS\Logs
2008-06-14 18:00 . 2008-06-26 10:36 <DIR> d-------- C:\Program Files\Norton Security Scan
2008-06-14 17:53 . 2008-06-14 17:57 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-06-14 12:09 . 2008-06-17 19:19 97 --a------ C:\WINDOWS\WirelessFTP.INI
2008-06-14 12:06 . 2008-06-13 18:40 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 12:06 . 2008-06-13 18:40 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-14 00:22 . 2004-08-04 03:38 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2008-05-27 10:50 . 2008-05-27 10:50 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-05-27 10:50 . 2008-05-27 10:50 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-27 12:26 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-06-26 20:18 --------- d-----w C:\Program Files\Online Backup
2008-06-26 05:24 --------- d-----w C:\Program Files\Google
2008-06-18 14:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-18 14:28 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-16 11:37 --------- d-----w C:\Program Files\Roxio
2008-06-16 11:36 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-06-16 06:36 --------- d-----w C:\Documents and Settings\uday.parmar\Application Data\InstallShield
2008-06-13 10:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
2008-06-13 10:32 --------- d--h--w C:\Documents and Settings\uday.parmar\Application Data\GTek
2008-06-13 10:30 --------- d-----w C:\Documents and Settings\uday.parmar\Application Data\Wave Systems Corp
2008-05-30 08:49 507,400 ----a-w C:\WINDOWS\system32\XAudio2_1.dll
2008-05-30 08:48 238,088 ----a-w C:\WINDOWS\system32\xactengine3_1.dll
2008-05-30 08:47 65,032 ----a-w C:\WINDOWS\system32\XAPOFX1_0.dll
2008-05-30 08:47 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_4.dll
2008-05-30 08:41 467,984 ----a-w C:\WINDOWS\system32\d3dx10_38.dll
2008-05-30 08:41 3,850,760 ----a-w C:\WINDOWS\system32\D3DX9_38.dll
2008-05-30 08:41 1,491,992 ----a-w C:\WINDOWS\system32\D3DCompiler_38.dll
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-21 07:04 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-21 07:04 659,456 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2008-04-21 07:04 615,936 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2008-04-21 07:04 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
2008-04-21 07:04 1,494,528 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
2008-04-17 10:52 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\temp\ext18866 ----

2008-03-31 21:51 153104 --a------ C:\temp\ext18866\install.exe
2008-03-31 21:51 1065480 --a------ C:\temp\ext18866\install.res.dll

---- Directory of C:\WINDOWS\system32\runtime ----



((((((((((((((((((((((((((((( [email protected]_17.49.11.53 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-27 12:15:48 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-27 12:25:22 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 17:39 460784]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-16 16:08 68856]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 04:40 218032]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:30 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 06:53 443968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2007-09-19 23:55 159744]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-05-31 21:20 8429568]
"nwiz"="nwiz.exe" [2007-05-31 21:20 1626112 C:\WINDOWS\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2007-05-31 21:20 67584 C:\WINDOWS\system32\nvhotkey.dll]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-05-31 21:20 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 18:33 36975]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-12-05 22:54 405504]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2007-07-20 22:25 1228800]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2007-10-09 09:47 2183168]
"systray"="C:\Program Files\Dell\Dell Mobile Broadband\systray.exe" [2007-04-13 19:57 331851]
"WavXMgr"="C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 15:25 92160]
"SecureUpgrade"="C:\Program Files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 16:23 218424]
"KADxMain"="C:\WINDOWS\system32\KADxMain.exe" [2006-11-02 19:35 282624]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-11 04:40 218032]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 04:40 86960]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 14:30 1116920]
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 22:53 118784]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-16 16:08 1838592]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2007-05-24 12:33 17920]
"SMA6.8"="c:\SvcTools\6.8\bin\lnchr.exe" [2006-02-02 23:14 364544]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-05-30 05:03 52840]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-06-07 01:55 125632]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-02 02:52 3739648]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 11:13 267048]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 12:55 1103240]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 10:30 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-01-12 02:13:46 2150400]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-03-16 15:51:54 50688]
Online Backup TaskBar Icon.LNK - C:\Program Files\Online Backup\CBSysTray.exe [2008-03-20 20:15:12 118851]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll 2006-11-16 20:50 73728 C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\SonicWALL\\SonicWALL Global VPN Client\\SWGVpnClient.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R0 PBADRV;PBADRV;C:\WINDOWS\system32\DRIVERS\PBADRV.sys [2007-09-07 15:27]
R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 16:05]
R1 RCFOX;SonicWALL IPsec Driver;C:\WINDOWS\system32\Drivers\RCFOX.sys [2004-10-15 16:16]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;"C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe" -service []
R2 SMA6.8;Software Management Agent 6.8;c:\SvcTools\6.8\bin\lnchr.exe [2006-02-02 23:14]
R2 TdmService;TdmService;C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe [2007-09-07 22:59]
R2 Wave UCSPlus;Wave UCSPlus;C:\WINDOWS\system32\dllhost.exe [2004-08-04 10:30]
R2 WavxDMgr;WavxDMgr;C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys [2007-09-10 15:25]
R3 DXEC01;DXEC01;C:\WINDOWS\system32\drivers\dxec01.sys [2006-11-02 18:02]
R3 NWDellModem;Dell Wireless Mobile Broadband Modem Driver;C:\WINDOWS\system32\DRIVERS\nwdelmdm.sys [2007-08-15 21:56]
R3 NWDellPort;Dell Wireless Mobile Broadband Status Port Driver;C:\WINDOWS\system32\DRIVERS\nwdelser.sys [2007-08-15 21:56]
R3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2007-03-22 19:42]
R3 rcvpn;SonicWALL VPN Adapter;C:\WINDOWS\system32\DRIVERS\rcvpn.sys [2003-08-20 19:31]
R3 WaveFDE;Wave System Power Monitor Device Driver;C:\WINDOWS\system32\DRIVERS\WaveFDE.sys [2007-09-06 14:48]
S3 SecureStorageService;SecureStorageService;"C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe" [2007-08-31 23:09]
S3 WaveEnrollmentService;WaveEnrollmentService;"C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe" [2007-09-13 20:01]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.
Contents of the 'Scheduled Tasks' folder
"2008-06-20 06:20:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-22 13:29:46 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-27 17:56:43
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\WINDOWS\system32\scardsvr.exe
C:\Program Files\Online Backup\AGENTSRV.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\stacsv.exe
C:\svctools\6.8\bin\hbeat.exe
C:\svctools\pkg\swmeter\swmeter.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\RealVNC\VNC4\winvnc4.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\hidfind.exe
C:\Program Files\DellTPad\ApntEx.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
.
**************************************************************************
.
Completion time: 2008-06-27 17:59:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-27 12:29:10
ComboFix2.txt 2008-06-27 12:19:39

Pre-Run: 100,896,403,456 bytes free
Post-Run: 100,881,338,368 bytes free

292 --- E O F --- 2008-06-24 16:55:27
--------
--------


--------
--------
AND HERE IS THE HIJACKTHIS LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:22, on 2008-06-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Online Backup\AgentSrv.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
c:\SvcTools\6.8\bin\lnchr.exe
C:\WINDOWS\system32\StacSV.exe
c:\SvcTools\pkg\swmeter\swmeter.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\Dell Mobile Broadband\systray.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\SvcTools\6.8\bin\lnchr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Online Backup\CBSysTray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Safari\Safari.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.del.......;l=en&s=gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=5080316
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://web.morgancha...s.com/Marketing
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [systray] C:\Program Files\Dell\Dell Mobile Broadband\systray.exe
O4 - HKLM\..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
O4 - HKLM\..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [SMA6.8] c:\SvcTools\6.8\bin\lnchr.exe --context=user --control-dir=c:\SvcTools\6.8\ctrl
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run:
  • 0

#6
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hi,

Navigate to and delete the following folder:

C:\temp\ext18866

Can you repost your HijackThislog please? Because the log is incomplete.
  • 0

#7
ujp2pm

ujp2pm

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hi,

Done. File deleted.

Here is the log. My machine has really slowed down in the past 2 min.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:17, on 2008-06-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Online Backup\AgentSrv.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
c:\SvcTools\6.8\bin\lnchr.exe
C:\WINDOWS\system32\StacSV.exe
c:\SvcTools\pkg\swmeter\swmeter.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\Dell Mobile Broadband\systray.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\SvcTools\6.8\bin\lnchr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Online Backup\CBSysTray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.del.......;l=en&s=gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=5080316
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://web.morgancha...s.com/Marketing
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [systray] C:\Program Files\Dell\Dell Mobile Broadband\systray.exe
O4 - HKLM\..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
O4 - HKLM\..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [SMA6.8] c:\SvcTools\6.8\bin\lnchr.exe --context=user --control-dir=c:\SvcTools\6.8\ctrl
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Online Backup TaskBar Icon.LNK = C:\Program Files\Online Backup\CBSysTray.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin....nderControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1205937475968
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ntnetwork.local
O17 - HKLM\Software\..\Telephony: DomainName = ntnetwork.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ntnetwork.local
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: gemsafe - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll
O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\Online Backup\AgentSrv.EXE
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: Software Management Agent 6.8 (SMA6.8) - Everdream - c:\SvcTools\6.8\bin\lnchr.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NTRU TSS v1.2.1.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
O23 - Service: WaveEnrollmentService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O24 - Desktop Component 1: Privacy Protection - (no file)

--
End of file - 14695 bytes

Cheers,
Uday
  • 0

#8
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hi,

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O24 - Desktop Component 1: Privacy Protection - (no file)


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Then, * Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.


Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!

Edited by miekiemoes, 27 June 2008 - 10:57 AM.

  • 0

#9
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP