|
|
pat2franklin
new user
Reg'd: Fri
Posts: 7
|
Re: sloooooooooooow computer, need some help
Sat Jun 27 2009 08:26 PM
|
|
|
|
here is the combofix report:
ComboFix 09-06-26.02 - RAC 06/27/2009 13:55.4 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.446.63 [GMT -4:00]
Running from: c:\users\RAC\Desktop\ComboFix.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2009-05-27 to 2009-06-27 )))))))))))))))))))))))))))))))
.
2009-06-19 21:50 . 2009-06-19 21:50 314200 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\threatwork.exe
2009-06-19 21:50 . 2009-06-19 21:50 25440 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\savapibridge.dll
2009-06-19 21:50 . 2009-06-19 21:50 169312 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\lavamessage.dll
2009-06-19 21:50 . 2009-06-19 21:50 348496 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\lavalicense.dll
2009-06-19 21:50 . 2009-06-19 21:50 296800 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\UpdateManager.dll
2009-06-19 21:50 . 2009-06-19 21:50 1630048 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\Resources.dll
2009-06-19 21:50 . 2009-06-19 21:50 72704 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\Drivers\32\AAWDriverTool.exe
2009-06-19 21:50 . 2009-06-19 21:50 640360 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\CEAPI.dll
2009-06-19 21:49 . 2009-06-19 21:49 561016 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\Ad-AwareCommand.exe
2009-06-19 21:49 . 2009-06-19 21:49 565096 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\Ad-AwareAdmin.exe
2009-06-19 21:49 . 2009-06-19 21:49 2349384 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\Ad-Aware.exe
2009-06-19 21:49 . 2009-06-19 21:49 627536 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\AAWWSC.exe
2009-06-19 21:49 . 2009-06-19 21:49 518488 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\AAWTray.exe
2009-06-19 21:49 . 2009-06-19 21:49 1003344 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\AAWService.exe
2009-06-11 00:10 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-06-11 00:03 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll
2009-06-10 23:00 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-01 21:51 . 2009-06-01 21:51 15688 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\lsdelete.exe
2009-06-01 21:51 . 2009-06-01 21:51 83808 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\ShellExt.dll
2009-06-01 21:50 . 2009-06-01 21:50 212848 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\RPAPI.dll
2009-06-01 21:50 . 2009-06-01 21:50 40288 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\PrivacyClean.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-27 16:53 . 2009-02-26 14:38 -------- d-----w- c:\program files\Disk Doctors NTFS Data Recovery
2009-06-27 16:53 . 2008-04-17 01:38 -------- d-----w- c:\program files\Pat'sJunk
2009-06-27 01:25 . 2008-06-20 13:10 -------- d-----w- c:\programdata\Google Updater
2009-06-17 07:04 . 2007-02-21 21:49 -------- d-----w- c:\program files\Microsoft Works
2009-06-15 01:54 . 2009-06-15 01:53 558716 ----a-w- c:\programdata\SPL5B9D.tmp
2009-05-13 07:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-08 21:49 . 2009-05-09 05:49 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-05-08 21:48 . 2009-05-08 21:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-05-08 21:48 . 2009-05-08 21:48 64160 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\Drivers\32\lbd.sys
2009-05-08 21:42 . 2009-05-08 21:42 -------- dc-h--w- c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-08 21:42 . 2009-05-08 21:42 -------- d-----w- c:\program files\Lavasoft
2009-05-01 19:12 . 2009-05-01 19:12 -------- d-----w- c:\program files\Coupons
2009-04-24 16:05 . 2009-06-12 15:10 827904 ----a-w- c:\windows\system32\wininet.dll
2009-04-24 16:02 . 2009-06-12 15:10 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-24 13:44 . 2009-06-12 15:10 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2008-08-12 13:38 . 2008-08-12 13:38 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-02-22 05:15 . 2007-02-22 05:15 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2006-11-12 446976]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 356352]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-17 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-12 29744]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2006-11-17 17920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-12-08 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-08 7766016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-08 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-16 148888]
"lxdpmon.exe"="c:\program files\Lexmark Z2300 Series\lxdpmon.exe" [2008-03-27 656040]
"lxdpamon"="c:\program files\Lexmark Z2300 Series\lxdpamon.exe" [2008-03-27 16040]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-19 518488]
"SigmatelSysTrayApp"="sttray.exe" - c:\windows\sttray.exe [2006-11-22 303104]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-12-23 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-2-21 45056]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{36B4638E-C58B-49E6-9774-AA7825BCCB80}"= UDP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{758C24D8-9304-4AC6-A3A7-DA30318B2366}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{1FADB1BA-69A0-48A7-A83A-3E47BF29D01C}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{F4069930-ADE2-44F7-B58D-3AE8D7C5F27D}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{F1A2B575-954B-44B3-8AE7-756A3D988F44}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{F2E0FED2-4454-4482-97A2-5C647B764157}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{77CED7B5-A992-49C1-848B-3B284ADED83F}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{45826722-C081-41AF-B3D7-CD8E1F906D85}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{94AFB97C-5B95-4A81-8746-B6C276063F90}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"{4DF5E879-6F97-412B-8883-6A9D1A11D7AD}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{4C75BA59-3E31-4E15-BE61-B1FF342C06B3}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{09FBB736-22AE-4903-BF46-11809ED4581A}"= UDP:c:\windows\explorer.exe:Explorer
"{741D5960-6BE0-429D-BF08-8E2381239E2C}"= TCP:c:\windows\explorer.exe:Explorer
"{9537E2FE-5BC1-41BF-8DE4-1A4B46FFB013}"= UDP:c:\windows\System32\LogonUI.exe:LogonUI
"{2427F8C5-97B6-4F4B-88B5-BAD11D195D47}"= TCP:c:\windows\System32\LogonUI.exe:LogonUI
"{C1E588A5-5834-4D99-9B6E-568A6DB747CC}"= UDP:c:\windows\System32\wininit.exe:wininit
"{A5668BD7-113C-43F8-A9C6-95D13C405709}"= TCP:c:\windows\System32\wininit.exe:wininit
"{F5F77260-EBE9-4CBE-8583-8D603072FD9E}"= UDP:c:\windows\System32\winlogon.exe:winlogon
"{9E963AC5-19E8-49AF-8D26-558364CCA7CA}"= TCP:c:\windows\System32\winlogon.exe:winlogon
"{C232D5D0-2989-42EE-9B01-21CEC7C5A213}"= c:\program files\AVG\AVG8\avgam.exe:avgam.exe
"{890331CB-7718-47B8-AB47-2ABFA8021AF4}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{FB623063-24E7-4115-906E-67AE40BB41F4}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{C66510BC-3C0F-4E91-A815-88D99FB236ED}"= UDP:c:\program files\Pat'sJunk\utorrent.exe:µTorrent (TCP-In)
"{40AFBD86-765E-4C64-9597-5BEFDDE37C2E}"= TCP:c:\program files\Pat'sJunk\utorrent.exe:µTorrent (UDP-In)
"{5D85F5BB-9164-4E43-A706-97E5CCADF59C}"= UDP:C:\utorrent.exe:µTorrent (TCP-In)
"{B54C1391-2A87-4C80-9CA9-D4CF851F2F1C}"= TCP:C:\utorrent.exe:µTorrent (UDP-In)
"{56152AD0-DF09-4ED9-A238-6D660B798364}"= UDP:c:\users\RAC\Desktop\utorrent.exe:µTorrent (TCP-In)
"{A15C8082-AB80-4EBA-A134-498825CDF7A5}"= TCP:c:\users\RAC\Desktop\utorrent.exe:µTorrent (UDP-In)
"TCP Query User{1EFC6EB5-EB56-4B1C-9D4B-2BC1BCAD0CEB}c:\\program files\\odds maker\\client.exe"= UDP:c:\program files\odds maker\client.exe:Odds Maker Client
"UDP Query User{64F801BD-4D37-4D9F-926F-A39F394FC78F}c:\\program files\\odds maker\\client.exe"= TCP:c:\program files\odds maker\client.exe:Odds Maker Client
"{474C3321-85E0-4B50-A937-11308B1746E2}"= UDP:c:\windows\System32\lxdpcoms.exe:Lexmark Communications System
"{E1510D6E-B262-48E0-A759-F197D3249CDC}"= TCP:c:\windows\System32\lxdpcoms.exe:Lexmark Communications System
"{725A4B7E-9336-4CB4-8348-643891654AF4}"= UDP:c:\program files\Lexmark Z2300 Series\lxdpamon.exe:Lexmark Device Monitor
"{1C961244-E2F3-4ECC-9FD7-0B4ACB0B60D6}"= TCP:c:\program files\Lexmark Z2300 Series\lxdpamon.exe:Lexmark Device Monitor
"{FB2C7FBC-AC74-4DFC-9D78-546A28A74A41}"= UDP:c:\program files\Lexmark Z2300 Series\frun.exe:Lexmark Productivity Studio
"{875DF210-7148-4212-830D-E0C7AD7228AB}"= TCP:c:\program files\Lexmark Z2300 Series\frun.exe:Lexmark Productivity Studio
"{BD178C3F-4FCC-4743-821E-697E16D23B45}"= UDP:c:\program files\Lexmark Z2300 Series\lxdpmon.exe:Printer Device Monitor
"{3DFFD2A5-3442-416E-99C8-DE5835201419}"= TCP:c:\program files\Lexmark Z2300 Series\lxdpmon.exe:Printer Device Monitor
"{74675573-4416-45E5-B3F0-1A43BED39849}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdppswx.exe:Printer Status Window Interface
"{B26DB65E-2F66-4B5F-8894-0CE6F76F18A0}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdppswx.exe:Printer Status Window Interface
"{341E3770-BB4A-47BB-B87D-4141D4C14D5A}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdpjswx.exe:Job Status Window Interface
"{EA49CB93-0A84-42E3-81E3-8FB1D682541C}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdpjswx.exe:Job Status Window Interface
"TCP Query User{2854CC28-528B-4543-91F1-20F2F4A50DE9}c:\\windows\\system32\\spool\\drivers\\w32x86\\3\\lxdppswx.exe"= UDP:c:\windows\system32\spool\drivers\w32x86\3\lxdppswx.exe:Printer Status Window Interface
"UDP Query User{29297785-C8DE-422D-8A8B-6692E6BD753F}c:\\windows\\system32\\spool\\drivers\\w32x86\\3\\lxdppswx.exe"= TCP:c:\windows\system32\spool\drivers\w32x86\3\lxdppswx.exe:Printer Status Window Interface
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [5/8/2009 5:49 PM 64160]
R2 lxdp_device;lxdp_device;c:\windows\system32\lxdpcoms.exe -service --> c:\windows\system32\lxdpcoms.exe -service [?]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/21/2008 5:23 PM 24652]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1003344]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2/21/2007 5:47 PM 29744]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder
2009-06-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 21:49]
2009-06-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-17 02:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hotmail.com/
IE: &AIM Toolbar Search - c:\programdata\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\RAC\AppData\Roaming\Mozilla\Firefox\Profiles\8pp8km0d.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: keyword.URL - hxxp://www5.yoog.com/search.php?q=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www5.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-27 14:05
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-06-27 14:09
ComboFix-quarantined-files.txt 2009-06-27 18:09
ComboFix2.txt 2009-01-03 10:00
Pre-Run: 105,008,480,256 bytes free
Post-Run: 106,376,065,024 bytes free
262 --- E O F --- 2009-06-26 23:30
AND HERE IS THE NEW HIJACK REPORT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:25:32 PM, on 6/27/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\sttray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lexmark Z2300 Series\lxdpMsdMon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [lxdpmon.exe] "C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe"
O4 - HKLM\..\Run: [lxdpamon] "C:\Program Files\Lexmark Z2300 Series\lxdpamon.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Odds Maker - {b3cab7b9-eb43-46a2-8e15-02cc298dec71} - C:\Users\RAC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Odds Maker\Odds Maker.lnk (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: lxdp_device - - C:\Windows\system32\lxdpcoms.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 7181 bytes
|
|
|
|
Previous
Index
Next
Flat
Edit
Reply
Quote
