Page 1 of 2 12 LastLast
Results 1 to 10 of 15
  1. #1
    Member
    Join Date
    Nov 2007
    Location
    Rock Hill, SC
    Posts
    8
    Points
    0

    Default White Desktop of Death

    I have had some virus problems and still have the white desktop of death .....the only thing I can find is the following file when I look at the source, but have no idea how to fix it....some PLEASE help !!!!

    file:///C:\WINDOWS\privacy_danger\index.htm
    Ben Harper

  2. #2
    Member
    Join Date
    Nov 2007
    Location
    Rock Hill, SC
    Posts
    8
    Points
    0

    Default Here is my Hijack This Log for my above problem

    Below is my Hijack This Log from My problem in the above posting:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:45, on 2007-11-18
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Wave Systems Corp\Common\DataServer.exe
    C:\WINDOWS\system32\eTSrv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\lotus\notes\ntmulti.exe
    C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\OfficeScan\ntrtscan.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
    C:\OfficeScan\tmlisten.exe
    C:\WINDOWS\SCARDS32.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\TEMP\END1ED.EXE
    C:\OfficeScan\CNTAoSMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Apoint\Apoint.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Apoint\HidFind.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\OfficeScan\pccntmon.exe
    C:\WINDOWS\system32\eTCrtMng.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\NetWaiting\netWaiting.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Interwise\Participant\pull.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=4070228
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.us.pilz.local:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.de.pilz.local;*.us.pilz.local;*.pilzusa.com;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O3 - Toolbar: The bonsws - {CBF19702-9D5B-44E7-8F8A-6750209B76F3} - C:\WINDOWS\bonsws.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan\pccntmon.exe" -HideWindow
    O4 - HKLM\..\Run: [eTCertManger] C:\WINDOWS\system32\eTCrtMng.exe
    O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
    O4 - HKCU\..\Run: [NetSP - restore settings on power failure] "C:\Program Files\AT&T Global Network Client\NetSP.exe" -show
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Push Client.LNK = C:\Program Files\Interwise\Participant\pull.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: ProxyPal - {B0127AF2-316C-4f1d-BF35-3DE43971EEC5} - C:\WINDOWS\system32\proxypal.exe
    O9 - Extra 'Tools' menuitem: ProxyPal - {B0127AF2-316C-4f1d-BF35-3DE43971EEC5} - C:\WINDOWS\system32\proxypal.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Start WebEx One-Click Meeting - {80947ADC-151D-490B-87F1-7C8CE1B46220} - C:\Program Files\webex\webex\350\atonecli.dll (HKCU)
    O9 - Extra 'Tools' menuitem: Start WebEx One-Click Meeting - {80947ADC-151D-490B-87F1-7C8CE1B46220} - C:\Program Files\webex\webex\350\atonecli.dll (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://www.pilzusa.com/english/
    O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://172.16.201.98/officescan/con...l/WinNTChk.cab
    O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://172.16.201.98/officescan/con...tall/setup.cab
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
    O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://172.16.201.98/officescan/con...tml/AtxEnc.cab
    O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://172.16.201.98/officescan/con...RemoveCtrl.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1195247811218
    O16 - DPF: {DE1E3A6D-BF02-470A-B703-73144FC4F69B} (eGinaClient.clsFunctions) - http://172.26.0.1/TMSWebComponents/C...GinaClient.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://pilzusa.webex.com/client/T25L/webex/ieatgpc.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = us.pilz.local
    O17 - HKLM\Software\..\Telephony: DomainName = us.pilz.local
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = us.pilz.local
    O21 - SSODL: nopctrl - {A6784DF8-B9F5-4C98-BB65-32CA814C28A5} - C:\WINDOWS\nopctrl.dll
    O21 - SSODL: ddkret - {983E3CF4-893B-4A5F-B226-87EEF6013727} - C:\WINDOWS\ddkret.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
    O23 - Service: eToken Notification Service (ETOKSRV) - Aladdin Knowledge Systems, Ltd. - C:\WINDOWS\system32\eTSrv.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
    O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\OfficeScan\ntrtscan.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
    O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\OfficeScan\tmlisten.exe
    O23 - Service: CHIPDRIVE SCARD Service (TWKSCARDSRV) - Towitoko AG - C:\WINDOWS\SCARDS32.EXE
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

    --
    End of file - 12336 bytes
    Ben Harper

  3. #3
    Member
    Join Date
    Dec 2002
    Posts
    12,000
    Points
    1191

    Default

    I am giving you 2 sets of instructions to run a malware removal program...

    The first set of instructions will find the bad files...
    The second set of instructions will delete the bad files...

    Both sets of instructions will generate a logfile, I need to see BOTH logfiles ... so save the first one somewhere you can find it again, and when you have the second one ... post them both in your next post here

    First instructions ... find files

    Download: SmitfraudFix.zip from :-

    http://siri.urz.free.fr/Fix/SmitfraudFix.zip (the file contains both English and French versions)

    1. Download to your desktop
    2. unzip the zip file to your desktop (they will be extracted to a folder called SmitfraudFix
    3. Double-click smitfraudfix.cmd
    4. Select 1 and hit Enter to create a report of the infected files
    5. find the C:\rapport.txt file and change the name of the text file to REPORT1.txt ... otherwise it will be overwritten when you run the next set of instructions.


    Second instructions ... delete files

    1. Reboot into >>>safe mode
    2. Double-click smitfraudfix.cmd
    3. Select 2 and hit Enter to delete infected files
    4. You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection
    5. The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file
    6. A reboot may be needed to finish the cleaning process.

    The report can be found at the root of the system drive, usually at C:\rapport.txt ...[b] Post the contents of the C:\rapport.txt file + the C:\REPORT1.txt in your next post here... + a new hijackthis log.

    NOTE:

    process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a
    RiskTool . It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between good and malicious use of such programs, therefore they may alert the user.
    http://www.beyondlogic.org/consultin...rocessutil.htm

    BG

  4. #4
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    HI

    Run hijackthis and place a checkmark next to the last entry in the log :-

    O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

    click "fix checked"

    Reboot...

    You have a white desktop because windows is still trying to load the above file to your desktop ... but you don't have it anymore ...

    You should still follow Basementgeek's directions in case any more of the infection remains ..

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  5. #5
    Member
    Join Date
    Nov 2007
    Location
    Rock Hill, SC
    Posts
    8
    Points
    0

    Default OK....got all the files

    Sorry for the delay....holiday caught up with me

    Below are the files you asked for to help me diagnose my problems. As an additional note, I have three icons that continue to pop up on my desktop.....They are "Privacy Protector", "Spyware and Malware Protection" Icon, and an icon titled "Error Cleaner". I have deleted these several times but they always come back....

    Anyways here are the files you requested.

    SmitFraudFix v2.253

    Scan done at 11:52:57.92, Sun 11/25/2007
    Run from C:\Documents and Settings\bharper\Desktop\Software\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in safe mode

    SharedTaskScheduler Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    Killing process


    hosts


    127.0.0.1 localhost

    Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.


    Generic Renos Fix

    GenericRenosFix by S!Ri


    Deleting infected files


    DNS

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{32EA32F6-FE14-4770-87C0-AA4362C6DB38}: DhcpNameServer=208.104.244.45 208.104.2.36
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{32EA32F6-FE14-4770-87C0-AA4362C6DB38}: DhcpNameServer=208.104.244.45 208.104.2.36
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{32EA32F6-FE14-4770-87C0-AA4362C6DB38}: DhcpNameServer=208.104.244.45 208.104.2.36
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=208.104.244.45 208.104.2.36
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=208.104.244.45 208.104.2.36
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=208.104.244.45 208.104.2.36


    Deleting Temp Files


    Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    Registry Cleaning

    Registry Cleaning done.

    SharedTaskScheduler After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    End

    SmitFraudFix v2.253

    Scan done at 11:44:14.40, 2007-11-25
    Run from C:\Documents and Settings\bharper\Desktop\Software\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

    Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Wave Systems Corp\Common\DataServer.exe
    C:\WINDOWS\system32\eTSrv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\lotus\notes\ntmulti.exe
    C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\OfficeScan\ntrtscan.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
    C:\OfficeScan\tmlisten.exe
    C:\WINDOWS\SCARDS32.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\OfficeScan\CNTAoSMgr.exe
    C:\WINDOWS\TEMP\ST6991.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Apoint\Apoint.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\WINDOWS\stsystra.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Apoint\HidFind.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\OfficeScan\pccntmon.exe
    C:\WINDOWS\system32\eTCrtMng.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\NetWaiting\netWaiting.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
    c:\program files\common files\installshield\updateservice\isuspm.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Interwise\Participant\pull.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\WINDOWS\system32\cmd.exe

    hosts


    C:\


    C:\WINDOWS


    C:\WINDOWS\system


    C:\WINDOWS\Web


    C:\WINDOWS\system32


    C:\WINDOWS\system32\LogFiles


    C:\Documents and Settings\bharper


    C:\Documents and Settings\bharper\Application Data


    Start Menu


    C:\DOCUME~1\bharper\FAVORI~1

    C:\DOCUME~1\bharper\FAVORI~1\Error Cleaner.url FOUND !
    C:\DOCUME~1\bharper\FAVORI~1\Privacy Protector.url FOUND !
    C:\DOCUME~1\bharper\FAVORI~1\Spyware?Malware Protection.url FOUND !

    Desktop

    C:\DOCUME~1\bharper\Desktop\Error Cleaner.url FOUND !
    C:\DOCUME~1\bharper\Desktop\Privacy Protector.url FOUND !
    C:\DOCUME~1\bharper\Desktop\Spyware?Malware Protection.url FOUND !

    C:\Program Files


    Corrupted keys


    Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"


    Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"="wxvault.dll"


    Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    Rustock



    DNS

    Description: Intel(R) PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport
    DNS Server Search Order: 208.104.244.45
    DNS Server Search Order: 208.104.2.36

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{32EA32F6-FE14-4770-87C0-AA4362C6DB38}: DhcpNameServer=208.104.244.45 208.104.2.36
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{32EA32F6-FE14-4770-87C0-AA4362C6DB38}: DhcpNameServer=208.104.244.45 208.104.2.36
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{32EA32F6-FE14-4770-87C0-AA4362C6DB38}: DhcpNameServer=208.104.244.45 208.104.2.36
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=208.104.244.45 208.104.2.36
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=208.104.244.45 208.104.2.36
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=208.104.244.45 208.104.2.36


    Scanning for wininet.dll infection


    End


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:05, on 2007-11-25
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Wave Systems Corp\Common\DataServer.exe
    C:\WINDOWS\system32\eTSrv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\lotus\notes\ntmulti.exe
    C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\OfficeScan\ntrtscan.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
    C:\OfficeScan\tmlisten.exe
    C:\WINDOWS\SCARDS32.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\TEMP\CE1872.EXE
    C:\OfficeScan\CNTAoSMgr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Apoint\HidFind.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\OfficeScan\pccntmon.exe
    C:\WINDOWS\system32\eTCrtMng.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\NetWaiting\netWaiting.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Interwise\Participant\pull.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=4070228
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.us.pilz.local:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.de.pilz.local;*.us.pilz.local;*.pilzusa.com;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O3 - Toolbar: The bonsws - {CBF19702-9D5B-44E7-8F8A-6750209B76F3} - C:\WINDOWS\bonsws.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan\pccntmon.exe" -HideWindow
    O4 - HKLM\..\Run: [eTCertManger] C:\WINDOWS\system32\eTCrtMng.exe
    O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
    O4 - HKCU\..\Run: [NetSP - restore settings on power failure] "C:\Program Files\AT&T Global Network Client\NetSP.exe" -show
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Push Client.LNK = C:\Program Files\Interwise\Participant\pull.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: ProxyPal - {B0127AF2-316C-4f1d-BF35-3DE43971EEC5} - C:\WINDOWS\system32\proxypal.exe
    O9 - Extra 'Tools' menuitem: ProxyPal - {B0127AF2-316C-4f1d-BF35-3DE43971EEC5} - C:\WINDOWS\system32\proxypal.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Start WebEx One-Click Meeting - {80947ADC-151D-490B-87F1-7C8CE1B46220} - C:\Program Files\webex\webex\350\atonecli.dll (HKCU)
    O9 - Extra 'Tools' menuitem: Start WebEx One-Click Meeting - {80947ADC-151D-490B-87F1-7C8CE1B46220} - C:\Program Files\webex\webex\350\atonecli.dll (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://www.pilzusa.com/english/
    O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://172.16.201.98/officescan/con...l/WinNTChk.cab
    O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://172.16.201.98/officescan/con...tall/setup.cab
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
    O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://172.16.201.98/officescan/con...tml/AtxEnc.cab
    O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://172.16.201.98/officescan/con...RemoveCtrl.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1195247811218
    O16 - DPF: {DE1E3A6D-BF02-470A-B703-73144FC4F69B} (eGinaClient.clsFunctions) - http://172.26.0.1/TMSWebComponents/C...GinaClient.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://pilzusa.webex.com/client/T25L/webex/ieatgpc.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = us.pilz.local
    O17 - HKLM\Software\..\Telephony: DomainName = us.pilz.local
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = us.pilz.local
    O21 - SSODL: nopctrl - {A6784DF8-B9F5-4C98-BB65-32CA814C28A5} - C:\WINDOWS\nopctrl.dll
    O21 - SSODL: ddkret - {983E3CF4-893B-4A5F-B226-87EEF6013727} - C:\WINDOWS\ddkret.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
    O23 - Service: eToken Notification Service (ETOKSRV) - Aladdin Knowledge Systems, Ltd. - C:\WINDOWS\system32\eTSrv.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
    O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\OfficeScan\ntrtscan.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
    O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\OfficeScan\tmlisten.exe
    O23 - Service: CHIPDRIVE SCARD Service (TWKSCARDSRV) - Towitoko AG - C:\WINDOWS\SCARDS32.EXE
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

    --
    End of file - 11813 bytes



    These are my filews you requested.....

    Also my Laptop is really dragging....I am ssuming once I get this solved it will run normally again....


    Thanks....
    Ben Harper

  6. #6
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    Hi

    Also my Laptop is really dragging....I am ssuming once I get this solved it will run normally again....
    That's the aim :wink:

    Please Download CCleaner from :-

    http://www.filehippo.com/download_ccleaner/ (click the download tab)

    During the installation be sure to UN-check the box for "Ccleaner Yahoo Toolbar" unless you want it.

    doubleclick the ccsetup.exe file and install the program...

    After installing, go to Start > programs > CCleaner > Options > Advanced > UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

    Make sure the "windows" tab is selected

    Under "internet explorer" tick...

    Temporary internet files
    Cookies* > see Note below
    History
    Recently typed URL's
    (leave this unticked if you DON'T want to clear the drop down list in the address window of IE)
    Delete index.dat files
    Last download location
    Autocomplete form history


    under "Windows explorer" these are optional, but you can safely tick them all if you wish, they are only "most recently used lists"

    Other explorer MRU's
    (leave this unticked if you DON'T want to clear lists such as the start\run list)

    under "System"

    Tick ALL these ...


    under "Advanced"

    no need to tick any of these (but you can if you want, and realise what they do)


    Applications tab...

    These will mostly clean out old log files for these applications...

    Clean:- (if you use them)

    Firefox/Mozilla (optional - leave the cookies - see note)
    Opera
    Sun Java
    ZoneAlarm

    ...
    Personally I clean everything in the applications tab... but you tick what you want...

    Note: *If there are any cookies you want to keep (if you remove the cookie for a site you require a password for, you will need to re-enter your password when you next visit that site) ... click options > cookies > then keep the cookies you want.

    click "analyse" if you want to see a list of what is going to be removed, before it is removed.

    Or

    click "run cleaner" to let it get on with it's work... clicking this will result in the following pop-up

    "This process will permanently delete files from your system. Are you sure you wish to proceed?"

    click OK.

    THEN ...

    Download Superantispyware.

    http://www.superantispyware.com/

    Once downloaded and installed update the definitions
    and then run a full system scan quarantine what it finds!

    * Double-click SUPERAntiSypware.exe and use the default settings for installation.
    * An icon will be created on your desktop. Double-click that icon to launch the program.
    * If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)

    http://www.superantispyware.com/definitions.html

    * Under "Configuration and Preferences", click the Preferences button.
    * Click the Scanning Control tab.
    * Under Scanner Options make sure the following are checked (leave all others unchecked):
    o Close browsers before scanning.
    o Scan for tracking cookies.
    o Terminate memory threats before quarantining.
    * Click the "Close" button to leave the control center screen.
    * Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    * On the left, make sure you check C:\Fixed Drive.
    * On the right, under "Complete Scan", choose Perform Complete Scan.
    * Click "Next" to start the scan. Please be patient while it scans your computer.
    * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    * Make sure everything has a checkmark next to it and click "Next".
    * A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    * If asked if you want to reboot, click "Yes".
    * To retrieve the removal information after reboot, launch SUPERAntispyware again.
    o Click Preferences, then click the Statistics/Logs tab.
    o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    o Please copy and paste the Scan Log results in your next reply.
    * Click Close to exit the program.

    THEN ...

    Please download Combofix: http://download.bleepingcomputer.com...a/ComboFix.exe
    and save to the desktop.

    1. Double click on combo.exe & follow the prompts.
    2. When finished, it will produce a logfile located at C:\ComboFix.txt.
    3. Post the contents of that log in your next reply with a new hijackthis log.

    Notes:
    * Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.
    * Disable script blocking if you have NAV installed so it will not interfere with the fix. Trojan Hunter has been reported to detect combofix as Worm.Qiv.100.

    Please remember to post :-


    1. SUPERAntiSpyware Scan Log
    2. C:\ComboFix.txt
    3. a new hijackthis log.( run after everything else)

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  7. #7
    Member
    Join Date
    Nov 2007
    Location
    Rock Hill, SC
    Posts
    8
    Points
    0

    Default So far so good....what's next?

    OK everything is going well so far....what's next?

    Thanks for all of your help by the way !!!!


    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 11/25/2007 at 11:56 PM

    Application Version : 3.9.1008

    Core Rules Database Version : 3350
    Trace Rules Database Version: 1349

    Scan type : Complete Scan
    Total Scan Time : 02:20:39

    Memory items scanned : 633
    Memory threats detected : 0
    Registry items scanned : 6088
    Registry threats detected : 20
    File items scanned : 73508
    File threats detected : 8

    Unclassified.Unknown Origin
    HKLM\Software\Classes\CLSID\{CBF19702-9D5B-44E7-8F8A-6750209B76F3}
    HKCR\CLSID\{CBF19702-9D5B-44E7-8F8A-6750209B76F3}
    HKCR\CLSID\{CBF19702-9D5B-44E7-8F8A-6750209B76F3}
    HKCR\CLSID\{CBF19702-9D5B-44E7-8F8A-6750209B76F3}\InprocServer32
    HKCR\CLSID\{CBF19702-9D5B-44E7-8F8A-6750209B76F3}\InprocServer32#ThreadingModel
    HKCR\CLSID\{CBF19702-9D5B-44E7-8F8A-6750209B76F3}\ProgID
    HKCR\CLSID\{CBF19702-9D5B-44E7-8F8A-6750209B76F3}\Programmable
    HKCR\CLSID\{CBF19702-9D5B-44E7-8F8A-6750209B76F3}\TypeLib
    HKCR\CLSID\{CBF19702-9D5B-44E7-8F8A-6750209B76F3}\VersionIndependentProgID
    C:\WINDOWS\BONSWS.DLL
    HKLM\Software\Microsoft\Internet Explorer\Toolbar#{CBF19702-9D5B-44E7-8F8A-6750209B76F3}
    HKCR\bonsws.ToolBar.1
    HKCR\bonsws.ToolBar.1\CLSID
    HKCR\bonsws.ToolBar
    HKCR\TypeLib\{FC6A6D17-288C-433D-B52D-13E1C6EA599C}
    HKCR\TypeLib\{FC6A6D17-288C-433D-B52D-13E1C6EA599C}\1.0
    HKCR\TypeLib\{FC6A6D17-288C-433D-B52D-13E1C6EA599C}\1.0\0
    HKCR\TypeLib\{FC6A6D17-288C-433D-B52D-13E1C6EA599C}\1.0\0\win32
    HKCR\TypeLib\{FC6A6D17-288C-433D-B52D-13E1C6EA599C}\1.0\FLAGS
    HKCR\TypeLib\{FC6A6D17-288C-433D-B52D-13E1C6EA599C}\1.0\HELPDIR

    Browser Hijacker.Internet Explorer Settings Hijack
    HKU\S-1-5-21-2549603085-1878020570-790159623-2164\Software\Microsoft\Internet Explorer\Main#Start Page [ http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2 ]

    Trojan.Net-MSV/VPS-H
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP130\A0025738.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP134\A0026450.DLL

    Trojan.Net-MSV/VPS
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP131\A0025875.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP133\A0026414.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP134\A0027511.DLL

    Trojan.Net-MSM/NMC
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP134\A0027510.DLL

    Trace.Known Threat Sources
    C:\Documents and Settings\bharper\Local Settings\Temporary Internet Files\Content.IE5\ZUBA1W30\CAPW0BXL.htm


    ComboFix 07-11-19.3 - bharper 2007-11-26 0:10:43.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1323 [GMT -5:00]
    Running from: C:\Documents and Settings\bharper\Desktop\ComboFix.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\bharper\Desktop\Error Cleaner.url
    C:\Documents and Settings\bharper\Desktop\Privacy Protector.url
    C:\Documents and Settings\bharper\Desktop\Spyware&Malware Protection.url
    C:\Documents and Settings\bharper\Favorites\Error Cleaner.url
    C:\Documents and Settings\bharper\Favorites\Privacy Protector.url
    C:\Documents and Settings\bharper\Favorites\Spyware&Malware Protection.url
    C:\WINDOWS\privacy_danger
    C:\WINDOWS\privacy_danger\images\capt.gif
    C:\WINDOWS\privacy_danger\images\danger.jpg
    C:\WINDOWS\privacy_danger\images\down.gif
    C:\WINDOWS\privacy_danger\images\spacer.gif
    C:\WINDOWS\privacy_danger\index.htm
    .
    ---- Previous Run -------
    .
    C:\Documents and Settings\bharper\Desktop\Error Cleaner.url
    C:\Documents and Settings\bharper\Desktop\Privacy Protector.url
    C:\Documents and Settings\bharper\Desktop\Spyware&Malware Protection.url
    C:\Documents and Settings\bharper\Favorites\Error Cleaner.url
    C:\Documents and Settings\bharper\Favorites\Privacy Protector.url
    C:\Documents and Settings\bharper\Favorites\Spyware&Malware Protection.url
    C:\WINDOWS\dat.txt
    C:\WINDOWS\rs.txt
    C:\WINDOWS\search_res.txt

    .
    ((((((((((((((((((((((((( Files Created from 2007-10-26 to 2007-11-26 )))))))))))))))))))))))))))))))
    .

    2007-11-25 21:10 d-------- C:\Program Files\SUPERAntiSpyware
    2007-11-25 21:10 d-------- C:\Documents and Settings\bharper\Application Data\SUPERAntiSpyware.com
    2007-11-25 21:10 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2007-11-25 21:08 d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-11-25 19:05 d-------- C:\Program Files\CCleaner
    2007-11-20 22:06 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
    2007-11-19 08:18 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2007-11-18 14:22 d-------- C:\Documents and Settings\bharper\Application Data\Grisoft
    2007-11-18 14:22 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-11-18 14:22 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-11-18 12:56 d-------- C:\Program Files\Enigma Software Group
    2007-11-18 12:22 d-------- C:\Documents and Settings\Administrator\Application Data\TrojanHunter
    2007-11-18 10:21 d-------- C:\Documents and Settings\bharper\Application Data\TrojanHunter
    2007-11-16 17:07 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
    2007-11-16 17:07 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
    2007-11-16 16:55 d-------- C:\Program Files\TrojanHunter 5.0
    2007-11-16 16:19 d-------- C:\Program Files\PC Registry Cleaner
    2007-11-16 10:14 305,739 --a------ C:\WINDOWS\system32\drivers\CVPNDRVA.sys
    2007-11-16 10:13 d-------- C:\Program Files\Common Files\Deterministic Networks
    2007-11-16 10:13 181,176 --a------ C:\WINDOWS\system32\vpnapi.dll
    2007-11-16 10:13 5,315 --a------ C:\WINDOWS\system32\drivers\CVirtA.sys
    2007-11-16 08:57 3,926 --a------ C:\WINDOWS\system32\tmp.reg
    2007-11-16 08:57 0 --a------ C:\WINDOWS\system32\tmp.txt
    2007-11-16 08:26 d-------- C:\Program Files\Trend Micro
    2007-11-15 14:45 327,680 --a------ C:\WINDOWS\nopctrl.dll
    2007-11-15 14:45 299,008 --a------ C:\WINDOWS\ddkret.dll
    2007-11-15 14:45 147,456 --a------ C:\WINDOWS\sawkip.exe
    2007-11-11 11:05 d-------- C:\Program Files\myfantasyleague
    2007-11-08 08:26 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
    2007-11-06 16:51 d-------- C:\Program Files\iTunes
    2007-11-06 16:51 d-------- C:\Program Files\iPod
    2007-11-06 16:50 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
    2007-11-06 16:48 d----c--- C:\WINDOWS\system32\DRVSTORE
    2007-11-06 16:48 d-------- C:\Program Files\Common Files\Apple
    2007-11-06 16:48 d-------- C:\Program Files\Apple Software Update
    2007-10-30 10:06 d-------- C:\Documents and Settings\bharper\Application Data\Sonic
    2007-10-30 10:06 d-------- C:\Documents and Settings\bharper\Application Data\Leadertech
    2007-10-29 11:55 d-------- C:\Documents and Settings\bharper\Application Data\Apple Computer
    2007-10-29 09:44 d-------- C:\Program Files\Pilz

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-26 05:03 --------- d-----w C:\Documents and Settings\bharper\Application Data\Wave Systems Corp
    2007-11-18 19:11 --------- d-----w C:\Documents and Settings\bharper\Application Data\ZipGenius
    2007-11-16 21:09 --------- d-----w C:\Program Files\Google
    2007-11-16 16:11 --------- d-----w C:\Program Files\QuickTime
    2007-11-16 16:09 --------- d-----w C:\Program Files\Yahoo!
    2007-11-16 15:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-11-16 15:58 --------- d-----w C:\Program Files\CyberLink DVD Solution
    2007-11-16 15:57 --------- d-----w C:\Program Files\CyberLink
    2007-11-16 15:13 --------- d-----w C:\Program Files\Cisco Systems
    2007-11-05 19:55 --------- d-----w C:\Documents and Settings\bharper\Application Data\Webex
    2007-10-26 03:36 8,454,656 ------w C:\WINDOWS\system32\dllcache\shell32.dll
    2007-10-15 17:50 --------- d-----w C:\Documents and Settings\bharper\Application Data\InterVideo
    2007-10-12 18:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
    2007-10-05 19:39 --------- d-----w C:\Program Files\Yahoo! Games
    2007-10-05 19:39 --------- d-----w C:\Program Files\TryMedia
    2007-09-26 01:25 --------- d-----w C:\Program Files\Cheatsheet Compiler
    2007-09-04 18:44 202,826 ----a-w C:\WINDOWS\system32\atasnt40.dll
    2006-01-27 06:09 360,600 ----a-w C:\WINDOWS\Internet Logs\tvuninstall.exe
    2004-08-10 03:30 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2007-11-18_18.32.52.95 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2007-10-29 23:56:19 136,192 ----a-w C:\WINDOWS\catchme.exe
    + 2007-11-08 21:59:01 136,704 ----a-w C:\WINDOWS\catchme.exe
    - 2007-03-01 03:23:16 593,920 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
    + 2007-11-19 13:18:32 593,920 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
    - 2007-03-01 03:23:16 12,288 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    + 2007-11-19 13:18:32 12,288 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    - 2007-03-01 03:23:16 135,168 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\misc.exe
    + 2007-11-19 13:18:32 135,168 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\misc.exe
    - 2007-03-01 03:23:16 11,264 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
    + 2007-11-19 13:18:32 11,264 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
    - 2007-03-01 03:23:16 27,136 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    + 2007-11-19 13:18:32 27,136 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    - 2007-03-01 03:23:16 4,096 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    + 2007-11-19 13:18:32 4,096 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    - 2007-03-01 03:23:16 794,624 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
    + 2007-11-19 13:18:32 794,624 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
    - 2007-03-01 03:23:16 249,856 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
    + 2007-11-19 13:18:32 249,856 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
    - 2007-03-01 03:23:16 61,440 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
    + 2007-11-19 13:18:32 61,440 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
    - 2007-03-01 03:23:16 23,040 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
    + 2007-11-19 13:18:32 23,040 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
    - 2007-03-01 03:23:16 286,720 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
    + 2007-11-19 13:18:32 286,720 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
    - 2007-03-01 03:23:16 409,600 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
    + 2007-11-19 13:18:32 409,600 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
    + 2007-11-26 02:10:30 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
    + 2007-11-26 02:10:30 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
    + 2007-11-26 02:10:30 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
    - 2007-11-18 22:50:15 63,534 ----a-w C:\WINDOWS\system32\perfc009.dat
    + 2007-11-21 22:31:34 63,534 ----a-w C:\WINDOWS\system32\perfc009.dat
    - 2007-11-18 22:50:16 403,282 ----a-w C:\WINDOWS\system32\perfh009.dat
    + 2007-11-21 22:31:34 403,282 ----a-w C:\WINDOWS\system32\perfh009.dat
    - 2006-01-09 14:36:06 40,960 ----a-w C:\WINDOWS\system32\swsc.exe
    + 2006-11-29 22:21:29 370,688 ----a-w C:\WINDOWS\system32\swsc.exe
    - 2006-12-01 10:20:32 79,360 ----a-w C:\WINDOWS\system32\swxcacls.exe
    + 2006-12-01 10:20:32 212,480 ----a-w C:\WINDOWS\system32\swxcacls.exe
    + 2007-09-06 19:45:40 300,392 ----a-w C:\WINDOWS\Temp\XX74F0.EXE
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 03:24]
    "NetSP - restore settings on power failure"="C:\Program Files\AT&T Global Network Client\NetSP.exe" [2006-03-17 07:00]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 13:13]
    "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 06:00 C:\WINDOWS\system32\rundll32.exe]
    "nwiz"="nwiz.exe" [2006-01-19 09:14 C:\WINDOWS\system32\nwiz.exe]
    "NVHotkey"="nvHotkey.dll" [2006-01-19 09:14 C:\WINDOWS\system32\nvhotkey.dll]
    "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 19:04]
    "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 18:58]
    "SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 17:30 C:\WINDOWS\stsystra.exe]
    "Document Manager"="C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2006-09-08 09:32]
    "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-06-29 13:13]
    "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 06:20]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50]
    "OfficeScanNT Monitor"="C:\OfficeScan\pccntmon.exe" [2007-09-06 14:45]
    "eTCertManger"="C:\WINDOWS\system32\eTCrtMng.exe" [2006-01-25 14:03]
    "pdfFactory Pro Dispatcher v1"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe" [2004-07-09 10:57]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 14:49]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-11-18 18:46:00]
    Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [2007-11-16 10:13:49]
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-02-28 22:17:49]
    EMBASSY Trust Suite Secure Update.lnk - C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [2006-08-25 10:45:30]
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 18:28:24]
    HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 18:50:52]
    Push Client.LNK - C:\Program Files\Interwise\Participant\pull.exe [2007-04-09 14:08:13]

    [hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "nopctrl"= {A6784DF8-B9F5-4C98-BB65-32CA814C28A5} - C:\WINDOWS\nopctrl.dll [2007-11-15 12:01 327680]
    "ddkret"= {983E3CF4-893B-4A5F-B226-87EEF6013727} - C:\WINDOWS\ddkret.dll [2007-11-15 12:01 299008]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=wxvault.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 wvauth

    R0 PBADRV;PBADRV;C:\WINDOWS\system32\drivers\pbadrv.sys
    R0 TwkMs;CHIPDRIVE Mouse Adapter;C:\WINDOWS\system32\drivers\TwkMs.sys
    R2 agnwifi;AT&T Wi-Fi Support Driver;C:\WINDOWS\system32\DRIVERS\agnwifi.sys
    R2 TwkPCSC;CHIPDRIVE PC/SC Drivers;C:\WINDOWS\system32\drivers\TwkPCSC.sys
    R2 TWKSCARDSRV;CHIPDRIVE SCARD Service;C:\WINDOWS\SCARDS32.EXE
    R3 AKSIFDH;Aladdin IFD Handler;C:\WINDOWS\system32\DRIVERS\aksifdh.sys
    R3 AKSUP;AKSUP;C:\WINDOWS\system32\drivers\aksup.sys
    R3 USBCCID;USB Smart Card reader;C:\WINDOWS\system32\DRIVERS\usbccid.sys

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 Pml Driver HPZ12 Net Driver HPZ12

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6a04877-e918-11db-bf51-00188bb9c7f0}]
    \Shell\AutoRun\command - D:\FLEXINSTALL.EXE

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-11-18 00:41:48 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-26 00:14:49
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-26 0:15:38
    .
    --- E O F ---

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 00:23, on 2007-11-26
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Wave Systems Corp\Common\DataServer.exe
    C:\WINDOWS\system32\eTSrv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\lotus\notes\ntmulti.exe
    C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\OfficeScan\ntrtscan.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
    C:\OfficeScan\tmlisten.exe
    C:\WINDOWS\SCARDS32.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\OfficeScan\CNTAoSMgr.exe
    C:\WINDOWS\TEMP\XX74F0.EXE
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Apoint\HidFind.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\OfficeScan\pccntmon.exe
    C:\WINDOWS\system32\eTCrtMng.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\NetWaiting\netWaiting.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\Interwise\Participant\pull.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=4070228
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.us.pilz.local:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.de.pilz.local;*.us.pilz.local;*.pilzusa.com;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan\pccntmon.exe" -HideWindow
    O4 - HKLM\..\Run: [eTCertManger] C:\WINDOWS\system32\eTCrtMng.exe
    O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
    O4 - HKCU\..\Run: [NetSP - restore settings on power failure] "C:\Program Files\AT&T Global Network Client\NetSP.exe" -show
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Push Client.LNK = C:\Program Files\Interwise\Participant\pull.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: ProxyPal - {B0127AF2-316C-4f1d-BF35-3DE43971EEC5} - C:\WINDOWS\system32\proxypal.exe
    O9 - Extra 'Tools' menuitem: ProxyPal - {B0127AF2-316C-4f1d-BF35-3DE43971EEC5} - C:\WINDOWS\system32\proxypal.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Start WebEx One-Click Meeting - {80947ADC-151D-490B-87F1-7C8CE1B46220} - C:\Program Files\webex\webex\350\atonecli.dll (HKCU)
    O9 - Extra 'Tools' menuitem: Start WebEx One-Click Meeting - {80947ADC-151D-490B-87F1-7C8CE1B46220} - C:\Program Files\webex\webex\350\atonecli.dll (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://www.pilzusa.com/english/
    O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://172.16.201.98/officescan/con...l/WinNTChk.cab
    O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://172.16.201.98/officescan/con...tall/setup.cab
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
    O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://172.16.201.98/officescan/con...tml/AtxEnc.cab
    O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://172.16.201.98/officescan/con...RemoveCtrl.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1195247811218
    O16 - DPF: {DE1E3A6D-BF02-470A-B703-73144FC4F69B} (eGinaClient.clsFunctions) - http://172.26.0.1/TMSWebComponents/C...GinaClient.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://pilzusa.webex.com/client/T25L/webex/ieatgpc.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = us.pilz.local
    O17 - HKLM\Software\..\Telephony: DomainName = us.pilz.local
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = us.pilz.local
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O21 - SSODL: nopctrl - {A6784DF8-B9F5-4C98-BB65-32CA814C28A5} - C:\WINDOWS\nopctrl.dll
    O21 - SSODL: ddkret - {983E3CF4-893B-4A5F-B226-87EEF6013727} - C:\WINDOWS\ddkret.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
    O23 - Service: eToken Notification Service (ETOKSRV) - Aladdin Knowledge Systems, Ltd. - C:\WINDOWS\system32\eTSrv.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
    O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\OfficeScan\ntrtscan.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
    O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\OfficeScan\tmlisten.exe
    O23 - Service: CHIPDRIVE SCARD Service (TWKSCARDSRV) - Towitoko AG - C:\WINDOWS\SCARDS32.EXE
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

    --
    End of file - 11785 bytes
    Ben Harper

  8. #8
    Member
    Join Date
    Nov 2007
    Location
    Rock Hill, SC
    Posts
    8
    Points
    0

    Default One Step Forward Two Steps Back

    Well it is one step forward two steps back it seems. When I turned my computer on this morning the same annoying icons came back on my desktop as before and my homepage had changed again back to the annoying antispyware homepage. Also one of the error messages is back sying Windows has detected an attach frin the internet.

    Let me know if you found anything in the logs that might still be causing this.

    Thanks again !!!!!!!!!!!!
    Ben Harper

  9. #9
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    Hi

    Open notepad and copy/paste the text in the code box below into it:
    NOTE* make sure to only highlight and copy what is inside the code box nothing out side of it.
    Also ..

    Pay particular attention to this :-

    Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
    Code:
    File::
    C:\WINDOWS\nopctrl.dll 
    C:\WINDOWS\ddkret.dll 
    C:\WINDOWS\sawkip.exe 
    
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 
    "nopctrl"=-
    "ddkret"=-
    Save this as "CFScript.txt"

    Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.


    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

    Then run SUPERAntiSpyware & post the new log.

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  10. #10
    Member
    Join Date
    Nov 2007
    Location
    Rock Hill, SC
    Posts
    8
    Points
    0

    Default OK Here are the latest log files

    I followed your instructions very closely so far and here are my latest log files......let me know if it looks like I am making progress.

    ComboFix 07-11-19.3 - bharper 2007-11-26 19:36:58.3 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1354 [GMT -5:00]
    Running from: C:\Documents and Settings\bharper\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\bharper\Desktop\CFScript.txt
    * Created a new restore point

    FILE
    C:\WINDOWS\ddkret.dll
    C:\WINDOWS\nopctrl.dll
    C:\WINDOWS\sawkip.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\bharper\Desktop\Error Cleaner.url
    C:\Documents and Settings\bharper\Desktop\Privacy Protector.url
    C:\Documents and Settings\bharper\Desktop\Spyware&Malware Protection.url
    C:\Documents and Settings\bharper\Favorites\Error Cleaner.url
    C:\Documents and Settings\bharper\Favorites\Privacy Protector.url
    C:\Documents and Settings\bharper\Favorites\Spyware&Malware Protection.url
    C:\WINDOWS\ddkret.dll
    C:\WINDOWS\nopctrl.dll
    C:\WINDOWS\sawkip.exe

    .
    ((((((((((((((((((((((((( Files Created from 2007-10-27 to 2007-11-27 )))))))))))))))))))))))))))))))
    .

    2007-11-25 21:10 d-------- C:\Program Files\SUPERAntiSpyware
    2007-11-25 21:10 d-------- C:\Documents and Settings\bharper\Application Data\SUPERAntiSpyware.com
    2007-11-25 21:10 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2007-11-25 21:08 d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-11-25 19:05 d-------- C:\Program Files\CCleaner
    2007-11-20 22:06 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
    2007-11-19 08:18 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2007-11-18 14:22 d-------- C:\Documents and Settings\bharper\Application Data\Grisoft
    2007-11-18 14:22 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-11-18 14:22 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-11-18 12:56 d-------- C:\Program Files\Enigma Software Group
    2007-11-18 12:22 d-------- C:\Documents and Settings\Administrator\Application Data\TrojanHunter
    2007-11-18 10:21 d-------- C:\Documents and Settings\bharper\Application Data\TrojanHunter
    2007-11-16 17:07 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
    2007-11-16 17:07 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
    2007-11-16 16:55 d-------- C:\Program Files\TrojanHunter 5.0
    2007-11-16 16:19 d-------- C:\Program Files\PC Registry Cleaner
    2007-11-16 10:14 305,739 --a------ C:\WINDOWS\system32\drivers\CVPNDRVA.sys
    2007-11-16 10:13 d-------- C:\Program Files\Common Files\Deterministic Networks
    2007-11-16 10:13 181,176 --a------ C:\WINDOWS\system32\vpnapi.dll
    2007-11-16 10:13 5,315 --a------ C:\WINDOWS\system32\drivers\CVirtA.sys
    2007-11-16 08:57 3,926 --a------ C:\WINDOWS\system32\tmp.reg
    2007-11-16 08:57 0 --a------ C:\WINDOWS\system32\tmp.txt
    2007-11-16 08:26 d-------- C:\Program Files\Trend Micro
    2007-11-11 11:05 d-------- C:\Program Files\myfantasyleague
    2007-11-08 08:26 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
    2007-11-06 16:51 d-------- C:\Program Files\iTunes
    2007-11-06 16:51 d-------- C:\Program Files\iPod
    2007-11-06 16:50 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
    2007-11-06 16:48 d----c--- C:\WINDOWS\system32\DRVSTORE
    2007-11-06 16:48 d-------- C:\Program Files\Common Files\Apple
    2007-11-06 16:48 d-------- C:\Program Files\Apple Software Update
    2007-10-30 10:06 d-------- C:\Documents and Settings\bharper\Application Data\Sonic
    2007-10-30 10:06 d-------- C:\Documents and Settings\bharper\Application Data\Leadertech
    2007-10-29 11:55 d-------- C:\Documents and Settings\bharper\Application Data\Apple Computer
    2007-10-29 09:44 d-------- C:\Program Files\Pilz

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-26 23:13 --------- d-----w C:\Documents and Settings\bharper\Application Data\Wave Systems Corp
    2007-11-18 19:11 --------- d-----w C:\Documents and Settings\bharper\Application Data\ZipGenius
    2007-11-16 21:09 --------- d-----w C:\Program Files\Google
    2007-11-16 16:11 --------- d-----w C:\Program Files\QuickTime
    2007-11-16 16:09 --------- d-----w C:\Program Files\Yahoo!
    2007-11-16 15:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-11-16 15:58 --------- d-----w C:\Program Files\CyberLink DVD Solution
    2007-11-16 15:57 --------- d-----w C:\Program Files\CyberLink
    2007-11-16 15:13 --------- d-----w C:\Program Files\Cisco Systems
    2007-11-05 19:55 --------- d-----w C:\Documents and Settings\bharper\Application Data\Webex
    2007-10-15 17:50 --------- d-----w C:\Documents and Settings\bharper\Application Data\InterVideo
    2007-10-12 18:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
    2007-10-05 19:39 --------- d-----w C:\Program Files\Yahoo! Games
    2007-10-05 19:39 --------- d-----w C:\Program Files\TryMedia
    2004-08-10 03:30 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
    .

    ((((((((((((((((((((((((((((( snapshot_2007-11-26_ 0.14.54.06 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-09-06 19:45:40 300,392 ----a-w C:\WINDOWS\Temp\GW3AED.EXE
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 03:24]
    "NetSP - restore settings on power failure"="C:\Program Files\AT&T Global Network Client\NetSP.exe" [2006-03-17 07:00]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 13:13]
    "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 06:00 C:\WINDOWS\system32\rundll32.exe]
    "nwiz"="nwiz.exe" [2006-01-19 09:14 C:\WINDOWS\system32\nwiz.exe]
    "NVHotkey"="nvHotkey.dll" [2006-01-19 09:14 C:\WINDOWS\system32\nvhotkey.dll]
    "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 19:04]
    "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 18:58]
    "SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 17:30 C:\WINDOWS\stsystra.exe]
    "Document Manager"="C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2006-09-08 09:32]
    "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-06-29 13:13]
    "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 06:20]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50]
    "OfficeScanNT Monitor"="C:\OfficeScan\pccntmon.exe" [2007-09-06 14:45]
    "eTCertManger"="C:\WINDOWS\system32\eTCrtMng.exe" [2006-01-25 14:03]
    "pdfFactory Pro Dispatcher v1"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe" [2004-07-09 10:57]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 14:49]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-11-18 18:46:00]
    Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [2007-11-16 10:13:49]
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-02-28 22:17:49]
    EMBASSY Trust Suite Secure Update.lnk - C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [2006-08-25 10:45:30]
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 18:28:24]
    HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 18:50:52]
    Push Client.LNK - C:\Program Files\Interwise\Participant\pull.exe [2007-04-09 14:08:13]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"= 0 (0x0)

    [hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=wxvault.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 wvauth

    R0 PBADRV;PBADRV;C:\WINDOWS\system32\drivers\pbadrv.sys
    R0 TwkMs;CHIPDRIVE Mouse Adapter;C:\WINDOWS\system32\drivers\TwkMs.sys
    R2 agnwifi;AT&T Wi-Fi Support Driver;C:\WINDOWS\system32\DRIVERS\agnwifi.sys
    R2 TwkPCSC;CHIPDRIVE PC/SC Drivers;C:\WINDOWS\system32\drivers\TwkPCSC.sys
    R2 TWKSCARDSRV;CHIPDRIVE SCARD Service;C:\WINDOWS\SCARDS32.EXE
    R3 AKSIFDH;Aladdin IFD Handler;C:\WINDOWS\system32\DRIVERS\aksifdh.sys
    R3 AKSUP;AKSUP;C:\WINDOWS\system32\drivers\aksup.sys
    R3 USBCCID;USB Smart Card reader;C:\WINDOWS\system32\DRIVERS\usbccid.sys

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 Pml Driver HPZ12 Net Driver HPZ12

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6a04877-e918-11db-bf51-00188bb9c7f0}]
    \Shell\AutoRun\command - D:\FLEXINSTALL.EXE

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-11-18 00:41:48 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-26 19:44:23
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-26 19:48:24 - machine was rebooted
    C:\ComboFix2.txt ... 2007-11-26 00:15
    .
    --- E O F ---

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 11/26/2007 at 10:08 PM

    Application Version : 3.9.1008

    Core Rules Database Version : 3350
    Trace Rules Database Version: 1349

    Scan type : Complete Scan
    Total Scan Time : 02:15:03

    Memory items scanned : 613
    Memory threats detected : 0
    Registry items scanned : 6087
    Registry threats detected : 0
    File items scanned : 73872
    File threats detected : 1

    Adware.Tracking Cookie
    C:\Documents and Settings\bharper\Cookies\bharper@doubleclick[1].txt

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:19, on 2007-11-26
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Wave Systems Corp\Common\DataServer.exe
    C:\WINDOWS\system32\eTSrv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\lotus\notes\ntmulti.exe
    C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\OfficeScan\ntrtscan.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
    C:\OfficeScan\tmlisten.exe
    C:\WINDOWS\SCARDS32.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\TEMP\GW3AED.EXE
    C:\OfficeScan\CNTAoSMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Apoint\Apoint.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Apoint\HidFind.exe
    C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\OfficeScan\pccntmon.exe
    C:\WINDOWS\system32\eTCrtMng.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\NetWaiting\netWaiting.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Interwise\Participant\pull.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=4070228
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.us.pilz.local:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.de.pilz.local;*.us.pilz.local;*.pilzusa.com;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan\pccntmon.exe" -HideWindow
    O4 - HKLM\..\Run: [eTCertManger] C:\WINDOWS\system32\eTCrtMng.exe
    O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
    O4 - HKCU\..\Run: [NetSP - restore settings on power failure] "C:\Program Files\AT&T Global Network Client\NetSP.exe" -show
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Push Client.LNK = C:\Program Files\Interwise\Participant\pull.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: ProxyPal - {B0127AF2-316C-4f1d-BF35-3DE43971EEC5} - C:\WINDOWS\system32\proxypal.exe
    O9 - Extra 'Tools' menuitem: ProxyPal - {B0127AF2-316C-4f1d-BF35-3DE43971EEC5} - C:\WINDOWS\system32\proxypal.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Start WebEx One-Click Meeting - {80947ADC-151D-490B-87F1-7C8CE1B46220} - C:\Program Files\webex\webex\350\atonecli.dll (HKCU)
    O9 - Extra 'Tools' menuitem: Start WebEx One-Click Meeting - {80947ADC-151D-490B-87F1-7C8CE1B46220} - C:\Program Files\webex\webex\350\atonecli.dll (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://www.pilzusa.com/english/
    O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://172.16.201.98/officescan/con...l/WinNTChk.cab
    O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://172.16.201.98/officescan/con...tall/setup.cab
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
    O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://172.16.201.98/officescan/con...tml/AtxEnc.cab
    O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://172.16.201.98/officescan/con...RemoveCtrl.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1195247811218
    O16 - DPF: {DE1E3A6D-BF02-470A-B703-73144FC4F69B} (eGinaClient.clsFunctions) - http://172.26.0.1/TMSWebComponents/C...GinaClient.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://pilzusa.webex.com/client/T25L/webex/ieatgpc.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = us.pilz.local
    O17 - HKLM\Software\..\Telephony: DomainName = us.pilz.local
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = us.pilz.local
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
    O23 - Service: eToken Notification Service (ETOKSRV) - Aladdin Knowledge Systems, Ltd. - C:\WINDOWS\system32\eTSrv.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
    O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\OfficeScan\ntrtscan.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
    O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\OfficeScan\tmlisten.exe
    O23 - Service: CHIPDRIVE SCARD Service (TWKSCARDSRV) - Towitoko AG - C:\WINDOWS\SCARDS32.EXE
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

    --
    End of file - 11568 bytes
    Ben Harper

Page 1 of 2 12 LastLast