Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1241 [GMT -4:00]
Running from: C:\Documents and Settings\xxxxxxxxxxx\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\xxxxxxxxxxx\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\xxxxxxxxxxx\Cookies\xxxxxxxxxxx@precisionclick[2].txt
C:\Documents and Settings\xxxxxxxxxxx\Cookies\xxxxxxxxxxx@trafficmp[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@trafficmp[1].txt
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At25.job
C:\WINDOWS\tasks\At26.job
C:\WINDOWS\tasks\At27.job
C:\WINDOWS\tasks\At28.job
C:\WINDOWS\tasks\At29.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At30.job
C:\WINDOWS\tasks\At31.job
C:\WINDOWS\tasks\At32.job
C:\WINDOWS\tasks\At33.job
C:\WINDOWS\tasks\At34.job
C:\WINDOWS\tasks\At35.job
C:\WINDOWS\tasks\At36.job
C:\WINDOWS\tasks\At37.job
C:\WINDOWS\tasks\At38.job
C:\WINDOWS\tasks\At39.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At40.job
C:\WINDOWS\tasks\At41.job
C:\WINDOWS\tasks\At42.job
C:\WINDOWS\tasks\At43.job
C:\WINDOWS\tasks\At44.job
C:\WINDOWS\tasks\At45.job
C:\WINDOWS\tasks\At46.job
C:\WINDOWS\tasks\At47.job
C:\WINDOWS\tasks\At48.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At9.job
.
((((((((((((((((((((((((( Files Created from 2008-08-10 to 2008-09-10 )))))))))))))))))))))))))))))))
.
2008-09-09 08:26 . 2008-09-09 08:26 83,458 --a------ C:\WINDOWS\system32\1beV6Xw7.exe
2008-09-09 08:26 . 2008-09-09 08:26 0 --a------ C:\WINDOWS\system32\1beV6Xw7.exe.a_a
2008-09-04 09:34 . 2008-09-04 09:34 <DIR> d-------- C:\Documents and Settings\xxxxxxxxxxx\Application Data\Malwarebytes
2008-09-04 09:33 . 2008-09-04 09:34 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-04 09:33 . 2008-09-04 09:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-04 09:33 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-04 09:33 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-03 07:57 . 2008-09-03 07:57 <DIR> d-------- C:\rsit
2008-08-27 09:32 . 2008-08-27 09:35 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-08-27 09:32 . 2008-08-27 09:32 <DIR> d-------- C:\Documents and Settings\xxxxxxxxxxx\Application Data\PC Tools
2008-08-27 09:32 . 2008-08-27 09:40 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-27 09:32 . 2008-06-10 21:22 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-08-27 09:32 . 2008-06-02 15:19 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-08-27 09:32 . 2008-06-02 15:19 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-08-27 09:32 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-08-26 11:11 . 2008-08-26 12:29 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-26 11:11 . 2008-08-27 08:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-25 11:03 . 2008-08-25 11:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-08-22 13:12 . 2008-08-22 13:12 <DIR> d-------- C:\Program Files\Lavasoft
2008-08-22 13:12 . 2008-08-22 13:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-22 11:55 . 2008-08-22 11:55 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-22 11:50 . 2008-08-22 11:51 <DIR> d-------- C:\Program Files\Apple Software Update
2008-08-13 08:58 . 2008-08-13 08:58 <DIR> d-------- C:\Documents and Settings\xxxxxxxxxxx\Application Data\Windows Search
2008-08-13 08:32 . 2008-08-13 08:32 <DIR> d-------- C:\Program Files\TightVNC
2008-08-13 08:06 . 2008-08-13 08:06 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
2008-08-13 08:06 . 2008-08-13 08:06 <DIR> d-------- C:\Documents and Settings\xxxxxxxxxxx\Application Data\Windows Desktop Search
2008-08-13 08:04 . 2008-03-07 13:02 192,000 --------- C:\WINDOWS\system32\dllcache\offfilt.dll
2008-08-13 08:04 . 2008-03-07 13:02 98,304 --------- C:\WINDOWS\system32\dllcache\nlhtml.dll
2008-08-13 08:04 . 2008-03-07 13:02 29,696 --------- C:\WINDOWS\system32\dllcache\mimefilt.dll
2008-08-13 08:01 . 2008-05-01 10:33 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-13 07:59 . 2008-07-22 10:45 1,214,526 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-08-13 07:59 . 2008-07-22 10:45 790,846 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-08-13 07:59 . 2008-04-11 15:04 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-13 07:59 . 2008-07-22 10:45 9,696 --------- C:\WINDOWS\system32\dllcache\drvmain.sdb
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-09 16:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-09-08 16:18 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-09-02 20:31 --------- d-----w C:\Program Files\Vuze
2008-09-02 13:46 --------- d-----w C:\Program Files\Google
2008-08-19 13:35 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-13 12:46 --------- d-----w C:\Program Files\Windows Desktop Search
2008-08-13 12:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-06 19:08 --------- d-----w C:\Documents and Settings\xxxxxxxxxxx\Application Data\Yahoo!
2008-08-06 19:08 --------- d-----w C:\Documents and Settings\xxxxxxxxxxx\Application Data\Prism
2008-07-31 13:16 --------- d-----w C:\Program Files\iTunes
2008-07-31 13:15 --------- d-----w C:\Program Files\iPod
2008-07-28 14:42 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-19 02:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 02:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 20:28 --------- d-----w C:\Program Files\Windows Defender
2008-07-18 16:34 --------- d-----w C:\Documents and Settings\xxxxxxxxxxx\Application Data\Azureus
2008-07-18 15:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\RetroExp
2008-07-17 15:06 --------- d-----w C:\Documents and Settings\xxxxxxxxxxx\Application Data\FileZilla
2008-07-14 20:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2008-07-14 14:38 --------- d-----w C:\Program Files\Sonic
2008-07-13 06:21 --------- d-----w C:\Documents and Settings\xxxxxxxxxxx\Application Data\Apple Computer
2008-07-11 13:00 --------- d-----w C:\Program Files\QuickTime
2008-07-11 12:45 --------- d-----w C:\Program Files\Safari
2008-07-10 13:35 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:26 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:43 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-24 14:57 3,592,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-23 09:20 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-06-23 09:20 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-21 05:23 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:46 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:46 147,968 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 11:51 361,600 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 11:40 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 11:08 225,856 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-05-15 14:47 56,912 ----a-w C:\Documents and Settings\xxxxxxxxxxx\g2mdlhlpx.exe
2008-05-07 20:45 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008050720080508\index.dat
.
((((((((((((((((((((((((((((( snapshot@2008-09-08_12.27.35.79 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-25 12:14:05 25,214 ----a-r C:\WINDOWS\Installer\{50E125D1-88E5-48CE-80AE-98EC9698E639}\ARPPRODUCTICON.exe
+ 2008-09-09 12:28:58 25,214 ----a-r C:\WINDOWS\Installer\{50E125D1-88E5-48CE-80AE-98EC9698E639}\ARPPRODUCTICON.exe
- 2008-03-25 12:14:05 40,960 ----a-r C:\WINDOWS\Installer\{50E125D1-88E5-48CE-80AE-98EC9698E639}\DTIcon.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe
+ 2008-09-09 12:28:57 40,960 ----a-r C:\WINDOWS\Installer\{50E125D1-88E5-48CE-80AE-98EC9698E639}\DTIcon.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe
- 2008-03-25 12:14:05 40,960 ----a-r C:\WINDOWS\Installer\{50E125D1-88E5-48CE-80AE-98EC9698E639}\NewShortcut1.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe
+ 2008-09-09 12:28:58 40,960 ----a-r C:\WINDOWS\Installer\{50E125D1-88E5-48CE-80AE-98EC9698E639}\NewShortcut1.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe
- 2008-09-08 16:24:34 230,012 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2008-09-10 12:53:34 230,012 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
- 2008-09-08 15:59:51 118,556 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-09-10 12:54:32 118,556 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-09-08 15:59:51 577,936 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-09-10 12:54:33 577,936 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-09-10 12:49:57 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_750.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77D7E795-33C5-4323-974D-A2A49AB75517}]
2008-09-02 09:45 133616 --a----t- C:\Program Files\Google\Update\1.2.131.11\GoopdateBho.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2007-09-09 159744]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-09-10 141848]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-09-10 166424]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-09-10 137752]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2007-09-07 1236992]
"WavXMgr"="C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 92160]
"SecureUpgrade"="C:\Program Files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 218424]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2007-10-09 2183168]
"KADxMain"="C:\WINDOWS\system32\KADxMain.exe" [2006-11-02 282624]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-11 218032]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"Acrobat Speed Launch"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe" [2006-10-23 46200]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2008-04-13 143360]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-03-14 125632]
"Acrobat Synchronizer"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe" [2007-05-11 738968]
"MaxtorOneTouch"="C:\Program Files\Maxtor\ManagerApp\Onetouch.exe" [2007-02-27 716456]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"MediaFace Integration"="C:\Program Files\Fellowes\MediaFACE 5.0\SetHook.exe" [2007-12-21 53248]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
"DMXLauncher"="C:\Program Files\Sonic\Product\Media Experience\DMXLauncher.exe" [2007-04-02 113400]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"SigmatelSysTrayApp"="stsystra.exe" [2007-09-13 C:\WINDOWS\stsystra.exe]
"MsmqIntCert"="mqrt.dll" [2008-04-13 C:\WINDOWS\system32\mqrt.dll]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisablePersonalDirChange"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
2006-11-16 16:20 73728 C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-562904133-1862157100-2081099500-1135\Scripts\Logon\0\0]
"Script"=PowerConfig.bat
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 0 (0x0)
R0 PBADRV;PBADRV;C:\WINDOWS\system32\DRIVERS\PBADRV.sys [2007-09-07 26608]
R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 28184]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [2007-06-20 79168]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-11 30312]
R2 TdmService;TdmService;C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe [2007-09-07 737280]
R2 Wave UCSPlus;Wave UCSPlus;C:\WINDOWS\system32\dllhost.exe [2008-04-13 5120]
R2 WavxDMgr;WavxDMgr;C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys [2007-09-10 161280]
R2 Yahoo! Zimbra Desktop Service;Yahoo! Zimbra Desktop Service;C:\zimbra\zdesktop\zdesktop.exe [2008-07-24 139264]
R3 DXEC01;DXEC01;C:\WINDOWS\system32\drivers\dxec01.sys [2006-11-02 97536]
R3 NWADI;NWADI Bus Enumerator;C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2007-09-06 194048]
R3 swmsflt;swmsflt;C:\WINDOWS\system32\drivers\swmsflt.sys [2007-08-10 24456]
R3 WaveFDE;Wave System Power Monitor Device Driver;C:\WINDOWS\system32\DRIVERS\WaveFDE.sys [2007-09-06 18176]
S2 gupdate1c90d0232f2e79b;Google Update Service (gupdate1c90d0232f2e79b);C:\Program Files\Google\Update\GoogleUpdate.exe [2008-09-02 133104]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
S3 Nmea;Sprint Connection Manager - emulates the NMEA ports;C:\WINDOWS\system32\DRIVERS\pctnullport.sys [ ]
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2007-10-12 27072]
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 SecureStorageService;SecureStorageService;C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [2007-08-31 486400]
S3 WaveEnrollmentService;WaveEnrollmentService;C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe [2007-09-13 192512]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{923115e7-227e-11dd-8142-001d09c69a99}]
\Shell\AutoRun\command - E:\LaunchU3.exe
.
Contents of the 'Scheduled Tasks' folder
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-10 11:34:43
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-09-10 11:36:05
ComboFix-quarantined-files.txt 2008-09-10 15:36:01
ComboFix2.txt 2008-09-09 12:12:47
ComboFix3.txt 2008-09-08 16:28:01
Pre-Run: 17,332,486,144 bytes free
Post-Run: 17,604,800,512 bytes free
288 --- E O F --- 2008-09-08 15:36:51
Malwarebytes' Anti-Malware 1.28
Database version: 1136
Windows 5.1.2600 Service Pack 3
2008-09-10 14:31:15
mbam-log-2008-09-10 (14-31-15).txt
Scan type: Full Scan (C:\|)
Objects scanned: 156518
Time elapsed: 2 hour(s), 45 minute(s), 52 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP156\A0086125.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP156\A0086146.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1beV6Xw7.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.
JavaRa 1.11 Removal Log.
Report follows after line.
------------------------------------
The JavaRa removal process was started on Wed Sep 10 14:40:06 2008
Found and removed: C:\Program Files\Java\jre1.6.0_05
Found and removed: Software\JavaSoft\Java2D\1.5.0_06
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\JavaPlugin.150_06
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610006
Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610006
Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610006
Found and removed: SOFTWARE\Classes\JavaPlugin.160_06
Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_06
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_06
Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610006
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610006
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610006
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160060}
Found and removed: Software\Classes\JavaPlugin.160_06
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_06\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_06\bin\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_06.b02\
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_06
Found and removed: Software\JavaSoft\Java2D\1.5.0_15
Found and removed: Software\JavaSoft\Java2D\1.6.0_06
Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_06
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}
------------------------------------
Finished reporting.
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, September 11, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, September 10, 2008 14:56:32
Records in database: 1207325
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
Scan statistics:
Files scanned: 94847
Threat name: 10
Infected objects: 35
Suspicious objects: 0
Duration of the scan: 02:07:01
File name / Threat name / Threats count
C:\WINDOWS\system32\1beV6Xw7.exe/C:\WINDOWS\system32\1beV6Xw7.exe Infected: Trojan-Downloader.Win32.Agent.afua 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06F80000\4EF8AC68.VBN Infected: Trojan-Downloader.Win32.Small.xpq 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A34000F\4AF512FC.VBN Infected: Exploit.Win32.IMG-TIF.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A340016\4AF56C90.VBN Infected: Exploit.Win32.IMG-TIF.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A5C0000\4AFE9740.VBN Infected: Trojan-Downloader.Win32.BHO.pe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A5C0001\4AFEB49D.VBN Infected: Trojan-Downloader.Win32.BHO.pe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A5C0002\4AFED1F9.VBN Infected: Trojan-Downloader.Win32.BHO.pe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A5C0003\4AFEEF5B.VBN Infected: Trojan-Downloader.Win32.BHO.pe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A5C0004\4AFF0CBA.VBN Infected: Trojan-Downloader.Win32.BHO.pe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD80000\4CFD5318.VBN Infected: Trojan-Downloader.Win32.BHO.pe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD80003\4CFD6F2D.VBN Infected: Trojan-Downloader.Win32.BHO.pe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD80004\4CFD8B76.VBN Infected: Trojan-Downloader.Win32.BHO.pe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD80005\4CFDA7B6.VBN Infected: Trojan-Downloader.Win32.BHO.pe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E240000\4EB7F358.VBN Infected: Trojan-Downloader.Win32.BHO.pe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E240001\4EB41303.VBN Infected: Trojan-Downloader.Win32.BHO.pe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E2C0000\4EAF05CC.VBN Infected: Trojan.Win32.Monderc.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E2C0001\4EAF05EE.VBN Infected: Trojan.Win32.Monderc.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E500000\4EF42F88.VBN Infected: Trojan-Downloader.Win32.BHO.pe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E500001\4EF44BBD.VBN Infected: Trojan-Downloader.Win32.BHO.pe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E500002\4EF467F7.VBN Infected: Trojan-Downloader.Win32.BHO.pe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F940001\4FD40EDA.VBN Infected: Trojan-Downloader.Win32.Agent.acve 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F940002\4FD40EE7.VBN Infected: Trojan-Downloader.Win32.Agent.admz 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F940003\4FD40EF3.VBN Infected: Trojan-Downloader.Win32.Agent.admz 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F940004\4FD40EFF.VBN Infected: Trojan-Downloader.Win32.Agent.adnc 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FBC0000\4FBEB0FF.VBN Infected: Trojan-Downloader.Win32.BHO.pe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FBC0001\4FBECD18.VBN Infected: Trojan-Downloader.Win32.BHO.pe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FBC0002\4FBEEA79.VBN Infected: Trojan-Downloader.Win32.BHO.pe 1
C:\My Work\LSS Memory Stick\Programs\vnc-4_1_2-x86_win32.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 4
C:\My Work\Programs\tightvnc-1.3.9-setup.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1370 1
C:\Program Files\RealVNC\VNC4\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1
C:\QooBox\Quarantine\C\WINDOWS\system32\lH55n814.exe.vir Infected: Trojan-Downloader.Win32.Agent.afua 1
C:\WINDOWS\system32\1beV6Xw7.exe Infected: Trojan-Downloader.Win32.Agent.afua 1
The selected area was scanned.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:43, on 2008-09-11
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Maxtor\Utils\SyncServices.exe
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\WINDOWS\system32\dllhost.exe
C:\zimbra\zdesktop\zdesktop.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Sonic\Product\Media Experience\DMXLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\1beV6Xw7.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://companyweb/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3080321
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Update Helper - {77D7E795-33C5-4323-974D-A2A49AB75517} - C:\Program Files\Google\Update\1.2.131.11\GoopdateBho.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.4.15.0\gears.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
O4 - HKLM\..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Acrobat Speed Launch] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe"
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Acrobat Synchronizer] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\ManagerApp\Onetouch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 5.0\SetHook.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Sonic\Product\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.4.15.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.4.15.0\gears.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} (NSHelp Class) - https://192.168.1.10/ConnectComputer/nshelp.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = LSS.local
O17 - HKLM\Software\..\Telephony: DomainName = LSS.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = LSS.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = LSS.local
O20 - Winlogon Notify: gemsafe - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c90d0232f2e79b) (gupdate1c90d0232f2e79b) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\Utils\SyncServices.exe
O23 - Service: OSCM Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SPCSUtilityService - Sprint Spectrum, L.L.C - C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NTRU TSS v1.2.1.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
O23 - Service: WaveEnrollmentService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: Yahoo! Zimbra Desktop Service - Unknown owner - C:\zimbra\zdesktop\zdesktop.exe
--
End of file - 14822 bytes
Just an FYI the link to the Java removal program shoots out to a html 404 error, I found an alternate download for it on MajorGeeks website.
Norton is still showing the same error and my clock now displays time in millitary format. (i.e. 07:50 and 13:30)
The machine ran all night last night since the AV scan ran past 5 pm when I leave, had 8 pop up ads displaying this morning.
Thanks
EMSNetwork