Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

hjt log for perusal

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

hjt log for perusal

Unread postby tomrca » January 14th, 2008, 6:00 pm

new here with a hjt log to read.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:49:49, on 14/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe
C:\Program Files\Wireless Device\Wireless Keyboard\osd.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\INCRED~1\bin\IncMail.exe
C:\Program Files\Trend Micro\HijackThis\analyser.exe.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - Global Startup: Enable Wireless Keyboard Driver.lnk = C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
O4 - Global Startup: Enable Wireless Optical Mouse Driver.lnk = C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9007499156
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 6335 bytes
tomrca
Active Member
 
Posts: 6
Joined: January 14th, 2008, 5:27 pm
Advertisement
Register to Remove

Re: hjt log for perusal

Unread postby silver » January 17th, 2008, 10:36 pm

Hi tomrca,

Are you experiencing any symptoms or do you have reason to suspect your machine is infected?

Please do an online scan with Kaspersky:
Open Kaspersky Online Scanner in Internet Explorer
  • Click Accept and the web scanner will begin to load
  • If a yellow warning bar appears at the top of the browser, click it and choose Install ActiveX Control
  • You will be prompted to install an ActiveX component from Kaspersky, click Install
  • If you are prompted about another ActiveX control called Kaspersky Online Scanner GUI part then allow it to be installed also.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT and then Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended (if available otherwise Standard)
    • Scan Options:
      Scan Archives
      Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
      Select My Computer
  • The program will start to scan your system.
  • Once the scan is complete, click on the Save as Text button and save the file to your desktop
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license is accepted, reset to 100%.


Then open HijackThis, select Open the Misc Tools section
Press the Open Uninstall Manager... button, then press Save list...
Save the Uninstall log to your Desktop and include a copy in your next response.
Now press Back and Scan and then Save log to create and save a new HijackThis log.

Once complete, please post the Kaspersky report, the uninstall list and a new HijackThis log. Also, tell me how your computer is behaving at present.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: hjt log for perusal

Unread postby tomrca » January 18th, 2008, 5:37 am

this is the result of my clean-up, nevertheless i shall still do a kaspersky scan too
tomrca
Active Member
 
Posts: 6
Joined: January 14th, 2008, 5:27 pm

Re: hjt log for perusal

Unread postby tomrca » January 18th, 2008, 6:28 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:26:39, on 18/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe
C:\Program Files\Wireless Device\Wireless Keyboard\osd.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\analyser.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/news
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - Global Startup: Enable Wireless Keyboard Driver.lnk = C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
O4 - Global Startup: Enable Wireless Optical Mouse Driver.lnk = C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9007499156
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 6234 bytes


---------------------------------------------------------------------------------------
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, January 18, 2008 10:19:28 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 18/01/2008
Kaspersky Anti-Virus database records: 519212
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 47070
Number of viruses found: 10
Number of infected objects: 28
Number of suspicious objects: 8
Duration of the scan process: 00:30:43

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Nero\Nero8\Nero BackItUp\Cache\NeroBackItUpScheduler3.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\tom\Application Data\Mozilla\Firefox\Profiles\l8et4tem.default\cert8.db Object is locked skipped
C:\Documents and Settings\tom\Application Data\Mozilla\Firefox\Profiles\l8et4tem.default\flashgot.log Object is locked skipped
C:\Documents and Settings\tom\Application Data\Mozilla\Firefox\Profiles\l8et4tem.default\history.dat Object is locked skipped
C:\Documents and Settings\tom\Application Data\Mozilla\Firefox\Profiles\l8et4tem.default\key3.db Object is locked skipped
C:\Documents and Settings\tom\Application Data\Mozilla\Firefox\Profiles\l8et4tem.default\parent.lock Object is locked skipped
C:\Documents and Settings\tom\Application Data\Mozilla\Firefox\Profiles\l8et4tem.default\search.sqlite Object is locked skipped
C:\Documents and Settings\tom\Application Data\Mozilla\Firefox\Profiles\l8et4tem.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\tom\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\tom\Desktop\cleaners\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\tom\Desktop\cleaners\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\tom\Desktop\cleaners\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\tom\Desktop\cleaners\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\tom\Desktop\cleaners\SmitfraudFix.rar/SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\tom\Desktop\cleaners\SmitfraudFix.rar/SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\tom\Desktop\cleaners\SmitfraudFix.rar/SmitfraudFix.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\tom\Desktop\cleaners\SmitfraudFix.rar RAR: infected - 3 skipped
C:\Documents and Settings\tom\Local Settings\Application Data\IM\Identities\{DED9B69D-A789-4E75-97B2-4B3D5EB0517D}\Message Store\JunkMail.imm/[From Microsoft Customer Support <postmaster@live.com>][Date Sat, 29 Dec 2007 13:00:03 -0800]/text/[From "Tech Support Team" <admin@techsupportteam.org>][Date Thu, 17 Jan 2008 07:28:24 -0800]/text/[From "GFI E-mail Testing" <emailtesting@gfi.com>][Date 17 Jan 2008 16:56:23 +0100]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\tom\Local Settings\Application Data\IM\Identities\{DED9B69D-A789-4E75-97B2-4B3D5EB0517D}\Message Store\JunkMail.imm/[From Microsoft Customer Support <postmaster@live.com>][Date Sat, 29 Dec 2007 13:00:03 -0800]/text/[From "Tech Support Team" <admin@techsupportteam.org>][Date Thu, 17 Jan 2008 07:28:24 -0800]/text/[From "GFI E-mail Testing" <emailtesting@gfi.com>][Date 17 Jan 2008 16:56:23 +0100]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\tom\Local Settings\Application Data\IM\Identities\{DED9B69D-A789-4E75-97B2-4B3D5EB0517D}\Message Store\JunkMail.imm/[From Microsoft Customer Support <postmaster@live.com>][Date Sat, 29 Dec 2007 13:00:03 -0800]/text/[From "Tech Support Team" <admin@techsupportteam.org>][Date Thu, 17 Jan 2008 07:28:24 -0800]/text/[From "GFI E-mail Testing" <emailtesting@gfi.com>][Date 17 Jan 2008 16:56:23 +0100]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\tom\Local Settings\Application Data\IM\Identities\{DED9B69D-A789-4E75-97B2-4B3D5EB0517D}\Message Store\JunkMail.imm/[From Microsoft Customer Support <postmaster@live.com>][Date Sat, 29 Dec 2007 13:00:03 -0800]/text/[From "Tech Support Team" <admin@techsupportteam.org>][Date Thu, 17 Jan 2008 07:28:24 -0800]/text/[From "GFI E-mail Testing" <emailtesting@gfi.com>][Date 17 Jan 2008 16:56:23 +0100]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\tom\Local Settings\Application Data\IM\Identities\{DED9B69D-A789-4E75-97B2-4B3D5EB0517D}\Message Store\JunkMail.imm/[From Microsoft Customer Support <postmaster@live.com>][Date Sat, 29 Dec 2007 13:00:03 -0800]/text/[From "Tech Support Team" <admin@techsupportteam.org>][Date Thu, 17 Jan 2008 07:28:24 -0800]/text/[From "GFI E-mail Testing" <emailtesting@gfi.com>][Date 17 Jan 2008 16:56:23 +0100]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\tom\Local Settings\Application Data\IM\Identities\{DED9B69D-A789-4E75-97B2-4B3D5EB0517D}\Message Store\JunkMail.imm/[From Microsoft Customer Support <postmaster@live.com>][Date Sat, 29 Dec 2007 13:00:03 -0800]/text/[From "Tech Support Team" <admin@techsupportteam.org>][Date Thu, 17 Jan 2008 07:28:24 -0800]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\tom\Local Settings\Application Data\IM\Identities\{DED9B69D-A789-4E75-97B2-4B3D5EB0517D}\Message Store\JunkMail.imm/[From Microsoft Customer Support <postmaster@live.com>][Date Sat, 29 Dec 2007 13:00:03 -0800]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\tom\Local Settings\Application Data\IM\Identities\{DED9B69D-A789-4E75-97B2-4B3D5EB0517D}\Message Store\JunkMail.imm Mail: suspicious - 7 skipped
C:\Documents and Settings\tom\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\tom\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\tom\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\tom\Local Settings\Application Data\Mozilla\Firefox\Profiles\l8et4tem.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\tom\Local Settings\Application Data\Mozilla\Firefox\Profiles\l8et4tem.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\tom\Local Settings\Application Data\Mozilla\Firefox\Profiles\l8et4tem.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\tom\Local Settings\Application Data\Mozilla\Firefox\Profiles\l8et4tem.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\tom\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\tom\Local Settings\History\History.IE5\MSHist012008011820080119\index.dat Object is locked skipped
C:\Documents and Settings\tom\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\tom\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\tom\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\tom\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Mozilla Firefox\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Program Files\Nero\Nero8\Nero BackItUp\BIU1.txt Object is locked skipped
C:\Program Files\Trend Micro\HijackThis\backups\backup-20071229-145739-470.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dih skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\10.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\11.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\16.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\19.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1A.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1D.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\B.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\C9.tmp Infected: Exploit.VBS.GFI.a skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1848OinAdmin.exe.vir Infected: Trojan-Downloader.Win32.PurityScan.fg skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1848OinUninstaller.exe.vir/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1848OinUninstaller.exe.vir NSIS: infected - 1 skipped
C:\QooBox\Quarantine\C\WINDOWS\b122.exe.vir Infected: Trojan-Downloader.Win32.Agent.haq skipped
C:\QooBox\Quarantine\C\WINDOWS\RACLE~1\sсanregw.exe.vir Infected: not-a-virus:AdWare.Win32.PurityScan.gq skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\VundoFix Backups\ljjihed.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.cnq skipped
C:\VundoFix Backups\tuvsspo.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.cnq skipped
C:\VundoFix Backups\vturp.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.dih skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SC27B8182.tmp Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\iifefcc.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cnq skipped
C:\WINDOWS\system32\ljjghed.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cnq skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.


pc is running well
_____________________________________________________________________________
ABBYY FineReader 6.0 Sprint
Ad-Aware 2007
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
AnyDVD
ArcSoft PhotoImpression 3.0
Atheros Communications Inc.(R) L2 Fast Ethernet Driver
Avanquest update
AVG Anti-Spyware 7.5
Belarc Advisor 7.2
BitComet 0.97
CCleaner (remove only)
DVD Shrink 3.2
EVEREST Ultimate Edition v4.00
Google Earth
High Definition Audio Driver Package - KB888111
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB921411)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
IncrediMail JunkFilter Plus
IncrediMail Xe
Indeo® Software
Intel A/V Codecs V2.0
Intel(R) Graphics Media Accelerator Driver
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Kaspersky Online Scanner
K-Lite Codec Pack 3.6.2 Full
Lexmark 4300 Series
Lexmark Fax Solutions
LimeWire PRO 4.14.10
Magentic
Microsoft .NET Framework 2.0
Microsoft AutoRoute 2006
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft LifeCam
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Motorola Phone Tools
Mozilla Firefox (2.0.0.11)
MSXML 4.0 SP2 (KB936181)
Nero 8
neroxml
PerformanceTest v6.1
Realtek High Definition Audio Driver
Registry Mechanic 5.1
Revo Uninstaller 1.42
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Skype™ 3.6
Total Video Converter 3.10
Trend Micro PC-cillin Internet Security 2007
Trend Micro PC-cillin Internet Security 2007
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
VCRedistSetup
VideoLAN VLC media player 0.8.6d
What's In My Computer?
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
Wireless Keyboard and Optical Mouse
Yahoo! Install Manager
Yahoo! Toolbar
Last edited by tomrca on January 18th, 2008, 10:09 am, edited 1 time in total.
tomrca
Active Member
 
Posts: 6
Joined: January 14th, 2008, 5:27 pm

Re: hjt log for perusal

Unread postby silver » January 18th, 2008, 8:09 am

Please also post the uninstall list :)

Edit: Uninstall list has now been edited in
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: hjt log for perusal

Unread postby silver » January 18th, 2008, 10:46 pm

Hi tomrca,

Please open Start->Control Panel->Add/Remove Programs, look down the list for these items and remove them:
Java(TM) 6 Update 2
Java(TM) 6 Update 3
These are out of date and now a security risk, you can get the latest update (version 6 update 4) from here

You have LimeWire and BitComet, P2P file sharing programs installed on your computer. These programs do not come bundled with malware as some similar programs do, but peer-to-peer file sharing networks are one of the biggest sources of malware we see. Anything downloaded from them cannot be trusted to be clean, because even if the file appears to be what it claims to be, it can have malware embedded in it.
I recommend you remove them, but of course the choice is yours.
You can remove Limewire and BitComet via Add/Remove Programs.

Incredimail free is an adware program which has an unusual EULA - the company behind the product claims ownership of everything sent through their mail service. Some details of this and the additional security risks associated with this program can be found here. The article is dated 2002, but the information is still current.
I recommend you reconsider whether you wish to use this program; an ad-free, safe alternative with plenty of formatting options and add-ons is Mozilla Thunderbird


Make hidden/system files and folders visible:
Click Start -> My Computer
Select the Tools menu, click Folder Options and select the View tab
Under the Hidden files and folders heading SELECT Show hidden files and folders
UNCHECK the Hide extensions for known file types option
UNCHECK the Hide protected operating system files (recommended) option
Click Yes to confirm and press OK


Use Windows Explorer (right-click Start, select Explore) to find and delete the following:
C:\Documents and Settings\tom\Desktop\cleaners\SmitfraudFix <- folder
C:\Documents and Settings\tom\Desktop\cleaners\SmitfraudFix.exe
C:\Documents and Settings\tom\Desktop\cleaners\SmitfraudFix.rar
C:\Program Files\Mozilla Firefox\SmitfraudFix\Reboot.exe
C:\Program Files\Trend Micro\HijackThis\backups\backup-20071229-145739-470.dll
C:\QooBox <- folder
C:\VundoFix Backups <- folder
C:\WINDOWS\system32\iifefcc.dll.vir
C:\WINDOWS\system32\ljjghed.dll.vir

If you have trouble finding or deleting any, please let me know in your next response.


Kaspersky flagged some items in your Windows Live Mail Junk mailbox and the Trend Micro quarantine area, please open these applications and empty the relevant areas.


Then download Deckard's System Scanner (DSS)
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  • Make sure Format->Word Wrap is unchecked
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your reply

Once complete, please post both DSS logs, you won't need to produce a new HijackThis log as DSS produces one for you.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: hjt log for perusal

Unread postby tomrca » January 19th, 2008, 10:26 am

thanks for the advice on p2p but i am very aware of the problems they can cause and use them with great caution. as for incredimail, the vesion i have is a premium one. i have used it for many years and had no advers experiences with it.

Deckard's System Scanner v20071014.68
Run by tom on 2008-01-19 14:11:04
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-01-19 14:11:09 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as tom.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:11:51, on 19/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe
C:\Program Files\Wireless Device\Wireless Keyboard\osd.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\tom\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\tom.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/news
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - Global Startup: Enable Wireless Keyboard Driver.lnk = C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
O4 - Global Startup: Enable Wireless Optical Mouse Driver.lnk = C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9007499156
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 6317 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20071229-142618-664 O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
backup-20071229-142618-884 O4 - HKCU\..\Run: [Ljq] C:\WINDOWS\system32\?ymbols\r?gsvr32.exe
backup-20071229-142618-967 O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
backup-20071229-143909-125 O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
backup-20071229-143909-345 O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
backup-20071229-143909-428 O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
backup-20071229-145739-470 O2 - BHO: (no name) - {C0B0B8E1-CAF5-405A-83E0-AA7D01C88A96} - C:\WINDOWS\system32\vturp.dll
backup-20071229-145739-553 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20071229-162401-511 O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
backup-20071229-162401-656 O2 - BHO: (no name) - {C0B0B8E1-CAF5-405A-83E0-AA7D01C88A96} - C:\WINDOWS\system32\vturp.dll (file missing)
backup-20071231-103949-858 O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
backup-20080110-205710-754 O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
backup-20080110-211833-773 O4 - HKCU\..\Run: [Obrrq] C:\WINDOWS\?racle\s?anregw.exe
backup-20080117-162523-239 O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R1 kbfilter (Keyboard Filter Driver) - c:\windows\system32\drivers\kbfilter.sys <Not Verified; WayTech Development, Inc.; Keyboard filter driver>
R1 tmtdi (Trend Micro TDI Driver) - c:\windows\system32\drivers\tmtdi.sys <Not Verified; Trend Micro Inc.; Trend Micro Network Security Components 3.0>
R2 tmmbd (Trend Micro MBD Driver) - c:\windows\system32\drivers\tm_mbd_c.sys <Not Verified; Trend Micro Inc.; Trend Micro Network Security Components 3.0>

S3 usbsermpt (Motorola USB Modem Driver for MPT) - c:\windows\system32\drivers\usbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
R2 PcCtlCom (Trend Micro Central Control Component) - c:\progra~1\trendm~1\intern~1\pcctlcom.exe <Not Verified; Trend Micro Inc.; Trend Micro Internet Security>
R2 Tmntsrv (Trend Micro Real-time Service) - c:\progra~1\trendm~1\intern~1\tmntsrv.exe <Not Verified; Trend Micro Inc.; Trend Micro Internet Security>
R2 TmPfw (Trend Micro Personal Firewall) - c:\progra~1\trendm~1\intern~1\tmpfw.exe <Not Verified; Trend Micro Inc.; Trend Micro Network Security Components 3.0>
R2 tmproxy (Trend Micro Proxy Service) - c:\progra~1\trendm~1\intern~1\tmproxy.exe <Not Verified; Trend Micro Inc.; Trend Micro Network Security Components 3.0>
R3 PcScnSrv (Trend Micro Protection Against Spyware ) - "c:\progra~1\trendm~1\intern~1\pcscnsrv.exe" <Not Verified; Trend Micro Inc.; Trend Micro Internet Security>

S4 ProtexisLicensing - c:\windows\system32\psiservice.exe <Not Verified; ; PSIService>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Atheros L2 Fast Ethernet 10/100 Base-T Controller
Device ID: PCI\VEN_1969&DEV_2048&SUBSYS_82331043&REV_A0\4&38D2602C&0&00E1
Manufacturer: Atheros
Name: Atheros L2 Fast Ethernet 10/100 Base-T Controller
PNP Device ID: PCI\VEN_1969&DEV_2048&SUBSYS_82331043&REV_A0\4&38D2602C&0&00E1
Service: AtcL002


-- Scheduled Tasks -------------------------------------------------------------

2007-12-28 19:40:42 136 --ah----- C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_setup_exe.job


-- Files created between 2007-12-19 and 2008-01-19 -----------------------------

2008-01-18 14:32:19 0 d-------- C:\Program Files\ASUS
2008-01-15 19:08:09 0 d-------- C:\Program Files\Enigma Software Group
2008-01-15 15:02:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-15 15:02:26 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-13 18:13:55 0 d-------- C:\Documents and Settings\tom\Application Data\VSRevoGroup
2008-01-13 16:22:00 3840 --a------ C:\WINDOWS\system32\drivers\BANTExt.sys
2008-01-13 16:22:00 0 d-------- C:\Program Files\Belarc
2008-01-11 10:04:16 0 d-------- C:\Program Files\VS Revo Group
2008-01-10 21:57:28 0 dr-h----- C:\Documents and Settings\tom\Recent
2008-01-10 20:50:33 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-10 20:50:33 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-01-10 20:50:33 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-01-10 20:50:33 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-01-10 20:50:33 81920 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-01-10 20:50:33 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-09 15:16:14 0 d-------- C:\Program Files\Total Video Converter
2008-01-09 14:46:16 0 d-------- C:\Documents and Settings\tom\Application Data\ArcSoft
2008-01-09 14:45:31 77312 --a------ C:\WINDOWS\system32\TWAIN_32.DLL <Not Verified; Twain Working Group; Twain_32 Source Manager>
2008-01-09 14:45:31 212480 --a------ C:\WINDOWS\system32\PCDLIB32.DLL <Not Verified; Eastman Kodak; Kodak Photo CD Access Developer Toolkit>
2008-01-09 14:44:29 0 d-------- C:\Program Files\ArcSoft
2008-01-05 19:31:05 0 d-------- C:\Program Files\What's In My Computer
2008-01-01 20:35:10 0 d-------- C:\Program Files\Microsoft LifeCam
2008-01-01 19:19:19 2516 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-01-01 19:19:19 8 -rahs---- C:\WINDOWS\system32\25C29B6A4F.sys
2008-01-01 19:19:16 0 d-------- C:\Documents and Settings\tom\Application Data\Corel
2008-01-01 19:18:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Corel
2008-01-01 19:18:00 0 d-------- C:\Program Files\Corel
2008-01-01 19:18:00 0 d-------- C:\Program Files\Common Files\Corel
2008-01-01 14:03:16 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-01 14:02:53 0 d-------- C:\Program Files\PerformanceTest
2008-01-01 13:50:59 0 d-------- C:\Program Files\Lavalys
2007-12-31 17:15:35 0 d-------- C:\Documents and Settings\tom\Application Data\Media Player Classic
2007-12-31 15:54:18 164352 --a------ C:\WINDOWS\system32\unrar.dll
2007-12-31 15:54:16 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; http://www.helixcommunity.org; Helix YV12 YUV Codec>
2007-12-31 15:54:16 282624 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-12-31 15:54:16 1559040 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-12-31 15:54:16 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-12-31 15:54:16 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-12-31 15:54:14 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-12-31 15:54:14 682496 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-31 15:54:13 0 d-------- C:\Program Files\K-Lite Codec Pack
2007-12-31 15:47:42 0 d-------- C:\Program Files\Ligos
2007-12-31 15:38:05 56320 --a------ C:\WINDOWS\system32\iyvu9_32.dll
2007-12-31 15:38:05 27648 --a------ C:\WINDOWS\system32\ir50_lcs.dll <Not Verified; Intel Corporation.; Intel Indeo® video 5.0 LC>
2007-12-31 15:38:05 136704 --a------ C:\WINDOWS\system32\iacenc.dll <Not Verified; Ligos Corporation; Indeo® Audio Software>
2007-12-31 15:37:18 0 d-------- C:\Documents and Settings\tom\WINDOWS
2007-12-31 15:25:35 0 d-------- C:\Documents and Settings\tom\Application Data\vlc
2007-12-31 15:17:44 0 d-------- C:\WINDOWS\system32\appmgmt
2007-12-31 15:02:08 0 d-------- C:\Documents and Settings\tom\Application Data\InstallShield
2007-12-31 15:00:53 0 d-------- C:\Program Files\Avanquest update
2007-12-31 14:59:29 0 d-------- C:\Program Files\Motorola Phone Tools
2007-12-31 14:59:29 0 d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2007-12-31 14:59:23 22768 --a------ C:\WINDOWS\system32\drivers\usbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2007-12-31 14:59:23 24192 --a------ C:\Documents and Settings\tom\usbsermptxp.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-31 14:59:23 22768 --a------ C:\Documents and Settings\tom\usbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2007-12-30 19:39:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-12-30 19:37:56 0 d-------- C:\Program Files\Yahoo!
2007-12-30 19:37:43 0 d-------- C:\Program Files\CCleaner
2007-12-30 09:58:51 0 d-------- C:\Program Files\MSXML 4.0
2007-12-30 09:00:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-12-30 08:53:57 0 d-------- C:\Program Files\Common Files\L&H
2007-12-30 08:53:47 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-12-30 08:53:22 0 d-------- C:\Program Files\Microsoft Works
2007-12-30 08:53:03 0 d-------- C:\WINDOWS\SHELLNEW
2007-12-30 08:51:27 0 d-------- C:\Program Files\Microsoft.NET
2007-12-30 08:49:16 0 dr-h----- C:\MSOCache
2007-12-29 21:29:48 0 d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2007-12-29 21:27:57 0 d-------- C:\Program Files\SlySoft
2007-12-29 21:19:35 0 d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-12-29 21:19:30 0 d-------- C:\Program Files\DVD Shrink
2007-12-29 21:13:38 0 d-------- C:\Documents and Settings\tom\Application Data\Nero
2007-12-29 21:11:23 0 d-------- C:\Program Files\Nero
2007-12-29 21:11:23 0 d-------- C:\Program Files\Common Files\Nero
2007-12-29 21:11:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-12-29 20:49:34 0 d-------- C:\Program Files\Microsoft AutoRoute
2007-12-29 20:47:38 0 d-------- C:\Program Files\auto route
2007-12-29 20:41:20 0 d-------- C:\Program Files\Google
2007-12-29 20:41:20 0 d-------- C:\Documents and Settings\tom\Application Data\Google
2007-12-29 20:39:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-12-29 20:21:29 0 d-------- C:\Program Files\VideoLAN
2007-12-29 19:49:55 0 d-------- C:\Documents and Settings\tom\Shared
2007-12-29 19:49:51 0 d-------- C:\Documents and Settings\tom\Incomplete <INCOMP~1>
2007-12-29 19:49:22 0 d-------- C:\Documents and Settings\tom\Application Data\LimeWire
2007-12-29 19:47:21 0 d-------- C:\Program Files\LimeWire
2007-12-29 19:46:17 0 d-------- C:\Documents and Settings\tom\Application Data\FaxCtr
2007-12-29 17:46:15 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2007-12-29 17:37:55 0 d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2007-12-29 17:36:42 32768 --a------ C:\WINDOWS\system32\LXPRMON.DLL
2007-12-29 17:36:42 20480 --a------ C:\WINDOWS\system32\LXPMONUI.DLL
2007-12-29 17:36:22 12288 --a------ C:\WINDOWS\system32\LXPMONRC.DLL <Not Verified; Lexmark International, Inc.; Lexmark Fax Solutions Software Print Monitor>
2007-12-29 17:36:22 98345 --a------ C:\WINDOWS\system32\IMHOST32.DLL <Not Verified; Data Techniques, Inc.; ImageMan Image Processing Toolkit>
2007-12-29 17:36:22 339968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL <Not Verified; Data Techniques, Inc.; ImageMan Image Processing Toolkit>
2007-12-29 17:36:20 0 d-------- C:\Documents and Settings\All Users\Application Data\FaxCtr
2007-12-29 17:36:04 0 d-------- C:\Program Files\Lexmark Fax Solutions
2007-12-29 17:34:07 0 d-------- C:\Program Files\Lx_cats
2007-12-29 17:29:20 0 d-------- C:\Program Files\Lexmark 4300 Series
2007-12-29 17:29:01 0 d-------- C:\Temp
2007-12-29 15:28:54 0 d-------- C:\Program Files\Windows Media Connect 2
2007-12-29 15:27:14 0 d-------- C:\WINDOWS\system32\LogFiles
2007-12-29 11:53:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-29 11:52:23 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-29 10:53:16 745547 --a------ C:\WINDOWS\system32\Magentic Screensaver.scr <Not Verified; IncrediMail LTD.; Magentic Screensaver>
2007-12-29 10:53:03 0 d-------- C:\Program Files\Magentic
2007-12-29 10:51:45 0 d-------- C:\Documents and Settings\tom\Application Data\Adobe
2007-12-29 10:51:37 1167 --a------ C:\WINDOWS\mozver.dat
2007-12-29 10:46:08 1812 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-29 10:22:08 0 d-------- C:\Documents and Settings\tom\Application Data\Macromedia
2007-12-29 10:13:01 0 d-------- C:\Program Files\IncrediMail
2007-12-29 10:04:57 0 d-------- C:\Program Files\Lavasoft
2007-12-28 20:24:27 0 d-------- C:\WINDOWS\system32\Atheros_L2
2007-12-28 20:23:20 0 dr------- C:\WINDOWS\AsDmiHtm
2007-12-28 20:01:20 0 d-------- C:\Documents and Settings\tom\Application Data\skypePM
2007-12-28 20:01:20 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-12-28 19:59:31 0 d-------- C:\Documents and Settings\tom\Application Data\Skype
2007-12-28 19:59:04 0 d-------- C:\Program Files\Skype
2007-12-28 19:59:03 0 d-------- C:\Program Files\Common Files\Skype
2007-12-28 19:54:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-12-28 19:50:15 0 d-------- C:\WINDOWS\system32\drivers\umdf
2007-12-28 19:46:44 0 d-------- C:\Documents and Settings\tom\Contacts
2007-12-28 19:42:46 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-28 19:42:38 0 d-------- C:\Program Files\Windows Live
2007-12-28 19:42:24 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-28 19:30:36 12964 --a------ C:\WINDOWS\system32\drivers\kbfilter.sys <Not Verified; WayTech Development, Inc.; Keyboard filter driver>
2007-12-28 19:30:21 0 d-------- C:\Program Files\Wireless Device
2007-12-28 19:28:27 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2007-12-28 19:06:28 0 d-------- C:\Documents and Settings\tom\Application Data\Grisoft
2007-12-28 19:06:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-28 18:46:51 2560 --a------ C:\WINDOWS\system32\bitcometres.dll <Not Verified; BitComet; BitComet BCTP Helper>
2007-12-28 18:46:50 0 d-------- C:\Downloads
2007-12-28 18:46:25 0 d-------- C:\Program Files\BitComet
2007-12-28 18:38:28 0 --a------ C:\WINDOWS\nsreg.dat
2007-12-28 18:38:24 0 d-------- C:\Documents and Settings\tom\Application Data\Mozilla
2007-12-28 18:25:32 0 d-------- C:\WINDOWS\pss
2007-12-28 17:48:51 0 d-------- C:\WINDOWS\network diagnostic
2007-12-28 17:41:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-12-28 17:25:03 0 d-------- C:\Program Files\Trend Micro
2007-12-28 17:25:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-12-28 17:18:19 364544 -ra------ C:\WINDOWS\system32\igxpun.exe <Not Verified; Intel(R) Corporation; Intel(R) Graphics Media Accelerator Driver>
2007-12-28 17:18:14 0 d-------- C:\WINDOWS\system32\PreInstall
2007-12-28 17:18:12 0 d--h----- C:\WINDOWS\$hf_mig$
2007-12-28 17:16:32 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-12-28 17:16:30 0 d-------- C:\Program Files\Intel
2007-12-28 17:14:50 0 d-------- C:\Intel
2007-12-28 17:13:01 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-12-28 17:09:39 0 d-------- C:\WINDOWS\system32\Lang
2007-12-28 17:08:25 49152 -ra------ C:\WINDOWS\system32\ChCfg.exe
2007-12-28 17:08:14 0 d-------- C:\WINDOWS\system32\RTCOM
2007-12-28 17:07:23 0 d-------- C:\Program Files\Realtek
2007-12-28 17:07:19 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-28 17:07:13 520192 -r------- C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2007-12-28 17:05:11 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2007-12-28 17:04:53 0 d-------- C:\WINDOWS\SoftwareDistribution
2007-12-28 17:04:49 0 d---s---- C:\WINDOWS\system32\Microsoft
2007-12-28 17:04:49 0 d-------- C:\WINDOWS\Prefetch
2007-12-28 17:01:52 0 d-------- C:\WINDOWS\peernet
2007-12-28 17:01:51 0 d-------- C:\WINDOWS\provisioning
2007-12-28 17:01:12 0 d-------- C:\WINDOWS\ServicePackFiles
2007-12-28 17:00:02 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2007-12-28 16:59:08 0 d-------- C:\WINDOWS\EHome
2007-12-28 16:51:54 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2007-12-28 16:51:46 0 d-------- C:\Program Files\Common Files\InstallShield
2007-12-28 16:50:48 10288 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2007-12-28 16:44:36 0 d--hs---- C:\WINDOWS\Installer
2007-12-28 16:44:34 0 d-------- C:\Documents and Settings\tom\Application Data\Identities
2007-12-28 16:44:17 0 d--h----- C:\Documents and Settings\tom\Templates
2007-12-28 16:44:17 0 dr------- C:\Documents and Settings\tom\Start Menu
2007-12-28 16:44:17 0 dr-h----- C:\Documents and Settings\tom\SendTo
2007-12-28 16:44:17 0 d--h----- C:\Documents and Settings\tom\PrintHood
2007-12-28 16:44:17 4456448 --ah----- C:\Documents and Settings\tom\NTUSER.DAT
2007-12-28 16:44:17 0 d--h----- C:\Documents and Settings\tom\NetHood
2007-12-28 16:44:17 0 dr------- C:\Documents and Settings\tom\My Documents
2007-12-28 16:44:17 0 d--h----- C:\Documents and Settings\tom\Local Settings
2007-12-28 16:44:17 0 dr------- C:\Documents and Settings\tom\Favorites
2007-12-28 16:44:17 0 d-------- C:\Documents and Settings\tom\Desktop
2007-12-28 16:44:17 0 d--hs---- C:\Documents and Settings\tom\Cookies
2007-12-28 16:44:17 0 d--h----- C:\Documents and Settings\tom\Application Data
2007-12-28 16:43:48 0 d--hs---- C:\System Volume Information
2007-12-28 16:43:47 233472 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2007-12-28 16:43:47 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2007-12-28 16:43:47 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2007-12-28 16:43:47 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2007-12-28 16:43:47 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2007-12-28 16:43:47 233472 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2007-12-28 16:43:47 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2007-12-28 16:43:47 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2007-12-28 16:43:47 0 d-------- C:\Documents and Settings\LocalService\Application Data
2007-12-28 16:43:47 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2007-12-28 16:41:40 0 d-------- C:\WINDOWS\system32\xircom
2007-12-28 16:41:40 0 d-------- C:\Program Files\microsoft frontpage
2007-12-28 16:41:34 233472 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2007-12-28 16:41:25 0 -rahs---- C:\MSDOS.SYS
2007-12-28 16:41:25 0 -rahs---- C:\IO.SYS
2007-12-28 16:41:25 0 --a------ C:\CONFIG.SYS
2007-12-28 16:41:25 0 --a------ C:\AUTOEXEC.BAT
2007-12-28 16:40:55 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-12-28 16:40:50 0 dr------- C:\WINDOWS\Offline Web Pages
2007-12-28 16:40:50 0 d---s---- C:\WINDOWS\Downloaded Program Files
2007-12-28 16:40:30 0 d-------- C:\WINDOWS\srchasst
2007-12-28 16:40:18 0 d-------- C:\WINDOWS\system32\DirectX
2007-12-28 16:40:17 0 d-------- C:\WINDOWS\system32\Macromed
2007-12-28 16:39:51 0 d-------- C:\Program Files\Movie Maker
2007-12-28 16:39:02 0 d-------- C:\WINDOWS\system32\Restore
2007-12-28 16:38:51 0 d-------- C:\WINDOWS\PCHEALTH
2007-12-28 16:38:40 0 d---s---- C:\WINDOWS\Tasks
2007-12-28 16:38:34 0 d-------- C:\Program Files\Common Files\MSSoap
2007-12-28 16:38:10 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-12-28 16:38:00 0 d-------- C:\WINDOWS\Registration
2007-12-28 16:37:56 0 d--h----- C:\Program Files\WindowsUpdate
2007-12-28 16:37:56 0 d-------- C:\Program Files\Online Services
2007-12-28 16:37:50 0 d-------- C:\Program Files\Messenger
2007-12-28 16:37:31 0 d-------- C:\Program Files\MSN Gaming Zone
2007-12-28 16:37:14 0 d-------- C:\Program Files\Windows NT
2007-12-28 16:36:52 0 d-------- C:\WINDOWS\system32\MsDtc
2007-12-28 16:36:47 0 d-------- C:\WINDOWS\system32\Com
2007-12-28 16:32:22 0 d-------- C:\Program Files\Common Files\ODBC
2007-12-28 16:32:17 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-12-28 16:32:16 0 dr------- C:\Program Files
2007-12-28 16:32:16 0 d-------- C:\Program Files\Common Files
2007-12-28 16:31:45 0 d--h----- C:\Documents and Settings\Default User\Templates
2007-12-28 16:31:45 0 dr------- C:\Documents and Settings\Default User\Start Menu
2007-12-28 16:31:45 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2007-12-28 16:31:45 0 d--h----- C:\Documents and Settings\Default User\Recent
2007-12-28 16:31:45 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2007-12-28 16:31:45 0 d--h----- C:\Documents and Settings\Default User\NetHood
2007-12-28 16:31:45 0 d-------- C:\Documents and Settings\Default User\My Documents
2007-12-28 16:31:45 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2007-12-28 16:31:45 0 d-------- C:\Documents and Settings\Default User\Favorites
2007-12-28 16:31:45 0 d-------- C:\Documents and Settings\Default User\Desktop
2007-12-28 16:31:45 0 d---s---- C:\Documents and Settings\Default User\Cookies
2007-12-28 16:31:45 0 d--h----- C:\Documents and Settings\All Users\Templates
2007-12-28 16:31:45 0 dr------- C:\Documents and Settings\All Users\Start Menu
2007-12-28 16:31:45 0 d-------- C:\Documents and Settings\All Users\Favorites
2007-12-28 16:31:45 0 dr------- C:\Documents and Settings\All Users\Documents
2007-12-28 16:31:45 0 d-------- C:\Documents and Settings\All Users\Desktop
2007-12-28 16:31:06 0 d-------- C:\WINDOWS\system32\CatRoot2
2007-12-28 16:31:06 0 d-------- C:\WINDOWS\system32\CatRoot
2007-12-28 16:31:01 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2007-12-28 16:31:01 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2007-12-28 16:31:01 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2007-12-28 16:31:01 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2007-12-28 16:30:45 0 d-------- C:\Documents and Settings
2007-12-28 16:27:37 0 d-------- C:\WINDOWS
2007-12-28 16:27:37 0 d-------- C:\WINDOWS\WinSxS
2007-12-28 16:27:37 0 dr------- C:\WINDOWS\Web
2007-12-28 16:27:37 0 d-------- C:\WINDOWS\twain_32
2007-12-28 16:27:37 0 d-------- C:\WINDOWS\system32
2007-12-28 16:27:37 0 d-------- C:\WINDOWS\system32\wins
2007-12-28 16:27:37 0 d-------- C:\WINDOWS\system32\wbem
2007-12-28 16:27:37 0 d-------- C:\WINDOWS\system32\usmt
2007-12-28 16:27:37 0 d-------- C:\WINDOWS\system32\spool
2007-12-28 16:27:37 0 d-------- C:\WINDOWS\system32\ShellExt
2007-12-28 16:27:37 0 d-------- C:\WINDOWS\system32\Setup
2007-12-28 16:27:37 0 d-------- C:\WINDOWS\system32\ras
2007-12-28 16:27:37 0 d-------- C:\WINDOWS\system32\oobe
2007-12-28 16:27:37 0 d-------- C:\WINDOWS\system32\npp
2007-12-28 16:27:37 0 d-------- C:\WINDOWS\system32\mui
2007-12-28 16:27:37 0 d-------- C:\WINDOWS\system32\inetsrv
2007-12-28 16:27:37 0 d-------- C:\WINDOWS\system32\IME
2007-12-28 16:27:37 0 d-------- C:\WINDOWS\system32\icsxml
2007-12-28 16:27:37 0 d-------- C:\WINDOWS\system32\ias
2007-12-28 16:27:37 0 d-------- C:\WINDOWS\system32\export
2007-12-28 16:27:37 0 d-------- C:\WINDOWS\system32\drivers
2007-12-28 16:27:37 0 d-------- C:\WINDOWS\system32\drivers\etc
2007-12-28 16:27:37 0 d-------- C:\WINDOWS\system32\drivers\disdn
2007-12-28 16:27:37 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2007-12-28 16:27:37 0 d-------- C:\WINDOWS\system32\dhcp
2007-12-28 16:27:37 0 d-------- C:\WINDOWS\system32\config
2007-12-28 16:27:37 0 d-------- C:\WINDOWS\system32\3com_dmi
2007-12-28 16:27:37 0 d-------- C:\WINDOWS\system32\3076
2007-12-28 16:27:37 0 d-------- C:\WINDOWS\system32\2052
2007-12-28 16:27:37 0 d-------- C:\WINDOWS\system32\1054
2007-12-28 16:27:37 0 d-------- C:\WINDOWS\system32\1042
2007-12-28 16:27:37 0 d-------- C:\WINDOWS\system32\1041
2007-12-28 16:27:37 0 d-------- C:\WINDOWS\system32\1037
2007-12-28 16:27:37 0 d-------- C:\WINDOWS\system32\1033
2007-12-28 16:27:37 0 d-------- C:\WINDOWS\system32\1031
2007-12-28 16:27:37 0 d-------- C:\WINDOWS\system32\1028
2007-12-28 16:27:37 0 d-------- C:\WINDOWS\system32\1025
2007-12-28 16:27:37 0 d-------- C:\WINDOWS\system
2007-12-28 16:27:37 0 d-------- C:\WINDOWS\security
2007-12-28 16:27:37 0 d-------- C:\WINDOWS\Resources
2007-12-28 16:27:37 0 d-------- C:\WINDOWS\repair
2007-12-28 16:27:37 0 d-------- C:\WINDOWS\mui
2007-12-28 16:27:37 0 d-------- C:\WINDOWS\msapps
2007-12-28 16:27:37 0 d-------- C:\WINDOWS\msagent
2007-12-28 16:27:37 0 d-------- C:\WINDOWS\Media
2007-12-28 16:27:37 0 d-------- C:\WINDOWS\java
2007-12-28 16:27:37 0 d--h----- C:\WINDOWS\inf
2007-12-28 16:27:37 0 d-------- C:\WINDOWS\ime
2007-12-28 16:27:37 0 d-------- C:\WINDOWS\Help
2007-12-28 16:27:37 0 dr--s---- C:\WINDOWS\Fonts
2007-12-28 16:27:37 0 d-------- C:\WINDOWS\Driver Cache
2007-12-28 16:27:37 0 d-------- C:\WINDOWS\Debug
2007-12-28 16:27:37 0 d-------- C:\WINDOWS\Cursors
2007-12-28 16:27:37 0 d-------- C:\WINDOWS\Connection Wizard
2007-12-28 16:27:37 0 d-------- C:\WINDOWS\Config
2007-12-28 16:27:37 0 d-------- C:\WINDOWS\AppPatch
2007-12-28 16:27:37 0 d-------- C:\WINDOWS\addins


-- Find3M Report ---------------------------------------------------------------

2007-12-28 16:31:45 62 --ahs---- C:\Documents and Settings\tom\Application Data\desktop.ini
2007-10-23 17:06:08 585728 --a------ C:\WINDOWS\WLXPGSS.SCR <Not Verified; Microsoft Corporation; Windows Live Photo Gallery>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [10/04/2007 07:28 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [04/04/2007 09:22 C:\WINDOWS\SkyTel.exe]
"LXCECATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [20/07/2005 13:46]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [29/12/2007 14:15]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Enable Wireless Keyboard Driver.lnk - C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe [28/12/2007 19:30:22]
Enable Wireless Optical Mouse Driver.lnk - C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe [28/12/2007 19:30:24]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
"C:\Program Files\Lexmark 4300 Series\ezprint.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
"C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcemon.exe]
"C:\Program Files\Lexmark 4300 Series\lxcemon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe




-- End of Deckard's System Scanner: finished at 2008-01-19 14:13:10 ------------

------------------------------------------------------------------------------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz
CPU 1: Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz
Percentage of Memory in Use: 36%
Physical Memory (total/avail): 2039.17 MiB / 1291.8 MiB
Pagefile Memory (total/avail): 3932.32 MiB / 3410.58 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1918.79 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 127.99 GiB total, 100.23 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Removable (No Media)

\\.\PHYSICALDRIVE0 - Hitachi HDS721616PLA380 - 149.05 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 127.99 GiB - C:

\\.\PHYSICALDRIVE1 - Lexmark USB Mass Storage USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

UpdatesDisableNotify is set.
AntivirusOverride is set.

FW: Trend Micro PC-cillin Internet Security (Firewall) v15 (Trend Micro, Inc.)
AV: Trend Micro PC-cillin Internet Security 2007 v15.00.1454 (Trend Micro, Inc.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Magentic\\bin\\Magentic.exe"="C:\\Program Files\\Magentic\\bin\\Magentic.exe:*:Enabled:Magentic"
"C:\\Program Files\\Magentic\\bin\\MgApp.exe"="C:\\Program Files\\Magentic\\bin\\MgApp.exe:*:Enabled:Magentic"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"="C:\\Program Files\\IncrediMail\\bin\\IMApp.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\tom\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MINE
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\tom
LOGONSERVER=\\MINE
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Nero\Lib\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0b
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\tom\LOCALS~1\Temp
TMP=C:\DOCUME~1\tom\LOCALS~1\Temp
USERDOMAIN=MINE
USERNAME=tom
USERPROFILE=C:\Documents and Settings\tom
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

tom (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> MsiExec.exe /I{219B0DA4-8F1A-499D-8795-4A07C632521E}
--> MsiExec.exe /I{644B991F-B109-4360-9DA3-40CDAD13961C}
--> MsiExec.exe /I{95D9B4D8-B091-4fab-80EA-313EB4B82FD6}
--> MsiExec.exe /I{EB997E90-5EB0-4eb5-90D0-90B1D2F0CA03}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 6.0 Sprint --> MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
AnyDVD --> "C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
ArcSoft PhotoImpression 3.0 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ArcSoft\PhotoImpression 3.0\Uninst.isu"
ASUSUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\Setup.exe" -l0x9
Atheros Communications Inc.(R) L2 Fast Ethernet Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0A755762-EED8-47AB-A446-505766F93D43}\Setup.exe" -l0x9 -removeonly
Avanquest update --> C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Belarc Advisor 7.2 --> C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
BitComet 0.97 --> C:\Program Files\BitComet\uninst.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
EVEREST Ultimate Edition v4.00 --> "C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
IncrediMail JunkFilter Plus --> C:\PROGRA~1\INCRED~1\bin\imsetup.exe /remove /addon:JunkFilterPlus
IncrediMail Xe --> C:\PROGRA~1\INCRED~1\bin\imsetup.exe /remove /addon:IncrediMail /log:IncMail.log
Indeo® Software --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Ligos\Indeo\Uninst.isu"
Intel A/V Codecs V2.0 --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\CDUninst.isu
Intel(R) Graphics Media Accelerator Driver --> C:\WINDOWS\system32\igxpun.exe -uninstall
K-Lite Codec Pack 3.6.2 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Lexmark 4300 Series --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxceUNST.EXE -NOLICENSE
Lexmark Fax Solutions --> C:\Program Files\Lexmark Fax Solutions\Install\x86\Uninst.exe
LimeWire PRO 4.14.10 --> "C:\Program Files\LimeWire\uninstall.exe"
Magentic --> C:\PROGRA~1\Magentic\bin\mgsetup.exe /remove /addon:Magentic
Microsoft AutoRoute 2006 --> MsiExec.exe /I{83ED1E80-A1B7-4236-BCF1-AC4A88151A6B}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft LifeCam --> MsiExec.exe /X{63AFACBC-4795-4A1B-8037-5085DC03FC54}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91E30409-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Motorola Phone Tools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x9 -removeonly
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 8 --> MsiExec.exe /X{9EDBB857-8028-49CD-B9C9-0B4D10CD1033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
PerformanceTest v6.1 --> "C:\Program Files\PerformanceTest\unins000.exe"
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly
Registry Mechanic 5.1 --> "C:\Program Files\Registry Mechanic\unins000.exe"
Revo Uninstaller 1.42 --> C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Total Video Converter 3.10 --> "C:\Program Files\Total Video Converter\unins000.exe"
Trend Micro PC-cillin Internet Security 2007 --> msiexec.exe /i {BB4B6355-D38A-492C-873B-A1B2CF6C3832}
Trend Micro PC-cillin Internet Security 2007 --> MsiExec.exe /X{BB4B6355-D38A-492C-873B-A1B2CF6C3832}
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VideoLAN VLC media player 0.8.6d --> C:\Program Files\VideoLAN\VLC\uninstall.exe
What's In My Computer? --> "C:\Program Files\What's In My Computer\unins000.exe"
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail --> MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Photo Gallery --> MsiExec.exe /X{257E440F-781F-459B-9A68-A0872B80C1D6}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Writer --> MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Wireless Keyboard and Optical Mouse --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Wireless Device\Wireless Keyboard\uninst.isu" -c"C:\Program Files\Wireless Device\Wireless Keyboard\UnInst.dll"
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type1386 / Success
Event Submitted/Written: 01/19/2008 10:47:11 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type1375 / Success
Event Submitted/Written: 01/18/2008 09:25:57 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type1364 / Success
Event Submitted/Written: 01/18/2008 03:25:16 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type1357 / Error
Event Submitted/Written: 01/18/2008 02:54:32 PM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 593445573.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Event Record #/Type1356 / Error
Event Submitted/Written: 01/18/2008 02:54:23 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application update.exe, version 7.13.0.4, faulting module update.exe, version 7.13.0.4, fault address 0x0000414a.
Processing media-specific event for [update.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type3685 / Warning
Event Submitted/Written: 01/16/2008 08:00:11 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type3587 / Error
Event Submitted/Written: 01/15/2008 07:10:37 PM
Event ID/Source: 10000 / DCOM
Event Description:
Unable to start a DCOM Server: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}.
The error:
"%%5"
Happened while starting this command:
C:\WINDOWS\system32\igfxsrvc.exe -Embedding

Event Record #/Type3211 / Error
Event Submitted/Written: 01/11/2008 06:33:00 PM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Event Record #/Type3210 / Error
Event Submitted/Written: 01/11/2008 06:33:00 PM
Event ID/Source: 17 / W32Time
Event Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Event Record #/Type3100 / Error
Event Submitted/Written: 01/10/2008 08:53:08 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}



-- End of Deckard's System Scanner: finished at 2008-01-19 14:13:10 ------------
tomrca
Active Member
 
Posts: 6
Joined: January 14th, 2008, 5:27 pm

Re: hjt log for perusal

Unread postby silver » January 19th, 2008, 11:54 pm

Hi tomrca,

That all looks pretty good so if you are experiencing no symptoms then I think your machine is clean of malware.

You can now delete dss.exe from your Desktop, also delete this folder:
C:\Deckard


Re-hide hidden/system files and folders:
Click Start -> My Computer
Select the Tools menu, click Folder Options and select the View tab
Under the Hidden files and folders heading SELECT Do not show hidden files and folders
CHECK the Hide extensions for known file types option
CHECK the Hide protected operating system files (recommended) option
Press OK

Here are some tips to help you keep your computer clean:

Operating system vulnerabilities can easily be exploited by malware so please ensure your operating system is automatically kept up to date by using Windows Update:
Go to Start->Control Panel->Automatic Updates
Select Automatic and select a suitable schedule

You have good protection software installed however please ensure it is kept up to date. Check that your antivirus and antispyware programs are set to automatically update themselves daily, and that your firewall is the latest version.

Spywareblaster is a free program which prevents the download and installation of Internet Explorer ActiveX based malware by immunizing your system against it. You can download Spywareblaster from here and a tutorial to help you get started is available here.

Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

Please take care when downloading programs. One of the easiest ways to be infected is to download freeware/shareware programs which come laden with malware - this includes allowing websites to install browser plug-ins orActiveX controls. Before downloading, it is crucial to check whether the source is reputable.
One way to check is to use McAfee SiteAdvisor. Copy the domain name into the space provided and SiteAdvisor will give you a report on the website which can help you decide if it is safe. They also have a toolbar for IE and Firefox which adds this functionality to your browser.

Download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program.

Find out more about how to prevent infection in the future
http://forum.malwareremoval.com/viewtopic.php?p=33687

Please post back to let me know that you have read this, and if there are any further issues.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: hjt log for perusal

Unread postby tomrca » January 20th, 2008, 10:55 am

yep done the lot!
one thing i would like to know...now that my log has been attended to how do i learn more from here??
tomrca
Active Member
 
Posts: 6
Joined: January 14th, 2008, 5:27 pm

Re: hjt log for perusal

Unread postby silver » January 20th, 2008, 9:31 pm

now that my log has been attended to how do i learn more from here??

By joining the University and beginning your training - I see you are now a Freshman so you've made the first step. To find out about what happens next, have a look around the University and if you have questions then please ask, we are all happy to help.

Welcome to the University and best of luck in your training :)
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: hjt log for perusal

Unread postby silver » January 23rd, 2008, 9:37 pm

This topic is now closed. If you wish it reopened, please send an email to 'admin at malwareremoval.com' with a link to your thread.

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.

You can help support this site from this link :
Donations For Malware Removal
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 30 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware