Viruses, Spyware and...

Viruses, Spyware and other Nasties RSS

Help, please...

Thread Solved

•

Join Date: Jan 2008

Posts: 9

Reputation: tj3333 is an unknown quantity at this point

Solved Threads: 0

tj3333

Offline

Newbie Poster

Re: Help, please...

#11

Feb 3rd, 2008

Shut down SpyBot and it worked in normal mode - here's the ComboFix log after running that script (though I just got a spybot message while writing this post - I shut it down and then opened up task manager to make sure TeaTimer was not running prior to running ComboFix):

ComboFix 08-02.01.6 - Tim 2008-02-02 21:37:51.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.927 [GMT -8:00]
Running from: C:\Documents and Settings\Tim\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Tim\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-03 to 2008-02-03 )))))))))))))))))))))))))))))))
.

2008-02-02 11:11 . 2008-02-02 11:11 <DIR> d-------- C:\VundoFix Backups
2008-02-01 22:59 . 2008-02-02 19:40 <DIR> d-------- C:\Program Files\PokerStars.NET
2008-01-31 20:56 . 2008-01-31 20:57 <DIR> d-------- C:\Program Files\Remington Shoot!
2008-01-31 14:34 . 2008-01-31 14:34 <DIR> d-------- C:\Program Files\Windows Defender
2008-01-30 23:55 . 2008-01-30 23:55 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-30 23:55 . 2008-01-30 23:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-30 23:11 . 2008-01-30 23:11 <DIR> d-------- C:\Documents and Settings\Tim\Application Data\TrojanHunter
2008-01-30 22:57 . 2008-02-01 09:14 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2008-01-30 21:42 . 2008-01-30 21:42 <DIR> d-------- C:\WINDOWS\McAfee.com
2008-01-30 14:08 . 2008-01-30 14:08 153 --a------ C:\DelUS.bat
2008-01-30 12:24 . 2008-01-30 12:24 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-01-30 12:08 . 2008-01-12 18:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-01-30 12:08 . 2008-01-15 09:54 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-01-30 12:08 . 2008-01-15 05:28 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-30 10:55 . 2008-01-30 10:55 16 --a------ C:\WINDOWS\system32\coh.cache
2008-01-30 10:25 . 2008-01-30 10:47 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-01-30 10:25 . 2008-01-30 10:47 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-01-30 10:25 . 2008-01-30 10:47 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-01-30 10:25 . 2008-01-30 10:47 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-01-29 22:38 . 2008-01-29 22:38 332,288 --a------ C:\WINDOWS\system32\ACF.tmp
2008-01-29 22:22 . 2008-01-29 22:34 8,627 --a------ C:\WINDOWS\system32\PAV_FOG.OPC
2008-01-29 21:42 . 2008-01-29 21:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel
2008-01-29 21:31 . 2008-01-29 21:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Backup
2008-01-29 21:30 . 2008-01-29 21:30 <DIR> d-------- C:\Program Files\Panda Security
2008-01-29 21:25 . 2008-01-30 10:12 <DIR> d-------- C:\Program Files\Common Files\Panda Software
2008-01-29 20:00 . 2008-01-29 20:00 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-29 20:00 . 2008-01-29 20:00 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-29 18:23 . 2008-01-29 18:23 <DIR> d-------- C:\KAV
2008-01-29 14:59 . 2008-01-29 14:59 58 --a------ C:\WINDOWS\mchguid.ini
2008-01-29 10:26 . 2008-01-30 14:06 <DIR> d-------- C:\Program Files\DNA
2008-01-29 10:26 . 2008-01-29 11:51 <DIR> d-------- C:\Documents and Settings\Tim\Application Data\BitTorrent
2008-01-29 09:11 . 2008-01-29 09:11 <DIR> d--h----- C:\WINDOWS\PIF
2008-01-28 23:54 . 2008-01-30 12:11 <DIR> d-------- C:\Program Files\Windows Desktop Search
2008-01-28 23:52 . 2006-09-15 04:36 192,000 -----c--- C:\WINDOWS\system32\dllcache\offfilt.dll
2008-01-28 23:52 . 2006-09-15 04:36 98,304 -----c--- C:\WINDOWS\system32\dllcache\nlhtml.dll
2008-01-28 23:52 . 2006-09-15 04:36 29,696 -----c--- C:\WINDOWS\system32\dllcache\mimefilt.dll
2008-01-28 17:04 . 2008-01-28 17:04 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-01-28 17:04 . 2008-01-28 17:04 <DIR> d-------- C:\Program Files\SentrilockCardUtility
2008-01-28 17:04 . 2008-01-28 17:04 <DIR> d-------- C:\Program Files\DIFX
2008-01-28 17:04 . 2006-11-07 05:35 47,488 --a------ C:\WINDOWS\system32\drivers\SCR3XX2K.sys
2008-01-28 17:03 . 2008-01-30 23:54 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-28 17:03 . 2008-01-28 17:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SentriLock
2008-01-28 16:25 . 2008-01-28 16:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-28 15:40 . 2008-01-28 15:40 <DIR> d-------- C:\Program Files\Microsoft WSE
2008-01-28 15:39 . 2007-07-11 12:04 1,064,960 --a------ C:\WINDOWS\system32\cdintf300.dll
2008-01-28 15:39 . 2007-07-11 12:04 1,064,960 --a------ C:\WINDOWS\system32\acXMLParser.dll
2008-01-28 15:37 . 2008-01-28 15:41 <DIR> d-------- C:\WINPOINT
2008-01-28 15:37 . 2008-01-30 16:32 674 --a------ C:\WINDOWS\winpoint.ini
2008-01-28 11:53 . 2001-08-17 13:53 6,784 --a------ C:\WINDOWS\system32\drivers\serscan.sys
2008-01-28 11:53 . 2001-08-17 13:53 6,784 --a--c--- C:\WINDOWS\system32\dllcache\serscan.sys
2008-01-28 11:53 . 2008-01-31 16:22 1,222 --a------ C:\WINDOWS\Brpfx04a.ini
2008-01-28 11:53 . 2008-01-28 11:53 410 --a------ C:\WINDOWS\BRWMARK.INI
2008-01-28 11:53 . 2008-01-29 16:45 153 --a------ C:\WINDOWS\brpcfx.ini
2008-01-28 11:53 . 2008-01-28 11:53 65 --a------ C:\WINDOWS\system32\BD8660DN.DAT
2008-01-28 11:52 . 2008-01-28 11:52 <DIR> d-------- C:\Program Files\Brother
2008-01-28 11:48 . 2008-01-28 11:48 <DIR> d-------- C:\Program Files\ScanSoft
2008-01-28 11:48 . 2008-01-28 11:48 <DIR> d-------- C:\Program Files\Common Files\ScanSoft Shared
2008-01-28 11:48 . 2008-01-28 11:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-01-28 11:48 . 2008-01-28 11:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-01-28 11:48 . 2003-09-24 11:36 27,019 --a------ C:\WINDOWS\maxlink.ini
2008-01-28 11:46 . 2008-01-28 11:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Brother
2008-01-28 11:36 . 2008-01-31 23:31 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-28 11:36 . 2008-01-28 11:36 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-28 11:09 . 2008-01-28 11:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-01-28 11:08 . 2008-01-28 11:08 <DIR> d-------- C:\Documents and Settings\Tim\Application Data\Logitech
2008-01-28 11:07 . 2008-01-28 11:07 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-01-28 11:06 . 2008-01-28 11:06 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-01-28 11:06 . 2008-01-28 11:06 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2008-01-28 11:06 . 2008-01-28 11:06 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2008-01-28 11:05 . 2007-11-15 10:06 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll
2008-01-28 11:05 . 2007-11-15 10:07 170,512 --a------ C:\WINDOWS\system32\kemutb.dll
2008-01-28 11:05 . 2007-11-15 10:07 141,840 --a------ C:\WINDOWS\system32\KemUtil.dll
2008-01-28 11:05 . 2007-11-15 10:07 117,264 --a------ C:\WINDOWS\system32\KemWnd.dll
2008-01-28 11:05 . 2007-11-15 10:07 76,304 --a------ C:\WINDOWS\system32\KemXML.dll
2008-01-28 11:04 . 2008-01-28 11:04 <DIR> d-------- C:\Program Files\Logitech
2008-01-28 11:04 . 2008-01-28 11:05 <DIR> d-------- C:\Program Files\Common Files\Logishrd
2008-01-28 11:04 . 2008-01-28 11:04 <DIR> d-------- C:\Documents and Settings\Tim\Application Data\InstallShield
2008-01-28 11:04 . 2008-01-28 11:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-01-28 10:34 . 2008-01-30 12:08 <DIR> d-------- C:\Program Files\Norton AntiVirus
2008-01-28 10:32 . 2008-01-30 10:47 <DIR> d-------- C:\Program Files\Symantec
2008-01-28 10:32 . 2008-01-31 23:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-28 09:18 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-01-28 09:18 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-01-28 09:18 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-01-28 09:18 . 2004-08-04 00:56 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-01-28 09:18 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-01-28 09:18 . 2004-08-03 22:58 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-01-28 09:18 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-01-28 09:18 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-01-28 09:18 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-01-28 09:18 . 2001-08-17 14:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-01-28 00:09 . 2008-01-28 00:09 <DIR> d-------- C:\WINDOWS\Sun
2008-01-28 00:06 . 2008-01-28 00:06 <DIR> d-------- C:\Program Files\Macromedia
2008-01-28 00:06 . 2008-01-28 00:06 <DIR> d-------- C:\Program Files\Common Files\Macromedia Shared
2008-01-27 23:45 . 2008-01-27 23:45 <DIR> d-------- C:\Program Files\Common Files\supportsoft
2008-01-27 23:44 . 2006-04-12 10:11 1,933,312 --a------ C:\WINDOWS\system32\cdintf251.dll
2008-01-27 23:39 . 2008-01-27 23:45 <DIR> d-------- C:\Program Files\Intuit
2008-01-27 23:39 . 2008-01-27 23:39 <DIR> d-------- C:\Program Files\Common Files\AnswerWorks 4.0
2008-01-27 23:37 . 2008-01-27 23:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\COMMON FILES
2008-01-27 23:36 . 2008-01-27 23:36 <DIR> d-------- C:\Program Files\MSXML 4.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-01 18:10 1,562,112 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-01-30 18:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-30 04:15 --------- d-----w C:\Program Files\QuickTime
2008-01-30 04:14 --------- d-----w C:\Program Files\Google
2008-01-29 22:02 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-28 19:52 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-28 17:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intuit
2008-01-28 07:41 --------- d-----w C:\Program Files\Common Files\Intuit
2008-01-27 21:36 --------- d-----w C:\Program Files\Napster
2008-01-27 21:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Napster
2008-01-27 21:35 --------- d-----w C:\Program Files\TOSHIBA
2008-01-27 21:26 --------- d-----w C:\Program Files\Common Files\aolshare
2008-01-27 21:26 --------- d-----w C:\Program Files\Common Files\AOL
2008-01-27 21:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-01-27 21:20 15,890 ----a-w C:\WINDOWS\system32\drivers\mdc8021x.sys
2008-01-27 21:15 --------- d-----w C:\Program Files\Sonic
2007-12-14 19:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-11-15 00:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2007-11-15 00:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6A01B65F-727B-486B-A5C2-2B45A2D12C6B}]
C:\WINDOWS\system32\ddabx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-01-27 23:30 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-29 23:32 65536]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-27 16:19 171448]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2005-04-25 08:15 339968]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-12 15:17 88358 C:\WINDOWS\agrsmmsg.exe]
"NDSTray.exe"="NDSTray.exe" []
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2005-04-05 15:25 73728]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-11 09:00 339968]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-01-14 01:05 122939]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-14 14:28 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-14 14:26 688218]
"TPSMain"="TPSMain.exe" [2004-12-28 15:02 270336 C:\WINDOWS\system32\TPSMain.exe]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-17 15:37 151552]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 03:10 55824 C:\WINDOWS\KHALMNPR.Exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-04-20 14:12 98304]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 14:25 57393]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 14:45 40960]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2005-11-11 18:30 995328]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 21:59 115816]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-01-13 23:11 771704]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-01-29 14:02:21 113664]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-01-28 11:05:24 784912]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2006-11-29 11:09:20 968224]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2005-04-20 13:34:50 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll 2007-11-15 10:10 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

S3 MSControlService;Microsoft cache control;C:\WINDOWS\system32\windows []
S3 SCR3xx USB Smart Card Reader;SCR3xx USB Smart Card Reader;C:\WINDOWS\system32\DRIVERS\SCR3XX2K.sys [2006-11-07 05:35]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-03 04:40:56 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-01-30 18:40:29 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Tim.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-02 21:40:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-02 21:41:37
ComboFix-quarantined-files.txt 2008-02-03 05:41:33
ComboFix2.txt 2008-02-03 04:35:22
ComboFix3.txt 2008-02-01 18:17:44
.
2008-01-29 00:06:24 --- E O F ---

And here's a new HiJackThisLog (I shut down spybot again prior to running this):

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:44:46 PM, on 2/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Tim\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {6A01B65F-727B-486B-A5C2-2B45A2D12C6B} - C:\WINDOWS\system32\ddabx.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O15 - Trusted Zone: http://www.pandasoftware.com
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...19/mcfscan.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 11405 bytes

•

Join Date: May 2005

Posts: 3,204

Reputation: gerbil will become famous soon enough

Solved Threads: 188

gerbil

Offline

Nearly a Senior Poster

Re: Help, please...

#12

Feb 3rd, 2008

Hello Tim,
perhaps Windows Defender is blocking us - please disable its Realtime Protection....
Open Windows Defender, click Tools, General Settings, Scroll to and uncheck Turn on real-time protection.
Click Save and close Windows Defender.
[Btw, this is the easy way to shutdown Teatimer temporarily....
To disable TeaTimer:
Open Spybot, click Mode, select Advanced Mode, click Yes in new window, click on Tools in bottom left hand corner.
Click the Resident icon and uncheck Teatimer box].

To avoid the time consumption of running Combofix again let's do this another way:
Start hijackthis, select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked.

O2 - BHO: (no name) - {6A01B65F-727B-486B-A5C2-2B45A2D12C6B} - C:\WINDOWS\system32\ddabx.dll (file missing)
O3 - Toolbar: (no name) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

Really, you should fix those two O15 items also - there is no good reason to have any items in the Trusted Zone.
Good, now we remove this service...:
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)
==Go Start, run, type services.msc -and press Enter. Maximise the window and at foot select Extended tab, scroll to the specific service, rclick it, select properties. Write down the exact Service Name. Press Stop if it is highlighted [you may have to set the service to Disable first]. Close Services, now type this line into the run text box and press Enter:
sc delete "exact Service Name" - don't be silly now....

Done? Make a new hijackthis Scan Only and check that those four items have been removed. If they are gone please tell me, plus re-enable Windows Defender and Teatimer, and reinstall ZoneAlarm SpyBlocker.

Deep, deep in the woods, but walking about.

•

Join Date: Jan 2008

Posts: 9

Reputation: tj3333 is an unknown quantity at this point

Solved Threads: 0

tj3333

Offline

Newbie Poster

Re: Help, please...

#13

Feb 3rd, 2008

OK - looks like I was able to get rid of those O2 and O3 entries (and I followed your advice and got rid of the O15 entries while I was in the business) and then was able to delete that O23 service. Here's the new HiJack this (before re-enabling Teatimer, Windows defender, et al):

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:23:37 PM, on 2/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TPSMain.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\Tim\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...19/mcfscan.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10945 bytes

•

Join Date: May 2005

Posts: 3,204

Reputation: gerbil will become famous soon enough

Solved Threads: 188

gerbil

Offline

Nearly a Senior Poster

Re: Help, please...

#14

Feb 3rd, 2008

Ripper. That's a good job, tim, log looks clean, too. I assume all is working well now?
If so, re-enable those guards and reinstall SpyBlock and off you go. Cheers

Deep, deep in the woods, but walking about.