Clicking on Google search results leads me to ad sites

DepthofField25 · 03-11-2009, 02:23 PM

Hi,

This started happening to me yesterday. I'll perform a google search and when I click on any resulting link, it'll take me to something totally unrelated, usually an ad site. Also, I've noticeably been getting A LOT more pop-ups even from sites that are normally secure for me. From looking around at the similar problems other people have around here and other parts of the internet, my browser seems to have been hijacked.

Any and all help would be much appreciated. I thank you in advance for taking the time to review my problem.

Anywho, here is the DDS report:

DDS (Ver_09-02-01.01) - NTFSx86
Run by April at 12:14:13.18 on Wed 03/11/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_12
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3070.1648 [GMT -7:00]

AV: BitDefender Antivirus *On-access scanning disabled* (Updated)
FW: BitDefender Firewall *disabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Protector Suite QL\upeksvr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\lxdicoms.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\IDT\WDM\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\sttray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Camera Assistant Software for Gateway\traybar.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\April\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Consumer&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-152XL
uDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Consumer&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-152XL
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Consumer&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-152XL
mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Consumer&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-152XL
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Consumer&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-152XL
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [Aim6]
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [PSQLLauncher] "c:\program files\protector suite ql\launcher.exe" /startup
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for gateway\traybar.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [hpbdfawep] c:\program files\hp\dfawep\bin\hpbdfawep.exe 1
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [lxdimon.exe] "c:\program files\lexmark 3500-4500 series\lxdimon.exe"
mRun: [lxdiamon] "c:\program files\lexmark 3500-4500 series\lxdiamon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\bigfix.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{ccbaa1f7-e5e1-48b2-9ed9-a79c6a37ce78}\Icon3E5562ED7.ico
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
TCP: NameServer = 85.255.112.234,85.255.112.185
TCP: {47C38361-84DC-4520-B085-EEBF98BB2F9A} = 85.255.112.234,85.255.112.185
TCP: {51668221-CB5D-469F-9A2F-F082C8C6BE4A} = 85.255.112.234,85.255.112.185
TCP: {EB525F0C-8074-4F16-834C-8FE1EE24884B} = 85.255.112.234,85.255.112.185
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Notify: psfus - c:\windows\system32\psqlpwd.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli psqlpwd

================= FIREFOX ===================

FF - ProfilePath - c:\users\april\appdata\roaming\mozilla\firefox\profiles\h4nnnttk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=TB50TRFF;homepage=no;search=yesab&query=
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\users\april\appdata\roaming\mozilla\firefox\profiles\h4nnnttk.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-11 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-3-11 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-3-11 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-3-11 51792]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 921936]
R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?]
S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdiserv.exe [2007-6-11 99248]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]

=============== Created Last 30 ================

2009-03-11 10:34 51,792 a------- c:\windows\system32\drivers\aswMonFlt.sys
2009-03-11 09:42 15,688 a------- c:\windows\system32\lsdelete.exe
2009-03-11 08:56 <DIR> --d----- c:\programdata\App4rTemp
2009-03-11 08:56 <DIR> --d----- c:\progra~2\App4rTemp
2009-03-11 08:53 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-03-11 08:53 <DIR> -cd-h--- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-11 08:53 <DIR> -cd-h--- c:\progra~2\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-11 08:52 <DIR> --d----- c:\programdata\Lavasoft
2009-03-11 08:52 <DIR> --d----- c:\program files\Lavasoft
2009-03-10 10:55 426 ---shr-- C:\autorun.inf
2009-02-20 00:28 <DIR> --d----- c:\program files\common files\PX Storage Engine
2009-02-20 00:18 <DIR> --d----- c:\program files\CCleaner
2009-02-19 19:36 176,235 a------- c:\windows\system32\Primomonnt.dll
2009-02-19 19:35 <DIR> --d----- c:\windows\PrimoPDF4
2009-02-19 19:08 <DIR> --d----- c:\users\april\appdata\roaming\Lexmark Productivity Studio
2009-02-19 19:07 <DIR> --d----- c:\programdata\Lx_cats
2009-02-19 19:07 <DIR> --d----- c:\progra~2\Lx_cats
2009-02-19 19:02 <DIR> --d----- C:\logs
2009-02-19 19:00 <DIR> --d----- c:\program files\Lexmark 3500-4500 Series
2009-02-19 18:38 <DIR> --d----- c:\programdata\PC Drivers HeadQuarters
2009-02-19 18:38 <DIR> --d----- c:\progra~2\PC Drivers HeadQuarters
2009-02-15 18:09 428,544 a------- c:\windows\system32\EncDec.dll
2009-02-15 18:09 217,088 a------- c:\windows\system32\psisrndr.ax
2009-02-15 18:09 293,376 a------- c:\windows\system32\psisdecd.dll
2009-02-15 18:09 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-02-15 18:09 80,896 a------- c:\windows\system32\MSNP.ax
2009-02-11 20:16 1,383,424 a------- c:\windows\system32\mshtml.tlb
2009-02-11 20:16 827,392 a------- c:\windows\system32\wininet.dll

==================== Find3M ====================

2009-03-05 03:59 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-19 19:02 51,200 a------- c:\windows\inf\infpub.dat
2009-02-19 19:02 143,360 a------- c:\windows\inf\infstrng.dat
2009-02-19 19:02 86,016 a------- c:\windows\inf\infstor.dat
2008-12-12 12:18 87,336 a------- c:\windows\system32\dns-sd.exe
2008-12-12 12:11 61,440 a------- c:\windows\system32\dnssd.dll
2008-09-12 17:38 26,166,770 a------- c:\program files\NAV05ENG.exe
2008-07-29 13:43 994 a------- c:\users\april\appdata\roaming\wklnhst.dat
2008-07-12 00:58 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-20 19:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-09-22 14:58 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-09-22 14:58 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-09-22 14:58 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 12:14:36.50 ===============

tetonbob · 03-12-2009, 08:52 AM

Hello, DepthofField25 -

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

---------------------------------------------------------------------------------------------

One or more of the identified infections is a backdoor trojan.

This type of infection allows hackers to remotely control your computer, steal critical system information and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

You can read this: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

---------------------------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.

---------------------------------------------------------------------------------------------

Please visit this webpage for download links, and instructions for running combofix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

For BitDefender:

http://www.gsd.k12.ms.us/techdocs/disbd.htm

Please include the C:\ComboFix.txt in your next reply for further review.

DepthofField25 · 03-12-2009, 04:18 PM

Teton, here is the combofix log you asked for:

ComboFix 09-03-10.03 - April 2009-03-12 14:37:36.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3070.1980 [GMT -7:00]
Running from: c:\users\April\Desktop\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Updated)
FW: BitDefender Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\recycler\S-3-8-85-100026130-100031483-100007335-1581.com
c:\windows\system32\drivers\gaopdxsqximwpcldksartsbdcpotfrmcnwyatu.sys
c:\windows\system32\gaopdxeexotcmvvngapjinhyixjynpxirrpvuo.dll
D:\Autorun.inf
d:\recycler\S-3-8-85-100026130-100031483-100007335-1581.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys

((((((((((((((((((((((((( Files Created from 2009-02-12 to 2009-03-12 )))))))))))))))))))))))))))))))
.

2009-03-11 10:34 . 2009-03-11 10:34 <DIR> d-------- c:\program files\Alwil Software
2009-03-11 10:34 . 2009-02-05 13:06 51,792 --a------ c:\windows\System32\drivers\aswMonFlt.sys
2009-03-11 09:42 . 2009-01-18 14:35 15,688 --a------ c:\windows\System32\lsdelete.exe
2009-03-11 08:56 . 2009-03-11 08:56 <DIR> d-------- c:\users\All Users\App4rTemp
2009-03-11 08:56 . 2009-03-11 08:56 <DIR> d-------- c:\programdata\App4rTemp
2009-03-11 08:53 . 2009-03-11 08:53 <DIR> d--h-c--- c:\users\All Users\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-11 08:53 . 2009-03-11 08:53 <DIR> d--h-c--- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-11 08:53 . 2009-01-18 14:30 64,160 --a------ c:\windows\System32\drivers\Lbd.sys
2009-03-11 08:52 . 2009-03-11 08:53 <DIR> d-------- c:\users\All Users\Lavasoft
2009-03-11 08:52 . 2009-03-11 08:53 <DIR> d-------- c:\programdata\Lavasoft
2009-03-11 08:52 . 2009-03-11 08:52 <DIR> d-------- c:\program files\Lavasoft
2009-03-10 10:55 . 2009-03-12 14:36 4 --a------ c:\windows\System32\gaopdxcounter
2009-02-20 00:30 . 2009-02-20 03:25 <DIR> d-------- c:\users\April\AppData\Roaming\DivX
2009-02-20 00:28 . 2009-02-23 01:13 <DIR> d-------- c:\program files\Common Files\PX Storage Engine
2009-02-20 00:18 . 2009-02-20 00:18 <DIR> d-------- c:\program files\CCleaner
2009-02-19 19:36 . 2006-12-11 14:12 176,235 --a------ c:\windows\System32\Primomonnt.dll
2009-02-19 19:35 . 2009-02-19 19:35 <DIR> d-------- c:\windows\PrimoPDF4
2009-02-19 19:08 . 2009-02-19 19:08 <DIR> d-------- c:\users\April\AppData\Roaming\Lexmark Productivity Studio
2009-02-19 19:07 . 2009-03-12 09:43 <DIR> d-------- c:\users\All Users\Lx_cats
2009-02-19 19:07 . 2009-03-12 09:43 <DIR> d-------- c:\programdata\Lx_cats
2009-02-19 19:02 . 2009-02-19 19:02 <DIR> d-------- C:\logs
2009-02-19 19:00 . 2009-02-19 19:01 <DIR> d-------- c:\program files\Lexmark 3500-4500 Series
2009-02-19 18:38 . 2009-02-19 18:38 <DIR> d-------- c:\users\All Users\PC Drivers HeadQuarters
2009-02-19 18:38 . 2009-02-19 18:38 <DIR> d-------- c:\programdata\PC Drivers HeadQuarters
2009-02-15 18:09 . 2008-12-04 21:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-15 18:09 . 2008-12-04 21:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-15 18:09 . 2008-12-04 21:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-15 18:09 . 2008-12-04 21:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-15 18:09 . 2008-12-04 21:31 80,896 --a------ c:\windows\System32\MSNP.ax

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-11 16:59 --------- d-----w c:\programdata\avg8
2009-03-11 16:32 --------- d-----w c:\users\April\AppData\Roaming\uTorrent
2009-03-11 15:30 --------- d---a-w c:\programdata\TEMP
2009-03-10 17:55 10,752 ----a-w c:\windows\System32\gaopdxeexotcmvvngapjinhyixjynpxirrpvuo.dll
2009-03-09 01:38 --------- d-----w c:\users\April\AppData\Roaming\LimeWire
2009-03-05 10:59 410,984 ----a-w c:\windows\System32\deploytk.dll
2009-03-05 10:59 --------- d-----w c:\program files\Java
2009-02-23 08:14 --------- d-----w c:\program files\DivX
2009-02-20 01:39 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-20 00:07 --------- d-----w c:\program files\MediaCoder
2009-02-13 00:32 --------- d-----w c:\programdata\Microsoft Help
2009-02-13 00:31 --------- d-----w c:\program files\Windows Mail
2009-01-31 11:11 --------- d-----w c:\program files\Steam
2009-01-21 06:24 --------- d-----w c:\program files\Common Files\Steam
2009-01-15 06:11 827,392 ----a-w c:\windows\System32\wininet.dll
2008-12-12 19:18 87,336 ----a-w c:\windows\System32\dns-sd.exe
2008-12-12 19:11 61,440 ----a-w c:\windows\System32\dnssd.dll
2008-09-13 00:38 26,166,770 ----a-w c:\program files\NAV05ENG.exe
2008-07-29 20:43 994 ----a-w c:\users\April\AppData\Roaming\wklnhst.dat
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
2007-03-29 02:54 865,792 ------w c:\program files\mozilla firefox\components\pbgk1_8.dll
2008-09-22 21:58 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-09-22 21:58 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-09-22 21:58 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-03-28 19:59 2953216 --a------ c:\program files\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-03-28 19:59 2953216 --a------ c:\program files\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-20 c:\windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2007-03-28 49168]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Gateway\traybar.exe" [2007-09-13 638976]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-03-29 624248]
"Adobe_ID0EYTHM"="c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160]
"hpbdfawep"="c:\program files\HP\Dfawep\bin\hpbdfawep.exe" [2007-04-25 954368]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"lxdimon.exe"="c:\program files\Lexmark 3500-4500 Series\lxdimon.exe" [2007-07-16 434864]
"lxdiamon"="c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-07-16 25264]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-05 148888]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-18 506712]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SigmatelSysTrayApp"="sttray.exe" [2007-07-27 c:\windows\sttray.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-07-13 40072]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BigFix.lnk - c:\program files\BigFix\bigfix.exe [2008-04-02 2342912]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-03-29 719664]
VPN Client.lnk - c:\windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2008-10-30 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-03-28 19:46 90112 c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
"msacm.ac3filter"= ac3filter.acm
"VIDC.LAGS"= lagarith.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-04-02 11:01 1838592 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{4FFD0FE8-EBE7-44F3-883C-8CEC0F018DE5}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C21206A0-CD40-4848-9736-842954101E87}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{91AB2919-7358-4ABB-91E0-C67BC1029064}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{886B1E24-CBD6-4692-ABEB-3E4CDB13990E}c:\\program files\\steam\\steamapps\\apriltdxtc87\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\apriltdxtc87\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{785C6D46-B0E0-4950-8FDC-999F18F0264D}c:\\program files\\steam\\steamapps\\apriltdxtc87\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\apriltdxtc87\counter-strike\hl.exe:Half-Life Launcher
"{FAB667D6-7E92-4A43-B480-B57EDB47E7B3}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{6A429FFA-6543-43C8-BA40-15B431BB85C5}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{0DF11388-81C7-4CE0-A6E9-9F07CEB7BC03}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{D6836AFD-A829-4EB5-904A-BD73C49F7D87}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{E314D82B-D23C-47C4-AF88-BCE5867A83B4}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{3DC5BBC3-683D-4E0C-A688-ACB3D7828BDC}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{BE1F7616-A5D2-40CE-A5BA-1943DBB733DE}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{16652A7D-F4B0-4C19-A79E-3C31C09E6277}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{F89F3C18-CF7D-42EB-B1A9-DCB24AB006BC}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{5F9B782B-8484-456E-9D9F-607AEB24F12C}"= UDP:3703:Adobe Version Cue CS3 Server
"{9E1A9546-CDA3-40DA-99E2-31C2C6459547}"= UDP:3704:Adobe Version Cue CS3 Server
"{E5606D3C-ACBB-4340-B6D5-63BF7261A011}"= UDP:50900:Adobe Version Cue CS3 Server
"{8AEFAAD0-7505-4078-B4DF-56E532E46F13}"= UDP:50901:Adobe Version Cue CS3 Server
"{927F5009-F1DE-4DC9-9EBF-2DFC63E49051}"= UDP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{629ADE2C-0E88-44E7-A572-EA9EE111E23E}"= TCP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"TCP Query User{90B959B4-7194-49E6-85FC-A1149DE5824A}c:\\kav\\kav7\\setup.exe"= UDP:c:\kav\kav7\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"UDP Query User{344C0148-B59E-46CB-89F3-BBC932CBEA1C}c:\\kav\\kav7\\setup.exe"= TCP:c:\kav\kav7\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"TCP Query User{ED92C168-B738-40A5-9D93-4665AFB5E99E}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{3E607FCA-35AA-4705-8DE8-5CB3156A084F}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{65C4A0E8-F6C4-4F34-B6AD-2BE8ECD7EE70}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{8D50EA31-9D06-4815-B0A8-0542A039467B}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{CAECE547-ECE6-493A-837F-8CF595864BF7}c:\\program files\\aim6\\aim6.exe"= UDP:c:\program files\aim6\aim6.exe:AIM
"UDP Query User{8C7E2D5D-6144-4051-BE7D-E56DC34158B3}c:\\program files\\aim6\\aim6.exe"= TCP:c:\program files\aim6\aim6.exe:AIM
"TCP Query User{E91E325D-15B4-47C7-8F39-83D5CB42D3FA}c:\\program files\\steam\\steamapps\\apriltdxtc87\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\apriltdxtc87\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{2580D6D7-7D7A-4ED3-9728-A3584F6F92F2}c:\\program files\\steam\\steamapps\\apriltdxtc87\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\apriltdxtc87\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{BD07F089-AEF1-4666-B7D6-D5FFD053B705}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{8D17FA65-3F84-42F0-AFEF-FC0E8ACFEBE6}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{D24C28B4-58C0-44C3-A792-BD2A91273503}c:\\users\\april\\desktop\\utorrent.exe"= UDP:c:\users\april\desktop\utorrent.exe:utorrent.exe
"UDP Query User{49BBAEBE-6C67-4BF0-8535-9969410396A6}c:\\users\\april\\desktop\\utorrent.exe"= TCP:c:\users\april\desktop\utorrent.exe:utorrent.exe
"{120C4ECC-16CE-40A0-96C7-CEECF2338204}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE:SMLMProxy Module - HP1006MC.EXE
"{B4A93B3B-A969-4BF5-8A1F-5EAE10E9B15D}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE:SMLMProxy Module - HP1006MC.EXE
"{D109242E-5FAF-4ADB-BC9B-E2550500DB4A}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{15341EBE-C360-40D6-B2C8-331BD6D851EE}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{5BE6584A-4693-4ACC-B8DA-DB2A377B7B3D}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{BB91F9A1-8498-4604-B0CB-DD8EE8828394}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{DC9AA20A-03D5-429D-BFD6-C6C9B0925FDE}c:\\users\\april\\desktop\\old icons\\utorrent.exe"= UDP:c:\users\april\desktop\old icons\utorrent.exe:utorrent.exe
"UDP Query User{AA4664F1-FF92-45B5-97C4-897ED0D3DB89}c:\\users\\april\\desktop\\old icons\\utorrent.exe"= TCP:c:\users\april\desktop\old icons\utorrent.exe:utorrent.exe
"{5E878EF8-4719-4F75-B5B6-9E108C0890A5}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{A12F624A-B433-4760-ACED-2FCEFF4832D7}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{A7BEA0E9-C4EE-43CA-A5F6-E751A1DD5CC5}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{41968CCA-AF10-4DD9-B213-75D0118082D4}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{8749A514-ED1A-4DA2-9189-1487C871D78A}c:\\program files\\steam\\steamapps\\apriltdxtc87\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\apriltdxtc87\counter-strike source\hl2.exe:hl2
"UDP Query User{05B7EEE8-97E5-4A93-BDBB-439C0FE9A054}c:\\program files\\steam\\steamapps\\apriltdxtc87\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\apriltdxtc87\counter-strike source\hl2.exe:hl2
"TCP Query User{C02F378B-5525-4E16-A3CC-C8E8DDFD54B6}c:\\program files\\steam\\steamapps\\apriltdxtc87\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\apriltdxtc87\counter-strike source\hl2.exe:hl2
"UDP Query User{4DB22FF5-802A-4D65-B363-5564FA34A2C2}c:\\program files\\steam\\steamapps\\apriltdxtc87\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\apriltdxtc87\counter-strike source\hl2.exe:hl2
"TCP Query User{37E98DCF-DE50-4A34-A19B-DE1B371AE2E1}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{3FA922D6-ACD2-41D2-9D65-5CA6AF3D3CB4}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{E910397F-2858-4B66-A042-120249DC0B44}c:\\users\\april\\desktop\\old icons\\utorrent.exe"= UDP:c:\users\april\desktop\old icons\utorrent.exe:utorrent.exe
"UDP Query User{739D758F-BD90-4ACC-8556-0723353BCE06}c:\\users\\april\\desktop\\old icons\\utorrent.exe"= TCP:c:\users\april\desktop\old icons\utorrent.exe:utorrent.exe
"{6C213E6A-50A1-4D90-A7B5-6A4C8BCB1EE4}"= UDP:c:\windows\System32\lxdicoms.exe:Lexmark Communications System
"{BF9D593D-BB29-4446-A0E8-0B3871A8EDD9}"= TCP:c:\windows\System32\lxdicoms.exe:Lexmark Communications System
"{DF8AFE84-2268-4418-B095-5E6F11980762}"= UDP:c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe:Lexmark Device Monitor
"{226E8A0E-F1A5-49EB-BBBC-B6B491C52E72}"= TCP:c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe:Lexmark Device Monitor
"{6DB268D2-CF28-4278-AFF6-FA2E6B21A50F}"= UDP:c:\program files\Lexmark 3500-4500 Series\App4R.exe:Lexmark Imaging Studio
"{8EF2E125-E5C5-4E5C-B441-EA5D801A5898}"= TCP:c:\program files\Lexmark 3500-4500 Series\App4R.exe:Lexmark Imaging Studio
"{E31AB988-DB30-42F9-9E77-4C7FBF830EDB}"= UDP:c:\program files\Lexmark 3500-4500 Series\lxdimon.exe:Device Monitor
"{2847936B-DEA2-4E93-A610-C426A7484DF5}"= TCP:c:\program files\Lexmark 3500-4500 Series\lxdimon.exe:Device Monitor
"{4B35154B-BA16-41C5-AA7C-165B601D73F8}"= UDP:c:\users\April\AppData\Local\Temp\lxdi\wireless\ENGLISH\lxdiwpss.exe:
"{10A2EE62-4335-4658-BCF4-FAE69D1C924C}"= TCP:c:\users\April\AppData\Local\Temp\lxdi\wireless\ENGLISH\lxdiwpss.exe:
"{007910A8-64D9-4988-9D6D-28F1488FBE12}"= UDP:c:\windows\System32\lxdicfg.exe:Printer Communication System
"{615A12DF-8786-447D-B0AC-7084FD43B647}"= TCP:c:\windows\System32\lxdicfg.exe:Printer Communication System
"{9553D0FB-06AF-40BA-9C37-698D651899C5}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdipswx.exe:Printer Status Window Interface
"{D87DA161-4C8C-4E75-AAC5-92E1A0926EE9}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdipswx.exe:Printer Status Window Interface
"{CD81CDB7-D449-4231-8817-C60422704EEF}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxditime.exe:Lexmark Connect Time Executable
"{5D6FA828-AA55-4337-BED0-E5FB0B9E6F8F}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxditime.exe:Lexmark Connect Time Executable
"TCP Query User{72A4ADE0-4354-4186-965F-C04B0BDE3CF7}c:\\program files\\lexmark 3500-4500 series\\lxdiamon.exe"= UDP:c:\program files\lexmark 3500-4500 series\lxdiamon.exe:Device Monitor Application
"UDP Query User{F6CB753C-7778-476A-8A7B-7F5E220DAB1A}c:\\program files\\lexmark 3500-4500 series\\lxdiamon.exe"= TCP:c:\program files\lexmark 3500-4500 series\lxdiamon.exe:Device Monitor Application
"TCP Query User{383AABFF-982B-4217-89B9-0FF6C71C51B4}c:\\program files\\lexmark 3500-4500 series\\lxdimon.exe"= UDP:c:\program files\lexmark 3500-4500 series\lxdimon.exe:Device Monitor
"UDP Query User{580ADF04-102F-4521-8DEE-8DBD1C776DA1}c:\\program files\\lexmark 3500-4500 series\\lxdimon.exe"= TCP:c:\program files\lexmark 3500-4500 series\lxdimon.exe:Device Monitor

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [2009-03-11 64160]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2009-03-11 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2009-03-11 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2009-03-11 51792]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 921936]
R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?]
S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxdiserv.exe [2007-06-11 99248]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\System32\drivers\NETw2v32.sys [2006-11-02 2589184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder

2009-03-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 14:34]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)
MSConfigStartUp-NapsterShell - c:\program files\Napster\napster.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Consumer&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-152XL
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Consumer&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-152XL
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\April\AppData\Roaming\Mozilla\Firefox\Profiles\h4nnnttk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=TB50TRFF;homepage=no;search=yesab&query=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\users\April\AppData\Roaming\Mozilla\Firefox\Profiles\h4nnnttk.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-12 15:05:19
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(744)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infra.dll

- - - - - - - > 'Explorer.exe'(2164)
c:\program files\Protector Suite QL\farchns.dll
c:\program files\Protector Suite QL\infra.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Protector Suite QL\upeksvr.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE
c:\windows\System32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\windows\System32\lxdicoms.exe
c:\program files\IDT\WDM\stacsv.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Protector Suite QL\psqltray.exe
c:\program files\Camera Assistant Software for Gateway\CEC_MAIN.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Completion time: 2009-03-12 15:11:33 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-12 22:11:24

Pre-Run: 4,672,598,016 bytes free
Post-Run: 4,353,667,072 bytes free

328 --- E O F --- 2009-03-09 21:51:04

tetonbob · 03-12-2009, 05:49 PM

Good work...next steps...

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------.

Uninstall the following via the Add/Remove Panel (Start->Control Panel->Add or Remove a Program)

Java(TM) 6 Update 4
Java(TM) 6 Update 7

These are all outdated, and security risks by having them installed still. Unfortunately, Java does not uninstall these older versions when you update, nor tell you that you should. Going forward, Java will overwrite existing installs, so removing older versions should not be required after this.

Leave Java(TM) 6 Update 12 alone, as it is the most recent.

---------------------------------------------------------------------------------------------

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:

Quote:

File::
c:\windows\System32\gaopdxcounter
c:\windows\System32\gaopdxeexotcmvvngapjinhyixjynpxirrpvuo.dll

Save this as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Ensure your AntiVirus and AntiSpyware applications are re-enabled.

---------------------------------------------------------------------------------------------
Perform an online scan with Panda ActiveScan
- Click on Scan Your PC Now
- A "pop up" window will appear, or a new tab will open.
- Click on Register
- Choose the option you like most, but we recommend the Free Registration.
- Click on Register
- Enter your e-mail address, and create a password.
- Select "I do not want to receive any type of information". (unless you want to receive such information)
- Click on Send
- Confirm registration, and continue by entering your user name and password, then click on Enter
- Select Full Scan, then Click on Scan Now
- Wait for the components to be loaded and installed. Don't close this window or go to another page while it is downloading. You can continue using the Internet by opening another window in your browser.
- If it finds any malware it can disinfect, the Disinfect button will be enabled. Click on Disinfect
- Please ignore the offer to buy the program. Click on Export To
- Export the log and save it to your desktop.
- Please attach the contents of that log to your reply.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

---------------------------------------------------------------------------------------------

How is the machine behaving?

DepthofField25 · 03-12-2009, 08:54 PM

Hi again,

While uninstalling the older version of Java, I noticed I still have "Lagarith lossless codec" installed, which I believe may have caused this whole mess (the problems started happening after I downloaded this). Should I go ahead and uninstall this program?

In regard to system behavior, it appears everything is working well. No browser redirects and no random pop ups so far. I will keep you updated on this though.

And below is the new ComboFix log you asked for. I should inform you though that I had to manually reboot after the computer froze during Shutdown (I waited about an hour and a half before deciding to do this to ensure there WAS some kind of failure). So hopefully that doesn't affect anything.

ComboFix 09-03-10.03 - April 2009-03-12 17:47:14.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3070.1811 [GMT -7:00]
Running from: c:\users\April\Desktop\ComboFix.exe
Command switches used :: c:\users\April\Desktop\CFScript.txt
AV: BitDefender Antivirus *On-access scanning disabled* (Updated)
FW: BitDefender Firewall *disabled*
* Created a new restore point

FILE ::
c:\windows\System32\gaopdxcounter
c:\windows\System32\gaopdxeexotcmvvngapjinhyixjynpxirrpvuo.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\System32\gaopdxcounter

.
((((((((((((((((((((((((( Files Created from 2009-02-13 to 2009-03-13 )))))))))))))))))))))))))))))))
.

2009-03-11 10:34 . 2009-03-11 10:34 <DIR> d-------- c:\program files\Alwil Software
2009-03-11 10:34 . 2009-02-05 13:06 51,792 --a------ c:\windows\System32\drivers\aswMonFlt.sys
2009-03-11 09:42 . 2009-01-18 14:35 15,688 --a------ c:\windows\System32\lsdelete.exe
2009-03-11 08:56 . 2009-03-11 08:56 <DIR> d-------- c:\users\All Users\App4rTemp
2009-03-11 08:56 . 2009-03-11 08:56 <DIR> d-------- c:\programdata\App4rTemp
2009-03-11 08:53 . 2009-03-11 08:53 <DIR> d--h-c--- c:\users\All Users\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-11 08:53 . 2009-03-11 08:53 <DIR> d--h-c--- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-11 08:53 . 2009-01-18 14:30 64,160 --a------ c:\windows\System32\drivers\Lbd.sys
2009-03-11 08:52 . 2009-03-11 08:53 <DIR> d-------- c:\users\All Users\Lavasoft
2009-03-11 08:52 . 2009-03-11 08:53 <DIR> d-------- c:\programdata\Lavasoft
2009-03-11 08:52 . 2009-03-11 08:52 <DIR> d-------- c:\program files\Lavasoft
2009-02-20 00:30 . 2009-02-20 03:25 <DIR> d-------- c:\users\April\AppData\Roaming\DivX
2009-02-20 00:28 . 2009-02-23 01:13 <DIR> d-------- c:\program files\Common Files\PX Storage Engine
2009-02-20 00:18 . 2009-02-20 00:18 <DIR> d-------- c:\program files\CCleaner
2009-02-19 19:36 . 2006-12-11 14:12 176,235 --a------ c:\windows\System32\Primomonnt.dll
2009-02-19 19:35 . 2009-02-19 19:35 <DIR> d-------- c:\windows\PrimoPDF4
2009-02-19 19:08 . 2009-02-19 19:08 <DIR> d-------- c:\users\April\AppData\Roaming\Lexmark Productivity Studio
2009-02-19 19:07 . 2009-03-12 09:43 <DIR> d-------- c:\users\All Users\Lx_cats
2009-02-19 19:07 . 2009-03-12 09:43 <DIR> d-------- c:\programdata\Lx_cats
2009-02-19 19:02 . 2009-02-19 19:02 <DIR> d-------- C:\logs
2009-02-19 19:00 . 2009-02-19 19:01 <DIR> d-------- c:\program files\Lexmark 3500-4500 Series
2009-02-19 18:38 . 2009-02-19 18:38 <DIR> d-------- c:\users\All Users\PC Drivers HeadQuarters
2009-02-19 18:38 . 2009-02-19 18:38 <DIR> d-------- c:\programdata\PC Drivers HeadQuarters
2009-02-15 18:09 . 2008-12-04 21:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-15 18:09 . 2008-12-04 21:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-15 18:09 . 2008-12-04 21:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-15 18:09 . 2008-12-04 21:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-15 18:09 . 2008-12-04 21:31 80,896 --a------ c:\windows\System32\MSNP.ax

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-13 00:42 --------- d-----w c:\program files\Java
2009-03-11 16:59 --------- d-----w c:\programdata\avg8
2009-03-11 16:32 --------- d-----w c:\users\April\AppData\Roaming\uTorrent
2009-03-11 15:30 --------- d---a-w c:\programdata\TEMP
2009-03-09 01:38 --------- d-----w c:\users\April\AppData\Roaming\LimeWire
2009-02-23 08:14 --------- d-----w c:\program files\DivX
2009-02-20 01:39 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-20 00:07 --------- d-----w c:\program files\MediaCoder
2009-02-13 00:32 --------- d-----w c:\programdata\Microsoft Help
2009-02-13 00:31 --------- d-----w c:\program files\Windows Mail
2009-01-31 11:11 --------- d-----w c:\program files\Steam
2009-01-21 06:24 --------- d-----w c:\program files\Common Files\Steam
2008-09-13 00:38 26,166,770 ----a-w c:\program files\NAV05ENG.exe
2008-07-29 20:43 994 ----a-w c:\users\April\AppData\Roaming\wklnhst.dat
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
2007-03-29 02:54 865,792 ------w c:\program files\mozilla firefox\components\pbgk1_8.dll
2008-09-22 21:58 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-09-22 21:58 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-09-22 21:58 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-03-12_15.09.59.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-13 00:46:47 6,328,320 ----a-w c:\windows\ERDNT\Hiv-backup\schema.dat
+ 2009-03-13 00:49:42 6,328,320 ----a-w c:\windows\ERDNT\subs\schema.dat
- 2009-03-12 22:05:15 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2009-03-13 01:19:16 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
- 2009-03-12 22:05:15 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2009-03-13 01:19:16 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
- 2009-03-12 22:05:35 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-03-13 01:19:05 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-03-12 22:05:35 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-13 01:19:05 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-03-12 22:05:35 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-03-13 01:19:05 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-03-12 21:43:59 106,220 ----a-w c:\windows\System32\perfc009.dat
+ 2009-03-13 00:42:15 106,220 ----a-w c:\windows\System32\perfc009.dat
- 2009-03-12 21:43:59 607,356 ----a-w c:\windows\System32\perfh009.dat
+ 2009-03-13 00:42:15 607,356 ----a-w c:\windows\System32\perfh009.dat
- 2009-03-11 15:53:42 6,553,600 ----a-w c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2009-03-13 00:49:42 6,328,320 ----a-w c:\windows\System32\SMI\Store\Machine\schema.dat
- 2009-03-12 21:38:51 13,398 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2052494839-1001839606-1528738737-1000_UserData.bin
+ 2009-03-13 00:37:18 13,810 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2052494839-1001839606-1528738737-1000_UserData.bin
- 2009-03-12 21:38:51 87,440 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-03-13 00:37:18 87,866 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-03-12 21:38:45 51,162 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-03-13 00:37:14 51,594 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-03-11 15:52:57 72,338,430 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2009-03-13 00:41:53 73,480,215 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-03-28 19:59 2953216 --a------ c:\program files\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-03-28 19:59 2953216 --a------ c:\program files\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-20 c:\windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2007-03-28 49168]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Gateway\traybar.exe" [2007-09-13 638976]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-03-29 624248]
"Adobe_ID0EYTHM"="c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160]
"hpbdfawep"="c:\program files\HP\Dfawep\bin\hpbdfawep.exe" [2007-04-25 954368]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"lxdimon.exe"="c:\program files\Lexmark 3500-4500 Series\lxdimon.exe" [2007-07-16 434864]
"lxdiamon"="c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-07-16 25264]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-18 506712]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-05 148888]
"SigmatelSysTrayApp"="sttray.exe" [2007-07-27 c:\windows\sttray.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-07-13 40072]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BigFix.lnk - c:\program files\BigFix\bigfix.exe [2008-04-02 2342912]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-03-29 719664]
VPN Client.lnk - c:\windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2008-10-30 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-03-28 19:46 90112 c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
"msacm.ac3filter"= ac3filter.acm
"VIDC.LAGS"= lagarith.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-04-02 11:01 1838592 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{4FFD0FE8-EBE7-44F3-883C-8CEC0F018DE5}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C21206A0-CD40-4848-9736-842954101E87}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{91AB2919-7358-4ABB-91E0-C67BC1029064}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{886B1E24-CBD6-4692-ABEB-3E4CDB13990E}c:\\program files\\steam\\steamapps\\apriltdxtc87\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\apriltdxtc87\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{785C6D46-B0E0-4950-8FDC-999F18F0264D}c:\\program files\\steam\\steamapps\\apriltdxtc87\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\apriltdxtc87\counter-strike\hl.exe:Half-Life Launcher
"{FAB667D6-7E92-4A43-B480-B57EDB47E7B3}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{6A429FFA-6543-43C8-BA40-15B431BB85C5}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{0DF11388-81C7-4CE0-A6E9-9F07CEB7BC03}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{D6836AFD-A829-4EB5-904A-BD73C49F7D87}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{E314D82B-D23C-47C4-AF88-BCE5867A83B4}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{3DC5BBC3-683D-4E0C-A688-ACB3D7828BDC}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{BE1F7616-A5D2-40CE-A5BA-1943DBB733DE}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{16652A7D-F4B0-4C19-A79E-3C31C09E6277}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{F89F3C18-CF7D-42EB-B1A9-DCB24AB006BC}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{5F9B782B-8484-456E-9D9F-607AEB24F12C}"= UDP:3703:Adobe Version Cue CS3 Server
"{9E1A9546-CDA3-40DA-99E2-31C2C6459547}"= UDP:3704:Adobe Version Cue CS3 Server
"{E5606D3C-ACBB-4340-B6D5-63BF7261A011}"= UDP:50900:Adobe Version Cue CS3 Server
"{8AEFAAD0-7505-4078-B4DF-56E532E46F13}"= UDP:50901:Adobe Version Cue CS3 Server
"{927F5009-F1DE-4DC9-9EBF-2DFC63E49051}"= UDP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{629ADE2C-0E88-44E7-A572-EA9EE111E23E}"= TCP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"TCP Query User{90B959B4-7194-49E6-85FC-A1149DE5824A}c:\\kav\\kav7\\setup.exe"= UDP:c:\kav\kav7\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"UDP Query User{344C0148-B59E-46CB-89F3-BBC932CBEA1C}c:\\kav\\kav7\\setup.exe"= TCP:c:\kav\kav7\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"TCP Query User{ED92C168-B738-40A5-9D93-4665AFB5E99E}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{3E607FCA-35AA-4705-8DE8-5CB3156A084F}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{65C4A0E8-F6C4-4F34-B6AD-2BE8ECD7EE70}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{8D50EA31-9D06-4815-B0A8-0542A039467B}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{CAECE547-ECE6-493A-837F-8CF595864BF7}c:\\program files\\aim6\\aim6.exe"= UDP:c:\program files\aim6\aim6.exe:AIM
"UDP Query User{8C7E2D5D-6144-4051-BE7D-E56DC34158B3}c:\\program files\\aim6\\aim6.exe"= TCP:c:\program files\aim6\aim6.exe:AIM
"TCP Query User{E91E325D-15B4-47C7-8F39-83D5CB42D3FA}c:\\program files\\steam\\steamapps\\apriltdxtc87\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\apriltdxtc87\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{2580D6D7-7D7A-4ED3-9728-A3584F6F92F2}c:\\program files\\steam\\steamapps\\apriltdxtc87\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\apriltdxtc87\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{BD07F089-AEF1-4666-B7D6-D5FFD053B705}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{8D17FA65-3F84-42F0-AFEF-FC0E8ACFEBE6}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{D24C28B4-58C0-44C3-A792-BD2A91273503}c:\\users\\april\\desktop\\utorrent.exe"= UDP:c:\users\april\desktop\utorrent.exe:utorrent.exe
"UDP Query User{49BBAEBE-6C67-4BF0-8535-9969410396A6}c:\\users\\april\\desktop\\utorrent.exe"= TCP:c:\users\april\desktop\utorrent.exe:utorrent.exe
"{120C4ECC-16CE-40A0-96C7-CEECF2338204}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE:SMLMProxy Module - HP1006MC.EXE
"{B4A93B3B-A969-4BF5-8A1F-5EAE10E9B15D}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE:SMLMProxy Module - HP1006MC.EXE
"{D109242E-5FAF-4ADB-BC9B-E2550500DB4A}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{15341EBE-C360-40D6-B2C8-331BD6D851EE}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{5BE6584A-4693-4ACC-B8DA-DB2A377B7B3D}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{BB91F9A1-8498-4604-B0CB-DD8EE8828394}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{DC9AA20A-03D5-429D-BFD6-C6C9B0925FDE}c:\\users\\april\\desktop\\old icons\\utorrent.exe"= UDP:c:\users\april\desktop\old icons\utorrent.exe:utorrent.exe
"UDP Query User{AA4664F1-FF92-45B5-97C4-897ED0D3DB89}c:\\users\\april\\desktop\\old icons\\utorrent.exe"= TCP:c:\users\april\desktop\old icons\utorrent.exe:utorrent.exe
"{5E878EF8-4719-4F75-B5B6-9E108C0890A5}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{A12F624A-B433-4760-ACED-2FCEFF4832D7}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{A7BEA0E9-C4EE-43CA-A5F6-E751A1DD5CC5}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{41968CCA-AF10-4DD9-B213-75D0118082D4}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{8749A514-ED1A-4DA2-9189-1487C871D78A}c:\\program files\\steam\\steamapps\\apriltdxtc87\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\apriltdxtc87\counter-strike source\hl2.exe:hl2
"UDP Query User{05B7EEE8-97E5-4A93-BDBB-439C0FE9A054}c:\\program files\\steam\\steamapps\\apriltdxtc87\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\apriltdxtc87\counter-strike source\hl2.exe:hl2
"TCP Query User{C02F378B-5525-4E16-A3CC-C8E8DDFD54B6}c:\\program files\\steam\\steamapps\\apriltdxtc87\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\apriltdxtc87\counter-strike source\hl2.exe:hl2
"UDP Query User{4DB22FF5-802A-4D65-B363-5564FA34A2C2}c:\\program files\\steam\\steamapps\\apriltdxtc87\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\apriltdxtc87\counter-strike source\hl2.exe:hl2
"TCP Query User{37E98DCF-DE50-4A34-A19B-DE1B371AE2E1}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{3FA922D6-ACD2-41D2-9D65-5CA6AF3D3CB4}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{E910397F-2858-4B66-A042-120249DC0B44}c:\\users\\april\\desktop\\old icons\\utorrent.exe"= UDP:c:\users\april\desktop\old icons\utorrent.exe:utorrent.exe
"UDP Query User{739D758F-BD90-4ACC-8556-0723353BCE06}c:\\users\\april\\desktop\\old icons\\utorrent.exe"= TCP:c:\users\april\desktop\old icons\utorrent.exe:utorrent.exe
"{6C213E6A-50A1-4D90-A7B5-6A4C8BCB1EE4}"= UDP:c:\windows\System32\lxdicoms.exe:Lexmark Communications System
"{BF9D593D-BB29-4446-A0E8-0B3871A8EDD9}"= TCP:c:\windows\System32\lxdicoms.exe:Lexmark Communications System
"{DF8AFE84-2268-4418-B095-5E6F11980762}"= UDP:c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe:Lexmark Device Monitor
"{226E8A0E-F1A5-49EB-BBBC-B6B491C52E72}"= TCP:c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe:Lexmark Device Monitor
"{6DB268D2-CF28-4278-AFF6-FA2E6B21A50F}"= UDP:c:\program files\Lexmark 3500-4500 Series\App4R.exe:Lexmark Imaging Studio
"{8EF2E125-E5C5-4E5C-B441-EA5D801A5898}"= TCP:c:\program files\Lexmark 3500-4500 Series\App4R.exe:Lexmark Imaging Studio
"{E31AB988-DB30-42F9-9E77-4C7FBF830EDB}"= UDP:c:\program files\Lexmark 3500-4500 Series\lxdimon.exe:Device Monitor
"{2847936B-DEA2-4E93-A610-C426A7484DF5}"= TCP:c:\program files\Lexmark 3500-4500 Series\lxdimon.exe:Device Monitor
"{4B35154B-BA16-41C5-AA7C-165B601D73F8}"= UDP:c:\users\April\AppData\Local\Temp\lxdi\wireless\ENGLISH\lxdiwpss.exe:
"{10A2EE62-4335-4658-BCF4-FAE69D1C924C}"= TCP:c:\users\April\AppData\Local\Temp\lxdi\wireless\ENGLISH\lxdiwpss.exe:
"{007910A8-64D9-4988-9D6D-28F1488FBE12}"= UDP:c:\windows\System32\lxdicfg.exe:Printer Communication System
"{615A12DF-8786-447D-B0AC-7084FD43B647}"= TCP:c:\windows\System32\lxdicfg.exe:Printer Communication System
"{9553D0FB-06AF-40BA-9C37-698D651899C5}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdipswx.exe:Printer Status Window Interface
"{D87DA161-4C8C-4E75-AAC5-92E1A0926EE9}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdipswx.exe:Printer Status Window Interface
"{CD81CDB7-D449-4231-8817-C60422704EEF}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxditime.exe:Lexmark Connect Time Executable
"{5D6FA828-AA55-4337-BED0-E5FB0B9E6F8F}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxditime.exe:Lexmark Connect Time Executable
"TCP Query User{72A4ADE0-4354-4186-965F-C04B0BDE3CF7}c:\\program files\\lexmark 3500-4500 series\\lxdiamon.exe"= UDP:c:\program files\lexmark 3500-4500 series\lxdiamon.exe:Device Monitor Application
"UDP Query User{F6CB753C-7778-476A-8A7B-7F5E220DAB1A}c:\\program files\\lexmark 3500-4500 series\\lxdiamon.exe"= TCP:c:\program files\lexmark 3500-4500 series\lxdiamon.exe:Device Monitor Application
"TCP Query User{383AABFF-982B-4217-89B9-0FF6C71C51B4}c:\\program files\\lexmark 3500-4500 series\\lxdimon.exe"= UDP:c:\program files\lexmark 3500-4500 series\lxdimon.exe:Device Monitor
"UDP Query User{580ADF04-102F-4521-8DEE-8DBD1C776DA1}c:\\program files\\lexmark 3500-4500 series\\lxdimon.exe"= TCP:c:\program files\lexmark 3500-4500 series\lxdimon.exe:Device Monitor

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [2009-03-11 64160]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2009-03-11 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2009-03-11 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2009-03-11 51792]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 921936]
R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?]
S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxdiserv.exe [2007-06-11 99248]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\System32\drivers\NETw2v32.sys [2006-11-02 2589184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder

2009-03-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 14:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Consumer&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-152XL
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Consumer&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-152XL
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\April\AppData\Roaming\Mozilla\Firefox\Profiles\h4nnnttk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=TB50TRFF;homepage=no;search=yesab&query=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\users\April\AppData\Roaming\Mozilla\Firefox\Profiles\h4nnnttk.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-12 18:19:20
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(740)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infra.dll

- - - - - - - > 'Explorer.exe'(5856)
c:\program files\Protector Suite QL\farchns.dll
c:\program files\Protector Suite QL\infra.dll
c:\windows\system32\btmmhook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Protector Suite QL\upeksvr.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE
c:\windows\System32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\windows\System32\lxdicoms.exe
c:\program files\IDT\WDM\stacsv.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Protector Suite QL\psqltray.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\program files\Camera Assistant Software for Gateway\CEC_MAIN.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\System32\wbem\WMIADAP.exe
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2009-03-12 18:24:57 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-13 01:24:53
ComboFix2.txt 2009-03-12 22:11:34

Pre-Run: 43,569,295,360 bytes free
Post-Run: 43,095,543,808 bytes free

339 --- E O F --- 2009-03-09 21:51:04

tetonbob · 03-12-2009, 09:21 PM

Hi -

Not sure what happened, perhaps one of the protection applications took exception to the action, but waiting that long was a bit excessive. ComboFix seldom takes longer than 20-30 minutes to run on well resourced, heavily infected machine. That said, better safe....and it seems everything worked out ok.

Quote:

Should I go ahead and uninstall this program?

Yes, if you can identify that as when infection came in, uninstall it, and don't go back wherever you got it from.

Panda log is clear, your symptoms are gone. We should be done here.

We still have a few items to address.

Press the Windows key + R -> in the Run box -> copy/paste in the following single line command & click OK

combofix /u

This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore points.

Now that your system is clean, to help protect your computer in the future I recommend that you follow these steps and look into the following free programs:

Microsoft Windows Update - http://www.windowsupdate.com
Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
SpywareBlaster to help prevent spyware from installing in the first place.
- Install & update SpywareBlaster with the latest definitions.
  After you have updated, click the button - enable protection for all unprotected items
McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad.
Winpatrol

Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here.

You can get a free copy of Winpatrol or use the Plus version for more features.

You can read Winpatrol's FAQ if you run into problems.
MVPS HOST FILE
The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
- Download Host.zip to your desktop.
- From your Desktop right-click (hosts.zip) and select:
  Extract All from the menu.
- Click Next, click Next, select the option:
  "Show Extracted files", click Finish
- This will open the newly created hosts folder on your Desktop.
- Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
- Once updated you should see another prompt that the task was completed.
ANTIVIRUS SOFTWARE
It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.

Do not install more than one AntiVirus program because they will conflict with each other.
Scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer
http://www.trillian.cc ? Trillian or http://www.miranda-im.com ? Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP//Vista. It's made up of two parts - ERUNT & NTREGOPT.

ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.

NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.

DepthofField25 · 03-12-2009, 10:13 PM

Teton, I will definitely look into those programs to better help protect my computer in the future.

Also, just wanted to say that I can't thank you enough for taking the time to help me out. You, along with all the other volunteer helpers on this forum are incredibly valuable and I appreciate your guys' commitment to finding solutions to our computer problems (especially considering this is a free service).

Thank you again! And I mean this in the most positive way, but I hope NOT to need your help later on down the road. ;)

tetonbob · 03-12-2009, 10:37 PM

Hi again -

Thanks for the kind words, I'm glad to have helped.

Quote:

And I mean this in the most positive way, but I hope NOT to need your help later on down the road

LOL, nope, I won't take that the wrong way at all. We all hope any member's visit to this section of the forum is a one time event. Please do enjoy the rest of the forums as much as you like.

Surf Safely, and Think Prevention!

Since this issue is resolved, this topic will be archived.

03-12-2009, 08:52 AM	#2 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,761 OS: 2000 Pro; XP Pro; XP Home	Re: Clicking on Google search results leads me to ad sites Hello, DepthofField25 - Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe. Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed. --------------------------------------------------------------------------------------------- One or more of the identified infections is a backdoor trojan. This type of infection allows hackers to remotely control your computer, steal critical system information and download and execute files without your knowledge. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation. You can read this: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? --------------------------------------------------------------------------------------------- Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate. Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete. Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum. --------------------------------------------------------------------------------------------- Please visit this webpage for download links, and instructions for running combofix: http://www.bleepingcomputer.com/comb...o-use-combofix * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. For BitDefender: http://www.gsd.k12.ms.us/techdocs/disbd.htm Please include the C:\ComboFix.txt in your next reply for further review. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

03-12-2009, 04:18 PM	#3 (permalink)
DepthofField25 Registered User Join Date: Aug 2008 Posts: 8 OS: Vista	Re: Clicking on Google search results leads me to ad sites Teton, here is the combofix log you asked for: ComboFix 09-03-10.03 - April 2009-03-12 14:37:36.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3070.1980 [GMT -7:00] Running from: c:\users\April\Desktop\ComboFix.exe AV: BitDefender Antivirus On-access scanning disabled (Updated) FW: BitDefender Firewall disabled * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf c:\recycler\S-3-8-85-100026130-100031483-100007335-1581.com c:\windows\system32\drivers\gaopdxsqximwpcldksartsbdcpotfrmcnwyatu.sys c:\windows\system32\gaopdxeexotcmvvngapjinhyixjynpxirrpvuo.dll D:\Autorun.inf d:\recycler\S-3-8-85-100026130-100031483-100007335-1581.com . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_gaopdxserv.sys ((((((((((((((((((((((((( Files Created from 2009-02-12 to 2009-03-12 ))))))))))))))))))))))))))))))) . 2009-03-11 10:34 . 2009-03-11 10:34 <DIR> d-------- c:\program files\Alwil Software 2009-03-11 10:34 . 2009-02-05 13:06 51,792 --a------ c:\windows\System32\drivers\aswMonFlt.sys 2009-03-11 09:42 . 2009-01-18 14:35 15,688 --a------ c:\windows\System32\lsdelete.exe 2009-03-11 08:56 . 2009-03-11 08:56 <DIR> d-------- c:\users\All Users\App4rTemp 2009-03-11 08:56 . 2009-03-11 08:56 <DIR> d-------- c:\programdata\App4rTemp 2009-03-11 08:53 . 2009-03-11 08:53 <DIR> d--h-c--- c:\users\All Users\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-03-11 08:53 . 2009-03-11 08:53 <DIR> d--h-c--- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-03-11 08:53 . 2009-01-18 14:30 64,160 --a------ c:\windows\System32\drivers\Lbd.sys 2009-03-11 08:52 . 2009-03-11 08:53 <DIR> d-------- c:\users\All Users\Lavasoft 2009-03-11 08:52 . 2009-03-11 08:53 <DIR> d-------- c:\programdata\Lavasoft 2009-03-11 08:52 . 2009-03-11 08:52 <DIR> d-------- c:\program files\Lavasoft 2009-03-10 10:55 . 2009-03-12 14:36 4 --a------ c:\windows\System32\gaopdxcounter 2009-02-20 00:30 . 2009-02-20 03:25 <DIR> d-------- c:\users\April\AppData\Roaming\DivX 2009-02-20 00:28 . 2009-02-23 01:13 <DIR> d-------- c:\program files\Common Files\PX Storage Engine 2009-02-20 00:18 . 2009-02-20 00:18 <DIR> d-------- c:\program files\CCleaner 2009-02-19 19:36 . 2006-12-11 14:12 176,235 --a------ c:\windows\System32\Primomonnt.dll 2009-02-19 19:35 . 2009-02-19 19:35 <DIR> d-------- c:\windows\PrimoPDF4 2009-02-19 19:08 . 2009-02-19 19:08 <DIR> d-------- c:\users\April\AppData\Roaming\Lexmark Productivity Studio 2009-02-19 19:07 . 2009-03-12 09:43 <DIR> d-------- c:\users\All Users\Lx_cats 2009-02-19 19:07 . 2009-03-12 09:43 <DIR> d-------- c:\programdata\Lx_cats 2009-02-19 19:02 . 2009-02-19 19:02 <DIR> d-------- C:\logs 2009-02-19 19:00 . 2009-02-19 19:01 <DIR> d-------- c:\program files\Lexmark 3500-4500 Series 2009-02-19 18:38 . 2009-02-19 18:38 <DIR> d-------- c:\users\All Users\PC Drivers HeadQuarters 2009-02-19 18:38 . 2009-02-19 18:38 <DIR> d-------- c:\programdata\PC Drivers HeadQuarters 2009-02-15 18:09 . 2008-12-04 21:32 428,544 --a------ c:\windows\System32\EncDec.dll 2009-02-15 18:09 . 2008-12-04 21:32 293,376 --a------ c:\windows\System32\psisdecd.dll 2009-02-15 18:09 . 2008-12-04 21:31 217,088 --a------ c:\windows\System32\psisrndr.ax 2009-02-15 18:09 . 2008-12-04 21:31 177,664 --a------ c:\windows\System32\mpg2splt.ax 2009-02-15 18:09 . 2008-12-04 21:31 80,896 --a------ c:\windows\System32\MSNP.ax . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-11 16:59 --------- d-----w c:\programdata\avg8 2009-03-11 16:32 --------- d-----w c:\users\April\AppData\Roaming\uTorrent 2009-03-11 15:30 --------- d---a-w c:\programdata\TEMP 2009-03-10 17:55 10,752 ----a-w c:\windows\System32\gaopdxeexotcmvvngapjinhyixjynpxirrpvuo.dll 2009-03-09 01:38 --------- d-----w c:\users\April\AppData\Roaming\LimeWire 2009-03-05 10:59 410,984 ----a-w c:\windows\System32\deploytk.dll 2009-03-05 10:59 --------- d-----w c:\program files\Java 2009-02-23 08:14 --------- d-----w c:\program files\DivX 2009-02-20 01:39 --------- d--h--w c:\program files\InstallShield Installation Information 2009-02-20 00:07 --------- d-----w c:\program files\MediaCoder 2009-02-13 00:32 --------- d-----w c:\programdata\Microsoft Help 2009-02-13 00:31 --------- d-----w c:\program files\Windows Mail 2009-01-31 11:11 --------- d-----w c:\program files\Steam 2009-01-21 06:24 --------- d-----w c:\program files\Common Files\Steam 2009-01-15 06:11 827,392 ----a-w c:\windows\System32\wininet.dll 2008-12-12 19:18 87,336 ----a-w c:\windows\System32\dns-sd.exe 2008-12-12 19:11 61,440 ----a-w c:\windows\System32\dnssd.dll 2008-09-13 00:38 26,166,770 ----a-w c:\program files\NAV05ENG.exe 2008-07-29 20:43 994 ----a-w c:\users\April\AppData\Roaming\wklnhst.dat 2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini 2007-03-29 02:54 865,792 ------w c:\program files\mozilla firefox\components\pbgk1_8.dll 2008-09-22 21:58 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2008-09-22 21:58 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2008-09-22 21:58 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay] @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}" [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}] 2007-03-28 19:59 2953216 --a------ c:\program files\Protector Suite QL\farchns.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen] @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}" [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}] 2007-03-28 19:59 2953216 --a------ c:\program files\Protector Suite QL\farchns.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="oobefldr.dll" [2008-01-20 c:\windows\System32\oobefldr.dll] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2007-03-28 49168] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104] "Camera Assistant Software"="c:\program files\Camera Assistant Software for Gateway\traybar.exe" [2007-09-13 638976] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-03-29 624248] "Adobe_ID0EYTHM"="c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160] "hpbdfawep"="c:\program files\HP\Dfawep\bin\hpbdfawep.exe" [2007-04-25 954368] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "lxdimon.exe"="c:\program files\Lexmark 3500-4500 Series\lxdimon.exe" [2007-07-16 434864] "lxdiamon"="c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-07-16 25264] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-05 148888] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-18 506712] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "SigmatelSysTrayApp"="sttray.exe" [2007-07-27 c:\windows\sttray.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"="c:\windows\SMINST\launcher.exe" [2007-07-13 40072] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ BigFix.lnk - c:\program files\BigFix\bigfix.exe [2008-04-02 2342912] Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-03-29 719664] VPN Client.lnk - c:\windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2008-10-30 6144] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) "DisableCAD"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] 2007-03-28 19:46 90112 c:\windows\System32\psqlpwd.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM "msacm.ac3filter"= ac3filter.acm "VIDC.LAGS"= lagarith.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli psqlpwd [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] --a------ 2008-04-02 11:01 1838592 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{4FFD0FE8-EBE7-44F3-883C-8CEC0F018DE5}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{C21206A0-CD40-4848-9736-842954101E87}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{91AB2919-7358-4ABB-91E0-C67BC1029064}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "TCP Query User{886B1E24-CBD6-4692-ABEB-3E4CDB13990E}c:\\program files\\steam\\steamapps\\apriltdxtc87\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\apriltdxtc87\counter-strike\hl.exe:Half-Life Launcher "UDP Query User{785C6D46-B0E0-4950-8FDC-999F18F0264D}c:\\program files\\steam\\steamapps\\apriltdxtc87\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\apriltdxtc87\counter-strike\hl.exe:Half-Life Launcher "{FAB667D6-7E92-4A43-B480-B57EDB47E7B3}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{6A429FFA-6543-43C8-BA40-15B431BB85C5}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{0DF11388-81C7-4CE0-A6E9-9F07CEB7BC03}"= UDP:c:\program files\AIM6\aim6.exe:AIM "{D6836AFD-A829-4EB5-904A-BD73C49F7D87}"= TCP:c:\program files\AIM6\aim6.exe:AIM "{E314D82B-D23C-47C4-AF88-BCE5867A83B4}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{3DC5BBC3-683D-4E0C-A688-ACB3D7828BDC}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{BE1F7616-A5D2-40CE-A5BA-1943DBB733DE}"= TCP:6004\|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{16652A7D-F4B0-4C19-A79E-3C31C09E6277}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{F89F3C18-CF7D-42EB-B1A9-DCB24AB006BC}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{5F9B782B-8484-456E-9D9F-607AEB24F12C}"= UDP:3703:Adobe Version Cue CS3 Server "{9E1A9546-CDA3-40DA-99E2-31C2C6459547}"= UDP:3704:Adobe Version Cue CS3 Server "{E5606D3C-ACBB-4340-B6D5-63BF7261A011}"= UDP:50900:Adobe Version Cue CS3 Server "{8AEFAAD0-7505-4078-B4DF-56E532E46F13}"= UDP:50901:Adobe Version Cue CS3 Server "{927F5009-F1DE-4DC9-9EBF-2DFC63E49051}"= UDP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server "{629ADE2C-0E88-44E7-A572-EA9EE111E23E}"= TCP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server "TCP Query User{90B959B4-7194-49E6-85FC-A1149DE5824A}c:\\kav\\kav7\\setup.exe"= UDP:c:\kav\kav7\setup.exe:Kaspersky Anti-Virus 7.0 Setup "UDP Query User{344C0148-B59E-46CB-89F3-BBC932CBEA1C}c:\\kav\\kav7\\setup.exe"= TCP:c:\kav\kav7\setup.exe:Kaspersky Anti-Virus 7.0 Setup "TCP Query User{ED92C168-B738-40A5-9D93-4665AFB5E99E}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire "UDP Query User{3E607FCA-35AA-4705-8DE8-5CB3156A084F}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire "TCP Query User{65C4A0E8-F6C4-4F34-B6AD-2BE8ECD7EE70}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{8D50EA31-9D06-4815-B0A8-0542A039467B}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox "TCP Query User{CAECE547-ECE6-493A-837F-8CF595864BF7}c:\\program files\\aim6\\aim6.exe"= UDP:c:\program files\aim6\aim6.exe:AIM "UDP Query User{8C7E2D5D-6144-4051-BE7D-E56DC34158B3}c:\\program files\\aim6\\aim6.exe"= TCP:c:\program files\aim6\aim6.exe:AIM "TCP Query User{E91E325D-15B4-47C7-8F39-83D5CB42D3FA}c:\\program files\\steam\\steamapps\\apriltdxtc87\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\apriltdxtc87\counter-strike\hl.exe:Half-Life Launcher "UDP Query User{2580D6D7-7D7A-4ED3-9728-A3584F6F92F2}c:\\program files\\steam\\steamapps\\apriltdxtc87\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\apriltdxtc87\counter-strike\hl.exe:Half-Life Launcher "TCP Query User{BD07F089-AEF1-4666-B7D6-D5FFD053B705}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{8D17FA65-3F84-42F0-AFEF-FC0E8ACFEBE6}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox "TCP Query User{D24C28B4-58C0-44C3-A792-BD2A91273503}c:\\users\\april\\desktop\\utorrent.exe"= UDP:c:\users\april\desktop\utorrent.exe:utorrent.exe "UDP Query User{49BBAEBE-6C67-4BF0-8535-9969410396A6}c:\\users\\april\\desktop\\utorrent.exe"= TCP:c:\users\april\desktop\utorrent.exe:utorrent.exe "{120C4ECC-16CE-40A0-96C7-CEECF2338204}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE:SMLMProxy Module - HP1006MC.EXE "{B4A93B3B-A969-4BF5-8A1F-5EAE10E9B15D}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE:SMLMProxy Module - HP1006MC.EXE "{D109242E-5FAF-4ADB-BC9B-E2550500DB4A}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{15341EBE-C360-40D6-B2C8-331BD6D851EE}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{5BE6584A-4693-4ACC-B8DA-DB2A377B7B3D}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{BB91F9A1-8498-4604-B0CB-DD8EE8828394}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "TCP Query User{DC9AA20A-03D5-429D-BFD6-C6C9B0925FDE}c:\\users\\april\\desktop\\old icons\\utorrent.exe"= UDP:c:\users\april\desktop\old icons\utorrent.exe:utorrent.exe "UDP Query User{AA4664F1-FF92-45B5-97C4-897ED0D3DB89}c:\\users\\april\\desktop\\old icons\\utorrent.exe"= TCP:c:\users\april\desktop\old icons\utorrent.exe:utorrent.exe "{5E878EF8-4719-4F75-B5B6-9E108C0890A5}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{A12F624A-B433-4760-ACED-2FCEFF4832D7}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "TCP Query User{A7BEA0E9-C4EE-43CA-A5F6-E751A1DD5CC5}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary "UDP Query User{41968CCA-AF10-4DD9-B213-75D0118082D4}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary "TCP Query User{8749A514-ED1A-4DA2-9189-1487C871D78A}c:\\program files\\steam\\steamapps\\apriltdxtc87\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\apriltdxtc87\counter-strike source\hl2.exe:hl2 "UDP Query User{05B7EEE8-97E5-4A93-BDBB-439C0FE9A054}c:\\program files\\steam\\steamapps\\apriltdxtc87\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\apriltdxtc87\counter-strike source\hl2.exe:hl2 "TCP Query User{C02F378B-5525-4E16-A3CC-C8E8DDFD54B6}c:\\program files\\steam\\steamapps\\apriltdxtc87\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\apriltdxtc87\counter-strike source\hl2.exe:hl2 "UDP Query User{4DB22FF5-802A-4D65-B363-5564FA34A2C2}c:\\program files\\steam\\steamapps\\apriltdxtc87\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\apriltdxtc87\counter-strike source\hl2.exe:hl2 "TCP Query User{37E98DCF-DE50-4A34-A19B-DE1B371AE2E1}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary "UDP Query User{3FA922D6-ACD2-41D2-9D65-5CA6AF3D3CB4}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary "TCP Query User{E910397F-2858-4B66-A042-120249DC0B44}c:\\users\\april\\desktop\\old icons\\utorrent.exe"= UDP:c:\users\april\desktop\old icons\utorrent.exe:utorrent.exe "UDP Query User{739D758F-BD90-4ACC-8556-0723353BCE06}c:\\users\\april\\desktop\\old icons\\utorrent.exe"= TCP:c:\users\april\desktop\old icons\utorrent.exe:utorrent.exe "{6C213E6A-50A1-4D90-A7B5-6A4C8BCB1EE4}"= UDP:c:\windows\System32\lxdicoms.exe:Lexmark Communications System "{BF9D593D-BB29-4446-A0E8-0B3871A8EDD9}"= TCP:c:\windows\System32\lxdicoms.exe:Lexmark Communications System "{DF8AFE84-2268-4418-B095-5E6F11980762}"= UDP:c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe:Lexmark Device Monitor "{226E8A0E-F1A5-49EB-BBBC-B6B491C52E72}"= TCP:c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe:Lexmark Device Monitor "{6DB268D2-CF28-4278-AFF6-FA2E6B21A50F}"= UDP:c:\program files\Lexmark 3500-4500 Series\App4R.exe:Lexmark Imaging Studio "{8EF2E125-E5C5-4E5C-B441-EA5D801A5898}"= TCP:c:\program files\Lexmark 3500-4500 Series\App4R.exe:Lexmark Imaging Studio "{E31AB988-DB30-42F9-9E77-4C7FBF830EDB}"= UDP:c:\program files\Lexmark 3500-4500 Series\lxdimon.exe:Device Monitor "{2847936B-DEA2-4E93-A610-C426A7484DF5}"= TCP:c:\program files\Lexmark 3500-4500 Series\lxdimon.exe:Device Monitor "{4B35154B-BA16-41C5-AA7C-165B601D73F8}"= UDP:c:\users\April\AppData\Local\Temp\lxdi\wireless\ENGLISH\lxdiwpss.exe: "{10A2EE62-4335-4658-BCF4-FAE69D1C924C}"= TCP:c:\users\April\AppData\Local\Temp\lxdi\wireless\ENGLISH\lxdiwpss.exe: "{007910A8-64D9-4988-9D6D-28F1488FBE12}"= UDP:c:\windows\System32\lxdicfg.exe:Printer Communication System "{615A12DF-8786-447D-B0AC-7084FD43B647}"= TCP:c:\windows\System32\lxdicfg.exe:Printer Communication System "{9553D0FB-06AF-40BA-9C37-698D651899C5}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdipswx.exe:Printer Status Window Interface "{D87DA161-4C8C-4E75-AAC5-92E1A0926EE9}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdipswx.exe:Printer Status Window Interface "{CD81CDB7-D449-4231-8817-C60422704EEF}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxditime.exe:Lexmark Connect Time Executable "{5D6FA828-AA55-4337-BED0-E5FB0B9E6F8F}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxditime.exe:Lexmark Connect Time Executable "TCP Query User{72A4ADE0-4354-4186-965F-C04B0BDE3CF7}c:\\program files\\lexmark 3500-4500 series\\lxdiamon.exe"= UDP:c:\program files\lexmark 3500-4500 series\lxdiamon.exe:Device Monitor Application "UDP Query User{F6CB753C-7778-476A-8A7B-7F5E220DAB1A}c:\\program files\\lexmark 3500-4500 series\\lxdiamon.exe"= TCP:c:\program files\lexmark 3500-4500 series\lxdiamon.exe:Device Monitor Application "TCP Query User{383AABFF-982B-4217-89B9-0FF6C71C51B4}c:\\program files\\lexmark 3500-4500 series\\lxdimon.exe"= UDP:c:\program files\lexmark 3500-4500 series\lxdimon.exe:Device Monitor "UDP Query User{580ADF04-102F-4521-8DEE-8DBD1C776DA1}c:\\program files\\lexmark 3500-4500 series\\lxdimon.exe"= TCP:c:\program files\lexmark 3500-4500 series\lxdimon.exe:Device Monitor [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [2009-03-11 64160] R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2009-03-11 114768] R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2009-03-11 20560] R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2009-03-11 51792] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 921936] R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?] S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxdiserv.exe [2007-06-11 99248] S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\System32\drivers\NETw2v32.sys [2006-11-02 2589184] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ . Contents of the 'Scheduled Tasks' folder 2009-03-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 14:34] . - - - - ORPHANS REMOVED - - - - HKCU-Run-Aim6 - (no file) MSConfigStartUp-NapsterShell - c:\program files\Napster\napster.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Consumer&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-152XL mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Consumer&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-152XL uInternet Settings,ProxyOverride = .local IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm FF - ProfilePath - c:\users\April\AppData\Roaming\Mozilla\Firefox\Profiles\h4nnnttk.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query= FF - prefs.js: browser.search.selectedEngine - AIM Search FF - prefs.js: browser.startup.homepage - www.google.com FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=TB50TRFF;homepage=no;search=yesab&query= FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll FF - plugin: c:\users\April\AppData\Roaming\Mozilla\Firefox\Profiles\h4nnnttk.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll . *********************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-12 15:05:19 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(744) c:\windows\system32\psqlpwd.dll c:\program files\Protector Suite QL\homefus2.dll c:\program files\Protector Suite QL\infra.dll - - - - - - - > 'Explorer.exe'(2164) c:\program files\Protector Suite QL\farchns.dll c:\program files\Protector Suite QL\infra.dll c:\windows\system32\btmmhook.dll c:\windows\system32\btncopy.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\System32\Ati2evxx.exe c:\windows\System32\audiodg.exe c:\windows\System32\Ati2evxx.exe c:\program files\Protector Suite QL\upeksvr.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE c:\windows\System32\agrsmsvc.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Cisco Systems\VPN Client\cvpnd.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe c:\windows\System32\lxdicoms.exe c:\program files\IDT\WDM\stacsv.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\windows\System32\wbem\unsecapp.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\Protector Suite QL\psqltray.exe c:\program files\Camera Assistant Software for Gateway\CEC_MAIN.exe c:\program files\Alwil Software\Avast4\ashDisp.exe c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe c:\program files\Windows Media Player\wmpnscfg.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe c:\windows\System32\wbem\WMIADAP.exe . ************************************************************************ . Completion time: 2009-03-12 15:11:33 - machine was rebooted ComboFix-quarantined-files.txt 2009-03-12 22:11:24 Pre-Run: 4,672,598,016 bytes free Post-Run: 4,353,667,072 bytes free 328 --- E O F --- 2009-03-09 21:51:04

03-12-2009, 10:13 PM	#7 (permalink)
DepthofField25 Registered User Join Date: Aug 2008 Posts: 8 OS: Vista	Re: Clicking on Google search results leads me to ad sites Teton, I will definitely look into those programs to better help protect my computer in the future. Also, just wanted to say that I can't thank you enough for taking the time to help me out. You, along with all the other volunteer helpers on this forum are incredibly valuable and I appreciate your guys' commitment to finding solutions to our computer problems (especially considering this is a free service). Thank you again! And I mean this in the most positive way, but I hope NOT to need your help later on down the road. ;)