1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Active Computer doesn't boot right/at all...

Discussion in 'Malware and Virus Removal Archive' started by Elemt, 2009/07/31.

  1. 2009/07/31
    Elemt

    Elemt Inactive Thread Starter

    Joined:
    2009/07/30
    Messages:
    3
    Likes Received:
    0
    [Active] Computer doesn't boot right/at all...

    Well I'm running on windows xp and there's something really wrong with my computer. First off, it boots rather slow and sometimes when i log in it does not load my desktop and i have to reboot. My task manager does not open with hot keys ctrl+shift+Esc or ctrl+alt+del. I can only access it with right click on the clock. My volume icon from task tray dissapeared. When i attempt to download something on firefox or IE it freezes my computer. Only google chrome works with downloads now. It won't let me uninstall any programs from add/remove programs it says another installation is already in progress although I do not have any other installation running. When I ran malwarebytes it found 4 infections but it could not clean them due to the fact that when I click remove all it just froze the computer... Here is the HJT log. Please help.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:30:45 PM, on 7/31/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\System32\svchost.exe
    c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\msfeedssync.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
    O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.Exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [accrdsub] "c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe "
    O4 - HKLM\..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
    O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe "
    O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
    O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\WECPUpdate.exe -s
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
    O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
    O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe "
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe "
    O4 - HKLM\..\Run: [VetStart] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe" -r
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\mario\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\aro.exe -rem
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
    O4 - Global Startup: Bluetooth.lnk = ?
    O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
    O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - http://nysav01.kddia.com:8080/officescan/console/html/ClientInstall/WinNTChk.cab
    O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - http://nysav01.kddia.com:8080/officescan/console/html/ClientInstall/setup.cab
    O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - http://nysav01.kddia.com:8080/officescan/console/html/root/AtxEnc.cab
    O16 - DPF: {4D054067-DE3A-48F9-B19B-BCD229B9AE8D} (PrinterHelpEtcActiveX Control) - http://www.samsungdp.com/printerhelp/ActiveX/DrPrinter.cab
    O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - http://nysav01.kddia.com:8080/officescan/console/html/ClientInstall/RemoveCtrl.cab
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = kddia.com
    O17 - HKLM\Software\..\Telephony: DomainName = kddia.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = kddia.com
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = kddia.com
    O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = kddia.com
    O18 - Filter hijack: text/html - {907f5cb5-da63-4cdd-9118-64fc732578c5} - C:\WINDOWS\system32\mst122.dll
    O20 - AppInit_DLLs: ms32clod.dll APSHook.dll
    O20 - Winlogon Notify: ackpbsc - c:\WINDOWS\system32\ackpbsc.dll
    O20 - Winlogon Notify: acunlock - c:\Program Files\ActivIdentity\ActivClient\acunlock.dll
    O20 - Winlogon Notify: OneCard - c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - c:\Program Files\ActivIdentity\ActivClient\accoca.exe
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - c:\Program Files\Fingerprint Sensor\AtService.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
    O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    O23 - Service: EDPA - Unknown owner - C:\Program Files\Vontu\Endpoint Agent\edpa.exe
    O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
    O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
    O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
    O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
    O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
    O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
    O23 - Service: SyncThru Web Admin Service (SWAS_Core) - Unknown owner - C:\Program Files\Samsung Network Printer Utilities\SyncThru Web Admin Service\SWAS.exe
    O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
    O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
    O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: WDP - Unknown owner - C:\Program Files\Vontu\Endpoint Agent\wdp.exe

    --
    End of file - 11750 bytes
     
  2. 2009/07/31
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.
     

  3. to hide this advert.

  4. 2009/07/31
    Elemt

    Elemt Inactive Thread Starter

    Joined:
    2009/07/30
    Messages:
    3
    Likes Received:
    0
    Hey, broni! Sorry I took so long. The combofix log after reboot took a while and then my computer froze so I had to reboot and that reboot took really long log in wouldn't come up. Now I got my volume and internet icons back in task tray. Here's the combofix log.




    ComboFix 09-07-31.04 - mario 07/31/2009 22:57.1.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2043.1504 [GMT -4:00]
    Running from: c:\documents and settings\mario\Desktop\ComboFix.exe
    AV: CA Anti-Virus *On-access scanning disabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
    AV: Trend Micro OfficeScan Antivirus *On-access scanning disabled* (Outdated) {3E32A037-CB54-4368-B795-2C2F501151B7}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\CSWREM.EXE
    c:\documents and settings\Administrator\Application Data\inst.exe
    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    c:\documents and settings\mario\Application Data\inst.exe
    c:\program files\Common
    c:\program files\WinPCap
    c:\program files\WinPCap\rpcapd.exe
    c:\recycler\S-1-5-21-1708537768-602609370-725345543-500
    c:\recycler\S-1-5-21-1970669217-3039873087-1641278998-500
    c:\windows\Installer\18015070.msi
    c:\windows\Installer\45a81.msp
    c:\windows\Installer\45a82.msp
    c:\windows\system32\drivers\npf.sys
    c:\windows\system32\med.dll
    c:\windows\system32\Packet.dll
    c:\windows\system32\pthreadVC.dll
    c:\windows\system32\WanPacket.dll
    c:\windows\system32\wpcap.dll

    ----- BITS: Possible infected sites -----

    hxxp://nysav01.kddia.com
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_NPF
    -------\Service_npf


    ((((((((((((((((((((((((( Files Created from 2009-07-01 to 2009-08-01 )))))))))))))))))))))))))))))))
    .

    2009-07-31 12:56 . 2009-07-31 12:56 -------- d-sh--w- c:\documents and settings\mario\IECompatCache
    2009-07-31 12:55 . 2009-07-31 12:55 -------- d-sh--w- c:\documents and settings\mario\PrivacIE
    2009-07-31 12:52 . 2009-07-31 12:52 -------- d-sh--w- c:\documents and settings\mario\IETldCache
    2009-07-31 12:52 . 2009-07-31 12:52 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
    2009-07-31 05:01 . 2009-07-31 05:02 -------- dc-h--w- c:\windows\ie8
    2009-07-31 02:51 . 2009-07-31 02:51 -------- d-----w- c:\documents and settings\mario\Application Data\Sammsoft
    2009-07-31 02:51 . 2009-07-31 02:51 -------- d-----w- c:\program files\AskBarDis
    2009-07-31 02:51 . 2009-07-31 02:51 -------- d-----w- c:\program files\Advanced Registry Optimizer
    2009-07-31 02:46 . 2009-07-31 02:46 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
    2009-07-31 00:37 . 2009-07-31 00:37 -------- d-----w- c:\windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
    2009-07-30 01:02 . 2009-07-30 01:02 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
    2009-07-30 01:02 . 2009-07-30 01:02 -------- d-----w- c:\program files\STOPzilla!
    2009-07-30 01:02 . 2009-07-30 01:02 -------- d-----w- c:\program files\Common Files\iS3
    2009-07-30 01:02 . 2009-07-31 20:19 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
    2009-07-29 04:08 . 2009-07-30 00:04 -------- d-----w- c:\documents and settings\mario\Local Settings\Application Data\Promosoft Corporation
    2009-07-29 04:08 . 2009-07-30 00:04 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2009-07-21 23:59 . 2009-07-21 23:59 17408 ----a-w- c:\windows\system32\winxpdsca32.exe
    2009-07-21 05:03 . 2009-07-21 05:03 0 ----a-w- c:\windows\system32\mmd109en.dat
    2009-07-21 05:03 . 2009-07-21 05:03 0 ----a-w- c:\windows\system32\cok458en.dat
    2009-07-21 05:02 . 2009-07-22 00:00 17408 ----a-w- c:\windows\system32\perfc5932.dat
    2009-07-21 05:02 . 2009-07-22 00:00 1 ----a-w- c:\windows\system32\perfc7683.dat
    2009-07-20 18:57 . 2009-07-20 18:57 17408 ----a-r- c:\windows\system32\SZIO5.dll
    2009-07-20 18:56 . 2009-07-20 18:56 311296 ----a-r- c:\windows\system32\SZBase5.dll
    2009-07-20 18:56 . 2009-07-20 18:56 540672 ----a-r- c:\windows\system32\SZComp5.dll
    2009-07-20 01:12 . 2009-07-20 01:12 -------- d-----w- c:\documents and settings\mario\Local Settings\Application Data\Temp
    2009-07-18 04:11 . 2009-07-21 05:24 1217536 ----a-w- c:\documents and settings\mario\Desktopkernel32.dll
    2009-07-12 16:59 . 2009-07-12 16:59 -------- d-----w- C:\ijji
    2009-07-10 16:06 . 2009-06-23 15:06 245408 ----a-w- c:\documents and settings\mario\Application Data\Mozilla\Firefox\Profiles\8hfvre5o.default\extensions\LogMeInClient@logmein.com\plugins\unicows.dll
    2009-07-10 16:06 . 2009-04-05 18:26 8784 ----a-w- c:\documents and settings\mario\Application Data\Mozilla\Firefox\Profiles\8hfvre5o.default\extensions\LogMeInClient@logmein.com\plugins\ractrlkeyhook.dll
    2009-07-10 16:06 . 2009-04-05 18:26 71248 ----a-w- c:\documents and settings\mario\Application Data\Mozilla\Firefox\Profiles\8hfvre5o.default\extensions\LogMeInClient@logmein.com\plugins\LMIProxyHelper.exe
    2009-07-10 16:06 . 2009-02-19 15:38 2633728 ----a-w- c:\documents and settings\mario\Application Data\Mozilla\Firefox\Profiles\8hfvre5o.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
    2009-07-09 19:52 . 2009-07-09 19:52 126976 ----a-r- c:\windows\system32\IS3HTUI5.dll
    2009-07-09 19:52 . 2009-07-09 19:52 393216 ----a-r- c:\windows\system32\IS3DBA5.dll
    2009-07-09 19:51 . 2009-07-09 19:51 385024 ----a-r- c:\windows\system32\IS3UI5.dll
    2009-07-09 19:51 . 2009-07-09 19:51 61440 ----a-r- c:\windows\system32\IS3Hks5.dll
    2009-07-09 19:51 . 2009-07-09 19:51 23040 ----a-r- c:\windows\system32\IS3XDat5.dll
    2009-07-09 19:50 . 2009-07-09 19:50 225280 ----a-r- c:\windows\system32\IS3Win325.dll
    2009-07-09 19:50 . 2009-07-09 19:50 94208 ----a-r- c:\windows\system32\IS3Inet5.dll
    2009-07-09 19:50 . 2009-07-09 19:50 90112 ----a-r- c:\windows\system32\IS3Svc5.dll
    2009-07-09 19:47 . 2009-07-09 19:47 724992 ----a-r- c:\windows\system32\IS3Base5.dll
    2009-07-09 18:14 . 2009-07-01 04:52 480688 ----a-w- c:\documents and settings\mario\Application Data\ijjigame\ijjistarter2FxB.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-08-01 03:05 . 2009-01-24 01:38 17408 ----a-w- c:\windows\system32\rpcnetp.exe
    2009-08-01 03:04 . 2009-01-22 19:51 56680 ----a-w- c:\windows\system32\rpcnet.dll
    2009-08-01 01:04 . 2009-01-15 22:21 -------- d-----w- c:\program files\Trend Micro
    2009-07-31 00:53 . 2009-05-15 16:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-07-30 02:49 . 2009-01-15 23:46 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-07-30 02:48 . 2009-01-15 23:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-07-30 02:47 . 2009-05-13 17:11 127877 ----a-w- c:\documents and settings\mario\Application Data\Move Networks\uninstall.exe
    2009-07-30 02:47 . 2009-05-01 06:30 4183416 ----a-w- c:\documents and settings\mario\Application Data\Move Networks\plugins\npqmp071500000347.dll
    2009-07-30 02:47 . 2009-01-25 21:01 -------- d-----w- c:\documents and settings\mario\Application Data\Move Networks
    2009-07-30 00:08 . 2009-03-11 00:02 -------- d-----w- c:\program files\Samsung Network Printer Utilities
    2009-07-30 00:07 . 2008-07-11 13:37 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-07-30 00:03 . 2009-07-01 03:39 -------- d-----w- c:\program files\Common Files\AOL
    2009-07-29 22:27 . 2009-01-24 01:39 17408 ----a-w- c:\windows\system32\rpcnetp.dll
    2009-07-28 01:19 . 2004-08-04 08:00 144096 ----a-w- c:\windows\system32\ist.dat
    2009-07-28 01:19 . 2004-08-04 08:00 1202788 ----a-w- c:\windows\system32\pst.dat
    2009-07-21 05:03 . 2009-07-21 05:03 9152 ----a-w- c:\windows\system32\rtm2k3.tmp
    2009-07-21 05:03 . 2009-07-21 05:03 9152 ----a-w- c:\windows\system32\07q0nq.tmp
    2009-07-16 00:08 . 2009-01-27 04:52 34 ----a-w- c:\documents and settings\mario\jagex_runescape_preferences.dat
    2009-07-13 17:36 . 2009-05-15 16:58 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-07-13 17:36 . 2009-05-15 16:58 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-07-09 18:14 . 2009-05-23 02:34 -------- d--h--w- c:\documents and settings\mario\Application Data\ijjigame
    2009-07-01 04:52 . 2009-07-01 04:52 -------- d-----w- c:\documents and settings\All Users\Application Data\ijjigame
    2009-07-01 03:58 . 2009-07-01 03:58 -------- d-----w- c:\documents and settings\mario\Application Data\Viewpoint
    2009-07-01 03:39 . 2009-07-01 03:39 -------- d-----w- c:\program files\Viewpoint
    2009-07-01 03:39 . 2009-07-01 03:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
    2009-07-01 03:39 . 2009-07-01 03:39 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL OCP
    2009-07-01 03:39 . 2009-07-01 03:39 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
    2009-06-16 16:11 . 2009-02-01 17:14 -------- d-----w- c:\program files\Electra Elite IPK II PCPro
    2009-06-14 01:30 . 2009-06-14 01:30 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2009-06-12 02:00 . 2008-07-11 14:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-06-12 01:26 . 2009-06-12 01:26 390664 ----a-w- c:\documents and settings\mario\Application Data\Real\RealPlayer\Update\realplayer11gold.exe
    2009-05-31 01:55 . 2009-03-18 01:12 56680 ----a-w- c:\windows\system32\rpcnet.exe
    2009-05-23 02:34 . 2009-05-23 02:34 383645136 ----a-w- c:\documents and settings\mario\Application Data\ijjigame\U_GBOUND_setup.exe
    2009-05-21 14:31 . 2009-03-17 21:53 26352 ----a-w- c:\windows\system32\drivers\vet-filt.sys
    2009-05-21 14:31 . 2009-03-17 21:53 21488 ----a-w- c:\windows\system32\drivers\vetfddnt.sys
    2009-05-21 14:31 . 2009-03-17 21:53 21104 ----a-w- c:\windows\system32\drivers\vet-rec.sys
    2009-05-21 14:31 . 2009-03-17 21:53 161008 ----a-w- c:\windows\system32\drivers\vetmonnt.sys
    2009-05-12 18:13 . 2009-05-12 18:13 61328 ----a-r- c:\windows\system32\drivers\SZKG.sys
    2009-05-07 15:32 . 2004-08-04 08:00 345600 ----a-w- c:\windows\system32\localspl.dll
    2009-05-05 17:02 . 2009-05-05 17:02 47360 ----a-w- c:\documents and settings\Administrator\Application Data\pcouffin.sys
    2009-05-05 17:02 . 2009-05-05 17:02 47360 ----a-w- c:\documents and settings\Administrator\Application Data\pcouffin.sys
    2009-05-04 14:07 . 2009-01-22 18:08 91136 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-05-03 19:10 . 2009-01-23 01:31 91136 ----a-w- c:\documents and settings\mario\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-08-01 00:57 . 2009-03-26 01:43 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{3041d03e-fd4b-44e0-b742-2d9b88305f98} "= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]

    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "Google Update "= "c:\documents and settings\mario\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-03-27 133104]
    "AROReminder "= "c:\program files\Advanced Registry Optimizer\aro.exe" [2008-08-22 2084480]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AccelerometerSysTrayApplet "= "c:\windows\system32\AccelerometerSt.Exe" [2008-05-08 77616]
    "IAAnotif "= "c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-20 178712]
    "accrdsub "= "c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]
    "PTHOSTTR "= "c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2008-06-10 238896]
    "CognizanceTS "= "c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2008-06-02 24848]
    "SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1040384]
    "hpWirelessAssistant "= "c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
    "QlbCtrl.exe "= "c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-14 177456]
    "Cpqset "= "c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2008-05-14 61440]
    "IMJPMIG8.1 "= "c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
    "MSPY2002 "= "c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
    "PHIME2002ASync "= "c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "PHIME2002A "= "c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "SoundMAXPnP "= "c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1044480]
    "StartCCC "= "c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
    "OfficeScanNT Monitor "= "c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2007-12-11 710000]
    "Media Codec Update Service "= "c:\program files\Essentials Codec Pack\WECPUpdate.exe" [2009-02-17 208896]
    "TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-25 198160]
    "WatchDog "= "c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2008-05-23 197904]
    "Samsung PanelMgr "= "c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-08-08 524288]
    "cctray "= "c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2009-05-21 181488]
    "CAVRID "= "c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2008-08-30 234736]
    "VetStart "= "c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe" [2008-08-30 255216]
    "Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
    "SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
    "MsmqIntCert "= "mqrt.dll" - c:\windows\system32\mqrt.dll [2008-04-14 177152]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-5-12 576104]
    DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2009-2-25 197904]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
    2007-05-15 23:08 112640 ----a-w- c:\windows\system32\ackpbsc.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
    2007-05-15 23:08 281088 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
    2008-06-02 12:06 112400 ----a-w- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs "=c:\windows\system32\APSHook.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk /r \??\c:\0autocheck autochk *\0lsdelete

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli ASWLNPkg

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
    "DisableMonitoring "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\WINDOWS\\system32\\mqsvc.exe "=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
    "\\\\nypc409\\Share\\Absolute\\PC\\ctmweb.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "15001:TCP "= 15001:TCP:Trend Micro OfficeScan Listener

    R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [6/5/2008 8:08 PM 109184]
    R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [6/5/2008 8:08 PM 51376]
    R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [6/5/2008 8:08 PM 12928]
    R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [3/28/2008 6:14 AM 24064]
    R0 szkg5;szkg;c:\windows\system32\drivers\SZKG.sys [5/12/2009 2:13 PM 61328]
    R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [6/5/2008 8:08 PM 12496]
    R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [5/15/2007 7:08 PM 182576]
    R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [8/4/2004 4:00 AM 14336]
    R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [5/15/2008 6:11 PM 1176824]
    R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [6/10/2008 2:13 PM 18944]
    R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [6/5/2008 8:07 PM 256512]
    R2 SWAS_Core;SyncThru Web Admin Service;c:\program files\Samsung Network Printer Utilities\SyncThru Web Admin Service\SWAS.exe [3/10/2009 8:35 PM 1449984]
    R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\tmxpflt.sys [11/26/2008 6:42 PM 225296]
    R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\tmpreflt.sys [11/26/2008 6:42 PM 36368]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/30/2009 11:39 PM 24652]
    R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [5/15/2008 4:29 PM 475520]
    R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [7/11/2008 10:32 AM 193840]
    R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [7/11/2008 9:27 AM 244368]
    R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [4/4/2007 3:16 PM 41216]
    R3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [3/17/2009 5:53 PM 185584]
    R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [7/11/2008 9:27 AM 47616]
    S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [8/4/2004 4:00 AM 14336]
    S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [5/15/2009 12:58 PM 38160]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [12/5/2006 11:24 AM 92160]
    S3 TmProxy;OfficeScan NT Proxy Service;c:\program files\Trend Micro\OfficeScan Client\TmProxy.exe [4/27/2007 8:35 PM 575064]
    S3 vfsmfd;vfsmfd;c:\windows\system32\drivers\vfsmfd.sys [1/22/2009 4:36 PM 20992]
    S3 vrtam;vrtam;c:\windows\system32\drivers\vrtam.sys [1/22/2009 4:36 PM 8192]
    S4 EDPA;EDPA;c:\program files\Vontu\Endpoint Agent\edpa.exe [9/11/2008 2:25 AM 110592]
    S4 WDP;WDP;c:\program files\Vontu\Endpoint Agent\wdp.exe [9/11/2008 2:27 AM 118784]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Cognizance REG_MULTI_SZ ASBroker ASChannel

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll ",BrandIEActiveSetup SIGNUP
    .
    Contents of the 'Scheduled Tasks' folder

    2009-08-01 c:\windows\Tasks\User_Feed_Synchronization-{921F6CAD-EBFB-4043-BD1F-E5677CABFF7D}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.cnn.com/
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    LSP: c:\windows\system32\VetRedir.dll
    FF - ProfilePath - c:\documents and settings\mario\Application Data\Mozilla\Firefox\Profiles\8hfvre5o.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/
    FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
    FF - plugin: c:\documents and settings\mario\Application Data\Move Networks\plugins\npqmp071500000347.dll
    FF - plugin: c:\documents and settings\mario\Application Data\Mozilla\Firefox\Profiles\8hfvre5o.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
    FF - plugin: c:\documents and settings\mario\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true.

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-07-31 23:06
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe???????????????????????|?M?|?????M?|??@

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]
    "ImagePath "= "c:\windows\system32\GameMon.des -service "
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1040)
    c:\program files\Hewlett-Packard\IAM\bin\ocgina.dll
    c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll
    c:\program files\Hewlett-Packard\IAM\bin\brand.dll
    c:\program files\Hewlett-Packard\IAM\Bin\HPPlugIn.dll
    c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHostServices.dll
    c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Interop.PTHstServsLib.dll
    c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHstServs.dll
    c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Interop.HPQWMIEXLib.dll
    c:\program files\Hewlett-Packard\IAM\bin\ItTal.dll
    c:\program files\Hewlett-Packard\IAM\bin\ItReports.DLL
    c:\program files\Hewlett-Packard\IAM\Bin\AsChnl.dll
    c:\windows\system32\ackpbsc.dll
    c:\windows\system32\aclog.dll
    c:\windows\system32\ACLIBEAY.dll
    c:\windows\system32\acevtsub.dll
    c:\windows\system32\asphat32.dll
    c:\windows\system32\acerrmes.dll
    c:\windows\system32\aspcom.dll
    c:\program files\ActivIdentity\ActivClient\Resources\Merged\acerrmrc.dll
    c:\program files\ActivIdentity\ActivClient\Resources\Merged\asphatrc.dll
    c:\windows\system32\Ati2evxx.dll
    c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
    c:\program files\Hewlett-Packard\IAM\Bin\TrayIcon.dll
    c:\program files\Hewlett-Packard\IAM\Bin\ItDac.DLL
    c:\program files\Hewlett-Packard\IAM\Bin\STEngine.dll
    c:\program files\Hewlett-Packard\IAM\Bin\BioAuth.dll
    c:\program files\Hewlett-Packard\IAM\Bin\ItClient.dll
    c:\program files\Hewlett-Packard\IAM\Bin\ASBioATFSS.dll
    c:\windows\system32\VetRedir.dll
    c:\windows\system32\ISafeIf.dll
    c:\program files\Hewlett-Packard\IAM\Bin\ItVCClient.dll
    c:\program files\Hewlett-Packard\IAM\Bin\AuthWiz.dll
    c:\program files\Hewlett-Packard\IAM\Bin\TpmAuth.dll
    c:\program files\Hewlett-Packard\IAM\Bin\TokenAuth.dll
    c:\program files\Hewlett-Packard\IAM\Bin\ittalsnap.DLL
    c:\program files\Hewlett-Packard\IAM\Bin\ItVCard.dll
    c:\program files\Hewlett-Packard\IAM\Bin\ItAuth.dll
    c:\windows\system32\xenroll.dll
    c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
    c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
    c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll
    c:\program files\ActivIdentity\ActivClient\acunlock.dll
    c:\windows\system32\aipingui.dll
    c:\program files\ActivIdentity\ActivClient\Resources\Merged\aipinguirc.dll
    c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
    c:\program files\ActivIdentity\ActivClient\Resources\Merged\acunlockrc.dll
    c:\program files\Hewlett-Packard\IAM\Bin\ItAPS.dll
    c:\windows\system32\APSHook.dll

    - - - - - - - > 'lsass.exe'(1100)
    c:\program files\Hewlett-Packard\IAM\bin\ASWLNPkg.dll
    c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\ati2evxx.exe
    c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    c:\program files\Lavasoft\Ad-Aware\aawservice.exe
    c:\program files\ActivIdentity\ActivClient\acevents.exe
    c:\windows\system32\ati2evxx.exe
    c:\windows\system32\scardsvr.exe
    c:\windows\system32\msdtc.exe
    c:\windows\system32\agrsmsvc.exe
    c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
    c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    c:\program files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
    c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Trend Micro\OfficeScan Client\NTRtScan.exe
    c:\windows\system32\rpcnet.exe
    c:\windows\system32\mqsvc.exe
    c:\program files\Trend Micro\OfficeScan Client\TmListen.exe
    c:\program files\Internet Explorer\iexplore.exe
    c:\windows\system32\mqtgsvc.exe
    c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
    c:\windows\Temp\EYD58D.EXE
    c:\program files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
    c:\program files\Hewlett-Packard\IAM\Bin\asghost.exe
    c:\program files\ActivIdentity\ActivClient\acevents.exe
    c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
    c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
    c:\program files\CA\CA Internet Security Suite\ccprovsp.exe
    c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    c:\windows\system32\dwwin.exe
    .
    **************************************************************************
    .
    Completion time: 2009-08-01 23:12 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-08-01 03:12

    Pre-Run: 130,734,333,952 bytes free
    Post-Run: 131,682,480,128 bytes free

    Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4
    368 --- E O F --- 2009-06-12 02:00
     
  5. 2009/07/31
    Elemt

    Elemt Inactive Thread Starter

    Joined:
    2009/07/30
    Messages:
    3
    Likes Received:
    0
    Oh, forgot about the new HJT log here it is:




    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:39:47 PM, on 7/31/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\svchost.exe
    c:\Program Files\Fingerprint Sensor\AtService.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\Program Files\ActivIdentity\ActivClient\accoca.exe
    C:\WINDOWS\system32\agrsmsvc.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
    c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
    C:\WINDOWS\system32\rpcnet.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Samsung Network Printer Utilities\SyncThru Web Admin Service\SWAS.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\system32\mqsvc.exe
    C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
    C:\WINDOWS\system32\mqtgsvc.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
    C:\WINDOWS\TEMP\BPFC88.EXE
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
    C:\WINDOWS\system32\AccelerometerSt.Exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
    C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    c:\Program Files\ActivIdentity\ActivClient\acevents.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
    C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\mario\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\msfeedssync.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\CA\CA Internet Security Suite\ccupdate\CCUpdate.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
    O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.Exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [accrdsub] "c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe "
    O4 - HKLM\..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
    O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe "
    O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
    O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\WECPUpdate.exe -s
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
    O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
    O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe "
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe "
    O4 - HKLM\..\Run: [VetStart] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe" -r
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\mario\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\aro.exe -rem
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
    O4 - Global Startup: Bluetooth.lnk = ?
    O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
    O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - http://nysav01.kddia.com:8080/officescan/console/html/ClientInstall/WinNTChk.cab
    O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - http://nysav01.kddia.com:8080/officescan/console/html/ClientInstall/setup.cab
    O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - http://nysav01.kddia.com:8080/officescan/console/html/root/AtxEnc.cab
    O16 - DPF: {4D054067-DE3A-48F9-B19B-BCD229B9AE8D} (PrinterHelpEtcActiveX Control) - http://www.samsungdp.com/printerhelp/ActiveX/DrPrinter.cab
    O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - http://nysav01.kddia.com:8080/officescan/console/html/ClientInstall/RemoveCtrl.cab
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = kddia.com
    O17 - HKLM\Software\..\Telephony: DomainName = kddia.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = kddia.com
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = kddia.com
    O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = kddia.com
    O20 - Winlogon Notify: ackpbsc - c:\WINDOWS\system32\ackpbsc.dll
    O20 - Winlogon Notify: acunlock - c:\Program Files\ActivIdentity\ActivClient\acunlock.dll
    O20 - Winlogon Notify: OneCard - c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - c:\Program Files\ActivIdentity\ActivClient\accoca.exe
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - c:\Program Files\Fingerprint Sensor\AtService.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
    O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
    O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
    O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
    O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
    O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
    O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
    O23 - Service: SyncThru Web Admin Service (SWAS_Core) - Unknown owner - C:\Program Files\Samsung Network Printer Utilities\SyncThru Web Admin Service\SWAS.exe
    O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
    O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
    O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 14178 bytes
     
  6. 2009/08/01
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You're running two antivirus programs:
    Trend Micro OfficeScan Antivirus
    CA Anti-Virus
    One of them has to go.

    ==================================================================

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\windows\system32\winxpdsca32.exe
    c:\windows\system32\mmd109en.dat
    c:\windows\system32\cok458en.dat
    c:\windows\system32\perfc5932.dat
    c:\windows\system32\perfc7683.dat
    c:\windows\system32\rtm2k3.tmp
    c:\windows\system32\07q0nq.tmp
    
    
    Folder::
    
    Driver::
    
    Registry::
    
    RegLockDel::
    
    

    3. Save the above as CFScript.txt

    4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
    • A new HijackThis log.
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.