Home   News  Product reviews  Website reviews  Forums   Competitions  Subscribe 
Search
You are not logged in.
Login | New user registration 		Main Index | Search | Active Topics | Who's Online | FAQ / HELP

Security >> HijackThis logs help and analysis
Previous thread Previous   View all threads Index   Next thread Next   Flat Mode Flat  

 |  Print Thread
muldrock
regular


Reg'd: Mon
Posts: 71
Loc: Australia
Re: Trojan problems
      Wed May 21 2008 12:17 AM
Reply to this post Reply   Reply to this post Quote  

Here is the combo lig followed by the hj log.
Thanks for you help.
Denny

ComboFix 08-05-20.1 - Denny Muldrock 2008-05-21 9:06:32.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.163 [GMT 10:00]
Running from: C:\Documents and Settings\Denny Muldrock\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\lsprst7.dll

.
((((((((((((((((((((((((( Files Created from 2008-04-20 to 2008-05-20 )))))))))))))))))))))))))))))))
.

2008-05-20 16:06 . 2008-05-20 16:06 <DIR> d-------- C:\Program Files\Common Files\SPSS
2008-05-20 16:06 . 2008-05-20 16:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SPSS
2008-05-20 15:16 . 2008-05-20 15:16 <DIR> d-------- C:\Magic Iso 5.3b221 + Crack
2008-05-20 15:07 . 2008-05-20 15:07 <DIR> d-------- C:\Program Files\MagicISO
2008-05-20 14:33 . 2008-05-20 23:24 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-05-20 14:30 . 2008-05-20 14:30 <DIR> d-------- C:\Documents and Settings\Denny Muldrock\Application Data\DAEMON Tools
2008-05-20 14:30 . 2008-05-20 14:30 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-19 07:47 . 2008-05-19 07:47 <DIR> d-------- C:\SPSS16Linux
2008-05-18 23:24 . 2008-05-18 23:24 <DIR> dr-h----- C:\$VAULT$.AVG
2008-05-18 19:23 . 2008-05-20 07:39 <DIR> d-------- C:\Documents and Settings\Denny Muldrock\Contacts
2008-05-18 18:43 . 2008-05-18 19:22 <DIR> d-------- C:\Program Files\Windows Live
2008-05-18 18:43 . 2008-05-18 19:03 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-18 18:43 . 2008-05-18 19:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-18 13:01 . 2008-05-18 13:01 <DIR> d-------- C:\SPSS v16.0.1 + Crack
2008-05-18 09:06 . 2008-05-18 09:06 <DIR> d-------- C:\SPSS.v16-EQUiNOX
2008-05-17 21:10 . 2008-05-17 21:10 <DIR> d-------- C:\Picturesque 2[k'ed]
2008-05-17 20:59 . 2008-05-19 19:10 <DIR> d-------- C:\Documents and Settings\Denny Muldrock\Application Data\.ABC
2008-05-17 20:57 . 2008-05-17 20:57 <DIR> d-------- C:\Program Files\ABC
2008-05-02 17:35 . 2008-05-02 17:35 <DIR> d-------- C:\WINDOWS\pcidevice
2008-05-02 17:35 . 2008-05-02 17:35 <DIR> d-------- C:\Program Files\DWL-G520M Wireless 108G MIMO PCI Adapter
2008-05-02 17:35 . 2005-09-13 06:48 358,464 --a------ C:\WINDOWS\system32\drivers\ar5513.sys
2008-05-02 17:35 . 2008-05-02 17:35 15,890 --a------ C:\WINDOWS\system32\drivers\mdc8021x.sys
2008-04-26 18:07 . 2004-08-04 16:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-04-26 18:07 . 2004-08-04 16:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-04-26 18:06 . 2008-04-26 18:06 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-04-26 18:06 . 2008-04-26 18:06 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-04-26 18:04 . 2008-04-26 18:04 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-04-26 18:04 . 2007-11-29 10:33 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-04-26 18:04 . 2007-11-29 10:39 95,744 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-04-26 18:04 . 2007-11-29 10:39 19,328 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-04-26 18:04 . 2007-11-29 10:39 16,896 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys
2008-04-26 18:04 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2008-04-26 18:04 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-20 22:50 --------- d-----w C:\Program Files\Lx_cats
2008-05-20 12:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-05-20 03:23 --------- d-----w C:\Documents and Settings\Denny Muldrock\Application Data\AVG7
2008-05-18 02:32 --------- d-----w C:\Program Files\SPSSInc
2008-05-18 02:32 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-13 22:58 --------- d-----w C:\Documents and Settings\Denny Muldrock\Application Data\AdobeUM
2008-05-02 07:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-29 03:02 --------- d-----w C:\Program Files\dl_Cats
2008-04-26 08:04 --------- d-----w C:\Program Files\Nokia
2008-04-26 08:03 --------- d-----w C:\Program Files\Common Files\Nokia
2008-04-26 08:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-04-16 09:09 --------- d-----w C:\Documents and Settings\Kids\Application Data\AVG7
2008-04-06 02:42 --------- d-----w C:\Documents and Settings\Jasmine\Application Data\AVG7
2008-04-03 10:27 --------- d-----w C:\Documents and Settings\Denny Muldrock\Application Data\CyberLink
2008-04-03 10:26 --------- d-----w C:\Program Files\CyberLink
2008-04-03 10:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-04-02 07:09 --------- d-----w C:\Program Files\Google
2008-04-02 05:52 --------- d-----w C:\Program Files\Paltalk Messenger
2008-04-02 05:52 --------- d-----w C:\Documents and Settings\Denny Muldrock\Application Data\Paltalk
2008-04-02 05:47 --------- d-----w C:\Program Files\MySpace
2008-04-02 05:47 --------- d-----w C:\Program Files\IncredibleCharts
2008-03-29 21:54 --------- d--h--r C:\Documents and Settings\Jasmine\Application Data\SecuROM
2008-03-29 11:08 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-03-29 11:08 --------- d--h--r C:\Documents and Settings\Denny Muldrock\Application Data\SecuROM
2008-03-29 10:52 --------- d-----w C:\Program Files\EA GAMES
2008-03-29 07:50 --------- d-----w C:\Documents and Settings\Denny Muldrock\Application Data\Nokia Multimedia Player
2008-03-29 07:50 --------- d-----w C:\Documents and Settings\Denny Muldrock\Application Data\Nokia
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-26 04:31 37,488 ----a-w C:\Documents and Settings\Denny Muldrock\Application Data\GDIPFONTCACHEV1.DAT
2008-03-24 05:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel
2008-03-23 12:59 --------- d-----w C:\Program Files\Java
2008-03-23 00:47 --------- d-----w C:\Documents and Settings\Denny Muldrock\Application Data\InstallShield
2008-03-23 00:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-03-23 00:46 --------- d-----w C:\Program Files\Minitab 15
2008-03-21 10:04 --------- d-----w C:\Program Files\OLYMPUS
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2007-10-27 05:54 12,201,779 ----a-w C:\Program Files\FullTiltPokerOrgSetup.exe
2007-10-18 07:40 10,629,120 ----a-w C:\Program Files\2500_cdw.exe
2007-09-25 00:13 27,024,112 ----a-w C:\Program Files\PowerPointViewer.exe
2007-08-11 23:43 812,344 ----a-w C:\Program Files\HJTInstall.exe
2007-08-08 13:53 308,888 ----a-w C:\Program Files\Install_AIM.exe
2007-08-07 05:18 8,739,610 ----a-w C:\Program Files\MiraScanv3424p_BQA.zip
2007-08-03 06:50 1,054,592 ----a-w C:\Program Files\SetupOneCare.exe
2007-08-03 02:46 216,334 ----a-w C:\Program Files\Legacy6Setup.exe
2007-07-28 02:51 5,779,339 ----a-w C:\Program Files\ac3decoder.zip
2007-07-24 06:48 25,755,448 ----a-w C:\Program Files\wmp11-windowsxp-x86-enu.exe
2007-06-20 04:09 16,706,160 ----a-w C:\Program Files\AdbeRdr60_enu_full.exe
2007-06-10 03:30 608,188 ----a-w C:\Program Files\lccop10.zip
2007-05-03 20:06 728,624 ----a-w C:\Program Files\aolsetup.exe
2007-05-03 20:06 4,424 ----a-w C:\Program Files\aolsetup.bin
2007-05-03 20:06 1,544 ----a-w C:\Program Files\main.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 17:56 15360]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [ ]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2008-02-22 14:29 95536]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 04:40 218032]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 19:39 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLCFCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [2006-10-20 17:48 73728]
"SoundMan"="SOUNDMAN.EXE" [2005-02-23 20:13 77824 C:\WINDOWS\SOUNDMAN.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"XeroxScannerDaemon"="C:\Program Files\Xerox\NWWia\XrxFTPLt.exe" [2001-08-17 22:37 27648]
"InstantAccess"="C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.exe" [1998-07-07 16:04 37376]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [ ]
"lxddmon.exe"="C:\Program Files\Lexmark 2500 Series\lxddmon.exe" [2007-02-13 09:58 291760]
"lxddamon"="C:\Program Files\Lexmark 2500 Series\lxddamon.exe" [2007-02-06 09:32 20480]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2007-02-13 10:00 312240]
"LXDDCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll" [2007-01-23 08:05 102400]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-10-14 16:06 181512]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-01-23 11:19 223232]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-16 19:12 579584]
"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2008-02-22 14:29 54576]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 17:56 15360]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 17:15 1634304]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-27 19:23 219136]

C:\Documents and Settings\Denny Muldrock\Start Menu\Programs\Startup\
reminder-ScanSoft Product Registration.lnk - C:\Program Files\TextBridge Classic 2.0\Ereg\REMIND32.EXE [2007-08-07 15:32:38 45056]
wkcalrem.LNK - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2002-06-20 21:21:32 24651]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
D-Link REG Utility.lnk - C:\Program Files\DWL-G520M Wireless 108G MIMO PCI Adapter\Reg.exe [2008-05-02 17:35:30 28672]
DWL-G520M Wireless 108G MIMO PCI Adapter Utility.lnk - C:\Program Files\DWL-G520M Wireless 108G MIMO PCI Adapter\AIRPLUS.exe [2008-05-02 17:35:30 667648]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"C:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=
"C:\\WINDOWS\\system32\\lxddcoms.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\xerox\\nwwia\\XrxFTPLt.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Program Files\\ABC\\abc.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\SPSSInc\\SPSS16EV\\SPSSWinWrapIDE.exe"=
"C:\\Program Files\\SPSSInc\\SPSS16EV\\spss.exe"=
"C:\\Program Files\\SPSSInc\\SPSS16EV\\spss.com"=

R2 lxdd_device;lxdd_device;C:\WINDOWS\system32\lxddcoms.exe [2007-02-13 09:59]
S3 AR5513;%ATHER.Service.DispName%;C:\WINDOWS\system32\DRIVERS\ar5513.sys [2005-09-13 06:48]
S3 upperdev;upperdev;C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 10:39]
S3 UsbserFilt;UsbserFilt;C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2007-11-29 10:39]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-20 19:30:00 C:\WINDOWS\Tasks\Disk Cleanup.job"
- C:\WINDOWS\system32\cleanmgr.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-21 09:11:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXDDCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-21 9:13:20
ComboFix-quarantined-files.txt 2008-05-20 23:13:16
ComboFix2.txt 2007-08-17 05:42:29

Pre-Run: 57,492,049,920 bytes free
Post-Run: 59,023,069,184 bytes free

190 --- E O F --- 2008-05-18 21:23:44



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:15:17 AM, on 21/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DWL-G520M Wireless 108G MIMO PCI Adapter\acs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\dlcfcoms.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Xerox\NWWia\XrxFTPLt.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\DWL-G520M Wireless 108G MIMO PCI Adapter\AIRPLUS.exe
C:\Program Files\TextBridge Classic 2.0\Ereg\REMIND32.EXE
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emailcash.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [XeroxScannerDaemon] C:\Program Files\Xerox\NWWia\XrxFTPLt.exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXDDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\TextBridge Classic 2.0\Ereg\REMIND32.EXE
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: D-Link REG Utility.lnk = C:\Program Files\DWL-G520M Wireless 108G MIMO PCI Adapter\Reg.exe
O4 - Global Startup: DWL-G520M Wireless 108G MIMO PCI Adapter Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1181025978560
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\Program Files\DWL-G520M Wireless 108G MIMO PCI Adapter\acs.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: dlcf_device - - C:\WINDOWS\System32\dlcfcoms.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9012 bytes

Post Extras Print Post   Remind Me!     Notify Moderator
Rate this thread

Jump to


Entire topic
Subject Posted by Posted on
* Trojan problems muldrock Mon May 19 2008 11:10 PM
. * * Re: Trojan problems bricatModerator   Tue May 20 2008 06:59 PM
. * * Re: Trojan problems muldrock   Wed May 21 2008 12:17 AM
. * * Re: Trojan problems bricatModerator   Wed May 21 2008 09:33 AM

Extra information
1 registered and 14 anonymous users are browsing this forum.

Moderator:  putasolutions, greysts, bricat, AndrewC, Joe_London, John_McKenna, Mouse, Hello_There, TheFatControlleR, Nanook, Noviciate 


Print Thread
Forum Permissions
      You cannot start new topics
      You cannot reply to topics
      HTML is disabled
      Mark-up is enabled

Rating:
Thread views: 0

Contact Us | Privacy statement Main website
Hitwise Top 10 Award Winner - Jan-Mar 2005

About us | Contact us | Link to us | Terms & Conditions | Privacy Policy
© Copyright IPC Media Limited, All rights reserved