Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Windows - No disk

(In Progress)
(!)

chrisboc's Avatar
chrisboc chrisboc is offline
Junior Member with 17 posts.
THREAD STARTER
 
Join Date: May 2009
Experience: Intermediate
10-May-2009, 01:38 PM #1
Windows - No disk
I get this pop-up every time I load. I cleaned the registries using a commercial program, but this annoying message is still there. Does anyone know how to get rid of it? Please help!!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:32:46 PM, on 5/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Billionton\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\HPZipm12.exe
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
D:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\WINNT\SOUNDMAN.EXE
C:\WINNT\system32\rundll32.exe
D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Corel\Corel GuideMenu\GuideMenu.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\WINNT\system32\CTHELPER.EXE
C:\Program Files\CyberPatrol LLC\CyberPatrol\cphq.exe
C:\Program Files\CyberPatrol LLC\CyberPatrol\cpserver.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINNT\system32\rundll92.exe
C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
D:\Program Files\SetPoint\SetPoint.exe
C:\Program Files\CyberPatrol LLC\CyberPatrol\cpACtrl.exe
C:\Program Files\CyberPatrol LLC\CyberPatrol\cpCCtrl.exe
C:\Program Files\CyberPatrol LLC\CyberPatrol\cpkbinst.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\CyberPatrol LLC\CyberPatrol\UpdateService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
D:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts file is located at: C:\WINNT\System32\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {08B8148D-90E3-41CE-86A5-E349E10C01A0} - (no file)
O2 - BHO: (no name) - {23015998-E175-CFAB-5970-BC8EDAE4CECA} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - N:\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O2 - BHO: (no name) - {63C97903-90E6-C833-B74A-CC19637E8EBE} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {997B47CD-F57D-8CFB-5070-F93AF12774C0} - (no file)
O2 - BHO: (no name) - {997E43B6-F209-F98F-0973-8A3A875C77C3} - (no file)
O2 - BHO: (no name) - {9FA5C30A-77E0-7C60-B328-5F17556076C5} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O4 - HKLM\..\Run: [DWZCABoot] C:\WINNT\System32\DZCABoot.exe
O4 - HKLM\..\Run: [DWZKillMe] C:\WINNT\DZSAVEME.EXE
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\PPE.EXE
O4 - HKLM\..\Run: [DWPersistentQueuedReporting] C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE -a
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [WinSys2] C:\WINNT\system32\winsys2.exe
O4 - HKLM\..\Run: [GuideMenu] C:\Program Files\Corel\Corel GuideMenu\GuideMenu.exe -hide
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [CyberPatrolNew] "C:\Program Files\CyberPatrol LLC\CyberPatrol\cphq.exe" /m
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UpdatePDRShortCut] "d:\Program Files\CyberLink\PowerDirector\PowerDirector\MUITransfer\MUIStartMenu.exe" "d:\Program Files\CyberLink\PowerDirector\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [Hotfix-KB5504305] C:\WINNT\system32\rundll92.exe
O4 - HKLM\..\RunServices: [Hotfix-KB5504305] C:\WINNT\system32\rundll92.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [NVIDIA Performance Examiner] C:\WINNT\system32\nvCplUI.exe /page:{"0832D71B-1429-4747-8D59-B4B784798112"}
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Hotfix-KB5504305] C:\WINNT\system32\rundll92.exe
O4 - HKCU\..\Run: [NortonUtilities] C:\Program Files\Norton Utilities 14\nu.exe /S
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunServices: [Hotfix-KB5504305] C:\WINNT\system32\rundll92.exe
O4 - HKCU\..\RunOnce: [] C:\Program Files\Internet Explorer\iexplore.exe http://www.symantec.com/techsupp/ser...000e6.0000026f
O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-1004\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Kids')
O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-1004\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Kids')
O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-1004\..\Run: [Microsoft Works Update Detection] ???\WkDetect.exe (User 'Kids')
O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-1004\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe (User 'Kids')
O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-1004\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (User 'Kids')
O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-1004\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe" (User 'Kids')
O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-1004\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'Kids')
O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-1005\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'CPC')
O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-1012\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe (User 'Georgette')
O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-1013\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe (User 'Caitlin')
O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-1014\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe (User 'Austin')
O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-501\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Guest')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - S-1-5-21-1417001333-1336601894-839522115-1005 User Startup: Launch Microsoft Office Outlook (2).lnk = D:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE (User 'CPC')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: ASUS WiFi-AP Solo.lnk = C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: SetPoint.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - D:\Program Files\Billionton\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\Billionton\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\Billionton\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - N:\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - N:\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab53083.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/mini...ransporter.cab?
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10...y.cab53083.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://mail03.mygulfstream.com/iNotes6W.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {40F8967E-34A6-474A-837A-CEC1E7DAC54C} (QuickBooks Online Edition Utilities Class v9) - https://accounting.quickbooks.com/c4/v16.568/qboax9.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab53083.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1133845250247
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6ABE4BC3-7253-418E-85E8-F334A73154D3} (CSmartClient Object) - http://www.smart-clip.com/activex/SmartClip.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupda...01/CTSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1133846345904
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/soft...ch/alaunch.cab
O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} (Domino Web Access 8 Control) - https://mail03.mygulfstream.com/dwa8W.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames...e.cab53083.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab53083.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10...y.cab53852.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/hea...ploader_v6.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://northtexas.clio.medcity.net/...erSetupSP1.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://livenj04.rightnowtech.com/751.../java/RntX.cab
O16 - DPF: {F53270D3-0E32-48B7-B63B-159E33210F70} (Livelink Edit Control) - https://km.mygulfstream.com/llnksupp...exp/lledit.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupda...5106/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F707F55-1D65-4983-AD23-B502C9871300}: NameServer = 85.255.112.172
O17 - HKLM\System\CCS\Services\Tcpip\..\{6B98C345-B21E-4100-97CA-06506C56A482}: NameServer = 85.255.112.172
O17 - HKLM\System\CCS\Services\Tcpip\..\{79362987-0F48-4FE5-868F-493F0AE4450E}: NameServer = 85.255.112.172
O17 - HKLM\System\CCS\Services\Tcpip\..\{9283F0A3-3399-489E-82CD-39365FE2A6FD}: NameServer = 85.255.112.172
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.61,85.255.112.172
O17 - HKLM\System\CS5\Services\Tcpip\Parameters: NameServer = 85.255.112.61,85.255.112.172
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.61,85.255.112.172
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: RDM+ - C:\Program Files\RDM+\notify.dll
O20 - Winlogon Notify: winbfi32 - winbfi32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Asset Management Daemon - Unknown owner - C:\Program Files\Portrait Displays\PerfectSuite\dtsslsrv.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Program Files\Billionton\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: CyberPatrol UpdateService - CyberPatrol LLC - C:\Program Files\CyberPatrol LLC\CyberPatrol\UpdateService.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate1c9bbef516989fe) (gupdate1c9bbef516989fe) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
O23 - Service: RDM+ Local Service (RDMPLocalService) - Unknown owner - C:\Program Files\RDM+\rdmpserv.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - d:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - d:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
--
End of file - 24019 bytes
vistashen's Avatar
vistashen vistashen is offline
Account Disabled with 457 posts.
 
Join Date: May 2009
Location: Chennai-India
Experience: Advanced
10-May-2009, 05:20 PM #2
You might want to try this article
http://support.microsoft.com/kb/330137
flavallee's Avatar
flavallee   (Frank) flavallee is offline flavallee is a Trusted Advisor with special permissions. flavallee has a Profile Picture
Computer Specs
Trusted Advisor with 57,795 posts.
 
Join Date: May 2002
Location: Hillsborough county, Florida
Experience: Advanced
10-May-2009, 06:14 PM #3
A "Windows - No Disk" pop-up is the least of your worries.

There's a massive number of startup entries and services that don't need to load and run.

There's over-kill with toolbars and browser helper objects(BHO's).

There's a massive number of activeX controls.

This entry indicates an infection.

O4 - HKLM\..\Run: [WinSys2] C:\WINNT\system32\winsys2.exe

http://www.processlibrary.com/directory/files/winsys2

I'm suspicious of these entries:

O4 - HKLM\..\Run: [DWZCABoot] C:\WINNT\System32\DZCABoot.exe

O4 - HKLM\..\Run: [DWZKillMe] C:\WINNT\DZSAVEME.EXE

O4 - HKLM\..\Run: [Hotfix-KB5504305] C:\WINNT\system32\rundll92.exe

O4 - HKLM\..\RunServices: [Hotfix-KB5504305] C:\WINNT\system32\rundll92.exe

O4 - HKCU\..\Run: [Hotfix-KB5504305] C:\WINNT\system32\rundll92.exe

O4 - HKCU\..\RunServices: [Hotfix-KB5504305] C:\WINNT\system32\rundll92.exe


----------------------------------------------------------------------

I've reported your thread to the "Malware Removal & HijackThis Logs" section for assistance.

------------------------------------------------------------------------

Last edited by flavallee; 10-May-2009 at 06:25 PM..
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,352 posts.
 
Join Date: Aug 2003
10-May-2009, 06:53 PM #4
Please visit Combofix Guide & Instructions for instructions for installing the recovery console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to Combo-Fix.exe please.

Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read HERE for an article written by dvk01 on why we disable autoruns.

Note: During this process, it would help a great deal and be very much appreciated if you would refrain from installing any new software or hardware on this machine, unless absolutely necessary, until the clean up process is finished as it makes our job more tedious, with additional new files that may have to be researched, which is very time consuming.

Also, please do not run any security programs or fixes on your own as doing so may compromise what we will be doing. It is important that you wait for instructions.
__________________
Microsoft MVP - Consumer Security
flavallee's Avatar
flavallee   (Frank) flavallee is offline flavallee is a Trusted Advisor with special permissions. flavallee has a Profile Picture
Computer Specs
Trusted Advisor with 57,795 posts.
 
Join Date: May 2002
Location: Hillsborough county, Florida
Experience: Advanced
10-May-2009, 07:02 PM #5
chrisboc:

You're in Cookiegal's hands now. I'll be monitoring your thread. Once she's done with you, I'll assist you with that over-bloated startup load and with updating and uninstalling some programs.

-------------------------------------------------------------
chrisboc's Avatar
chrisboc chrisboc is offline
Junior Member with 17 posts.
THREAD STARTER
 
Join Date: May 2009
Experience: Intermediate
10-May-2009, 09:48 PM #6
Thank you all for the assist!!! I hope I'm not a lost cause.


Combo fix log file:

ComboFix 09-05-09.05 - CC 05/10/2009 20:17.2 - NTFSx86
Running from: c:\documents and settings\CC\Desktop\Combo-Fix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated)
FW: Norton Internet Security *enabled*
.
((((((((((((((((((((((((( Files Created from 2009-04-11 to 2009-05-11 )))))))))))))))))))))))))))))))
.
2009-05-10 19:31 . 2009-05-10 19:31 -------- d-----w c:\program files\Evolve Reach RN
2009-05-10 17:26 . 2009-05-10 17:26 -------- d-----w c:\program files\Trend Micro
2009-05-08 22:39 . 2009-05-08 22:39 -------- d-----w c:\documents and settings\Kids.BIGDADDY\Local Settings\Application Data\Symantec
2009-05-07 23:28 . 2009-05-07 23:28 -------- dc----w c:\documents and settings\Caitlin\Local Settings\Application Data\Symantec
2009-05-07 18:14 . 2009-05-07 18:14 -------- d---a-w c:\program files\Norton Support
2009-05-07 18:14 . 2009-05-07 18:14 -------- d-----w c:\documents and settings\CC\Local Settings\Application Data\Symantec
2009-05-07 18:06 . 2009-05-07 18:06 -------- dc----w c:\documents and settings\CC\Application Data\Norton Utilities 14
2009-05-07 17:48 . 2009-05-07 17:48 36400 ----a-r c:\winnt\system32\drivers\SymIM.sys
2009-05-07 17:48 . 2009-05-07 17:48 60808 ----a-w c:\winnt\system32\S32EVNT1.DLL
2009-05-07 17:48 . 2009-05-07 17:48 124464 ----a-w c:\winnt\system32\drivers\SYMEVENT.SYS
2009-05-07 17:47 . 2009-05-07 17:47 -------- d-----w c:\winnt\system32\drivers\NIS
2009-05-07 17:47 . 2009-05-07 17:47 -------- d-----w c:\program files\Norton Internet Security
2009-05-07 17:47 . 2009-05-07 17:47 -------- d-----w c:\program files\Windows Sidebar
2009-05-07 17:25 . 2009-05-11 01:15 -------- d-----w c:\program files\Norton Utilities 14
2009-05-07 17:23 . 2009-05-07 17:23 -------- dc----w c:\documents and settings\All Users\Application Data\PCSettings
2009-05-07 17:21 . 2009-05-07 17:21 -------- dc----w c:\documents and settings\All Users\Application Data\Norton
2009-05-07 17:21 . 2009-05-07 17:21 -------- d-----w c:\program files\NortonInstaller
2009-05-07 17:00 . 2009-05-07 17:48 -------- d-----w c:\program files\Symantec
2009-05-07 17:00 . 2009-05-08 00:05 -------- dc----w c:\documents and settings\All Users\Application Data\Symantec
2009-05-07 16:38 . 2009-05-07 16:38 -------- dc----w c:\documents and settings\CC\Application Data\TrojanHunter
2009-05-07 05:56 . 2009-05-07 22:06 -------- d-----w c:\program files\TrojanHunter 5.1
2009-05-07 05:14 . 2009-05-07 17:46 -------- dc----w c:\documents and settings\All Users\Application Data\NortonInstaller
2009-05-04 16:55 . 2008-12-11 13:38 159600 ----a-w c:\winnt\system32\drivers\pctgntdi.sys
2009-05-04 16:55 . 2008-12-18 17:16 73840 ----a-w c:\winnt\system32\drivers\PCTAppEvent.sys
2009-05-04 16:55 . 2009-04-03 16:18 130936 ----a-w c:\winnt\system32\drivers\PCTCore.sys
2009-05-04 16:55 . 2009-05-04 16:55 -------- d-----w c:\program files\Common Files\PC Tools
2009-05-04 16:55 . 2008-12-10 16:36 64392 ----a-w c:\winnt\system32\drivers\pctplsg.sys
2009-05-04 16:55 . 2009-05-04 16:55 -------- dc----w c:\documents and settings\CC\Application Data\PC Tools
2009-05-04 16:55 . 2009-05-04 16:55 -------- dc----w c:\documents and settings\All Users\Application Data\PC Tools
2009-05-01 12:49 . 2009-05-01 12:49 65536 --sh--r c:\winnt\system32\rundll92.exe
2009-04-26 03:12 . 2009-04-26 03:12 -------- dc----w c:\documents and settings\All Users\Application Data\SmartSound Software Inc
2009-04-26 03:12 . 2009-04-26 03:12 -------- d-----w c:\program files\SmartSound Software
2009-04-26 03:11 . 2009-04-26 03:11 -------- d-----w c:\program files\Cyberlink
2009-04-24 15:17 . 2009-04-24 15:17 -------- d-----w c:\program files\iPod
2009-04-24 15:17 . 2009-04-24 15:17 -------- d-----w c:\program files\iTunes
2009-04-24 14:07 . 2009-04-24 14:07 -------- dc----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-20 15:49 . 2009-04-20 17:18 -------- d-----w c:\winnt\system32\oodag
2009-04-16 16:49 . 2009-03-06 14:22 284160 -c----w c:\winnt\system32\dllcache\pdh.dll
2009-04-16 16:49 . 2009-02-09 12:10 401408 -c----w c:\winnt\system32\dllcache\rpcss.dll
2009-04-16 16:49 . 2009-02-06 11:11 110592 -c----w c:\winnt\system32\dllcache\services.exe
2009-04-16 16:49 . 2009-02-09 12:10 473600 -c----w c:\winnt\system32\dllcache\fastprox.dll
2009-04-16 16:49 . 2009-02-06 10:10 227840 -c----w c:\winnt\system32\dllcache\wmiprvse.exe
2009-04-16 16:49 . 2009-02-09 12:10 453120 -c----w c:\winnt\system32\dllcache\wmiprvsd.dll
2009-04-16 16:49 . 2009-02-09 12:10 729088 -c----w c:\winnt\system32\dllcache\lsasrv.dll
2009-04-16 16:49 . 2009-02-09 12:10 617472 -c----w c:\winnt\system32\dllcache\advapi32.dll
2009-04-16 16:49 . 2009-02-09 12:10 714752 -c----w c:\winnt\system32\dllcache\ntdll.dll
2009-04-16 16:48 . 2008-05-03 11:55 2560 ------w c:\winnt\system32\xpsp4res.dll
2009-04-16 16:48 . 2008-04-21 12:08 215552 -c----w c:\winnt\system32\dllcache\wordpad.exe
2009-04-16 02:37 . 2009-04-16 02:37 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-04-13 04:19 . 2009-05-10 21:02 -------- dc----w c:\documents and settings\All Users\Application Data\Google Updater
2009-04-12 04:23 . 2009-04-12 04:26 -------- dc----w c:\documents and settings\All Users\Application Data\America's Army Deploy Client
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-08 19:40 . 2008-01-12 19:12 4232 --sha-w c:\winnt\system32\KGyGaAvL.sys
2009-05-07 18:10 . 2005-11-23 16:45 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-07 17:48 . 2009-05-07 17:48 805 ----a-w c:\winnt\system32\drivers\SYMEVENT.INF
2009-05-07 17:48 . 2009-05-07 17:48 7386 ----a-w c:\winnt\system32\drivers\SYMEVENT.CAT
2009-05-07 05:07 . 2006-06-09 19:23 -------- d-----w c:\program files\LiveUpdate
2009-05-04 16:35 . 2008-02-09 01:26 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-01 15:32 . 2009-01-12 16:11 -------- d-----w c:\program files\RDM+
2009-04-29 00:21 . 2009-01-19 15:04 664 -c--a-w c:\documents and settings\Caitlin\Local Settings\Application Data\d3d9caps.tmp
2009-04-27 22:06 . 2008-12-31 21:00 124112 -c--a-w c:\documents and settings\Caitlin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-26 19:23 . 2009-01-03 19:15 34 -c--a-w c:\documents and settings\Austin\jagex_runescape_preferences.dat
2009-04-26 03:13 . 2005-11-28 14:26 124112 ----a-w c:\documents and settings\CC\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-26 03:12 . 2005-11-23 16:40 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-26 02:27 . 2008-01-12 19:08 -------- d-----w c:\program files\Canon
2009-04-26 02:24 . 2008-01-12 19:06 -------- d-----w c:\program files\Common Files\Canon
2009-04-24 15:17 . 2007-10-31 20:35 -------- d-----w c:\program files\Common Files\Apple
2009-04-16 20:47 . 2007-11-12 02:18 66872 ----a-w c:\winnt\system32\PnkBstrA.exe
2009-04-13 04:22 . 2005-11-25 02:27 -------- d-----w c:\program files\Google
2009-04-06 02:08 . 2008-04-02 18:09 -------- d-----w c:\program files\Safari
2009-03-28 23:10 . 2009-02-27 16:09 34 -c--a-w c:\documents and settings\Caitlin\jagex_runescape_preferences.dat
2009-03-27 22:31 . 2009-03-27 22:31 -------- d-----w c:\program files\CyberPatrol LLC
2009-03-20 19:21 . 2008-10-12 23:21 34 ----a-w c:\documents and settings\Kids.BIGDADDY\jagex_runescape_preferences.dat
2009-03-19 21:32 . 2008-01-29 17:01 23400 ----a-w c:\winnt\system32\drivers\GEARAspiWDM.sys
2009-03-06 14:22 . 2008-10-12 22:02 284160 ----a-w c:\winnt\system32\pdh.dll
2009-03-06 04:59 . 2009-04-06 02:12 1900544 ----a-w c:\winnt\system32\usbaaplrc.dll
2009-03-06 04:59 . 2007-10-31 20:35 36864 ----a-w c:\winnt\system32\drivers\usbaapl.sys
2009-03-03 00:18 . 2005-12-06 06:18 826368 ----a-w c:\winnt\system32\wininet.dll
2009-02-28 16:39 . 2009-02-28 16:39 165888 ----a-w c:\winnt\Video Cleaner Pro Uninstaller.exe
2009-02-21 15:46 . 2006-08-22 01:32 80477 ----a-w c:\winnt\HPHins08.dat
2009-02-20 18:09 . 2008-10-12 22:02 78336 ----a-w c:\winnt\system32\ieencode.dll
2009-02-12 02:31 . 2008-10-14 22:37 34 -c--a-w c:\documents and settings\CC\jagex_runescape_preferences.dat
2007-04-25 08:49 . 2008-01-12 18:58 328 -c----w c:\program files\GuideMenuSetup.iss
2007-04-06 03:28 . 2008-01-12 19:00 1237 -c----w c:\program files\WinDVDSetup.iss
2005-11-23 03:40 . 2005-11-23 03:40 271 -csh--w c:\program files\desktop.ini
2005-11-23 03:40 . 2005-11-23 03:40 21952 -c-ha-w c:\program files\folder.htt
2002-07-26 23:02 . 2005-12-06 05:00 153088 -c--a-w c:\program files\UNWISE.EXE
2008-06-24 17:49 . 2006-05-26 01:55 67696 -c--a-w c:\program files\mozilla firefox\components\jar50.dll
2008-06-24 17:49 . 2006-05-26 01:55 54376 -c--a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-06-24 17:49 . 2008-02-10 00:00 34952 -c--a-w c:\program files\mozilla firefox\components\myspell.dll
2008-06-24 17:49 . 2008-02-10 00:00 46720 -c--a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-06-24 17:49 . 2006-05-26 01:55 172144 -c--a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-01-12 19:12 . 2008-01-12 19:12 8 --sh--r c:\winnt\system32\F087802693.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-05-11_01.04.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-11 01:02 . 2009-05-11 01:02 16384 c:\winnt\Temp\Perflib_Perfdata_930.dat
+ 1999-12-07 06:00 . 2009-05-11 01:06 68988 c:\winnt\system32\perfc009.dat
- 1999-12-07 06:00 . 2009-05-10 17:11 68988 c:\winnt\system32\perfc009.dat
+ 1999-12-07 06:00 . 2009-05-11 01:06 422894 c:\winnt\system32\perfh009.dat
- 1999-12-07 06:00 . 2009-05-10 17:11 422894 c:\winnt\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\winnt\system32\ctfmon.exe" [2008-04-14 15360]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-05 81920]
"NVIDIA Performance Examiner"="c:\winnt\system32\nvCplUI.exe" [2008-10-07 797216]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2007-08-29 1347584]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"Hotfix-KB5504305"="c:\winnt\system32\rundll92.exe" [2009-05-01 65536]
"NortonUtilities"="c:\program files\Norton Utilities 14\nu.exe" [2009-01-27 3831144]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-22 68856]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"<NO NAME>"="c:\program files\Internet Explorer\iexplore.exe" [2009-02-28 636072]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Hotfix-KB5504305"="c:\winnt\system32\rundll92.exe" [2009-05-01 65536]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWZCABoot"="c:\winnt\System32\DZCABoot.exe" [2005-04-13 110592]
"DWZKillMe"="c:\winnt\DZSAVEME.EXE" [2001-07-25 20480]
"USBToolTip"="c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2004-04-23 192512]
"Profiler"="c:\program files\Saitek\Software\Profiler.exe" [2004-10-20 159744]
"SaiSmart"="c:\program files\Saitek\Software\SaiSmart.exe" [2004-10-20 98304]
"SaiMfd"="c:\program files\Saitek\Software\SaiMfd.exe" [2004-10-20 135168]
"TrueImageMonitor.exe"="d:\program files\Acronis\TrueImage\TrueImageMonitor.exe" [2005-12-27 988736]
"OSSelectorReinstall"="c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2006-04-12 1261475]
"NvCplDaemon"="c:\winnt\system32\NvCpl.dll" [2008-10-07 13574144]
"PCLEPCI"="c:\progra~1\Pinnacle\PPE\PPE.EXE" [2004-02-03 49152]
"DWPersistentQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EX E" [2007-02-26 437160]
"Acrobat Assistant 7.0"="d:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-13 483328]
"SetDefPrt"="c:\program files\Brother\Brmfl04g\BrStDvPt.exe" [2004-11-11 49152]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2004-11-12 864256]
"WinSys2"="c:\winnt\system32\winsys2.exe" [2006-04-29 208896]
"GuideMenu"="c:\program files\Corel\Corel GuideMenu\GuideMenu.exe" [2007-08-07 1282048]
"NvMediaCenter"="c:\winnt\system32\NvMcTray.dll" [2008-10-07 86016]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472]
"CyberPatrolNew"="c:\program files\CyberPatrol LLC\CyberPatrol\cphq.exe" [2008-12-19 1975552]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"UpdatePDRShortCut"="d:\program files\CyberLink\PowerDirector\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"Hotfix-KB5504305"="c:\winnt\system32\rundll92.exe" [2009-05-01 65536]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\winnt\system32\bthprops.cpl [2008-04-14 110592]
"nwiz"="nwiz.exe" - c:\winnt\system32\nwiz.exe [2008-10-07 1630208]
"SoundMan"="SOUNDMAN.EXE" - c:\winnt\SOUNDMAN.EXE [2005-06-21 77824]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\winnt\KHALMNPR.Exe [2005-12-20 28160]
"CTHelper"="CTHELPER.EXE" - c:\winnt\system32\CtHelper.exe [2008-06-27 19456]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2008-04-14 214528]
"tscuninstall"="c:\winnt\system32\tscupgrd.exe" [2004-08-04 44544]
"SetDefaultMIDI"="MIDIDEF.EXE" - c:\winnt\system32\MIDIDEF.EXE [2008-06-27 28672]
c:\documents and settings\CPC\Start Menu\Programs\Startup\
Launch Microsoft Office Outlook (2).lnk - d:\program files\Microsoft Office\OFFICE11\OUTLOOK.EXE [2008-4-23 199688]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\winnt\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-2-28 25214]
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2008-1-15 221247]
ASUS WiFi-AP Solo.lnk - c:\program files\ASUS WiFi-AP Solo\RtWLan.exe [2007-11-26 995328]
BTTray.lnk - d:\program files\Billionton\Bluetooth Software\BTTray.exe [2004-11-29 569405]
HP Digital Imaging Monitor.lnk - d:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-11-16 67128]
SetPoint.lnk - d:\program files\SetPoint\SetPoint.exe [2007-5-4 532480]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explor er]
"NoRecentDocs Menu"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\RDM+]
2008-04-13 11:43 61440 ----a-w c:\program files\RDM+\notify.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"aux"= mmdrv.dll
"wave5"= serwvdrv.dll
"wave"= serwvdrv.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0oodbs
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Hotfix-KB5504305 REG_SZ c:\winnt\system32\rundll92.exe
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA .sys]
@="FSFilter Activity Monitor"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf010 00.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Audible Download Manager.lnk]
backup=c:\winnt\pss\Audible Download Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
backup=c:\winnt\pss\Microsoft Works Calendar Reminders.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=c:\winnt\pss\QuickBooks Update Agent.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SATARAID5.lnk]
backup=c:\winnt\pss\SATARAID5.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^CC^Start Menu^Programs^Startup^PdaNet Desktop.lnk]
backup=c:\winnt\pss\PdaNet Desktop.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^CC^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
backup=c:\winnt\pss\Picture Motion Browser Media Check Tool.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^CC^Start Menu^Programs^Startup^YouTube Uploader.lnk]
backup=c:\winnt\pss\YouTube Uploader.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ZuneNetworkSvc"=3 (0x3)
"VMware NAT Service"=2 (0x2)
"vmount2"=2 (0x2)
"VMnetDHCP"=2 (0x2)
"vmh"=3 (0x3)
"VMAuthdService"=2 (0x2)
"Virtual Server"=2 (0x2)
"UleadBurningHelper"=2 (0x2)
"O&O Defrag"=2 (0x2)
"LiveUpdate Notice"=2 (0x2)
"LiveUpdate"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"RoxWatch9"=2 (0x2)
"RoxMediaDB9"=3 (0x3)
"iPod Service"=3 (0x3)
"DTSRVC"=2 (0x2)
"awhost32"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
"nTuneService"=2 (0x2)
"Nero BackItUp Scheduler 3"=2 (0x2)
"CCALib8"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"AcrSch2Svc"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"s:\\!softwarelibrary\\bitcomet\\BitComet.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINNT\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\Sprite Software\\Sprite Backup\\SpriteService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"d:\program files\Microsoft ActiveSync\rapimgr.exe"= d:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"d:\program files\Microsoft ActiveSync\wcescomm.exe"= d:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"d:\program files\Microsoft ActiveSync\WCESMgr.exe"= d:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\WINNT\\system32\\PnkBstrA.exe"=
"c:\\WINNT\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\River Past\\Video Cleaner Pro\\VideoCleaner.exe"=
"d:\\Program Files\\America's Army Deploy Client\\AADeployClient.exe"=
"d:\\Program Files\\America's Army\\System\\ArmyOps.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"9420:TCP"= 9420:TCP:Red Swoosh
"5000:UDP"= 5000:UDP:Red Swoosh
"19911:TCP"= 19911:TCP:BitComet 19911 TCP
"19911:UDP"= 19911:UDP:BitComet 19911 UDP
"9978:TCP"= 9978:TCP:BitComet 9978 TCP
"9978:UDP"= 9978:UDP:BitComet 9978 UDP
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 iteraid;ITERAID_Service_Install;c:\winnt\system32\drivers\iteraid.sys [11/23/2005 11:42 AM 21851]
R0 PCTCore;PCTools KDS;c:\winnt\system32\drivers\PCTCore.sys [5/4/2009 11:55 AM 130936]
R0 SymEFA;Symantec Extended File Attributes;c:\winnt\system32\drivers\NIS\1005000.087\SymEFA.sys [5/7/2009 12:48 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\winnt\system32\drivers\NIS\1005000.087\BHDrvx86.sys [5/7/2009 12:48 PM 258608]
R1 ccHP;Symantec Hash Provider;c:\winnt\system32\drivers\NIS\1005000.087\cchpx86.sys [5/7/2009 12:48 PM 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090508.002\IDSXpx86.sys [5/8/2009 3:22 PM 276344]
R2 BCMNTIO;BCMNTIO;d:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [12/19/2005 7:33 PM 3744]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [5/7/2009 12:48 PM 115560]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\winnt\system32\drivers\COMMONFX.sys [6/27/2008 8:21 PM 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\winnt\system32\drivers\CTAUDFX.sys [6/27/2008 8:21 PM 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\winnt\system32\drivers\CTSBLFX.sys [6/27/2008 8:21 PM 566296]
R3 dfmirage;dfmirage;c:\winnt\system32\drivers\dfmirage.sys [4/15/2008 6:49 AM 31896]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/7/2009 1:09 PM 101936]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\winnt\system32\drivers\RTL8187.sys [1/11/2007 7:20 PM 194304]
S2 gupdate1c9bbef516989fe;Google Update Service (gupdate1c9bbef516989fe);c:\program files\Google\Update\GoogleUpdate.exe [4/12/2009 11:21 PM 133104]
S2 NTFILERW;NTFILERW;\??\c:\winnt\System32\Drivers\NTFILERW.SYS --> c:\winnt\System32\Drivers\NTFILERW.SYS [?]
S2 RDMPLocalService;RDM+ Local Service;"c:\program files\RDM+\rdmpserv.exe" --> c:\program files\RDM+\rdmpserv.exe [?]
S3 autorun;autorun;\??\c:\huadio.tmp --> c:\huadio.tmp [?]
S3 BW2NDIS5;BW2NDIS5;c:\winnt\system32\Drivers\BW2NDIS5.sys --> c:\winnt\system32\Drivers\BW2NDIS5.sys [?]
S3 COMMONFX;COMMONFX;c:\winnt\system32\drivers\COMMONFX.sys [6/27/2008 8:21 PM 99352]
S3 CTAUDFX;CTAUDFX;c:\winnt\system32\drivers\CTAUDFX.sys [6/27/2008 8:21 PM 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\winnt\system32\drivers\CTERFXFX.sys [6/27/2008 8:21 PM 100888]
S3 CTERFXFX;CTERFXFX;c:\winnt\system32\drivers\CTERFXFX.sys [6/27/2008 8:21 PM 100888]
S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\winnt\system32\drivers\ctlsb16.sys [5/14/2007 4:21 PM 96256]
S3 CTSBLFX;CTSBLFX;c:\winnt\system32\drivers\CTSBLFX.sys [6/27/2008 8:21 PM 566296]
S3 CyberPatrol UpdateService;CyberPatrol UpdateService;c:\program files\CyberPatrol LLC\CyberPatrol\UpdateService.exe [3/27/2009 5:31 PM 144704]
S3 mgau;mgau;c:\winnt\system32\drivers\mgaum.sys [7/19/2006 6:48 PM 320384]
S3 pcx2nd5;Toshiba PCX2000 USB Cable Modem networking driver (NDIS);c:\winnt\system32\drivers\pcx2nd5.sys [1/23/2007 7:20 PM 17648]
S3 pcx2unic;Toshiba PCX2000 USB Cable Modem WDM driver;c:\winnt\system32\drivers\pcx2unic.sys [1/23/2007 7:20 PM 69456]
S3 pnetmdm;PdaNet Modem;c:\winnt\system32\drivers\pnetmdm.sys [1/12/2006 3:04 PM 9472]
S3 PortTalk;PortTalk;c:\winnt\system32\drivers\PortTalk.sys [6/5/2006 7:37 PM 3567]
S3 SaiH0255;SaiH0255;c:\winnt\system32\drivers\SaiH0255.sys [5/23/2006 9:57 PM 121984]
S3 sdAuxService;PC Tools Auxiliary Service;d:\program files\Spyware Doctor\pctsAuxs.exe [5/4/2009 11:55 AM 348752]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\y:\ntglm7x.sys --> y:\NTGLM7X.sys [?]
S3 viz2000;Visioneer USB Kernel V2.0;c:\winnt\system32\drivers\usbscan.sys [10/12/2008 5:01 PM 15104]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [9/24/2008 10:49 PM 24652]
S4 Virtual Server;Virtual Server;c:\program files\Microsoft Virtual Server\vssrvc.exe [7/23/2004 7:58 PM 2983288]
S4 vmh;Virtual Machine Helper;c:\program files\Microsoft Virtual Server\vmh.exe [7/23/2004 7:47 PM 137984]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\L]
\Shell\AutoRun\command - l:\.\Bin\Assetup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{4fe6b294-1621-11db-bc85-000fea353c5e}]
\Shell\AutoRun\command - L:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder
2009-05-09 c:\winnt\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
2009-05-11 c:\winnt\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-26 04:19]
2009-05-11 c:\winnt\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-13 04:20]
2007-10-03 c:\winnt\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- n:\spybot - search & destroy\SpybotSD.exe [2004-05-12 06:04]
.
.
chrisboc's Avatar
chrisboc chrisboc is offline
Junior Member with 17 posts.
THREAD STARTER
 
Join Date: May 2009
Experience: Intermediate
10-May-2009, 09:49 PM #7
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: Convert link target to Adobe PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - d:\program files\Billionton\Bluetooth Software\btsendto_ie_ctx.htm
LSP: c:\winnt\system32\cplsp.dll
Trusted Zone: cingular.com\www.myaccount
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
DPF: {6ABE4BC3-7253-418E-85E8-F334A73154D3} - hxxp://www.smart-clip.com/activex/SmartClip.cab
DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxps://mail03.mygulfstream.com/dwa8W.cab
DPF: {F53270D3-0E32-48B7-B63B-159E33210F70} - hxxps://km.mygulfstream.com/llnksupport/webexp/lledit.cab
FF - ProfilePath - c:\documents and settings\CC\Application Data\Mozilla\Firefox\Profiles\9ehoe3sv.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-10 20:19
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
GuideMenu = c:\program files\Corel\Corel GuideMenu\GuideMenu.exe -hide??x??????mP???????X???????????????\???????????????????????Y????N??????? ???[?????+x????????????????????????W???`???????????????????????????S?????>????? ????????????????????/?????+x????????????0??????????
CTHelper = CTHELPER.EXE?
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.5.0.135\diMaster.dll\" /prefetch:1"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\autorun]
"ImagePath"="\??\c:\huadio.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1417001333-1336601894-839522115-1000\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1417001333-1336601894-839522115-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:35,a3,bc,98,85,19,39,9c,12,51,50,3a,2c,b3,8f,a1,ed,cc,7b,10,49,90, 42,
ef,5c,8b,92,63,60,85,21,08,d6,f3,96,17,42,47,87,65,ef,44,31,81,6e,e8,84,73, \
"??"=hex:c5,e7,c1,65,0d,c8,31,19,27,1d,8a,43,4a,0f,e3,ed
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINNT\\System32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,37,f7,a0,ba, 8e,
94,53,87,c8,28,51,af,b0,29,a3,98,f6,30,24,0c,5b,34,2d,54,e2,63,26,f1,3f,c8, \
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINNT\\System32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,2e,ab,34,d1, 51,
eb,cb,75,71,3b,04,66,8b,46,0d,96,84,93,d5,40,10,a4,e2,f2,6a,9c,d6,61,af,45, \
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINNT\\System32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,ce,96,c6,22, ad,
82,7c,cb,25,da,ec,7e,55,20,c9,26,40,f3,0d,53,ca,26,e9,cb,ff,7c,85,e0,43,d4, \
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINNT\\System32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,0d,21,c9,92, 5f,
57,14,b3,3e,1e,9e,e0,57,5a,93,61,5b,a6,0e,70,1b,cc,b6,0b,86,8c,21,01,be,91, \
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINNT\\System32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,9c,18,50,80, c9,
cf,9f,c1,cd,44,cd,b9,a6,33,6c,cd,31,a4,11,0f,d7,d4,b1,e3,f5,1d,4d,73,a8,13, \
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINNT\\System32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,c3,68,3f,e9, a5,
58,fc,29,b0,18,ed,a7,3f,8d,37,a4,d3,9d,f8,29,4c,d2,84,61,df,20,58,62,78,6b, \
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINNT\\System32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,a8,18,9a,0a, 05,
83,47,06,31,77,e1,ba,b1,f8,68,02,96,8e,62,bf,ad,a0,ec,cb,fb,a7,78,e6,12,2f, \
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINNT\\System32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,e2,61,db,16, 01,
64,33,7b,83,6c,56,8b,a0,85,96,ab,d6,5e,20,2a,00,1b,67,65,01,3a,48,fc,e8,04, \
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINNT\\System32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,a9,a7,11,22, 36,
15,39,66,51,fa,6e,91,28,9e,14,cc,73,bd,82,8e,36,d7,46,f6,f6,0f,4e,58,98,5b, \
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINNT\\System32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,6c,8d,a5,6d, 9f,
62,2c,f9,b1,cd,45,5a,a8,c4,f8,b9,ba,56,cc,2b,8a,52,8c,88,3d,ce,ea,26,2d,45, \
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINNT\\System32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,7d,77,bc,80, 1c,
e5,73,ce,e3,0e,66,d5,eb,bc,2f,6b,43,28,43,9b,7b,f9,dd,65,2a,b7,cc,b5,b9,7f, \
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINNT\\System32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,8e,53,dd,18, 93,
99,f7,4e,fa,ea,66,7f,d4,3b,6b,70,a5,c7,af,03,55,92,56,20,6c,43,2d,1e,aa,22, \
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG06.00.00.01WORKSTATION"="800682321E698C33013C144E8573D1509A792389D 5406787526A8942B51AAE67632038A0BA1091F6F2027CC56384CFC854FDD9C5A20BDE5DD892 E9757B9DD7DCB52CDC0727987695F2C57676D59026566FE8A94373EC2490F471BF03865C28C 75728093695922860A92B2BFC27DDA4AA7FA5720C4B80874DC05638FEB06691F40C6D5D7157 23DADE23B0CC6BC3455FA77AF4139FCE739E733DE606F7FADE4BDF7AA47B70668106FEBC9E1 27BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFE BC9E127BECC74C8EDD5E5BE2F6E667A6A0AC4980AC79339DB7CE019D40AA5CFEBC9E127BECC 74C3595F99AFE27EA720B880129042AD2FAF7500ACADC95A00619DE6220007857F95A8CB77C 63340E59E6B9B01AD3EA2E7EF480D5DCAA788268D4F746AFC27D9A1F570745684576FB9B01C 58F3DCC6B1CC890F105CBC9A83A95D2EF1FAEC506F88CC5DABEA7E8454F070EADBD4FDD7CCE 6BBCEE5D65788DADFAE177F81BB534A93071C29586069B39AC7852B38EEB118A3821217A76E 535554F8723B3752F4D7CC15C5C0E5745997A63DD7D383C4E42A645971B4B55B8514088786E 024144BB543A39AA407148006CC60FD76B2050CA0E6F2E4F13D708340D6322B6ED07FB8D26D 6F21499AB2137793291F3BC04338A44D52818E7D9E2D971E0253BD0D44F757C9624625B6655 C8A1CA20C2F4B72B065C5A7C30B3BBC85CB845D2A2DB3BAD47F6C11DC49A8062657773271D2 B8D5FE5FC25D339B7E0AFFE3F1733F511CDF6FE465FE24D3F62365FA15948BDCEDB6BF364A0 0FB784B080A5F42402234BA582B831BD2F7306F3332D5C6959C4217D6122E1FC3F13819718D 860FAAFFB33601BB792EC6D8F7FA2316877D4E2B43850C382D82C2B186804C7461B715EB44B 9DFCE0D6423DE111617A52D413A4F47D370A4F44E6CC77CA6AD3BDD09EE5E765015B3F03587 50B73A5CF4DEBDE0E512E9A22E22E27544588C2753545DED2912935DB00AB0B9C93B3E7625F C934C579DC636A3D372C23F95A87D9454B526394946619F4FAFAEF633127D9348B5724006F8 0B7829479CFF1C9B823AA4DDE8BB57444A093308EE04B2364D01B654EB75D1F64D0790ED5A4 6D37DAE446C829F39DEF8474F61C6E92FC102557851F6042EB7A07F31000CCA092D375299C4 F9F76DAFBDE8A5CA6885D0ED574EF0B939FB86C62614F5559ACF666A6136BD785F223DE6511 4CA6490CCE7925DD1166B05BC5808D72887D200A0CD78AC41E4424953DFDCA5B195A126F279 D8174A6F77BAB44B1843EB65F6C3BFB372F1DA652F8C03D72A202432124ECDABC46CC8F400C 69C7E82649E477E95B96B71634DB1865F0CD5932CC0F4AB580937D1E809D688B339577A2211 46559C8DAF297260D4C5F65CF34968AB7460F69ABE98AAF1A3939EAA7"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(2028)
c:\program files\RDM+\notify.dll
- - - - - - - > 'lsass.exe'(484)
c:\winnt\system32\relog_ap.dll
- - - - - - - > 'explorer.exe'(1284)
c:\winnt\system32\nview.dll
d:\program files\SetPoint\lgscroll.dll
c:\winnt\system32\mshtml.dll
c:\winnt\IME\SPGRMR.DLL
c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
c:\winnt\system32\WPDShServiceObj.dll
c:\winnt\system32\PortableDeviceTypes.dll
c:\winnt\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\winnt\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll
n:\spybot~1\SDHelper.dll
d:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\winnt\system32\nvwddi.dll
c:\program files\Avi2Dvd\Programs\Filters\Haali media splitter\mmfinfo.dll
c:\program files\Avi2Dvd\Programs\Filters\Haali media splitter\mkunicode.dll
c:\program files\Audible\Bin\AudibleExt.dll
c:\program files\Common Files\Nero\Lib\NeroDigitalExt.dll
c:\winnt\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL
c:\winnt\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCP80.dll
d:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
.
Completion time: 2009-05-11 20:24
ComboFix-quarantined-files.txt 2009-05-11 01:24
ComboFix2.txt 2009-05-11 01:11
Pre-Run: 19,903,610,880 bytes free
Post-Run: 19,885,711,360 bytes free
Current=2 Default=2 Failed=1 LastKnownGood=5 Sets=1,2,3,4,5
474 --- E O F --- 2009-04-29 08:01
chrisboc's Avatar
chrisboc chrisboc is offline
Junior Member with 17 posts.
THREAD STARTER
 
Join Date: May 2009
Experience: Intermediate
10-May-2009, 09:49 PM #8
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:47:10 PM, on 5/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Billionton\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\HPZipm12.exe
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
D:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\WINNT\system32\rundll32.exe
D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Corel\Corel GuideMenu\GuideMenu.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\CyberPatrol LLC\CyberPatrol\cphq.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\CyberPatrol LLC\CyberPatrol\cpserver.exe
C:\WINNT\system32\rundll92.exe
C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
D:\Program Files\SetPoint\SetPoint.exe
C:\Program Files\CyberPatrol LLC\CyberPatrol\cpACtrl.exe
C:\Program Files\CyberPatrol LLC\CyberPatrol\cpCCtrl.exe
C:\Program Files\CyberPatrol LLC\CyberPatrol\cpkbinst.exe
D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINNT\explorer.exe
D:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
D:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - N:\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O4 - HKLM\..\Run: [DWZCABoot] C:\WINNT\System32\DZCABoot.exe
O4 - HKLM\..\Run: [DWZKillMe] C:\WINNT\DZSAVEME.EXE
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\PPE.EXE
O4 - HKLM\..\Run: [DWPersistentQueuedReporting] C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE -a
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [WinSys2] C:\WINNT\system32\winsys2.exe
O4 - HKLM\..\Run: [GuideMenu] C:\Program Files\Corel\Corel GuideMenu\GuideMenu.exe -hide
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [CyberPatrolNew] "C:\Program Files\CyberPatrol LLC\CyberPatrol\cphq.exe" /m
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UpdatePDRShortCut] "d:\Program Files\CyberLink\PowerDirector\PowerDirector\MUITransfer\MUIStartMenu.exe" "d:\Program Files\CyberLink\PowerDirector\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [Hotfix-KB5504305] C:\WINNT\system32\rundll92.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [NVIDIA Performance Examiner] C:\WINNT\system32\nvCplUI.exe /page:{"0832D71B-1429-4747-8D59-B4B784798112"}
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Hotfix-KB5504305] C:\WINNT\system32\rundll92.exe
O4 - HKCU\..\Run: [NortonUtilities] C:\Program Files\Norton Utilities 14\nu.exe /S
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunServices: [Hotfix-KB5504305] C:\WINNT\system32\rundll92.exe
O4 - HKCU\..\RunOnce: [] C:\Program Files\Internet Explorer\iexplore.exe http://www.symantec.com/techsupp/ser...000e6.0000026f
O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-1004\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Kids')
O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-1004\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Kids')
O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-1004\..\Run: [Microsoft Works Update Detection] ???\WkDetect.exe (User 'Kids')
O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-1004\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe (User 'Kids')
O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-1004\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (User 'Kids')
O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-1004\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe" (User 'Kids')
O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-1004\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'Kids')
O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-1005\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'CPC')
O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-1012\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe (User 'Georgette')
O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-1013\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe (User 'Caitlin')
O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-1014\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe (User 'Austin')
O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-501\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Guest')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - S-1-5-21-1417001333-1336601894-839522115-1005 User Startup: Launch Microsoft Office Outlook (2).lnk = D:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE (User 'CPC')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: ASUS WiFi-AP Solo.lnk = C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: SetPoint.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - D:\Program Files\Billionton\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\Billionton\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\Billionton\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - N:\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - N:\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab53083.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10...y.cab53083.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://mail03.mygulfstream.com/iNotes6W.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {40F8967E-34A6-474A-837A-CEC1E7DAC54C} (QuickBooks Online Edition Utilities Class v9) - https://accounting.quickbooks.com/c4/v16.568/qboax9.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab53083.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1133845250247
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6ABE4BC3-7253-418E-85E8-F334A73154D3} (CSmartClient Object) - http://www.smart-clip.com/activex/SmartClip.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupda...01/CTSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1133846345904
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/soft...ch/alaunch.cab
O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} (Domino Web Access 8 Control) - https://mail03.mygulfstream.com/dwa8W.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames...e.cab53083.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab53083.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10...y.cab53852.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://northtexas.clio.medcity.net/...erSetupSP1.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://livenj04.rightnowtech.com/751.../java/RntX.cab
O16 - DPF: {F53270D3-0E32-48B7-B63B-159E33210F70} (Livelink Edit Control) - https://km.mygulfstream.com/llnksupp...exp/lledit.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupda...5106/CTPID.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: RDM+ - C:\Program Files\RDM+\notify.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Asset Management Daemon - Unknown owner - C:\Program Files\Portrait Displays\PerfectSuite\dtsslsrv.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Program Files\Billionton\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: CyberPatrol UpdateService - CyberPatrol LLC - C:\Program Files\CyberPatrol LLC\CyberPatrol\UpdateService.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate1c9bbef516989fe) (gupdate1c9bbef516989fe) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
O23 - Service: RDM+ Local Service (RDMPLocalService) - Unknown owner - C:\Program Files\RDM+\rdmpserv.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - d:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - d:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
--
End of file - 22190 bytes
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,352 posts.
 
Join Date: Aug 2003
12-May-2009, 04:50 PM #9
Open Notepad and copy and paste the text in the code box below into it:

Code:
http://forums.techguy.org/malware-removal-hijackthis-logs/825976-windows-no-disk.html#post6688339

Collect::
c:\winnt\system32\rundll92.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Hotfix-KB5504305"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"<NO NAME>"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Hotfix-KB5504305"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Hotfix-KB5504305"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Hotfix-KB5504305"=-
Save the file to your desktop and name it CFScript.txt

Refering to the picture below, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.




This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.
chrisboc's Avatar
chrisboc chrisboc is offline
Junior Member with 17 posts.
THREAD STARTER
 
Join Date: May 2009
Experience: Intermediate
14-May-2009, 12:25 AM #10
ComboFix 09-05-09.05 - CC 05/13/2009 21:12.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.926 [GMT -5:00]
Running from: c:\documents and settings\CC\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\CC\Desktop\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated)
FW: Norton Internet Security *enabled*
file zipped: c:\winnt\system32\rundll92.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\winnt\system32\rundll92.exe
.
((((((((((((((((((((((((( Files Created from 2009-04-14 to 2009-05-14 )))))))))))))))))))))))))))))))
.
2009-05-13 22:14 . 2009-05-13 22:14 -------- dc----w c:\documents and settings\Austin\Local Settings\Application Data\Roblox
2009-05-13 22:14 . 2009-05-13 22:14 -------- dc----w c:\documents and settings\Austin\Local Settings\Application Data\RobloxDownloads
2009-05-13 22:14 . 2009-05-13 22:14 -------- dc----w c:\documents and settings\Austin\Local Settings\Application Data\RobloxVersions
2009-05-11 15:07 . 2007-10-05 21:53 56868 ----a-w C:\AWDFLASH.EXE
2009-05-10 19:31 . 2009-05-10 19:31 -------- d-----w c:\program files\Evolve Reach RN
2009-05-10 17:26 . 2009-05-10 17:26 -------- d-----w c:\program files\Trend Micro
2009-05-08 22:39 . 2009-05-08 22:39 -------- d-----w c:\documents and settings\Kids.BIGDADDY\Local Settings\Application Data\Symantec
2009-05-07 23:28 . 2009-05-07 23:28 -------- dc----w c:\documents and settings\Caitlin\Local Settings\Application Data\Symantec
2009-05-07 18:14 . 2009-05-07 18:14 -------- d---a-w c:\program files\Norton Support
2009-05-07 18:14 . 2009-05-07 18:14 -------- d-----w c:\documents and settings\CC\Local Settings\Application Data\Symantec
2009-05-07 18:06 . 2009-05-07 18:06 -------- dc----w c:\documents and settings\CC\Application Data\Norton Utilities 14
2009-05-07 17:48 . 2009-05-07 17:48 36400 ----a-r c:\winnt\system32\drivers\SymIM.sys
2009-05-07 17:48 . 2009-05-07 17:48 60808 ----a-w c:\winnt\system32\S32EVNT1.DLL
2009-05-07 17:48 . 2009-05-07 17:48 124464 ----a-w c:\winnt\system32\drivers\SYMEVENT.SYS
2009-05-07 17:47 . 2009-05-07 17:47 -------- d-----w c:\winnt\system32\drivers\NIS
2009-05-07 17:47 . 2009-05-07 17:47 -------- d-----w c:\program files\Norton Internet Security
2009-05-07 17:47 . 2009-05-07 17:47 -------- d-----w c:\program files\Windows Sidebar
2009-05-07 17:25 . 2009-05-11 01:15 -------- d-----w c:\program files\Norton Utilities 14
2009-05-07 17:23 . 2009-05-07 17:23 -------- dc----w c:\documents and settings\All Users\Application Data\PCSettings
2009-05-07 17:21 . 2009-05-07 17:21 -------- dc----w c:\documents and settings\All Users\Application Data\Norton
2009-05-07 17:21 . 2009-05-07 17:21 -------- d-----w c:\program files\NortonInstaller
2009-05-07 17:00 . 2009-05-07 17:48 -------- d-----w c:\program files\Symantec
2009-05-07 17:00 . 2009-05-08 00:05 -------- dc----w c:\documents and settings\All Users\Application Data\Symantec
2009-05-07 16:38 . 2009-05-07 16:38 -------- dc----w c:\documents and settings\CC\Application Data\TrojanHunter
2009-05-07 05:56 . 2009-05-07 22:06 -------- d-----w c:\program files\TrojanHunter 5.1
2009-05-07 05:14 . 2009-05-07 17:46 -------- dc----w c:\documents and settings\All Users\Application Data\NortonInstaller
2009-05-04 16:55 . 2008-12-11 13:38 159600 ----a-w c:\winnt\system32\drivers\pctgntdi.sys
2009-05-04 16:55 . 2008-12-18 17:16 73840 ----a-w c:\winnt\system32\drivers\PCTAppEvent.sys
2009-05-04 16:55 . 2009-04-03 16:18 130936 ----a-w c:\winnt\system32\drivers\PCTCore.sys
2009-05-04 16:55 . 2009-05-04 16:55 -------- d-----w c:\program files\Common Files\PC Tools
2009-05-04 16:55 . 2008-12-10 16:36 64392 ----a-w c:\winnt\system32\drivers\pctplsg.sys
2009-05-04 16:55 . 2009-05-04 16:55 -------- dc----w c:\documents and settings\CC\Application Data\PC Tools
2009-05-04 16:55 . 2009-05-04 16:55 -------- dc----w c:\documents and settings\All Users\Application Data\PC Tools
2009-04-26 03:12 . 2009-04-26 03:12 -------- dc----w c:\documents and settings\All Users\Application Data\SmartSound Software Inc
2009-04-26 03:12 . 2009-04-26 03:12 -------- d-----w c:\program files\SmartSound Software
2009-04-26 03:11 . 2009-04-26 03:11 -------- d-----w c:\program files\Cyberlink
2009-04-24 15:17 . 2009-04-24 15:17 -------- d-----w c:\program files\iPod
2009-04-24 15:17 . 2009-04-24 15:17 -------- d-----w c:\program files\iTunes
2009-04-24 14:07 . 2009-04-24 14:07 -------- dc----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-20 15:49 . 2009-04-20 17:18 -------- d-----w c:\winnt\system32\oodag
2009-04-16 16:49 . 2009-03-06 14:22 284160 -c----w c:\winnt\system32\dllcache\pdh.dll
2009-04-16 16:49 . 2009-02-09 12:10 401408 -c----w c:\winnt\system32\dllcache\rpcss.dll
2009-04-16 16:49 . 2009-02-06 11:11 110592 -c----w c:\winnt\system32\dllcache\services.exe
2009-04-16 16:49 . 2009-02-09 12:10 473600 -c----w c:\winnt\system32\dllcache\fastprox.dll
2009-04-16 16:49 . 2009-02-06 10:10 227840 -c----w c:\winnt\system32\dllcache\wmiprvse.exe
2009-04-16 16:49 . 2009-02-09 12:10 453120 -c----w c:\winnt\system32\dllcache\wmiprvsd.dll
2009-04-16 16:49 . 2009-02-09 12:10 729088 -c----w c:\winnt\system32\dllcache\lsasrv.dll
2009-04-16 16:49 . 2009-02-09 12:10 617472 -c----w c:\winnt\system32\dllcache\advapi32.dll
2009-04-16 16:49 . 2009-02-09 12:10 714752 -c----w c:\winnt\system32\dllcache\ntdll.dll
2009-04-16 16:48 . 2008-05-03 11:55 2560 ------w c:\winnt\system32\xpsp4res.dll
2009-04-16 16:48 . 2008-04-21 12:08 215552 -c----w c:\winnt\system32\dllcache\wordpad.exe
2009-04-16 02:37 . 2009-04-16 02:37 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Google
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-13 21:57 . 2009-01-03 19:15 34 -c--a-w c:\documents and settings\Austin\jagex_runescape_preferences.dat
2009-05-08 19:40 . 2008-01-12 19:12 4232 --sha-w c:\winnt\system32\KGyGaAvL.sys
2009-05-07 18:10 . 2005-11-23 16:45 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-07 17:48 . 2009-05-07 17:48 805 ----a-w c:\winnt\system32\drivers\SYMEVENT.INF
2009-05-07 17:48 . 2009-05-07 17:48 7386 ----a-w c:\winnt\system32\drivers\SYMEVENT.CAT
2009-05-07 05:07 . 2006-06-09 19:23 -------- d-----w c:\program files\LiveUpdate
2009-05-04 16:35 . 2008-02-09 01:26 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-01 15:32 . 2009-01-12 16:11 -------- d-----w c:\program files\RDM+
2009-04-29 00:21 . 2009-01-19 15:04 664 -c--a-w c:\documents and settings\Caitlin\Local Settings\Application Data\d3d9caps.tmp
2009-04-27 22:06 . 2008-12-31 21:00 124112 -c--a-w c:\documents and settings\Caitlin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-26 03:13 . 2005-11-28 14:26 124112 ----a-w c:\documents and settings\CC\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-26 03:12 . 2005-11-23 16:40 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-26 02:27 . 2008-01-12 19:08 -------- d-----w c:\program files\Canon
2009-04-26 02:24 . 2008-01-12 19:06 -------- d-----w c:\program files\Common Files\Canon
2009-04-24 15:17 . 2007-10-31 20:35 -------- d-----w c:\program files\Common Files\Apple
2009-04-16 20:47 . 2007-11-12 02:18 66872 ----a-w c:\winnt\system32\PnkBstrA.exe
2009-04-13 04:22 . 2005-11-25 02:27 -------- d-----w c:\program files\Google
2009-04-06 02:08 . 2008-04-02 18:09 -------- d-----w c:\program files\Safari
2009-03-28 23:10 . 2009-02-27 16:09 34 -c--a-w c:\documents and settings\Caitlin\jagex_runescape_preferences.dat
2009-03-27 22:31 . 2009-03-27 22:31 -------- d-----w c:\program files\CyberPatrol LLC
2009-03-20 19:21 . 2008-10-12 23:21 34 ----a-w c:\documents and settings\Kids.BIGDADDY\jagex_runescape_preferences.dat
2009-03-19 21:32 . 2008-01-29 17:01 23400 ----a-w c:\winnt\system32\drivers\GEARAspiWDM.sys
2009-03-06 14:22 . 2008-10-12 22:02 284160 ----a-w c:\winnt\system32\pdh.dll
2009-03-06 04:59 . 2009-04-06 02:12 1900544 ----a-w c:\winnt\system32\usbaaplrc.dll
2009-03-06 04:59 . 2007-10-31 20:35 36864 ----a-w c:\winnt\system32\drivers\usbaapl.sys
2009-03-03 00:18 . 2005-12-06 06:18 826368 ----a-w c:\winnt\system32\wininet.dll
2009-02-28 16:39 . 2009-02-28 16:39 165888 ----a-w c:\winnt\Video Cleaner Pro Uninstaller.exe
2009-02-21 15:46 . 2006-08-22 01:32 80477 ----a-w c:\winnt\HPHins08.dat
2009-02-20 18:09 . 2008-10-12 22:02 78336 ----a-w c:\winnt\system32\ieencode.dll
2007-04-25 08:49 . 2008-01-12 18:58 328 -c----w c:\program files\GuideMenuSetup.iss
2007-04-06 03:28 . 2008-01-12 19:00 1237 -c----w c:\program files\WinDVDSetup.iss
2005-11-23 03:40 . 2005-11-23 03:40 271 -csh--w c:\program files\desktop.ini
2005-11-23 03:40 . 2005-11-23 03:40 21952 -c-ha-w c:\program files\folder.htt
2002-07-26 23:02 . 2005-12-06 05:00 153088 -c--a-w c:\program files\UNWISE.EXE
2008-06-24 17:49 . 2006-05-26 01:55 67696 -c--a-w c:\program files\mozilla firefox\components\jar50.dll
2008-06-24 17:49 . 2006-05-26 01:55 54376 -c--a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-06-24 17:49 . 2008-02-10 00:00 34952 -c--a-w c:\program files\mozilla firefox\components\myspell.dll
2008-06-24 17:49 . 2008-02-10 00:00 46720 -c--a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-06-24 17:49 . 2006-05-26 01:55 172144 -c--a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-01-12 19:12 . 2008-01-12 19:12 8 --sh--r c:\winnt\system32\F087802693.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-05-11_01.04.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-12 22:58 . 2009-05-12 22:54 32768 c:\winnt\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2009-05-11 17:32 . 2009-05-11 17:32 16384 c:\winnt\Temp\Perflib_Perfdata_a4c.dat
+ 2009-05-14 02:20 . 2009-05-14 02:20 16384 c:\winnt\Temp\Perflib_Perfdata_734.dat
+ 2009-05-12 22:58 . 2009-05-12 22:54 16384 c:\winnt\Temp\History\History.IE5\index.dat
+ 2009-05-12 22:58 . 2009-05-12 22:54 16384 c:\winnt\Temp\Cookies\index.dat
- 1999-12-07 06:00 . 2009-05-10 17:11 68988 c:\winnt\system32\perfc009.dat
+ 1999-12-07 06:00 . 2009-05-11 17:35 68988 c:\winnt\system32\perfc009.dat
+ 2005-11-23 05:23 . 2009-05-14 01:30 32768 c:\winnt\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-11-23 05:23 . 2009-05-09 01:00 32768 c:\winnt\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-11-23 05:23 . 2009-05-14 01:30 16384 c:\winnt\system32\config\systemprofile\Cookies\index.dat
- 2005-11-23 05:23 . 2009-05-09 01:00 16384 c:\winnt\system32\config\systemprofile\Cookies\index.dat
+ 1999-12-07 06:00 . 2009-05-11 17:35 422894 c:\winnt\system32\perfh009.dat
- 1999-12-07 06:00 . 2009-05-10 17:11 422894 c:\winnt\system32\perfh009.dat
+ 2009-03-12 04:16 . 2009-03-12 04:16 689536 c:\winnt\Downloaded Program Files\Manager.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\winnt\system32\ctfmon.exe" [2008-04-14 15360]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-05 81920]
"NVIDIA Performance Examiner"="c:\winnt\system32\nvCplUI.exe" [2008-10-07 797216]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2007-08-29 1347584]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"NortonUtilities"="c:\program files\Norton Utilities 14\nu.exe" [2009-01-27 3831144]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-22 68856]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"<NO NAME>"="c:\program files\Internet Explorer\iexplore.exe" [2009-02-28 636072]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWZCABoot"="c:\winnt\System32\DZCABoot.exe" [2005-04-13 110592]
"DWZKillMe"="c:\winnt\DZSAVEME.EXE" [2001-07-25 20480]
"USBToolTip"="c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2004-04-23 192512]
"Profiler"="c:\program files\Saitek\Software\Profiler.exe" [2004-10-20 159744]
"SaiSmart"="c:\program files\Saitek\Software\SaiSmart.exe" [2004-10-20 98304]
"SaiMfd"="c:\program files\Saitek\Software\SaiMfd.exe" [2004-10-20 135168]
"TrueImageMonitor.exe"="d:\program files\Acronis\TrueImage\TrueImageMonitor.exe" [2005-12-27 988736]
"OSSelectorReinstall"="c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2006-04-12 1261475]
"NvCplDaemon"="c:\winnt\system32\NvCpl.dll" [2008-10-07 13574144]
"PCLEPCI"="c:\progra~1\Pinnacle\PPE\PPE.EXE" [2004-02-03 49152]
"DWPersistentQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EX E" [2007-02-26 437160]
"Acrobat Assistant 7.0"="d:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-13 483328]
"SetDefPrt"="c:\program files\Brother\Brmfl04g\BrStDvPt.exe" [2004-11-11 49152]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2004-11-12 864256]
"WinSys2"="c:\winnt\system32\winsys2.exe" [2006-04-29 208896]
"GuideMenu"="c:\program files\Corel\Corel GuideMenu\GuideMenu.exe" [2007-08-07 1282048]
"NvMediaCenter"="c:\winnt\system32\NvMcTray.dll" [2008-10-07 86016]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472]
"CyberPatrolNew"="c:\program files\CyberPatrol LLC\CyberPatrol\cphq.exe" [2008-12-19 1975552]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"UpdatePDRShortCut"="d:\program files\CyberLink\PowerDirector\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\winnt\system32\bthprops.cpl [2008-04-14 110592]
"nwiz"="nwiz.exe" - c:\winnt\system32\nwiz.exe [2008-10-07 1630208]
"SoundMan"="SOUNDMAN.EXE" - c:\winnt\SOUNDMAN.EXE [2005-06-21 77824]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\winnt\KHALMNPR.Exe [2005-12-20 28160]
"CTHelper"="CTHELPER.EXE" - c:\winnt\system32\CtHelper.exe [2008-06-27 19456]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2008-04-14 214528]
"tscuninstall"="c:\winnt\system32\tscupgrd.exe" [2004-08-04 44544]
"SetDefaultMIDI"="MIDIDEF.EXE" - c:\winnt\system32\MIDIDEF.EXE [2008-06-27 28672]
c:\documents and settings\CPC\Start Menu\Programs\Startup\
Launch Microsoft Office Outlook (2).lnk - d:\program files\Microsoft Office\OFFICE11\OUTLOOK.EXE [2008-4-23 199688]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\winnt\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-2-28 25214]
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2008-1-15 221247]
ASUS WiFi-AP Solo.lnk - c:\program files\ASUS WiFi-AP Solo\RtWLan.exe [2007-11-26 995328]
BTTray.lnk - d:\program files\Billionton\Bluetooth Software\BTTray.exe [2004-11-29 569405]
HP Digital Imaging Monitor.lnk - d:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-11-16 67128]
SetPoint.lnk - d:\program files\SetPoint\SetPoint.exe [2007-5-4 532480]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explor er]
"NoRecentDocs Menu"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\RDM+]
2008-04-13 11:43 61440 ----a-w c:\program files\RDM+\notify.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"aux"= mmdrv.dll
"wave5"= serwvdrv.dll
"wave"= serwvdrv.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0oodbs
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA .sys]
@="FSFilter Activity Monitor"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf010 00.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Audible Download Manager.lnk]
backup=c:\winnt\pss\Audible Download Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
backup=c:\winnt\pss\Microsoft Works Calendar Reminders.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=c:\winnt\pss\QuickBooks Update Agent.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SATARAID5.lnk]
backup=c:\winnt\pss\SATARAID5.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^CC^Start Menu^Programs^Startup^PdaNet Desktop.lnk]
backup=c:\winnt\pss\PdaNet Desktop.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^CC^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
backup=c:\winnt\pss\Picture Motion Browser Media Check Tool.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^CC^Start Menu^Programs^Startup^YouTube Uploader.lnk]
backup=c:\winnt\pss\YouTube Uploader.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ZuneNetworkSvc"=3 (0x3)
"VMware NAT Service"=2 (0x2)
"vmount2"=2 (0x2)
"VMnetDHCP"=2 (0x2)
"vmh"=3 (0x3)
"VMAuthdService"=2 (0x2)
"Virtual Server"=2 (0x2)
"UleadBurningHelper"=2 (0x2)
"O&O Defrag"=2 (0x2)
"LiveUpdate Notice"=2 (0x2)
"LiveUpdate"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"RoxWatch9"=2 (0x2)
"RoxMediaDB9"=3 (0x3)
"iPod Service"=3 (0x3)
"DTSRVC"=2 (0x2)
"awhost32"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
"nTuneService"=2 (0x2)
"Nero BackItUp Scheduler 3"=2 (0x2)
"CCALib8"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"AcrSch2Svc"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"s:\\!softwarelibrary\\bitcomet\\BitComet.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINNT\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\Sprite Software\\Sprite Backup\\SpriteService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"d:\program files\Microsoft ActiveSync\rapimgr.exe"= d:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"d:\program files\Microsoft ActiveSync\wcescomm.exe"= d:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"d:\program files\Microsoft ActiveSync\WCESMgr.exe"= d:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\WINNT\\system32\\PnkBstrA.exe"=
"c:\\WINNT\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\River Past\\Video Cleaner Pro\\VideoCleaner.exe"=
"d:\\Program Files\\America's Army Deploy Client\\AADeployClient.exe"=
"d:\\Program Files\\America's Army\\System\\ArmyOps.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"9420:TCP"= 9420:TCP:Red Swoosh
"5000:UDP"= 5000:UDP:Red Swoosh
"19911:TCP"= 19911:TCP:BitComet 19911 TCP
"19911:UDP"= 19911:UDP:BitComet 19911 UDP
"9978:TCP"= 9978:TCP:BitComet 9978 TCP
"9978:UDP"= 9978:UDP:BitComet 9978 UDP
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 iteraid;ITERAID_Service_Install;c:\winnt\system32\drivers\iteraid.sys [11/23/2005 11:42 AM 21851]
R0 PCTCore;PCTools KDS;c:\winnt\system32\drivers\PCTCore.sys [5/4/2009 11:55 AM 130936]
R0 SymEFA;Symantec Extended File Attributes;c:\winnt\system32\drivers\NIS\1005000.087\SymEFA.sys [5/7/2009 12:48 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\winnt\system32\drivers\NIS\1005000.087\BHDrvx86.sys [5/7/2009 12:48 PM 258608]
R1 ccHP;Symantec Hash Provider;c:\winnt\system32\drivers\NIS\1005000.087\cchpx86.sys [5/7/2009 12:48 PM 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090508.002\IDSXpx86.sys [5/8/2009 3:22 PM 276344]
R2 BCMNTIO;BCMNTIO;d:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [12/19/2005 7:33 PM 3744]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [5/7/2009 12:48 PM 115560]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\winnt\system32\drivers\COMMONFX.sys [6/27/2008 8:21 PM 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\winnt\system32\drivers\CTAUDFX.sys [6/27/2008 8:21 PM 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\winnt\system32\drivers\CTSBLFX.sys [6/27/2008 8:21 PM 566296]
R3 dfmirage;dfmirage;c:\winnt\system32\drivers\dfmirage.sys [4/15/2008 6:49 AM 31896]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/7/2009 1:09 PM 101936]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\winnt\system32\drivers\RTL8187.sys [1/11/2007 7:20 PM 194304]
S2 gupdate1c9bbef516989fe;Google Update Service (gupdate1c9bbef516989fe);c:\program files\Google\Update\GoogleUpdate.exe [4/12/2009 11:21 PM 133104]
S2 NTFILERW;NTFILERW;\??\c:\winnt\System32\Drivers\NTFILERW.SYS --> c:\winnt\System32\Drivers\NTFILERW.SYS [?]
S2 RDMPLocalService;RDM+ Local Service;"c:\program files\RDM+\rdmpserv.exe" --> c:\program files\RDM+\rdmpserv.exe [?]
S3 autorun;autorun;\??\c:\huadio.tmp --> c:\huadio.tmp [?]
S3 BW2NDIS5;BW2NDIS5;c:\winnt\system32\Drivers\BW2NDIS5.sys --> c:\winnt\system32\Drivers\BW2NDIS5.sys [?]
S3 COMMONFX;COMMONFX;c:\winnt\system32\drivers\COMMONFX.sys [6/27/2008 8:21 PM 99352]
S3 CTAUDFX;CTAUDFX;c:\winnt\system32\drivers\CTAUDFX.sys [6/27/2008 8:21 PM 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\winnt\system32\drivers\CTERFXFX.sys [6/27/2008 8:21 PM 100888]
S3 CTERFXFX;CTERFXFX;c:\winnt\system32\drivers\CTERFXFX.sys [6/27/2008 8:21 PM 100888]
S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\winnt\system32\drivers\ctlsb16.sys [5/14/2007 4:21 PM 96256]
S3 CTSBLFX;CTSBLFX;c:\winnt\system32\drivers\CTSBLFX.sys [6/27/2008 8:21 PM 566296]
S3 CyberPatrol UpdateService;CyberPatrol UpdateService;c:\program files\CyberPatrol LLC\CyberPatrol\UpdateService.exe [3/27/2009 5:31 PM 144704]
S3 mgau;mgau;c:\winnt\system32\drivers\mgaum.sys [7/19/2006 6:48 PM 320384]
S3 pcx2nd5;Toshiba PCX2000 USB Cable Modem networking driver (NDIS);c:\winnt\system32\drivers\pcx2nd5.sys [1/23/2007 7:20 PM 17648]
S3 pcx2unic;Toshiba PCX2000 USB Cable Modem WDM driver;c:\winnt\system32\drivers\pcx2unic.sys [1/23/2007 7:20 PM 69456]
S3 pnetmdm;PdaNet Modem;c:\winnt\system32\drivers\pnetmdm.sys [1/12/2006 3:04 PM 9472]
S3 PortTalk;PortTalk;c:\winnt\system32\drivers\PortTalk.sys [6/5/2006 7:37 PM 3567]
S3 SaiH0255;SaiH0255;c:\winnt\system32\drivers\SaiH0255.sys [5/23/2006 9:57 PM 121984]
S3 sdAuxService;PC Tools Auxiliary Service;d:\program files\Spyware Doctor\pctsAuxs.exe [5/4/2009 11:55 AM 348752]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\y:\ntglm7x.sys --> y:\NTGLM7X.sys [?]
S3 viz2000;Visioneer USB Kernel V2.0;c:\winnt\system32\drivers\usbscan.sys [10/12/2008 5:01 PM 15104]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [9/24/2008 10:49 PM 24652]
S4 Virtual Server;Virtual Server;c:\program files\Microsoft Virtual Server\vssrvc.exe [7/23/2004 7:58 PM 2983288]
S4 vmh;Virtual Machine Helper;c:\program files\Microsoft Virtual Server\vmh.exe [7/23/2004 7:47 PM 137984]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\L]
\Shell\AutoRun\command - l:\.\Bin\Assetup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{4fe6b294-1621-11db-bc85-000fea353c5e}]
\Shell\AutoRun\command - L:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder
2009-05-09 c:\winnt\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
2009-05-14 c:\winnt\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-26 04:19]
2009-05-14 c:\winnt\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-13 04:20]
2007-10-03 c:\winnt\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- n:\spybot - search & destroy\SpybotSD.exe [2004-05-12 06:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: Convert link target to Adobe PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - d:\program files\Billionton\Bluetooth Software\btsendto_ie_ctx.htm
LSP: c:\winnt\system32\cplsp.dll
Trusted Zone: cingular.com\www.myaccount
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
DPF: {6ABE4BC3-7253-418E-85E8-F334A73154D3} - hxxp://www.smart-clip.com/activex/SmartClip.cab
DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxps://mail03.mygulfstream.com/dwa8W.cab
DPF: {F53270D3-0E32-48B7-B63B-159E33210F70} - hxxps://km.mygulfstream.com/llnksupport/webexp/lledit.cab
FF - ProfilePath - c:\documents and settings\CC\Application Data\Mozilla\Firefox\Profiles\9ehoe3sv.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-13 21:21
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
GuideMenu = c:\program files\Corel\Corel GuideMenu\GuideMenu.exe -hide??x??????mP???????X???????????????\???????????????????????Y????N??????? ???[?????+x????????????????????????W???`???????????????????????????S?????>????? ????????????????????/?????+x????????????0??????????
CTHelper = CTHELPER.EXE?
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.5.0.135\diMaster.dll\" /prefetch:1"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\autorun]
"ImagePath"="\??\c:\huadio.tmp"
.
chrisboc's Avatar
chrisboc chrisboc is offline
Junior Member with 17 posts.
THREAD STARTER
 
Join Date: May 2009
Experience: Intermediate
14-May-2009, 12:27 AM #11
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1417001333-1336601894-839522115-1000\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1417001333-1336601894-839522115-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:35,a3,bc,98,85,19,39,9c,12,51,50,3a,2c,b3,8f,a1,ed,cc,7b,10,49,90, 42,
ef,5c,8b,92,63,60,85,21,08,d6,f3,96,17,42,47,87,65,ef,44,31,81,6e,e8,84,73, \
"??"=hex:c5,e7,c1,65,0d,c8,31,19,27,1d,8a,43,4a,0f,e3,ed
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINNT\\System32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,37,f7,a0,ba, 8e,
94,53,87,c8,28,51,af,b0,29,a3,98,f6,30,24,0c,5b,34,2d,54,e2,63,26,f1,3f,c8, \
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINNT\\System32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,2e,ab,34,d1, 51,
eb,cb,75,71,3b,04,66,8b,46,0d,96,84,93,d5,40,10,a4,e2,f2,6a,9c,d6,61,af,45, \
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINNT\\System32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,ce,96,c6,22, ad,
82,7c,cb,25,da,ec,7e,55,20,c9,26,40,f3,0d,53,ca,26,e9,cb,ff,7c,85,e0,43,d4, \
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINNT\\System32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,0d,21,c9,92, 5f,
57,14,b3,3e,1e,9e,e0,57,5a,93,61,5b,a6,0e,70,1b,cc,b6,0b,86,8c,21,01,be,91, \
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINNT\\System32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,9c,18,50,80, c9,
cf,9f,c1,cd,44,cd,b9,a6,33,6c,cd,31,a4,11,0f,d7,d4,b1,e3,f5,1d,4d,73,a8,13, \
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINNT\\System32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,c3,68,3f,e9, a5,
58,fc,29,b0,18,ed,a7,3f,8d,37,a4,d3,9d,f8,29,4c,d2,84,61,df,20,58,62,78,6b, \
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINNT\\System32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,a8,18,9a,0a, 05,
83,47,06,31,77,e1,ba,b1,f8,68,02,96,8e,62,bf,ad,a0,ec,cb,fb,a7,78,e6,12,2f, \
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINNT\\System32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,e2,61,db,16, 01,
64,33,7b,83,6c,56,8b,a0,85,96,ab,d6,5e,20,2a,00,1b,67,65,01,3a,48,fc,e8,04, \
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINNT\\System32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,a9,a7,11,22, 36,
15,39,66,51,fa,6e,91,28,9e,14,cc,73,bd,82,8e,36,d7,46,f6,f6,0f,4e,58,98,5b, \
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINNT\\System32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,6c,8d,a5,6d, 9f,
62,2c,f9,b1,cd,45,5a,a8,c4,f8,b9,ba,56,cc,2b,8a,52,8c,88,3d,ce,ea,26,2d,45, \
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINNT\\System32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,7d,77,bc,80, 1c,
e5,73,ce,e3,0e,66,d5,eb,bc,2f,6b,43,28,43,9b,7b,f9,dd,65,2a,b7,cc,b5,b9,7f, \
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINNT\\System32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,8e,53,dd,18, 93,
99,f7,4e,fa,ea,66,7f,d4,3b,6b,70,a5,c7,af,03,55,92,56,20,6c,43,2d,1e,aa,22, \
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG06.00.00.01WORKSTATION"="800682321E698C33013C144E8573D1509A792389D 5406787526A8942B51AAE67632038A0BA1091F6F2027CC56384CFC854FDD9C5A20BDE5DD892 E9757B9DD7DCB52CDC0727987695F2C57676D59026566FE8A94373EC2490F471BF03865C28C 75728093695922860A92B2BFC27DDA4AA7FA5720C4B80874DC05638FEB06691F40C6D5D7157 23DADE23B0CC6BC3455FA77AF4139FCE739E733DE606F7FADE4BDF7AA47B70668106FEBC9E1 27BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFE BC9E127BECC74C8EDD5E5BE2F6E667A6A0AC4980AC79339DB7CE019D40AA5CFEBC9E127BECC 74C3595F99AFE27EA720B880129042AD2FAF7500ACADC95A00619DE6220007857F95A8CB77C 63340E59E6B9B01AD3EA2E7EF480D5DCAA788268D4F746AFC27D9A1F570745684576FB9B01C 58F3DCC6B1CC890F105CBC9A83A95D2EF1FAEC506F88CC5DABEA7E8454F070EADBD4FDD7CCE 6BBCEE5D65788DADFAE177F81BB534A93071C29586069B39AC7852B38EEB118A3821217A76E 535554F8723B3752F4D7CC15C5C0E5745997A63DD7D383C4E42A645971B4B55B8514088786E 024144BB543A39AA407148006CC60FD76B2050CA0E6F2E4F13D708340D6322B6ED07FB8D26D 6F21499AB2137793291F3BC04338A44D52818E7D9E2D971E0253BD0D44F757C9624625B6655 C8A1CA20C2F4B72B065C5A7C30B3BBC85CB845D2A2DB3BAD47F6C11DC49A8062657773271D2 B8D5FE5FC25D339B7E0AFFE3F1733F511CDF6FE465FE24D3F62365FA15948BDCEDB6BF364A0 0FB784B080A5F42402234BA582B831BD2F7306F3332D5C6959C4217D6122E1FC3F13819718D 860FAAFFB33601BB792EC6D8F7FA2316877D4E2B43850C382D82C2B186804C7461B715EB44B 9DFCE0D6423DE111617A52D413A4F47D370A4F44E6CC77CA6AD3BDD09EE5E765015B3F03587 50B73A5CF4DEBDE0E512E9A22E22E27544588C2753545DED2912935DB00AB0B9C93B3E7625F C934C579DC636A3D372C23F95A87D9454B526394946619F4FAFAEF633127D9348B5724006F8 0B7829479CFF1C9B823AA4DDE8BB57444A093308EE04B2364D01B654EB75D1F64D0790ED5A4 6D37DAE446C829F39DEF8474F61C6E92FC102557851F6042EB7A07F31000CCA092D375299C4 F9F76DAFBDE8A5CA6885D0ED574EF0B939FB86C62614F5559ACF666A6136BD785F223DE6511 4CA6490CCE7925DD1166B05BC5808D72887D200A0CD78AC41E4424953DFDCA5B195A126F279 D8174A6F77BAB44B1843EB65F6C3BFB372F1DA652F8C03D72A202432124ECDABC46CC8F400C 69C7E82649E477E95B96B71634DB1865F0CD5932CC0F4AB580937D1E809D688B339577A2211 46559C8DAF297260D4C5F65CF34968AB7460F69ABE98AAF1A3939EAA7"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(2028)
c:\program files\RDM+\notify.dll
- - - - - - - > 'lsass.exe'(484)
c:\winnt\system32\relog_ap.dll
- - - - - - - > 'explorer.exe'(2152)
c:\winnt\system32\nview.dll
d:\program files\SetPoint\lgscroll.dll
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
c:\winnt\system32\mshtml.dll
c:\winnt\IME\SPGRMR.DLL
c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
c:\winnt\system32\WPDShServiceObj.dll
c:\winnt\system32\PortableDeviceTypes.dll
c:\winnt\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe
c:\program files\Bonjour\mDNSResponder.exe
d:\program files\Billionton\Bluetooth Software\bin\btwdins.exe
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\winnt\system32\nvsvc32.exe
c:\winnt\system32\HPZipm12.exe
c:\program files\Common Files\Protexis\License Service\PSIService.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\winnt\system32\wscntfy.exe
c:\winnt\system32\rundll32.exe
c:\winnt\system32\rundll32.exe
c:\winnt\system32\rundll32.exe
c:\program files\CyberPatrol LLC\CyberPatrol\cpserver.exe
c:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe
c:\program files\CyberPatrol LLC\CyberPatrol\cpACtrl.exe
c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE
c:\program files\CyberPatrol LLC\CyberPatrol\cpCCtrl.exe
c:\program files\CyberPatrol LLC\CyberPatrol\cpkbinst.exe
d:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2009-05-14 21:27 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-14 02:27
ComboFix2.txt 2009-05-11 01:24
ComboFix3.txt 2009-05-11 01:11
Pre-Run: 19,335,208,960 bytes free
Post-Run: 19,695,620,096 bytes free
Current=2 Default=2 Failed=1 LastKnownGood=5 Sets=1,2,3,4,5
504 --- E O F --- 2009-04-29 08:01
chrisboc's Avatar
chrisboc chrisboc is offline
Junior Member with 17 posts.
THREAD STARTER
 
Join Date: May 2009
Experience: Intermediate
14-May-2009, 12:27 AM #12
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:23:06 PM, on 5/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Billionton\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\HPZipm12.exe
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
D:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\WINNT\SOUNDMAN.EXE
D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Corel\Corel GuideMenu\GuideMenu.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\WINNT\system32\ctfmon.exe
C:\Program Files\CyberPatrol LLC\CyberPatrol\cphq.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\CyberPatrol LLC\CyberPatrol\cpserver.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
D:\Program Files\SetPoint\SetPoint.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\CyberPatrol LLC\CyberPatrol\cpACtrl.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\CyberPatrol LLC\CyberPatrol\cpCCtrl.exe
C:\Program Files\CyberPatrol LLC\CyberPatrol\cpkbinst.exe
D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - N:\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O4 - HKLM\..\Run: [DWZCABoot] C:\WINNT\System32\DZCABoot.exe
O4 - HKLM\..\Run: [DWZKillMe] C:\WINNT\DZSAVEME.EXE
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\PPE.EXE
O4 - HKLM\..\Run: [DWPersistentQueuedReporting] C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE -a
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [WinSys2] C:\WINNT\system32\winsys2.exe
O4 - HKLM\..\Run: [GuideMenu] C:\Program Files\Corel\Corel GuideMenu\GuideMenu.exe -hide
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [CyberPatrolNew] "C:\Program Files\CyberPatrol LLC\CyberPatrol\cphq.exe" /m
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UpdatePDRShortCut] "d:\Program Files\CyberLink\PowerDirector\PowerDirector\MUITransfer\MUIStartMenu.exe" "d:\Program Files\CyberLink\PowerDirector\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [NVIDIA Performance Examiner] C:\WINNT\system32\nvCplUI.exe /page:{"0832D71B-1429-4747-8D59-B4B784798112"}
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [NortonUtilities] C:\Program Files\Norton Utilities 14\nu.exe /S
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [] C:\Program Files\Internet Explorer\iexplore.exe http://www.symantec.com/techsupp/ser...000e6.0000026f
O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-1004\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Kids')
O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-1004\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Kids')
O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-1004\..\Run: [Microsoft Works Update Detection] ???\WkDetect.exe (User 'Kids')
O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-1004\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe (User 'Kids')
O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-1004\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (User 'Kids')
O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-1004\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe" (User 'Kids')
O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-1004\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'Kids')
O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-1005\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'CPC')
O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-1012\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe (User 'Georgette')
O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-1013\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe (User 'Caitlin')
O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-1014\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe (User 'Austin')
O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-501\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Guest')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - S-1-5-21-1417001333-1336601894-839522115-1005 User Startup: Launch Microsoft Office Outlook (2).lnk = D:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE (User 'CPC')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: ASUS WiFi-AP Solo.lnk = C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: SetPoint.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - D:\Program Files\Billionton\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\Billionton\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\Billionton\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - N:\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - N:\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab53083.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10...y.cab53083.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://mail03.mygulfstream.com/iNotes6W.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {40F8967E-34A6-474A-837A-CEC1E7DAC54C} (QuickBooks Online Edition Utilities Class v9) - https://accounting.quickbooks.com/c4/v16.568/qboax9.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.4.8.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab53083.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1133845250247
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6ABE4BC3-7253-418E-85E8-F334A73154D3} (CSmartClient Object) - http://www.smart-clip.com/activex/SmartClip.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupda...01/CTSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1133846345904
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/soft...ch/alaunch.cab
O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} (Domino Web Access 8 Control) - https://mail03.mygulfstream.com/dwa8W.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames...e.cab53083.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab53083.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10...y.cab53852.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://northtexas.clio.medcity.net/...erSetupSP1.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://livenj04.rightnowtech.com/751.../java/RntX.cab
O16 - DPF: {F53270D3-0E32-48B7-B63B-159E33210F70} (Livelink Edit Control) - https://km.mygulfstream.com/llnksupp...exp/lledit.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupda...5106/CTPID.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: RDM+ - C:\Program Files\RDM+\notify.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Asset Management Daemon - Unknown owner - C:\Program Files\Portrait Displays\PerfectSuite\dtsslsrv.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Program Files\Billionton\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: CyberPatrol UpdateService - CyberPatrol LLC - C:\Program Files\CyberPatrol LLC\CyberPatrol\UpdateService.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate1c9bbef516989fe) (gupdate1c9bbef516989fe) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
O23 - Service: RDM+ Local Service (RDMPLocalService) - Unknown owner - C:\Program Files\RDM+\rdmpserv.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - d:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - d:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
--
End of file - 21983 bytes
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,352 posts.
 
Join Date: Aug 2003
15-May-2009, 08:12 PM #13
Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
chrisboc's Avatar
chrisboc chrisboc is offline
Junior Member with 17 posts.
THREAD STARTER
 
Join Date: May 2009
Experience: Intermediate
15-May-2009, 09:57 PM #14
Malwarebytes' Anti-Malware 1.36
Database version: 2139
Windows 5.1.2600 Service Pack 3
5/15/2009 8:57:27 PM
mbam-log-2009-05-15 (20-57-27).txt
Scan type: Quick Scan
Objects scanned: 148206
Time elapsed: 5 minute(s), 20 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 5
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000162-9980-0010-8000-00aa00389b71} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{bb0 5bd70-4605-4829-93fc-ad80d8cc5b66} (Rogue.PerformanceCenter) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\DVDConv (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDC onv (Trojan.DNSChanger) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\ WINNT\system32\erdmpg-5.3.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Documents and Settings\CC\Start Menu\Programs\DVDConv (Trojan.DNSChanger) -> Quarantined and deleted successfully.
Files Infected:
C:\Documents and Settings\CC\Start Menu\Programs\DVDConv\Uninstall.lnk (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\CPC\Cookies\MM2048.DAT (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\CPC\Cookies\MM256.DAT (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINNT\system32\erdmpg-5.3.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINNT\system32\csrss.old2 (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,352 posts.
 
Join Date: Aug 2003
16-May-2009, 12:10 PM #15
Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have Java then you will need to go to the following link and download the latest version:

JRE 6 Update 13

Instructions for Kaspersky scan:
  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑