Thank you for your help thus far. Log results of your instructions follow: Please note the two files you instructed for me to delete C:\WINDOWS\mpfanvqg.dll AND C:\WINDOWS\vbksrofa.dll
were not located on the computer.
Malwarebytes' Anti-Malware 1.12
Database version: 749
Scan type: Full Scan (C:\|)
Objects scanned: 83578
Time elapsed: 23 minute(s), 14 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 25
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{95e554e1-04f3-4d9b-a4e9-881dc420882b} (Trojan.Fakealert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5269d0c0-572b-445a-88ac-8c8843b6d42b} (Trojan.Fakealert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{69c1ef64-a396-4490-8849-52af7f7ec6e5} (Trojan.Fakealert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f5f40e25-cf4d-434e-a6ae-ed625ae87cab} (Trojan.Fakealert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\pvnsmfor.btqr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\pvnsmfor.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{88ebbe0b-5ff8-4b84-b043-71a216374a5b} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\OriginalWallpaper (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\ConvertedWallpaper (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080514-142920-863.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\ftklhae.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\blackster.scr.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\byXqrpoM.dll.vir.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\cbXQkHwx.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\cbXRKBqr.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\iifcBsqR.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\khfDtSjK.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\xdmnrgga.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\yzbgqap.sys.vir (Backdoor.Rustock) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0000004.scr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP12\A0007133.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP12\A0007135.scr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP12\A0007136.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP12\A0007137.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP12\A0007147.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP12\A0007148.sys (Backdoor.Rustock) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP2\A0000128.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP2\A0000141.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0002203.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0002221.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0002243.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0002247.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP5\A0002299.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP5\A0002300.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
ComboFix 08-05-11.1 - tlavine 2008-05-14 15:00:44.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1672 [GMT -5:00]
Running from: C:\Documents and Settings\tlavine.LAP-TLAVINE\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\tlavine.LAP-TLAVINE\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!FILE ::
C:\ftklhae.exe
C:\WINDOWS\system32\aggrnmdx.ini
C:\WINDOWS\system32\blackster.scr
C:\WINDOWS\system32\byXqrpoM.dll.vir
C:\WINDOWS\system32\cbXRjKDt.dll
C:\WINDOWS\system32\cbXRKBqr.dll
C:\WINDOWS\system32\khfDtSjK.dll
C:\WINDOWS\system32\kr_done1de
C:\WINDOWS\system32\xdmnrgga.dll
C:\WINDOWS\system32\yzbgqap.sys
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\ftklhae.exe
C:\WINDOWS\system32\aggrnmdx.ini
C:\WINDOWS\system32\blackster.scr
C:\WINDOWS\system32\byXqrpoM.dll.vir
C:\WINDOWS\system32\cbXRKBqr.dll
C:\WINDOWS\system32\khfDtSjK.dll
C:\WINDOWS\system32\KjStDfhk.ini
C:\WINDOWS\system32\KjStDfhk.ini2
C:\WINDOWS\system32\kr_done1de
C:\WINDOWS\system32\xdmnrgga.dll
C:\WINDOWS\system32\yzbgqap.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_yzbgqap
((((((((((((((((((((((((( Files Created from 2008-04-14 to 2008-05-14 )))))))))))))))))))))))))))))))
.
2008-05-12 09:31 . 2008-05-12 09:31 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-12 09:08 . 2008-05-12 11:40 <DIR> d-------- C:\Documents and Settings\tlavine.LAP-TLAVINE\Application Data\U3
2008-05-11 22:46 . 2008-05-11 22:46 <DIR> d-------- C:\VundoFix Backups
2008-05-11 22:26 . 2008-05-14 14:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-11 21:02 . 2008-05-11 21:55 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-11 21:02 . 2008-05-11 21:02 <DIR> d-------- C:\Documents and Settings\tlavine.LAP-TLAVINE\Application Data\SUPERAntiSpyware.com
2008-05-11 21:02 . 2008-05-11 21:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-11 21:01 . 2008-05-14 14:20 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-11 20:11 . 2008-05-11 20:21 <DIR> d-------- C:\Program Files\RogueRemover FREE
2008-05-11 13:59 . 2008-05-14 08:34 <DIR> d-------- C:\QUARANTINE
2008-05-11 13:59 . 2008-05-11 14:02 2 --a------ C:\-196576900
2008-04-22 10:41 . 2008-04-22 10:41 <DIR> d-------- C:\Documents and Settings\tlavine.LAP-TLAVINE\Application Data\vlc
2008-04-22 10:39 . 2008-04-22 10:39 <DIR> d-------- C:\Program Files\VideoLAN
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-14 13:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-06 02:13 --------- d-----w C:\Program Files\Google
2008-05-06 02:05 --------- d-----w C:\Program Files\Java
.
((((((((((((((((((((((((((((( snapshot@2008-05-12_11.56.44.59 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-12 16:52:12 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-14 20:03:58 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2004-08-04 10:00:00 5,120 ----a-w C:\WINDOWS\system32\dllcache\sfc.dll
- 2008-05-12 13:25:25 84,848 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-05-14 19:59:31 84,848 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-05-12 13:25:25 462,506 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-05-14 19:59:32 462,506 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-05-12 03:40:27 118,696 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
+ 2008-05-14 14:23:51 561,588 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-13 16:14 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 05:40 218032]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 11:37 2321600]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2007-01-25 02:34 159744]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-05-18 11:45 138008]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-05-18 11:45 162584]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-05-18 11:45 138008]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2007-02-20 12:29 1191936]
"SigmatelSysTrayApp"="stsystra.exe" [2007-02-18 23:26 303104 C:\WINDOWS\stsystra.exe]
"Document Manager"="C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2006-09-08 08:32 102400]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2007-03-16 03:10 1392640]
"KADxMain"="C:\WINDOWS\system32\KADxMain.exe" [2006-11-02 14:05 282624]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-11 05:40 218032]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 05:40 86960]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 09:00 1116920]
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 17:23 118784]
"WinVNC"="C:\Program Files\TightVNC\WinVNC.exe" [2003-08-01 18:28 474624]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-05-02 01:08 366400]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [2007-02-22 21:50 112216]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 12:27 136768]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 16:09 63048]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-04-23 12:43 228088]
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
2X ApplicationServer Client.lnk - C:\Program Files\2X\ApplicationServer Client\APPServerClient.exe [2007-05-31 15:17:46 625152]
C:\Documents and Settings\tlavine\Start Menu\Programs\Startup\
2X ApplicationServer Client.lnk - C:\Program Files\2X\ApplicationServer Client\APPServerClient.exe [2007-05-31 15:17:46 625152]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-01-11 20:43:46 2150400]
Desktop Manager.lnk - C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe [2007-05-31 15:49:06 1283608]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-06-29 00:41:01 50688]
EMBASSY Trust Suite Secure Update.lnk - C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [2006-08-25 09:45:30 192512]
Google Calendar Sync.lnk - C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2008-03-20 21:26:50 542192]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!saswinlogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-11-15 19:46 87352 C:\WINDOWS\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wxvault.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R0 PBADRV;PBADRV;C:\WINDOWS\system32\drivers\pbadrv.sys [2005-12-09 15:35]
R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 10:35]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;"C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe" -service []
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;"C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-11 18:50]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-08-03 16:09]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-08-03 16:09]
R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
R3 DXEC01;DXEC01;C:\WINDOWS\system32\drivers\dxec01.sys [2006-11-02 12:32]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ []
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-05-14 15:04:45
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\Documents and Settings\tlavine.LAP-TLAVINE\Local Settings\Application Data\Toshiba\BluetoothStack\V1.0\SDP00081.sdb 2479 bytes
scan completed successfully
hidden files: 1
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\WINDOWS\system32\scardsvr.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\WINDOWS\system32\stacsv.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\ApntEx.exe
C:\Program Files\Apoint\hidfind.exe
C:\Program Files\McAfee\Common Framework\Mctray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
.
**************************************************************************
.
Completion time: 2008-05-14 15:08:03 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-14 20:07:59
ComboFix2.txt 2008-05-14 13:41:03
ComboFix3.txt 2008-05-13 13:47:18
ComboFix4.txt 2008-05-12 16:57:02
Pre-Run: 105,837,092,864 bytes free
Post-Run: 105,787,543,552 bytes free
187 --- E O F --- 2008-04-18 13:06:25
2007 Microsoft Office system
2X ApplicationServer and LoadBalancer Client
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.1
Adobe Shockwave Player
biolsp patch
BlackBerry Desktop Software 4.2.2
BlackBerry Desktop Software 4.2.2
Bluetooth Stack for Windows by Toshiba
Broadcom ASF Management Applications
Broadcom Management Programs
Broadcom TPM Driver Installer
Business Contact Manager for Outlook 2007 SP1
Business Contact Manager for Outlook 2007 SP1
Conexant HDA D330 MDC V.92 Modem
Dell Embassy Trust Suite by Wave Systems
Dell Touchpad
Dell Wireless WLAN Card
Digital Line Detect
Document Manager Lite
EMBASSY Security Center
EMBASSY Trust Suite by Wave Systems
ETS Launch Pad
ETS Upgrade
Google Calendar Sync
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Intel(R) Graphics Media Accelerator Driver
IntelliSonic Speech Enhancement
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
LogMeIn
Malwarebytes' Anti-Malware
Malwarebytes' RogueRemover
McAfee VirusScan Enterprise
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Modem Diagnostic Tool
Mozilla Firefox (2.0.0.3)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
NetWaiting
NTRU Hybrid TSS v2.0.25
Picasa 2
PowerDVD
Preboot Manager
Private Information Manager
QuickSet
QuickTime
Roxio Creator BDAV Plugin
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio Media Manager
Roxio Update Manager
Secure Update
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Excel 2007 (KB946974)
Security Update for Office 2007 (KB934062)
Security Update for Office 2007 (KB947801)
Security Update for Outlook 2007 (KB946983)
Security Update for Publisher 2007 (KB936646)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for the 2007 Microsoft Office System (KB936960)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Wizards
SigmaTel Audio
Sonic Activation Module
Spybot - Search & Destroy 1.4
SUPERAntiSpyware Free Edition
TightVNC 1.2.9
Tweak UI
Update for Office 2007 (KB932080)
Update for Office 2007 (KB934391)
Update for Office 2007 (KB934393)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb949037)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Word 2007 (KB934173)
upekmsi
VideoLAN VLC media player 0.8.6f
Wave Infrastructure Installer
Wave Support Software
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:06:35 PM, on 5/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\StacSV.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\tlavine.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL =
http://www.google.com/ig/dell?hl=en&cli ... bd=6070629O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/microso ... 4182566437O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) -
https://secure.logmein.com/activex/RACtrl.cabO20 - Winlogon Notify: !saswinlogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
O23 - Service: VNC Server (winvnc) - Constantin Kaplinsky - C:\Program Files\TightVNC\WinVNC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 9770 bytes