TechSpot

Hijackthis Log - Alert Popup when Alt-tab

By dsunga
Aug 9, 2009
  1. Alert Popup is one item show when I click Alt-tab to switch between applications.
    Not sure where it's from. Prior to this some I ran ComboFix to remove something that had renamed my My Computer folder.

    All logs are attached.


    Somehow I'm having problems with the manage attachment button here... sorry
     
  2. strategic

    strategic TechSpot Paladin Posts: 1,020

    I don't know which logs you have, maybe you can 'copy' the log, and 'paste' to your post.
     
  3. dsunga

    dsunga TS Rookie Topic Starter Posts: 16

    HijackThis Log - Top half

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:11:02 PM, on 8/9/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Digital Media Reader\shwiconem.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\USBStorage\USBDetector.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
    C:\WINDOWS\system32\crypserv.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
    C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
    C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
    C:\Documents and Settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\lxdxcoms.exe
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\WINDOWS\system32\java.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Trend Micro\HijackThis\Crusty.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qps.peelschools.org/QuickPla...f891b8ba288f709852575040071c914/?OpenDocument
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: BHOManager Class - {474264BC-9571-47C1-85B9-780F756DC9CE} - C:\WINDOWS\system32\BHOManager.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
     
  4. dsunga

    dsunga TS Rookie Topic Starter Posts: 16

    Hijack This Log - Next part

    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [BtTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [lxdxmon.exe] "C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe"
    O4 - HKLM\..\Run: [lxdxamon] "C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe"
    O4 - HKLM\..\Run: [LELA] "C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized
    O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [SansaDispatch] C:\Documents and Settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: CleanupNortelVPN.bat
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
     
  5. dsunga

    dsunga TS Rookie Topic Starter Posts: 16

    HijackThis Log - bottom part

    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/mygarmin/m/GarminAxControl.CAB
    O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://qps.peelschools.org/qp2.cab
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsi.cab
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1241886118143
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.photolab.ca/Upload/ImageUploader4.cab
    O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - https://remote.rbc.com/nortel_cacheable/msrdp.cab
    O16 - DPF: {A2505C6C-6F17-456F-89D2-4301FBDC6EC7} (Iewiper Control) - https://remote.rbc.com/nortel_cacheable/iewiper.cab
    O16 - DPF: {ACDB1787-986D-434D-9857-2172CDB2108D} (popupunblk Class) - https://remote.rbc.com/nortel_cacheable/punblock.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://206.210.96.94/activex/AMC.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://costco.pnimedia.com/upload/activex/v2_0_0_11/PCAXSetupv2.0.0.11.cab?
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15031/CTPID.cab
    O18 - Protocol: HTLFP - {03B7A5D4-96B0-4316-95F8-072D326A58F1} - ielpview.dll (file missing)
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\skype4com.dll
    O18 - Protocol: vfsp - {E4CB5121-E242-11D4-8ED6-00010219EB22} - VFSProtocol.dll (file missing)
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ASTSRV - Unknown owner - C:\Windows\System32\ASTSRV.exe (file missing)
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: BlueSoleilCS - IVT Corporation - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: BsHelpCS - IVT Corporation - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
    O23 - Service: BsMobileCS - IVT Corporation - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
    O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
    O23 - Service: Google Update Service (gupdate1c9daf63e3a6ec8) (gupdate1c9daf63e3a6ec8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
    O23 - Service: lxdxCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe
    O23 - Service: lxdx_device - - C:\WINDOWS\system32\lxdxcoms.exe
    O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

    --
    End of file - 17102 bytes
     
  6. dsunga

    dsunga TS Rookie Topic Starter Posts: 16

    Malwaer Log

    Malwarebytes' Anti-Malware 1.40
    Database version: 2551
    Windows 5.1.2600 Service Pack 3

    8/9/2009 7:09:21 PM
    mbam-log-2009-08-09 (19-09-21).txt

    Scan type: Full Scan (C:\|D:\|)
    Objects scanned: 243505
    Time elapsed: 2 hour(s), 3 minute(s), 37 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  7. dsunga

    dsunga TS Rookie Topic Starter Posts: 16

    Combo Fix Log

    ComboFix 09-08-09.03 - Owner 08/09/2009 19:22.4.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.491 [GMT -4:00]
    Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    .

    ((((((((((((((((((((((((( Files Created from 2009-07-09 to 2009-08-09 )))))))))))))))))))))))))))))))
    .

    2009-08-09 04:28 . 2009-08-09 04:28 161464 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2009-08-08 15:26 . 2009-08-08 15:26 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
    2009-08-08 15:15 . 2009-08-08 15:15 -------- d-----w- c:\documents and settings\LocalService\Application Data\Lexmark Productivity Studio
    2009-08-08 13:11 . 2009-08-08 13:11 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Linksys_LLC_-_A_Division_
    2009-08-08 13:05 . 2009-08-08 13:05 -------- d-----w- c:\program files\WebEx
    2009-08-08 13:02 . 2009-08-08 13:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Linksys
    2009-08-08 13:00 . 2008-04-09 04:14 23992 ----a-w- c:\windows\system32\drivers\pnarp.sys
    2009-08-08 13:00 . 2008-04-09 04:14 25272 ----a-w- c:\windows\system32\drivers\purendis.sys
    2009-08-08 13:00 . 2009-08-08 13:00 -------- d-----w- c:\program files\Common Files\Pure Networks Shared
    2009-08-08 12:58 . 2009-08-08 12:59 -------- d-----w- c:\program files\Linksys
    2009-08-02 17:55 . 2009-08-02 17:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Lexmark 3600-4600 Series
    2009-08-02 17:53 . 2009-08-07 23:48 -------- d-----w- c:\documents and settings\Owner\Application Data\Lexmark Productivity Studio
    2009-08-02 17:40 . 2009-08-08 15:16 -------- d-----w- c:\documents and settings\All Users\Lx_cats
    2009-08-02 17:39 . 2008-02-28 00:15 40960 ----a-w- c:\windows\system32\lxdxvs.dll
    2009-08-02 17:39 . 2008-02-19 04:14 360448 ----a-w- c:\windows\system32\lxdxcoin.dll
    2009-08-02 17:39 . 2008-02-28 00:11 81920 ----a-w- c:\windows\system32\lxdxcaps.dll
    2009-08-02 17:39 . 2008-02-28 00:11 782336 ----a-w- c:\windows\system32\lxdxdrs.dll
    2009-08-02 17:39 . 2008-02-28 00:02 69632 ----a-w- c:\windows\system32\lxdxcnv4.dll
    2009-08-02 17:38 . 2009-08-05 01:58 -------- d-----w- c:\program files\Abbyy FineReader 6.0 Sprint
    2009-07-31 23:10 . 2009-07-31 23:23 -------- d-----w- c:\documents and settings\Owner\Application Data\XnView
    2009-07-31 23:09 . 2009-07-31 23:09 -------- d-----w- c:\program files\XnView
    2009-07-22 20:23 . 2009-02-12 09:35 38208 ----a-w- c:\documents and settings\Owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
    2009-07-22 20:23 . 2009-07-22 20:23 -------- d-----w- c:\program files\Common Files\Adobe AIR
    2009-07-22 20:22 . 2009-07-22 20:22 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
    2009-07-22 20:22 . 2009-07-26 16:25 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
    2009-07-22 20:22 . 2009-07-26 16:25 -------- d-----w- c:\program files\NOS
    2009-07-22 16:48 . 2009-07-22 16:48 -------- d-----w- c:\program files\Common Files\Bcgsoft
    2009-07-21 18:49 . 2009-07-21 18:49 117953338 ----a-w- C:\AfterQTP.reg
    2009-07-21 16:41 . 2009-07-21 16:41 -------- d-----w- c:\documents and settings\Owner\Application Data\Macrovision
    2009-07-21 16:41 . 2009-07-21 16:41 -------- d-----w- c:\documents and settings\Owner\Application Data\HP
    2009-07-21 16:38 . 2009-07-21 16:38 -------- d-----w- c:\program files\Microsoft Script Debugger
    2009-07-21 16:12 . 2009-07-21 16:12 -------- d-----w- c:\program files\Common Files\Mercury Interactive
    2009-07-21 16:12 . 2009-07-21 16:12 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
    2009-07-21 16:12 . 2009-01-01 13:57 11107 ----a-w- c:\windows\system32\pal_drv.sys
    2009-07-21 16:04 . 2009-07-21 16:04 -------- d-----w- c:\program files\HP
    2009-07-21 16:04 . 2009-07-21 16:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Macrovision
    2009-07-21 15:45 . 2009-07-21 15:45 108279254 ----a-w- C:\BeforeQTP.reg
    2009-07-21 15:44 . 2009-07-21 15:44 -------- d-----w- c:\documents and settings\Owner\Application Data\Scooter Software
    2009-07-21 15:44 . 2009-07-21 15:44 -------- d-----w- c:\program files\Beyond Compare 3
    2009-07-17 22:06 . 2009-07-31 11:06 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Temp
     
  8. dsunga

    dsunga TS Rookie Topic Starter Posts: 16

    ComboFix - cont.

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-08-09 20:57 . 2009-05-12 03:28 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2009-08-09 20:55 . 2009-05-12 01:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-08-09 20:53 . 2009-08-09 20:53 687104 ----a-w- c:\windows\isRS-000.tmp
    2009-08-09 20:53 . 2009-06-24 13:23 3942048 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2009-08-09 13:58 . 2009-08-02 17:35 -------- d-----w- c:\program files\Lexmark 3600-4600 Series
    2009-08-08 15:15 . 2006-04-23 00:29 75032 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-08-08 13:02 . 2005-04-13 17:41 -------- d-----w- c:\program files\Java
    2009-08-08 13:00 . 2005-08-06 00:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Pure Networks
    2009-08-08 12:59 . 2005-08-06 00:36 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-08-07 23:09 . 2009-05-12 03:27 -------- d-----w- c:\program files\SUPERAntiSpyware
    2009-08-06 01:24 . 2009-05-28 14:18 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2009-08-03 17:36 . 2009-05-12 01:47 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-08-03 17:36 . 2009-05-12 01:47 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-08-02 18:36 . 2009-08-02 17:35 -------- d-----w- c:\program files\Lexmark Toolbar
    2009-08-01 20:46 . 2008-07-10 03:11 -------- d-----w- c:\program files\Lx_cats
    2009-07-29 03:13 . 2009-05-31 01:26 14 ----a-w- c:\windows\popcinfo.dat
    2009-07-22 20:24 . 2005-08-06 00:49 -------- d-----w- c:\program files\Common Files\Adobe
    2009-07-21 16:13 . 2005-04-13 16:55 1025 ----a-w- c:\windows\system32\xb7hy9s.dll
    2009-07-21 16:13 . 2005-04-13 16:55 1025 ----a-w- c:\windows\system32\clauth2.dll
    2009-07-21 16:13 . 2005-04-13 16:55 1025 ----a-w- c:\windows\system32\clauth1.dll
    2009-07-21 16:13 . 2005-04-13 16:55 1024 ----a-w- c:\windows\system32\grcauth2.dll
    2009-07-21 16:13 . 2005-04-13 16:55 1024 ----a-w- c:\windows\system32\grcauth1.dll
    2009-07-04 15:07 . 2009-07-04 15:07 -------- d-----w- c:\documents and settings\Owner\Application Data\Red Kawa
    2009-07-03 22:06 . 2006-04-23 20:56 -------- d-----w- c:\program files\Cool2000
    2009-07-03 17:30 . 2008-10-16 21:57 -------- d-----w- c:\program files\PeerGuardian2
    2009-07-03 17:30 . 2006-04-29 02:31 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent
    2009-07-03 17:09 . 2005-04-13 16:56 915456 ----a-w- c:\windows\system32\wininet.dll
    2009-07-02 16:47 . 2009-07-02 16:47 -------- d-----w- c:\program files\IVT Corporation
    2009-07-02 16:46 . 2009-07-02 16:46 -------- d-----w- c:\program files\Nokia
    2009-07-02 16:46 . 2009-07-02 16:46 -------- d-----w- c:\program files\DIFX
    2009-07-02 16:46 . 2009-07-02 16:46 -------- d-----w- c:\program files\PC Connectivity Solution
    2009-07-02 16:46 . 2009-07-02 16:46 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{83258E90-1F76-4E13-9F60-A0F8ED41E76F}\Installer\CommonCustomActions\UninstCCD.exe
    2009-07-02 16:46 . 2009-07-02 16:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
    2009-07-02 14:53 . 2009-07-02 14:53 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
    2009-07-02 14:53 . 2009-07-02 14:53 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
    2009-06-29 13:52 . 2009-06-29 13:52 9728 ----a-w- c:\windows\system32\BsMonUI.dll
    2009-06-29 13:52 . 2009-06-29 13:52 18432 ----a-w- c:\windows\system32\BsMonSvr.dll
    2009-06-29 13:52 . 2009-06-29 13:52 405589 ----a-w- c:\windows\system32\BsUI.dll
    2009-06-29 13:52 . 2009-06-29 13:52 57430 ----a-w- c:\windows\system32\btfunc.dll
    2009-06-29 13:52 . 2009-06-29 13:52 278647 ----a-w- c:\windows\system32\outlookAddin.dll
    2009-06-29 13:51 . 2009-06-29 13:51 53248 ----a-w- c:\windows\system32\HtmPrintHelper.dll
    2009-06-29 13:51 . 2009-06-29 13:51 114774 ----a-w- c:\windows\system32\versit.dll
    2009-06-29 13:51 . 2009-06-29 13:51 622693 ----a-w- c:\windows\system32\BSShell.dll
    2009-06-29 13:51 . 2009-06-29 13:51 569430 ----a-w- c:\windows\system32\Bscdlg.dll
    2009-06-29 13:51 . 2009-06-29 13:51 118884 ----a-w- c:\windows\system32\BsProfileFunc.dll
    2009-06-29 13:50 . 2009-06-29 13:50 151642 ----a-w- c:\windows\system32\BsCommon.dll
    2009-06-29 13:50 . 2009-06-29 13:50 94314 ----a-w- c:\windows\system32\BsHelpCSps.dll
    2009-06-29 13:50 . 2009-06-29 13:50 589939 ----a-w- c:\windows\system32\BlueSoleilCSps.dll
    2009-06-29 13:49 . 2009-06-29 13:49 28766 ----a-w- c:\windows\system32\PlayerCtrl.dll
    2009-06-29 13:49 . 2009-06-29 13:49 98403 ----a-w- c:\windows\system32\Bs2Res.dll
    2009-06-29 13:49 . 2009-06-29 13:49 135264 ----a-w- c:\windows\system32\BsMobileSDK.dll
    2009-06-29 13:49 . 2009-06-29 13:49 254036 ----a-w- c:\windows\system32\BsSDK.dll
    2009-06-29 13:48 . 2009-06-29 13:48 28672 ----a-w- c:\windows\system32\BsMobileCSps.dll
    2009-06-29 13:48 . 2009-06-29 13:48 28760 ----a-w- c:\windows\system32\BsTrace.dll
    2009-06-26 02:53 . 2009-06-26 02:53 -------- d-----w- c:\program files\iTunes
    2009-06-26 02:53 . 2006-04-26 22:59 -------- d-----w- c:\program files\iPod
    2009-06-26 02:53 . 2007-07-08 02:15 -------- d-----w- c:\program files\Common Files\Apple
    2009-06-26 02:51 . 2006-07-08 01:24 -------- d-----w- c:\program files\QuickTime
    2009-06-26 02:47 . 2009-06-26 02:47 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
    2009-06-21 18:12 . 2009-06-21 18:12 390664 ----a-w- c:\documents and settings\Owner\Application Data\Real\RealPlayer\Update\realplayer11gold.exe
    2009-06-16 14:36 . 2005-04-13 16:56 119808 ----a-w- c:\windows\system32\t2embed.dll
    2009-06-16 14:36 . 2005-04-13 16:55 81920 ----a-w- c:\windows\system32\fontsub.dll
    2009-06-13 20:41 . 2006-04-23 20:50 -------- d-----w- c:\program files\Greetings Workshop
    2009-06-13 19:42 . 2008-10-15 00:56 106942640 ----a-w- c:\documents and settings\Owner\Application Data\SanDisk\Sansa Updater\Sansa Media Converter.EXE
    2009-06-13 19:40 . 2008-10-15 00:19 541696 ----a-w- c:\documents and settings\Owner\Application Data\SanDisk\Sansa Updater\SansaUpdater.exe
    2009-06-13 19:34 . 2008-10-15 00:19 79872 ----a-w- c:\documents and settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
    2009-06-05 12:44 . 2009-06-05 12:44 50008 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{342126E1-173C-4585-BFBE-3EBDD20E3E9E}\_6FEFF9B68218417F98F549.exe
    2009-06-03 19:09 . 2005-04-13 16:55 1291264 ----a-w- c:\windows\system32\quartz.dll
    2009-05-22 16:00 . 2009-05-22 16:00 56 ---ha-w- c:\windows\system32\ezsidmv.dat
    2009-05-22 15:53 . 2009-05-22 15:53 845800 ----a-w- c:\documents and settings\Owner\Application Data\MSNInstaller\msnauins.exe
    2009-05-12 11:49 . 2008-11-23 15:39 410984 ----a-w- c:\windows\system32\deploytk.dll
    2009-05-12 11:48 . 2009-05-12 11:48 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
    .
     
  9. dsunga

    dsunga TS Rookie Topic Starter Posts: 16

    ComboFix - cont.

    ((((((((((((((((((((((((((((( SnapShot_2009-08-09_04.18.13 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-08-09 20:55 . 2009-08-09 20:55 16384 c:\windows\Temp\Perflib_Perfdata_20c.dat
    + 2005-04-13 10:07 . 2009-08-09 13:58 289296 c:\windows\system32\FNTCACHE.DAT
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-06-02 1957888]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-21 68856]
    "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
    "SansaDispatch"="c:\documents and settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2009-06-13 79872]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-08-07 1830128]
    "updateMgr"="c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2005-10-24 307200]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-18 339968]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
    "Acrobat Assistant 7.0"="c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-13 483328]
    "USBDetector"="c:\usbstorage\USBDetector.exe" [2007-01-02 53248]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-02 198160]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-12 148888]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
    "BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2009-06-29 315478]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
    "lxdxmon.exe"="c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe" [2008-06-13 668328]
    "lxdxamon"="c:\program files\Lexmark 3600-4600 Series\lxdxamon.exe" [2008-06-13 16040]
    "LELA"="c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" [2008-05-01 131072]
    "nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-04-09 648504]

    c:\documents and settings\Owner\Start Menu\Programs\Startup\
    CleanupNortelVPN.bat [2008-10-7 923]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2006-10-22 25214]
    Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "EnableShellExecuteHooks"= 1 (0x1)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "EnableShellExecuteHooks"= 1 (0x1)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    "{A5949E07-8536-4625-A3D0-2DD83F559990}"= "c:\windows\system32\ShellHook.dll" [2009-01-01 147456]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "FirewallOverride"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\utorrent\\utorrent.exe"=
    "c:\\Program Files\\Cerberus\\Cerberus.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Nexon\\MapleStory\\MapleStory.exe"=
    "c:\\Program Files\\Firefly Studios\\Stronghold Legends\\StrongholdLegends.exe"=
    "c:\\Nexon\\MapleStory\\Patcher.exe"=
    "c:\\Program Files\\Common Files\\AOL\\1123289240\\EE\\AOLServiceHost.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
    "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "c:\\WINDOWS\\system32\\ati2evxx.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
    "c:\\Program Files\\HP\\QuickTest Professional\\bin\\AQTRmtAgent.exe"=
    "c:\\WINDOWS\\system32\\lxdxcoms.exe"=
    "c:\\Program Files\\Lexmark 3600-4600 Series\\lxdxmon.exe"=
    "c:\\WINDOWS\\system32\\lxdxcfg.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxpswx.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxtime.exe"=
    "c:\\Program Files\\Lexmark 3600-4600 Series\\Diagnostics\\LXDXdiag.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxjswx.exe"=
    "c:\\Program Files\\Lexmark 3600-4600 Series\\frun.exe"=
    "c:\\Program Files\\Lexmark 3600-4600 Series\\Wireless\\lxdxwpss.exe"=

    [
     
  10. dsunga

    dsunga TS Rookie Topic Starter Posts: 16

    Combo Fix - cont.

    HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "1025:TCP"= 1025:TCP:pASVFTP
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    "135:TCP"= 135:TCP:DCOM
    "67:UDP"= 67:UDP:0.0.0.0/255.255.255.255:Enabled:DHCP Discovery Service

    R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [1/7/2009 11:39 PM 20744]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [4/28/2009 11:33 AM 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [4/28/2009 11:33 AM 74480]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/28/2009 10:18 AM 108289]
    R2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [6/29/2009 9:48 AM 143467]
    R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [4/18/2008 5:30 AM 204800]
    R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]
    R2 paldrv;paldrv;c:\windows\system32\pal_drv.sys [7/21/2009 12:12 PM 11107]
    R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
    R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [12/7/2008 12:44 PM 30088]
    R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [7/2/2008 2:58 PM 26248]
    R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [4/28/2009 11:33 AM 7408]
    S2 ASTSRV;ASTSRV;c:\windows\System32\ASTSRV.exe --> c:\windows\System32\ASTSRV.exe [?]
    S2 gupdate1c9daf63e3a6ec8;Google Update Service (gupdate1c9daf63e3a6ec8);c:\program files\Google\Update\GoogleUpdate.exe [5/22/2009 11:58 AM 133104]
    S2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdxserv.exe [8/2/2009 1:39 PM 98984]
    S3 lgatbus;LG USB Composite Device driver (WDM);c:\windows\system32\drivers\lgatbus.sys [6/14/2006 9:08 PM 43024]
    S3 lgatmdm;LG CDMA USB Modem Drivers;c:\windows\system32\drivers\lgatmdm.sys [6/15/2006 8:49 PM 77104]
    S3 lgatserd;LG CDMA USB Modem Diagnostic Serial Port Drivers (WDM);c:\windows\system32\drivers\lgatserd.sys [6/15/2006 8:49 PM 60816]
    S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys --> c:\windows\system32\DRIVERS\wg111v2.sys [?]

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    .
    Contents of the 'Scheduled Tasks' folder

    2009-08-07 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

    2009-06-18 c:\windows\Tasks\defrag.job
    - c:\windows\system32\defrag.exe [2005-04-13 00:12]

    2009-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-22 15:57]

    2009-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-22 15:57]

    2009-08-09 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
     
  11. dsunga

    dsunga TS Rookie Topic Starter Posts: 16

    Combo Fix - end

    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uStart Page = hxxp://qps.peelschools.org/QuickPlace/lorneparkss/Main.nsf/h_Toc/6f891b8ba288f709852575040071c914/?OpenDocument
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    Trusted Zone: rbc.com\vpn
    DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/mygarmin/m/GarminAxControl.CAB
    DPF: {A2505C6C-6F17-456F-89D2-4301FBDC6EC7} - hxxps://remote.rbc.com/nortel_cacheable/iewiper.cab
    DPF: {ACDB1787-986D-434D-9857-2172CDB2108D} - hxxps://remote.rbc.com/nortel_cacheable/punblock.cab
    DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://206.210.96.94/activex/AMC.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\zyp7o3fm.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.leaguelineup.com/calendar.asp?cmenuid=3&url=mississauga_chiefs_bantam_b&sid=764301584
    FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
    FF - HiddenExtension: XUL Cache: {718CE169-1B83-4B68-B10D-3A2E3B2FAC83} - c:\documents and settings\Owner\Local Settings\Application Data\{718CE169-1B83-4B68-B10D-3A2E3B2FAC83}
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-08-09 19:30
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{40886FA5-87BC-FDA7-0C1FAC01C243999B}\{19E564B2-522B-7AA8-1ACCCD0705265332}\{1F2DE655-6E2E-2DD5-8638E8D01A513D14}*]
    "NRDFOBLVNAUE2QOGEQXAH1Y2DD1"=hex:01,00,01,00,00,00,00,00,b0,0a,ac,41,7a,16,04,
    de,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{63BF9C16-61FD-5246-D28A6F9B6DBA4643}\{A1662382-7299-AE2E-23313B5BBD368ECE}\{683884CE-C1AE-773A-12388A76175B81B9}*]
    "NRDFOBLVNAUE2QOGEQXAH1Y2DD1"=hex:01,00,01,00,00,00,00,00,b0,0a,ac,41,7a,16,04,
    de,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(576)
    c:\program files\SUPERAntiSpyware\SASWINLO.dll
    c:\windows\system32\WININET.dll
    c:\windows\system32\Ati2evxx.dll

    - - - - - - - > 'explorer.exe'(3976)
    c:\windows\system32\WININET.dll
    c:\progra~1\WINDOW~3\wmpband.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\program files\Microsoft Office\OFFICE11\msohev.dll
    .
    Completion time: 2009-08-09 19:34
    ComboFix-quarantined-files.txt 2009-08-09 23:34
    ComboFix2.txt 2009-08-09 04:21
    ComboFix3.txt 2009-05-28 13:59
    ComboFix4.txt 2009-05-14 13:01

    Pre-Run: 139,467,608,064 bytes free
    Post-Run: 139,412,828,160 bytes free

    328 --- E O F --- 2009-08-08 23:18
     
  12. clovervidia

    clovervidia TS Rookie

Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...