Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

VIRUS ALERT! virus [CLOSED]

Started by SATCOMguy , Jul 09 2008 08:51 AM

  • This topic is locked This topic is locked

#1
SATCOMguy
Posted 09 July 2008 - 08:51 AM

SATCOMguy

    New Member

  • Member
  • Pip
  • 4 posts
My machine has recently been infected with a fake virus alert. I've run some anti-spy software and have recovered most of it (a lot of trojan zlob). However, I still have the VIRUS ALERT! in my system tray, and cannot see "Programs, My Computer, Run, or Control Panel, etc. from the start menu. I can get to Task Manager now though. If anyone can help it would be much appreciated. Here is a log from OTScanIt:


[code=auto:0]OTScanIt logfile created on: 7/9/2008 10:35:45 AM
OTScanIt by OldTimer - Version 1.0.16.1 Folder = C:\Documents and Settings\Administrator\Desktop\OTScanIt
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 65.13% Memory free
3.85 Gb Paging File | 3.24 Gb Available in Paging File | 84.16% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.72 Gb Total Space | 24.53 Gb Free Space | 21.96% Space Free | Partition Type: NTFS
Drive D: | 3.55 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D2LVPZC1
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 104.0.11.1 | Size = 169632 bytes | Modified Date = 7/19/2006 7:26:12 PM | Attr = ]
acevents.exe -> %ProgramFiles%\ActivIdentity\ActivClient\acevents.exe -> ActivIdentity [Ver = 3,0,0,22 | Size = 62464 bytes | Modified Date = 1/30/2007 8:58:12 AM | Attr = ]
ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 104.0.11.1 | Size = 192160 bytes | Modified Date = 7/19/2006 7:26:06 PM | Attr = ]
spbbcsvc.exe -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 2.2.0.7 | Size = 1160848 bytes | Modified Date = 4/11/2006 5:13:38 PM | Attr = ]
wltrysvc.exe -> %SystemRoot%\System32\WLTRYSVC.EXE -> [Ver = | Size = 20480 bytes | Modified Date = 11/22/2006 6:35:50 PM | Attr = ]
bcmwltry.exe -> %SystemRoot%\System32\bcmwltry.exe -> Dell Inc. [Ver = 4.100.15.8 | Size = 1253376 bytes | Modified Date = 11/22/2006 6:32:58 PM | Attr = ]
acachsrv.exe -> %ProgramFiles%\ActivIdentity\ActivClient\acachsrv.exe -> ActivIdentity [Ver = 3,0,0,5 | Size = 74240 bytes | Modified Date = 11/10/2006 12:29:04 PM | Attr = ]
acautoup.exe -> %ProgramFiles%\ActivIdentity\ActivClient\acautoup.exe -> ActivIdentity [Ver = 3,0,0,4 | Size = 26624 bytes | Modified Date = 11/10/2006 12:29:02 PM | Attr = ]
accoca.exe -> %ProgramFiles%\ActivIdentity\ActivClient\accoca.exe -> ActivIdentity [Ver = 3,0,0,6 | Size = 129536 bytes | Modified Date = 11/10/2006 12:29:06 PM | Attr = ]
defwatch.exe -> %ProgramFiles%\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 10.1.5.5000 | Size = 31472 bytes | Modified Date = 9/27/2006 8:33:22 PM | Attr = ]
nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8313 | Size = 143428 bytes | Modified Date = 1/19/2006 9:14:00 AM | Attr = ]
rtvscan.exe -> %ProgramFiles%\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 10.1.5.5000 | Size = 1813232 bytes | Modified Date = 9/27/2006 8:33:32 PM | Attr = ]
tcsd_win32.exe -> %ProgramFiles%\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe -> [Ver = | Size = 180224 bytes | Modified Date = 6/12/2006 11:01:14 AM | Attr = ]
viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 5:38:08 PM | Attr = ]
apoint.exe -> %ProgramFiles%\Apoint\Apoint.exe -> Alps Electric Co., Ltd. [Ver = 5.5.101.155 | Size = 176128 bytes | Modified Date = 10/7/2005 1:13:38 PM | Attr = R ]
wltray.exe -> %SystemRoot%\system32\WLTRAY.exe -> Dell Inc. [Ver = 4.100.15.8 | Size = 1392640 bytes | Modified Date = 11/22/2006 6:35:50 PM | Attr = ]
stsystra.exe -> %SystemRoot%\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4995.1 nd446 cp1 | Size = 282624 bytes | Modified Date = 3/24/2006 5:30:44 PM | Attr = ]
docmgr.exe -> %ProgramFiles%\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe -> Wave Systems Corp. [Ver = 05.03.00.017 | Size = 102400 bytes | Modified Date = 9/8/2006 9:32:54 AM | Attr = ]
dvdlauncher.exe -> %ProgramFiles%\CyberLink\PowerDVD\DVDLauncher.exe -> CyberLink Corp. [Ver = 3.00.0000 | Size = 49152 bytes | Modified Date = 12/9/2005 9:29:52 PM | Attr = ]
dlactrlw.exe -> %SystemRoot%\System32\DLA\DLACTRLW.EXE -> Sonic Solutions [Ver = 5.20.08a | Size = 122940 bytes | Modified Date = 9/8/2005 6:20:00 AM | Attr = ]
issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 81920 bytes | Modified Date = 7/27/2004 5:50:18 PM | Attr = ]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 104.0.11.1 | Size = 52896 bytes | Modified Date = 7/19/2006 7:26:04 PM | Attr = ]
vptray.exe -> %SystemDrive%\PROGRA~1\SYMANT~1\VPTray.exe -> Symantec Corporation [Ver = 10.1.5.5000 | Size = 125168 bytes | Modified Date = 9/27/2006 8:33:44 PM | Attr = ]
acrotray.exe -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe -> Adobe Systems Inc. [Ver = 8.1.2.2008011100 | Size = 623992 bytes | Modified Date = 1/11/2008 8:54:31 PM | Attr = ]
mccitrayapp.exe -> %ProgramFiles%\BellSouthWCC\McciTrayApp.exe -> Motive Communications, Inc. [Ver = 4,0,0,16 | Size = 543232 bytes | Modified Date = 11/17/2005 2:19:56 PM | Attr = ]
hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard [Ver = 80, 1, 0, 0 | Size = 54840 bytes | Modified Date = 5/8/2007 4:24:20 PM | Attr = ]
hidfind.exe -> %ProgramFiles%\Apoint\HidFind.exe -> Alps Electric Co., Ltd. [Ver = 1.1.0.23 | Size = 45056 bytes | Modified Date = 6/28/2004 10:56:12 PM | Attr = R ]
apntex.exe -> %ProgramFiles%\Apoint\Apntex.exe -> Alps Electric Co., Ltd. [Ver = 5.5.1.22 | Size = 45056 bytes | Modified Date = 7/27/2005 3:41:08 PM | Attr = R ]
monitor.exe -> %SystemRoot%\PixArt\PAC207\Monitor.exe -> PixArt Imaging Incorporation [Ver = 0001.0004.2006.1103 | Size = 319488 bytes | Modified Date = 11/3/2006 11:01:16 AM | Attr = ]
flockbox.exe -> %ProgramFiles%\My Lockbox\flockbox.exe -> FSPro Labs [Ver = 1.2.1.61 | Size = 1071472 bytes | Modified Date = 12/14/2007 4:59:20 PM | Attr = ]
accrdsub.exe -> %ProgramFiles%\ActivIdentity\ActivClient\accrdsub.exe -> ActivIdentity [Ver = 6,0,0,29 | Size = 275968 bytes | Modified Date = 11/10/2006 12:28:08 PM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.5.0_06\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 36975 bytes | Modified Date = 11/10/2005 2:03:52 PM | Attr = ]
acevents.exe -> %ProgramFiles%\ActivIdentity\ActivClient\acevents.exe -> ActivIdentity [Ver = 3,0,0,22 | Size = 62464 bytes | Modified Date = 1/30/2007 8:58:12 AM | Attr = ]
spyhunter3.exe -> %ProgramFiles%\Enigma Software Group\SpyHunter\SpyHunter3.exe -> Enigma Software Group USA, LLC. [Ver = 1.0.30.0 | Size = 851968 bytes | Modified Date = 6/19/2008 4:48:00 PM | Attr = ]
netwaiting.exe -> %ProgramFiles%\NetWaiting\netWaiting.exe -> [Ver = | Size = 20480 bytes | Modified Date = 9/10/2003 3:24:00 AM | Attr = ]
superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 4, 15, 0, 1000 | Size = 1506544 bytes | Modified Date = 5/28/2008 10:33:34 AM | Attr = ]
acsagent.exe -> %ProgramFiles%\ActivIdentity\ActivClient\acsagent.exe -> ActivIdentity [Ver = 6,0,0,12 | Size = 77312 bytes | Modified Date = 11/10/2006 12:27:58 PM | Attr = ]
dlg.exe -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 10/29/2003 3:06:00 AM | Attr = ]
autoupdate.exe -> %ProgramFiles%\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe -> Wave Systems Corp. [Ver = 05.03.00.002 | Size = 192512 bytes | Modified Date = 8/25/2006 10:45:30 AM | Attr = ]
hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Development Company, L.P. [Ver = 61.0.163.000 | Size = 282624 bytes | Modified Date = 12/15/2005 11:40:44 AM | Attr = ]
fnplicensingservice.exe -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 6/1/2007 10:26:05 AM | Attr = ]
hpqnrs08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqnrs08.exe -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 139264 bytes | Modified Date = 2/19/2006 5:29:46 AM | Attr = ]
hpqste08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqSTE08.exe -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 239320 bytes | Modified Date = 2/19/2006 5:24:52 AM | Attr = ]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.1 | Size = 396800 bytes | Modified Date = 7/5/2008 11:19:06 AM | Attr = ]
hpzinw12.exe -> %SystemRoot%\system32\HPZinw12.exe -> HP [Ver = 10, 1, 1, 2 | Size = 65536 bytes | Modified Date = 3/14/2005 1:39:06 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(acachsrv) ActivClient Authentication Service [Win32_Own | Auto | Running] -> %ProgramFiles%\ActivIdentity\ActivClient\acachsrv.exe -> ActivIdentity [Ver = 3,0,0,5 | Size = 74240 bytes | Modified Date = 11/10/2006 12:29:04 PM | Attr = ]
(acautoup) ActivClient Auto-Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\ActivIdentity\ActivClient\acautoup.exe -> ActivIdentity [Ver = 3,0,0,4 | Size = 26624 bytes | Modified Date = 11/10/2006 12:29:02 PM | Attr = ]
(accoca) ActivClient Middleware Service [Win32_Own | Auto | Running] -> %ProgramFiles%\ActivIdentity\ActivClient\accoca.exe -> ActivIdentity [Ver = 3,0,0,6 | Size = 129536 bytes | Modified Date = 11/10/2006 12:29:06 PM | Attr = ]
(Alerter) Alerter [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found
(ALG) Application Layer Gateway Service [Win32_Own | On_Demand | Running] -> %SystemRoot%\System32\alg.exe -> File not found
(AppMgmt) Application Management [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found
(AresChatServer) Ares Chatroom server [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Ares\chatServer.exe -> Ares Development Group [Ver = 2.0.7.3029 | Size = 263168 bytes | Modified Date = 3/19/2007 9:19:14 PM | Attr = ]
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> File not found
(AudioSrv) Windows Audio [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\svchost.exe -> File not found
(BITS) Background Intelligent Transfer Service [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> File not found
(Browser) Computer Browser [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> File not found
(ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 104.0.11.1 | Size = 192160 bytes | Modified Date = 7/19/2006 7:26:06 PM | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 104.0.11.1 | Size = 169632 bytes | Modified Date = 7/19/2006 7:26:12 PM | Attr = ]
(CiSvc) Indexing Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\cisvc.exe -> File not found
(ClipSrv) ClipBook [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\clipsrv.exe -> File not found
(CryptSvc) Cryptographic Services [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> File not found
(DcomLaunch) DCOM Server Process Launcher [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\ -> File not found
(DefWatch) Symantec AntiVirus Definition Watcher [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 10.1.5.5000 | Size = 31472 bytes | Modified Date = 9/27/2006 8:33:22 PM | Attr = ]
(Dhcp) DHCP Client [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> File not found
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\dmadmin.exe -> File not found
(dmserver) Logical Disk Manager [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\svchost.exe -> File not found
(Dnscache) DNS Client [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> File not found
(ERSvc) Error Reporting Service [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\svchost.exe -> File not found
(Eventlog) Event Log [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\services.exe -> File not found
(FastUserSwitchingCompatibility) Fast User Switching Compatibility [Win32_Shared | On_Demand | Running] -> %SystemRoot%\System32\svchost.exe -> File not found
(Fax) Fax [Win32_Own | Auto | Stopped] -> %systemroot%\system32\fxssvc.exe -> File not found
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 6/1/2007 10:26:05 AM | Attr = ]
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\svchost.exe -> File not found
(HidServ) Human Interface Device Access [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\System32\svchost.exe -> File not found
(HP Port Resolver) HP Port Resolver [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\spool\drivers\w32x86\3\HPBPRO.EXE -> Hewlett-Packard Company [Ver = 1, 0, 50, 0 | Size = 81920 bytes | Modified Date = 5/20/2005 10:37:12 AM | Attr = ]
(HP Status Server) HP Status Server [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\spool\drivers\w32x86\3\HPBOID.EXE -> Hewlett-Packard Company [Ver = 1, 0, 46, 0 | Size = 73728 bytes | Modified Date = 10/16/2004 5:31:06 AM | Attr = ]
(HTTPFilter) HTTP SSL [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\svchost.exe -> File not found
(lanmanserver) Server [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> File not found
(lanmanworkstation) Workstation [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> File not found
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %SystemDrive%\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE -> Symantec Corporation [Ver = 3.1.0.99 | Size = 2528960 bytes | Modified Date = 9/2/2006 4:36:33 PM | Attr = ]
(LmHosts) TCP/IP NetBIOS Helper [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> File not found
(Messenger) Messenger [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found
(NetDDE) Network DDE [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\system32\netdde.exe -> File not found
(NetDDEdsdm) Network DDE DSDM [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\system32\netdde.exe -> File not found
(Netlogon) Net Logon [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\lsass.exe -> File not found
(Netman) Network Connections [Win32_Shared | On_Demand | Running] -> %SystemRoot%\System32\svchost.exe -> File not found
(Nla) Network Location Awareness (NLA) [Win32_Shared | On_Demand | Running] -> %SystemRoot%\system32\svchost.exe -> File not found
(NtLmSsp) NT LM Security Support Provider [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\lsass.exe -> File not found
(NtmsSvc) Removable Storage [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> File not found
(PlugPlay) Plug and Play [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\services.exe -> File not found
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\HPZipm12.exe -> HP [Ver = 10, 1, 1, 6 | Size = 73728 bytes | Modified Date = 8/9/2007 3:27:52 AM | Attr = ]
(PolicyAgent) IPSEC Services [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\lsass.exe -> File not found
(ProtectedStorage) Protected Storage [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\lsass.exe -> File not found
(RasAuto) Remote Access Auto Connection Manager [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found
(RasMan) Remote Access Connection Manager [Win32_Shared | On_Demand | Running] -> %SystemRoot%\system32\svchost.exe -> File not found
(RemoteAccess) Routing and Remote Access [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found
(RemoteRegistry) Remote Registry [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> File not found
(RpcLocator) Remote Procedure Call (RPC) Locator [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\locator.exe -> File not found
(RSVP) QoS RSVP [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\rsvp.exe -> File not found
(SamSs) Security Accounts Manager [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\lsass.exe -> File not found
(SavRoam) SavRoam [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec AntiVirus\SavRoam.exe -> symantec [Ver = 10.1.5.5000 | Size = 116464 bytes | Modified Date = 9/27/2006 8:33:38 PM | Attr = ]
(SCardSvr) Smart Card [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\SCardSvr.exe -> File not found
(Schedule) Task Scheduler [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\svchost.exe -> File not found
(seclogon) Secondary Logon [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\svchost.exe -> File not found
(SENS) System Event Notification [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> File not found
(SharedAccess) Windows Firewall/Internet Connection Sharing (ICS) [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> File not found
(ShellHWDetection) Shell Hardware Detection [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\svchost.exe -> File not found
(SNDSrvc) Symantec Network Drivers Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 6.0.4.402 | Size = 214720 bytes | Modified Date = 8/7/2006 4:03:02 PM | Attr = ]
(SPBBCSvc) Symantec SPBBCSvc [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 2.2.0.7 | Size = 1160848 bytes | Modified Date = 4/11/2006 5:13:38 PM | Attr = ]
(Spooler) Print Spooler [Win32_Own | Auto | Running] -> %SystemRoot%\system32\spoolsv.exe -> File not found
(srservice) System Restore Service [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> File not found
(SSDPSRV) SSDP Discovery Service [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found
(stisvc) Windows Image Acquisition (WIA) [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> File not found
(Symantec AntiVirus) Symantec AntiVirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 10.1.5.5000 | Size = 1813232 bytes | Modified Date = 9/27/2006 8:33:32 PM | Attr = ]
(SysmonLog) Performance Logs and Alerts [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\smlogsvc.exe -> File not found
(TapiSrv) Telephony [Win32_Shared | On_Demand | Running] -> %SystemRoot%\System32\svchost.exe -> File not found
(tcsd_win32.exe) NTRU Hybrid TSS v2.0.25 TCS [Win32_Own | Auto | Running] -> %ProgramFiles%\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe -> [Ver = | Size = 180224 bytes | Modified Date = 6/12/2006 11:01:14 AM | Attr = ]
(TermService) Terminal Services [Win32_Shared | On_Demand | Running] -> %SystemRoot%\System32\ -> File not found
(Themes) Themes [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\svchost.exe -> File not found
(TrkWks) Distributed Link Tracking Client [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> File not found
(upnphost) Universal Plug and Play Device Host [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found
(UPS) Uninterruptible Power Supply [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\System32\ups.exe -> File not found
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 5:38:08 PM | Attr = ]
(VSS) Volume Shadow Copy [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\System32\vssvc.exe -> File not found
(w32time) Windows Time [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> File not found
(WebClient) WebClient [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> File not found
(winmgmt) Windows Management Instrumentation [Win32_Shared | Auto | Running] -> %systemroot%\system32\svchost.exe -> File not found
(wltrysvc) Dell Wireless WLAN Tray Service [Win32_Own | Auto | Running] -> %SystemRoot%\System32\WLTRYSVC.EXE %SystemRoot%\System32\bcmwltry.exe -> File not found
(WmdmPmSN) Portable Media Serial Number Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\svchost.exe -> File not found
(Wmi) Windows Management Instrumentation Driver Extensions [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\svchost.exe -> File not found
(wscsvc) Security Center [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\svchost.exe -> File not found
(wuauserv) Automatic Updates [Win32_Shared | Disabled | Stopped] -> %systemroot%\system32\svchost.exe -> File not found
(WudfSvc) Windows Driver Foundation - User-mode Driver Framework [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> File not found
(WZCSVC) Wireless Zero Configuration [Win32_Shared | Auto | Stopped] -> %SystemRoot%\System32\svchost.exe -> File not found
(xmlprov) Network Provisioning Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\svchost.exe -> File not found

[Driver Services - Non-Microsoft Only]
(AliIde) AliIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 8/17/2001 2:51:56 PM | Attr = ]
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\amdagp.sys -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Modified Date = 8/4/2004 12:07:44 AM | Attr = ]
(ApfiltrService) Alps Touch Pad Filter Driver for Windows 2000/XP [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\Apfiltr.sys -> Alps Electric Co., Ltd. [Ver = 5.5.1.297 | Size = 113847 bytes | Modified Date = 9/28/2005 7:57:18 PM | Attr = R ]
(asc) asc [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\asc.sys -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 8/17/2001 2:52:00 PM | Attr = ]
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\asc3550.sys -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 8/17/2001 2:51:58 PM | Attr = ]
(b57w2k) Broadcom NetXtreme Gigabit Ethernet [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\b57xp32.sys -> Broadcom Corporation [Ver = 8.48.0.0 built by: WinDDK | Size = 142720 bytes | Modified Date = 11/10/2005 10:25:14 AM | Attr = ]
(BCM43XX) Dell Wireless WLAN Card Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\bcmwl5.sys -> Broadcom Corporation [Ver = 4.100.15.5 | Size = 604928 bytes | Modified Date = 11/22/2006 6:34:36 PM | Attr = ]
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\cmdide.sys -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 8/17/2001 2:51:54 PM | Attr = ]
(cur_bus) Curitel USB Composite Device driver (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\cur_bus.sys -> MCCI [Ver = V4.38 | Size = 66672 bytes | Modified Date = 7/19/2006 9:59:14 AM | Attr = ]
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\dac2w2k.sys -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 8/17/2001 2:52:16 PM | Attr = ]
(DLABOIOM) DLABOIOM [File_System | Auto | Running] -> %SystemRoot%\System32\DLA\DLABOIOM.SYS -> Sonic Solutions [Ver = 5.20.08a | Size = 25628 bytes | Modified Date = 9/8/2005 6:20:00 AM | Attr = ]
(DLACDBHM) DLACDBHM [File_System | System | Running] -> %SystemRoot%\System32\Drivers\DLACDBHM.SYS -> Sonic Solutions [Ver = 5.20.01a | Size = 5628 bytes | Modified Date = 8/25/2005 1:16:52 PM | Attr = ]
(DLADResN) DLADResN [File_System | Auto | Running] -> %SystemRoot%\System32\DLA\DLADResN.SYS -> Sonic Solutions [Ver = 5.20.08a | Size = 2496 bytes | Modified Date = 9/8/2005 6:20:00 AM | Attr = ]
(DLAIFS_M) DLAIFS_M [File_System | Auto | Running] -> %SystemRoot%\System32\DLA\DLAIFS_M.SYS -> Sonic Solutions [Ver = 5.20.08a | Size = 86524 bytes | Modified Date = 9/8/2005 6:20:00 AM | Attr = ]
(DLAOPIOM) DLAOPIOM [File_System | Auto | Running] -> %SystemRoot%\System32\DLA\DLAOPIOM.SYS -> Sonic Solutions [Ver = 5.20.08a | Size = 14684 bytes | Modified Date = 9/8/2005 6:20:00 AM | Attr = ]
(DLAPoolM) DLAPoolM [File_System | Auto | Running] -> %SystemRoot%\System32\DLA\DLAPoolM.SYS -> Sonic Solutions [Ver = 5.20.08a | Size = 6364 bytes | Modified Date = 9/8/2005 6:20:00 AM | Attr = ]
(DLARTL_N) DLARTL_N [File_System | System | Running] -> %SystemRoot%\System32\Drivers\DLARTL_N.SYS -> Sonic Solutions [Ver = 5.20.01a | Size = 22684 bytes | Modified Date = 8/25/2005 1:16:16 PM | Attr = ]
(DLAUDFAM) DLAUDFAM [File_System | Auto | Running] -> %SystemRoot%\System32\DLA\DLAUDFAM.SYS -> Sonic Solutions [Ver = 5.20.08a | Size = 94332 bytes | Modified Date = 9/8/2005 6:20:00 AM | Attr = ]
(DLAUDF_M) DLAUDF_M [File_System | Auto | Running] -> %SystemRoot%\System32\DLA\DLAUDF_M.SYS -> Sonic Solutions [Ver = 5.20.08a | Size = 87036 bytes | Modified Date = 9/8/2005 6:20:00 AM | Attr = ]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr = ]
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr = ]
(dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr = ]
(DRVMCDB) DRVMCDB [Kernel | Boot | Running] -> %SystemRoot%\System32\Drivers\DRVMCDB.SYS -> Sonic Solutions [Ver = 3.30.04a | Size = 89264 bytes | Modified Date = 9/12/2005 4:30:00 AM | Attr = ]
(DRVNDDM) DRVNDDM [File_System | Auto | Running] -> %SystemRoot%\System32\Drivers\DRVNDDM.SYS -> Sonic Solutions [Ver = 5.20.00a | Size = 40544 bytes | Modified Date = 8/12/2005 6:20:00 AM | Attr = ]
(DSproct) DSproct [Kernel | On_Demand | Stopped] -> %ProgramFiles%\Dell Support\GTAction\triggers\DSproct.sys -> GTek Technologies Ltd. [Ver = 1, 0, 0, 28 | Size = 4864 bytes | Modified Date = 1/10/2006 12:07:58 PM | Attr = ]
(E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\e100b325.sys -> Intel Corporation [Ver = 5.41.22.0000 built by: WinDDK | Size = 117760 bytes | Modified Date = 8/17/2001 1:12:10 PM | Attr = ]
(eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\eeCtrl.sys -> Symantec Corporation [Ver = 107.4.1.2 | Size = 385072 bytes | Modified Date = 1/22/2008 5:00:00 AM | Attr = ]
(EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -> Symantec Corporation [Ver = 107.4.1.2 | Size = 109616 bytes | Modified Date = 1/18/2008 5:00:00 AM | Attr = ]
(GTKCMOS) GTKCMOS [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\GTKCMOS.sys -> Gteko Ltd. [Ver = 1, 0, 0, 6 | Size = 7882 bytes | Modified Date = 6/15/2004 3:55:56 PM | Attr = ]
(guardian2) guardian2 [Kernel | On_Demand | Running] -> %SystemRoot%\System32\Drivers\oz776.sys -> O2Micro [Ver = 1.1.3.6 (+EMV1.3.7.3) | Size = 61312 bytes | Modified Date = 1/28/2007 3:23:36 PM | Attr = ]
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\HDAudBus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.00.5011 built by: WinDDK | Size = 137728 bytes | Modified Date = 8/12/2004 6:45:54 PM | Attr = ]
(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\HPZid412.sys -> HP [Ver = 10, 1, 0, 2 | Size = 49664 bytes | Modified Date = 10/27/2005 8:24:28 PM | Attr = ]
(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\HPZipr12.sys -> HP [Ver = 10, 1, 0, 2 | Size = 16496 bytes | Modified Date = 10/27/2005 8:24:29 PM | Attr = ]
(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\HPZius12.sys -> HP [Ver = 10, 1, 0, 2 | Size = 21568 bytes | Modified Date = 10/27/2005 8:24:30 PM | Attr = ]
(HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\HSX_DPV.sys -> Conexant Systems, Inc. [Ver = 7.38.00 built by: WinDDK | Size = 936960 bytes | Modified Date = 12/1/2005 1:40:56 AM | Attr = ]
(HSXHWAZL) HSXHWAZL [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\HSXHWAZL.sys -> Conexant Systems, Inc. [Ver = 7.38.00 built by: WinDDK | Size = 192512 bytes | Modified Date = 12/1/2005 1:40:12 AM | Attr = ]
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\System32\DRIVERS\mdmxsdk.sys -> Conexant [Ver = 1.0.2.010 | Size = 12544 bytes | Modified Date = 10/4/2005 10:57:08 PM | Attr = ]
(MPRIFL) MPRIFL [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\MPRIFL.SYS -> FSPro Labs [Ver = 2.9.0.193 built by: WinDDK | Size = 17264 bytes | Modified Date = 12/13/2007 8:13:02 PM | Attr = ]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\mraid35x.sys -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 8/17/2001 2:52:12 PM | Attr = ]
(MRENDIS5) MRENDIS5 NDIS Protocol Driver [Kernel | On_Demand | Running] -> %SystemDrive%\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -> Motive, Inc. [Ver = 503.1658.0 | Size = 18003 bytes | Modified Date = 11/22/2004 7:36:39 PM | Attr = ]
(NAVENG) NAVENG [Kernel | On_Demand | Running] -> %SystemDrive%\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080704.003\naveng.sys -> Symantec Corporation [Ver = 20081.1.1.13 | Size = 89936 bytes | Modified Date = 6/18/2008 4:00:00 AM | Attr = ]
(NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> %SystemDrive%\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080704.003\navex15.sys -> Symantec Corporation [Ver = 20081.1.1.13 | Size = 856336 bytes | Modified Date = 6/18/2008 4:00:00 AM | Attr = ]
(ndiscm) Motorola SURFboard USB Cable Modem Windows Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\NetMotCM.sys -> Motorola Inc. [Ver = 2.4.5.0 | Size = 15360 bytes | Modified Date = 6/16/2007 2:30:20 PM | Attr = ]
(nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.8313 | Size = 3595296 bytes | Modified Date = 1/19/2006 9:14:00 AM | Attr = ]
(PAC207) Basic Webcam [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\PFC027.SYS -> PixArt Imaging Inc. [Ver = 1, 0, 4, 3 | Size = 506112 bytes | Modified Date = 11/20/2006 8:48:40 AM | Attr = ]
(PBADRV) PBADRV [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pbadrv.sys -> Dell Inc [Ver = 1, 0, 0, 0 | Size = 18816 bytes | Modified Date = 12/9/2005 4:35:00 PM | Attr = ]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr = ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\System32\Drivers\PxHelp20.sys -> Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Modified Date = 8/15/2007 6:33:10 PM | Attr = ]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\ql1080.sys -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 8/17/2001 2:52:20 PM | Attr = ]
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\ql12160.sys -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 8/17/2001 2:52:20 PM | Attr = ]
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\ql1280.sys -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 8/17/2001 2:52:18 PM | Attr = ]
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASDIFSV.SYS -> SUPERAdBlocker.com and SUPERAntiSpyware.com [Ver = 1, 0, 0, 1010 | Size = 8944 bytes | Modified Date = 5/28/2008 10:33:36 AM | Attr = ]
(SASENUM) SASENUM [Kernel | On_Demand | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SUPERAdBlocker.com and SUPERAntiSpyware.com [Ver = 1, 0, 0, 1004 | Size = 7408 bytes | Modified Date = 5/28/2008 10:33:38 AM | Attr = R ]
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.sys -> SUPERAdBlocker.com and SUPERAntiSpyware.com [Ver = 1, 0, 0, 1062 | Size = 55024 bytes | Modified Date = 5/28/2008 10:33:36 AM | Attr = ]
(SAVRT) SAVRT [Kernel | System | Running] -> %ProgramFiles%\Symantec AntiVirus\savrt.sys -> Symantec Corporation [Ver = 9.7.2.3 | Size = 337592 bytes | Modified Date = 9/6/2006 2:41:20 PM | Attr = ]
(SAVRTPEL) SAVRTPEL [Kernel | System | Running] -> %ProgramFiles%\Symantec AntiVirus\Savrtpel.sys -> Symantec Corporation [Ver = 9.7.2.3 | Size = 54968 bytes | Modified Date = 9/6/2006 2:41:20 PM | Attr = ]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 6:25:53 AM | Attr = ]
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\sisagp.sys -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 8/4/2004 12:07:44 AM | Attr = ]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 8/17/2001 3:07:44 PM | Attr = ]
(SPBBCDrv) SPBBCDrv [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCDrv.sys -> Symantec Corporation [Ver = 2.2.0.7 | Size = 389776 bytes | Modified Date = 4/11/2006 5:13:34 PM | Attr = ]
(STHDA) SigmaTel High Definition Audio CODEC [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\sthda.sys -> SigmaTel, Inc. [Ver = 5.10.4995.1 nd446 cp1 | Size = 1156648 bytes | Modified Date = 3/24/2006 5:34:30 PM | Attr = ]
(symc810) symc810 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\symc810.sys -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 8/17/2001 3:07:34 PM | Attr = ]
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\symc8xx.sys -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 8/17/2001 3:07:36 PM | Attr = ]
(SymEvent) SymEvent [Kernel | On_Demand | Running] -> %ProgramFiles%\Symantec\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.1.2.1 | Size = 109744 bytes | Modified Date = 9/18/2006 5:55:28 PM | Attr = ]
(SYMREDRV) SYMREDRV [Kernel | On_Demand | Running] -> %SystemRoot%\System32\Drivers\SYMREDRV.SYS -> Symantec Corporation [Ver = 6.0.4.402 | Size = 24768 bytes | Modified Date = 8/7/2006 4:02:22 PM | Attr = ]
(SYMTDI) SYMTDI [Kernel | System | Running] -> %SystemRoot%\System32\Drivers\SYMTDI.SYS -> Symantec Corporation [Ver = 6.0.4.402 | Size = 195776 bytes | Modified Date = 8/7/2006 4:02:26 PM | Attr = ]
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\sym_hi.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 8/17/2001 3:07:40 PM | Attr = ]
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\sym_u3.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 8/17/2001 3:07:42 PM | Attr = ]
(ultra) ultra [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\ultra.sys -> Promise Technology, Inc. [Ver = 1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 8/17/2001 2:52:22 PM | Attr = ]
(winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\HSX_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.38.00 built by: WinDDK | Size = 669696 bytes | Modified Date = 12/1/2005 1:40:08 AM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
90190428 -> %SystemRoot%\system32\uwfqswdd.dll [rundll32.exe "C:\WINDOWS\system32\uwfqswdd.dll",b] -> [Ver = | Size = 88576 bytes | Modified Date = 7/8/2008 7:09:27 AM | Attr = ]
accrdsub -> %ProgramFiles%\ActivIdentity\ActivClient\accrdsub ["C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"] -> File not found
Acrobat Assistant 8.0 -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\Acrotray ["C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"] -> File not found
Apoint -> %ProgramFiles%\Apoint\Apoint [C:\Program Files\Apoint\Apoint.exe] -> File not found
BellSouthWCC_McciTrayApp -> %ProgramFiles%\BellSouthWCC\McciTrayApp [C:\Program Files\BellSouthWCC\McciTrayApp.exe] -> File not found
Broadcom Wireless Manager UI -> %SystemRoot%\system32\WLTRAY [C:\WINDOWS\system32\WLTRAY.exe] -> File not found
ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp ["C:\Program Files\Common Files\Symantec Shared\ccApp.exe"] -> File not found
DLA -> %SystemRoot%\system32\DLA\DLACTRLW [C:\WINDOWS\System32\DLA\DLACTRLW.EXE] -> File not found
Document Manager -> %ProgramFiles%\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr [C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe] -> File not found
DVDLauncher -> %ProgramFiles%\CyberLink\PowerDVD\DVDLauncher ["C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"] -> File not found
flockbox -> %ProgramFiles%\My Lockbox\flockbox [C:\Program Files\My Lockbox\flockbox.exe /a] -> File not found
HP Software Update -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2 [C:\Program Files\HP\HP Software Update\HPWuSchd2.exe] -> File not found
ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM [C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup] -> File not found
ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch ["C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start] -> File not found
KernelFaultCheck -> [%systemroot%\system32\dumprep 0 -k] -> File not found
Monitor -> %SystemRoot%\PixArt\PAC207\Monitor [C:\WINDOWS\PixArt\PAC207\Monitor.exe] -> File not found
NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.8313 | Size = 7401472 bytes | Modified Date = 1/19/2006 9:14:00 AM | Attr = ]
NVHotkey -> %SystemRoot%\system32\nvhotkey.dll [rundll32.exe nvHotkey.dll,Start] -> NVIDIA Corporation [Ver = 6.14.10.8313 | Size = 73728 bytes | Modified Date = 1/19/2006 9:14:00 AM | Attr = ]
nwiz -> %SystemRoot%\system32\nwiz [nwiz.exe /installquiet] -> File not found
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> File not found
SigmatelSysTrayApp -> %SystemRoot%\stsystra [stsystra.exe] -> File not found
SpyHunter Security Suite -> %ProgramFiles%\Enigma Software Group\SpyHunter\SpyHunter3 [C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe] -> File not found
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_06\bin\jusched ["C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"] -> File not found
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot] -> File not found
vptray -> %ProgramFiles%\Symantec AntiVirus\VPTray [C:\PROGRA~1\SYMANT~1\VPTray.exe] -> File not found
Zune Launcher -> %ProgramFiles%\Zune\ZuneLauncher ["c:\Program Files\Zune\ZuneLauncher.exe"] -> File not found
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
ctfmon.exe -> %SystemRoot%\system32\ctfmon [C:\WINDOWS\system32\ctfmon.exe] -> File not found
ModemOnHold -> %ProgramFiles%\NetWaiting\netwaiting [C:\Program Files\NetWaiting\netWaiting.exe] -> File not found
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> File not found
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup ->
-> %UserProfile%\Start Menu\Programs\Startup\desktop -> File not found
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersProfile%\Start Menu\Programs\Startup\ActivClient Agent.lnk -> %ProgramFiles%\ActivIdentity\ActivClient\acsagent -> File not found
-> %AllUsersProfile%\Start Menu\Programs\Startup\desktop -> File not found
%AllUsersProfile%\Start Menu\Programs\Startup\Digital Line Detect.lnk -> %ProgramFiles%\Digital Line Detect\DLG -> File not found
%AllUsersProfile%\Start Menu\Programs\Startup\EMBASSY Trust Suite Secure Update.lnk -> %ProgramFiles%\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate -> File not found
%AllUsersProfile%\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08 -> File not found
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
wxvault.dll -> %SystemRoot%\system32\wxvault.dll -> [Ver = 05.03.00.017 | Size = 286720 bytes | Modified Date = 9/8/2006 9:32:02 AM | Attr = ]
*MultiFile Done* -> ->
< IFEO [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ ->
Your Image File Name Here without a path -> %SystemRoot%\system32\ntsd [Debugger] -> File not found
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1012 | Size = 77824 bytes | Modified Date = 5/13/2008 10:13:36 AM | Attr = ]
< SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler ->
{d1577581-2ed7-469f-99b1-72c1339e0ee0} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [doctordom] -> File not found
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> %SystemRoot%\explorer -> File not found
*MultiFile Done* -> ->
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit -> File not found
*MultiFile Done* -> ->
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost ->
logonui.exe -> %SystemRoot%\system32\logonui -> File not found
*MultiFile Done* -> ->
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8460288 bytes | Modified Date = 10/25/2007 11:34:01 PM | Attr = ]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm -> File not found
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 4/19/2007 1:41:36 PM | Attr = ]
ackpbsc -> %SystemRoot%\system32\ackpbsc.dll -> ActivIdentity [Ver = 3,0,0,16 | Size = 101888 bytes | Modified Date = 1/30/2007 8:57:50 AM | Attr = ]
acunlock -> %ProgramFiles%\ActivIdentity\ActivClient\acunlock.dll -> ActivIdentity [Ver = 6,0,0,33 | Size = 260096 bytes | Modified Date = 1/30/2007 2:57:46 PM | Attr = ]
NavLogon -> %SystemRoot%\system32\NavLogon.dll -> Symantec Corporation [Ver = 10.1.5.5000 | Size = 43760 bytes | Modified Date = 9/27/2006 8:33:54 PM | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVe
  • 0

Advertisements

#2
Mike
Posted 09 July 2008 - 09:00 AM

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi there,

Please go here to install the recovery console and for a guide on using combofix.
Please note: Installing the Recovery Console plays a vital part in making this process of cleaning your computer safe, don't overlook this!

Now please download combofix from here or here. It is important that you save this file to your desktop.

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a Hijack This log in your next reply.

A quick heads up, if you click on combofix's window when it's running, you may cause it to stall.
  • 0

#3
SATCOMguy
Posted 09 July 2008 - 11:54 AM

SATCOMguy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:53, on 7/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ActivIdentity\ActivClient\acachsrv.exe
C:\Program Files\ActivIdentity\ActivClient\acautoup.exe
C:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\BellSouthWCC\McciTrayApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Program Files\My Lockbox\flockbox.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070522
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [BellSouthWCC_McciTrayApp] C:\Program Files\BellSouthWCC\McciTrayApp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [flockbox] C:\Program Files\My Lockbox\flockbox.exe /a
O4 - HKLM\..\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: ActivClient Agent.lnk = C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.h...llMgr_v01_6.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://portal.unlau...emote/msrdp.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.co...ploader_v10.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ackpbsc - C:\WINDOWS\system32\ackpbsc.dll
O20 - Winlogon Notify: acunlock - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll
O23 - Service: ActivClient Authentication Service (acachsrv) - ActivIdentity - C:\Program Files\ActivIdentity\ActivClient\acachsrv.exe
O23 - Service: ActivClient Auto-Update Service (acautoup) - ActivIdentity - C:\Program Files\ActivIdentity\ActivClient\acautoup.exe
O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - C:\Program Files\ActivIdentity\ActivClient\accoca.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 12919 bytes

Combo Log:
ComboFix 08-07-08.9 - Administrator 2008-07-09 13:39:07.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1331 [GMT -4:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
The following files were disabled during the run:
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\fdxbameg.dll
C:\WINDOWS\system32\bvynsaim.ini
C:\WINDOWS\system32\ddwsqfwu.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\oeminfo.ini
C:\WINDOWS\system32\uwfqswdd.dll
C:\WINDOWS\system32\yIOpWvut.ini
C:\WINDOWS\system32\yIOpWvut.ini2

.
((((((((((((((((((((((((( Files Created from 2008-06-09 to 2008-07-09 )))))))))))))))))))))))))))))))
.

2008-07-09 13:37 . 2008-07-09 13:37 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-09 01:24 . 2005-10-28 17:50 3,451 --a------ C:\delfiles.cmd
2008-07-09 00:53 . 2008-07-09 00:53 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-07-09 00:05 . 2008-07-09 00:05 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-07-09 00:05 . 2008-07-09 00:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-09 00:05 . 2008-07-09 00:05 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-07-09 00:04 . 2008-07-09 00:04 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-08 22:02 . 2008-07-08 22:02 <DIR> d-------- C:\WINDOWS\ERUNT
2008-07-08 21:48 . 2008-07-08 21:48 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\HP
2008-07-08 21:47 . 2008-07-08 21:47 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\TmpRecentIcons
2008-07-08 21:23 . 2008-07-09 01:24 177,048 --a------ C:\smitfrau.reg
2008-07-08 21:23 . 2006-05-27 19:03 16,824 --a------ C:\replace.cmd
2008-07-08 21:23 . 2008-07-09 01:24 2,916 --a------ C:\smitfra.reg
2008-07-08 20:22 . 2008-07-08 20:22 0 --a------ C:\WINDOWS\vpc32.INI
2008-07-08 09:06 . 2008-07-08 09:06 <DIR> d-------- C:\fsaua.data
2008-07-08 06:54 . 2008-07-08 06:54 <DIR> d-------- C:\Program Files\XoftSpySE
2008-07-07 23:18 . 2008-07-07 23:18 56,836 --a------ C:\WINDOWS\system32\msxml71.dll
2008-06-26 09:52 . 2008-06-26 09:53 <DIR> d-------- C:\Program Files\Paint.NET
2008-06-16 16:28 . 2008-06-26 08:21 5,860 --a------ C:\logfile
2008-06-16 16:11 . 2008-06-26 08:31 <DIR> d-------- C:\Program Files\Kodak
2008-06-16 16:09 . 2008-06-26 08:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kodak
2008-06-10 20:56 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 20:56 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-09 17:42 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-07-08 10:24 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-01 11:32 --------- d-----w C:\Program Files\Dell
2008-06-26 12:32 --------- d-----w C:\Program Files\NCH Swift Sound
2008-06-26 12:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-14 16:20 --------- d-----w C:\Program Files\Hewlett-Packard
2008-06-09 09:17 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-06-07 20:44 --------- d-----w C:\Program Files\Sony
2008-06-07 20:02 --------- d-----w C:\Program Files\Zune
2008-05-30 16:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\TomTom
2008-05-29 20:28 --------- d-----w C:\Program Files\Java
2008-05-14 17:29 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2008-05-14 17:29 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_zumbus_01007.Wdf
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-29 23:56 61,856 ----a-w C:\WINDOWS\system32\ZuneBusEnum.exe
2008-04-29 23:56 245,664 ----a-w C:\WINDOWS\system32\ZuneWlanCfgSvc.exe
2008-04-29 23:39 70,144 ----a-w C:\WINDOWS\system32\ZuneIpTransport.dll
2008-04-29 23:39 62,464 ----a-w C:\WINDOWS\system32\ZuneUsbTransport.dll
2008-04-29 23:39 35,328 ----a-w C:\WINDOWS\system32\ZuneUsbCOnnection.dll
2008-04-29 23:39 145,408 ----a-w C:\WINDOWS\system32\ZuneMTPZ.dll
2008-04-24 02:16 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:40 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-04-17 23:11 1,112,288 ----a-w C:\WINDOWS\system32\WdfCoInstaller01007.dll
2007-06-18 12:52 771 ----a-w C:\Program Files\INSTALL.LOG
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 03:24 20480]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 13:13 176128]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-01-19 09:14 7401472]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2006-11-22 18:35 1392640]
"Document Manager"="C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2006-09-08 09:32 102400]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 21:29 49152]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 06:20 122940]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50 81920]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 19:26 52896]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-09-27 20:33 125168]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 20:54 623992]
"BellSouthWCC_McciTrayApp"="C:\Program Files\BellSouthWCC\McciTrayApp.exe" [2005-11-17 14:19 543232]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"Monitor"="C:\WINDOWS\PixArt\PAC207\Monitor.exe" [2006-11-03 11:01 319488]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-15 00:43 286720]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-29 14:29 185896]
"flockbox"="C:\Program Files\My Lockbox\flockbox.exe" [2007-12-14 16:59 1071472]
"accrdsub"="C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" [2006-11-10 12:28 275968]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 14:03 36975]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2008-04-29 19:56 158624]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-06-19 16:48 851968]
"nwiz"="nwiz.exe" [2006-01-19 09:14 1519616 C:\WINDOWS\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2006-01-19 09:14 73728 C:\WINDOWS\system32\nvhotkey.dll]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 17:30 282624 C:\WINDOWS\stsystra.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
ActivClient Agent.lnk - C:\Program Files\ActivIdentity\ActivClient\acsagent.exe [2006-11-10 12:27:58 77312]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-05-22 13:59:09 24576]
EMBASSY Trust Suite Secure Update.lnk - C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [2006-08-25 10:45:30 192512]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 11:40:44 282624]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
2007-01-30 08:57 101888 C:\WINDOWS\system32\ackpbsc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
2007-01-30 14:57 260096 C:\Program Files\ActivIdentity\ActivClient\acunlock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wxvault.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.AP41"= APmpg4v1.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\WINDOWS\\system32\\spoolsv.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\WINWORD.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\EXCEL.EXE"=
"C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 MPRIFL;MPRIFL;C:\WINDOWS\system32\DRIVERS\MPRIFL.SYS [2007-12-13 20:13]
R0 PBADRV;PBADRV;C:\WINDOWS\system32\drivers\pbadrv.sys [2005-12-09 16:35]
R2 acachsrv;ActivClient Authentication Service;C:\Program Files\ActivIdentity\ActivClient\acachsrv.exe [2006-11-10 12:29]
R2 acautoup;ActivClient Auto-Update Service;C:\Program Files\ActivIdentity\ActivClient\acautoup.exe [2006-11-10 12:29]
R2 accoca;ActivClient Middleware Service;C:\Program Files\ActivIdentity\ActivClient\accoca.exe [2006-11-10 12:29]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 17:38]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-04-29 19:39]
R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2008-04-29 19:56]
S2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2006-04-14 11:07]
S3 cur_bus;Curitel USB Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\cur_bus.sys [2006-07-19 09:59]
S3 GTKCMOS;GTKCMOS;C:\WINDOWS\system32\GTKCMOS.sys [2004-06-15 15:55]
S3 PAC207;Basic Webcam;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2006-11-20 08:48]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-04-29 19:56]

.
Contents of the 'Scheduled Tasks' folder
"2008-07-09 17:43:29 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-07-08 10:54:30 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
- - - - ORPHANS REMOVED - - - -

BHO-{58472BC6-BEA3-42d4-8917-7A8BCB0711B5} - C:\Program Files\ASC 2.1\ASCWarning32.dll
Toolbar-{C46F137F-2C2A-4714-AA14-323137F882AE} - C:\Program Files\Web Technologies\iebr.dll
HKLM-Run-90190428 - C:\WINDOWS\system32\uwfqswdd.dll
SharedTaskScheduler-{d1577581-2ed7-469f-99b1-72c1339e0ee0} - (no file)


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-09 13:44:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\WINDOWS\system32\scardsvr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Apoint\hidfind.exe
C:\Program Files\Apoint\ApntEx.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\HPZinw12.exe
.
**************************************************************************
.
Completion time: 2008-07-09 13:52:20 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-09 17:52:15

Pre-Run: 26,241,859,584 bytes free
Post-Run: 26,130,718,720 bytes free

225 --- E O F --- 2008-06-21 07:01:20
  • 0

#4
SATCOMguy
Posted 09 July 2008 - 11:56 AM

SATCOMguy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
I followed the instructions for installing the console recovery, I guess I'll have to try again.
  • 0

#5
Mike
Posted 09 July 2008 - 12:34 PM

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi there you have both SpyHunter and XoftSpySE installed on your computer, both of these used to be considered rouge programs,
although they have since been taken off that list I would recommend you uninstall them. If you decide to please tell me and I will get rid of any entries related to them.

You also have viewpoint installed, while it is considered foistware at the moment, it has been heading torwards being catagorized as malware, I would recommend you uninstall that as well.

Castlecops seems interested in this file, so let's get a sample.


Please go to Uploadmalware to upload a suspicious file for analysis.
  • Enter your username from this forum
  • Copy and paste the link to this thread
  • Browse for this filename: C:\WINDOWS\system32\msxml71.dll
  • In the comments, please mention that I asked you to upload this file
  • Click on Send File
You may need to show hidden files, which you can do by following the instructions found here.


Now,


I would like you to install the Recovery Console.
The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware. If you use Windows XP and have a Windows CD, you will not need to do this step.

Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System.

Posted Image

Download the file & save it as it's originally named, next to ComboFix.exe.

Posted Image

Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. Click no when it asks you to run Combofix.

After you have done this proceed with the next steps.

Then,


Please click Start then Run, in the window appears type in Notepad.exe.
Highlight the entire content of the codebox below. Copy (Control + C) and Paste (Control + V) the content into the notepad window:
File::
C:\delfiles.cmd
C:\smitfrau.reg
C:\replace.cmd
C:\smitfra.reg
C:\WINDOWS\vpc32.INI
C:\WINDOWS\system32\msxml71.dll

Folder::
C:\fsaua.data
Now in Notepad, go to File and in the menu that drops down click on Save As...
Save the file as CFScript.txt

Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
Posted Image

After that please reboot your computer if it asks you to and post ComboFix.txt (the report the ComboFix will generate) in your next reply.

And,

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Post back with the logs please.
  • 0

#6
SATCOMguy
Posted 09 July 2008 - 01:25 PM

SATCOMguy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Malwarebytes:
Malwarebytes' Anti-Malware 1.20
Database version: 935
Windows 5.1.2600 Service Pack 2

3:23:32 PM 7/9/2008
mbam-log-7-9-2008 (15-23-32).txt

Scan type: Quick Scan
Objects scanned: 42407
Time elapsed: 5 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ascwarning32.warningbho (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ascwarning32.warningbho.1 (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\asc 2.1 (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sqvgnrpx.bwxt (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sqvgnrpx.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Web Technologies (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Resources\AlrtSetup.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\A\My Documents\My Music\My Music.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\A\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\A\My Documents\My Videos\My Video.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\A\My Documents\My Documents.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\A\Favorites\Antivirus Scan.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Antivirus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Online Spyware Test.url (Trojan.Zlob) -> Quarantined and deleted successfully.

Combofix:
ComboFix 08-07-08.9 - A 2008-07-09 15:11:27.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1264 [GMT -4:00]
Running from: C:\Documents and Settings\A\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\A\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\delfiles.cmd
C:\replace.cmd
C:\smitfra.reg
C:\smitfrau.reg
C:\WINDOWS\system32\msxml71.dll
C:\WINDOWS\vpc32.INI
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\fsaua.data
C:\WINDOWS\system32\msxml71.dll
C:\WINDOWS\vpc32.INI

.
((((((((((((((((((((((((( Files Created from 2008-06-09 to 2008-07-09 )))))))))))))))))))))))))))))))
.

2008-07-09 13:37 . 2008-07-09 13:37 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-09 00:53 . 2008-07-09 00:53 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-07-09 00:05 . 2008-07-09 14:59 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-07-09 00:05 . 2008-07-09 00:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-09 00:05 . 2008-07-09 00:05 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-07-08 22:02 . 2008-07-08 22:02 <DIR> d-------- C:\WINDOWS\ERUNT
2008-07-08 21:48 . 2008-07-08 21:48 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\HP
2008-07-08 21:47 . 2008-07-08 21:47 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\TmpRecentIcons
2008-07-08 12:59 . 2008-07-08 12:59 <DIR> d-------- C:\Documents and Settings\A\smitremII
2008-06-26 09:52 . 2008-06-26 09:53 <DIR> d-------- C:\Program Files\Paint.NET
2008-06-16 16:28 . 2008-06-26 08:21 5,860 --a------ C:\logfile
2008-06-16 16:11 . 2008-06-26 08:31 <DIR> d-------- C:\Program Files\Kodak
2008-06-16 16:09 . 2008-06-26 08:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kodak
2008-06-10 20:56 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 20:56 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-09 18:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-07-09 18:32 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-07-08 10:24 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-01 11:32 --------- d-----w C:\Program Files\Dell
2008-06-26 12:32 --------- d-----w C:\Program Files\NCH Swift Sound
2008-06-26 12:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-14 16:20 --------- d-----w C:\Program Files\Hewlett-Packard
2008-06-09 09:17 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-06-07 20:44 --------- d-----w C:\Program Files\Sony
2008-06-07 20:02 --------- d-----w C:\Program Files\Zune
2008-05-30 16:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\TomTom
2008-05-29 20:28 --------- d-----w C:\Program Files\Java
2008-05-14 17:29 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2008-05-14 17:29 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_zumbus_01007.Wdf
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-29 23:56 61,856 ----a-w C:\WINDOWS\system32\ZuneBusEnum.exe
2008-04-29 23:56 245,664 ----a-w C:\WINDOWS\system32\ZuneWlanCfgSvc.exe
2008-04-29 23:39 70,144 ----a-w C:\WINDOWS\system32\ZuneIpTransport.dll
2008-04-29 23:39 62,464 ----a-w C:\WINDOWS\system32\ZuneUsbTransport.dll
2008-04-29 23:39 35,328 ----a-w C:\WINDOWS\system32\ZuneUsbCOnnection.dll
2008-04-29 23:39 145,408 ----a-w C:\WINDOWS\system32\ZuneMTPZ.dll
2008-04-24 02:16 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:40 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-04-17 23:11 1,112,288 ----a-w C:\WINDOWS\system32\WdfCoInstaller01007.dll
2007-06-18 12:52 771 ----a-w C:\Program Files\INSTALL.LOG
.

((((((((((((((((((((((((((((( snapshot@2008-07-09_13.52.01.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-09 17:43:04 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-09 18:30:51 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-05-14 18:37 964608]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 13:13 176128]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-01-19 09:14 7401472]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2006-11-22 18:35 1392640]
"Document Manager"="C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2006-09-08 09:32 102400]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 21:29 49152]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 06:20 122940]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50 81920]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 19:26 52896]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-09-27 20:33 125168]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 20:54 623992]
"BellSouthWCC_McciTrayApp"="C:\Program Files\BellSouthWCC\McciTrayApp.exe" [2005-11-17 14:19 543232]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"Monitor"="C:\WINDOWS\PixArt\PAC207\Monitor.exe" [2006-11-03 11:01 319488]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-15 00:43 286720]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-29 14:29 185896]
"flockbox"="C:\Program Files\My Lockbox\flockbox.exe" [2007-12-14 16:59 1071472]
"accrdsub"="C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" [2006-11-10 12:28 275968]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 14:03 36975]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2008-04-29 19:56 158624]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-06-19 16:48 851968]
"nwiz"="nwiz.exe" [2006-01-19 09:14 1519616 C:\WINDOWS\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2006-01-19 09:14 73728 C:\WINDOWS\system32\nvhotkey.dll]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 17:30 282624 C:\WINDOWS\stsystra.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
ActivClient Agent.lnk - C:\Program Files\ActivIdentity\ActivClient\acsagent.exe [2006-11-10 12:27:58 77312]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-05-22 13:59:09 24576]
EMBASSY Trust Suite Secure Update.lnk - C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [2006-08-25 10:45:30 192512]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 11:40:44 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
2007-01-30 08:57 101888 C:\WINDOWS\system32\ackpbsc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
2007-01-30 14:57 260096 C:\Program Files\ActivIdentity\ActivClient\acunlock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wxvault.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.AP41"= APmpg4v1.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\WINDOWS\\system32\\spoolsv.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\WINWORD.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\EXCEL.EXE"=
"C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 MPRIFL;MPRIFL;C:\WINDOWS\system32\DRIVERS\MPRIFL.SYS [2007-12-13 20:13]
R0 PBADRV;PBADRV;C:\WINDOWS\system32\drivers\pbadrv.sys [2005-12-09 16:35]
R2 acachsrv;ActivClient Authentication Service;C:\Program Files\ActivIdentity\ActivClient\acachsrv.exe [2006-11-10 12:29]
R2 acautoup;ActivClient Auto-Update Service;C:\Program Files\ActivIdentity\ActivClient\acautoup.exe [2006-11-10 12:29]
R2 accoca;ActivClient Middleware Service;C:\Program Files\ActivIdentity\ActivClient\accoca.exe [2006-11-10 12:29]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-04-29 19:39]
R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2008-04-29 19:56]
S2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2006-04-14 11:07]
S3 cur_bus;Curitel USB Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\cur_bus.sys [2006-07-19 09:59]
S3 GTKCMOS;GTKCMOS;C:\WINDOWS\system32\GTKCMOS.sys [2004-06-15 15:55]
S3 PAC207;Basic Webcam;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2006-11-20 08:48]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-04-29 19:56]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{257ee79e-8640-11dc-9b80-001bdd053afa}]
\Shell\AutoRun\command - E:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{984a60c3-6a20-11dc-9b6f-00197e6835d4}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e6eaad8-4f5f-11dc-9b61-0019b966629a}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{afdfe1ed-2391-11dc-9b44-00197e6835d4}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
*Newly Created Service* - OSE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-09 15:13:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\detoured.dll
-> C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
-> C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\detoured.dll
-> C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
.
Completion time: 2008-07-09 15:15:05
ComboFix-quarantined-files.txt 2008-07-09 19:14:30
ComboFix2.txt 2008-07-09 18:41:36
ComboFix3.txt 2008-07-09 17:52:21

Pre-Run: 25,962,348,544 bytes free
Post-Run: 25,944,678,400 bytes free

199 --- E O F --- 2008-06-21 07:01:20
  • 0

#7
Mike
Posted 10 July 2008 - 03:20 AM

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
What did you decide to do with viewpoint? remove it?

If so delete these folders please.
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\program files\viewpoint


Please open Notepad by going to Start > Run and typing Notepad.exe in the window that pops up. Press enter and in the notepad window that appears Copy (Ctrl+C) and Paste (Ctrl+P) the following:

REGEDIT4

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{257ee79e-8640-11dc-9b80-001bdd053afa}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{984a60c3-6a20-11dc-9b6f-00197e6835d4}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e6eaad8-4f5f-11dc-9b61-0019b966629a}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{afdfe1ed-2391-11dc-9b44-00197e6835d4}]

Note: it is important to copy this with the spacing left as it is, also make sure "REGEDIT4" is the first thing in Notepad (No spaces ahead or anything).

In Notepad click on the "File" menu > Save As... Under "File name" type Fix.reg and Change "Save as type" to All Files
Posted Image
Now double click Fix.reg. A pop-up will appear asking you if you want to import this to your registry click yes.

Now,

Download the latest version of Java Runtime Environment (JRE) 6 Update 7. Once done, uninstall any older versions of Java through add or remove programs.

Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

Post back with how everything went and the kaspersky log, how's your computer running now?

Edited by Mike, 10 July 2008 - 03:21 AM.

  • 0

#8
Mike
Posted 15 July 2008 - 03:39 AM

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP