Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

pak_generic.005 x.exe udxfytw.sys

Started by fred4043 , Nov 28 2008 04:09 PM

  • Please log in to reply

#1
fred4043
Posted 28 November 2008 - 04:09 PM

fred4043

    New Member

  • Member
  • Pip
  • 1 posts
To anyone who reads this. i think i got my prob. fixed. so far so good. i would close this post but i dont know how.

TREND MICRO gives me the PAK_generic.005 message when it boots.

When the comp. boots up i get explorer has to shut down and then I get "do you want to send a error report" and it has the "drwtsn32.exe.mdmp and appcompat.txt" message.

I ran combo fix twice (each time it deleted something diff.) and both are posted with 1 HJT log which i did not fix anything yet.

I backed up my registry with ERUNT. i now have to be in safe mode with networking for my comp. to work.

I think i should give you alittle history also. A week ago I had the "soxpeca" thing with six others. I think I got it from when I did a SYSTEM RESTORE as I was doing some reading on it I found a topic on here. I followed it and it fixed my problem. I cant remember the guys name but I want to thank you.

MBAM showed zero infections.

"COMBO FIX first log"


ComboFix 08-11-27.03 - FRED 2008-11-27 15:50:04.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1593 [GMT -5:00]
Running from: c:\documents and settings\FRED\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\udxfytw.sys

.
((((((((((((((((((((((((( Files Created from 2008-10-27 to 2008-11-27 )))))))))))))))))))))))))))))))
.

2008-11-27 15:08 . 2008-11-27 15:08 <DIR> d-------- c:\documents and settings\Administrator
2008-11-27 14:04 . 2008-11-27 15:33 32,256 -r-hs---- c:\windows\system32\csrsc.exe
2008-11-27 13:57 . 2008-11-27 14:21 <DIR> d-------- c:\windows\system32\CatRoot_bak
2008-11-21 13:34 . 2008-11-21 13:34 <DIR> d-------- C:\fsaua.data
2008-11-21 13:18 . 2008-11-21 13:18 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-21 13:18 . 2008-11-21 13:18 <DIR> d-------- c:\documents and settings\FRED\Application Data\Malwarebytes
2008-11-21 13:18 . 2008-11-21 13:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-21 13:18 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-21 13:18 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-21 11:00 . 2008-11-21 11:00 <DIR> d---s---- c:\windows\system32\config\systemprofile\UserData
2008-11-09 18:26 . 2008-11-27 15:11 <DIR> d-------- C:\RED ALERT 3 MAPS
2008-11-02 15:16 . 2008-11-02 15:41 <DIR> d-------- c:\documents and settings\FRED\Application Data\Red Alert 3
2008-10-28 22:00 . 2008-10-28 22:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\nView_Profiles

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-21 15:41 --------- d-----w c:\program files\Trend Micro
2008-11-06 06:28 --------- d-----w c:\documents and settings\FRED\Application Data\LimeWire
2008-11-02 19:30 --------- d-----w c:\program files\Electronic Arts
2008-10-25 00:07 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-10-24 23:55 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-10-24 23:55 22,328 ----a-w c:\documents and settings\FRED\Application Data\PnkBstrK.sys
2008-10-24 23:54 2,250,024 ----a-w c:\windows\system32\pbsvc.exe
2008-10-24 23:54 107,832 ----a-w c:\windows\system32\PnkBstrB.exe
2008-10-24 23:36 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-24 23:36 --------- d-----w c:\program files\UBISOFT
2008-10-24 22:44 --------- d-----w c:\program files\Mozilla Firefox(2)
2008-10-24 22:31 --------- d-----w c:\program files\CrosuS
.

------- Sigcheck -------

2004-08-04 02:56 14336 8f078ae4ed187aaabc0a305146de6716 c:\windows\$NtServicePackUninstall$\svchost.exe
2004-08-04 02:56 14336 8f078ae4ed187aaabc0a305146de6716 c:\windows\ServicePackFiles\i386\svchost.exe
2004-08-04 02:56 14336 8f078ae4ed187aaabc0a305146de6716 c:\windows\SoftwareDistribution\Download\8129b778ea6ca8125bb950bab610db01\backup\svchost.exe
2004-08-04 02:56 14336 8f078ae4ed187aaabc0a305146de6716 c:\windows\system32\svchost.exe

2004-08-04 02:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 c:\windows\$NtServicePackUninstall$\ws2_32.dll
2004-08-04 02:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 c:\windows\ServicePackFiles\i386\ws2_32.dll
2004-08-04 02:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 c:\windows\SoftwareDistribution\Download\8129b778ea6ca8125bb950bab610db01\backup\ws2_32.dll
2004-08-04 02:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 c:\windows\system32\ws2_32.dll

2004-08-04 02:56 502272 01c3346c241652f43aed8e2149881bfe c:\windows\$NtServicePackUninstall$\winlogon.exe
2003-03-31 07:00 516608 2246d8d8f4714a2cedb21ab9b1849abb c:\windows\$NtUninstallKB841533$\winlogon.exe
2004-08-04 02:56 502272 01c3346c241652f43aed8e2149881bfe c:\windows\ServicePackFiles\i386\winlogon.exe
2004-08-04 02:56 502272 01c3346c241652f43aed8e2149881bfe c:\windows\SoftwareDistribution\Download\8129b778ea6ca8125bb950bab610db01\backup\winlogon.exe
2004-08-04 02:56 502272 01c3346c241652f43aed8e2149881bfe c:\windows\system32\winlogon.exe

2004-08-04 01:14 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\$NtServicePackUninstall$\ndis.sys
2004-08-04 01:14 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\ServicePackFiles\i386\ndis.sys
2004-08-04 01:14 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\SoftwareDistribution\Download\8129b778ea6ca8125bb950bab610db01\backup\ndis.sys
2004-08-04 01:14 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\system32\drivers\ndis.sys

2004-08-04 01:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys
2004-08-04 01:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\ServicePackFiles\i386\ip6fw.sys
2004-08-04 01:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\SoftwareDistribution\Download\8129b778ea6ca8125bb950bab610db01\backup\ip6fw.sys
2004-08-04 01:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\system32\drivers\ip6fw.sys

2004-08-04 02:56 108032 c6ce6eec82f187615d1002bb3bb50ed4 c:\windows\$NtServicePackUninstall$\services.exe
2004-08-04 02:56 108032 c6ce6eec82f187615d1002bb3bb50ed4 c:\windows\ServicePackFiles\i386\services.exe
2004-08-04 02:56 108032 c6ce6eec82f187615d1002bb3bb50ed4 c:\windows\SoftwareDistribution\Download\8129b778ea6ca8125bb950bab610db01\backup\services.exe
2004-08-04 02:56 108032 c6ce6eec82f187615d1002bb3bb50ed4 c:\windows\system32\services.exe

2004-08-04 02:56 13312 84885f9b82f4d55c6146ebf6065d75d2 c:\windows\$NtServicePackUninstall$\lsass.exe
2004-08-04 02:56 13312 84885f9b82f4d55c6146ebf6065d75d2 c:\windows\ServicePackFiles\i386\lsass.exe
2004-08-04 02:56 13312 84885f9b82f4d55c6146ebf6065d75d2 c:\windows\SoftwareDistribution\Download\8129b778ea6ca8125bb950bab610db01\backup\lsass.exe
2004-08-04 02:56 13312 84885f9b82f4d55c6146ebf6065d75d2 c:\windows\system32\lsass.exe

2004-08-04 02:56 15360 24232996a38c0b0cf151c2140ae29fc8 c:\windows\$NtServicePackUninstall$\ctfmon.exe
2004-08-04 02:56 15360 24232996a38c0b0cf151c2140ae29fc8 c:\windows\ServicePackFiles\i386\ctfmon.exe
2004-08-04 02:56 15360 24232996a38c0b0cf151c2140ae29fc8 c:\windows\SoftwareDistribution\Download\8129b778ea6ca8125bb950bab610db01\backup\ctfmon.exe
2004-08-04 02:56 15360 24232996a38c0b0cf151c2140ae29fc8 c:\windows\system32\ctfmon.exe

2004-08-04 02:56 24576 39b1ffb03c2296323832acbae50d2aff c:\windows\$NtServicePackUninstall$\userinit.exe
2004-08-04 02:56 24576 39b1ffb03c2296323832acbae50d2aff c:\windows\ServicePackFiles\i386\userinit.exe
2004-08-04 02:56 24576 39b1ffb03c2296323832acbae50d2aff c:\windows\SoftwareDistribution\Download\8129b778ea6ca8125bb950bab610db01\backup\userinit.exe
2004-08-04 02:56 24576 39b1ffb03c2296323832acbae50d2aff c:\windows\system32\userinit.exe

2004-08-04 02:56 295424 b60c877d16d9c880b952fda04adf16e6 c:\windows\$NtServicePackUninstall$\termsrv.dll
2004-08-04 02:56 295424 b60c877d16d9c880b952fda04adf16e6 c:\windows\ServicePackFiles\i386\termsrv.dll
2004-08-04 02:56 295424 b60c877d16d9c880b952fda04adf16e6 c:\windows\SoftwareDistribution\Download\8129b778ea6ca8125bb950bab610db01\backup\termsrv.dll
2004-08-04 02:56 295424 b60c877d16d9c880b952fda04adf16e6 c:\windows\system32\termsrv.dll
.
((((((((((((((((((((((((((((( [email protected]_12.03.36.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-02-27 20:59:28 290,816 ----a-w c:\windows\Downloaded Program Files\auc_lib.dll
+ 2008-02-27 20:59:28 495,616 ----a-w c:\windows\Downloaded Program Files\daas_s.dll
+ 2008-02-27 21:00:12 262,144 ----a-w c:\windows\Downloaded Program Files\fscax.dll
+ 2008-02-27 20:59:16 588,392 ----a-w c:\windows\Downloaded Program Files\gatelauncher.exe
- 2007-07-30 23:19:20 92,504 ----a-w c:\windows\system32\cdm.dll
+ 2008-07-19 03:10:48 94,920 ----a-w c:\windows\system32\cdm.dll
+ 2008-11-27 18:01:25 1,521 ----a-w c:\windows\system32\config\Before Compact\restore.bat
+ 2008-11-27 18:01:25 1,521 ----a-w c:\windows\system32\config\SM Registry Backup\11-27-2008 13.00.28\restore.bat
- 2008-11-21 16:54:58 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-11-21 17:44:14 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-11-21 16:54:58 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-11-21 17:44:14 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-11-21 16:38:40 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008112120081122\index.dat
+ 2008-11-21 17:12:22 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008112120081122\index.dat
- 2007-07-30 23:19:20 92,504 -c--a-w c:\windows\system32\dllcache\cdm.dll
+ 2008-07-19 03:10:48 94,920 -c--a-w c:\windows\system32\dllcache\cdm.dll
- 2007-07-30 23:19:36 549,720 -c--a-w c:\windows\system32\dllcache\wuapi.dll
+ 2008-07-19 03:09:44 563,912 -c--a-w c:\windows\system32\dllcache\wuapi.dll
- 2007-07-30 23:19:16 53,080 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
+ 2008-07-19 03:10:42 53,448 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
- 2007-07-30 23:19:42 1,712,984 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
+ 2008-07-19 03:09:42 1,811,656 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
- 2007-07-30 23:19:32 325,976 -c--a-w c:\windows\system32\dllcache\wucltui.dll
+ 2008-07-19 03:09:46 325,832 -c--a-w c:\windows\system32\dllcache\wucltui.dll
- 2007-07-30 23:18:40 33,624 -c--a-w c:\windows\system32\dllcache\wups.dll
+ 2008-07-19 03:10:20 36,552 -c--a-w c:\windows\system32\dllcache\wups.dll
- 2008-10-24 22:48:05 239,944 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-11-27 19:49:27 236,760 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2007-10-11 19:12:48 1,468,968 ----a-w c:\windows\system32\LegitCheckControl.dll
+ 2008-03-20 23:06:36 1,480,232 ----a-w c:\windows\system32\LegitCheckControl.dll
- 2007-07-30 23:18:34 207,736 ----a-w c:\windows\system32\muweb.dll
+ 2008-07-19 03:07:54 210,976 ----a-w c:\windows\system32\muweb.dll
- 2008-11-21 15:14:35 63,188 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-27 20:45:56 63,188 ----a-w c:\windows\system32\perfc009.dat
- 2008-11-21 15:14:35 403,968 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-27 20:45:56 403,968 ----a-w c:\windows\system32\perfh009.dat
- 2008-10-24 22:46:08 8,998,084 ----a-w c:\windows\system32\Restore\rstrlog.dat
+ 2008-11-27 17:48:07 2,041,768 ----a-w c:\windows\system32\Restore\rstrlog.dat
+ 2008-07-19 03:09:44 563,912 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wuapi.dll\7.2.6001.784\wuapi.dll
+ 2008-07-19 03:10:20 36,552 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll
+ 2008-07-19 03:10:40 45,768 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll
- 2007-10-08 19:46:18 14,640 ----a-w c:\windows\system32\spmsg.dll
+ 2008-03-20 19:41:20 14,640 ------w c:\windows\system32\spmsg.dll
- 2007-07-30 23:19:36 549,720 ----a-w c:\windows\system32\wuapi.dll
+ 2008-07-19 03:09:44 563,912 ----a-w c:\windows\system32\wuapi.dll
- 2007-07-30 23:19:16 53,080 ----a-w c:\windows\system32\wuauclt.exe
+ 2008-07-19 03:10:42 53,448 ----a-w c:\windows\system32\wuauclt.exe
- 2007-07-30 23:19:42 1,712,984 ----a-w c:\windows\system32\wuaueng.dll
+ 2008-07-19 03:09:42 1,811,656 ----a-w c:\windows\system32\wuaueng.dll
- 2007-07-30 23:19:32 325,976 ----a-w c:\windows\system32\wucltui.dll
+ 2008-07-19 03:09:46 325,832 ----a-w c:\windows\system32\wucltui.dll
- 2007-07-30 23:18:40 33,624 ----a-w c:\windows\system32\wups.dll
+ 2008-07-19 03:10:20 36,552 ----a-w c:\windows\system32\wups.dll
- 2007-07-30 23:19:12 43,352 ----a-w c:\windows\system32\wups2.dll
+ 2008-07-19 03:10:40 45,768 ----a-w c:\windows\system32\wups2.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-02-15 492808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"SaiSmart"="c:\program files\Saitek\Software\SaiSmart.exe" [2004-08-19 98304]
"SaiMfd"="c:\program files\Saitek\Software\SaiMfd.exe" [2004-08-19 135168]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]
"Profiler"="c:\program files\Saitek\Software\Profiler.exe" [2004-08-19 159744]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-19 86016]
"DT HPW"="c:\program files\Portrait Displays\HP My Display\DTHtml.exe" [2007-01-16 280576]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"iolo AntiVirus"="c:\program files\iolo\System Mechanic Professional\AntiVirus\ioloAV.exe" [2008-06-18 1100640]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-10-16 185784]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-07-29 1398024]
"iolo Personal Firewall"="c:\program files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe" [2008-06-18 1313632]
"nwiz"="nwiz.exe" [2007-04-19 c:\windows\system32\nwiz.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-08-07 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i263_32.drv
"VIDC.I263"= i263_32.drv
"vidc.ir32"= c:\windows\System32\ir32_32.dll
"vidc.ir31"= c:\windows\System32\ir32_32.dll
"vidc.ir41"= c:\windows\System32\ir41_32.ax
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\vio\dvacm.acm
"msacm.mpegacm"= mpegacm.acm
"msacm.ulmp3acm"= ulmp3acm.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\CrosuS\\CrosuSApp.exe"=
"c:\\Program Files\\UBISOFT\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\UBISOFT\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\UBISOFT\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\csrsc.exe"=

R0 XPacket;iolo Personal Firewall Driver;c:\windows\system32\xpacket.sys [2008-04-04 39424]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-03-24 592232]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-03-24 592232]
R2 IOPort;IOPort;\??\c:\windows\System32\DRIVERS\IOPORT.SYS [1998-11-27 6144]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-02-25 24652]
R2 WinSpoolSvc;Windows Spool Services;"c:\windows\system32\csrsc.exe" [2008-11-27 32256]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [2007-08-21 598856]
S2 nvtvSND;nVidia WDM TVAudio Crossbar;c:\windows\system32\DRIVERS\nvtvsnd.sys []
S3 ASUSHWIO;ASUSHWIO;\??\c:\windows\System32\drivers\ASUSHWIO.sys []
S3 SaiH8000;SaiH8000;c:\windows\system32\DRIVERS\SaiH8000.sys [2005-01-10 56576]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.armstrongmywire.com/index.php
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
LSP: c:\windows\system32\iavlsp.dll

c:\windows\system32\ijl15.dll - c:\windows\system32\AudioDec.dll
c:\windows\system32\IPCamera.ini
c:\windows\system32\Xrypassd.dll
c:\windows\system32\AvsCodec50.dll
c:\windows\system32\NVDHD50.dll
c:\windows\system32\NVDM50.dll
c:\windows\system32\decode.dll
c:\windows\system32\RTClientSDK55.dll
c:\windows\Downloaded Program Files\WebCamX.ocx
O16 -: {95A161E7-F130-4BB6-A4A1-4241FD68B9ED}
hxxp://www.demodvrs.com/WebCamX.cab
c:\windows\Downloaded Program Files\WebCamX.inf

c:\windows\Downloaded Program Files\BoardID.dll - O16 -: {E5ABEB00-B357-4884-9949-77B2C71A7EE3}
hxxp://developer.intel.com/design/motherbd/boardid/BoardID.cab
c:\windows\Downloaded Program Files\BoardID.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-27 15:53:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1196)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'lsass.exe'(1260)
c:\windows\system32\iavlsp.dll
.
Completion time: 2008-11-27 15:55:10
ComboFix-quarantined-files.txt 2008-11-27 20:55:08
ComboFix2.txt 2008-11-21 18:07:56
ComboFix3.txt 2008-11-21 17:54:45
ComboFix4.txt 2008-11-21 17:04:40

Pre-Run: 11,007,930,368 bytes free
Post-Run: 11,006,103,552 bytes free

270



"COMBO FIX 2 log"




ComboFix 08-11-27.03 - FRED 2008-11-27 17:34:43.5 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1764 [GMT -5:00]
Running from: c:\documents and settings\FRED\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\x.exe

.
((((((((((((((((((((((((( Files Created from 2008-10-27 to 2008-11-27 )))))))))))))))))))))))))))))))
.

2008-11-27 15:08 . 2008-11-27 15:08 <DIR> d-------- c:\documents and settings\Administrator
2008-11-27 14:04 . 2008-11-27 17:19 32,256 -r-hs---- c:\windows\system32\csrsc.exe
2008-11-27 13:57 . 2008-11-27 14:21 <DIR> d-------- c:\windows\system32\CatRoot_bak
2008-11-21 13:34 . 2008-11-21 13:34 <DIR> d-------- C:\fsaua.data
2008-11-21 13:18 . 2008-11-21 13:18 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-21 13:18 . 2008-11-21 13:18 <DIR> d-------- c:\documents and settings\FRED\Application Data\Malwarebytes
2008-11-21 13:18 . 2008-11-21 13:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-21 13:18 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-21 13:18 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-21 11:00 . 2008-11-21 11:00 <DIR> d---s---- c:\windows\system32\config\systemprofile\UserData
2008-11-09 18:26 . 2008-11-27 15:11 <DIR> d-------- C:\RED ALERT 3 MAPS
2008-11-02 15:16 . 2008-11-02 15:41 <DIR> d-------- c:\documents and settings\FRED\Application Data\Red Alert 3
2008-10-28 22:00 . 2008-10-28 22:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\nView_Profiles

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-21 15:41 --------- d-----w c:\program files\Trend Micro
2008-11-06 06:28 --------- d-----w c:\documents and settings\FRED\Application Data\LimeWire
2008-11-02 19:30 --------- d-----w c:\program files\Electronic Arts
2008-10-25 00:07 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-10-24 23:55 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-10-24 23:55 22,328 ----a-w c:\documents and settings\FRED\Application Data\PnkBstrK.sys
2008-10-24 23:54 2,250,024 ----a-w c:\windows\system32\pbsvc.exe
2008-10-24 23:54 107,832 ----a-w c:\windows\system32\PnkBstrB.exe
2008-10-24 23:36 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-24 23:36 --------- d-----w c:\program files\UBISOFT
2008-10-24 22:44 --------- d-----w c:\program files\Mozilla Firefox(2)
2008-10-24 22:31 --------- d-----w c:\program files\CrosuS
.

------- Sigcheck -------

2004-08-04 02:56 14336 8f078ae4ed187aaabc0a305146de6716 c:\windows\$NtServicePackUninstall$\svchost.exe
2004-08-04 02:56 14336 8f078ae4ed187aaabc0a305146de6716 c:\windows\ServicePackFiles\i386\svchost.exe
2004-08-04 02:56 14336 8f078ae4ed187aaabc0a305146de6716 c:\windows\SoftwareDistribution\Download\8129b778ea6ca8125bb950bab610db01\backup\svchost.exe
2004-08-04 02:56 14336 8f078ae4ed187aaabc0a305146de6716 c:\windows\system32\svchost.exe

2004-08-04 02:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 c:\windows\$NtServicePackUninstall$\ws2_32.dll
2004-08-04 02:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 c:\windows\ServicePackFiles\i386\ws2_32.dll
2004-08-04 02:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 c:\windows\SoftwareDistribution\Download\8129b778ea6ca8125bb950bab610db01\backup\ws2_32.dll
2004-08-04 02:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 c:\windows\system32\ws2_32.dll

2004-08-04 02:56 502272 01c3346c241652f43aed8e2149881bfe c:\windows\$NtServicePackUninstall$\winlogon.exe
2003-03-31 07:00 516608 2246d8d8f4714a2cedb21ab9b1849abb c:\windows\$NtUninstallKB841533$\winlogon.exe
2004-08-04 02:56 502272 01c3346c241652f43aed8e2149881bfe c:\windows\ServicePackFiles\i386\winlogon.exe
2004-08-04 02:56 502272 01c3346c241652f43aed8e2149881bfe c:\windows\SoftwareDistribution\Download\8129b778ea6ca8125bb950bab610db01\backup\winlogon.exe
2004-08-04 02:56 502272 01c3346c241652f43aed8e2149881bfe c:\windows\system32\winlogon.exe

2004-08-04 01:14 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\$NtServicePackUninstall$\ndis.sys
2004-08-04 01:14 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\ServicePackFiles\i386\ndis.sys
2004-08-04 01:14 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\SoftwareDistribution\Download\8129b778ea6ca8125bb950bab610db01\backup\ndis.sys
2004-08-04 01:14 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\system32\drivers\ndis.sys

2004-08-04 01:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys
2004-08-04 01:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\ServicePackFiles\i386\ip6fw.sys
2004-08-04 01:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\SoftwareDistribution\Download\8129b778ea6ca8125bb950bab610db01\backup\ip6fw.sys
2004-08-04 01:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\system32\drivers\ip6fw.sys

2004-08-04 02:56 108032 c6ce6eec82f187615d1002bb3bb50ed4 c:\windows\$NtServicePackUninstall$\services.exe
2004-08-04 02:56 108032 c6ce6eec82f187615d1002bb3bb50ed4 c:\windows\ServicePackFiles\i386\services.exe
2004-08-04 02:56 108032 c6ce6eec82f187615d1002bb3bb50ed4 c:\windows\SoftwareDistribution\Download\8129b778ea6ca8125bb950bab610db01\backup\services.exe
2004-08-04 02:56 108032 c6ce6eec82f187615d1002bb3bb50ed4 c:\windows\system32\services.exe

2004-08-04 02:56 13312 84885f9b82f4d55c6146ebf6065d75d2 c:\windows\$NtServicePackUninstall$\lsass.exe
2004-08-04 02:56 13312 84885f9b82f4d55c6146ebf6065d75d2 c:\windows\ServicePackFiles\i386\lsass.exe
2004-08-04 02:56 13312 84885f9b82f4d55c6146ebf6065d75d2 c:\windows\SoftwareDistribution\Download\8129b778ea6ca8125bb950bab610db01\backup\lsass.exe
2004-08-04 02:56 13312 84885f9b82f4d55c6146ebf6065d75d2 c:\windows\system32\lsass.exe

2004-08-04 02:56 15360 24232996a38c0b0cf151c2140ae29fc8 c:\windows\$NtServicePackUninstall$\ctfmon.exe
2004-08-04 02:56 15360 24232996a38c0b0cf151c2140ae29fc8 c:\windows\ServicePackFiles\i386\ctfmon.exe
2004-08-04 02:56 15360 24232996a38c0b0cf151c2140ae29fc8 c:\windows\SoftwareDistribution\Download\8129b778ea6ca8125bb950bab610db01\backup\ctfmon.exe
2004-08-04 02:56 15360 24232996a38c0b0cf151c2140ae29fc8 c:\windows\system32\ctfmon.exe

2004-08-04 02:56 24576 39b1ffb03c2296323832acbae50d2aff c:\windows\$NtServicePackUninstall$\userinit.exe
2004-08-04 02:56 24576 39b1ffb03c2296323832acbae50d2aff c:\windows\ServicePackFiles\i386\userinit.exe
2004-08-04 02:56 24576 39b1ffb03c2296323832acbae50d2aff c:\windows\SoftwareDistribution\Download\8129b778ea6ca8125bb950bab610db01\backup\userinit.exe
2004-08-04 02:56 24576 39b1ffb03c2296323832acbae50d2aff c:\windows\system32\userinit.exe

2004-08-04 02:56 295424 b60c877d16d9c880b952fda04adf16e6 c:\windows\$NtServicePackUninstall$\termsrv.dll
2004-08-04 02:56 295424 b60c877d16d9c880b952fda04adf16e6 c:\windows\ServicePackFiles\i386\termsrv.dll
2004-08-04 02:56 295424 b60c877d16d9c880b952fda04adf16e6 c:\windows\SoftwareDistribution\Download\8129b778ea6ca8125bb950bab610db01\backup\termsrv.dll
2004-08-04 02:56 295424 b60c877d16d9c880b952fda04adf16e6 c:\windows\system32\termsrv.dll
.
((((((((((((((((((((((((((((( snapshot_2008-11-27_15.54.24.87 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-27 20:45:56 63,188 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-27 21:25:15 63,188 ----a-w c:\windows\system32\perfc009.dat
- 2008-11-27 20:45:56 403,968 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-27 21:25:15 403,968 ----a-w c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-02-15 492808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"SaiSmart"="c:\program files\Saitek\Software\SaiSmart.exe" [2004-08-19 98304]
"SaiMfd"="c:\program files\Saitek\Software\SaiMfd.exe" [2004-08-19 135168]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]
"Profiler"="c:\program files\Saitek\Software\Profiler.exe" [2004-08-19 159744]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-19 86016]
"DT HPW"="c:\program files\Portrait Displays\HP My Display\DTHtml.exe" [2007-01-16 280576]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"iolo AntiVirus"="c:\program files\iolo\System Mechanic Professional\AntiVirus\ioloAV.exe" [2008-06-18 1100640]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-10-16 185784]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-07-29 1398024]
"iolo Personal Firewall"="c:\program files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe" [2008-06-18 1313632]
"nwiz"="nwiz.exe" [2007-04-19 c:\windows\system32\nwiz.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-08-07 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i263_32.drv
"VIDC.I263"= i263_32.drv
"vidc.ir32"= c:\windows\System32\ir32_32.dll
"vidc.ir31"= c:\windows\System32\ir32_32.dll
"vidc.ir41"= c:\windows\System32\ir41_32.ax
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\vio\dvacm.acm
"msacm.mpegacm"= mpegacm.acm
"msacm.ulmp3acm"= ulmp3acm.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\CrosuS\\CrosuSApp.exe"=
"c:\\Program Files\\UBISOFT\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\UBISOFT\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\UBISOFT\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\csrsc.exe"=

R0 XPacket;iolo Personal Firewall Driver;c:\windows\system32\xpacket.sys [2008-04-04 39424]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-03-24 592232]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-03-24 592232]
S2 IOPort;IOPort;\??\c:\windows\System32\DRIVERS\IOPORT.SYS [1998-11-27 6144]
S2 nvtvSND;nVidia WDM TVAudio Crossbar;c:\windows\system32\DRIVERS\nvtvsnd.sys []
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-02-25 24652]
S2 WinSpoolSvc;Windows Spool Services;"c:\windows\system32\csrsc.exe" [2008-11-27 32256]
S2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [2007-08-21 598856]
S3 ASUSHWIO;ASUSHWIO;\??\c:\windows\System32\drivers\ASUSHWIO.sys []
S3 BS_DEF;BS_DEF;\??\c:\windows\system32\drivers\BS_DEF.sys []
S3 SaiH8000;SaiH8000;c:\windows\system32\DRIVERS\SaiH8000.sys [2005-01-10 56576]

*Newly Created Service* - BS_DEF
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.armstrongmywire.com/index.php
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
LSP: c:\windows\system32\iavlsp.dll

c:\windows\system32\ijl15.dll - c:\windows\system32\AudioDec.dll
c:\windows\system32\IPCamera.ini
c:\windows\system32\Xrypassd.dll
c:\windows\system32\AvsCodec50.dll
c:\windows\system32\NVDHD50.dll
c:\windows\system32\NVDM50.dll
c:\windows\system32\decode.dll
c:\windows\system32\RTClientSDK55.dll
c:\windows\Downloaded Program Files\WebCamX.ocx
O16 -: {95A161E7-F130-4BB6-A4A1-4241FD68B9ED}
hxxp://www.demodvrs.com/WebCamX.cab
c:\windows\Downloaded Program Files\WebCamX.inf

c:\windows\Downloaded Program Files\BoardID.dll - O16 -: {E5ABEB00-B357-4884-9949-77B2C71A7EE3}
hxxp://developer.intel.com/design/motherbd/boardid/BoardID.cab
c:\windows\Downloaded Program Files\BoardID.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-27 17:38:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(872)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
Completion time: 2008-11-27 17:39:37
ComboFix-quarantined-files.txt 2008-11-27 22:39:16
ComboFix2.txt 2008-11-27 20:55:12
ComboFix3.txt 2008-11-21 18:07:56
ComboFix4.txt 2008-11-21 17:54:45
ComboFix5.txt 2008-11-27 22:34:03

Pre-Run: 11,077,984,256 bytes free
Post-Run: 11,068,706,816 bytes free

217



"HJT log"



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:00:28 PM, on 11/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\UAService7.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\csrsc.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.armstrong...e.com/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: posHelp Class - {CDEEC43D-3572-4E95-A2A5-F519D29F00C0} - C:\PROGRA~1\ADVANC~1\Toolbar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SaiSmart] "C:\Program Files\Saitek\Software\SaiSmart.exe"
O4 - HKLM\..\Run: [SaiMfd] "C:\Program Files\Saitek\Software\SaiMfd.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [Profiler] "C:\Program Files\Saitek\Software\Profiler.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DT HPW] "C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe" -startup_folder
O4 - HKLM\..\Run: [UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u
O4 - HKLM\..\Run: [CanonSolutionMenu] "C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" /logon
O4 - HKLM\..\Run: [CanonMyPrinter] "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [iolo AntiVirus] C:\Program Files\iolo\System Mechanic Professional\AntiVirus\ioloAV.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [iolo Personal Firewall] "C:\Program Files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus....ek_sys_ctrl.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB34} (Sony SNC-RZ30 Image Viewer) - http://151.204.174.2...SncRz30View.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1188745612750
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1227811673421
O16 - DPF: {95A161E7-F130-4BB6-A4A1-4241FD68B9ED} (WebCamX Control) - http://www.demodvrs.com/WebCamX.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) - http://developer.int...did/BoardID.cab
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~4\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Windows Spool Services (WinSpoolSvc) - Unknown owner - C:\WINDOWS\system32\csrsc.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 11517 bytes

Edited by fred4043, 02 December 2008 - 04:36 PM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP