cgerber1356
asked on
TROJ_SMALL.INV causeing BSOD
I have a windows xp box that has at least two viruses Trend Micro reports ADW_ULTIMATEDEZ and TROJ_SMALL.INV it reports that the files are deleted but every reboot they show up again. computer gets a bsod shortly after Trend Micro gives its report. I am running XP SP2. below is the hijackthis log file. Please help
Logfile of HijackThis v1.99.1
Scan saved at 6:34:43 PM, on 10/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\nslsvi ce.exe
C:\WINDOWS\system32\ibmpms vc.exe
C:\WINDOWS\system32\Ati2ev xx.exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\system32\S24EvM on.exe
C:\WINDOWS\system32\spools v.exe
C:\Program Files\ThinkPad\ConnectUtil ities\AcPr fMgrSvc.ex e
C:\Program Files\BigFix Enterprise\BES Client\BesClient.exe
C:\Program Files\ISS\Proventia Desktop\blackd.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Fiberlink\Extend360\ FLUtilsSvc .exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\_svcho st.exe
C:\Program Files\lotus\notes\ntmulti. exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\ISS\Proventia Desktop\RapApp.exe
C:\WINDOWS\system32\RegSrv c.exe
C:\Program Files\SpywareDetector\SDSe rvice.exe
C:\Program Files\Fiberlink\Extend360\ ServiceMgr .exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.e xe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\System32\TPHDEX LG.exe
C:\WINDOWS\system32\TpKmpS VC.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvt sched.exe
C:\Program Files\ISS\Proventia Desktop\vpatch.exe
C:\Program Files\RealVNC\WinVNC.EXE
C:\Program Files\ThinkPad\ConnectUtil ities\AcSv c.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\TEMP\GU9F50.EXE
C:\WINDOWS\system32\acs.ex e
C:\Program Files\ThinkPad\ConnectUtil ities\SvcG uiHlpr.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\system32\Ati2ev xx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP. exe
C:\Program Files\Synaptics\SynTP\SynT PLpr.exe
C:\Program Files\Synaptics\SynTP\SynT PEnh.exe
C:\PROGRA~1\ThinkPad\UTILI T~1\EzEjMn Ap.Exe
C:\WINDOWS\system32\TpShoc ks.exe
C:\Program Files\Fiberlink\Extend360\ e360SysTra y.exe
C:\Program Files\mobile PhoneTools\WatchDog.exe
C:\Program Files\Common Files\Lenovo\Scheduler\sch eduler_pro xy.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDS VC.exe
C:\WINDOWS\system32\RunDll 32.exe
C:\WINDOWS\system32\rundll 32.exe
C:\Program Files\ThinkPad\ConnectUtil ities\ACTr ay.exe
C:\Program Files\ThinkPad\ConnectUtil ities\ACWL Icon.exe
C:\WINDOWS\system32\_svcho st.exe
C:\WINDOWS\vmmreg32.exe
C:\WINDOWS\system32\rundll 32.exe
C:\Program Files\SecCenter\scprot4.ex e
C:\Program Files\Mwfjoete\wuhtsizo.ex e
C:\WINDOWS\tsitra801.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\Program Files\SpywareDetector\SDSy stemTray.e xe
C:\Program Files\Lenovo\HOTKEY\TPONSC R.exe
C:\Program Files\Lenovo\Zoom\TpScrex. exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\PrintKey2000\Printke y2000.exe
C:\WINDOWS\system32\wbem\c srss.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\pcsetup\Desktop\A ntiSpyware \hijackthi s\HijackTh is.exe
R1 - HKCU\Software\Microsoft\In ternet Connection Wizard,ShellNext = http://bbgapp13.brunswickboatgroup.com/officescan
R1 - HKCU\Software\Microsoft\Wi ndows\Curr entVersion \Internet Settings,ProxyServer = bcproxy:8080
R1 - HKCU\Software\Microsoft\Wi ndows\Curr entVersion \Internet Settings,ProxyOverride = 172.20.*.*;10.*.*.*;bbgweb 08*;<local >
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-7 84B7D6BE0B 3} - C:\Program Files\Common Files\Adobe\Acrobat\Active X\AcroIEHe lper.dll
O2 - BHO: (no name) - {48291E74-0979-EB5A-3A45-0 63AC20662C 1} - C:\Program Files\Thwsihxs\qlygjrux.dl l
O2 - BHO: Her - {971D5B7B-F7DF-43ee-B771-6 B7FA09975C 3} - C:\WINDOWS\system32\sipov. dll
O2 - BHO: CBho Class - {F369DA09-FADE-44CB-987F-E 2E0DEF51BC A} - C:\WINDOWS\system32\pgd.dl l (file missing)
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP. exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynT PLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynT PEnh.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILI T~1\EzEjMn Ap.Exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [e360SysTray] C:\Program Files\Fiberlink\Extend360\ e360SysTra y.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_12\bi n\jusched. exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\sch eduler_pro xy.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDS VC.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\T pKmapAp.ex e -helper
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILI T~1\pwrmon it.dll,Sta rtPwrMonit or
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\B MMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILI T~1\BatInf Ex.dll,BMM AutonomicM onitor
O4 - HKLM\..\Run: [BLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILI T~1\BatLog Ex.DLL,Sta rtBattLog
O4 - HKLM\..\Run: [ACTRAY] C:\Program Files\ThinkPad\ConnectUtil ities\ACTr ay.exe
O4 - HKLM\..\Run: [ACWLICON] C:\Program Files\ThinkPad\ConnectUtil ities\ACWL Icon.exe
O4 - HKLM\..\Run: [Microsoft Internet Explorer] C:\WINDOWS\system32\_svcho st.exe
O4 - HKLM\..\Run: [Intel] C:\WINDOWS\vmmreg32.exe
O4 - HKLM\..\Run: [dexidepm] rundll32.exe "C:\Program Files\dexidepm\xorevsbe.dl l",Init
O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.ex e
O4 - HKLM\..\Run: [wuhtsizo] C:\Program Files\Mwfjoete\wuhtsizo.ex e
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\tsitra801.exe 61A847B5BBF7281A329A284503 996897C881 250221C867 0836AC4FA7 C883320174 9139
O4 - HKLM\..\Run: [SystemTraySD] C:\Program Files\SpywareDetector\SDSy stemTray.e xe -AUTO
O4 - HKLM\..\Run: [SDAutoLiveupdate] C:\Program Files\SpywareDetector\Live UpdateSD.e xe -AUTO
O4 - HKLM\..\Run: [csrss] C:\WINDOWS\system32\wbem\c srss.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printke y2000.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2 \OFFICE11\ EXCEL.EXE/ 3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0 0401C60850 1} - C:\Program Files\Java\j2re1.4.2_12\bi n\npjpi142 _12.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0 0401C60850 1} - C:\Program Files\Java\j2re1.4.2_12\bi n\npjpi142 _12.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3 C9C571A826 3} - C:\PROGRA~1\MICROS~2\OFFIC E11\REFIEB AR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f 2ba3849658 3} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f 2ba3849658 3} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00134F72-5284-44F7-95A8-5 2A619F7075 1} (ObjWinNTCheck Class) - https://bbgapp13.brunswickboatgroup.com/officescan/console/ClientInstall/WinNTChk.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0 E3A5CAA8CD 8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0 080C859833 B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - https://bbgapp13.brunswickboatgroup.com/officescan/console/ClientInstall/setupini.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0 080C859833 B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://bbgapp13.brunswickboatgroup.com/officescan/console/ClientInstall/setup.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8 226143CFC0 A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2DAD3559-2923-4935-AD49-B 673D253994 4} (IASRunner Class) - https://www-307.ibm.com/pc/support/access/aslibmain/content/AcpIR.cab
O16 - DPF: {35C3D91E-401A-4E45-88A5-F 3B32CD72DF 4} (Encrypt Class) - https://bbgapp13.brunswickboatgroup.com/officescan/console/html/AtxEnc.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-0 0A024A5132 5} (iNotes6 Class) - http://bbgmail02.brunswickboatgroup.com/iNotes6W.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0 080C859833 B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://bbgapp13.brunswickboatgroup.com/officescan/console/ClientInstall/RemoveCtrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-F CFDF33E833 C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1183493860826
O16 - DPF: {6E32070A-766D-4EE6-879C-D C1FA91D2FC 3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183504129978
O16 - DPF: {74FFE28D-2378-11D5-990C-0 0609423508 4} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O20 - AppInit_DLLs: taskkill.dll
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANot ify.dll
O20 - Winlogon Notify: psfus - C:\WINDOWS\system32\psqlpw d.dll
O20 - Winlogon Notify: SDNotify - C:\Program Files\SpywareDetector\SDNo tify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLog on.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-9 4D524869DB 5} - C:\WINDOWS\system32\WPDShS erviceObj. dll
O21 - SSODL: dDmkZaW - {F8D7B04C-527D-1AE6-C8D7-3 658C601DAF 8} - C:\WINDOWS\system32\rj.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtil ities\AcPr fMgrSvc.ex e
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.ex e
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtil ities\AcSv c.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2ev xx.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\ awhost32.e xe
O23 - Service: Extend360 Enforcement Agent (BESClient) - BigFix Inc. - C:\Program Files\BigFix Enterprise\BES Client\BesClient.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\Proventia Desktop\blackd.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Fiberlinkcomm Wireless Engine - Unknown owner - C:\Program Files\Fiberlink\Extend360\ WENGINE2\B WEngine.ex e
O23 - Service: Fiberlinkcomm WMonitor - Boingo Wireless, Inc. - C:\Program Files\Fiberlink\Extend360\ WENGINE2\W Monitor.ex e
O23 - Service: System Connect Util Service (FLUtilsSvc) - Fiberlink Communications Corp. - C:\Program Files\Fiberlink\Extend360\ FLUtilsSvc .exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpms vc.exe
O23 - Service: Lotus Notes Single Logon - IBM Corp - C:\WINDOWS\system32\nslsvi ce.exe
O23 - Service: Microsoft Internet Explorer - Unknown owner - C:\WINDOWS\system32\_svcho st.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti. exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\Proventia Desktop\RapApp.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrv c.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvM on.exe
O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDSe rvice.exe
O23 - Service: Extend360 Agent (ServiceMgr) - Fiberlink Communications Corp. - C:\Program Files\Fiberlink\Extend360\ ServiceMgr .exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.e xe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEX LG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpS VC.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvt sched.exe
O23 - Service: ISS Buffer Overflow Exploit Prevention (VPatch) - Internet Security Systems, Inc. - C:\Program Files\ISS\Proventia Desktop\vpatch.exe
O23 - Service: Virtual Network Computing (WinVNC) - Unknown owner - C:\Program Files\RealVNC\WinVNC.EXE" -service (file missing)
Logfile of HijackThis v1.99.1
Scan saved at 6:34:43 PM, on 10/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\nslsvi
C:\WINDOWS\system32\ibmpms
C:\WINDOWS\system32\Ati2ev
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\S24EvM
C:\WINDOWS\system32\spools
C:\Program Files\ThinkPad\ConnectUtil
C:\Program Files\BigFix Enterprise\BES Client\BesClient.exe
C:\Program Files\ISS\Proventia Desktop\blackd.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Fiberlink\Extend360\
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\_svcho
C:\Program Files\lotus\notes\ntmulti.
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\ISS\Proventia Desktop\RapApp.exe
C:\WINDOWS\system32\RegSrv
C:\Program Files\SpywareDetector\SDSe
C:\Program Files\Fiberlink\Extend360\
C:\Program Files\Analog Devices\SoundMAX\SMAgent.e
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\System32\TPHDEX
C:\WINDOWS\system32\TpKmpS
C:\Program Files\Common Files\Lenovo\Scheduler\tvt
C:\Program Files\ISS\Proventia Desktop\vpatch.exe
C:\Program Files\RealVNC\WinVNC.EXE
C:\Program Files\ThinkPad\ConnectUtil
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\TEMP\GU9F50.EXE
C:\WINDOWS\system32\acs.ex
C:\Program Files\ThinkPad\ConnectUtil
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\Ati2ev
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.
C:\Program Files\Synaptics\SynTP\SynT
C:\Program Files\Synaptics\SynTP\SynT
C:\PROGRA~1\ThinkPad\UTILI
C:\WINDOWS\system32\TpShoc
C:\Program Files\Fiberlink\Extend360\
C:\Program Files\mobile PhoneTools\WatchDog.exe
C:\Program Files\Common Files\Lenovo\Scheduler\sch
C:\Program Files\Lenovo\HOTKEY\TPOSDS
C:\WINDOWS\system32\RunDll
C:\WINDOWS\system32\rundll
C:\Program Files\ThinkPad\ConnectUtil
C:\Program Files\ThinkPad\ConnectUtil
C:\WINDOWS\system32\_svcho
C:\WINDOWS\vmmreg32.exe
C:\WINDOWS\system32\rundll
C:\Program Files\SecCenter\scprot4.ex
C:\Program Files\Mwfjoete\wuhtsizo.ex
C:\WINDOWS\tsitra801.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\Program Files\SpywareDetector\SDSy
C:\Program Files\Lenovo\HOTKEY\TPONSC
C:\Program Files\Lenovo\Zoom\TpScrex.
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\PrintKey2000\Printke
C:\WINDOWS\system32\wbem\c
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\pcsetup\Desktop\A
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\Wi
R1 - HKCU\Software\Microsoft\Wi
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {48291E74-0979-EB5A-3A45-0
O2 - BHO: Her - {971D5B7B-F7DF-43ee-B771-6
O2 - BHO: CBho Class - {F369DA09-FADE-44CB-987F-E
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynT
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynT
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILI
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [e360SysTray] C:\Program Files\Fiberlink\Extend360\
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_12\bi
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\sch
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDS
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\T
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILI
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\B
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILI
O4 - HKLM\..\Run: [BLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILI
O4 - HKLM\..\Run: [ACTRAY] C:\Program Files\ThinkPad\ConnectUtil
O4 - HKLM\..\Run: [ACWLICON] C:\Program Files\ThinkPad\ConnectUtil
O4 - HKLM\..\Run: [Microsoft Internet Explorer] C:\WINDOWS\system32\_svcho
O4 - HKLM\..\Run: [Intel] C:\WINDOWS\vmmreg32.exe
O4 - HKLM\..\Run: [dexidepm] rundll32.exe "C:\Program Files\dexidepm\xorevsbe.dl
O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.ex
O4 - HKLM\..\Run: [wuhtsizo] C:\Program Files\Mwfjoete\wuhtsizo.ex
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\tsitra801.exe 61A847B5BBF7281A329A284503
O4 - HKLM\..\Run: [SystemTraySD] C:\Program Files\SpywareDetector\SDSy
O4 - HKLM\..\Run: [SDAutoLiveupdate] C:\Program Files\SpywareDetector\Live
O4 - HKLM\..\Run: [csrss] C:\WINDOWS\system32\wbem\c
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printke
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O16 - DPF: {00134F72-5284-44F7-95A8-5
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0
O16 - DPF: {215B8138-A3CF-44C5-803F-8
O16 - DPF: {2DAD3559-2923-4935-AD49-B
O16 - DPF: {35C3D91E-401A-4E45-88A5-F
O16 - DPF: {3BFFE033-BF43-11D5-A271-0
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0
O16 - DPF: {6414512B-B978-451D-A0D8-F
O16 - DPF: {6E32070A-766D-4EE6-879C-D
O16 - DPF: {74FFE28D-2378-11D5-990C-0
O20 - AppInit_DLLs: taskkill.dll
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANot
O20 - Winlogon Notify: psfus - C:\WINDOWS\system32\psqlpw
O20 - Winlogon Notify: SDNotify - C:\Program Files\SpywareDetector\SDNo
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLog
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-9
O21 - SSODL: dDmkZaW - {F8D7B04C-527D-1AE6-C8D7-3
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtil
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.ex
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtil
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2ev
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\
O23 - Service: Extend360 Enforcement Agent (BESClient) - BigFix Inc. - C:\Program Files\BigFix Enterprise\BES Client\BesClient.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\Proventia Desktop\blackd.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Fiberlinkcomm Wireless Engine - Unknown owner - C:\Program Files\Fiberlink\Extend360\
O23 - Service: Fiberlinkcomm WMonitor - Boingo Wireless, Inc. - C:\Program Files\Fiberlink\Extend360\
O23 - Service: System Connect Util Service (FLUtilsSvc) - Fiberlink Communications Corp. - C:\Program Files\Fiberlink\Extend360\
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpms
O23 - Service: Lotus Notes Single Logon - IBM Corp - C:\WINDOWS\system32\nslsvi
O23 - Service: Microsoft Internet Explorer - Unknown owner - C:\WINDOWS\system32\_svcho
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\Proventia Desktop\RapApp.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrv
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvM
O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDSe
O23 - Service: Extend360 Agent (ServiceMgr) - Fiberlink Communications Corp. - C:\Program Files\Fiberlink\Extend360\
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.e
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEX
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpS
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvt
O23 - Service: ISS Buffer Overflow Exploit Prevention (VPatch) - Internet Security Systems, Inc. - C:\Program Files\ISS\Proventia Desktop\vpatch.exe
O23 - Service: Virtual Network Computing (WinVNC) - Unknown owner - C:\Program Files\RealVNC\WinVNC.EXE" -service (file missing)
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Not sure if the tool has been updated recently, but you can also try running it.
Download WinKRootKitRemover to your desktop.
http://secured2k.home.comcast.net/tools/WinKRootKitRemover.exe
Double-click the icon to open the program
Then, click RUN and then START
Save the log it creates to your desktop.
Follow the prompts and reboot when necessary (your system will reboot twice; this is normal).
When the tool is finished, please post the contents of the log here along with a new HijackThis log please.
Download WinKRootKitRemover to your desktop.
http://secured2k.home.comcast.net/tools/WinKRootKitRemover.exe
Double-click the icon to open the program
Then, click RUN and then START
Save the log it creates to your desktop.
Follow the prompts and reboot when necessary (your system will reboot twice; this is normal).
When the tool is finished, please post the contents of the log here along with a new HijackThis log please.
ASKER
IndiGenus,
I am running antivirus "Trend Micro's Officescan" (how good it is I can't say but alo this is not of my choice). I ran ComboFix and my bsod went away but Officescan still found 4 virus after reboot
2 "ADW_ULTIMATEDEZ"
2 "TROJ_SMALL.INV"
rpggamergirl,
I had no restorepoints prior to running ComboFix.Removed bad folders, fixed proplem you instructed, don't know what do do about the bad files. I didn't run Prevx2 (they want $24 and I dont feel comtfull useing my credit card on this infeted computer), I ran Superantispyware and fixed all problems it foound. then ran WinKRootKITRemover.exe which couldnt find the service to remove. When I ran hijackthis for a log there were 20 more 02-BHO-(no name)-{ } which I fixed and restarted. How can I tell that my computer is clean?
below are last log files
WinKRootKit.txt
10/07/2007, 13:44:53 - Starting Process
10/07/2007, 13:44:53 - Could not detect the service installed. Nothing else to do!
Logfile of HijackThis v1.99.1
Scan saved at 14:20, on 2007-10-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\nslsvi ce.exe
C:\WINDOWS\system32\ibmpms vc.exe
C:\WINDOWS\system32\Ati2ev xx.exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\system32\S24EvM on.exe
C:\WINDOWS\system32\spools v.exe
C:\Program Files\ThinkPad\ConnectUtil ities\AcPr fMgrSvc.ex e
C:\Program Files\BigFix Enterprise\BES Client\BesClient.exe
C:\Program Files\ISS\Proventia Desktop\blackd.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Fiberlink\Extend360\ FLUtilsSvc .exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\lotus\notes\ntmulti. exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\ISS\Proventia Desktop\RapApp.exe
C:\WINDOWS\system32\RegSrv c.exe
C:\Program Files\Fiberlink\Extend360\ ServiceMgr .exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.e xe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\System32\TPHDEX LG.exe
C:\WINDOWS\system32\TpKmpS VC.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvt sched.exe
C:\Program Files\ISS\Proventia Desktop\vpatch.exe
C:\Program Files\RealVNC\WinVNC.EXE
C:\Program Files\ThinkPad\ConnectUtil ities\AcSv c.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\TEMP\JND4AE.EXE
C:\WINDOWS\system32\acs.ex e
C:\Program Files\ThinkPad\ConnectUtil ities\SvcG uiHlpr.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\system32\Ati2ev xx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP. exe
C:\Program Files\Synaptics\SynTP\SynT PLpr.exe
C:\Program Files\Synaptics\SynTP\SynT PEnh.exe
C:\PROGRA~1\ThinkPad\UTILI T~1\EzEjMn Ap.Exe
C:\WINDOWS\system32\TpShoc ks.exe
C:\Program Files\Fiberlink\Extend360\ e360SysTra y.exe
C:\Program Files\mobile PhoneTools\WatchDog.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Lenovo\Scheduler\sch eduler_pro xy.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDS VC.exe
C:\WINDOWS\system32\RunDll 32.exe
C:\WINDOWS\system32\rundll 32.exe
C:\Program Files\ThinkPad\ConnectUtil ities\ACTr ay.exe
C:\Program Files\ThinkPad\ConnectUtil ities\ACWL Icon.exe
C:\WINDOWS\system32\rundll 32.exe
C:\Program Files\Vrnwlwzd\lsgcsjhh.ex e
C:\Program Files\SUPERAntiSpyware\SUP ERAntiSpyw are.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\PrintKey2000\Printke y2000.exe
C:\Program Files\Lenovo\HOTKEY\TPONSC R.exe
C:\Program Files\Lenovo\Zoom\TpScrex. exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\pcsetup\Desktop\A ntiSpyware \hijackthi s\HijackTh is.exe
R1 - HKCU\Software\Microsoft\In ternet Connection Wizard,ShellNext = http://bbgapp13.brunswickboatgroup.com/officescan
R1 - HKCU\Software\Microsoft\Wi ndows\Curr entVersion \Internet Settings,ProxyServer = bcproxy:8080
R1 - HKCU\Software\Microsoft\Wi ndows\Curr entVersion \Internet Settings,ProxyOverride = 172.20.*.*;10.*.*.*;bbgweb 08*;<local >
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-7 84B7D6BE0B 3} - C:\Program Files\Common Files\Adobe\Acrobat\Active X\AcroIEHe lper.dll
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP. exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe " /tray
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynT PLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynT PEnh.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILI T~1\EzEjMn Ap.Exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [e360SysTray] C:\Program Files\Fiberlink\Extend360\ e360SysTra y.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_12\bi n\jusched. exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\sch eduler_pro xy.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDS VC.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\T pKmapAp.ex e -helper
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILI T~1\pwrmon it.dll,Sta rtPwrMonit or
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\B MMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILI T~1\BatInf Ex.dll,BMM AutonomicM onitor
O4 - HKLM\..\Run: [BLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILI T~1\BatLog Ex.DLL,Sta rtBattLog
O4 - HKLM\..\Run: [ACTRAY] C:\Program Files\ThinkPad\ConnectUtil ities\ACTr ay.exe
O4 - HKLM\..\Run: [ACWLICON] C:\Program Files\ThinkPad\ConnectUtil ities\ACWL Icon.exe
O4 - HKLM\..\Run: [cpuhirch] rundll32.exe "C:\Program Files\cpuhirch\ormvspal.dl l",Init
O4 - HKLM\..\Run: [lsgcsjhh] C:\Program Files\Vrnwlwzd\lsgcsjhh.ex e
O4 - HKLM\..\Run: [gvhtjhkp] C:\Program Files\Lmhdcsyz\gvhtjhkp.ex e
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUP ERAntiSpyw are.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printke y2000.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2 \OFFICE11\ EXCEL.EXE/ 3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0 0401C60850 1} - C:\Program Files\Java\j2re1.4.2_12\bi n\npjpi142 _12.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0 0401C60850 1} - C:\Program Files\Java\j2re1.4.2_12\bi n\npjpi142 _12.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3 C9C571A826 3} - C:\PROGRA~1\MICROS~2\OFFIC E11\REFIEB AR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f 2ba3849658 3} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f 2ba3849658 3} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00134F72-5284-44F7-95A8-5 2A619F7075 1} (ObjWinNTCheck Class) - https://bbgapp13.brunswickboatgroup.com/officescan/console/ClientInstall/WinNTChk.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0 E3A5CAA8CD 8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0 080C859833 B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - https://bbgapp13.brunswickboatgroup.com/officescan/console/ClientInstall/setupini.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0 080C859833 B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://bbgapp13.brunswickboatgroup.com/officescan/console/ClientInstall/setup.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8 226143CFC0 A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2DAD3559-2923-4935-AD49-B 673D253994 4} (IASRunner Class) - https://www-307.ibm.com/pc/support/access/aslibmain/content/AcpIR.cab
O16 - DPF: {35C3D91E-401A-4E45-88A5-F 3B32CD72DF 4} (Encrypt Class) - https://bbgapp13.brunswickboatgroup.com/officescan/console/html/AtxEnc.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-0 0A024A5132 5} (iNotes6 Class) - http://bbgmail02.brunswickboatgroup.com/iNotes6W.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0 080C859833 B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://bbgapp13.brunswickboatgroup.com/officescan/console/ClientInstall/RemoveCtrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-F CFDF33E833 C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1183493860826
O16 - DPF: {6E32070A-766D-4EE6-879C-D C1FA91D2FC 3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183504129978
O16 - DPF: {74FFE28D-2378-11D5-990C-0 0609423508 4} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SAS WINLO.dll
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANot ify.dll
O20 - Winlogon Notify: psfus - C:\WINDOWS\system32\psqlpw d.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLog on.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-9 4D524869DB 5} - C:\WINDOWS\system32\WPDShS erviceObj. dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtil ities\AcPr fMgrSvc.ex e
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.ex e
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtil ities\AcSv c.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2ev xx.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\ awhost32.e xe
O23 - Service: Extend360 Enforcement Agent (BESClient) - BigFix Inc. - C:\Program Files\BigFix Enterprise\BES Client\BesClient.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\Proventia Desktop\blackd.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Fiberlinkcomm Wireless Engine - Unknown owner - C:\Program Files\Fiberlink\Extend360\ WENGINE2\B WEngine.ex e
O23 - Service: Fiberlinkcomm WMonitor - Boingo Wireless, Inc. - C:\Program Files\Fiberlink\Extend360\ WENGINE2\W Monitor.ex e
O23 - Service: System Connect Util Service (FLUtilsSvc) - Fiberlink Communications Corp. - C:\Program Files\Fiberlink\Extend360\ FLUtilsSvc .exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpms vc.exe
O23 - Service: Lotus Notes Single Logon - IBM Corp - C:\WINDOWS\system32\nslsvi ce.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti. exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\Proventia Desktop\RapApp.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrv c.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvM on.exe
O23 - Service: Extend360 Agent (ServiceMgr) - Fiberlink Communications Corp. - C:\Program Files\Fiberlink\Extend360\ ServiceMgr .exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.e xe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEX LG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpS VC.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvt sched.exe
O23 - Service: ISS Buffer Overflow Exploit Prevention (VPatch) - Internet Security Systems, Inc. - C:\Program Files\ISS\Proventia Desktop\vpatch.exe
O23 - Service: Virtual Network Computing (WinVNC) - Unknown owner - C:\Program Files\RealVNC\WinVNC.EXE" -service (file missing)
I am running antivirus "Trend Micro's Officescan" (how good it is I can't say but alo this is not of my choice). I ran ComboFix and my bsod went away but Officescan still found 4 virus after reboot
2 "ADW_ULTIMATEDEZ"
2 "TROJ_SMALL.INV"
rpggamergirl,
I had no restorepoints prior to running ComboFix.Removed bad folders, fixed proplem you instructed, don't know what do do about the bad files. I didn't run Prevx2 (they want $24 and I dont feel comtfull useing my credit card on this infeted computer), I ran Superantispyware and fixed all problems it foound. then ran WinKRootKITRemover.exe which couldnt find the service to remove. When I ran hijackthis for a log there were 20 more 02-BHO-(no name)-{ } which I fixed and restarted. How can I tell that my computer is clean?
below are last log files
WinKRootKit.txt
10/07/2007, 13:44:53 - Starting Process
10/07/2007, 13:44:53 - Could not detect the service installed. Nothing else to do!
Logfile of HijackThis v1.99.1
Scan saved at 14:20, on 2007-10-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\nslsvi
C:\WINDOWS\system32\ibmpms
C:\WINDOWS\system32\Ati2ev
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\S24EvM
C:\WINDOWS\system32\spools
C:\Program Files\ThinkPad\ConnectUtil
C:\Program Files\BigFix Enterprise\BES Client\BesClient.exe
C:\Program Files\ISS\Proventia Desktop\blackd.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Fiberlink\Extend360\
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\lotus\notes\ntmulti.
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\ISS\Proventia Desktop\RapApp.exe
C:\WINDOWS\system32\RegSrv
C:\Program Files\Fiberlink\Extend360\
C:\Program Files\Analog Devices\SoundMAX\SMAgent.e
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\System32\TPHDEX
C:\WINDOWS\system32\TpKmpS
C:\Program Files\Common Files\Lenovo\Scheduler\tvt
C:\Program Files\ISS\Proventia Desktop\vpatch.exe
C:\Program Files\RealVNC\WinVNC.EXE
C:\Program Files\ThinkPad\ConnectUtil
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\TEMP\JND4AE.EXE
C:\WINDOWS\system32\acs.ex
C:\Program Files\ThinkPad\ConnectUtil
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\Ati2ev
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.
C:\Program Files\Synaptics\SynTP\SynT
C:\Program Files\Synaptics\SynTP\SynT
C:\PROGRA~1\ThinkPad\UTILI
C:\WINDOWS\system32\TpShoc
C:\Program Files\Fiberlink\Extend360\
C:\Program Files\mobile PhoneTools\WatchDog.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Lenovo\Scheduler\sch
C:\Program Files\Lenovo\HOTKEY\TPOSDS
C:\WINDOWS\system32\RunDll
C:\WINDOWS\system32\rundll
C:\Program Files\ThinkPad\ConnectUtil
C:\Program Files\ThinkPad\ConnectUtil
C:\WINDOWS\system32\rundll
C:\Program Files\Vrnwlwzd\lsgcsjhh.ex
C:\Program Files\SUPERAntiSpyware\SUP
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\PrintKey2000\Printke
C:\Program Files\Lenovo\HOTKEY\TPONSC
C:\Program Files\Lenovo\Zoom\TpScrex.
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\pcsetup\Desktop\A
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\Wi
R1 - HKCU\Software\Microsoft\Wi
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-7
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynT
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynT
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILI
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [e360SysTray] C:\Program Files\Fiberlink\Extend360\
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_12\bi
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\sch
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDS
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\T
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILI
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\B
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILI
O4 - HKLM\..\Run: [BLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILI
O4 - HKLM\..\Run: [ACTRAY] C:\Program Files\ThinkPad\ConnectUtil
O4 - HKLM\..\Run: [ACWLICON] C:\Program Files\ThinkPad\ConnectUtil
O4 - HKLM\..\Run: [cpuhirch] rundll32.exe "C:\Program Files\cpuhirch\ormvspal.dl
O4 - HKLM\..\Run: [lsgcsjhh] C:\Program Files\Vrnwlwzd\lsgcsjhh.ex
O4 - HKLM\..\Run: [gvhtjhkp] C:\Program Files\Lmhdcsyz\gvhtjhkp.ex
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUP
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printke
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O16 - DPF: {00134F72-5284-44F7-95A8-5
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0
O16 - DPF: {215B8138-A3CF-44C5-803F-8
O16 - DPF: {2DAD3559-2923-4935-AD49-B
O16 - DPF: {35C3D91E-401A-4E45-88A5-F
O16 - DPF: {3BFFE033-BF43-11D5-A271-0
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0
O16 - DPF: {6414512B-B978-451D-A0D8-F
O16 - DPF: {6E32070A-766D-4EE6-879C-D
O16 - DPF: {74FFE28D-2378-11D5-990C-0
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SAS
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANot
O20 - Winlogon Notify: psfus - C:\WINDOWS\system32\psqlpw
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLog
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-9
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtil
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.ex
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtil
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2ev
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\
O23 - Service: Extend360 Enforcement Agent (BESClient) - BigFix Inc. - C:\Program Files\BigFix Enterprise\BES Client\BesClient.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\Proventia Desktop\blackd.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Fiberlinkcomm Wireless Engine - Unknown owner - C:\Program Files\Fiberlink\Extend360\
O23 - Service: Fiberlinkcomm WMonitor - Boingo Wireless, Inc. - C:\Program Files\Fiberlink\Extend360\
O23 - Service: System Connect Util Service (FLUtilsSvc) - Fiberlink Communications Corp. - C:\Program Files\Fiberlink\Extend360\
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpms
O23 - Service: Lotus Notes Single Logon - IBM Corp - C:\WINDOWS\system32\nslsvi
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\Proventia Desktop\RapApp.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrv
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvM
O23 - Service: Extend360 Agent (ServiceMgr) - Fiberlink Communications Corp. - C:\Program Files\Fiberlink\Extend360\
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.e
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEX
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpS
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvt
O23 - Service: ISS Buffer Overflow Exploit Prevention (VPatch) - Internet Security Systems, Inc. - C:\Program Files\ISS\Proventia Desktop\vpatch.exe
O23 - Service: Virtual Network Computing (WinVNC) - Unknown owner - C:\Program Files\RealVNC\WinVNC.EXE" -service (file missing)
ASKER
Here are the Viruses that Officescan found on a scan of the computer I am going to try to remove these as Officescan instructs it says that they are quarranteed
TROJ_XORPIX.CF
TROJ_SMALL.INV
TROJ_AGENT.WNQ
TROJ_BHO.JM
Possible_Strat-6
Possible_Strat-6
TROJ_XPACK.CV
TROJ_AGENT.YTL
TROJ_AGENT.YTL
TROJ_SMALL.INV
TROJ_EXITWIN.F
TROJ_AGENT.WNQ
ADW_ULTIMATEDE.Z
ADW_ULTIMATEDE.Z
ADW_ULTIMATEDE.Z
Possible_Strat-6
TROJ_AGENT.YTL
TROJ_VB.CXL
TROJ_XORPIX.CF
TROJ_SMALL.INV
TROJ_AGENT.WNQ
TROJ_BHO.JM
Possible_Strat-6
Possible_Strat-6
TROJ_XPACK.CV
TROJ_AGENT.YTL
TROJ_AGENT.YTL
TROJ_SMALL.INV
TROJ_EXITWIN.F
TROJ_AGENT.WNQ
ADW_ULTIMATEDE.Z
ADW_ULTIMATEDE.Z
ADW_ULTIMATEDE.Z
Possible_Strat-6
TROJ_AGENT.YTL
TROJ_VB.CXL
Sorry I didn't notice the Trend Micro Office Scan program. I am not familiar with it. Trend Micro's products are typically good though.
Do you still have the combofix log that was produced after you ran it? If so can you post that for us too?
Thanks,
Dave
Do you still have the combofix log that was produced after you ran it? If so can you post that for us too?
Thanks,
Dave
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start > All Programs > Accessories > System Tools > System Restore
and restore back to a date before this happened. Of course there's a posibility that System Restore might have already been corrupted.
Bad files showing in your running processes:
C:\WINDOWS\system32\_svcho
C:\WINDOWS\system32\wbem\c
C:\WINDOWS\vmmreg32.exe
C:\WINDOWS\tsitra801.exe
Bad folders that needs to go, most possibly created by WinIk rootkit.
C:\Program Files\dexidepm
C:\Program Files\Mwfjoete
C:\Program Files\Thwsihxs
C:\Program Files\SecCenter
Fix these entries if still present:
O2 - BHO: (no name) - {48291E74-0979-EB5A-3A45-0
O2 - BHO: Her - {971D5B7B-F7DF-43ee-B771-6
O2 - BHO: CBho Class - {F369DA09-FADE-44CB-987F-E
O4 - HKLM\..\Run: [Intel] C:\WINDOWS\vmmreg32.exe
O4 - HKLM\..\Run: [dexidepm] rundll32.exe "C:\Program Files\dexidepm\xorevsbe.dl
O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.ex
O4 - HKLM\..\Run: [wuhtsizo] C:\Program Files\Mwfjoete\wuhtsizo.ex
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\tsitra801.exe 61A847B5BBF7281A329A284503
O4 - HKLM\..\Run: [csrss] C:\WINDOWS\system32\wbem\c
O20 - AppInit_DLLs: taskkill.dll
O21 - SSODL: dDmkZaW - {F8D7B04C-527D-1AE6-C8D7-3
O23 - Service: Microsoft Internet Explorer - Unknown owner - C:\WINDOWS\system32\_svcho
In addition to combofix, you might also run;
PrevX:
http://info.prevx.com/downloadprevx2.asp
SUPERAntispyware:
http://www.superantispyware.com/