Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Security System 2009 HiJack This Log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Security System 2009 HiJack This Log

Unread postby jamthecat » May 14th, 2009, 1:10 am

Hi, I seem to be unable to remove Security System 2009 through standard spyware removal programs (SpyBot, et al.). Please see HiJAck This log below:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:07:54 AM, on 5/14/2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Kara B. Bingham\Desktop\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.alot.com?client_id=B10E9A3001 ... =1.0.3.158
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://education.dellnet.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [97449686] C:\Documents and Settings\All Users\Application Data\97449686\97449686.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/download/tgctlcm.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {9E472D58-F10C-11CF-B7A9-0020AFD6A362} (NeRemoteDoc Class) - https://vault.netvoyage.com/neweb2/neWebCl.cab
O16 - DPF: {9E472D6A-F10C-11CF-B7A9-0020AFD6A362} (NetDocuments Cryptography Module) - https://vault.netvoyage.com/neWeb2/neCrypto.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://webvpn.corbincapital.com/dana-c ... tupSP1.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v3.0.1 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 7488 bytes

Thank you in advance for your assistance. JAM
jamthecat
Active Member
 
Posts: 11
Joined: May 14th, 2009, 1:01 am
Advertisement
Register to Remove

Re: Security System 2009 HiJack This Log

Unread postby Shaba » May 16th, 2009, 2:10 am

Hi jamthecat

Please post next a fresh HijackThis taken in normal mode :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Security System 2009 HiJack This Log

Unread postby jamthecat » May 16th, 2009, 10:41 am

New log in Normal Mode:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:37:30 AM, on 5/16/2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Kara B. Bingham\Desktop\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.alot.com?client_id=B10E9A3001 ... =1.0.3.158
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://education.dellnet.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/download/tgctlcm.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {9E472D58-F10C-11CF-B7A9-0020AFD6A362} (NeRemoteDoc Class) - https://vault.netvoyage.com/neweb2/neWebCl.cab
O16 - DPF: {9E472D6A-F10C-11CF-B7A9-0020AFD6A362} (NetDocuments Cryptography Module) - https://vault.netvoyage.com/neWeb2/neCrypto.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://webvpn.corbincapital.com/dana-c ... tupSP1.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v3.0.1 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8357 bytes
jamthecat
Active Member
 
Posts: 11
Joined: May 14th, 2009, 1:01 am

Re: Security System 2009 HiJack This Log

Unread postby Shaba » May 16th, 2009, 10:48 am

Have you run any scans between the logs?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Security System 2009 HiJack This Log

Unread postby jamthecat » May 16th, 2009, 10:52 am

I have not. However, I am running one now (SpyBot) because the spyware does not seem to be active.
jamthecat
Active Member
 
Posts: 11
Joined: May 14th, 2009, 1:01 am

Re: Security System 2009 HiJack This Log

Unread postby Shaba » May 16th, 2009, 11:17 am

Thanks for update.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<< will be maximized) and info.txt (<< will be minimized)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Security System 2009 HiJack This Log

Unread postby jamthecat » May 16th, 2009, 11:34 am

LOG file:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Kara B. Bingham at 2009-05-16 11:29:35
Microsoft Windows XP Professional Service Pack 1
System drive C: has 46 GB (81%) free of 57 GB
Total RAM: 255 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:30:01 AM, on 5/16/2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Kara B. Bingham\Desktop\RSIT.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\DOCUME~1\KARAB~1.BIN\Desktop\SPYWAR~1\HIJACK~1\Kara B. Bingham.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.alot.com?client_id=B10E9A3001 ... =1.0.3.158
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://education.dellnet.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/download/tgctlcm.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {9E472D58-F10C-11CF-B7A9-0020AFD6A362} (NeRemoteDoc Class) - https://vault.netvoyage.com/neweb2/neWebCl.cab
O16 - DPF: {9E472D6A-F10C-11CF-B7A9-0020AFD6A362} (NetDocuments Cryptography Module) - https://vault.netvoyage.com/neWeb2/neCrypto.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://webvpn.corbincapital.com/dana-c ... tupSP1.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v3.0.1 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8378 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\EasyShare Registration Task.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-03-21 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}]
ST - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll [2004-08-13 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2004-09-28 720896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
MSNToolBandBHO - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll [2006-01-17 282624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2004-09-28 720896]
{8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINDOWS\System32\msdxm.ocx [2002-08-29 842268]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - MSN - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll [2006-01-17 282624]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"=C:\WINDOWS\system32\Ati2mdxx.exe [2001-09-04 28672]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2002-08-22 143360]
"CARPService"=C:\WINDOWS\system32\carpserv.exe [2003-01-23 4608]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2003-01-03 294912]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2002-12-17 360448]
"DVDSentry"=C:\WINDOWS\System32\DSentry.exe [2002-07-17 28672]
"AdaptecDirectCD"=C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [2002-12-17 684032]
"tgcmd"=C:\Program Files\support.com\bin\tgcmd.exe [2003-02-28 1843200]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2007-06-29 286720]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2007-09-14 267064]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-03-21 185896]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-05-12 516440]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-12-08 1173384]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]
"RegistryMechanic"=C:\Program Files\Registry Mechanic\RegMech.exe [2008-07-08 2828184]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2009-05-16 11:29:35 ----D---- C:\rsit
2009-05-16 11:25:21 ----D---- C:\WINDOWS\temp
2009-05-16 11:25:06 ----A---- C:\ComboFix.txt
2009-05-13 23:15:56 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-05-13 23:03:52 ----SHD---- C:\WINDOWS\CSC
2009-05-13 22:59:51 ----D---- C:\Program Files\Common Files\PC Tools
2009-05-13 22:59:34 ----D---- C:\Program Files\Spyware Doctor
2009-05-13 22:59:34 ----D---- C:\Documents and Settings\Kara B. Bingham\Application Data\PC Tools
2009-05-13 22:59:34 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2009-05-13 22:57:57 ----A---- C:\WINDOWS\System32\STKIT432.DLL
2009-05-13 22:57:53 ----D---- C:\Program Files\Registry Mechanic
2009-05-13 15:54:39 ----A---- C:\Boot.bak
2009-05-13 15:54:31 ----RASHD---- C:\cmdcons
2009-05-13 15:47:42 ----A---- C:\WINDOWS\zip.exe
2009-05-13 15:47:42 ----A---- C:\WINDOWS\vFind.exe
2009-05-13 15:47:42 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-05-13 15:47:42 ----A---- C:\WINDOWS\SWSC.exe
2009-05-13 15:47:42 ----A---- C:\WINDOWS\SWREG.exe
2009-05-13 15:47:42 ----A---- C:\WINDOWS\sed.exe
2009-05-13 15:47:42 ----A---- C:\WINDOWS\NIRCMD.exe
2009-05-13 15:47:42 ----A---- C:\WINDOWS\grep.exe
2009-05-13 15:47:30 ----D---- C:\WINDOWS\ERDNT
2009-05-13 15:44:45 ----D---- C:\Qoobox
2009-05-13 15:03:51 ----A---- C:\WINDOWS\ntbtlog.txt
2009-05-13 14:42:45 ----D---- C:\68493cbcd17a886aa6
2009-05-13 14:32:05 ----D---- C:\a8431c62777078eae4
2009-05-13 14:18:15 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-05-12 22:18:57 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-05-12 22:18:57 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-12 22:01:41 ----HDC---- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-12 22:01:04 ----D---- C:\Program Files\Lavasoft
2009-05-12 22:01:04 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-05-11 21:28:27 ----D---- C:\Documents and Settings\All Users\Application Data\17439694
2009-05-11 21:28:27 ----A---- C:\Documents and Settings\All Users\Application Data\97449686.ini

======List of files/folders modified in the last 1 months======

2009-05-16 11:26:50 ----D---- C:\Program Files\Mozilla Firefox
2009-05-16 11:26:33 ----D---- C:\WINDOWS\SYSTEM32
2009-05-16 11:25:21 ----D---- C:\WINDOWS
2009-05-16 11:18:07 ----D---- C:\WINDOWS\System32\CatRoot2
2009-05-16 11:17:16 ----A---- C:\WINDOWS\system.ini
2009-05-16 11:11:40 ----D---- C:\WINDOWS\System32\DRIVERS
2009-05-16 11:11:40 ----D---- C:\WINDOWS\AppPatch
2009-05-16 11:11:36 ----D---- C:\Program Files\Common Files
2009-05-16 11:01:53 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-14 00:52:03 ----HD---- C:\WINDOWS\INF
2009-05-13 22:59:34 ----RD---- C:\Program Files
2009-05-13 22:43:29 ----D---- C:\WINDOWS\Minidump
2009-05-13 16:14:59 ----A---- C:\WINDOWS\System32\PerfStringBackup.INI
2009-05-13 15:54:39 ----RASH---- C:\BOOT.INI
2009-05-13 15:51:50 ----D---- C:\Documents and Settings\Kara B. Bingham\Application Data\alot
2009-05-13 15:44:26 ----D---- C:\WINDOWS\Prefetch
2009-05-12 22:11:42 ----DC---- C:\WINDOWS\System32\DRVSTORE
2009-05-12 22:01:36 ----SHD---- C:\WINDOWS\Installer
2009-05-11 22:00:49 ----D---- C:\WINDOWS\WinSxS
2009-05-07 00:16:30 ----A---- C:\WINDOWS\System32\MRT.exe
2009-04-18 17:47:59 ----RSHD---- C:\WINDOWS\System32\DLLCACHE

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\System32\drivers\Cdr4_xp.sys [2007-02-02 9336]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\System32\drivers\Cdralw2k.sys [2007-02-02 9464]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\System32\drivers\cdudf_xp.sys [2002-12-17 241152]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2003-02-05 17217]
R1 pwd_2k;pwd_2k; C:\WINDOWS\System32\drivers\pwd_2k.sys [2003-08-19 143834]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\System32\drivers\UdfReadr_xp.sys [2003-08-19 206464]
R2 BASFND;BASFND; \??\C:\WINDOWS\System32\Drivers\BASFND.sys []
R2 CVPNDRV;Cisco Systems IPsec Driver; \??\C:\WINDOWS\System32\Drivers\CVPNDRV.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2002-11-07 11011]
R2 StreamDispatcher;StreamDispatcher; C:\WINDOWS\System32\DRIVERS\strmdisp.sys [2003-01-23 22400]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\System32\DRIVERS\Apfiltr.sys [2003-02-12 90824]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2003-01-03 540672]
R3 b57w2k;Broadcom 570x Gigabit Integrated Controller; C:\WINDOWS\System32\DRIVERS\b57xp32.sys [2003-01-07 166016]
R3 BCM43XX;Dell TrueMobile WLAN Card Driver; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [2003-06-13 254208]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2002-08-29 13184]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\System32\DRIVERS\dne2000.sys [2002-01-09 128380]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 gv3;Intel GV3 Processor Driver; C:\WINDOWS\System32\DRIVERS\gv3.sys [2002-11-18 30976]
R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2003-01-23 1067008]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys [2003-01-23 153344]
R3 mmc_2K;mmc_2K; C:\WINDOWS\System32\drivers\mmc_2K.sys [2003-08-19 30630]
R3 O2SCBUS;O2Micro SmartCardBus Reader; C:\WINDOWS\System32\DRIVERS\ozscr.sys [2002-11-08 20579]
R3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\STAC97.sys [2003-04-25 220176]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2002-11-11 19328]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2002-08-29 51968]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2002-08-29 19328]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2003-01-23 585984]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2002-11-25 37632]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\System32\drivers\bvrp_pci.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\KARAB~1.BIN\LOCALS~1\Temp\catchme.sys []
S3 dvd_2K;dvd_2K; C:\WINDOWS\System32\drivers\dvd_2K.sys [2003-08-19 25898]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2001-08-17 138240]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2001-08-17 12672]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2001-08-17 12288]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2001-08-17 12032]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2001-08-17 12160]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2001-08-17 18688]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2001-08-17 29440]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2001-08-17 19456]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys [2001-08-17 44928]
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2001-08-17 31104]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2001-08-17 23680]
S3 NPF;WinPcap Packet Driver (NPF); C:\WINDOWS\system32\drivers\NPF.sys [2007-11-15 34064]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2002-08-29 891711]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2002-08-29 56832]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2002-08-29 28160]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2002-08-29 24960]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 14208]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 21760]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\System32\vsdatant.sys []
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2001-08-17 29056]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2001-08-17 27648]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2001-08-17 27648]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2001-08-17 26112]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2001-08-17 27392]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2003-01-03 147456]
R2 BAsfIpM;Broadcom ASF IP monitoring service v3.0.1; C:\WINDOWS\system32\basfipm.exe [2002-11-12 73728]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2005-06-02 86606]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2002-12-31 1282110]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-01-21 1095560]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2004-09-22 38912]
R2 WLTRYSVC;WLTRYSVC; C:\WINDOWS\System32\WLTRYSVC.EXE [2003-06-13 45056]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-09-14 503608]

-----------------EOF-----------------

INFO file:

info.txt logfile of random's system information tool 1.06 2009-05-16 11:30:07

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
ALOT Toolbar-->"C:\Program Files\alot\alotUninst.exe"
ALPS Touch Pad Driver-->C:\Program Files\Apoint\Uninstap.exe ADDREMOVE
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Broadcom Advanced Control Suite-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{468190DA-FB4C-45BA-8E40-4B165FF1A939} /l1033
Broadcom ASF Management Applications-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{25D24E84-64A9-40D2-85CF-540B1C4A6D52} /l1033
BUM-->MsiExec.exe /I{55937F00-A69B-4049-8D3A-1C7729742B6F}
Canon Camera Access Library-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{901F8ED7-13E8-43EF-B738-2FE89B0588EB} /l1033
Canon Camera Support Core Library-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A1D0D14A-B776-4907-BC00-5149F2298086} /l1033
Canon Camera Window DC_DV 5 for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}
Canon Camera Window DC_DV 6 for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D}
Canon Camera Window DSLR 5 for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{0A146245-DB79-4197-BF5D-FE1A699A2CC7}
Canon Camera Window MC 6 for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D}
Canon MovieEdit Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{4DBBF091-FACD-422C-B43C-786335BD5398}
Canon PhotoRecord-->MsiExec.exe /X{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}
Canon RAW Image Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}
Canon Utilities PhotoStitch 3.1-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}
Canon ZoomBrowser EX (E)-->MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Citrix Web Client-->C:\WINDOWS\System32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.inf
Conexant D480 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf
Dell Solution Center-->MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
Dell TrueMobile 1300 WLAN Mini-PCI Card-->C:\WINDOWS\system32\BCMWLU00.exe verbose
Desktop Weather by The Weather Channel-->C:\Program Files\The Weather Channel FW\Desktop Weather\TheWeatherChannelCustomUninstall.exe
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
DVDSentry-->MsiExec.exe /I{98DF85D9-96C0-4F57-A92E-C3539477EF5E}
Easy CD Creator 5 Basic-->MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore-->MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock-->MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC-->MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt-->MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
HijackThis 2.0.2-->"C:\Documents and Settings\Kara B. Bingham\Desktop\HijackThis\HijackThis.exe" /uninstall
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
iPod for Windows 2005-09-23-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC} /l1033
iTunes-->MsiExec.exe /I{7FF9CD9C-6E0C-4462-9670-F424DCB32DAF}
kgcbase-->MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
Kodak EasyShare software-->C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_1e0002_e28dc\Setup.exe /APR-REMOVE
KODAK Gallery Upload Software-->MsiExec.exe /I{B7F98125-4955-41E3-8A71-4CE11CE9C198}
Microsoft Office XP Media Content-->MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Professional-->MsiExec.exe /I{91110409-6000-11D3-8CFE-0050048383C9}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Music Assistant-->rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSN Toolbar-->C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\mtbs.exe c
netbrdg-->MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
QuickSet-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9
QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RD1021/1071 Lyra Personal Audio Player Applications-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF948F4D-04C1-4CC7-960C-93D8FDCE8F48}\setup.exe" -l0x9
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Registry Mechanic 8.0-->"C:\Program Files\Registry Mechanic\unins001.exe" /Log
Road Runner Medic 5.2-->"C:\Program Files\Support.com\TWC\uninstall.exe" /c "Remove Road Runner Medic 5.2?"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
skin0001-->MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Spelling Dictionaries For Adobe Reader Package-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-7E8A450000A7}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 6.0-->C:\Program Files\Spyware Doctor\unins001.exe /LOG
staticcr-->MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
Tarantella Native Client-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Tarantella\Tarantella Native Client\DeIsL1.isu" -c"C:\Program Files\Tarantella\Tarantella Native Client\_ISREG32.DLL"
tooltips-->MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Viewpoint Media Player (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\System32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
VPN Client-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5624C000-B109-11D4-9DB4-00E0290FCAC5}\Setup.exe" -l0x9 VpnUninstall
VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Weather Services-->C:\WINDOWS\System32\control.exe C:\WINDOWS\System32\wxfw.cpl,4
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Hotfix - KB842773-->C:\WINDOWS\$NtUninstallKB842773$\spuninst\spuninst.exe
WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
Workshare DeltaView PE-->"C:\Program Files\Workshare\DeltaViewPE\DeltaVw.exe" -uninstall
Workshare Technology - DeltaView-->MsiExec.exe /I{F0D8B3F5-736D-4DEA-A80A-A7FD0F5B8073}

======Hosts File======

127.0.0.1
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com

======System event log======

Computer Name: DDR7V931
Event Code: 240
Message: A request to suspend power was denied by WINLOGON.EXE.

Record Number: 71025
Source Name: Win32k
Time Written: 20090408224319.000000-240
Event Type: warning
User:

Computer Name: DDR7V931
Event Code: 4
Message: Broadcom 570x Gigabit Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.

Record Number: 71005
Source Name: b57w2k
Time Written: 20090408220022.000000-240
Event Type: warning
User:

Computer Name: DDR7V931
Event Code: 240
Message: A request to suspend power was denied by WINLOGON.EXE.

Record Number: 70998
Source Name: Win32k
Time Written: 20090407232235.000000-240
Event Type: warning
User:

Computer Name: DDR7V931
Event Code: 4
Message: Broadcom 570x Gigabit Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.

Record Number: 70979
Source Name: b57w2k
Time Written: 20090407212238.000000-240
Event Type: warning
User:

Computer Name: DDR7V931
Event Code: 4
Message: Broadcom 570x Gigabit Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.

Record Number: 70953
Source Name: b57w2k
Time Written: 20090407075237.000000-240
Event Type: warning
User:

=====Application event log=====

Computer Name: DDR7V931
Event Code: 2
Message: SetServiceStatus() failed

Record Number: 7
Source Name: WLTRYSVC
Time Written: 20060306211755.000000-300
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: DDR7V931
Event Code: 4609
Message: The COM+ Event System detected a bad return code during its internal processing. HRESULT was C0000005 from line 44 of d:\nt\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.
Record Number: 6
Source Name: EventSystem
Time Written: 20060306200943.000000-300
Event Type: error
User:

Computer Name: DDR7V931
Event Code: 4609
Message: The COM+ Event System detected a bad return code during its internal processing. HRESULT was C0000005 from line 44 of d:\nt\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.
Record Number: 4
Source Name: EventSystem
Time Written: 20060223051835.000000-300
Event Type: error
User:

Computer Name: DDR7V931
Event Code: 4609
Message: The COM+ Event System detected a bad return code during its internal processing. HRESULT was C0000005 from line 44 of d:\nt\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.
Record Number: 2
Source Name: EventSystem
Time Written: 20060213064915.000000-300
Event Type: error
User:

Computer Name: DDR7V931
Event Code: 4609
Message: The COM+ Event System detected a bad return code during its internal processing. HRESULT was C0000005 from line 44 of d:\nt\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.
Record Number: 1
Source Name: EventSystem
Time Written: 20060212230224.000000-300
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 9 Stepping 5, GenuineIntel
"PROCESSOR_REVISION"=0905
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------
jamthecat
Active Member
 
Posts: 11
Joined: May 14th, 2009, 1:01 am

Re: Security System 2009 HiJack This Log

Unread postby Shaba » May 16th, 2009, 11:43 am

Please go HERE (Microsoft website) using Internet Explorer (NOTE: Do not use Firefox or any other browser as they won't work)
- Click on Windows Validation Assistant
- Click on the Validate Now button.
- Be patient while the ActiveX loads, do not click on any links.
- Read the instructions on this page while it's loading. You will be prompted to install - click YES.
- Enter your product key then click continue
- When it says "Validation Complete" please click Continue to return to your previous activity
- Copy what it says and paste it here.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Security System 2009 HiJack This Log

Unread postby jamthecat » May 16th, 2009, 11:58 am

I was never prompted to enter my product key, however the process completed with "Validation Complete!". There is no 'Continue' button.
jamthecat
Active Member
 
Posts: 11
Joined: May 14th, 2009, 1:01 am

Re: Security System 2009 HiJack This Log

Unread postby jamthecat » May 16th, 2009, 11:59 am

Copy/Paste:

Validation Complete!
Thank you for completing the validation process and for using genuine Microsoft software.

By using genuine Microsoft software, you can be confident that you will have access to the latest features, security, and support, which will help to improve your productivity and expand the capabilities of your computer.

You will also have access to new innovations and offerings available only to genuine Microsoft software customers.
jamthecat
Active Member
 
Posts: 11
Joined: May 14th, 2009, 1:01 am

Re: Security System 2009 HiJack This Log

Unread postby Shaba » May 16th, 2009, 12:06 pm

OK, that is fine then.

I see that you have ran combofix. That tool is not meant to be run without supervision.

However, as you have done it, please post contents of C:\ComboFix.txt next.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Security System 2009 HiJack This Log

Unread postby jamthecat » May 16th, 2009, 12:22 pm

I found 4 files:
ComboFix: modified today (05/16/09) 1 hour ago
ComboFix quarantined files: modified today (05/16/09) 1 hour ago
ComboFix2: modified 05/13/09
ComboFix3: modified 05/13/09

They appear below in order:

ComboFix 09-05-13.01 - Kara B. Bingham 05/16/2009 11:04.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.255.88 [GMT -4:00]
Running from: c:\documents and settings\Kara B. Bingham\Desktop\Spyware programs\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2009-04-16 to 2009-05-16 )))))))))))))))))))))))))))))))
.

2009-05-14 03:16 . 2008-12-11 12:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys
2009-05-14 03:16 . 2009-04-03 15:18 130936 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-05-14 03:16 . 2008-12-18 16:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys
2009-05-14 03:15 . 2009-05-16 14:58 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-14 02:59 . 2009-05-14 02:59 -------- d-----w c:\program files\Common Files\PC Tools
2009-05-14 02:59 . 2008-12-10 15:36 64392 ----a-w c:\windows\system32\drivers\pctplsg.sys
2009-05-14 02:59 . 2009-05-14 02:59 -------- d-----w c:\documents and settings\All Users\Application Data\PC Tools
2009-05-14 02:59 . 2009-05-14 02:59 -------- d-----w c:\documents and settings\Kara B. Bingham\Application Data\PC Tools
2009-05-14 02:59 . 2009-05-15 11:08 -------- d-----w c:\program files\Spyware Doctor
2009-05-13 19:08 . 2009-05-13 19:08 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-05-13 18:42 . 2009-05-13 18:42 -------- d-----w C:\68493cbcd17a886aa6
2009-05-13 18:32 . 2009-05-13 18:32 -------- d-----w C:\a8431c62777078eae4
2009-05-13 02:18 . 2009-05-13 02:19 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-13 02:18 . 2009-05-13 02:34 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-13 02:11 . 2009-05-13 02:11 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-05-13 02:01 . 2009-05-13 02:01 -------- dc-h--w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-13 02:01 . 2009-05-13 02:01 -------- d-----w c:\program files\Lavasoft
2009-05-13 02:01 . 2009-05-13 02:01 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-05-12 01:28 . 2009-05-14 04:34 -------- d-----w c:\documents and settings\All Users\Application Data\17439694
2009-04-18 21:47 . 2001-08-17 18:02 9600 ----a-w c:\windows\system32\dllcache\hidusb.sys
2009-04-18 21:47 . 2001-08-17 18:02 9600 ----a-w c:\windows\system32\drivers\hidusb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((( SnapShot@2009-05-13_19.57.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-14 02:57 . 1996-01-12 22:00 24576 c:\windows\SYSTEM32\STKIT432.DLL
- 2003-08-19 20:56 . 2009-04-05 13:45 40394 c:\windows\SYSTEM32\PERFC009.DAT
+ 2003-08-19 20:56 . 2009-05-13 20:15 40394 c:\windows\SYSTEM32\PERFC009.DAT
+ 2002-08-29 10:00 . 2004-08-04 12:00 92672 c:\windows\SYSTEM32\dskquota.dll
+ 2009-05-14 02:44 . 2009-05-16 14:27 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2002-09-03 18:45 . 2009-05-16 14:27 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
- 2002-09-03 18:45 . 2009-05-13 12:26 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
+ 2002-09-03 18:45 . 2009-05-16 14:27 16384 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
- 2002-09-03 18:45 . 2009-05-13 12:26 16384 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
+ 2002-08-29 10:00 . 2003-01-14 18:18 147456 c:\windows\SYSTEM32\scrrun.dll
+ 2003-08-19 20:56 . 2009-05-13 20:15 312172 c:\windows\SYSTEM32\PERFH009.DAT
- 2003-08-19 20:56 . 2009-04-05 13:45 312172 c:\windows\SYSTEM32\PERFH009.DAT
+ 2002-08-29 10:00 . 2004-08-04 12:00 506368 c:\windows\SYSTEM32\msxml.dll
+ 2003-08-19 20:52 . 2009-05-16 15:03 262144 c:\windows\SYSTEM32\CONFIG\systemprofile\NTUSER.DAT
- 2003-08-19 20:52 . 2009-05-13 19:48 262144 c:\windows\SYSTEM32\CONFIG\systemprofile\NTUSER.DAT
+ 2002-08-29 10:00 . 2004-02-24 01:42 1386496 c:\windows\SYSTEM32\msvbvm60.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2002-08-23 143360]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-01-03 294912]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2002-12-18 360448]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2002-07-17 28672]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 684032]
"tgcmd"="c:\program files\support.com\bin\tgcmd.exe" [2003-02-28 1843200]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-09-14 267064]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-03-21 185896]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-05-13 516440]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384]
"ATIModeChange"="Ati2mdxx.exe" - c:\windows\SYSTEM32\Ati2mdxx.exe [2001-09-04 28672]
"CARPService"="carpserv.exe" - c:\windows\SYSTEM32\carpserv.exe [2003-01-23 4608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\ipsecdialer.exe [2003-10-8 1269834]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2003-8-19 24576]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-9-19 282624]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

R2 CVPNDRV;Cisco Systems IPsec Driver;c:\windows\SYSTEM32\DRIVERS\CVPNDrv.sys [10/8/2003 10:40 AM 263749]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [5/13/2009 10:59 PM 348752]
S0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [5/12/2009 10:11 PM 64160]
S0 PCTCore;PCTools KDS;c:\windows\SYSTEM32\DRIVERS\PCTCore.sys [5/13/2009 11:16 PM 130936]
S3 NPF;WinPcap Packet Driver (NPF);c:\windows\SYSTEM32\DRIVERS\npf.sys [11/15/2007 4:30 PM 34064]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
.
Contents of the 'Scheduled Tasks' folder

2009-04-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.alot.com?client_id=B10E9A3001 ... =1.0.3.158
mStart Page = hxxp://education.dellnet.com/
IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {9E472D58-F10C-11CF-B7A9-0020AFD6A362} - hxxps://vault.netvoyage.com/neweb2/neWebCl.cab
DPF: {9E472D6A-F10C-11CF-B7A9-0020AFD6A362} - hxxps://vault.netvoyage.com/neWeb2/neCrypto.cab
FF - ProfilePath - c:\documents and settings\Kara B. Bingham\Application Data\Mozilla\Firefox\Profiles\tb7qd0x8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\documents and settings\Kara B. Bingham\Application Data\Mozilla\Firefox\Profiles\tb7qd0x8.default\extensions\kodak-companion@mozilla.com\platform\WINNT\components\fotofox.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-16 11:16
Windows 5.1.2600 Service Pack 1 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Driver Signing]
@Denied: (2) (Administrators)
"Policy"=hex:00,00,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1272)
c:\windows\System32\ODBC32.dll

- - - - - - - > 'lsass.exe'(1328)
c:\windows\System32\dssenh.dll

- - - - - - - > 'explorer.exe'(3272)
c:\program files\Spyware Doctor\pctgmhk.dll
.
Completion time: 2009-05-16 11:24
ComboFix-quarantined-files.txt 2009-05-16 15:24
ComboFix2.txt 2009-05-14 02:54
ComboFix3.txt 2009-05-13 19:59

Pre-Run: 48,450,838,528 bytes free
Post-Run: 48,503,296,000 bytes free

143 --- E O F --- 2007-09-22 01:45

2009-05-13 19:58:24 . 2009-05-13 19:58:24 614 ----a-w C:\Qoobox\Quarantine\Registry_backups\SafeBoot-Lavasoft Ad-Aware Service.reg.dat
2009-05-13 19:58:14 . 2009-05-13 19:58:14 110 ----a-w C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-bascstray.reg.dat
2009-05-13 19:58:14 . 2009-05-13 19:58:14 174 ----a-w C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-67459689.reg.dat
2009-05-13 19:58:12 . 2009-05-13 19:58:12 90 ----a-w C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-DW4.reg.dat
2009-05-13 19:58:12 . 2009-05-13 19:58:12 154 ----a-w C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-MsnMsgr.reg.dat
2009-05-13 19:56:46 . 2009-05-16 15:13:42 6,186 ----a-w C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2009-05-13 19:47:31 . 2009-05-16 15:00:41 204 ----a-w C:\Qoobox\Quarantine\catchme.log
2002-02-19 02:22:14 . 2002-02-19 02:22:14 12,008 ----a-w C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\fad.sys.vir


ComboFix 09-05-13.02 - Kara B. Bingham 05/13/2009 22:48.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.255.140 [GMT -4:00]
Running from: c:\combofix\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2009-04-14 to 2009-05-14 )))))))))))))))))))))))))))))))
.

2009-05-13 19:08 . 2009-05-13 19:08 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-05-13 18:42 . 2009-05-13 18:42 -------- d-----w C:\68493cbcd17a886aa6
2009-05-13 18:32 . 2009-05-13 18:32 -------- d-----w C:\a8431c62777078eae4
2009-05-13 02:18 . 2009-05-13 02:19 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-13 02:18 . 2009-05-13 02:34 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-13 02:11 . 2009-05-13 02:11 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-05-13 02:01 . 2009-05-13 02:01 -------- dc-h--w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-13 02:01 . 2009-05-13 02:01 -------- d-----w c:\program files\Lavasoft
2009-05-13 02:01 . 2009-05-13 02:01 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-05-12 01:28 . 2009-05-12 01:42 -------- d-----w c:\documents and settings\All Users\Application Data\17439694
2009-05-12 01:28 . 2009-05-12 01:28 -------- d-----w c:\documents and settings\All Users\Application Data\97449686
2009-04-18 21:47 . 2001-08-17 18:02 9600 ----a-w c:\windows\system32\dllcache\hidusb.sys
2009-04-18 21:47 . 2001-08-17 18:02 9600 ----a-w c:\windows\system32\drivers\hidusb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((( SnapShot@2009-05-13_19.57.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2003-08-19 20:56 . 2009-05-13 20:15 40394 c:\windows\SYSTEM32\PERFC009.DAT
- 2003-08-19 20:56 . 2009-04-05 13:45 40394 c:\windows\SYSTEM32\PERFC009.DAT
+ 2009-05-14 02:44 . 2009-05-14 02:44 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2002-09-03 18:45 . 2009-05-14 02:43 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
- 2002-09-03 18:45 . 2009-05-13 12:26 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
+ 2002-09-03 18:45 . 2009-05-14 02:43 16384 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
- 2002-09-03 18:45 . 2009-05-13 12:26 16384 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
+ 2003-08-19 20:56 . 2009-05-13 20:15 312172 c:\windows\SYSTEM32\PERFH009.DAT
- 2003-08-19 20:56 . 2009-04-05 13:45 312172 c:\windows\SYSTEM32\PERFH009.DAT
+ 2003-08-19 20:52 . 2009-05-14 02:48 262144 c:\windows\SYSTEM32\CONFIG\systemprofile\NTUSER.DAT
- 2003-08-19 20:52 . 2009-05-13 19:48 262144 c:\windows\SYSTEM32\CONFIG\systemprofile\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2002-08-23 143360]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-01-03 294912]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2002-12-18 360448]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2002-07-17 28672]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 684032]
"tgcmd"="c:\program files\support.com\bin\tgcmd.exe" [2003-02-28 1843200]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-09-14 267064]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-03-21 185896]
"17439694"="c:\documents and settings\All Users\Application Data\17439694\17439694.exe" [2009-05-12 356395]
"97449686"="c:\documents and settings\All Users\Application Data\97449686\97449686.exe" [2009-05-12 24107]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-05-13 516440]
"ATIModeChange"="Ati2mdxx.exe" - c:\windows\SYSTEM32\Ati2mdxx.exe [2001-09-04 28672]
"CARPService"="carpserv.exe" - c:\windows\SYSTEM32\carpserv.exe [2003-01-23 4608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\ipsecdialer.exe [2003-10-8 1269834]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2003-8-19 24576]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-9-19 282624]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

R2 CVPNDRV;Cisco Systems IPsec Driver;c:\windows\SYSTEM32\DRIVERS\CVPNDrv.sys [10/8/2003 10:40 AM 263749]
S0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [5/12/2009 10:11 PM 64160]
S3 NPF;WinPcap Packet Driver (NPF);c:\windows\SYSTEM32\DRIVERS\npf.sys [11/15/2007 4:30 PM 34064]
.
Contents of the 'Scheduled Tasks' folder

2009-04-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.alot.com?client_id=B10E9A3001 ... =1.0.3.158
mStart Page = hxxp://education.dellnet.com/
IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {9E472D58-F10C-11CF-B7A9-0020AFD6A362} - hxxps://vault.netvoyage.com/neweb2/neWebCl.cab
DPF: {9E472D6A-F10C-11CF-B7A9-0020AFD6A362} - hxxps://vault.netvoyage.com/neWeb2/neCrypto.cab
FF - ProfilePath - c:\documents and settings\Kara B. Bingham\Application Data\Mozilla\Firefox\Profiles\tb7qd0x8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\documents and settings\Kara B. Bingham\Application Data\Mozilla\Firefox\Profiles\tb7qd0x8.default\extensions\kodak-companion@mozilla.com\platform\WINNT\components\fotofox.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-13 22:51
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Driver Signing]
@Denied: (2) (Administrators)
"Policy"=hex:00,00,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1272)
c:\windows\System32\ODBC32.dll

- - - - - - - > 'lsass.exe'(1336)
c:\windows\System32\dssenh.dll

- - - - - - - > 'explorer.exe'(612)
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
.
Completion time: 2009-05-14 22:54
ComboFix-quarantined-files.txt 2009-05-14 02:54
ComboFix2.txt 2009-05-13 19:59

Pre-Run: 48,799,657,984 bytes free
Post-Run: 48,789,671,936 bytes free

125 --- E O F --- 2007-09-22 01:45


ComboFix 09-05-13.01 - Kara B. Bingham 05/13/2009 15:55.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.255.101 [GMT -4:00]
Running from: c:\documents and settings\Kara B. Bingham\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\fad.sys

.
((((((((((((((((((((((((( Files Created from 2009-04-13 to 2009-05-13 )))))))))))))))))))))))))))))))
.

2009-05-13 19:08 . 2009-05-13 19:08 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-05-13 18:42 . 2009-05-13 18:42 -------- d-----w C:\68493cbcd17a886aa6
2009-05-13 18:32 . 2009-05-13 18:32 -------- d-----w C:\a8431c62777078eae4
2009-05-13 02:18 . 2009-05-13 02:19 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-13 02:18 . 2009-05-13 02:34 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-13 02:11 . 2009-05-13 02:11 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-05-13 02:01 . 2009-05-13 02:01 -------- dc-h--w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-13 02:01 . 2009-05-13 02:01 -------- d-----w c:\program files\Lavasoft
2009-05-13 02:01 . 2009-05-13 02:01 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-05-12 01:28 . 2009-05-12 01:42 -------- d-----w c:\documents and settings\All Users\Application Data\17439694
2009-05-12 01:28 . 2009-05-12 01:28 -------- d-----w c:\documents and settings\All Users\Application Data\97449686
2009-04-18 21:47 . 2001-08-17 18:02 9600 ----a-w c:\windows\system32\dllcache\hidusb.sys
2009-04-18 21:47 . 2001-08-17 18:02 9600 ----a-w c:\windows\system32\drivers\hidusb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2002-08-23 143360]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-01-03 294912]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2002-12-18 360448]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2002-07-17 28672]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 684032]
"tgcmd"="c:\program files\support.com\bin\tgcmd.exe" [2003-02-28 1843200]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-09-14 267064]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-03-21 185896]
"17439694"="c:\documents and settings\All Users\Application Data\17439694\17439694.exe" [2009-05-12 356395]
"97449686"="c:\documents and settings\All Users\Application Data\97449686\97449686.exe" [2009-05-12 24107]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-05-13 516440]
"ATIModeChange"="Ati2mdxx.exe" - c:\windows\SYSTEM32\Ati2mdxx.exe [2001-09-04 28672]
"CARPService"="carpserv.exe" - c:\windows\SYSTEM32\carpserv.exe [2003-01-23 4608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\ipsecdialer.exe [2003-10-8 1269834]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2003-8-19 24576]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-9-19 282624]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

R2 CVPNDRV;Cisco Systems IPsec Driver;c:\windows\SYSTEM32\DRIVERS\CVPNDrv.sys [10/8/2003 10:40 AM 263749]
R3 NPF;WinPcap Packet Driver (NPF);c:\windows\SYSTEM32\DRIVERS\npf.sys [11/15/2007 4:30 PM 34064]
S0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [5/12/2009 10:11 PM 64160]
.
Contents of the 'Scheduled Tasks' folder

2009-04-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:57]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
HKCU-Run-DW4 - (no file)
HKLM-Run-67459689 - c:\documents and settings\All Users\Application Data\67459689\67459689.exe
HKLM-Run-bascstray - BascsTray.exe
SafeBoot-Lavasoft Ad-Aware Service


.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.alot.com?client_id=B10E9A3001 ... =1.0.3.158
mStart Page = hxxp://education.dellnet.com/
IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {9E472D58-F10C-11CF-B7A9-0020AFD6A362} - hxxps://vault.netvoyage.com/neweb2/neWebCl.cab
DPF: {9E472D6A-F10C-11CF-B7A9-0020AFD6A362} - hxxps://vault.netvoyage.com/neWeb2/neCrypto.cab
FF - ProfilePath - c:\documents and settings\Kara B. Bingham\Application Data\Mozilla\Firefox\Profiles\tb7qd0x8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\documents and settings\Kara B. Bingham\Application Data\Mozilla\Firefox\Profiles\tb7qd0x8.default\extensions\kodak-companion@mozilla.com\platform\WINNT\components\fotofox.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-13 15:57
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Driver Signing]
@Denied: (2) (Administrators)
"Policy"=hex:00,00,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1264)
c:\windows\System32\ODBC32.dll

- - - - - - - > 'lsass.exe'(1328)
c:\windows\System32\dssenh.dll
.
Completion time: 2009-05-13 15:59
ComboFix-quarantined-files.txt 2009-05-13 19:59

Pre-Run: 48,647,217,152 bytes free
Post-Run: 48,794,333,184 bytes free

winxpsp1_en_pro_bf.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect

124 --- E O F --- 2007-09-22 01:45
jamthecat
Active Member
 
Posts: 11
Joined: May 14th, 2009, 1:01 am

Re: Security System 2009 HiJack This Log

Unread postby Shaba » May 16th, 2009, 12:25 pm

Delete these:

C:\Documents and Settings\All Users\Application Data\17439694
C:\Documents and Settings\All Users\Application Data\97449686.ini

Empty Recycle Bin.

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply along with a fresh HijackThis log.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Security System 2009 HiJack This Log

Unread postby jamthecat » May 16th, 2009, 12:57 pm

Can't find Application Data sub-folder (and hence the files). I did a search for the file names, but they did not come up.
jamthecat
Active Member
 
Posts: 11
Joined: May 14th, 2009, 1:01 am

Re: Security System 2009 HiJack This Log

Unread postby Shaba » May 16th, 2009, 1:14 pm

They are hidden by default.

Please see here and try again.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 49 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware