Karl`s PC Help Forums Last active: Never
Not logged in [Login ]
Go To Bottom

In memory of Karl Davis, founder of this board, who made his final journey 12th June 2007

Printable Version | Subscribe | Add to Favourites   Post new thread Poll:
Author: Subject: Hi jack this Please pancake
RAA
New User
*




Posts: 8
Registered: 3-4-2008
Theme: KF Blue (Default)
Member Is Offline

Mood: No Mood

[*] Post 328708 posted on 4-4-2008 at 07:18 Reply With Quote
Hi jack this Please pancake



Hi

I have exactly the same behaviour on my PC. I've tried different spyware tools (spyware doctor, spyhunter, windows defense, spybot), I run Kaspersky Anti-Virus (I also tried McAfee) and I've also tried to run ComboFix.

So far nothing has helped...
View User's Profile View All Posts By User
RAA
New User
*




Posts: 8
Registered: 3-4-2008
Theme: KF Blue (Default)
Member Is Offline

Mood: No Mood

[*] Post 329119 posted on 7-4-2008 at 07:20 Reply With Quote
Hi jack this Please pancake



Hello everyone.

Thanks for your replies. I must admit I have not read the topics at the top of the forum yet, but will do so...

As far as a new thread I could of course do this but my PC symptoms are literally exactly the same as posted here (not more, not less) so in this case I would probably just copy the message from crj17 into a new thread. But I won't mind posting a new thread if it still makes sense.

I will try out HiJackThis (have never tried this before). I've also changed the settings for the RPC service, I'll let you know if this makes any difference.

In the mean time, below please find my ComboFix log below.

Thanks!

ComboFix 08-03-25.1 - RAA 2008-03-25 20:38:09.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1222 [GMT 1:00]
Running from: C:\Documents and Settings\RAA\Desktop\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
TimedOut: progfile.dat
-- Script messages for sUBs --
VFind.exe -ltf -s-1300000 -d+2007-12-25 C:\WINDOWS\*
VFind.exe -ltf -s-1000000 -d+2007-12-25 "C:\Program Files\*"
Findstr -MI oemiglib.dll C:\WINDOWS\explorer.exe
VFind.exe -ltf -s-1000000 -d+2007-12-25 "C:\Program Files\*"

VFind.exe -ltf -s-1000000 -d+2007-12-25 "C:\Program Files\*"
pv -kf *.cfexe

((((((((((((((((((((((((( Files Created from 2008-02-25 to 2008-03-25 )))))))))))))))))))))))))))))))
.

2008-03-25 20:36 . 2008-03-25 20:36 <DIR> d-------- C:\WINDOWS\LastGood
2008-03-25 19:54 . 2008-03-25 20:14 <DIR> d-------- C:\Documents and Settings\RAA\.housecall6.6
2008-03-24 23:33 . 2008-03-24 23:33 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-03-24 12:45 . 2008-03-25 18:51 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-03-24 12:45 . 2008-03-24 12:45 <DIR> d-------- C:\Documents and Settings\RAA\Application Data\PC Tools
2008-03-24 12:45 . 2008-03-25 20:36 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-24 12:45 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-03-24 12:45 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-03-24 12:45 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-03-24 12:45 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-03-24 12:09 . 2008-03-24 12:09 <DIR> d-------- C:\Program Files\Windows Defender
2008-03-19 22:13 . 2004-08-04 13:00 482,304 --a--c--- C:\WINDOWS\system32\dllcache\pintlgnt.ime
2008-03-19 22:12 . 2004-08-04 13:00 10,096,640 --a--c--- C:\WINDOWS\system32\dllcache\hwxcht.dll
2008-03-19 22:09 . 2008-03-19 22:09 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-03-19 22:09 . 2008-03-19 22:09 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-03-19 22:09 . 2008-03-19 22:09 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-03-19 22:09 . 2008-03-19 22:09 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-03-19 22:09 . 2008-03-19 22:09 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-03-19 22:09 . 2008-03-19 22:09 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-03-19 22:06 . 2004-08-04 13:00 363,520 --a--c--- C:\WINDOWS\system32\dllcache\w3svc.dll
2008-03-19 22:06 . 2004-08-04 13:00 257,024 --a--c--- C:\WINDOWS\system32\dllcache\infocomm.dll
2008-03-19 22:06 . 2004-08-04 13:00 61,440 --a--c--- C:\WINDOWS\system32\dllcache\httpod51.dll
2008-03-19 22:06 . 2004-08-04 13:00 46,592 --a--c--- C:\WINDOWS\system32\dllcache\sspifilt.dll
2008-03-19 22:06 . 2004-08-04 13:00 15,872 --a--c--- C:\WINDOWS\system32\dllcache\inetin51.exe
2008-03-19 22:06 . 2004-08-04 13:00 8,192 --a--c--- C:\WINDOWS\system32\dllcache\httpmb51.dll
2008-03-19 22:06 . 2004-08-04 13:00 7,680 --a--c--- C:\WINDOWS\system32\dllcache\inetmgr.exe
2008-03-19 22:01 . 2004-08-04 00:56 152,576 --a------ C:\WINDOWS\system32\irftp.exe
2008-03-19 22:01 . 2004-08-04 00:56 27,136 --a------ C:\WINDOWS\system32\irmon.dll
2008-03-19 22:01 . 2004-08-04 00:56 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2008-03-19 21:46 . 2004-08-04 13:00 1,086,058 -ra------ C:\WINDOWS\SET6D.tmp
2008-03-19 21:46 . 2004-08-04 13:00 1,042,903 -ra------ C:\WINDOWS\SET6A.tmp
2008-03-19 21:46 . 2004-08-04 13:00 13,753 -ra------ C:\WINDOWS\SET79.tmp
2008-03-19 16:00 . 2008-03-19 16:00 91,700 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-03-19 16:00 . 2008-03-19 16:00 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-03-19 15:59 . 2008-03-19 15:59 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-03-19 15:59 . 2008-03-25 20:45 10,818,336 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-19 15:59 . 2008-03-25 20:46 417,312 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-03-19 15:59 . 2008-03-25 20:32 146,636 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-19 15:59 . 2008-03-25 20:32 40,160 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-03-19 15:56 . 2008-03-19 15:56 <DIR> d-------- C:\kav
2008-03-19 14:29 . 2008-03-19 14:29 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-19 14:29 . 2008-03-25 20:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-19 13:36 . 2004-08-04 13:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
2008-03-19 13:11 . 2004-08-04 13:00 1,086,058 -ra------ C:\WINDOWS\SETEE.tmp
2008-03-19 13:11 . 2004-08-04 13:00 1,042,903 -ra------ C:\WINDOWS\SETEB.tmp
2008-03-19 13:11 . 2004-08-04 13:00 13,753 -ra------ C:\WINDOWS\SETFA.tmp
2008-03-19 11:35 . 2008-03-19 11:35 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2008-03-19 11:35 . 2008-03-19 11:35 <DIR> d-------- C:\Documents and Settings\RAA\Application Data\TrojanHunter
2008-03-19 11:34 . 2008-03-19 11:34 <DIR> d-------- C:\Program Files\MSECACHE
2008-03-19 11:30 . 2008-03-19 15:41 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2008-03-19 10:11 . 2008-03-19 10:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-03-19 09:33 . 2008-03-19 09:33 <DIR> d-------- C:\Documents and Settings\RAA\Application Data\System Tweaker
2008-03-19 09:21 . 2008-03-22 16:00 <DIR> d-------- C:\Program Files\Uniblue
2008-03-19 09:21 . 2008-03-22 16:00 <DIR> d-------- C:\Documents and Settings\RAA\Application Data\Uniblue
2008-03-19 06:51 . 2008-03-19 06:51 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-19 06:51 . 2008-03-19 06:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-19 06:21 . 2008-03-19 06:21 151,552 --a------ C:\WINDOWS\system32\livodljl.dll
2008-03-17 15:17 . 2008-03-17 15:18 <DIR> d-------- C:\prosjekt
2008-03-17 11:34 . 2008-03-19 16:00 440,481 --a------ C:\WINDOWS\setupapi.old
2008-03-17 11:33 . 2004-08-03 23:04 30,080 --a------ C:\WINDOWS\system32\drivers\rndismpx.sys
2008-03-17 11:33 . 2004-08-03 23:04 12,672 --a------ C:\WINDOWS\system32\drivers\usb8023x.sys
2008-03-17 11:32 . 2008-03-17 11:32 <DIR> d-------- C:\Program Files\Windows Mobile Device Handbook
2008-03-17 11:32 . 2008-03-17 11:32 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-03-13 09:11 . 2008-03-14 08:06 <DIR> d-------- C:\Program Files\Google
2008-03-13 09:11 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-13 09:10 . 2008-03-13 09:11 <DIR> d-------- C:\Program Files\Java
2008-03-11 16:19 . 2008-03-11 16:20 <DIR> d-------- C:\Program Files\Windows Live
2008-03-11 16:19 . 2008-03-11 16:19 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-11 16:18 . 2008-03-11 16:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-29 15:18 . 2008-02-29 15:21 <DIR> d-------- C:\Program Files\Automation Anywhere 4.5
2008-02-29 14:22 . 2008-02-29 14:22 <DIR> d-------- C:\Temp\SWAutomation
2008-02-29 11:18 . 2008-02-29 11:18 244 --ah----- C:\sqmnoopt02.sqm
2008-02-29 11:18 . 2008-02-29 11:18 232 --ah----- C:\sqmdata02.sqm
2008-02-28 14:09 . 2008-02-28 15:10 <DIR> d-------- C:\oracle
2008-02-28 14:07 . 2008-02-28 14:15 <DIR> d-------- C:\Program Files\Oracle
2008-02-28 13:30 . 2008-02-28 13:39 <DIR> d-------- C:\Documents and Settings\RAA\.foran
2008-02-28 13:25 . 2008-02-28 13:25 <DIR> d-------- C:\Program Files\Tcl
2008-02-28 13:25 . 1997-11-25 14:59 585,728 --a------ C:\WINDOWS\system32\tk80.dll
2008-02-28 13:25 . 1997-11-25 14:58 364,544 --a------ C:\WINDOWS\system32\tcl80.dll
2008-02-28 13:25 . 1995-08-29 04:52 176,128 --a------ C:\WINDOWS\system32\Cw3215mt.dll
2008-02-28 13:25 . 1997-11-25 14:59 24,576 --a------ C:\WINDOWS\system32\tclpip80.dll
2008-02-28 13:25 . 1997-11-25 14:58 9,752 --a------ C:\WINDOWS\system32\Tcl1680.dll
2008-02-28 13:22 . 2008-02-28 13:22 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Hummingbird
2008-02-28 13:21 . 2008-02-28 13:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2008-02-28 13:01 . 2008-02-28 13:36 <DIR> d-------- C:\FORAN

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-25 19:31 --------- d-----w C:\Documents and Settings\RAA\Application Data\Skype
2008-03-22 18:06 --------- d-----w C:\Program Files\McAfee.com
2008-03-22 18:06 --------- d-----w C:\Program Files\McAfee
2008-03-22 18:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-03-22 15:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-03-19 23:11 --------- d-----w C:\Program Files\DYMO Label
2008-03-19 11:20 --------- d-----w C:\Program Files\Mamut
2008-03-19 09:13 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-17 15:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-12 09:54 --------- d-----w C:\Program Files\ShipWeight75
2008-03-10 20:33 --------- d-----w C:\Program Files\Clue
2008-03-10 08:56 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-03-05 02:55 --------- d-----w C:\Program Files\Napa
2008-02-28 12:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-20 13:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Local
2008-02-20 13:56 --------- d-----w C:\Program Files\Telenor
2008-02-20 13:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Mobile Broadband
2008-02-20 13:55 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-19 17:07 8,480 ----a-w C:\WINDOWS\system32\drivers\ddnt.sys
2008-02-19 17:07 7,168 ----a-w C:\WINDOWS\system32\ddvdd.dll
2008-02-19 16:49 415,504 ----a-w C:\WINDOWS\system32\msrepl35.dll
2008-02-19 16:49 102,400 ----a-w C:\WINDOWS\system32\attpost32.dll
2008-02-19 16:49 1,238,288 ----a-w C:\WINDOWS\system32\msjt4jlt.dll
2008-02-19 16:49 1,050,896 ----a-w C:\WINDOWS\system32\msjet35.dll
2008-02-15 09:25 --------- d-----w C:\Documents and Settings\RAA\Application Data\Clue
2008-02-08 17:37 219,664 ----a-w C:\WINDOWS\system32\klogon.dll
2008-02-08 17:35 23,604 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
2008-01-31 14:22 --------- d-----w C:\Program Files\Mamut for Altinn
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]
@={30351346-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]
@={30351347-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]
@={30351348-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]
@={3035134B-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]
@={3035134C-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]
@={3035134D-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]
@={3035134E-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]
2007-06-09 12:42 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]
2007-06-09 12:42 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]
2007-06-09 12:42 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]
2007-06-09 12:42 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]
2007-06-09 12:42 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]
2007-06-09 12:42 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]
2007-06-09 12:42 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 13:39 1289000]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-03-13 09:12 171448]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 13:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-08-03 18:51 1032192]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-01-19 09:14 7401472]
"nwiz"="nwiz.exe" [2006-01-19 09:14 1519616 C:\WINDOWS\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2006-01-19 09:14 73728 C:\WINDOWS\system32\nvhotkey.dll]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 18:04 802816]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 17:58 696320]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 23:34 213936]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 21:46 624248]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 11:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [ ]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [ ]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [ ]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 17:30 282624 C:\WINDOWS\stsystra.exe]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 12:55 1103240]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

C:\Documents and Settings\RAA\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\livodljl]
livodljl.dll 2008-03-19 06:21 151552 C:\WINDOWS\system32\livodljl.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Automation Anywhere Event Monitor.lnk]
backup=C:\WINDOWS\pss\Automation Anywhere Event Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Automation Anywhere Hotkeys.lnk]
backup=C:\WINDOWS\pss\Automation Anywhere Hotkeys.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoBoingo]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\Symantec\\Backup Exec\\RAWS\\beremote.exe"=
"C:\\Program Files\\Symantec\\Backup Exec\\RAWS\\vxmon.exe"=
"C:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Hummingbird\\Connectivity\\8.00\\Exceed\\exceed.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 VSP;Volume Snapshot Provider;C:\WINDOWS\system32\DRIVERS\vsp.sys [2006-05-04 16:16]
R2 SesamService;Sesam Control Service;"C:\Program Files\Telenor\Mobile Broadband\Sesam\BIN\SecMIPService.exe" [2007-11-27 17:30]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 13:00]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
R3 NWADI;NWADI Bus Enumerator;C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2006-06-13 23:56]
R3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2006-06-30 10:08]
R3 TSWLAN;TsWlan Packet Driver;C:\WINDOWS\system32\drivers\TsWlan.sys [2007-11-21 11:06]
R3 WtSmpFlt;Sesam Adapter;C:\WINDOWS\system32\DRIVERS\wtsmpflt.sys [2007-10-26 16:01]
S2 64c3319a;Microsoft DDE+ server;C:\WINDOWS\system32\.64c3319a\64c3319a.exe []

S2 ddnt;ddnt;C:\WINDOWS\system32\drivers\ddnt.sys [2008-02-19 18:07]
S3 Automation Anywhere Service 4.5;Automation Anywhere Service 4.5;C:\Program Files\Automation Anywhere 4.5\Automation Anywhere Service.exe [2008-01-09 19:31]
S3 FORAN Flex;FORAN Flex;C:\FORAN\foran_license\lmgrd.exe [2006-10-12 14:16]
S3 G3GRSC;G3G R Smart Card;C:\WINDOWS\system32\DRIVERS\g3grsc.sys [2006-11-02 11:08]
S3 G3GRUMDM;G3G R USB Modem;C:\WINDOWS\system32\DRIVERS\g3grumdm.sys [2006-11-02 11:08]
S3 G3GRUSER;G3G R USB Serial;C:\WINDOWS\system32\DRIVERS\g3gruser.sys [2006-11-02 11:08]
S3 GTMM Device Service;GTMM Device Service;"C:\Program Files\Telenor\Mobile Broadband\GtmmDeviceService.exe" [2008-01-15 15:54]
S3 MsDtsServer;SQL Server Integration Services;"C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe" [2007-03-03 22:12]
S3 OracleOracle9iServerAgent;OracleOracle9iServerAgent;C:\oracle\Oracle9iServer\bin\agntsrvc.exe [2004-10-20 05:34]
S3 OracleOracle9iServerClientCache;OracleOracle9iServerClientCache;C:\oracle\Oracle9iServer\BIN\ONRSD.EXE [2004-10-13 10:55]
S3 OracleOracle9iServerHTTPServer;OracleOracle9iServerHTTPServer;"C:\oracle\Oracle9iServer\Apache\Apache\apache.exe" --ntservice []
S3 OracleOracle9iServerPagingServer;OracleOracle9iServerPagingServer;C:\oracle\Oracle9iServer/bin/pagntsrv.exe [2002-08-20 22:47]
S3 OracleOracle9iServerSNMPPeerEncapsulator;OracleOracle9iServerSNMPPeerEncapsulator;C:\oracle\Oracle9iServer\BIN\ENCSVC.EXE [2004-10-20 05:36]
S3 OracleOracle9iServerSNMPPeerMasterAgent;OracleOracle9iServerSNMPPeerMasterAgent;C:\oracle\Oracle9iServer\BIN\AGNTSVC.EXE [2004-10-20 05:36]
S3 OracleServiceFORAN61;OracleServiceFORAN61;c:\oracle\oracle9iserver\bin\ORACLE.EXE FORAN61 []
S3 ReportServer;SQL Server Reporting Services (MSSQLSERVER);"C:\Program Files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe" [2007-03-03 22:09]
S3 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2005-10-14 03:53]
S3 USBKey;USB Security Key;C:\WINDOWS\system32\DRIVERS\usbkey.sys [2007-11-13 11:06]
S3 VSPerfDrv;Performance Tools Driver;C:\Program Files\Microsoft Visual Studio 8\Team Tools\Performance Tools\VSPerfDrv.sys [2005-09-23 01:42]
S3 W8100PCI;Marvell Libertas 802.11b/g Driver for Windows XP;C:\WINDOWS\system32\DRIVERS\mrv8k51.sys [2006-10-24 10:54]
S3 wtsmpadap;Sesam Virtual Adapter;C:\WINDOWS\system32\DRIVERS\wtsmpadap.sys [2007-10-26 16:01]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{781d8508-a3e4-11dc-b5d7-001641b74ee7}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-03-25 19:36:11 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-03-22 13:53:59 C:\WINDOWS\Tasks\Timeliste.job"
- C:\Documents and Settings\RAA\My Documents\regnskap\Timelister\2008\Runar\Timer0208.xls
"2008-03-19 08:49:58 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-03-19 08:49:52 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-03-19 09:15:51 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-25 20:46:12
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\msftesql]
"ImagePath"="\"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\OracleOracle9iServerPagingServer]
"ImagePath"="C:\oracle\Oracle9iServer/bin/pagntsrv.exe"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\livodljl.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\TortoiseSVN\iconv\_tbl_simple.so
-> C:\Program Files\TortoiseSVN\iconv\windows-1252.so
-> C:\Program Files\TortoiseSVN\iconv\utf-8.so
-> C:\WINDOWS\system32\livodljl.dll
.
Completion time: 2008-03-25 20:49:18
ComboFix-quarantined-files.txt 2008-03-25 19:49:14
.
2008-03-25 19:31:40 --- E O F ---
View User's Profile View All Posts By User
RAA
New User
*




Posts: 8
Registered: 3-4-2008
Theme: KF Blue (Default)
Member Is Offline

Mood: No Mood

[*] Post 329212 posted on 7-4-2008 at 19:25 Reply With Quote
Hi jack this Please pancake



Ok, I see. If it is easy for you to split my thread then please do. Thanks!
View User's Profile View All Posts By User
Post new thread Poll:

Guest Notice
You are a guest, as a guest you can only see a maximum of 3 posts per thread.

If you want to see the rest, please click here to register.