Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help with Virtumonde.dll [RESOLVED]


  • This topic is locked This topic is locked

#1
reddiephreddie

reddiephreddie

    Member

  • Member
  • PipPip
  • 15 posts
Please help us. My husband's laptop got infected today. When he tries to do a google search he is redirected or is told server cannot be found. Spybot pulled up virtumonde.dll but we couldnt get rid of it. He cannot go online so we are doing everthing from my computer through his flash drive.

here are hjt and deckard scans:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:25:48 PM, on 8/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
c:\windows\system32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\MICROS~3\wcescomm.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.savannahriverbaptist.org/
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [LifeCam] "c:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [f41ccc41] rundll32.exe "C:\WINDOWS\system32\uyudspxc.dll",b
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - Startup: Microsoft Office Groove.lnk = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinn...rabblecubes.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {54D53429-945C-4188-B460-C81356541882} (SaveImageFiles Class) - http://photosmart.hp...sLocalPrint.CAB
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.w...ler/install.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.co...zylomplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.co...aploader_v5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CBF7D055-5ACD-4F44-9225-124503B64169}: NameServer = 208.67.222.222
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) -

Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9925 bytes


Deckard's System Scanner v20071014.68
Run by Steve Scudder on 2008-08-11 22:00:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; unknown error code 0x0000001F


-- Last 5 Restore Point(s) --
62: 2008-08-11 22:40:28 UTC - RP289 - Last known good configuration
61: 2008-08-11 22:39:56 UTC - RP288 - System Checkpoint
60: 2008-08-11 22:39:55 UTC - RP287 - System Checkpoint
59: 2008-08-11 22:39:55 UTC - RP286 - System Checkpoint
58: 2008-08-11 22:39:54 UTC - RP285 - System Checkpoint


-- First Restore Point --
1: 2008-08-11 22:39:06 UTC - RP228 - Installed Java™ 6 Update 5


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-08-11 22:02:24
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\searchindexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WLTRAY.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft ActiveSync\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.savannahriverbaptist.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {0A94B111-4504-4e26-AB05-E61E474AA38B} - (no file)
O2 - BHO: (no name) - {0FACEAEE-A039-4C2E-AA79-7B00AEE4CFB1} - C:\WINDOWS\system32\ddcbAsss.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: {ea0aa271-fac4-62ab-8264-7a390c637cad} - {dac736c0-93a7-4628-ba26-4caf172aa0ae} - C:\WINDOWS\system32\ohnjck.dll
O2 - BHO: (no name) - {E482A951-26ED-4898-A1EB-09A942D95A52} - C:\WINDOWS\system32\jkkKbYqR.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [LifeCam] "c:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [f41ccc41] rundll32.exe "C:\WINDOWS\system32\uyudspxc.dll",b
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - Startup: Microsoft Office Groove.lnk = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinn...rabblecubes.cab
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.micros...tes/ieawsdc.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} () - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.micr.../OGAControl.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {54D53429-945C-4188-B460-C81356541882} (SaveImageFiles Class) - http://photosmart.hp...sLocalPrint.CAB
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} () - http://mediaplayer.w...ler/install.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.ma...t/ultrashim.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.co...zylomplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.co...aploader_v5.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{CBF7D055-5ACD-4F44-9225-124503B64169}: NameServer = 208.67.222.222
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: jkkKbYqR - C:\WINDOWS\system32\jkkKbYqR.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\system32\WLTRYSVC.EXE


--
End of file - 12284 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>

S2 HPFECP12 - c:\windows\system32\drivers\hpfecp12.sys
S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing)
S3 usbbus (LGE CDMA Composite USB Device) - c:\windows\system32\drivers\lgusbbus.sys (file missing)
S3 UsbDiag (LGE CDMA USB Serial Port) - c:\windows\system32\drivers\lgusbdiag.sys (file missing)
S3 USBModem (LGE CDMA USB Modem) - c:\windows\system32\drivers\lgusbmodem.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Parallel Device
Device ID: ROOT\LEGACY_HPFECP12\0000
Manufacturer:
Name: Parallel Device
PNP Device ID: ROOT\LEGACY_HPFECP12\0000
Service: HPFECP12


-- Scheduled Tasks -------------------------------------------------------------

2008-08-01 07:04:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-07-11 and 2008-08-11 -----------------------------

2008-08-11 18:41:51 120960 --a------ C:\WINDOWS\system32\ohnjck.dll
2008-08-11 18:41:49 120960 --a------ C:\WINDOWS\system32\sqaskbld.dll
2008-08-11 18:41:21 98688 --a------ C:\WINDOWS\system32\uyudspxc.dll
2008-08-11 18:38:49 3429 --ahs---- C:\WINDOWS\system32\sssAbcdd.ini2
2008-08-11 18:38:35 323328 --a------ C:\WINDOWS\system32\ddcbAsss.dll
2008-08-11 18:33:16 34176 -----n--- C:\WINDOWS\system32\jkkKbYqR.dll
2008-08-11 18:29:17 385024 --a------ C:\WINDOWS\wnlmdakqlag.dll
2008-07-21 10:26:26 0 d-------- C:\Program Files\Apple Software Update
2008-07-15 13:56:59 0 d-------- C:\temp
2008-07-15 13:56:37 0 d-------- C:\Program Files\LG Electronics
2008-07-15 13:54:47 0 d-------- C:\WINDOWS\RegisteredPackages


-- Find3M Report ---------------------------------------------------------------

2008-08-11 21:51:04 0 d-------- C:\Documents and Settings\Steve Scudder\Application Data\Skype
2008-08-04 18:58:58 0 d-------- C:\Documents and Settings\Steve Scudder\Application Data\Yahoo!
2008-08-04 18:58:47 0 d-------- C:\Program Files\Yahoo!
2008-07-26 11:39:52 0 d-------- C:\Documents and Settings\Steve Scudder\Application Data\U3
2008-07-15 13:56:36 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-12 21:53:16 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-12 21:50:16 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-12 21:50:16 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-12 21:50:08 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-12 21:50:08 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-12 21:50:08 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-05-12 21:50:08 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-12 21:50:06 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-12 21:49:02 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0FACEAEE-A039-4C2E-AA79-7B00AEE4CFB1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dac736c0-93a7-4628-ba26-4caf172aa0ae}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E482A951-26ED-4898-A1EB-09A942D95A52}]
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce
HKEY_USERS\.default\software\microsoft\windows\currentversion\run
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [10/26/2006 8:24:54 PM]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2/5/2007 3:40:46 PM]
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer
HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer

Written by Bobbi Flekman 2006 ©
GeneralFlags REG_DWORD 0 (0x0)
RestoredStateInfo REG_BINARY 180000006a02000023000000a40000009a00000001000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [02/05/2007 03:39 PM 294400]
"{E482A951-26ED-4898-A1EB-09A942D95A52}"= C:\WINDOWS\system32\jkkKbYqR.dll [08/11/2008 06:33 PM 34176]

REGEDIT4
"AltDefaultDomainName"="SAVANNAH-97ADD7"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\GPExtensions]
"NoGPOListChanges"=dword:00000001
2c,41,70,70,6c,69,63,61,74,69,6f,6e,29,00,00
"ProcessGroupPolicy"="ProcessGroupPolicy"
"NoGPOListChanges"=dword:00000001
"NotifyLinkTransition"=dword:00000001
00
"RequiresSuccessfulRegistry"=dword:00000001
"MaxNoGPOListChangesInterval"=dword:000003c0
00
"RequiresSuccessfulRegistry"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001
74,61,6c,6c,65,72,2c,41,70,70,6c,69,63,61,74,69,6f,6e,29,00,00
"NoGPOListChanges"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Notify]
"Logoff"="ChainWlxLogoffEvent"
"Logoff"="CryptnetWlxLogoffEvent"
"Asynchronous"=dword:00000001
"Unlock"="WinlogonUnlockEvent"
"Logoff"="f"
"Asynchronous"=dword:00000001
"Logoff"="SchedEventLogOff"
"DllName"=hex(2):73,63,6c,67,6e,74,66,79,2e,64,6c,6c,00
"Asynchronous"=dword:00000001
"Disconnect"="TSEventDisconnect"
"EulaAccepted"=dword:00000001
8e,14,00,00,00,3d,72,70,c2,ac,d1,eb,db,3c,ac,1c,50,68,c8,82,68,ad,d9,b2,93
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\SpecialAccounts]
"VUSR_"=dword:00010000
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Credentials]
!d;s/.*t//;s/
[hkey.*/n
Asynchronous REG_DWORD 0 (0x0)
!d;s/.*t//;s/
[hkey.*/n
Asynchronous REG_DWORD 0 (0x0)
!d;s/.*t//;s/
[hkey.*/n
DLLName REG_SZ cscdll.dll
!d;s/.*t//;s/
[hkey.*/n
!d;s/.*t//;s/
[hkey.*/n
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkKbYqR
!d;s/.*t//;s/
[hkey.*/n
DLLName REG_SZ wlnotify.dll
!d;s/.*t//;s/
[hkey.*/n
Asynchronous REG_DWORD 0 (0x0)
!d;s/.*t//;s/
[hkey.*/n
Logoff REG_SZ WLEventLogoff
!d;s/.*t//;s/
[hkey.*/n
DLLName REG_SZ WlNotify.dll
!d;s/.*t//;s/
[hkey.*/n
Asynchronous REG_DWORD 0 (0x0)
!d;s/.*t//;s/
[hkey.*/n
Logon REG_SZ WLEventLogon
!d;s/.*t//;s/
[hkey.*/n
DLLName REG_SZ wlnotify.dll


SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows
!d;s/ /x22/;s/t.*t/x22=/;s/hkey_.*/[&]/;
appinit_dlls REG_SZ avgrsstx.dll

Written by Bobbi Flekman 2006 ©
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
ApplicationGoo REG_BINARY 140200001002000000020000900434000000560053005f00560045005200530049004f004e005f00
49004e0046004f0000000000bd04effe00000100000007000b000000000007000b0000003f0000000
20000000400010001000000000000000000000000000000440000000100560061007200460069006c
00650049006e0066006f00000000002400040000005400720061006e0073006c006100740069006f0
06e00000000000904e404f0030000010053007400720069006e006700460069006c00650049006e00
66006f000000cc03000001003000340030003900300034004500340000004a001900010043006f006
d006d0065006e007400730000004300720079007300740061006c002000530051004c002000440065
007300690067006e0065007200200037002e0030000000000088003400010043006f006d007000610
06e0079004e0061006d006500000000005300650061006700610074006500200053006f0066007400
7700610072006500200049006e0066006f0072006d006100740069006f006e0020004d0061006e006
100670065006d0065006e0074002000470072006f00750070002c00200049006e0063002e000000ae
00450001004c006500670061006c0043006f007000790072006900670068007400000043006f00700
07900720069006700680074002000280063002900200031003900390031002d003100390039001000
000000000000
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
DisableHeapLookAside REG_SZ 1
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
ApplicationGoo REG_BINARY 5409000054020000000200008c0334000000560053005f00560045005200530049004f004e005f00
49004e0046004f0000000000bd04effe000001000200a8112e0400000200a8112e0400003f0000002
00000000400000001000000000000000000000000000000ec020000010053007400720069006e0067
00460069006c00650049006e0066006f000000c802000001003000300030003000300034006200300
0000038001000010043006f006d006d0065006e007400730000004f007200690067006e0061006c00
2000560065007200730069006f006e00000042001100010043006f006d00700061006e0079004e006
1006d006500000000005300410050002000410047002c002000570061006c006c0064006f00720066
00000000005a0019000100460069006c0065004400650073006300720069007000740069006f006e0
0000000005300410050002000460072006f006e00740065006e006400200066006f00720020005700
69006e0064006f0077007300000000003c000e000100460069006c006500560065007200730069006
f006e000000000034003500320030002e0032002e0030002e00310030003700300000003200090001
0049006e007400650072006e0061006c004e0061006d0065000000460045005700460052004f004e0
05400000000007a002b0001004c006500670061006c0043006f007000790072006900670068000200
000000000000010000004c0000003cfd0600040000000000000065050000020000000300000000000
100530065007200760069006300650020005000610063006b00200033000000230054020000000200
008c0334000000560053005f00560045005200530049004f004e005f0049004e0046004f000000000
0bd04effe0000010003009e112604000003009e11260400003f000000200000000400000001000000
000000000000000000000000ec020000010053007400720069006e006700460069006c00650049006
e0066006f000000c8020000010030003000300030003000340062003000000038001000010043006f
006d006d0065006e007400730000004f007200690067006e0061006c0020005600650072007300690
06f006e00000042001100010043006f006d00700061006e0079004e0061006d006500000000005300
410050002000410047002c002000570061006c006c0064006f0072006600000000005a00190001004
60069006c0065004400650073006300720069007000740069006f006e000000000053004100500020
00460072006f006e00740065006e006400200066006f0072002000570069006e0064006f007700730
0000000003c000e000100460069006c006500560065007200730069006f006e000000000034003500
310030002e0033002e0030002e003100300036003200000032000900010049006e007400650072006
e0061006c004e0061006d0065000000460045005700460052004f004e005400000000007a002b0001
004c006500670061006c0043006f007000790072006900670068000200000000000000010000004c0
000003cfd060004000000000000006505000002000000030000000000010053006500720076006900
6300650020005000610063006b0020003300000023005402000000020000200334000000560053005
f00560045005200530049004f004e005f0049004e0046004f0000000000bd04effe00000100000004
00f003000000000400f00300003f00000000000000040001000100000000000000000000000000000
07e020000010053007400720069006e006700460069006c00650049006e0066006f0000005a020000
01003000340030003900300034004500340000002e000700010043006f006d00700061006e0079004
e0061006d00650000000000530041005000200041004700000000005a0019000100460069006c0065
004400650073006300720069007000740069006f006e00000000005300410050002000460072006f0
06e00740065006e006400200066006f0072002000570069006e0064006f0077007300000000003600
0b000100460069006c006500560065007200730069006f006e000000000034002e0030002e0030002
e003100300030003800000000002c000600010049006e007400650072006e0061006c004e0061006d
0065000000460052004f004e00540000005e001d0001004c006500670061006c0043006f007000790
072006900670068007400000043006f0070007900720069006700680074002000a900200031003900
390033002d0031003900390037002000530041005000200041004700000000002800000001004c006
500670061006c0054007200610064000200000000000000010000004c0000003cfd06000400000000
000000650500000200000003000000000001005300650072007600690063006500200050006100630
06b0020003300000023005402000000020000180334000000560053005f0056004500520053004900
4f004e005f0049004e0046004f0000000000bd04effe0000010000000400dd03000000000400dd030
0003f0000000000000004000100010000000000000000000000000000007802000001005300740072
0069006e006700460069006c00650049006e0066006f0000005402000001003000340030003900300
034004500340000002e000700010043006f006d00700061006e0079004e0061006d00650000000000
530041005000200041004700000000005a0019000100460069006c006500440065007300630072006
9007000740069006f006e00000000005300410050002000460072006f006e00740065006e00640020
0066006f0072002000570069006e0064006f00770073000000000034000a000100460069006c00650
0560065007200730069006f006e000000000034002e0030002e0030002e0039003800390000002c00
0600010049006e007400650072006e0061006c004e0061006d0065000000460052004f004e0054000
0005e001d0001004c006500670061006c0043006f007000790072006900670068007400000043006f
0070007900720069006700680074002000a900200031003900390033002d003100390039003700200
0530041005000200041004700000000002800000001004c006500670061006c005400720061006400
65006d000200000000000000010000004c0000003cfd0600040000000000000065050000020000000
300000000000100530065007200760069006300650020005000610063006b002000330000002300
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
ApplicationGoo REG_BINARY 5802000054020000000200006c0734000000560053005f00560045005200530049004f004e005f00
49004e0046004f0000000000bd04effe00000100050005000700a807050005000700a8073f0000000
00000000400040001000000000000000000000000000000cc060000010053007400720069006e0067
00460069006c00650049006e0066006f0000005403000001003000340030003900300034004200300
0000018000000010043006f006d006d0065006e007400730000004c001600010043006f006d007000
61006e0079004e0061006d006500000000004d006900630072006f0073006f0066007400200043006
f00720070006f0072006100740069006f006e000000680020000100460069006c0065004400650073
006300720069007000740069006f006e00000000004d006900630072006f0073006f0066007400200
0450078006300680061006e0067006500200053006500720076006500720020005300650074007500
7000000036000b000100460069006c006500560065007200730069006f006e000000000035002e003
5002e0031003900360030002e003700000000002c000600010049006e007400650072006e0061006c
004e0061006d00650000005300650074007500700000009c003c0001004c006500670061006c00430
06f007000790072006900670068007400000043006f00700079007200690067006800740020000200
000000000000010000004c0000003cfd0600050000000000000065050000020000000300000002000
000530065007200760069006300650020005000610063006b002000340000002300
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
ApplicationGoo REG_BINARY 580200005402000000020000440234000000560053005f00560045005200530049004f004e005f00
49004e0046004f0000000000bd04effe00000100010001000c000000010001000c000000000000000
00000000400000001000000000000000000000000000000440000000000560061007200460069006c
00650049006e0066006f00000000002400040000005400720061006e0073006c006100740069006f0
06e00000000000904b004a4010000010053007400720069006e006700460069006c00650049006e00
66006f00000080010000010030003400300039003000340042003000000040002000010043006f006
d00700061006e0079004e0061006d00650000000000440065004c006f0072006d00650020004d0061
007000700069006e0067000000440022000100500072006f0064007500630074004e0061006d00650
0000000005200650067002000280044004c0069006200620079005c006d0073006600290000000000
340014000100460069006c006500560065007200730069006f006e000000000031002e00300031002
e0030003000310032000000380014000100500072006f006400750063007400560065007200730069
006f006e00000031002e00300031002e003000300031003200000034001200010049006e007400650
072006e0061006c004e0061006d00650000004d004e00470052004500470033003200000000000200
000000000000010000004c0000003cfd0600040000000000000065050000020000000300000000000
100530065007200760069006300650020005000610063006b002000330000002300
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
GlobalFlag REG_SZ 0x00200000
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
GlobalFlag REG_SZ 0x00200000
DisableHeapLookAside REG_SZ 1
DisableHeapLookAside REG_SZ 1
ApplicationGoo REG_BINARY 140200001002000000020000b40234000000560053005f00560045005200530049004f004e005f00
49004e0046004f0000000000bd04effe00000100350007000000000035000700000000003f0000000
0000000040000000100000000000000000000000000000012020000010053007400720069006e0067
00460069006c00650049006e0066006f000000ee01000001003000340030003900300034006200300
0000042001100010043006f006d00700061006e0079004e0061006d00650000000000500065006f00
70006c00650053006f00660074002c00200049006e0063002e0000000000280000000100460069006
c0065004400650073006300720069007000740069006f006e00000000002a0005000100460069006c
006500560065007200730069006f006e000000000037002e0035003300000000009c003c0001004c0
06500670061006c0043006f007000790072006900670068007400000043006f007000790072006900
6700680074002000a900200031003900380038002d0031003900390038002000500065006f0070006
c00650053006f00660074002c00200049006e0063002e002000200041006c006c0020005200690067
0068007400730020005200650073006500720076006500640000003c000a0001004f0072006900670
069006e0061006c00460069006c0065006e0061006d00650000007000730064006d0074002e001000
000000000000
DisableHeapLookAside REG_SZ 1
DisableHeapLookAside REG_SZ 1
CheckAppHelp REG_DWORD 1 (0x1)
ApplicationGoo REG_BINARY 000700005402000000020000840734000000560053005f00560045005200530049004f004e005f00
49004e0046004f0000000000bd04effe00000100050005000700a807050005000700a8073f0000000
00000000400040001000000000000000000000000000000e4060000010053007400720069006e0067
00460069006c00650049006e0066006f0000006003000001003000340030003900300034004200300
0000018000000010043006f006d006d0065006e007400730000004c001600010043006f006d007000
61006e0079004e0061006d006500000000004d006900630072006f0073006f0066007400200043006
f00720070006f0072006100740069006f006e000000680020000100460069006c0065004400650073
006300720069007000740069006f006e00000000004d006900630072006f0073006f0066007400200
0450078006300680061006e0067006500200053006500720076006500720020005300650074007500
7000000036000b000100460069006c006500560065007200730069006f006e000000000035002e003
5002e0031003900360030002e003700000000002c000600010049006e007400650072006e0061006c
004e0061006d00650000005300650074007500700000009e003d0001004c006500670061006c00430
06f007000790072006900670068007400000043006f00700079007200690067006800740020000200
000000000000010000004c0000003cfd0600050000000000000065050000020000000000000000000
000530065007200760069006300650020005000610063006b00200033000000240054020000000200
00a40834000000560053005f00560045005200530049004f004e005f0049004e0046004f000000000
0bd04effe00000100050005000700a807050005000700a8073f000000000000000400040001000000
00000000000000000000000004080000010053007400720069006e006700460069006c00650049006
e0066006f000000f0030000010030003400300039003000340042003000000018000000010043006f
006d006d0065006e007400730000004c001600010043006f006d00700061006e0079004e0061006d0
06500000000004d006900630072006f0073006f0066007400200043006f00720070006f0072006100
740069006f006e000000680020000100460069006c006500440065007300630072006900700074006
9006f006e00000000004d006900630072006f0073006f00660074002000450078006300680061006e
00670065002000530065007200760065007200200053006500740075007000000036000b000100460
069006c006500560065007200730069006f006e000000000035002e0035002e003100390036003000
2e003700000000002c000600010049006e007400650072006e0061006c004e0061006d00650000005
30065007400750070000000a600410001004c006500670061006c0043006f00700079007200690067
0068007400000043006f00700079007200690067006800740020000200000000000000010000004c0
000003cfd060005000000000000006505000002000000000000000000000053006500720076006900
6300650020005000610063006b0020003300000024005402000000020000180434000000560053005
f00560045005200530049004f004e005f0049004e0046004f0000000000bd04effe00000100050005
000700a807050005000700a8073f00000000000000040004000100000000000000000000000000000
078030000010053007400720069006e006700460069006c00650049006e0066006f00000054030000
010030003400300039003000340042003000000018000000010043006f006d006d0065006e0074007
30000004c001600010043006f006d00700061006e0079004e0061006d006500000000004d00690063
0072006f0073006f0066007400200043006f00720070006f0072006100740069006f006e000000680
020000100460069006c0065004400650073006300720069007000740069006f006e00000000004d00
6900630072006f0073006f00660074002000450078006300680061006e00670065002000530065007
200760065007200200053006500740075007000000036000b000100460069006c0065005600650072
00730069006f006e000000000035002e0035002e0031003900360030002e003700000000002c00060
0010049006e007400650072006e0061006c004e0061006d0065000000530065007400750070000000
9a003b0001004c006500670061006c0043006f007000790072006900670068007400000043006f007
00079007200690067006800740020000200000000000000010000004c0000003cfd06000500000000
000000650500000200000000000000000000005300650072007600690063006500200050006100630
06b002000330000002400
ApplicationGoo REG_BINARY 140200001002000000020000040334000000560053005f00560045005200530049004f004e005f00
49004e0046004f0000000000bd04effe000001001c0008000000000000000800000000003f0000000
0000000040000000100000000000000000000000000000064020000010053007400720069006e0067
00460069006c00650049006e0066006f0000004002000001003000340030003900300034006200300
0000044001200010043006f006d00700061006e0079004e0061006d0065000000000043006f007200
65006c00200043006f00720070006f0072006100740069006f006e0000004e0013000100460069006
c0065004400650073006300720069007000740069006f006e000000000043006f00720065006c0020
00530065007400750070002000570069007a00610072006400000000002c0006000100460069006c0
06500560065007200730069006f006e000000000038002e0030003200380000004600130001004900
6e007400650072006e0061006c004e0061006d006500000043006f00720065006c002000530065007
400750070002000570069007a00610072006400000000006c00240001004c006500670061006c0043
006f007000790072006900670068007400000043006f0070007900720069006700680074002000a90
0200031003900390037002c00200043006f00720065006c00200043006f00720070006f0072000800
000000000000
ApplicationGoo REG_BINARY 140200001002000000020000380334000000560053005f00560045005200530049004f004e005f00
49004e0046004f0000000000bd04effe0000010002000a0001000a0002000a0001000a00000000000
0000000040001000100000000000000000000000000000098020000010053007400720069006e0067
00460069006c00650049006e0066006f0000007402000001003000340030003900300034004500340
000004a001500010043006f006d00700061006e0079004e0061006d00650000000000530079006d00
61006e00740065006300200043006f00720070006f0072006100740069006f006e000000000060001
c000100460069006c0065004400650073006300720069007000740069006f006e0000000000530079
006d0061006e007400650063002000530079006d006500760065006e007400200049006e007300740
061006c006c0065007200000034000a000100460069006c006500560065007200730069006f006e00
00000000310030002e0032002e00310030002e003100000030000800010049006e007400650072006
e0061006c004e0061006d006500000053004500560049004e005300540000007e002d0001004c0065
00670061006c0043006f007000790072006900670068007400000043006f007000790072006900670
06800740020002800430029002000530079006d0061006e00740065006300200043006f0072000100
000000000000
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
DisableHeapLookAside REG_SZ 1
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
DisableHeapLookAside REG_SZ 1
CheckAppHelp REG_DWORD 1 (0x1)
ApplicationGoo REG_BINARY 1402000010020000000200007c0334000000560053005f00560045005200530049004f004e005f00
49004e0046004f0000000000bd04effe00000100000001000900260000000100090026003f0000000
00000000400000001000000000000000000000000000000dc020000010053007400720069006e0067
00460069006c00650049006e0066006f000000b802000001003000340030003900300034006200300
0000066002700010043006f006d006d0065006e0074007300000042007500730069006e0065007300
7300200049006e00740065006c006c006900670065006e006300650020006f006e002000450076006
5007200790020004400650073006b0074006f0070000000000048001400010043006f006d00700061
006e0079004e0061006d0065000000000043006f0067006e006f007300200049006e0063006f00720
070006f0072006100740065006400000060001c000100460069006c00650044006500730063007200
69007000740069006f006e000000000043006f0067006e006f0073002000470065006e00650072006
9006300200049006e007300740061006c006c006100740069006f006e00000038000c000100460069
006c006500560065007200730069006f006e000000000031002c00200030002c002000330038002c0
020003900000030000800010049006e007400650072006e0061006c004e0061006d00650000000100
000000000000
GlobalFlag REG_SZ 0x000010F0
ApplicationGoo REG_BINARY 140200001002000000020000a40234000000560053005f00560045005200530049004f004e005f00
49004e0046004f0000000000bd04effe00000100000001000100000000000100010000003f0000000
0000000010001000100000000000000000000000000000004020000010053007400720069006e0067
00460069006c00650049006e0066006f000000e001000001003000340030003900300034004500340
0000020000000010043006f006d00700061006e0079004e0061006d00650000000000580018000100
460069006c0065004400650073006300720069007000740069006f006e000000000049004e0053005
40041004c004c0020004d004600430020004100700070006c00690063006100740069006f006e0000
00300008000100460069006c006500560065007200730069006f006e000000000031002e0030002e0
0300030003100000030000800010049006e007400650072006e0061006c004e0061006d0065000000
49004e005300540041004c004c0000002400000001004c006500670061006c0043006f00700079007
200690067006800740000002800000001004c006500670061006c00540072006100640065006d0061
0072006b0073000000000040000c0001004f0072006900670069006e0061006c00460069006c00650
06e0061006d006500000049004e005300540041004c004c002e004500580045000000300008000800
000000000000
"Notification Packages scecli

Written by Bobbi Flekman 2006 ©
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state
NextRefreshReason REG_DWORD 0 (0x0)
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Extension-List
LoggingStatus REG_DWORD 0 (0x0)
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Extension-List\{c6dc5466-785a-11d2-84d0-00c04fb169f7}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPLink-List
SOM REG_SZ Local
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPO-List
WQL-Id REG_SZ
NextRefreshReason REG_DWORD 0 (0x0)
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-527237240-117609710-682003330-1003\Extension-List
LoggingStatus REG_DWORD 0 (0x0)
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-527237240-117609710-682003330-1003\Extension-List\{c6dc5466-785a-11d2-84d0-00c04fb169f7}
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr
  • 0

Advertisements


#2
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, my name is fenzodahl512 and welcome to Geekstogo.. Please do the following....


Please download THIS FILE and save it to your Desktop.. Please unzip it and then double-click the file. Merge it to your Registry.. Just click on Ok or Yes at any prompt..




NEXT


Please visit below webpage for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. DO NOT select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix (located in C:\combofix.txt) when you've accomplished that, along with a new HijackThis log.




Regards
fenzodahl512

Edited by fenzodahl512, 14 August 2008 - 05:33 AM.

  • 0

#3
reddiephreddie

reddiephreddie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Thanks for your help! My system could no longer access the internet, so I had to copy the needed downloads ont a flash drive and run on my laptop. After performing the combofix, I was able to go online.

Here are the logs.

ComboFix 08-08-13.05 - Steve Scudder 2008-08-14 14:01:00.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.484 [GMT -4:00]
Running from: C:\Documents and Settings\Steve Scudder\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Steve Scudder\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-07-14 to 2008-08-14 )))))))))))))))))))))))))))))))
.

2008-08-13 08:49 . 2008-08-13 08:49 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-13 08:49 . 2008-08-13 08:49 <DIR> d-------- C:\Documents and Settings\Steve Scudder\Application Data\Malwarebytes
2008-08-13 08:49 . 2008-08-13 08:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-13 08:49 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-08-13 08:49 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-12 21:04 . 2008-08-12 21:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-11 23:25 . 2008-08-11 23:25 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-11 22:18 . 2008-08-11 22:18 <DIR> d-------- C:\VundoFix Backups
2008-08-11 22:00 . 2008-08-11 22:00 <DIR> d-------- C:\Deckard
2008-08-11 19:00 . 2008-08-12 08:04 144 --a------ C:\WINDOWS\wininit.ini
2008-07-21 10:26 . 2008-07-21 10:26 <DIR> d-------- C:\Program Files\Apple Software Update
2008-07-15 13:56 . 2008-07-15 13:56 <DIR> d--h----- C:\temp\pt8q3khslw
2008-07-15 13:56 . 2008-07-15 13:56 <DIR> d-------- C:\temp
2008-07-15 13:56 . 2008-07-15 13:56 <DIR> d-------- C:\Program Files\LG Electronics
2008-07-15 13:56 . 2008-07-15 13:57 1,609,728 --a------ C:\WINDOWS\MEDB.mdb

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-14 18:03 --------- d-----w C:\Documents and Settings\Steve Scudder\Application Data\Skype
2008-08-13 20:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-08-13 20:29 --------- d-----w C:\Documents and Settings\Steve Scudder\Application Data\U3
2008-08-13 15:32 --------- d-----w C:\Program Files\Wal-Mart Music Downloads Store
2008-08-13 15:32 --------- d-----w C:\Documents and Settings\Steve Scudder\Application Data\InstallShield
2008-08-13 01:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-08-09 17:23 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-04 22:58 --------- d-----w C:\Program Files\Yahoo!
2008-08-04 22:58 --------- d-----w C:\Documents and Settings\Steve Scudder\Application Data\Yahoo!
2008-08-04 22:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-07-15 17:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-04 14:58 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-04 14:58 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-05-16 15:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-05-23 17:11 17,144 ----a-w C:\Documents and Settings\Steve Scudder\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0A94B116-4504-4e26-AB05-E61E474AA38B}"= "C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL" [2007-10-29 07:57 61440]

[HKEY_CLASSES_ROOT\clsid\{0a94b116-4504-4e26-ab05-e61e474aa38b}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\PROGRA~1\MICROS~3\wcescomm.exe" [2005-11-15 19:44 1200128]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 08:00 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-07-02 17:10 23237416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2007-03-16 18:10 1392640]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-01-13 17:47 131072]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-01-13 17:47 163840]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-01-13 17:46 135168]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 14:13 176128]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2007-02-20 12:29 1191936]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2005-06-10 05:24 196608]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 20:29 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-11-21 21:09 842584]
"LifeCam"="c:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-01-12 17:48 275800]
"VX3000"="C:\WINDOWS\vVX3000.exe" [2006-12-05 15:39 707360]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-18 23:03 185896]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-04 10:58 1232152]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 17:30 282624 C:\WINDOWS\stsystra.exe]

C:\Documents and Settings\Steve Scudder\Start Menu\Programs\Startup\
Microsoft Office Groove.lnk - C:\Program Files\Microsoft Office\Office12\GROOVE.EXE [2006-10-27 15:37:44 338216]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-09-29 16:44:29 126136]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 15:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-04 10:58]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-04 10:58]
R2 MSCamSvc;MSCamSvc;c:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-01-04 14:13]
S2 HPFECP12;HPFECP12;C:\WINDOWS\system32\drivers\HPFECP12.SYS [1998-10-19 06:19]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://www.savannahriverbaptist.org/
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O17 -: HKLM\CCS\Interface\{CBF7D055-5ACD-4F44-9225-124503B64169}: NameServer = 208.67.222.222

O16 -: {54D53429-945C-4188-B460-C81356541882} - hxxp://photosmart.hpphoto.com/Download/HPeServicesLocalPrint.CAB
C:\WINDOWS\Downloaded Program Files\HPeServicesLocalPrint.inf

O16 -: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://aolsvc.aol.com/onlinegames/free-trial-yahtzee/zylomplayer.cab
C:\WINDOWS\Downloaded Program Files\ZylomGamesPlayer.inf
C:\WINDOWS\Downloaded Program Files\zylomgamesplayer.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-14 14:03:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-14 14:04:05
ComboFix-quarantined-files.txt 2008-08-14 18:04:02
ComboFix2.txt 2008-08-14 15:28:11

Pre-Run: 43,390,492,672 bytes free
Post-Run: 43,361,366,016 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

145 --- E O F --- 2008-04-09 22:31:43



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:05:34 PM, on 8/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\MICROS~3\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.savannahriverbaptist.org/
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: (no name) - {0A94B111-4504-4e26-AB05-E61E474AA38B} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [LifeCam] "c:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Microsoft Office Groove.lnk = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinn...rabblecubes.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {54D53429-945C-4188-B460-C81356541882} (SaveImageFiles Class) - http://photosmart.hp...sLocalPrint.CAB
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.w...ler/install.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.co...zylomplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CBF7D055-5ACD-4F44-9225-124503B64169}: NameServer = 208.67.222.222
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9890 bytes

Edited by reddiephreddie, 14 August 2008 - 12:17 PM.

  • 0

#4
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
1. Please open Notepad
  • Click Start, then Run
  • Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Folder::
C:\Program Files\AskPBar
C:\VundoFix Backups
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0A94B116-4504-4e26-AB05-E61E474AA38B}"=-
[-HKEY_CLASSES_ROOT\clsid\{0a94b116-4504-4e26-ab05-e61e474aa38b}]

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the ComboFix log in your next reply..




NEXT


Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.




I see that you run Deckard System Scanner before.. Please run it again after Kaspersky Webscanner step..



Please post the following logs in your next reply..
1. ComboFix
2. Kaspersky Webscanner
3. A fresh Deckard System Scanner (DSS)

Regards
fenzodahl512
  • 0

#5
reddiephreddie

reddiephreddie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Here are the next series of reports. The good news is that I have done all this from the infected laptop as the first ComboFix gained me access to the internet. The only problem I detect now is with Outlook. Outlook is not keeping my email password stored. Every time Outlook goes to get my email, I have to retype my password.

ComboFix 08-08-13.05 - Steve Scudder 2008-08-14 15:40:16.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.490 [GMT -4:00]
Running from: C:\Documents and Settings\Steve Scudder\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Steve Scudder\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\AskPBar
C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
C:\Program Files\AskPBar\bar\Cache\0246CC98
C:\Program Files\AskPBar\bar\Cache\0246CE3E
C:\Program Files\AskPBar\bar\Cache\0246CECA.bin
C:\Program Files\AskPBar\bar\Cache\0246CF47.bin
C:\Program Files\AskPBar\bar\Cache\0246D003.bin
C:\Program Files\AskPBar\bar\Cache\0246D0CE.bin
C:\Program Files\AskPBar\bar\Cache\0246D38D.bin
C:\Program Files\AskPBar\bar\Cache\files.ini
C:\Program Files\AskPBar\bar\History\search2
C:\Program Files\AskPBar\bar\Settings\prevcfg2.htm
C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
C:\VundoFix Backups

.
((((((((((((((((((((((((( Files Created from 2008-07-14 to 2008-08-14 )))))))))))))))))))))))))))))))
.

2008-08-13 08:49 . 2008-08-13 08:49 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-13 08:49 . 2008-08-13 08:49 <DIR> d-------- C:\Documents and Settings\Steve Scudder\Application Data\Malwarebytes
2008-08-13 08:49 . 2008-08-13 08:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-13 08:49 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-08-13 08:49 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-12 21:04 . 2008-08-12 21:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-11 23:25 . 2008-08-11 23:25 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-11 22:00 . 2008-08-11 22:00 <DIR> d-------- C:\Deckard
2008-08-11 19:00 . 2008-08-12 08:04 144 --a------ C:\WINDOWS\wininit.ini
2008-07-21 10:26 . 2008-07-21 10:26 <DIR> d-------- C:\Program Files\Apple Software Update
2008-07-15 13:56 . 2008-07-15 13:56 <DIR> d--h----- C:\temp\pt8q3khslw
2008-07-15 13:56 . 2008-07-15 13:56 <DIR> d-------- C:\temp
2008-07-15 13:56 . 2008-07-15 13:56 <DIR> d-------- C:\Program Files\LG Electronics
2008-07-15 13:56 . 2008-07-15 13:57 1,609,728 --a------ C:\WINDOWS\MEDB.mdb

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-14 19:42 --------- d-----w C:\Documents and Settings\Steve Scudder\Application Data\Skype
2008-08-13 20:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-08-13 20:29 --------- d-----w C:\Documents and Settings\Steve Scudder\Application Data\U3
2008-08-13 15:32 --------- d-----w C:\Program Files\Wal-Mart Music Downloads Store
2008-08-13 15:32 --------- d-----w C:\Documents and Settings\Steve Scudder\Application Data\InstallShield
2008-08-13 01:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-08-09 17:23 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-04 22:58 --------- d-----w C:\Program Files\Yahoo!
2008-08-04 22:58 --------- d-----w C:\Documents and Settings\Steve Scudder\Application Data\Yahoo!
2008-08-04 22:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-07-15 17:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-04 14:58 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-04 14:58 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-05-16 15:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-05-23 17:11 17,144 ----a-w C:\Documents and Settings\Steve Scudder\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\PROGRA~1\MICROS~3\wcescomm.exe" [2005-11-15 19:44 1200128]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 08:00 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-07-02 17:10 23237416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2007-03-16 18:10 1392640]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-01-13 17:47 131072]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-01-13 17:47 163840]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-01-13 17:46 135168]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 14:13 176128]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2007-02-20 12:29 1191936]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2005-06-10 05:24 196608]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 20:29 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-11-21 21:09 842584]
"LifeCam"="c:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-01-12 17:48 275800]
"VX3000"="C:\WINDOWS\vVX3000.exe" [2006-12-05 15:39 707360]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-18 23:03 185896]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-04 10:58 1232152]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 17:30 282624 C:\WINDOWS\stsystra.exe]

C:\Documents and Settings\Steve Scudder\Start Menu\Programs\Startup\
Microsoft Office Groove.lnk - C:\Program Files\Microsoft Office\Office12\GROOVE.EXE [2006-10-27 15:37:44 338216]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-09-29 16:44:29 126136]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 15:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-04 10:58]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-04 10:58]
R2 MSCamSvc;MSCamSvc;c:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-01-04 14:13]
S2 HPFECP12;HPFECP12;C:\WINDOWS\system32\drivers\HPFECP12.SYS [1998-10-19 06:19]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-14 15:42:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-14 15:43:34
ComboFix-quarantined-files.txt 2008-08-14 19:43:28
ComboFix2.txt 2008-08-14 18:04:06
ComboFix3.txt 2008-08-14 15:28:11

Pre-Run: 43,346,411,520 bytes free
Post-Run: 43,341,328,384 bytes free

140 --- E O F --- 2008-04-09 22:31:43

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, August 14, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, August 14, 2008 21:12:07
Records in database: 1093864
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 58470
Threat name: 4
Infected objects: 5
Suspicious objects: 0
Duration of the scan: 01:12:47


File name / Threat name / Threats count
C:\Documents and Settings\Steve Scudder\Application Data\Sun\Java\Deployment\cache\6.0\22\74018dd6-5a4d47b6 Infected: Trojan-Downloader.Java.OpenStream.ac 1
C:\QooBox\Quarantine\C\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.a 1
C:\QooBox\Quarantine\C\WINDOWS\system32\ohnjck.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.ckn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\sqaskbld.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.ckn 1
C:\QooBox\Quarantine\C\WINDOWS\wnlmdakqlag.dll.vir Infected: Trojan.Win32.Vapsup.key 1

The selected area was scanned.

Deckard's System Scanner v20071014.68
Run by Steve Scudder on 2008-08-14 17:32:59
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Steve Scudder.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:33:18 PM, on 8/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\MICROS~3\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Steve Scudder\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\STEVES~1.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.savannahriverbaptist.org/
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL (file missing)
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [LifeCam] "c:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Microsoft Office Groove.lnk = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinn...rabblecubes.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {54D53429-945C-4188-B460-C81356541882} (SaveImageFiles Class) - http://photosmart.hp...sLocalPrint.CAB
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.w...ler/install.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.co...zylomplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CBF7D055-5ACD-4F44-9225-124503B64169}: NameServer = 208.67.222.222
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9914 bytes

-- Files created between 2008-07-14 and 2008-08-14 -----------------------------

2008-08-14 15:46:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-08-14 15:46:43 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-08-14 15:46:42 0 d-------- C:\WINDOWS\LastGood
2008-08-14 14:00:24 0 d-------- C:\cmdcons
2008-08-14 13:59:45 68096 --a------ C:\WINDOWS\zip.exe
2008-08-14 13:59:45 49152 --a------ C:\WINDOWS\VFind.exe
2008-08-14 13:59:45 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-08-14 13:59:45 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-08-14 13:59:45 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-08-14 13:59:45 98816 --a------ C:\WINDOWS\sed.exe
2008-08-14 13:59:45 80412 --a------ C:\WINDOWS\grep.exe
2008-08-14 13:59:45 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-08-13 08:49:29 0 d-------- C:\Documents and Settings\Steve Scudder\Application Data\Malwarebytes
2008-08-13 08:49:13 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-13 08:49:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-12 21:04:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-11 23:25:22 0 d-------- C:\Program Files\Trend Micro
2008-07-21 10:26:26 0 d-------- C:\Program Files\Apple Software Update
2008-07-15 13:56:59 0 d-------- C:\temp
2008-07-15 13:56:37 0 d-------- C:\Program Files\LG Electronics
2008-07-15 13:54:47 0 d-------- C:\WINDOWS\RegisteredPackages


-- Find3M Report ---------------------------------------------------------------

2008-08-14 17:26:30 0 d-------- C:\Documents and Settings\Steve Scudder\Application Data\Skype
2008-08-14 15:41:51 0 d-------- C:\Program Files\Common Files
2008-08-13 16:29:50 0 d-------- C:\Documents and Settings\Steve Scudder\Application Data\U3
2008-08-13 11:32:30 0 d-------- C:\Program Files\Wal-Mart Music Downloads Store
2008-08-13 11:32:29 0 d-------- C:\Documents and Settings\Steve Scudder\Application Data\InstallShield
2008-08-04 18:58:58 0 d-------- C:\Documents and Settings\Steve Scudder\Application Data\Yahoo!
2008-08-04 18:58:47 0 d-------- C:\Program Files\Yahoo!
2008-07-15 13:56:36 0 d--h----- C:\Program Files\InstallShield Installation Information


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [03/16/2007 06:10 PM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [01/13/2007 05:47 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [01/13/2007 05:47 PM]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [01/13/2007 05:46 PM]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [10/07/2005 02:13 PM]
"SigmatelSysTrayApp"="stsystra.exe" [03/24/2006 05:30 PM C:\WINDOWS\stsystra.exe]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [02/20/2007 12:29 PM]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [06/10/2005 05:24 AM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [12/09/2005 08:29 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [11/21/2006 09:09 PM]
"LifeCam"="c:\Program Files\Microsoft LifeCam\LifeExp.exe" [01/12/2007 05:48 PM]
"VX3000"="C:\WINDOWS\vVX3000.exe" [12/05/2006 03:39 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/18/2008 11:03 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 01:10 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/04/2008 10:58 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\PROGRA~1\MICROS~3\wcescomm.exe" [11/15/2005 07:44 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [02/28/2006 08:00 AM]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [07/02/2007 05:10 PM]

C:\Documents and Settings\Steve Scudder\Start Menu\Programs\Startup\
Microsoft Office Groove.lnk - C:\Program Files\Microsoft Office\Office12\GROOVE.EXE [10/27/2006 3:37:44 PM]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [10/26/2006 8:24:54 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [9/29/2007 4:44:29 PM]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2/5/2007 3:40:46 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [02/05/2007 03:39 PM 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66b6e8b8-3074-11dc-8063-0016ce6430d5}]
AutoRun\command- E:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2008-08-14 17:33:43 ------------
  • 0

#6
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Ok.. Just a little bit more.. :)


Please re-open HijackThis and click on Do a system scan only. Check the boxes next to all the entries listed below.

O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL (file missing)
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)


Now close all windows other than HijackThis, then click Fix checked. Close HijackThis.




NEXT


Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.



And about your Outlook passwords, please navigate below websites..

http://www.pchell.co...epassword.shtml
http://www.theelderg..._in_outlook.htm


Post me Kaspersky Webscanner report for my final review before I can set you free :)



Regards
fenzodahl512

Edited by fenzodahl512, 14 August 2008 - 04:00 PM.

  • 0

#7
reddiephreddie

reddiephreddie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Here you go...

KASPERSKY ONLINE SCANNER 7 REPORTKASPERSKY ONLINE SCANNER 7 REPORT
Thursday, August 14, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build
2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, August 14, 2008 23:17:05
Records in database: 1093987


Scan settings
Scan using the following databaseextended
Scan archivesyes
Scan mail databasesyes

Scan areaMy Computer
C:\
D:\

Scan statistics
Files scanned58906
Threat name4
Infected objects5
Suspicious objects0
Duration of the scan01:24:06

File nameThreat nameThreats count
C:\Documents and Settings\Steve Scudder\Application
Data\Sun\Java\Deployment\cache\6.0\22\74018dd6-5a4d47b6Infected:
Trojan-Downloader.Java.OpenStream.ac1

C:\QooBox\Quarantine\C\Program
Files\AskPBar\bar\1.bin\ASKPBAR.DLL.virInfected:
not-a-virus:AdTool.Win32.MyWebSearch.a1

C:\QooBox\Quarantine\C\WINDOWS\system32\ohnjck.dll.virInfected:
not-a-virus:AdWare.Win32.SuperJuan.ckn1

C:\QooBox\Quarantine\C\WINDOWS\system32\sqaskbld.dll.virInfected:
not-a-virus:AdWare.Win32.SuperJuan.ckn1

C:\QooBox\Quarantine\C\WINDOWS\wnlmdakqlag.dll.virInfected:
Trojan.Win32.Vapsup.key1

The selected area was scanned.
  • 0

#8
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
That's looks good to me...

Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
    Please note that the space between x and / is needed

    Posted Image




NEXT


Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts. A log will appear (JavaRa.log), please post the contents of this log on the forum.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.



NEXT


You already have AVG8 as your antivirus and Malwarebytes' as your antispyware. However, I haven't seen any third-party firewall in your logs.. Do you have any? If you don't, please install ONLY ONE of these free and excellent firewall below:
After you install the third party firewall, please disable your Windows firewall. Please go to My Computer >> Control Panel >> Windows Firewall and choose Off (not recommended) option. Then please click Apply and Ok.



Lastly, to keep your operating system up to date please visit the link below monthly

Please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware

And another excellent article by CastleCops Malware Prevention: Prevent Re-infection

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :)



Have a safe and happy computing day!


Regards
fenzodahl512
  • 0

#9
reddiephreddie

reddiephreddie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Here is the JavaRa report:

JavaRa 1.11 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Fri Aug 15 09:50:12 2008

Found and removed: C:\Program Files\Java\jre1.6.0_01

Found and removed: C:\Program Files\Java\jre1.6.0_02

Found and removed: C:\Program Files\Java\jre1.6.0_03

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\JavaPlugin.160_01

Found and removed: SOFTWARE\Classes\JavaPlugin.160_02

Found and removed: SOFTWARE\Classes\JavaPlugin.160_03

Found and removed: SOFTWARE\Classes\JavaPlugin.160_05

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_01

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_02

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_01

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_02

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160020}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160030}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050}

Found and removed: Software\Classes\JavaPlugin.160_01

Found and removed: Software\Classes\JavaPlugin.160_02

Found and removed: Software\Classes\JavaPlugin.160_03

Found and removed: Software\Classes\JavaPlugin.160_05

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_01.b06\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_03.b05\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_05.b13\

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05

Found and removed: Software\JavaSoft\Java2D\1.6.0_01

Found and removed: Software\JavaSoft\Java2D\1.6.0_02

Found and removed: Software\JavaSoft\Java2D\1.6.0_03

Found and removed: Software\JavaSoft\Java2D\1.6.0_05

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_01

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_02

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_03

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

------------------------------------

Finished reporting.



I was able to everything you suggested except download and install the latest JRE. Everytime it tried to download, the system would disconnect after a few seconds and then restart. Finally, it exceeded the attempts limit. I tried one more time, but was unable to successfully download the file. Let me know if you think I should try the JRE again and any suggestions on a better approach to success.

M laptop is running fine again. The fixes you sent for Outlook did not work. However, after I completed this morning's tasks, Outlook is now opening and retaining my password.

Thanks a bunch for your help. You win the GOLD in my book! :)
  • 0

#10
reddiephreddie

reddiephreddie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
:) I spoke too soon. The reason I was not getting the password dialogue box is that I am not able to access my email through Outlook or directly through the Internet page. I have been able to confirm that my ISP is up and working. My computer just isn't making a connection.
  • 0

Advertisements


#11
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts

:) I spoke too soon. The reason I was not getting the password dialogue box is that I am not able to access my email through Outlook or directly through the Internet page. I have been able to confirm that my ISP is up and working. My computer just isn't making a connection.



Erm... not sure why is that.. So, can you actually connect to the internet?


If you can't, please do below and then report back to me.. Otherwise, just tell me :)


Please download WinsockXPFix from HERE.
  • Double-click on WinsockXPFix and click on Fix
It will ask you to restart your computer in attempt to fix the internet connection. Please do so..


Regards
fenzodahl512
  • 0

#12
reddiephreddie

reddiephreddie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
I am able to get on the net. Now we are back to my Outlook not retaining my password. I can once again access my email through my ISP's web page. I have received an email through Outlook, but I have to retype my password every time.
  • 0

#13
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts

I am able to get on the net. Now we are back to my Outlook not retaining my password. I can once again access my email through my ISP's web page. I have received an email through Outlook, but I have to retype my password every time.



Please do this first..

The steps that I am about to suggest involve modifying the registry. Modfying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot perform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry
  • Go Here and download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.

For detailed instruction on how to back-up registry via ERUNT, please visit HERE




Then, have you done the suggestion as per these websites? :)

http://www.pchell.co...epassword.shtml
http://www.theelderg..._in_outlook.htm

Edited by fenzodahl512, 15 August 2008 - 10:32 AM.

  • 0

#14
reddiephreddie

reddiephreddie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Yes...nothing changed.
  • 0

#15
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts

Yes...nothing changed.


Hi.. I believe the problem is not related with malware..


I suggest you seek further assistance at our Web Browsers and Email forum... link below..

http://www.geekstogo...-Email-f26.html


Tell them that you have been cleaned in Malware Removal forum..


Regards
fenzodahl512 :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP