There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
 
Tag Cloud
audio avg avg 8 blue screen brand new codec control panel conversion crash delete personal data desktop display dos driver drivers duplicate dvd error error message excel explorer file firefox game graphics hardware hijackthis log install installation internet itunes javascript lan laptop macro malware msconfig msn music network outlook outlook 2003 outlook express php problem random rundll32 security seo sound sp3 spyware switch tag cloud trojan usb video virtumonde virus vista visual basic vundo wallpaper windows windows vista windows xp wireless word xp sp3 youtube
Malware Removal & HijackThis Logs
Search
Search in:
 
Advanced Search
Tech Support Guy Forums > Security & Malware Removal > Malware Removal & HijackThis Logs >
Please help! Our computer not running so good...


HELLO AND WELCOME! Before you can post your question, you'll have to register -- it's completely free! Click here to join today! We highly recommend that you print a copy of our Guide for New Members. Enjoy!

Page 1 of 2 1 2 >
 
Thread Tools
easymfe's Avatar
Computer Specs
Junior Member with 14 posts.
  
Join Date: Apr 2008
Experience: beginner vis-a-vis security
25-Apr-2008, 04:39 PM #1
Please help! Our computer not running so good...
Hello,

I'm a novice when it comes to security, spyware, malware, etc... so I appreciate all help.

Here is some info on my wife's desktop:
HP Model A6244n
Intel Core 2Duo e4500 @ 2.20 ghz
RAM 3070 mb
Microsoft Vista

Ok, so about a week or so ago, my wife was playing games on her computer and she was directed to some website. Unfortunately, after she visited that website problems started. She uses IE. Immediately after, whenever we opened a new browser we would see multiple tabs opening up and getting messages that it could not connect but the address was an ip address starting with 8. I saw a similar problem on this thread:

http://forums.techguy.org/malware-re...s-ms-juan.html

We just got this computer about a month or so ago and come to find out my wife had not installed any kind of security, anti-virus, ad-aware, etc... So I immediately installed Kaspersky, ad-aware and spybot. I did scans with all three but unfortunately it did not solve my problems.

Now when I open a web page I no longer see the multiple tabs, but the homepage (www.cnn.com) looks like it is just about to connect, but then we get the message, cannot find page. This desktop is connected to our wireless router. I know it is not a problem with the router b/c I am connected on my laptop through the same router. When I review the connection on the desktop everything looks fine. I called airlink for their assistance and they don't think it's the wireless card.

Searching the web for similar problems I found out I need to install hijackthis and get the log. So below are the results:

_______________________________________________________________________
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:00:58 PM, on 4/23/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Windows Live\Family Safety\fssui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\hp\kbd\kbd.exe
L:\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Airlink101 WLAN Monitor] C:\Program Files\Airlink101\WLAN Monitor\WLANmon.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\erika\AppData\Local\Temp\ddcAspop.dll,c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Private%20Eye/Images/stg_drm.ocx
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://games.bigfishgames.com/en_bur...sPlayer_v4.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Cate%20West%20-%20The%20Vanishing%20Files/Images/armhelper.ocx
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10097 bytes
__________________________________________________________________________

So I tried reviewing this, but even with the help of the hijackthis log tutorial I don't know where to start or where to go from here. I did find a few things in the log that look like trouble. I have bolded and underlined them.

Once again, all help is greatly appreciated by this novice.

Best Regards,

easymfe
Cookiegal's Avatar
Administrator with 49,826 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
08-May-2008, 09:29 AM #2
Hi and welcome to TSG,

Please download Malwarebytes Anti-Malware form Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply along with a new HijackThis log please.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
__________________
Microsoft MVP - Consumer Security

Alliance of Security Analysis Professionals
easymfe's Avatar
Computer Specs
Junior Member with 14 posts.
  
Join Date: Apr 2008
Experience: beginner vis-a-vis security
08-May-2008, 12:14 PM #3
Hello,

A thousand thank yous for the reply and suggestions. I will follow your instructions and repost the results later tonight.

Best Regards,

Eric
Cookiegal's Avatar
Administrator with 49,826 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
08-May-2008, 12:35 PM #4
Sounds good to me.
easymfe's Avatar
Computer Specs
Junior Member with 14 posts.
  
Join Date: Apr 2008
Experience: beginner vis-a-vis security
09-May-2008, 09:27 AM #5
Ok, I did as instructed on your response. However, I was not able to check for updates as I cannot get connected to the internet on the computer we are having the problem with. So here's what I did.

I downloaded the mbam on my laptop and then copied the file over to the trouble desktop. I executed and ran the program. Here is the resulting log:
__________________________________________________________________________
Malwarebytes' Anti-Malware 1.12
Database version: 722

Scan type: Quick Scan
Objects scanned: 34581
Time elapsed: 2 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\uninstall (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorertoolbar (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shared TaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\erika\AppData\Local\Temp\tmp00014c1c (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\erika\AppData\Local\Temp\tmp0001e9a2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\erika\AppData\Local\Temp\tmp009fa2e6 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\erika\AppData\Local\Temp\tmp01d7dd9b (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\erika\Local Settings\Temporary Internet Files\Content.IE5\2CD4QD3F\kriv[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\erika\Local Settings\Temporary Internet Files\Content.IE5\990ZSWT0\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
_________________________________________________________________________

After I ran this, things started getting a little strange. I got a message from spybot about allowing or denying a change. I denied the change as I wasn't sure what it was about. Then about 6 little windows were on my screen on the right side and they all said the same thing:
-------------------------------------------------------------------------------------------------------------------------------
23:06 Registry Change denied
Identified as: User blacklist
Resident denied the change of (category SCR or REG
Extension handler) based on your black list
--------------------------------------------------------------------------------------------------------------------------------
All 6 of them kept flashing and the 23:06 is the time and this went on for several minutes until I rebooted. Once I rebooted they did not come back up.

Next I had to upload HijackThis again as it was not on the problem computer anymore. However, when I loaded the zipped file, I was unable to unzip on the computer. So I unzipped the file on my laptop and then loaded the unzipped folder. When I executed HijackThis I got the following error messages:

----------------------------------------------------------------------------------------------------------------------------------
For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, Hijack This may NOT be able to fix this.

If that happens, you need to edit the file yourself. To do this, Click Start, Run and Type:

notepad "c:\
Windows\System32\drivers\etc\hosts"

and press Enter. Find the line(s) HijackThis reports and delete them. Save the file as "hosts" (with quotes, and reboot.
--------------------------------------------------------------------------------------------------------------------------------

I did not edit any files. So I 'ok' this message and then got this message:
--------------------------------------------------------------------------------------------------------------------------------

An unexpected error has occurred at procedure:

modMain_CheckOtherItem()
Error #75 - Path/File access error

Please email me at Merijn@spywareinfo.com, reporting the following:
*What you were trying to fix when the error occurred, if applicable
*How you can reproduce the error
*A complete HijackThis scan log if possible


Windows version: Windows NT 6.00.1904
MSIE version 7.0.6000.16643
HijackThis version: 1.99.1

This message has been copied to your clipboard.
Click Ok to continue the rest of the scan.
--------------------------------------------------------------------------------------------------------------------------------

Again, I hit 'ok' and continued the scan. Here is the HijackThis log:

--------------------------------------------------------------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 11:57:03 PM, on 5/8/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\RtHDVCpl.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Windows Live\Family Safety\fssui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\hp\kbd\kbd.exe
C:\Windows\System32\mobsync.exe
C:\Users\erika\Desktop\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Airlink101 WLAN Monitor] C:\Program Files\Airlink101\WLAN Monitor\WLANmon.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\erika\AppData\Local\Temp\ddcAspop.dll,c
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Private%20Eye/Images/stg_drm.ocx
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://games.bigfishgames.com/en_bur...sPlayer_v4.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Cate%20West%20-%20The%20Vanishing%20Files/Images/armhelper.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
O20 - Winlogon Notify: klogon - C:\Windows\system32\klogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

------------------------------------------------------------------------------------------------------------------------------

Once again, I appreciate all your help. Please let me know what's my next step.

Best Regards,

easymfe
Cookiegal's Avatar
Administrator with 49,826 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
09-May-2008, 06:25 PM #6
I just want to confirm with you that this is a 32-bit version and not 64-bit version of Vista?
easymfe's Avatar
Computer Specs
Junior Member with 14 posts.
  
Join Date: Apr 2008
Experience: beginner vis-a-vis security
10-May-2008, 12:19 AM #7
Yes 32-bit.
Cookiegal's Avatar
Administrator with 49,826 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
10-May-2008, 01:34 PM #8
Please visit Combofix Guide & Instructions for instructions for downloading and running ComboFix:

Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished.
__________________
Microsoft MVP - Consumer Security

Alliance of Security Analysis Professionals
easymfe's Avatar
Computer Specs
Junior Member with 14 posts.
  
Join Date: Apr 2008
Experience: beginner vis-a-vis security
11-May-2008, 12:26 AM #9
Ok, here is the log from ComboFix:

---------------------------------------------------------------------------------------------------------------
ComboFix 08-05-09.1 - erika 2008-05-10 18:24:26.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2304 [GMT -5:00]
Running from: L:\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\jusched.exe

.
((((((((((((((((((((((((( Files Created from 2008-04-10 to 2008-05-10 )))))))))))))))))))))))))))))))
.

2008-05-08 21:59 . 2008-05-08 21:59 <DIR> d-------- C:\Users\erika\AppData\Roaming\Malwarebytes
2008-05-08 21:59 . 2008-05-08 21:59 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-05-08 21:59 . 2008-05-08 21:59 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-05-08 21:59 . 2008-05-08 23:03 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-08 21:59 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\System32\drivers\mbamcatchme.sys
2008-05-08 21:59 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\System32\drivers\mbam.sys
2008-05-05 21:03 . 2008-05-07 12:29 287,899,900 --a------ C:\WINDOWS\MEMORY.DMP
2008-05-03 12:23 . 2008-05-03 12:23 <DIR> d-------- C:\Users\erika\AppData\Roaming\Roxio
2008-04-22 21:57 . 2008-04-22 21:57 <DIR> d-------- C:\Autoruns
2008-04-14 15:23 . 2008-04-14 15:23 <DIR> d-------- C:\Users\All Users\Fugazo
2008-04-14 15:23 . 2008-04-14 15:23 <DIR> d-------- C:\ProgramData\Fugazo
2008-04-13 23:40 . 2008-04-13 23:40 <DIR> d-------- C:\Users\All Users\SpinTop Games
2008-04-13 23:40 . 2008-04-13 23:40 <DIR> d-------- C:\ProgramData\SpinTop Games
2008-04-13 20:18 . 2008-04-13 21:02 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-04-13 20:18 . 2008-04-13 21:02 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-04-13 20:18 . 2008-04-13 20:23 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-13 20:00 . 2008-04-13 20:01 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-04-13 20:00 . 2008-04-13 20:01 <DIR> d-------- C:\ProgramData\Lavasoft
2008-04-13 20:00 . 2008-04-13 20:00 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-13 19:50 . 2008-04-13 19:50 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-12 23:12 . 2008-04-12 23:12 <DIR> d-------- C:\Users\erika\AppData\Roaming\PlayFirst
2008-04-12 23:12 . 2008-04-12 23:12 <DIR> d-------- C:\Users\All Users\PlayFirst
2008-04-12 23:12 . 2008-04-12 23:12 <DIR> d-------- C:\ProgramData\PlayFirst
2008-04-12 18:55 . 2008-04-12 18:55 194,560 --a------ C:\WINDOWS\System32\WebClnt.dll
2008-04-12 18:55 . 2008-04-12 18:55 110,080 --a------ C:\WINDOWS\System32\drivers\mrxdav.sys
2008-04-12 18:53 . 2008-04-12 18:53 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-12 18:53 . 2008-04-12 18:53 8,147,968 --a------ C:\WINDOWS\System32\wmploc.DLL
2008-04-12 18:53 . 2008-04-12 18:53 1,060,920 --a------ C:\WINDOWS\System32\drivers\ntfs.sys
2008-04-12 18:53 . 2008-04-12 18:53 356,864 --a------ C:\WINDOWS\System32\MediaMetadataHandler.dll
2008-04-12 18:53 . 2008-04-12 18:53 41,984 --a------ C:\WINDOWS\System32\drivers\monitor.sys
2008-04-12 18:53 . 2008-04-12 18:53 7,680 --a------ C:\WINDOWS\System32\spwmp.dll
2008-04-12 18:53 . 2008-04-12 18:53 4,096 --a------ C:\WINDOWS\System32\msdxm.ocx
2008-04-12 18:53 . 2008-04-12 18:53 4,096 --a------ C:\WINDOWS\System32\dxmasf.dll
2008-04-12 18:52 . 2008-04-12 18:52 3,505,720 --a------ C:\WINDOWS\System32\ntkrnlpa.exe
2008-04-12 18:52 . 2008-04-12 18:52 3,471,928 --a------ C:\WINDOWS\System32\ntoskrnl.exe
2008-04-12 18:52 . 2008-04-12 18:52 211,000 --a------ C:\WINDOWS\System32\drivers\volsnap.sys
2008-04-12 18:52 . 2008-04-12 18:52 154,624 --a------ C:\WINDOWS\System32\drivers\nwifi.sys
2008-04-12 18:52 . 2008-04-12 18:52 109,624 --a------ C:\WINDOWS\System32\drivers\ataport.sys
2008-04-12 18:52 . 2008-04-12 18:52 45,112 --a------ C:\WINDOWS\System32\drivers\pciidex.sys
2008-04-12 18:52 . 2008-04-12 18:52 21,560 --a------ C:\WINDOWS\System32\drivers\atapi.sys
2008-04-12 18:52 . 2008-04-12 18:52 17,464 --a------ C:\WINDOWS\System32\drivers\intelide.sys
2008-04-12 18:51 . 2008-04-12 18:51 1,191,936 --a------ C:\WINDOWS\System32\msxml3.dll
2008-04-12 18:51 . 2008-04-12 18:51 224,768 --a------ C:\WINDOWS\System32\drivers\usbport.sys
2008-04-12 18:51 . 2008-04-12 18:51 193,536 --a------ C:\WINDOWS\System32\drivers\usbhub.sys
2008-04-12 18:51 . 2008-04-12 18:51 73,216 --a------ C:\WINDOWS\System32\drivers\usbccgp.sys
2008-04-12 18:51 . 2008-04-12 18:51 38,400 --a------ C:\WINDOWS\System32\drivers\usbehci.sys
2008-04-12 18:51 . 2008-04-12 18:51 23,040 --a------ C:\WINDOWS\System32\drivers\usbuhci.sys
2008-04-12 18:51 . 2008-04-12 18:51 8,704 --a------ C:\WINDOWS\System32\hcrstco.dll
2008-04-12 18:51 . 2008-04-12 18:51 8,704 --a------ C:\WINDOWS\System32\hccoin.dll
2008-04-12 18:51 . 2008-04-12 18:51 5,888 --a------ C:\WINDOWS\System32\drivers\usbd.sys
2008-04-12 18:51 . 2008-04-12 18:51 2,048 --a------ C:\WINDOWS\System32\msxml3r.dll
2008-04-12 18:50 . 2008-04-12 18:50 1,327,104 --a------ C:\WINDOWS\System32\quartz.dll
2008-04-12 18:50 . 2008-04-12 18:50 803,328 --a------ C:\WINDOWS\System32\drivers\tcpip.sys
2008-04-12 18:50 . 2008-04-12 18:50 216,632 --a------ C:\WINDOWS\System32\drivers\netio.sys
2008-04-12 18:50 . 2008-04-12 18:50 167,424 --a------ C:\WINDOWS\System32\tcpipcfg.dll
2008-04-12 18:50 . 2008-04-12 18:50 24,064 --a------ C:\WINDOWS\System32\netcfg.exe
2008-04-12 18:50 . 2008-04-12 18:50 22,016 --a------ C:\WINDOWS\System32\netiougc.exe
2008-04-12 18:48 . 2008-04-12 18:48 2,028,544 --a------ C:\WINDOWS\System32\win32k.sys
2008-04-12 18:47 . 2008-04-12 18:47 1,335,296 --a------ C:\WINDOWS\System32\msxml6.dll
2008-04-12 18:47 . 2008-04-12 18:47 296,448 --a------ C:\WINDOWS\System32\gdi32.dll
2008-04-12 18:47 . 2008-04-12 18:47 223,232 --a------ C:\WINDOWS\System32\WMASF.DLL
2008-04-12 18:47 . 2008-04-12 18:47 9,728 --a------ C:\WINDOWS\System32\LAPRXY.DLL
2008-04-12 18:47 . 2008-04-12 18:47 2,048 --a------ C:\WINDOWS\System32\msxml6r.dll
2008-04-12 18:47 . 2008-04-12 18:47 2,048 --a------ C:\WINDOWS\System32\asferror.dll
2008-04-12 18:45 . 2008-04-12 18:45 737,792 --a------ C:\WINDOWS\System32\inetcomm.dll
2008-04-12 18:45 . 2008-04-12 18:45 84,480 --a------ C:\WINDOWS\System32\INETRES.dll
2008-04-12 18:45 . 2008-04-12 18:45 11,776 --a------ C:\WINDOWS\System32\sbunattend.exe
2008-04-12 18:44 . 2008-04-12 18:44 197 --a------ C:\WINDOWS\System32\MRT.INI
2008-04-12 18:43 . 2008-04-12 18:43 788,992 --a------ C:\WINDOWS\System32\rpcrt4.dll
2008-04-12 18:43 . 2008-04-12 18:43 130,048 --a------ C:\WINDOWS\System32\drivers\srv2.sys
2008-04-12 18:43 . 2008-04-12 18:43 101,888 --a------ C:\WINDOWS\System32\drivers\mrxsmb.sys
2008-04-12 18:43 . 2008-04-12 18:43 84,992 --a------ C:\WINDOWS\System32\drivers\srvnet.sys
2008-04-12 18:43 . 2008-04-12 18:43 84,480 --a------ C:\WINDOWS\System32\dnsrslvr.dll
2008-04-12 18:43 . 2008-04-12 18:43 58,368 --a------ C:\WINDOWS\System32\drivers\mrxsmb20.sys
2008-04-12 18:43 . 2008-04-12 18:43 24,576 --a------ C:\WINDOWS\System32\dnscacheugc.exe
2008-04-12 18:42 . 2008-04-12 18:42 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-04-12 18:41 . 2008-04-12 18:41 2,048 --a------ C:\WINDOWS\System32\tzres.dll
2008-04-12 18:40 . 2008-04-12 18:40 1,244,672 --a------ C:\WINDOWS\System32\mcmde.dll
2008-04-12 18:40 . 2008-04-12 18:40 750,080 --a------ C:\WINDOWS\System32\qmgr.dll
2008-04-12 10:38 . 2008-04-22 20:49 96,645 --a------ C:\WINDOWS\System32\drivers\klin.dat
2008-04-12 10:38 . 2008-04-22 20:49 87,941 --a------ C:\WINDOWS\System32\drivers\klick.dat
2008-04-12 10:37 . 2008-05-09 22:34 <DIR> d-------- C:\Users\All Users\Kaspersky Lab
2008-04-12 10:37 . 2008-05-09 22:34 <DIR> d-------- C:\ProgramData\Kaspersky Lab
2008-04-12 10:37 . 2008-04-12 10:37 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-04-12 10:37 . 2008-05-09 00:03 24,285,216 --ahs---- C:\WINDOWS\System32\drivers\fidbox.dat
2008-04-12 10:37 . 2008-05-09 00:03 318,200 --ahs---- C:\WINDOWS\System32\drivers\fidbox.idx
2008-04-12 10:36 . 2008-04-12 10:36 <DIR> d-------- C:\kav
2008-04-12 09:49 . 2008-04-12 09:49 1,712,984 --a------ C:\WINDOWS\System32\wuaueng.dll
2008-04-12 09:49 . 2008-04-12 09:49 1,524,224 --a------ C:\WINDOWS\System32\wucltux.dll
2008-04-12 09:49 . 2008-04-12 09:49 549,720 --a------ C:\WINDOWS\System32\wuapi.dll
2008-04-12 09:49 . 2008-04-12 09:49 163,000 --a------ C:\WINDOWS\System32\wuwebv.dll
2008-04-12 09:49 . 2008-04-12 09:49 80,896 --a------ C:\WINDOWS\System32\wudriver.dll
2008-04-12 09:49 . 2008-04-12 09:49 53,080 --a------ C:\WINDOWS\System32\wuauclt.exe
2008-04-12 09:49 . 2008-04-12 09:49 43,352 --a------ C:\WINDOWS\System32\wups2.dll
2008-04-12 09:49 . 2008-04-12 09:49 33,624 --a------ C:\WINDOWS\System32\wups.dll
2008-04-12 09:49 . 2008-04-12 09:49 31,232 --a------ C:\WINDOWS\System32\wuapp.exe
2008-04-12 01:11 . 2008-04-12 01:11 <DIR> d-------- C:\Users\All Users\hszybahc
2008-04-12 01:11 . 2008-04-12 01:11 <DIR> d-------- C:\Users\All Users\ewqpijtk
2008-04-12 01:11 . 2008-04-12 01:11 <DIR> d-------- C:\ProgramData\hszybahc
2008-04-12 01:11 . 2008-04-12 01:11 <DIR> d-------- C:\ProgramData\ewqpijtk

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-03 17:23 --------- d-----w C:\ProgramData\Sonic
2008-04-21 19:58 --------- d---a-w C:\ProgramData\TEMP
2008-04-14 03:29 --------- d-----w C:\Users\erika\AppData\Roaming\Apple Computer
2008-04-13 00:02 174 --sha-w C:\Program Files\desktop.ini
2008-04-12 23:59 --------- d-----w C:\Program Files\Windows Mail
2008-04-12 23:59 --------- d-----w C:\Program Files\Windows Calendar
2008-04-12 23:58 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-12 23:57 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-12 23:49 944,184 ----a-w C:\Windows\System32\winload.exe
2008-04-12 23:46 88,576 ----a-w C:\Windows\System32\avifil32.dll
2008-04-12 23:42 99,840 ----a-w C:\Windows\System32\poqexec.exe
2008-04-12 23:42 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-04-12 23:42 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-04-12 23:42 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-04-12 23:42 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-04-06 21:56 --------- d-----w C:\Users\erika\AppData\Roaming\Mysteryville2
2008-04-06 19:43 --------- d-----w C:\Program Files\QuickTime
2008-04-06 19:43 --------- d-----w C:\Program Files\iTunes
2008-04-06 19:43 --------- d-----w C:\Program Files\iPod
2008-04-02 15:19 --------- d-----w C:\ProgramData\Symantec
2008-04-02 04:21 --------- d-----w C:\ProgramData\Interama
2008-03-31 04:35 --------- d-----w C:\Users\erika\AppData\Roaming\BloodTies
2008-03-29 04:41 --------- d-----w C:\Users\erika\AppData\Roaming\Yatec Games
2008-03-28 04:05 --------- d-----w C:\Users\erika\AppData\Roaming\Ludia
2008-03-28 04:05 --------- d-----w C:\ProgramData\Ludia
2008-03-26 02:57 --------- d-----w C:\Users\erika\AppData\Roaming\funkitron
2008-03-26 02:43 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-24 22:55 --------- d-----w C:\Program Files\Safari
2008-03-21 04:24 --------- d-----w C:\Users\erika\AppData\Roaming\Friday's games
2008-03-21 03:53 --------- d-----w C:\Program Files\eMusic Download Manager
2008-03-17 04:20 --------- d-----w C:\ProgramData\Dekovir
2008-03-17 04:12 --------- d-----w C:\Program Files\Can You See What I See
2008-03-14 03:47 --------- d-----w C:\Users\erika\AppData\Roaming\cerasus.media
2008-03-14 03:39 --------- d-----w C:\Users\erika\AppData\Roaming\VeniceMysteryData
2008-03-13 05:30 --------- d-----w C:\Users\erika\AppData\Roaming\SprillBermudeEng
2008-03-13 03:50 --------- d-----w C:\Program Files\Windows Live
2008-03-13 03:48 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-13 03:43 --------- d-----w C:\ProgramData\WLInstaller
2008-03-12 18:09 --------- d-----w C:\ProgramData\EscapeTheMuseum
2008-03-11 17:02 --------- d-----w C:\Program Files\Microsoft Works
2008-03-11 17:01 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-10 14:58 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-10 03:57 --------- d-----w C:\Users\erika\AppData\Roaming\SpinTop
2008-03-10 00:09 --------- d-----w C:\ProgramData\Apple Computer
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
2007-12-17 11:12 56360 --a------ C:\Program Files\Windows Live\Family Safety\fssbho.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-04-12 18:45 1232896]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-03-07 22:19 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-11-13 10:53 1006264]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 10:01 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 11:16 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 06:59 118784]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-06-14 23:31 178968]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-08-09 05:30 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-08-09 05:30 8466432]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-08-09 05:30 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 06:06 4669440 C:\WINDOWS\RtHDVCpl.exe]
"CCUTRAYICON"="FactoryMode" []
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 16:13 71176]
"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-04-07 05:56 54936]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 02:11 49152]
"Airlink101 WLAN Monitor"="C:\Program Files\Airlink101\WLAN Monitor\WLANmon.exe" [2006-06-30 19:55 954368]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2006-06-01 17:59 49152]
"fssui"="C:\Program Files\Windows Live\Family Safety\fssui.exe" [2007-12-17 11:12 243240]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 04:45 222208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish Media Detector.lnk
backup=C:\Windows\pss\Snapfish Media Detector.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-03-07 22:19 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{7A3B5625-78D9-4922-ABF2-30F21E46EBDC}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{F63876C7-30A6-4E61-9BB2-B53E7362BAC7}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{D9699CBD-B153-4691-AC9A-406F65088F8A}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{E09CE15B-5F01-47D5-8BE7-FBCBB365D870}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{BCAECF92-ADD0-41AA-99BE-8F5770E8070B}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{6C8D929A-4B68-49EA-81A0-7170286E1F1B}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{40A0175B-A9DC-403A-AE5D-E2EDDECFA1AC}"= TCP:9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{D1D8A6F1-B4A8-4038-AA50-A94B45ACF46B}"= TCP:1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{C62A9A0D-93EF-4694-9B6B-653C888A0C1D}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{E11CD62B-1268-49A0-8EB6-3C269172D1D2}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{91C21F08-BD4D-4C25-97DB-AC69D95B488E}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{60C45900-ECA0-4BF4-AF7C-E2DE5A4BA0EA}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{E57CF611-7A89-4510-B9C2-57B390CBA7EC}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{96BDE7AA-D7FC-45C7-B444-F6E393B08743}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{F1C0B9AA-5EA2-4D0F-9B91-E83DEBAD30E8}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{E207882F-CD91-4A41-9702-20A7728DAAB0}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{840A055E-CEBF-463E-BDD1-EA300682BC85}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C2991F59-4E74-4DCB-BB13-3025C3EE8DFE}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A0ABCBDA-5035-48A1-AE8E-35FF9F1887DE}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{A131C91F-981B-46C2-9510-AE157BB10166}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{74865007-5F4C-4DAA-BC26-0217513F1F8F}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{10D4FB18-D112-45E5-8DB2-C6FF3F059308}C:\\program files\\rhapsody\\rhapsody.exe"= UDP:C:\program files\rhapsody\rhapsody.exe:RealNetworks Rhapsody
"UDP Query User{5E5344FC-3B57-4110-8107-CCC80DB6D799}C:\\program files\\rhapsody\\rhapsody.exe"= TCP:C:\program files\rhapsody\rhapsody.exe:RealNetworks Rhapsody
"{B9AC8E60-D29D-45A8-B32D-7232744F1F1A}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{308ED02F-1234-4DD4-8645-A2107BE5FA9B}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{E0F427E9-ECB3-4178-94BF-7670477172DD}C:\\kav\\kav7\\setup.exe"= UDP:C:\kav\kav7\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"UDP Query User{ED0379E4-2470-4A18-A43C-5DA53F62CCC6}C:\\kav\\kav7\\setup.exe"= TCP:C:\kav\kav7\setup.exe:Kaspersky Anti-Virus 7.0 Setup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\S tatic\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\Auth orizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-10-16 11:05]
R2 DQLWinService;DQLWinService;"C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [2006-09-03 13:32]
R2 fssfltr;FssFltr;C:\Windows\system32\DRIVERS\fssfltr.sys [2007-10-17 13:53]
R2 fsssvc;Windows Live OneCare Family Safety;"C:\Program Files\Windows Live\Family Safety\fsssvc.exe" [2007-12-17 11:13]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-28 11:44]
R3 AL101;Airlink101 802.11g PCI Driver;C:\Windows\system32\DRIVERS\AL101.sys [2006-07-04 16:28]
S2 IntelDHSvcConf;Intel DH Service;"C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe" [2006-05-10 12:13]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{ed0d312c-0962-11dd-b065-001d606465ef}]
\shell\AutoRun\command - L:\CAEdgemobile.exe

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-10 18:26:30
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-10 18:27:34
ComboFix-quarantined-files.txt 2008-05-10 23:27:30

Pre-Run: 370,454,884,352 bytes free
Post-Run: 370,591,993,856 bytes free

272 --- E O F --- 2008-04-14 20:08:02
-------------------------------------------------------------------------------------------------------------

I will post the HijackThis log in a following reply.
easymfe's Avatar
Computer Specs
Junior Member with 14 posts.
  
Join Date: Apr 2008
Experience: beginner vis-a-vis security
11-May-2008, 12:28 AM #10
And here is the log from HijackThis:

------------------------------------------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 7:09:28 PM, on 5/10/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Windows Live\Family Safety\fssui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\hp\kbd\kbd.exe
C:\Windows\System32\mobsync.exe
C:\Windows\Explorer.exe
C:\Users\erika\Desktop\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Airlink101 WLAN Monitor] C:\Program Files\Airlink101\WLAN Monitor\WLANmon.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\erika\AppData\Local\Temp\ddcAspop.dll,c
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Private%20Eye/Images/stg_drm.ocx
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://games.bigfishgames.com/en_bur...sPlayer_v4.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Cate%20West%20-%20The%20Vanishing%20Files/Images/armhelper.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
O20 - Winlogon Notify: klogon - C:\Windows\system32\klogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

-------------------------------------------------------------------------------------------------------------

Thanks again for all your help. It is most appreciated.

Best Regards,

easymfe
Cookiegal's Avatar
Administrator with 49,826 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
11-May-2008, 03:09 PM #11
If you recognize any of the folders contained in the following script as something you created then please let me know and do not proceed any further and do NOT run the script. Otherwise, please do the following:

Open Notepad and copy and paste the text in the code box below into it:

Code:
Folders::
C:\Users