I received assistance from one of your administrators who told me to use “combo-fix” which I did. It failed to solve the problem and I am no better than when I started. I’m running out of options, its been over two weeks now, and this is slowing down my work. Please, can someone provide me with some sort of plan to solve this issue. I am willing to try anything at this point on my Vista machine. If it helps I’m also getting Java warnings.
I have ZoneAlarm firewall, Comodo anti-virus, spybot search and destroy, adaware, as my system’s defenses. I also have logs from HJT 2.2, malwarebytes and combo-fix:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:58:28 AM, on 10/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: del.icio.us Toolbar Helper - {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [HWSetup] \HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Sys32VContoller] C:\Windows\mwmmgr32\mwmmgr32.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe (User 'Default user')
O9 - Extra button: Extract Flash Video with Bytescout... - {BD791D63-778B-46CA-8425-8A31D2F19487} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resourc ... den-ca.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{31D7E448-298C-47EE-A720-D8DB1F8544D3}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{C8B64AEA-656F-4BFB-AC28-7E2539056CCF}: NameServer = 156.154.70.22,156.154.71.22
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HD DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
--
End of file - 9167 bytes
Malwarebytes' Anti-Malware 1.38
Database version: 2403
Windows 6.0.6001 Service Pack 1
10/07/2009 4:47:36 PM
mbam-log-2009-07-10 (16-47-36).txt
Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 204527
Time elapsed: 2 hour(s), 20 minute(s), 53 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Windows\System32\247880 (Trojan.BHO) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
omboFix 09-07-09.08 - Andrew 13/07/2009 22:18.1.2 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.2.1033.18.2046.1666 [GMT -4:00]
Running from: F:\Combo-Fix.exe
AV: ZoneAlarm Security Suite Antivirus *On-access scanning enabled* (Outdated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Security Suite Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: ZoneAlarm Security Suite Anti-Spyware *enabled* (Outdated) {F245A209-1085-48B4-B927-35D56015EC60}
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2009-06-14 to 2009-07-14 )))))))))))))))))))))))))))))))
.
2009-07-10 23:44 . 2009-07-14 01:44 -------- d-----w- C:\32788R22FWJFW.4.tmp
2009-07-10 23:23 . 2009-07-14 01:43 -------- d-----w- C:\32788R22FWJFW.3.tmp
2009-07-10 23:22 . 2009-07-14 01:43 -------- d-----w- C:\32788R22FWJFW.2.tmp
2009-07-10 23:22 . 2009-07-14 01:44 -------- d-----w- C:\32788R22FWJFW.1.tmp
2009-07-10 23:21 . 2009-07-14 01:44 -------- d-----w- C:\32788R22FWJFW.0.tmp
2009-07-10 23:15 . 2008-11-06 06:03 -------- d-----w- C:\SDFix
2009-07-10 15:19 . 2009-07-10 15:19 -------- d-----w- c:\users\Andrew\AppData\Roaming\Malwarebytes
2009-07-10 15:19 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-10 15:19 . 2009-07-10 15:19 -------- d-----w- c:\progra~2\Malwarebytes
2009-07-10 15:19 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-10 15:19 . 2009-07-10 15:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-10 04:56 . 2009-07-10 04:56 -------- d-----w- c:\program files\Trend Micro
2009-07-10 04:29 . 2009-07-10 03:04 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-07-10 03:04 . 2009-07-10 03:04 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-07-10 03:02 . 2009-07-10 03:02 -------- dc-h--w- c:\progra~2\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-07-10 03:02 . 2009-07-10 03:04 -------- d-----w- c:\progra~2\Lavasoft
2009-07-10 03:02 . 2009-07-10 03:02 -------- d-----w- c:\program files\Lavasoft
2009-07-07 01:16 . 2009-07-07 01:14 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-07 00:52 . 2009-07-07 00:51 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-06 14:22 . 2009-07-14 02:09 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2009-07-06 02:26 . 2009-07-06 14:47 -------- d-----w- c:\progra~2\Comodo
2009-07-06 02:26 . 2009-07-06 02:26 183912 ----a-w- c:\windows\system32\guard32.dll
2009-07-06 02:26 . 2009-07-06 02:26 29520 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-07-06 02:26 . 2009-07-06 02:26 128888 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-07-06 02:26 . 2009-07-06 02:26 -------- d-----w- c:\program files\COMODO
2009-07-06 02:12 . 2009-07-06 14:05 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2009-07-06 02:12 . 2009-07-06 02:12 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-06 00:39 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-07-06 00:39 . 2009-07-06 00:39 -------- d-----w- c:\program files\Avira
2009-07-06 00:39 . 2009-07-06 00:39 -------- d-----w- c:\progra~2\Avira
2009-07-03 03:34 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-03 03:34 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-03 03:28 . 2008-11-01 03:44 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-07-03 03:28 . 2008-03-08 04:21 1695744 ----a-w- c:\windows\system32\gameux.dll
2009-07-03 03:28 . 2008-11-01 01:21 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-06-15 02:37 . 2009-06-15 02:47 -------- d-----w- c:\program files\Wise Registry Cleaner
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-14 02:09 . 2008-03-29 23:15 349221 ---ha-w- c:\windows\system32\drivers\vsconfig.xml
2009-07-14 01:51 . 2008-03-29 23:21 2148248 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-14 01:51 . 2008-03-29 23:21 162159904 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-14 01:51 . 2009-07-14 02:09 70144 ----a-w- c:\windows\Internet Logs\xDBB0E9.tmp
2009-07-14 01:15 . 2009-07-14 01:17 3063296 ----a-w- c:\windows\Internet Logs\xDBC91B.tmp
2009-07-14 01:15 . 2009-07-14 01:17 46080 ----a-w- c:\windows\Internet Logs\xDBC41B.tmp
2009-07-13 02:07 . 2009-07-13 02:09 64000 ----a-w- c:\windows\Internet Logs\xDBB54C.tmp
2009-07-11 05:03 . 2009-07-11 23:12 237056 ----a-w- c:\windows\Internet Logs\xDBB913.tmp
2009-07-11 05:03 . 2009-07-11 23:12 3061248 ----a-w- c:\windows\Internet Logs\xDBBE13.tmp
2009-07-10 21:05 . 2009-07-10 21:06 1197568 ----a-w- c:\windows\Internet Logs\xDBD0E7.tmp
2009-07-07 01:14 . 2007-09-27 05:02 -------- d-----w- c:\program files\Java
2009-07-05 22:58 . 2008-09-15 21:26 12441634 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2009-07-03 04:09 . 2009-07-03 04:11 834560 ----a-w- c:\windows\Internet Logs\xDB66E1.tmp
2009-07-03 02:40 . 2008-05-26 01:32 -------- d-----w- c:\users\Andrew\AppData\Roaming\OpenOffice.org2
2009-06-25 22:19 . 2008-11-02 19:37 -------- d-----w- c:\program files\iTunes
2009-06-25 22:19 . 2008-11-02 19:34 -------- d-----w- c:\program files\Bonjour
2009-06-24 04:27 . 2008-03-30 19:50 -------- d-----w- c:\progra~2\CanonIJPLM
2009-06-16 03:26 . 2008-05-26 01:33 1 ----a-w- c:\users\Andrew\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-06-16 02:40 . 2009-06-16 02:41 130048 ----a-w- c:\windows\Internet Logs\xDBC5FE.tmp
2009-06-13 21:25 . 2009-06-14 14:24 359936 ----a-w- c:\windows\Internet Logs\xDBE86F.tmp
2009-06-13 21:25 . 2009-06-14 14:24 2902528 ----a-w- c:\windows\Internet Logs\xDBEEDC.tmp
2009-06-13 18:52 . 2009-06-13 18:40 -------- d-----w- c:\program files\Registry Easy
2009-06-12 03:23 . 2009-06-12 03:24 124928 ----a-w- c:\windows\Internet Logs\xDBB5FA.tmp
2009-06-01 11:27 . 2009-06-01 11:29 331264 ----a-w- c:\windows\Internet Logs\xDBB2DF.tmp
2009-05-11 21:27 . 2009-05-11 21:28 482304 ----a-w- c:\windows\Internet Logs\xDBAFD3.tmp
2008-03-14 22:26 . 2008-03-14 22:26 37375 ----a-w- c:\program files\openoffice.org-xsltfilter.cab
2008-03-14 22:26 . 2008-03-14 22:26 2489204 ----a-w- c:\program files\openoffice.org-writer.cab
2008-03-14 22:26 . 2008-03-14 22:26 207388 ----a-w- c:\program files\openoffice.org-testtool.cab
2008-03-14 22:26 . 2008-03-14 22:26 2504855 ----a-w- c:\program files\openoffice.org-pyuno.cab
2008-03-14 22:26 . 2008-03-14 22:26 51973 ----a-w- c:\program files\openoffice.org-onlineupdate.cab
2008-03-14 22:26 . 2008-03-14 22:26 1090334 ----a-w- c:\program files\openoffice.org-math.cab
2008-03-14 22:25 . 2008-03-14 22:25 118910 ----a-w- c:\program files\openoffice.org-javafilter.cab
2008-03-14 22:25 . 2008-03-14 22:25 1254017 ----a-w- c:\program files\openoffice.org-impress.cab
2008-03-14 22:25 . 2008-03-14 22:25 86870 ----a-w- c:\program files\openoffice.org-graphicfilter.cab
2008-03-14 22:25 . 2008-03-14 22:25 2769 ----a-w- c:\program files\openoffice.org-emailmerge.cab
2008-03-14 22:25 . 2008-03-14 22:25 919329 ----a-w- c:\program files\openoffice.org-draw.cab
2008-03-14 22:25 . 2008-03-14 22:25 2031954 ----a-w- c:\program files\openoffice.org-core09.cab
2008-03-14 22:25 . 2008-03-14 22:25 293054 ----a-w- c:\program files\openoffice.org-core08.cab
2008-03-14 22:25 . 2008-03-14 22:25 3842531 ----a-w- c:\program files\openoffice.org-core07.cab
2008-03-14 22:25 . 2008-03-14 22:25 28861971 ----a-w- c:\program files\openoffice.org-core06.cab
2008-03-14 22:21 . 2008-03-14 22:21 18636793 ----a-w- c:\program files\openoffice.org-core05.cab
2008-03-14 22:19 . 2008-03-14 22:19 16453751 ----a-w- c:\program files\openoffice.org-core04.cab
2008-03-14 22:18 . 2008-03-14 22:18 9118219 ----a-w- c:\program files\openoffice.org-core03.cab
2008-03-14 22:18 . 2008-03-14 22:18 3860200 ----a-w- c:\program files\openoffice.org-core02.cab
2008-03-14 22:18 . 2008-03-14 22:18 15102497 ----a-w- c:\program files\openoffice.org-core01.cab
2008-03-14 22:17 . 2008-03-14 22:17 4696905 ----a-w- c:\program files\openoffice.org-calc.cab
2008-03-14 22:17 . 2008-03-14 22:17 1802028 ----a-w- c:\program files\openoffice.org-base.cab
2008-03-14 22:17 . 2008-03-14 22:17 43005 ----a-w- c:\program files\openoffice.org-activex.cab
2008-03-14 22:17 . 2008-03-14 22:17 217 ----a-w- c:\program files\setup.ini
2008-03-14 22:17 . 2008-03-14 22:17 4372992 ----a-w- c:\program files\openofficeorg24.msi
2002-03-11 09:06 . 2002-03-11 09:06 1822520 ----a-w- c:\program files\instmsiw.exe
2002-03-11 08:45 . 2002-03-11 08:45 1708856 ----a-w- c:\program files\instmsia.exe
2006-05-03 09:06 . 2008-07-21 22:59 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 10:47 . 2008-07-21 22:59 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 12:30 . 2008-07-21 22:59 216064 --sh--r- c:\windows\System32\nbDX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2007-01-22 417792]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-07 34352]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-23 438272]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 204800]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-08-22 981904]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-07-06 1793808]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-10 520024]
"NDSTray.exe"="NDSTray.exe" [BU]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-09-03 4702208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2007-01-09 191552]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= c:\windows\system32\guard32.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
backup=c:\windows\pss\Bluetooth Manager.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C5A116A5-7304-47EC-95C0-A9C66D751CB5}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{FBD13BA7-A8BC-4ECC-80F8-4903D05268ED}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS
"{8937F841-6254-4BFB-B1D1-6AE5046B670D}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS
"{8FCD3B7C-8F1C-48DC-816D-3E698652E389}"= UDP:c:\program files\Sierra Entertainment\Empire Earth III\EE3.exe:Empire Earth III
"{20E2F8B0-93DB-448E-AC46-2C2EDD7A3FBF}"= TCP:c:\program files\Sierra Entertainment\Empire Earth III\EE3.exe:Empire Earth III
"{382F8B7C-CC54-4859-9C9A-6B6ADBA2722C}"= UDP:c:\program files\Sierra Entertainment\Empire Earth III\EE3.exe:Empire Earth III
"{68C3F022-8089-4D58-A216-CDEBBDF9EC6D}"= TCP:c:\program files\Sierra Entertainment\Empire Earth III\EE3.exe:Empire Earth III
"{1E802304-86AC-4BA0-95D4-D1AF79C28BB6}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{92C70993-0685-4122-BF84-708A3E885C63}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{1953578D-83B1-4D50-9870-219D430694CA}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{60AB8B1D-BA2E-4D7E-AFBB-268E9FAEFBBC}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{D08A62E6-F4C0-4A50-9157-635D50B34CCD}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{D05FDC27-0EEA-48CC-920E-74603DC976E7}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [7/9/2009 11:04 PM 64160]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\System32\drivers\cmdguard.sys [7/5/2009 10:26 PM 128888]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/5/2009 8:39 PM 108289]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1029456]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - ECACHE
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
- - - - ORPHANS REMOVED - - - -
HKLM-RunOnce-<NO NAME> - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: {{BD791D63-778B-46CA-8425-8A31D2F19487}
TCP: {31D7E448-298C-47EE-A720-D8DB1F8544D3} = 156.154.70.22,156.154.71.22
TCP: {C8B64AEA-656F-4BFB-AC28-7E2539056CCF} = 156.154.70.22,156.154.71.22
FF - ProfilePath - c:\users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\xdtpj59l.default\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-13 22:23
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????g??V? ??? ??????8???p?????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-07-14 22:24
ComboFix-quarantined-files.txt 2009-07-14 02:24
ComboFix2.txt 2009-07-12 16:04
Pre-Run: The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 243,187,593,216 bytes free
233 --- E O F --- 2008-09-15 22:16