Hijackthis Log - Alert Popup when Alt-tab

[dsunga]

Alert Popup is one item show when I click Alt-tab to switch between applications.
Not sure where it's from. Prior to this some I ran ComboFix to remove something that had renamed my My Computer folder.

All logs are attached.


Somehow I'm having problems with the manage attachment button here... sorry

 

[strategic]

I don't know which logs you have, maybe you can 'copy' the log, and 'paste' to your post.

 

[dsunga]

HijackThis Log - Top half

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:11:02 PM, on 8/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\USBStorage\USBDetector.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Documents and Settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\lxdxcoms.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\java.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Trend Micro\HijackThis\Crusty.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qps.peelschools.org/QuickPla...f891b8ba288f709852575040071c914/?OpenDocument
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BHOManager Class - {474264BC-9571-47C1-85B9-780F756DC9CE} - C:\WINDOWS\system32\BHOManager.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

 

[dsunga]

Hijack This Log - Next part

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BtTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [lxdxmon.exe] "C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe"
O4 - HKLM\..\Run: [lxdxamon] "C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe"
O4 - HKLM\..\Run: [LELA] "C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SansaDispatch] C:\Documents and Settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: CleanupNortelVPN.bat
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

 

[dsunga]

HijackThis Log - bottom part

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/mygarmin/m/GarminAxControl.CAB
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://qps.peelschools.org/qp2.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1241886118143
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.photolab.ca/Upload/ImageUploader4.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - https://remote.rbc.com/nortel_cacheable/msrdp.cab
O16 - DPF: {A2505C6C-6F17-456F-89D2-4301FBDC6EC7} (Iewiper Control) - https://remote.rbc.com/nortel_cacheable/iewiper.cab
O16 - DPF: {ACDB1787-986D-434D-9857-2172CDB2108D} (popupunblk Class) - https://remote.rbc.com/nortel_cacheable/punblock.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://206.210.96.94/activex/AMC.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://costco.pnimedia.com/upload/activex/v2_0_0_11/PCAXSetupv2.0.0.11.cab?
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15031/CTPID.cab
O18 - Protocol: HTLFP - {03B7A5D4-96B0-4316-95F8-072D326A58F1} - ielpview.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\skype4com.dll
O18 - Protocol: vfsp - {E4CB5121-E242-11D4-8ED6-00010219EB22} - VFSProtocol.dll (file missing)
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASTSRV - Unknown owner - C:\Windows\System32\ASTSRV.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BlueSoleilCS - IVT Corporation - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - IVT Corporation - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - IVT Corporation - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Google Update Service (gupdate1c9daf63e3a6ec8) (gupdate1c9daf63e3a6ec8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: lxdxCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe
O23 - Service: lxdx_device - - C:\WINDOWS\system32\lxdxcoms.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

--
End of file - 17102 bytes

 

[dsunga]

Malwaer Log

Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 3

8/9/2009 7:09:21 PM
mbam-log-2009-08-09 (19-09-21).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 243505
Time elapsed: 2 hour(s), 3 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

[dsunga]

Combo Fix Log

ComboFix 09-08-09.03 - Owner 08/09/2009 19:22.4.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.491 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((( Files Created from 2009-07-09 to 2009-08-09 )))))))))))))))))))))))))))))))
.

2009-08-09 04:28 . 2009-08-09 04:28 161464 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-08-08 15:26 . 2009-08-08 15:26 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-08-08 15:15 . 2009-08-08 15:15 -------- d-----w- c:\documents and settings\LocalService\Application Data\Lexmark Productivity Studio
2009-08-08 13:11 . 2009-08-08 13:11 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Linksys_LLC_-_A_Division_
2009-08-08 13:05 . 2009-08-08 13:05 -------- d-----w- c:\program files\WebEx
2009-08-08 13:02 . 2009-08-08 13:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Linksys
2009-08-08 13:00 . 2008-04-09 04:14 23992 ----a-w- c:\windows\system32\drivers\pnarp.sys
2009-08-08 13:00 . 2008-04-09 04:14 25272 ----a-w- c:\windows\system32\drivers\purendis.sys
2009-08-08 13:00 . 2009-08-08 13:00 -------- d-----w- c:\program files\Common Files\Pure Networks Shared
2009-08-08 12:58 . 2009-08-08 12:59 -------- d-----w- c:\program files\Linksys
2009-08-02 17:55 . 2009-08-02 17:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Lexmark 3600-4600 Series
2009-08-02 17:53 . 2009-08-07 23:48 -------- d-----w- c:\documents and settings\Owner\Application Data\Lexmark Productivity Studio
2009-08-02 17:40 . 2009-08-08 15:16 -------- d-----w- c:\documents and settings\All Users\Lx_cats
2009-08-02 17:39 . 2008-02-28 00:15 40960 ----a-w- c:\windows\system32\lxdxvs.dll
2009-08-02 17:39 . 2008-02-19 04:14 360448 ----a-w- c:\windows\system32\lxdxcoin.dll
2009-08-02 17:39 . 2008-02-28 00:11 81920 ----a-w- c:\windows\system32\lxdxcaps.dll
2009-08-02 17:39 . 2008-02-28 00:11 782336 ----a-w- c:\windows\system32\lxdxdrs.dll
2009-08-02 17:39 . 2008-02-28 00:02 69632 ----a-w- c:\windows\system32\lxdxcnv4.dll
2009-08-02 17:38 . 2009-08-05 01:58 -------- d-----w- c:\program files\Abbyy FineReader 6.0 Sprint
2009-07-31 23:10 . 2009-07-31 23:23 -------- d-----w- c:\documents and settings\Owner\Application Data\XnView
2009-07-31 23:09 . 2009-07-31 23:09 -------- d-----w- c:\program files\XnView
2009-07-22 20:23 . 2009-02-12 09:35 38208 ----a-w- c:\documents and settings\Owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-07-22 20:23 . 2009-07-22 20:23 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-07-22 20:22 . 2009-07-22 20:22 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-07-22 20:22 . 2009-07-26 16:25 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-22 20:22 . 2009-07-26 16:25 -------- d-----w- c:\program files\NOS
2009-07-22 16:48 . 2009-07-22 16:48 -------- d-----w- c:\program files\Common Files\Bcgsoft
2009-07-21 18:49 . 2009-07-21 18:49 117953338 ----a-w- C:\AfterQTP.reg
2009-07-21 16:41 . 2009-07-21 16:41 -------- d-----w- c:\documents and settings\Owner\Application Data\Macrovision
2009-07-21 16:41 . 2009-07-21 16:41 -------- d-----w- c:\documents and settings\Owner\Application Data\HP
2009-07-21 16:38 . 2009-07-21 16:38 -------- d-----w- c:\program files\Microsoft Script Debugger
2009-07-21 16:12 . 2009-07-21 16:12 -------- d-----w- c:\program files\Common Files\Mercury Interactive
2009-07-21 16:12 . 2009-07-21 16:12 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-07-21 16:12 . 2009-01-01 13:57 11107 ----a-w- c:\windows\system32\pal_drv.sys
2009-07-21 16:04 . 2009-07-21 16:04 -------- d-----w- c:\program files\HP
2009-07-21 16:04 . 2009-07-21 16:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Macrovision
2009-07-21 15:45 . 2009-07-21 15:45 108279254 ----a-w- C:\BeforeQTP.reg
2009-07-21 15:44 . 2009-07-21 15:44 -------- d-----w- c:\documents and settings\Owner\Application Data\Scooter Software
2009-07-21 15:44 . 2009-07-21 15:44 -------- d-----w- c:\program files\Beyond Compare 3
2009-07-17 22:06 . 2009-07-31 11:06 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Temp

 

[dsunga]

ComboFix - cont.

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-09 20:57 . 2009-05-12 03:28 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-09 20:55 . 2009-05-12 01:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-09 20:53 . 2009-08-09 20:53 687104 ----a-w- c:\windows\isRS-000.tmp
2009-08-09 20:53 . 2009-06-24 13:23 3942048 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-09 13:58 . 2009-08-02 17:35 -------- d-----w- c:\program files\Lexmark 3600-4600 Series
2009-08-08 15:15 . 2006-04-23 00:29 75032 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-08 13:02 . 2005-04-13 17:41 -------- d-----w- c:\program files\Java
2009-08-08 13:00 . 2005-08-06 00:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Pure Networks
2009-08-08 12:59 . 2005-08-06 00:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-07 23:09 . 2009-05-12 03:27 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-06 01:24 . 2009-05-28 14:18 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-03 17:36 . 2009-05-12 01:47 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 17:36 . 2009-05-12 01:47 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-02 18:36 . 2009-08-02 17:35 -------- d-----w- c:\program files\Lexmark Toolbar
2009-08-01 20:46 . 2008-07-10 03:11 -------- d-----w- c:\program files\Lx_cats
2009-07-29 03:13 . 2009-05-31 01:26 14 ----a-w- c:\windows\popcinfo.dat
2009-07-22 20:24 . 2005-08-06 00:49 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-21 16:13 . 2005-04-13 16:55 1025 ----a-w- c:\windows\system32\xb7hy9s.dll
2009-07-21 16:13 . 2005-04-13 16:55 1025 ----a-w- c:\windows\system32\clauth2.dll
2009-07-21 16:13 . 2005-04-13 16:55 1025 ----a-w- c:\windows\system32\clauth1.dll
2009-07-21 16:13 . 2005-04-13 16:55 1024 ----a-w- c:\windows\system32\grcauth2.dll
2009-07-21 16:13 . 2005-04-13 16:55 1024 ----a-w- c:\windows\system32\grcauth1.dll
2009-07-04 15:07 . 2009-07-04 15:07 -------- d-----w- c:\documents and settings\Owner\Application Data\Red Kawa
2009-07-03 22:06 . 2006-04-23 20:56 -------- d-----w- c:\program files\Cool2000
2009-07-03 17:30 . 2008-10-16 21:57 -------- d-----w- c:\program files\PeerGuardian2
2009-07-03 17:30 . 2006-04-29 02:31 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent
2009-07-03 17:09 . 2005-04-13 16:56 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-02 16:47 . 2009-07-02 16:47 -------- d-----w- c:\program files\IVT Corporation
2009-07-02 16:46 . 2009-07-02 16:46 -------- d-----w- c:\program files\Nokia
2009-07-02 16:46 . 2009-07-02 16:46 -------- d-----w- c:\program files\DIFX
2009-07-02 16:46 . 2009-07-02 16:46 -------- d-----w- c:\program files\PC Connectivity Solution
2009-07-02 16:46 . 2009-07-02 16:46 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{83258E90-1F76-4E13-9F60-A0F8ED41E76F}\Installer\CommonCustomActions\UninstCCD.exe
2009-07-02 16:46 . 2009-07-02 16:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-07-02 14:53 . 2009-07-02 14:53 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2009-07-02 14:53 . 2009-07-02 14:53 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-06-29 13:52 . 2009-06-29 13:52 9728 ----a-w- c:\windows\system32\BsMonUI.dll
2009-06-29 13:52 . 2009-06-29 13:52 18432 ----a-w- c:\windows\system32\BsMonSvr.dll
2009-06-29 13:52 . 2009-06-29 13:52 405589 ----a-w- c:\windows\system32\BsUI.dll
2009-06-29 13:52 . 2009-06-29 13:52 57430 ----a-w- c:\windows\system32\btfunc.dll
2009-06-29 13:52 . 2009-06-29 13:52 278647 ----a-w- c:\windows\system32\outlookAddin.dll
2009-06-29 13:51 . 2009-06-29 13:51 53248 ----a-w- c:\windows\system32\HtmPrintHelper.dll
2009-06-29 13:51 . 2009-06-29 13:51 114774 ----a-w- c:\windows\system32\versit.dll
2009-06-29 13:51 . 2009-06-29 13:51 622693 ----a-w- c:\windows\system32\BSShell.dll
2009-06-29 13:51 . 2009-06-29 13:51 569430 ----a-w- c:\windows\system32\Bscdlg.dll
2009-06-29 13:51 . 2009-06-29 13:51 118884 ----a-w- c:\windows\system32\BsProfileFunc.dll
2009-06-29 13:50 . 2009-06-29 13:50 151642 ----a-w- c:\windows\system32\BsCommon.dll
2009-06-29 13:50 . 2009-06-29 13:50 94314 ----a-w- c:\windows\system32\BsHelpCSps.dll
2009-06-29 13:50 . 2009-06-29 13:50 589939 ----a-w- c:\windows\system32\BlueSoleilCSps.dll
2009-06-29 13:49 . 2009-06-29 13:49 28766 ----a-w- c:\windows\system32\PlayerCtrl.dll
2009-06-29 13:49 . 2009-06-29 13:49 98403 ----a-w- c:\windows\system32\Bs2Res.dll
2009-06-29 13:49 . 2009-06-29 13:49 135264 ----a-w- c:\windows\system32\BsMobileSDK.dll
2009-06-29 13:49 . 2009-06-29 13:49 254036 ----a-w- c:\windows\system32\BsSDK.dll
2009-06-29 13:48 . 2009-06-29 13:48 28672 ----a-w- c:\windows\system32\BsMobileCSps.dll
2009-06-29 13:48 . 2009-06-29 13:48 28760 ----a-w- c:\windows\system32\BsTrace.dll
2009-06-26 02:53 . 2009-06-26 02:53 -------- d-----w- c:\program files\iTunes
2009-06-26 02:53 . 2006-04-26 22:59 -------- d-----w- c:\program files\iPod
2009-06-26 02:53 . 2007-07-08 02:15 -------- d-----w- c:\program files\Common Files\Apple
2009-06-26 02:51 . 2006-07-08 01:24 -------- d-----w- c:\program files\QuickTime
2009-06-26 02:47 . 2009-06-26 02:47 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-21 18:12 . 2009-06-21 18:12 390664 ----a-w- c:\documents and settings\Owner\Application Data\Real\RealPlayer\Update\realplayer11gold.exe
2009-06-16 14:36 . 2005-04-13 16:56 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2005-04-13 16:55 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-13 20:41 . 2006-04-23 20:50 -------- d-----w- c:\program files\Greetings Workshop
2009-06-13 19:42 . 2008-10-15 00:56 106942640 ----a-w- c:\documents and settings\Owner\Application Data\SanDisk\Sansa Updater\Sansa Media Converter.EXE
2009-06-13 19:40 . 2008-10-15 00:19 541696 ----a-w- c:\documents and settings\Owner\Application Data\SanDisk\Sansa Updater\SansaUpdater.exe
2009-06-13 19:34 . 2008-10-15 00:19 79872 ----a-w- c:\documents and settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
2009-06-05 12:44 . 2009-06-05 12:44 50008 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{342126E1-173C-4585-BFBE-3EBDD20E3E9E}\_6FEFF9B68218417F98F549.exe
2009-06-03 19:09 . 2005-04-13 16:55 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-22 16:00 . 2009-05-22 16:00 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-05-22 15:53 . 2009-05-22 15:53 845800 ----a-w- c:\documents and settings\Owner\Application Data\MSNInstaller\msnauins.exe
2009-05-12 11:49 . 2008-11-23 15:39 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-12 11:48 . 2009-05-12 11:48 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
.

 

[dsunga]

ComboFix - cont.

((((((((((((((((((((((((((((( SnapShot_2009-08-09_04.18.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-09 20:55 . 2009-08-09 20:55 16384 c:\windows\Temp\Perflib_Perfdata_20c.dat
+ 2005-04-13 10:07 . 2009-08-09 13:58 289296 c:\windows\system32\FNTCACHE.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-06-02 1957888]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-21 68856]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"SansaDispatch"="c:\documents and settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2009-06-13 79872]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-08-07 1830128]
"updateMgr"="c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2005-10-24 307200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-18 339968]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-13 483328]
"USBDetector"="c:\usbstorage\USBDetector.exe" [2007-01-02 53248]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-02 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-12 148888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2009-06-29 315478]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"lxdxmon.exe"="c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe" [2008-06-13 668328]
"lxdxamon"="c:\program files\Lexmark 3600-4600 Series\lxdxamon.exe" [2008-06-13 16040]
"LELA"="c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" [2008-05-01 131072]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-04-09 648504]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
CleanupNortelVPN.bat [2008-10-7 923]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2006-10-22 25214]
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{A5949E07-8536-4625-A3D0-2DD83F559990}"= "c:\windows\system32\ShellHook.dll" [2009-01-01 147456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\utorrent\\utorrent.exe"=
"c:\\Program Files\\Cerberus\\Cerberus.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Nexon\\MapleStory\\MapleStory.exe"=
"c:\\Program Files\\Firefly Studios\\Stronghold Legends\\StrongholdLegends.exe"=
"c:\\Nexon\\MapleStory\\Patcher.exe"=
"c:\\Program Files\\Common Files\\AOL\\1123289240\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\ati2evxx.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"c:\\Program Files\\HP\\QuickTest Professional\\bin\\AQTRmtAgent.exe"=
"c:\\WINDOWS\\system32\\lxdxcoms.exe"=
"c:\\Program Files\\Lexmark 3600-4600 Series\\lxdxmon.exe"=
"c:\\WINDOWS\\system32\\lxdxcfg.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxtime.exe"=
"c:\\Program Files\\Lexmark 3600-4600 Series\\Diagnostics\\LXDXdiag.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxjswx.exe"=
"c:\\Program Files\\Lexmark 3600-4600 Series\\frun.exe"=
"c:\\Program Files\\Lexmark 3600-4600 Series\\Wireless\\lxdxwpss.exe"=

[

 

[dsunga]

Combo Fix - cont.

HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1025:TCP"= 1025:TCPASVFTP
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"135:TCP"= 135:TCPCOM
"67:UDP"= 67:UDP:0.0.0.0/255.255.255.255:EnabledHCP Discovery Service

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [1/7/2009 11:39 PM 20744]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [4/28/2009 11:33 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [4/28/2009 11:33 AM 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/28/2009 10:18 AM 108289]
R2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [6/29/2009 9:48 AM 143467]
R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [4/18/2008 5:30 AM 204800]
R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]
R2 paldrv;paldrv;c:\windows\system32\pal_drv.sys [7/21/2009 12:12 PM 11107]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [12/7/2008 12:44 PM 30088]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [7/2/2008 2:58 PM 26248]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [4/28/2009 11:33 AM 7408]
S2 ASTSRV;ASTSRV;c:\windows\System32\ASTSRV.exe --> c:\windows\System32\ASTSRV.exe [?]
S2 gupdate1c9daf63e3a6ec8;Google Update Service (gupdate1c9daf63e3a6ec8);c:\program files\Google\Update\GoogleUpdate.exe [5/22/2009 11:58 AM 133104]
S2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdxserv.exe [8/2/2009 1:39 PM 98984]
S3 lgatbus;LG USB Composite Device driver (WDM);c:\windows\system32\drivers\lgatbus.sys [6/14/2006 9:08 PM 43024]
S3 lgatmdm;LG CDMA USB Modem Drivers;c:\windows\system32\drivers\lgatmdm.sys [6/15/2006 8:49 PM 77104]
S3 lgatserd;LG CDMA USB Modem Diagnostic Serial Port Drivers (WDM);c:\windows\system32\drivers\lgatserd.sys [6/15/2006 8:49 PM 60816]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys --> c:\windows\system32\DRIVERS\wg111v2.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-06-18 c:\windows\Tasks\defrag.job
- c:\windows\system32\defrag.exe [2005-04-13 00:12]

2009-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-22 15:57]

2009-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-22 15:57]

2009-08-09 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

 

[dsunga]

Combo Fix - end

------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://qps.peelschools.org/QuickPlace/lorneparkss/Main.nsf/h_Toc/6f891b8ba288f709852575040071c914/?OpenDocument
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
Trusted Zone: rbc.com\vpn
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/mygarmin/m/GarminAxControl.CAB
DPF: {A2505C6C-6F17-456F-89D2-4301FBDC6EC7} - hxxps://remote.rbc.com/nortel_cacheable/iewiper.cab
DPF: {ACDB1787-986D-434D-9857-2172CDB2108D} - hxxps://remote.rbc.com/nortel_cacheable/punblock.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://206.210.96.94/activex/AMC.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\zyp7o3fm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.leaguelineup.com/calendar.asp?cmenuid=3&url=mississauga_chiefs_bantam_b&sid=764301584
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - HiddenExtension: XUL Cache: {718CE169-1B83-4B68-B10D-3A2E3B2FAC83} - c:\documents and settings\Owner\Local Settings\Application Data\{718CE169-1B83-4B68-B10D-3A2E3B2FAC83}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-09 19:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{40886FA5-87BC-FDA7-0C1FAC01C243999B}\{19E564B2-522B-7AA8-1ACCCD0705265332}\{1F2DE655-6E2E-2DD5-8638E8D01A513D14}*]
"NRDFOBLVNAUE2QOGEQXAH1Y2DD1"=hex:01,00,01,00,00,00,00,00,b0,0a,ac,41,7a,16,04,
de,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{63BF9C16-61FD-5246-D28A6F9B6DBA4643}\{A1662382-7299-AE2E-23313B5BBD368ECE}\{683884CE-C1AE-773A-12388A76175B81B9}*]
"NRDFOBLVNAUE2QOGEQXAH1Y2DD1"=hex:01,00,01,00,00,00,00,00,b0,0a,ac,41,7a,16,04,
de,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(576)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3976)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
Completion time: 2009-08-09 19:34
ComboFix-quarantined-files.txt 2009-08-09 23:34
ComboFix2.txt 2009-08-09 04:21
ComboFix3.txt 2009-05-28 13:59
ComboFix4.txt 2009-05-14 13:01

Pre-Run: 139,467,608,064 bytes free
Post-Run: 139,412,828,160 bytes free

328 --- E O F --- 2009-08-08 23:18

 

[clovervidia]

I googled for the answer. Do you have a certain software from Linksys? Linksys EasyLink Advisor, I believe? Close that and uninstall it. I got it from here http://www.sinc.sunysb.edu/Stu/jglazer/AlertPopup.htm