1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Windows - No disk

Discussion in 'Virus & Other Malware Removal' started by chrisboc, May 10, 2009.

Thread Status:
Not open for further replies.
Advertisement
  1. chrisboc

    chrisboc Thread Starter

    Joined:
    May 10, 2009
    Messages:
    17
    I get this pop-up every time I load. I cleaned the registries using a commercial program, but this annoying message is still there. Does anyone know how to get rid of it? Please help!!!

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:32:46 PM, on 5/10/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16827)
    Boot mode: Normal
    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    D:\Program Files\Billionton\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
    C:\WINNT\system32\nvsvc32.exe
    C:\WINNT\system32\HPZipm12.exe
    C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
    C:\WINNT\system32\rundll32.exe
    C:\Program Files\Saitek\Software\Profiler.exe
    C:\Program Files\Saitek\Software\SaiSmart.exe
    C:\Program Files\Saitek\Software\SaiMfd.exe
    D:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
    C:\WINNT\SOUNDMAN.EXE
    C:\WINNT\system32\rundll32.exe
    D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\Corel\Corel GuideMenu\GuideMenu.exe
    C:\WINNT\system32\RUNDLL32.EXE
    C:\WINNT\system32\CTHELPER.EXE
    C:\Program Files\CyberPatrol LLC\CyberPatrol\cphq.exe
    C:\Program Files\CyberPatrol LLC\CyberPatrol\cpserver.exe
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\AWS\WeatherBug\Weather.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINNT\system32\rundll92.exe
    C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
    C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
    D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    D:\Program Files\SetPoint\SetPoint.exe
    C:\Program Files\CyberPatrol LLC\CyberPatrol\cpACtrl.exe
    C:\Program Files\CyberPatrol LLC\CyberPatrol\cpCCtrl.exe
    C:\Program Files\CyberPatrol LLC\CyberPatrol\cpkbinst.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\CyberPatrol LLC\CyberPatrol\UpdateService.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    D:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    D:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O1 - Hosts file is located at: C:\WINNT\System32\drivers\etc\hosts
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {08B8148D-90E3-41CE-86A5-E349E10C01A0} - (no file)
    O2 - BHO: (no name) - {23015998-E175-CFAB-5970-BC8EDAE4CECA} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - N:\SPYBOT~1\SDHelper.dll
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
    O2 - BHO: (no name) - {63C97903-90E6-C833-B74A-CC19637E8EBE} - (no file)
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {997B47CD-F57D-8CFB-5070-F93AF12774C0} - (no file)
    O2 - BHO: (no name) - {997E43B6-F209-F98F-0973-8A3A875C77C3} - (no file)
    O2 - BHO: (no name) - {9FA5C30A-77E0-7C60-B328-5F17556076C5} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
    O4 - HKLM\..\Run: [DWZCABoot] C:\WINNT\System32\DZCABoot.exe
    O4 - HKLM\..\Run: [DWZKillMe] C:\WINNT\DZSAVEME.EXE
    O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
    O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
    O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
    O4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
    O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\PPE.EXE
    O4 - HKLM\..\Run: [DWPersistentQueuedReporting] C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE -a
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
    O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [WinSys2] C:\WINNT\system32\winsys2.exe
    O4 - HKLM\..\Run: [GuideMenu] C:\Program Files\Corel\Corel GuideMenu\GuideMenu.exe -hide
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [CyberPatrolNew] "C:\Program Files\CyberPatrol LLC\CyberPatrol\cphq.exe" /m
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [UpdatePDRShortCut] "d:\Program Files\CyberLink\PowerDirector\PowerDirector\MUITransfer\MUIStartMenu.exe" "d:\Program Files\CyberLink\PowerDirector\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
    O4 - HKLM\..\Run: [Hotfix-KB5504305] C:\WINNT\system32\rundll92.exe
    O4 - HKLM\..\RunServices: [Hotfix-KB5504305] C:\WINNT\system32\rundll92.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
    O4 - HKCU\..\Run: [NVIDIA Performance Examiner] C:\WINNT\system32\nvCplUI.exe /page:{"0832D71B-1429-4747-8D59-B4B784798112"}
    O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [Hotfix-KB5504305] C:\WINNT\system32\rundll92.exe
    O4 - HKCU\..\Run: [NortonUtilities] C:\Program Files\Norton Utilities 14\nu.exe /S
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\RunServices: [Hotfix-KB5504305] C:\WINNT\system32\rundll92.exe
    O4 - HKCU\..\RunOnce: [] C:\Program Files\Internet Explorer\iexplore.exe http://www.symantec.com/techsupp/se...0000049.000000b9&g=00000082.000000e6.0000026f
    O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-1004\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Kids')
    O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-1004\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Kids')
    O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-1004\..\Run: [Microsoft Works Update Detection] ???\WkDetect.exe (User 'Kids')
    O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-1004\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe (User 'Kids')
    O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-1004\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (User 'Kids')
    O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-1004\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe" (User 'Kids')
    O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-1004\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'Kids')
    O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-1005\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'CPC')
    O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-1012\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe (User 'Georgette')
    O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-1013\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe (User 'Caitlin')
    O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-1014\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe (User 'Austin')
    O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-501\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Guest')
    O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
    O4 - S-1-5-21-1417001333-1336601894-839522115-1005 User Startup: Launch Microsoft Office Outlook (2).lnk = D:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE (User 'CPC')
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: APC UPS Status.lnk = ?
    O4 - Global Startup: ASUS WiFi-AP Solo.lnk = C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: SetPoint.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Send To &Bluetooth - D:\Program Files\Billionton\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~1\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\Billionton\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\Billionton\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - N:\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - N:\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab53083.cab
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
    O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab53083.cab
    O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://mail03.mygulfstream.com/iNotes6W.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
    O16 - DPF: {40F8967E-34A6-474A-837A-CEC1E7DAC54C} (QuickBooks Online Edition Utilities Class v9) - https://accounting.quickbooks.com/c4/v16.568/qboax9.cab
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab53083.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133845250247
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
    O16 - DPF: {6ABE4BC3-7253-418E-85E8-F334A73154D3} (CSmartClient Object) - http://www.smart-clip.com/activex/SmartClip.cab
    O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1133846345904
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/software/launch/alaunch.cab
    O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} (Domino Web Access 8 Control) - https://mail03.mygulfstream.com/dwa8W.cab
    O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab53083.cab
    O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab53083.cab
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab53852.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/heavyweapon/sis/popcaploader_v6.cab
    O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://northtexas.clio.medcity.net/dana-cached/setup/JuniperSetupSP1.cab
    O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://livenj04.rightnowtech.com/7513-b224h/rnl/java/RntX.cab
    O16 - DPF: {F53270D3-0E32-48B7-B63B-159E33210F70} (Livelink Edit Control) - https://km.mygulfstream.com/llnksupport/webexp/lledit.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3F707F55-1D65-4983-AD23-B502C9871300}: NameServer = 85.255.112.172
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6B98C345-B21E-4100-97CA-06506C56A482}: NameServer = 85.255.112.172
    O17 - HKLM\System\CCS\Services\Tcpip\..\{79362987-0F48-4FE5-868F-493F0AE4450E}: NameServer = 85.255.112.172
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9283F0A3-3399-489E-82CD-39365FE2A6FD}: NameServer = 85.255.112.172
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.61,85.255.112.172
    O17 - HKLM\System\CS5\Services\Tcpip\Parameters: NameServer = 85.255.112.61,85.255.112.172
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.61,85.255.112.172
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O20 - Winlogon Notify: RDM+ - C:\Program Files\RDM+\notify.dll
    O20 - Winlogon Notify: winbfi32 - winbfi32.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
    O23 - Service: Asset Management Daemon - Unknown owner - C:\Program Files\Portrait Displays\PerfectSuite\dtsslsrv.exe (file missing)
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Program Files\Billionton\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: CyberPatrol UpdateService - CyberPatrol LLC - C:\Program Files\CyberPatrol LLC\CyberPatrol\UpdateService.exe
    O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
    O23 - Service: Google Update Service (gupdate1c9bbef516989fe) (gupdate1c9bbef516989fe) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
    O23 - Service: RDM+ Local Service (RDMPLocalService) - Unknown owner - C:\Program Files\RDM+\rdmpserv.exe (file missing)
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - d:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - d:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    --
    End of file - 24019 bytes
     
  2. vistashen

    vistashen Banned

    Joined:
    May 2, 2009
    Messages:
    457
  3. flavallee

    flavallee Frank Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    63,592
    A "Windows - No Disk" pop-up is the least of your worries.

    There's a massive number of startup entries and services that don't need to load and run.

    There's over-kill with toolbars and browser helper objects(BHO's).

    There's a massive number of activeX controls.

    This entry indicates an infection.

    O4 - HKLM\..\Run: [WinSys2] C:\WINNT\system32\winsys2.exe

    http://www.processlibrary.com/directory/files/winsys2

    I'm suspicious of these entries:

    O4 - HKLM\..\Run: [DWZCABoot] C:\WINNT\System32\DZCABoot.exe

    O4 - HKLM\..\Run: [DWZKillMe] C:\WINNT\DZSAVEME.EXE

    O4 - HKLM\..\Run: [Hotfix-KB5504305] C:\WINNT\system32\rundll92.exe

    O4 - HKLM\..\RunServices: [Hotfix-KB5504305] C:\WINNT\system32\rundll92.exe

    O4 - HKCU\..\Run: [Hotfix-KB5504305] C:\WINNT\system32\rundll92.exe

    O4 - HKCU\..\RunServices: [Hotfix-KB5504305] C:\WINNT\system32\rundll92.exe


    ----------------------------------------------------------------------

    I've reported your thread to the "Malware Removal & HijackThis Logs" section for assistance.

    ------------------------------------------------------------------------
     
  4. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,607
    Please visit Combofix Guide & Instructions for instructions for installing the recovery console and downloading and running ComboFix.

    The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to Combo-Fix.exe please.

    Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

    Important notes regarding ComboFix:

    ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

    ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read HERE for an article written by dvk01 on why we disable autoruns.

    Note: During this process, it would help a great deal and be very much appreciated if you would refrain from installing any new software or hardware on this machine, unless absolutely necessary, until the clean up process is finished as it makes our job more tedious, with additional new files that may have to be researched, which is very time consuming.

    Also, please do not run any security programs or fixes on your own as doing so may compromise what we will be doing. It is important that you wait for instructions.
     
  5. flavallee

    flavallee Frank Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    63,592
    chrisboc:

    You're in Cookiegal's hands now. I'll be monitoring your thread. Once she's done with you, I'll assist you with that over-bloated startup load and with updating and uninstalling some programs. (y)

    -------------------------------------------------------------
     
  6. chrisboc

    chrisboc Thread Starter

    Joined:
    May 10, 2009
    Messages:
    17
    Thank you all for the assist!!! I hope I'm not a lost cause.


    Combo fix log file:

    ComboFix 09-05-09.05 - CC 05/10/2009 20:17.2 - NTFSx86
    Running from: c:\documents and settings\CC\Desktop\Combo-Fix.exe
    AV: Norton Internet Security *On-access scanning disabled* (Updated)
    FW: Norton Internet Security *enabled*
    .
    ((((((((((((((((((((((((( Files Created from 2009-04-11 to 2009-05-11 )))))))))))))))))))))))))))))))
    .
    2009-05-10 19:31 . 2009-05-10 19:31 -------- d-----w c:\program files\Evolve Reach RN
    2009-05-10 17:26 . 2009-05-10 17:26 -------- d-----w c:\program files\Trend Micro
    2009-05-08 22:39 . 2009-05-08 22:39 -------- d-----w c:\documents and settings\Kids.BIGDADDY\Local Settings\Application Data\Symantec
    2009-05-07 23:28 . 2009-05-07 23:28 -------- dc----w c:\documents and settings\Caitlin\Local Settings\Application Data\Symantec
    2009-05-07 18:14 . 2009-05-07 18:14 -------- d---a-w c:\program files\Norton Support
    2009-05-07 18:14 . 2009-05-07 18:14 -------- d-----w c:\documents and settings\CC\Local Settings\Application Data\Symantec
    2009-05-07 18:06 . 2009-05-07 18:06 -------- dc----w c:\documents and settings\CC\Application Data\Norton Utilities 14
    2009-05-07 17:48 . 2009-05-07 17:48 36400 ----a-r c:\winnt\system32\drivers\SymIM.sys
    2009-05-07 17:48 . 2009-05-07 17:48 60808 ----a-w c:\winnt\system32\S32EVNT1.DLL
    2009-05-07 17:48 . 2009-05-07 17:48 124464 ----a-w c:\winnt\system32\drivers\SYMEVENT.SYS
    2009-05-07 17:47 . 2009-05-07 17:47 -------- d-----w c:\winnt\system32\drivers\NIS
    2009-05-07 17:47 . 2009-05-07 17:47 -------- d-----w c:\program files\Norton Internet Security
    2009-05-07 17:47 . 2009-05-07 17:47 -------- d-----w c:\program files\Windows Sidebar
    2009-05-07 17:25 . 2009-05-11 01:15 -------- d-----w c:\program files\Norton Utilities 14
    2009-05-07 17:23 . 2009-05-07 17:23 -------- dc----w c:\documents and settings\All Users\Application Data\PCSettings
    2009-05-07 17:21 . 2009-05-07 17:21 -------- dc----w c:\documents and settings\All Users\Application Data\Norton
    2009-05-07 17:21 . 2009-05-07 17:21 -------- d-----w c:\program files\NortonInstaller
    2009-05-07 17:00 . 2009-05-07 17:48 -------- d-----w c:\program files\Symantec
    2009-05-07 17:00 . 2009-05-08 00:05 -------- dc----w c:\documents and settings\All Users\Application Data\Symantec
    2009-05-07 16:38 . 2009-05-07 16:38 -------- dc----w c:\documents and settings\CC\Application Data\TrojanHunter
    2009-05-07 05:56 . 2009-05-07 22:06 -------- d-----w c:\program files\TrojanHunter 5.1
    2009-05-07 05:14 . 2009-05-07 17:46 -------- dc----w c:\documents and settings\All Users\Application Data\NortonInstaller
    2009-05-04 16:55 . 2008-12-11 13:38 159600 ----a-w c:\winnt\system32\drivers\pctgntdi.sys
    2009-05-04 16:55 . 2008-12-18 17:16 73840 ----a-w c:\winnt\system32\drivers\PCTAppEvent.sys
    2009-05-04 16:55 . 2009-04-03 16:18 130936 ----a-w c:\winnt\system32\drivers\PCTCore.sys
    2009-05-04 16:55 . 2009-05-04 16:55 -------- d-----w c:\program files\Common Files\PC Tools
    2009-05-04 16:55 . 2008-12-10 16:36 64392 ----a-w c:\winnt\system32\drivers\pctplsg.sys
    2009-05-04 16:55 . 2009-05-04 16:55 -------- dc----w c:\documents and settings\CC\Application Data\PC Tools
    2009-05-04 16:55 . 2009-05-04 16:55 -------- dc----w c:\documents and settings\All Users\Application Data\PC Tools
    2009-05-01 12:49 . 2009-05-01 12:49 65536 --sh--r c:\winnt\system32\rundll92.exe
    2009-04-26 03:12 . 2009-04-26 03:12 -------- dc----w c:\documents and settings\All Users\Application Data\SmartSound Software Inc
    2009-04-26 03:12 . 2009-04-26 03:12 -------- d-----w c:\program files\SmartSound Software
    2009-04-26 03:11 . 2009-04-26 03:11 -------- d-----w c:\program files\Cyberlink
    2009-04-24 15:17 . 2009-04-24 15:17 -------- d-----w c:\program files\iPod
    2009-04-24 15:17 . 2009-04-24 15:17 -------- d-----w c:\program files\iTunes
    2009-04-24 14:07 . 2009-04-24 14:07 -------- dc----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    2009-04-20 15:49 . 2009-04-20 17:18 -------- d-----w c:\winnt\system32\oodag
    2009-04-16 16:49 . 2009-03-06 14:22 284160 -c----w c:\winnt\system32\dllcache\pdh.dll
    2009-04-16 16:49 . 2009-02-09 12:10 401408 -c----w c:\winnt\system32\dllcache\rpcss.dll
    2009-04-16 16:49 . 2009-02-06 11:11 110592 -c----w c:\winnt\system32\dllcache\services.exe
    2009-04-16 16:49 . 2009-02-09 12:10 473600 -c----w c:\winnt\system32\dllcache\fastprox.dll
    2009-04-16 16:49 . 2009-02-06 10:10 227840 -c----w c:\winnt\system32\dllcache\wmiprvse.exe
    2009-04-16 16:49 . 2009-02-09 12:10 453120 -c----w c:\winnt\system32\dllcache\wmiprvsd.dll
    2009-04-16 16:49 . 2009-02-09 12:10 729088 -c----w c:\winnt\system32\dllcache\lsasrv.dll
    2009-04-16 16:49 . 2009-02-09 12:10 617472 -c----w c:\winnt\system32\dllcache\advapi32.dll
    2009-04-16 16:49 . 2009-02-09 12:10 714752 -c----w c:\winnt\system32\dllcache\ntdll.dll
    2009-04-16 16:48 . 2008-05-03 11:55 2560 ------w c:\winnt\system32\xpsp4res.dll
    2009-04-16 16:48 . 2008-04-21 12:08 215552 -c----w c:\winnt\system32\dllcache\wordpad.exe
    2009-04-16 02:37 . 2009-04-16 02:37 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Google
    2009-04-13 04:19 . 2009-05-10 21:02 -------- dc----w c:\documents and settings\All Users\Application Data\Google Updater
    2009-04-12 04:23 . 2009-04-12 04:26 -------- dc----w c:\documents and settings\All Users\Application Data\America's Army Deploy Client
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-05-08 19:40 . 2008-01-12 19:12 4232 --sha-w c:\winnt\system32\KGyGaAvL.sys
    2009-05-07 18:10 . 2005-11-23 16:45 -------- d-----w c:\program files\Common Files\Symantec Shared
    2009-05-07 17:48 . 2009-05-07 17:48 805 ----a-w c:\winnt\system32\drivers\SYMEVENT.INF
    2009-05-07 17:48 . 2009-05-07 17:48 7386 ----a-w c:\winnt\system32\drivers\SYMEVENT.CAT
    2009-05-07 05:07 . 2006-06-09 19:23 -------- d-----w c:\program files\LiveUpdate
    2009-05-04 16:35 . 2008-02-09 01:26 -------- d-----w c:\program files\Spybot - Search & Destroy
    2009-05-01 15:32 . 2009-01-12 16:11 -------- d-----w c:\program files\RDM+
    2009-04-29 00:21 . 2009-01-19 15:04 664 -c--a-w c:\documents and settings\Caitlin\Local Settings\Application Data\d3d9caps.tmp
    2009-04-27 22:06 . 2008-12-31 21:00 124112 -c--a-w c:\documents and settings\Caitlin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-04-26 19:23 . 2009-01-03 19:15 34 -c--a-w c:\documents and settings\Austin\jagex_runescape_preferences.dat
    2009-04-26 03:13 . 2005-11-28 14:26 124112 ----a-w c:\documents and settings\CC\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-04-26 03:12 . 2005-11-23 16:40 -------- d--h--w c:\program files\InstallShield Installation Information
    2009-04-26 02:27 . 2008-01-12 19:08 -------- d-----w c:\program files\Canon
    2009-04-26 02:24 . 2008-01-12 19:06 -------- d-----w c:\program files\Common Files\Canon
    2009-04-24 15:17 . 2007-10-31 20:35 -------- d-----w c:\program files\Common Files\Apple
    2009-04-16 20:47 . 2007-11-12 02:18 66872 ----a-w c:\winnt\system32\PnkBstrA.exe
    2009-04-13 04:22 . 2005-11-25 02:27 -------- d-----w c:\program files\Google
    2009-04-06 02:08 . 2008-04-02 18:09 -------- d-----w c:\program files\Safari
    2009-03-28 23:10 . 2009-02-27 16:09 34 -c--a-w c:\documents and settings\Caitlin\jagex_runescape_preferences.dat
    2009-03-27 22:31 . 2009-03-27 22:31 -------- d-----w c:\program files\CyberPatrol LLC
    2009-03-20 19:21 . 2008-10-12 23:21 34 ----a-w c:\documents and settings\Kids.BIGDADDY\jagex_runescape_preferences.dat
    2009-03-19 21:32 . 2008-01-29 17:01 23400 ----a-w c:\winnt\system32\drivers\GEARAspiWDM.sys
    2009-03-06 14:22 . 2008-10-12 22:02 284160 ----a-w c:\winnt\system32\pdh.dll
    2009-03-06 04:59 . 2009-04-06 02:12 1900544 ----a-w c:\winnt\system32\usbaaplrc.dll
    2009-03-06 04:59 . 2007-10-31 20:35 36864 ----a-w c:\winnt\system32\drivers\usbaapl.sys
    2009-03-03 00:18 . 2005-12-06 06:18 826368 ----a-w c:\winnt\system32\wininet.dll
    2009-02-28 16:39 . 2009-02-28 16:39 165888 ----a-w c:\winnt\Video Cleaner Pro Uninstaller.exe
    2009-02-21 15:46 . 2006-08-22 01:32 80477 ----a-w c:\winnt\HPHins08.dat
    2009-02-20 18:09 . 2008-10-12 22:02 78336 ----a-w c:\winnt\system32\ieencode.dll
    2009-02-12 02:31 . 2008-10-14 22:37 34 -c--a-w c:\documents and settings\CC\jagex_runescape_preferences.dat
    2007-04-25 08:49 . 2008-01-12 18:58 328 -c----w c:\program files\GuideMenuSetup.iss
    2007-04-06 03:28 . 2008-01-12 19:00 1237 -c----w c:\program files\WinDVDSetup.iss
    2005-11-23 03:40 . 2005-11-23 03:40 271 -csh--w c:\program files\desktop.ini
    2005-11-23 03:40 . 2005-11-23 03:40 21952 -c-ha-w c:\program files\folder.htt
    2002-07-26 23:02 . 2005-12-06 05:00 153088 -c--a-w c:\program files\UNWISE.EXE
    2008-06-24 17:49 . 2006-05-26 01:55 67696 -c--a-w c:\program files\mozilla firefox\components\jar50.dll
    2008-06-24 17:49 . 2006-05-26 01:55 54376 -c--a-w c:\program files\mozilla firefox\components\jsd3250.dll
    2008-06-24 17:49 . 2008-02-10 00:00 34952 -c--a-w c:\program files\mozilla firefox\components\myspell.dll
    2008-06-24 17:49 . 2008-02-10 00:00 46720 -c--a-w c:\program files\mozilla firefox\components\spellchk.dll
    2008-06-24 17:49 . 2006-05-26 01:55 172144 -c--a-w c:\program files\mozilla firefox\components\xpinstal.dll
    2008-01-12 19:12 . 2008-01-12 19:12 8 --sh--r c:\winnt\system32\F087802693.sys
    .
    ((((((((((((((((((((((((((((( SnapShot@2009-05-11_01.04.11 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-05-11 01:02 . 2009-05-11 01:02 16384 c:\winnt\Temp\Perflib_Perfdata_930.dat
    + 1999-12-07 06:00 . 2009-05-11 01:06 68988 c:\winnt\system32\perfc009.dat
    - 1999-12-07 06:00 . 2009-05-10 17:11 68988 c:\winnt\system32\perfc009.dat
    + 1999-12-07 06:00 . 2009-05-11 01:06 422894 c:\winnt\system32\perfh009.dat
    - 1999-12-07 06:00 . 2009-05-10 17:11 422894 c:\winnt\system32\perfh009.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\winnt\system32\ctfmon.exe" [2008-04-14 15360]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
    "NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-05 81920]
    "NVIDIA Performance Examiner"="c:\winnt\system32\nvCplUI.exe" [2008-10-07 797216]
    "Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2007-08-29 1347584]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
    "Hotfix-KB5504305"="c:\winnt\system32\rundll92.exe" [2009-05-01 65536]
    "NortonUtilities"="c:\program files\Norton Utilities 14\nu.exe" [2009-01-27 3831144]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-22 68856]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "<NO NAME>"="c:\program files\Internet Explorer\iexplore.exe" [2009-02-28 636072]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "Hotfix-KB5504305"="c:\winnt\system32\rundll92.exe" [2009-05-01 65536]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DWZCABoot"="c:\winnt\System32\DZCABoot.exe" [2005-04-13 110592]
    "DWZKillMe"="c:\winnt\DZSAVEME.EXE" [2001-07-25 20480]
    "USBToolTip"="c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2004-04-23 192512]
    "Profiler"="c:\program files\Saitek\Software\Profiler.exe" [2004-10-20 159744]
    "SaiSmart"="c:\program files\Saitek\Software\SaiSmart.exe" [2004-10-20 98304]
    "SaiMfd"="c:\program files\Saitek\Software\SaiMfd.exe" [2004-10-20 135168]
    "TrueImageMonitor.exe"="d:\program files\Acronis\TrueImage\TrueImageMonitor.exe" [2005-12-27 988736]
    "OSSelectorReinstall"="c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2006-04-12 1261475]
    "NvCplDaemon"="c:\winnt\system32\NvCpl.dll" [2008-10-07 13574144]
    "PCLEPCI"="c:\progra~1\Pinnacle\PPE\PPE.EXE" [2004-02-03 49152]
    "DWPersistentQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE" [2007-02-26 437160]
    "Acrobat Assistant 7.0"="d:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-13 483328]
    "SetDefPrt"="c:\program files\Brother\Brmfl04g\BrStDvPt.exe" [2004-11-11 49152]
    "ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2004-11-12 864256]
    "WinSys2"="c:\winnt\system32\winsys2.exe" [2006-04-29 208896]
    "GuideMenu"="c:\program files\Corel\Corel GuideMenu\GuideMenu.exe" [2007-08-07 1282048]
    "NvMediaCenter"="c:\winnt\system32\NvMcTray.dll" [2008-10-07 86016]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472]
    "CyberPatrolNew"="c:\program files\CyberPatrol LLC\CyberPatrol\cphq.exe" [2008-12-19 1975552]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
    "UpdatePDRShortCut"="d:\program files\CyberLink\PowerDirector\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
    "Hotfix-KB5504305"="c:\winnt\system32\rundll92.exe" [2009-05-01 65536]
    "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\winnt\system32\bthprops.cpl [2008-04-14 110592]
    "nwiz"="nwiz.exe" - c:\winnt\system32\nwiz.exe [2008-10-07 1630208]
    "SoundMan"="SOUNDMAN.EXE" - c:\winnt\SOUNDMAN.EXE [2005-06-21 77824]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\winnt\KHALMNPR.Exe [2005-12-20 28160]
    "CTHelper"="CTHELPER.EXE" - c:\winnt\system32\CtHelper.exe [2008-06-27 19456]
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2008-04-14 214528]
    "tscuninstall"="c:\winnt\system32\tscupgrd.exe" [2004-08-04 44544]
    "SetDefaultMIDI"="MIDIDEF.EXE" - c:\winnt\system32\MIDIDEF.EXE [2008-06-27 28672]
    c:\documents and settings\CPC\Start Menu\Programs\Startup\
    Launch Microsoft Office Outlook (2).lnk - d:\program files\Microsoft Office\OFFICE11\OUTLOOK.EXE [2008-4-23 199688]
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Acrobat Speed Launcher.lnk - c:\winnt\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-2-28 25214]
    APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2008-1-15 221247]
    ASUS WiFi-AP Solo.lnk - c:\program files\ASUS WiFi-AP Solo\RtWLan.exe [2007-11-26 995328]
    BTTray.lnk - d:\program files\Billionton\Bluetooth Software\BTTray.exe [2004-11-29 569405]
    HP Digital Imaging Monitor.lnk - d:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
    Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-11-16 67128]
    SetPoint.lnk - d:\program files\SetPoint\SetPoint.exe [2007-5-4 532480]
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoRecentDocs Menu"= 1 (0x1)
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\RDM+]
    2008-04-13 11:43 61440 ----a-w c:\program files\RDM+\notify.dll
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
    "aux"= mmdrv.dll
    "wave5"= serwvdrv.dll
    "wave"= serwvdrv.dll
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0oodbs
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Hotfix-KB5504305 REG_SZ c:\winnt\system32\rundll92.exe
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
    @="FSFilter Activity Monitor"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Audible Download Manager.lnk]
    backup=c:\winnt\pss\Audible Download Manager.lnkCommon Startup
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
    backup=c:\winnt\pss\Microsoft Works Calendar Reminders.lnkCommon Startup
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
    backup=c:\winnt\pss\QuickBooks Update Agent.lnkCommon Startup
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SATARAID5.lnk]
    backup=c:\winnt\pss\SATARAID5.lnkCommon Startup
    [HKLM\~\startupfolder\C:^Documents and Settings^CC^Start Menu^Programs^Startup^PdaNet Desktop.lnk]
    backup=c:\winnt\pss\PdaNet Desktop.lnkStartup
    [HKLM\~\startupfolder\C:^Documents and Settings^CC^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
    backup=c:\winnt\pss\Picture Motion Browser Media Check Tool.lnkStartup
    [HKLM\~\startupfolder\C:^Documents and Settings^CC^Start Menu^Programs^Startup^YouTube Uploader.lnk]
    backup=c:\winnt\pss\YouTube Uploader.lnkStartup
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "ZuneNetworkSvc"=3 (0x3)
    "VMware NAT Service"=2 (0x2)
    "vmount2"=2 (0x2)
    "VMnetDHCP"=2 (0x2)
    "vmh"=3 (0x3)
    "VMAuthdService"=2 (0x2)
    "Virtual Server"=2 (0x2)
    "UleadBurningHelper"=2 (0x2)
    "O&O Defrag"=2 (0x2)
    "LiveUpdate Notice"=2 (0x2)
    "LiveUpdate"=3 (0x3)
    "IDriverT"=3 (0x3)
    "gusvc"=3 (0x3)
    "Automatic LiveUpdate Scheduler"=2 (0x2)
    "RoxWatch9"=2 (0x2)
    "RoxMediaDB9"=3 (0x3)
    "iPod Service"=3 (0x3)
    "DTSRVC"=2 (0x2)
    "awhost32"=2 (0x2)
    "Viewpoint Manager Service"=2 (0x2)
    "PnkBstrB"=2 (0x2)
    "PnkBstrA"=2 (0x2)
    "nTuneService"=2 (0x2)
    "Nero BackItUp Scheduler 3"=2 (0x2)
    "CCALib8"=2 (0x2)
    "Apple Mobile Device"=2 (0x2)
    "AcrSch2Svc"=2 (0x2)
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "s:\\!softwarelibrary\\bitcomet\\BitComet.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\WINNT\\system32\\ZoneLabs\\vsmon.exe"=
    "c:\\Program Files\\Sprite Software\\Sprite Backup\\SpriteService.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "d:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
    "d:\program files\Microsoft ActiveSync\rapimgr.exe"= d:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "d:\program files\Microsoft ActiveSync\wcescomm.exe"= d:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "d:\program files\Microsoft ActiveSync\WCESMgr.exe"= d:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\WINNT\\system32\\PnkBstrA.exe"=
    "c:\\WINNT\\system32\\PnkBstrB.exe"=
    "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "d:\\Program Files\\River Past\\Video Cleaner Pro\\VideoCleaner.exe"=
    "d:\\Program Files\\America's Army Deploy Client\\AADeployClient.exe"=
    "d:\\Program Files\\America's Army\\System\\ArmyOps.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "9420:TCP"= 9420:TCP:Red Swoosh
    "5000:UDP"= 5000:UDP:Red Swoosh
    "19911:TCP"= 19911:TCP:BitComet 19911 TCP
    "19911:UDP"= 19911:UDP:BitComet 19911 UDP
    "9978:TCP"= 9978:TCP:BitComet 9978 TCP
    "9978:UDP"= 9978:UDP:BitComet 9978 UDP
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    R0 iteraid;ITERAID_Service_Install;c:\winnt\system32\drivers\iteraid.sys [11/23/2005 11:42 AM 21851]
    R0 PCTCore;PCTools KDS;c:\winnt\system32\drivers\PCTCore.sys [5/4/2009 11:55 AM 130936]
    R0 SymEFA;Symantec Extended File Attributes;c:\winnt\system32\drivers\NIS\1005000.087\SymEFA.sys [5/7/2009 12:48 PM 310320]
    R1 BHDrvx86;Symantec Heuristics Driver;c:\winnt\system32\drivers\NIS\1005000.087\BHDrvx86.sys [5/7/2009 12:48 PM 258608]
    R1 ccHP;Symantec Hash Provider;c:\winnt\system32\drivers\NIS\1005000.087\cchpx86.sys [5/7/2009 12:48 PM 482352]
    R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090508.002\IDSXpx86.sys [5/8/2009 3:22 PM 276344]
    R2 BCMNTIO;BCMNTIO;d:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [12/19/2005 7:33 PM 3744]
    R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [5/7/2009 12:48 PM 115560]
    R3 COMMONFX.SYS;COMMONFX.SYS;c:\winnt\system32\drivers\COMMONFX.sys [6/27/2008 8:21 PM 99352]
    R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\winnt\system32\drivers\CTAUDFX.sys [6/27/2008 8:21 PM 555032]
    R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\winnt\system32\drivers\CTSBLFX.sys [6/27/2008 8:21 PM 566296]
    R3 dfmirage;dfmirage;c:\winnt\system32\drivers\dfmirage.sys [4/15/2008 6:49 AM 31896]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/7/2009 1:09 PM 101936]
    R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\winnt\system32\drivers\RTL8187.sys [1/11/2007 7:20 PM 194304]
    S2 gupdate1c9bbef516989fe;Google Update Service (gupdate1c9bbef516989fe);c:\program files\Google\Update\GoogleUpdate.exe [4/12/2009 11:21 PM 133104]
    S2 NTFILERW;NTFILERW;\??\c:\winnt\System32\Drivers\NTFILERW.SYS --> c:\winnt\System32\Drivers\NTFILERW.SYS [?]
    S2 RDMPLocalService;RDM+ Local Service;"c:\program files\RDM+\rdmpserv.exe" --> c:\program files\RDM+\rdmpserv.exe [?]
    S3 autorun;autorun;\??\c:\huadio.tmp --> c:\huadio.tmp [?]
    S3 BW2NDIS5;BW2NDIS5;c:\winnt\system32\Drivers\BW2NDIS5.sys --> c:\winnt\system32\Drivers\BW2NDIS5.sys [?]
    S3 COMMONFX;COMMONFX;c:\winnt\system32\drivers\COMMONFX.sys [6/27/2008 8:21 PM 99352]
    S3 CTAUDFX;CTAUDFX;c:\winnt\system32\drivers\CTAUDFX.sys [6/27/2008 8:21 PM 555032]
    S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\winnt\system32\drivers\CTERFXFX.sys [6/27/2008 8:21 PM 100888]
    S3 CTERFXFX;CTERFXFX;c:\winnt\system32\drivers\CTERFXFX.sys [6/27/2008 8:21 PM 100888]
    S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\winnt\system32\drivers\ctlsb16.sys [5/14/2007 4:21 PM 96256]
    S3 CTSBLFX;CTSBLFX;c:\winnt\system32\drivers\CTSBLFX.sys [6/27/2008 8:21 PM 566296]
    S3 CyberPatrol UpdateService;CyberPatrol UpdateService;c:\program files\CyberPatrol LLC\CyberPatrol\UpdateService.exe [3/27/2009 5:31 PM 144704]
    S3 mgau;mgau;c:\winnt\system32\drivers\mgaum.sys [7/19/2006 6:48 PM 320384]
    S3 pcx2nd5;Toshiba PCX2000 USB Cable Modem networking driver (NDIS);c:\winnt\system32\drivers\pcx2nd5.sys [1/23/2007 7:20 PM 17648]
    S3 pcx2unic;Toshiba PCX2000 USB Cable Modem WDM driver;c:\winnt\system32\drivers\pcx2unic.sys [1/23/2007 7:20 PM 69456]
    S3 pnetmdm;PdaNet Modem;c:\winnt\system32\drivers\pnetmdm.sys [1/12/2006 3:04 PM 9472]
    S3 PortTalk;PortTalk;c:\winnt\system32\drivers\PortTalk.sys [6/5/2006 7:37 PM 3567]
    S3 SaiH0255;SaiH0255;c:\winnt\system32\drivers\SaiH0255.sys [5/23/2006 9:57 PM 121984]
    S3 sdAuxService;PC Tools Auxiliary Service;d:\program files\Spyware Doctor\pctsAuxs.exe [5/4/2009 11:55 AM 348752]
    S3 SetupNTGLM7X;SetupNTGLM7X;\??\y:\ntglm7x.sys --> y:\NTGLM7X.sys [?]
    S3 viz2000;Visioneer USB Kernel V2.0;c:\winnt\system32\drivers\usbscan.sys [10/12/2008 5:01 PM 15104]
    S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [9/24/2008 10:49 PM 24652]
    S4 Virtual Server;Virtual Server;c:\program files\Microsoft Virtual Server\vssrvc.exe [7/23/2004 7:58 PM 2983288]
    S4 vmh;Virtual Machine Helper;c:\program files\Microsoft Virtual Server\vmh.exe [7/23/2004 7:47 PM 137984]
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
    \Shell\AutoRun\command - l:\.\Bin\Assetup.exe
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4fe6b294-1621-11db-bc85-000fea353c5e}]
    \Shell\AutoRun\command - L:\setupSNK.exe
    .
    Contents of the 'Scheduled Tasks' folder
    2009-05-09 c:\winnt\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
    2009-05-11 c:\winnt\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-26 04:19]
    2009-05-11 c:\winnt\Tasks\GoogleUpdateTaskMachine.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-13 04:20]
    2007-10-03 c:\winnt\Tasks\Spybot - Search & Destroy - Scheduled Task.job
    - n:\spybot - search & destroy\SpybotSD.exe [2004-05-12 06:04]
    .
    .
     
  7. chrisboc

    chrisboc Thread Starter

    Joined:
    May 10, 2009
    Messages:
    17
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mStart Page = hxxp://www.yahoo.com/
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    IE: Convert link target to Adobe PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert to existing PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Send To &Bluetooth - d:\program files\Billionton\Bluetooth Software\btsendto_ie_ctx.htm
    LSP: c:\winnt\system32\cplsp.dll
    Trusted Zone: cingular.com\www.myaccount
    Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
    DPF: {6ABE4BC3-7253-418E-85E8-F334A73154D3} - hxxp://www.smart-clip.com/activex/SmartClip.cab
    DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxps://mail03.mygulfstream.com/dwa8W.cab
    DPF: {F53270D3-0E32-48B7-B63B-159E33210F70} - hxxps://km.mygulfstream.com/llnksupport/webexp/lledit.cab
    FF - ProfilePath - c:\documents and settings\CC\Application Data\Mozilla\Firefox\Profiles\9ehoe3sv.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
    FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
    .
    **************************************************************************
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-05-10 20:19
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    GuideMenu = c:\program files\Corel\Corel GuideMenu\GuideMenu.exe -hide??x??????mP???????X???????????????\???????????????????????Y????N??????????[?????+x????????????????????????W???`???????????????????????????S?????>?????????????????????????/?????+x????????????0??????????
    CTHelper = CTHELPER.EXE?
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Norton Internet Security]
    "ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.5.0.135\diMaster.dll\" /prefetch:1"
    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\autorun]
    "ImagePath"="\??\c:\huadio.tmp"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    [HKEY_USERS\S-1-5-21-1417001333-1336601894-839522115-1000\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    [HKEY_USERS\S-1-5-21-1417001333-1336601894-839522115-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:35,a3,bc,98,85,19,39,9c,12,51,50,3a,2c,b3,8f,a1,ed,cc,7b,10,49,90,42,
    ef,5c,8b,92,63,60,85,21,08,d6,f3,96,17,42,47,87,65,ef,44,31,81,6e,e8,84,73,\
    "??"=hex:c5,e7,c1,65,0d,c8,31,19,27,1d,8a,43,4a,0f,e3,ed
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINNT\\System32\\OLE32.DLL"
    "cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,37,f7,a0,ba,8e,
    94,53,87,c8,28,51,af,b0,29,a3,98,f6,30,24,0c,5b,34,2d,54,e2,63,26,f1,3f,c8,\
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINNT\\System32\\OLE32.DLL"
    "bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,2e,ab,34,d1,51,
    eb,cb,75,71,3b,04,66,8b,46,0d,96,84,93,d5,40,10,a4,e2,f2,6a,9c,d6,61,af,45,\
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINNT\\System32\\OLE32.DLL"
    "2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,ce,96,c6,22,ad,
    82,7c,cb,25,da,ec,7e,55,20,c9,26,40,f3,0d,53,ca,26,e9,cb,ff,7c,85,e0,43,d4,\
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINNT\\System32\\OLE32.DLL"
    "2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,0d,21,c9,92,5f,
    57,14,b3,3e,1e,9e,e0,57,5a,93,61,5b,a6,0e,70,1b,cc,b6,0b,86,8c,21,01,be,91,\
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINNT\\System32\\OLE32.DLL"
    "caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,9c,18,50,80,c9,
    cf,9f,c1,cd,44,cd,b9,a6,33,6c,cd,31,a4,11,0f,d7,d4,b1,e3,f5,1d,4d,73,a8,13,\
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINNT\\System32\\OLE32.DLL"
    "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,c3,68,3f,e9,a5,
    58,fc,29,b0,18,ed,a7,3f,8d,37,a4,d3,9d,f8,29,4c,d2,84,61,df,20,58,62,78,6b,\
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINNT\\System32\\OLE32.DLL"
    "4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,a8,18,9a,0a,05,
    83,47,06,31,77,e1,ba,b1,f8,68,02,96,8e,62,bf,ad,a0,ec,cb,fb,a7,78,e6,12,2f,\
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINNT\\System32\\OLE32.DLL"
    "1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,e2,61,db,16,01,
    64,33,7b,83,6c,56,8b,a0,85,96,ab,d6,5e,20,2a,00,1b,67,65,01,3a,48,fc,e8,04,\
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINNT\\System32\\OLE32.DLL"
    "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,a9,a7,11,22,36,
    15,39,66,51,fa,6e,91,28,9e,14,cc,73,bd,82,8e,36,d7,46,f6,f6,0f,4e,58,98,5b,\
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINNT\\System32\\OLE32.DLL"
    "f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,6c,8d,a5,6d,9f,
    62,2c,f9,b1,cd,45,5a,a8,c4,f8,b9,ba,56,cc,2b,8a,52,8c,88,3d,ce,ea,26,2d,45,\
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINNT\\System32\\OLE32.DLL"
    "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,7d,77,bc,80,1c,
    e5,73,ce,e3,0e,66,d5,eb,bc,2f,6b,43,28,43,9b,7b,f9,dd,65,2a,b7,cc,b5,b9,7f,\
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINNT\\System32\\OLE32.DLL"
    "8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,8e,53,dd,18,93,
    99,f7,4e,fa,ea,66,7f,d4,3b,6b,70,a5,c7,af,03,55,92,56,20,6c,43,2d,1e,aa,22,\
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
    "OODEFRAG06.00.00.01WORKSTATION"="800682321E698C33013C144E8573D1509A792389D5406787526A8942B51AAE67632038A0BA1091F6F2027CC56384CFC854FDD9C5A20BDE5DD892E9757B9DD7DCB52CDC0727987695F2C57676D59026566FE8A94373EC2490F471BF03865C28C75728093695922860A92B2BFC27DDA4AA7FA5720C4B80874DC05638FEB06691F40C6D5D715723DADE23B0CC6BC3455FA77AF4139FCE739E733DE606F7FADE4BDF7AA47B70668106FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A6A0AC4980AC79339DB7CE019D40AA5CFEBC9E127BECC74C3595F99AFE27EA720B880129042AD2FAF7500ACADC95A00619DE6220007857F95A8CB77C63340E59E6B9B01AD3EA2E7EF480D5DCAA788268D4F746AFC27D9A1F570745684576FB9B01C58F3DCC6B1CC890F105CBC9A83A95D2EF1FAEC506F88CC5DABEA7E8454F070EADBD4FDD7CCE6BBCEE5D65788DADFAE177F81BB534A93071C29586069B39AC7852B38EEB118A3821217A76E535554F8723B3752F4D7CC15C5C0E5745997A63DD7D383C4E42A645971B4B55B8514088786E024144BB543A39AA407148006CC60FD76B2050CA0E6F2E4F13D708340D6322B6ED07FB8D26D6F21499AB2137793291F3BC04338A44D52818E7D9E2D971E0253BD0D44F757C9624625B6655C8A1CA20C2F4B72B065C5A7C30B3BBC85CB845D2A2DB3BAD47F6C11DC49A8062657773271D2B8D5FE5FC25D339B7E0AFFE3F1733F511CDF6FE465FE24D3F62365FA15948BDCEDB6BF364A00FB784B080A5F42402234BA582B831BD2F7306F3332D5C6959C4217D6122E1FC3F13819718D860FAAFFB33601BB792EC6D8F7FA2316877D4E2B43850C382D82C2B186804C7461B715EB44B9DFCE0D6423DE111617A52D413A4F47D370A4F44E6CC77CA6AD3BDD09EE5E765015B3F0358750B73A5CF4DEBDE0E512E9A22E22E27544588C2753545DED2912935DB00AB0B9C93B3E7625FC934C579DC636A3D372C23F95A87D9454B526394946619F4FAFAEF633127D9348B5724006F80B7829479CFF1C9B823AA4DDE8BB57444A093308EE04B2364D01B654EB75D1F64D0790ED5A46D37DAE446C829F39DEF8474F61C6E92FC102557851F6042EB7A07F31000CCA092D375299C4F9F76DAFBDE8A5CA6885D0ED574EF0B939FB86C62614F5559ACF666A6136BD785F223DE65114CA6490CCE7925DD1166B05BC5808D72887D200A0CD78AC41E4424953DFDCA5B195A126F279D8174A6F77BAB44B1843EB65F6C3BFB372F1DA652F8C03D72A202432124ECDABC46CC8F400C69C7E82649E477E95B96B71634DB1865F0CD5932CC0F4AB580937D1E809D688B339577A221146559C8DAF297260D4C5F65CF34968AB7460F69ABE98AAF1A3939EAA7"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    - - - - - - - > 'winlogon.exe'(2028)
    c:\program files\RDM+\notify.dll
    - - - - - - - > 'lsass.exe'(484)
    c:\winnt\system32\relog_ap.dll
    - - - - - - - > 'explorer.exe'(1284)
    c:\winnt\system32\nview.dll
    d:\program files\SetPoint\lgscroll.dll
    c:\winnt\system32\mshtml.dll
    c:\winnt\IME\SPGRMR.DLL
    c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
    c:\winnt\system32\WPDShServiceObj.dll
    c:\winnt\system32\PortableDeviceTypes.dll
    c:\winnt\system32\PortableDeviceApi.dll
    c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    c:\winnt\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll
    n:\spybot~1\SDHelper.dll
    d:\program files\Microsoft Office\OFFICE11\msohev.dll
    c:\winnt\system32\nvwddi.dll
    c:\program files\Avi2Dvd\Programs\Filters\Haali media splitter\mmfinfo.dll
    c:\program files\Avi2Dvd\Programs\Filters\Haali media splitter\mkunicode.dll
    c:\program files\Audible\Bin\AudibleExt.dll
    c:\program files\Common Files\Nero\Lib\NeroDigitalExt.dll
    c:\winnt\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL
    c:\winnt\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCP80.dll
    d:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
    .
    Completion time: 2009-05-11 20:24
    ComboFix-quarantined-files.txt 2009-05-11 01:24
    ComboFix2.txt 2009-05-11 01:11
    Pre-Run: 19,903,610,880 bytes free
    Post-Run: 19,885,711,360 bytes free
    Current=2 Default=2 Failed=1 LastKnownGood=5 Sets=1,2,3,4,5
    474 --- E O F --- 2009-04-29 08:01
     
  8. chrisboc

    chrisboc Thread Starter

    Joined:
    May 10, 2009
    Messages:
    17
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:47:10 PM, on 5/10/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16827)
    Boot mode: Normal
    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    D:\Program Files\Billionton\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
    C:\WINNT\system32\nvsvc32.exe
    C:\WINNT\system32\HPZipm12.exe
    C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
    C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
    C:\WINNT\system32\rundll32.exe
    C:\Program Files\Saitek\Software\Profiler.exe
    C:\Program Files\Saitek\Software\SaiSmart.exe
    C:\Program Files\Saitek\Software\SaiMfd.exe
    D:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
    C:\WINNT\system32\rundll32.exe
    D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\Corel\Corel GuideMenu\GuideMenu.exe
    C:\WINNT\system32\RUNDLL32.EXE
    C:\Program Files\CyberPatrol LLC\CyberPatrol\cphq.exe
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\AWS\WeatherBug\Weather.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\CyberPatrol LLC\CyberPatrol\cpserver.exe
    C:\WINNT\system32\rundll92.exe
    C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
    D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    D:\Program Files\SetPoint\SetPoint.exe
    C:\Program Files\CyberPatrol LLC\CyberPatrol\cpACtrl.exe
    C:\Program Files\CyberPatrol LLC\CyberPatrol\cpCCtrl.exe
    C:\Program Files\CyberPatrol LLC\CyberPatrol\cpkbinst.exe
    D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\WINNT\explorer.exe
    D:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    D:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - N:\SPYBOT~1\SDHelper.dll
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
    O4 - HKLM\..\Run: [DWZCABoot] C:\WINNT\System32\DZCABoot.exe
    O4 - HKLM\..\Run: [DWZKillMe] C:\WINNT\DZSAVEME.EXE
    O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
    O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
    O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
    O4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
    O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\PPE.EXE
    O4 - HKLM\..\Run: [DWPersistentQueuedReporting] C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE -a
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
    O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [WinSys2] C:\WINNT\system32\winsys2.exe
    O4 - HKLM\..\Run: [GuideMenu] C:\Program Files\Corel\Corel GuideMenu\GuideMenu.exe -hide
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [CyberPatrolNew] "C:\Program Files\CyberPatrol LLC\CyberPatrol\cphq.exe" /m
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [UpdatePDRShortCut] "d:\Program Files\CyberLink\PowerDirector\PowerDirector\MUITransfer\MUIStartMenu.exe" "d:\Program Files\CyberLink\PowerDirector\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
    O4 - HKLM\..\Run: [Hotfix-KB5504305] C:\WINNT\system32\rundll92.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
    O4 - HKCU\..\Run: [NVIDIA Performance Examiner] C:\WINNT\system32\nvCplUI.exe /page:{"0832D71B-1429-4747-8D59-B4B784798112"}
    O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [Hotfix-KB5504305] C:\WINNT\system32\rundll92.exe
    O4 - HKCU\..\Run: [NortonUtilities] C:\Program Files\Norton Utilities 14\nu.exe /S
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\RunServices: [Hotfix-KB5504305] C:\WINNT\system32\rundll92.exe
    O4 - HKCU\..\RunOnce: [] C:\Program Files\Internet Explorer\iexplore.exe http://www.symantec.com/techsupp/se...0000049.000000b9&g=00000082.000000e6.0000026f
    O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-1004\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Kids')
    O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-1004\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Kids')
    O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-1004\..\Run: [Microsoft Works Update Detection] ???\WkDetect.exe (User 'Kids')
    O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-1004\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe (User 'Kids')
    O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-1004\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (User 'Kids')
    O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-1004\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe" (User 'Kids')
    O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-1004\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'Kids')
    O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-1005\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'CPC')
    O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-1012\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe (User 'Georgette')
    O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-1013\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe (User 'Caitlin')
    O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-1014\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe (User 'Austin')
    O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-501\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Guest')
    O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
    O4 - S-1-5-21-1417001333-1336601894-839522115-1005 User Startup: Launch Microsoft Office Outlook (2).lnk = D:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE (User 'CPC')
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: APC UPS Status.lnk = ?
    O4 - Global Startup: ASUS WiFi-AP Solo.lnk = C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: SetPoint.lnk = ?
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Send To &Bluetooth - D:\Program Files\Billionton\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~1\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\Billionton\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\Billionton\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - N:\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - N:\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab53083.cab
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab53083.cab
    O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://mail03.mygulfstream.com/iNotes6W.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
    O16 - DPF: {40F8967E-34A6-474A-837A-CEC1E7DAC54C} (QuickBooks Online Edition Utilities Class v9) - https://accounting.quickbooks.com/c4/v16.568/qboax9.cab
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab53083.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133845250247
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
    O16 - DPF: {6ABE4BC3-7253-418E-85E8-F334A73154D3} (CSmartClient Object) - http://www.smart-clip.com/activex/SmartClip.cab
    O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1133846345904
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/software/launch/alaunch.cab
    O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} (Domino Web Access 8 Control) - https://mail03.mygulfstream.com/dwa8W.cab
    O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab53083.cab
    O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab53083.cab
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab53852.cab
    O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://northtexas.clio.medcity.net/dana-cached/setup/JuniperSetupSP1.cab
    O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://livenj04.rightnowtech.com/7513-b224h/rnl/java/RntX.cab
    O16 - DPF: {F53270D3-0E32-48B7-B63B-159E33210F70} (Livelink Edit Control) - https://km.mygulfstream.com/llnksupport/webexp/lledit.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O20 - Winlogon Notify: RDM+ - C:\Program Files\RDM+\notify.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
    O23 - Service: Asset Management Daemon - Unknown owner - C:\Program Files\Portrait Displays\PerfectSuite\dtsslsrv.exe (file missing)
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Program Files\Billionton\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: CyberPatrol UpdateService - CyberPatrol LLC - C:\Program Files\CyberPatrol LLC\CyberPatrol\UpdateService.exe
    O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
    O23 - Service: Google Update Service (gupdate1c9bbef516989fe) (gupdate1c9bbef516989fe) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
    O23 - Service: RDM+ Local Service (RDMPLocalService) - Unknown owner - C:\Program Files\RDM+\rdmpserv.exe (file missing)
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - d:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - d:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    --
    End of file - 22190 bytes
     
  9. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,607
    Open Notepad and copy and paste the text in the code box below into it:

    Code:
    http://forums.techguy.org/malware-removal-hijackthis-logs/825976-windows-no-disk.html#post6688339
    
    Collect::
    c:\winnt\system32\rundll92.exe
    
    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Hotfix-KB5504305"=-
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "<NO NAME>"=-
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "Hotfix-KB5504305"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Hotfix-KB5504305"=-
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Hotfix-KB5504305"=-
    
     
    Save the file to your desktop and name it CFScript.txt

    Refering to the picture below, drag CFScript.txt into ComboFix.exe

    When finished, it shall produce a log for you. Post that log in your next reply.

    [​IMG]


    This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.

    **Note**

    When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
    • Ensure you are connected to the internet and click OK on the message box.

    Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.
     
  10. chrisboc

    chrisboc Thread Starter

    Joined:
    May 10, 2009
    Messages:
    17
    ComboFix 09-05-09.05 - CC 05/13/2009 21:12.3 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.926 [GMT -5:00]
    Running from: c:\documents and settings\CC\Desktop\Combo-Fix.exe
    Command switches used :: c:\documents and settings\CC\Desktop\CFScript.txt
    AV: Norton Internet Security *On-access scanning disabled* (Updated)
    FW: Norton Internet Security *enabled*
    file zipped: c:\winnt\system32\rundll92.exe
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    c:\winnt\system32\rundll92.exe
    .
    ((((((((((((((((((((((((( Files Created from 2009-04-14 to 2009-05-14 )))))))))))))))))))))))))))))))
    .
    2009-05-13 22:14 . 2009-05-13 22:14 -------- dc----w c:\documents and settings\Austin\Local Settings\Application Data\Roblox
    2009-05-13 22:14 . 2009-05-13 22:14 -------- dc----w c:\documents and settings\Austin\Local Settings\Application Data\RobloxDownloads
    2009-05-13 22:14 . 2009-05-13 22:14 -------- dc----w c:\documents and settings\Austin\Local Settings\Application Data\RobloxVersions
    2009-05-11 15:07 . 2007-10-05 21:53 56868 ----a-w C:\AWDFLASH.EXE
    2009-05-10 19:31 . 2009-05-10 19:31 -------- d-----w c:\program files\Evolve Reach RN
    2009-05-10 17:26 . 2009-05-10 17:26 -------- d-----w c:\program files\Trend Micro
    2009-05-08 22:39 . 2009-05-08 22:39 -------- d-----w c:\documents and settings\Kids.BIGDADDY\Local Settings\Application Data\Symantec
    2009-05-07 23:28 . 2009-05-07 23:28 -------- dc----w c:\documents and settings\Caitlin\Local Settings\Application Data\Symantec
    2009-05-07 18:14 . 2009-05-07 18:14 -------- d---a-w c:\program files\Norton Support
    2009-05-07 18:14 . 2009-05-07 18:14 -------- d-----w c:\documents and settings\CC\Local Settings\Application Data\Symantec
    2009-05-07 18:06 . 2009-05-07 18:06 -------- dc----w c:\documents and settings\CC\Application Data\Norton Utilities 14
    2009-05-07 17:48 . 2009-05-07 17:48 36400 ----a-r c:\winnt\system32\drivers\SymIM.sys
    2009-05-07 17:48 . 2009-05-07 17:48 60808 ----a-w c:\winnt\system32\S32EVNT1.DLL
    2009-05-07 17:48 . 2009-05-07 17:48 124464 ----a-w c:\winnt\system32\drivers\SYMEVENT.SYS
    2009-05-07 17:47 . 2009-05-07 17:47 -------- d-----w c:\winnt\system32\drivers\NIS
    2009-05-07 17:47 . 2009-05-07 17:47 -------- d-----w c:\program files\Norton Internet Security
    2009-05-07 17:47 . 2009-05-07 17:47 -------- d-----w c:\program files\Windows Sidebar
    2009-05-07 17:25 . 2009-05-11 01:15 -------- d-----w c:\program files\Norton Utilities 14
    2009-05-07 17:23 . 2009-05-07 17:23 -------- dc----w c:\documents and settings\All Users\Application Data\PCSettings
    2009-05-07 17:21 . 2009-05-07 17:21 -------- dc----w c:\documents and settings\All Users\Application Data\Norton
    2009-05-07 17:21 . 2009-05-07 17:21 -------- d-----w c:\program files\NortonInstaller
    2009-05-07 17:00 . 2009-05-07 17:48 -------- d-----w c:\program files\Symantec
    2009-05-07 17:00 . 2009-05-08 00:05 -------- dc----w c:\documents and settings\All Users\Application Data\Symantec
    2009-05-07 16:38 . 2009-05-07 16:38 -------- dc----w c:\documents and settings\CC\Application Data\TrojanHunter
    2009-05-07 05:56 . 2009-05-07 22:06 -------- d-----w c:\program files\TrojanHunter 5.1
    2009-05-07 05:14 . 2009-05-07 17:46 -------- dc----w c:\documents and settings\All Users\Application Data\NortonInstaller
    2009-05-04 16:55 . 2008-12-11 13:38 159600 ----a-w c:\winnt\system32\drivers\pctgntdi.sys
    2009-05-04 16:55 . 2008-12-18 17:16 73840 ----a-w c:\winnt\system32\drivers\PCTAppEvent.sys
    2009-05-04 16:55 . 2009-04-03 16:18 130936 ----a-w c:\winnt\system32\drivers\PCTCore.sys
    2009-05-04 16:55 . 2009-05-04 16:55 -------- d-----w c:\program files\Common Files\PC Tools
    2009-05-04 16:55 . 2008-12-10 16:36 64392 ----a-w c:\winnt\system32\drivers\pctplsg.sys
    2009-05-04 16:55 . 2009-05-04 16:55 -------- dc----w c:\documents and settings\CC\Application Data\PC Tools
    2009-05-04 16:55 . 2009-05-04 16:55 -------- dc----w c:\documents and settings\All Users\Application Data\PC Tools
    2009-04-26 03:12 . 2009-04-26 03:12 -------- dc----w c:\documents and settings\All Users\Application Data\SmartSound Software Inc
    2009-04-26 03:12 . 2009-04-26 03:12 -------- d-----w c:\program files\SmartSound Software
    2009-04-26 03:11 . 2009-04-26 03:11 -------- d-----w c:\program files\Cyberlink
    2009-04-24 15:17 . 2009-04-24 15:17 -------- d-----w c:\program files\iPod
    2009-04-24 15:17 . 2009-04-24 15:17 -------- d-----w c:\program files\iTunes
    2009-04-24 14:07 . 2009-04-24 14:07 -------- dc----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    2009-04-20 15:49 . 2009-04-20 17:18 -------- d-----w c:\winnt\system32\oodag
    2009-04-16 16:49 . 2009-03-06 14:22 284160 -c----w c:\winnt\system32\dllcache\pdh.dll
    2009-04-16 16:49 . 2009-02-09 12:10 401408 -c----w c:\winnt\system32\dllcache\rpcss.dll
    2009-04-16 16:49 . 2009-02-06 11:11 110592 -c----w c:\winnt\system32\dllcache\services.exe
    2009-04-16 16:49 . 2009-02-09 12:10 473600 -c----w c:\winnt\system32\dllcache\fastprox.dll
    2009-04-16 16:49 . 2009-02-06 10:10 227840 -c----w c:\winnt\system32\dllcache\wmiprvse.exe
    2009-04-16 16:49 . 2009-02-09 12:10 453120 -c----w c:\winnt\system32\dllcache\wmiprvsd.dll
    2009-04-16 16:49 . 2009-02-09 12:10 729088 -c----w c:\winnt\system32\dllcache\lsasrv.dll
    2009-04-16 16:49 . 2009-02-09 12:10 617472 -c----w c:\winnt\system32\dllcache\advapi32.dll
    2009-04-16 16:49 . 2009-02-09 12:10 714752 -c----w c:\winnt\system32\dllcache\ntdll.dll
    2009-04-16 16:48 . 2008-05-03 11:55 2560 ------w c:\winnt\system32\xpsp4res.dll
    2009-04-16 16:48 . 2008-04-21 12:08 215552 -c----w c:\winnt\system32\dllcache\wordpad.exe
    2009-04-16 02:37 . 2009-04-16 02:37 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Google
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-05-13 21:57 . 2009-01-03 19:15 34 -c--a-w c:\documents and settings\Austin\jagex_runescape_preferences.dat
    2009-05-08 19:40 . 2008-01-12 19:12 4232 --sha-w c:\winnt\system32\KGyGaAvL.sys
    2009-05-07 18:10 . 2005-11-23 16:45 -------- d-----w c:\program files\Common Files\Symantec Shared
    2009-05-07 17:48 . 2009-05-07 17:48 805 ----a-w c:\winnt\system32\drivers\SYMEVENT.INF
    2009-05-07 17:48 . 2009-05-07 17:48 7386 ----a-w c:\winnt\system32\drivers\SYMEVENT.CAT
    2009-05-07 05:07 . 2006-06-09 19:23 -------- d-----w c:\program files\LiveUpdate
    2009-05-04 16:35 . 2008-02-09 01:26 -------- d-----w c:\program files\Spybot - Search & Destroy
    2009-05-01 15:32 . 2009-01-12 16:11 -------- d-----w c:\program files\RDM+
    2009-04-29 00:21 . 2009-01-19 15:04 664 -c--a-w c:\documents and settings\Caitlin\Local Settings\Application Data\d3d9caps.tmp
    2009-04-27 22:06 . 2008-12-31 21:00 124112 -c--a-w c:\documents and settings\Caitlin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-04-26 03:13 . 2005-11-28 14:26 124112 ----a-w c:\documents and settings\CC\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-04-26 03:12 . 2005-11-23 16:40 -------- d--h--w c:\program files\InstallShield Installation Information
    2009-04-26 02:27 . 2008-01-12 19:08 -------- d-----w c:\program files\Canon
    2009-04-26 02:24 . 2008-01-12 19:06 -------- d-----w c:\program files\Common Files\Canon
    2009-04-24 15:17 . 2007-10-31 20:35 -------- d-----w c:\program files\Common Files\Apple
    2009-04-16 20:47 . 2007-11-12 02:18 66872 ----a-w c:\winnt\system32\PnkBstrA.exe
    2009-04-13 04:22 . 2005-11-25 02:27 -------- d-----w c:\program files\Google
    2009-04-06 02:08 . 2008-04-02 18:09 -------- d-----w c:\program files\Safari
    2009-03-28 23:10 . 2009-02-27 16:09 34 -c--a-w c:\documents and settings\Caitlin\jagex_runescape_preferences.dat
    2009-03-27 22:31 . 2009-03-27 22:31 -------- d-----w c:\program files\CyberPatrol LLC
    2009-03-20 19:21 . 2008-10-12 23:21 34 ----a-w c:\documents and settings\Kids.BIGDADDY\jagex_runescape_preferences.dat
    2009-03-19 21:32 . 2008-01-29 17:01 23400 ----a-w c:\winnt\system32\drivers\GEARAspiWDM.sys
    2009-03-06 14:22 . 2008-10-12 22:02 284160 ----a-w c:\winnt\system32\pdh.dll
    2009-03-06 04:59 . 2009-04-06 02:12 1900544 ----a-w c:\winnt\system32\usbaaplrc.dll
    2009-03-06 04:59 . 2007-10-31 20:35 36864 ----a-w c:\winnt\system32\drivers\usbaapl.sys
    2009-03-03 00:18 . 2005-12-06 06:18 826368 ----a-w c:\winnt\system32\wininet.dll
    2009-02-28 16:39 . 2009-02-28 16:39 165888 ----a-w c:\winnt\Video Cleaner Pro Uninstaller.exe
    2009-02-21 15:46 . 2006-08-22 01:32 80477 ----a-w c:\winnt\HPHins08.dat
    2009-02-20 18:09 . 2008-10-12 22:02 78336 ----a-w c:\winnt\system32\ieencode.dll
    2007-04-25 08:49 . 2008-01-12 18:58 328 -c----w c:\program files\GuideMenuSetup.iss
    2007-04-06 03:28 . 2008-01-12 19:00 1237 -c----w c:\program files\WinDVDSetup.iss
    2005-11-23 03:40 . 2005-11-23 03:40 271 -csh--w c:\program files\desktop.ini
    2005-11-23 03:40 . 2005-11-23 03:40 21952 -c-ha-w c:\program files\folder.htt
    2002-07-26 23:02 . 2005-12-06 05:00 153088 -c--a-w c:\program files\UNWISE.EXE
    2008-06-24 17:49 . 2006-05-26 01:55 67696 -c--a-w c:\program files\mozilla firefox\components\jar50.dll
    2008-06-24 17:49 . 2006-05-26 01:55 54376 -c--a-w c:\program files\mozilla firefox\components\jsd3250.dll
    2008-06-24 17:49 . 2008-02-10 00:00 34952 -c--a-w c:\program files\mozilla firefox\components\myspell.dll
    2008-06-24 17:49 . 2008-02-10 00:00 46720 -c--a-w c:\program files\mozilla firefox\components\spellchk.dll
    2008-06-24 17:49 . 2006-05-26 01:55 172144 -c--a-w c:\program files\mozilla firefox\components\xpinstal.dll
    2008-01-12 19:12 . 2008-01-12 19:12 8 --sh--r c:\winnt\system32\F087802693.sys
    .
    ((((((((((((((((((((((((((((( SnapShot@2009-05-11_01.04.11 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-05-12 22:58 . 2009-05-12 22:54 32768 c:\winnt\Temp\Temporary Internet Files\Content.IE5\index.dat
    + 2009-05-11 17:32 . 2009-05-11 17:32 16384 c:\winnt\Temp\Perflib_Perfdata_a4c.dat
    + 2009-05-14 02:20 . 2009-05-14 02:20 16384 c:\winnt\Temp\Perflib_Perfdata_734.dat
    + 2009-05-12 22:58 . 2009-05-12 22:54 16384 c:\winnt\Temp\History\History.IE5\index.dat
    + 2009-05-12 22:58 . 2009-05-12 22:54 16384 c:\winnt\Temp\Cookies\index.dat
    - 1999-12-07 06:00 . 2009-05-10 17:11 68988 c:\winnt\system32\perfc009.dat
    + 1999-12-07 06:00 . 2009-05-11 17:35 68988 c:\winnt\system32\perfc009.dat
    + 2005-11-23 05:23 . 2009-05-14 01:30 32768 c:\winnt\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    - 2005-11-23 05:23 . 2009-05-09 01:00 32768 c:\winnt\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2005-11-23 05:23 . 2009-05-14 01:30 16384 c:\winnt\system32\config\systemprofile\Cookies\index.dat
    - 2005-11-23 05:23 . 2009-05-09 01:00 16384 c:\winnt\system32\config\systemprofile\Cookies\index.dat
    + 1999-12-07 06:00 . 2009-05-11 17:35 422894 c:\winnt\system32\perfh009.dat
    - 1999-12-07 06:00 . 2009-05-10 17:11 422894 c:\winnt\system32\perfh009.dat
    + 2009-03-12 04:16 . 2009-03-12 04:16 689536 c:\winnt\Downloaded Program Files\Manager.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\winnt\system32\ctfmon.exe" [2008-04-14 15360]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
    "NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-05 81920]
    "NVIDIA Performance Examiner"="c:\winnt\system32\nvCplUI.exe" [2008-10-07 797216]
    "Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2007-08-29 1347584]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
    "NortonUtilities"="c:\program files\Norton Utilities 14\nu.exe" [2009-01-27 3831144]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-22 68856]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "<NO NAME>"="c:\program files\Internet Explorer\iexplore.exe" [2009-02-28 636072]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DWZCABoot"="c:\winnt\System32\DZCABoot.exe" [2005-04-13 110592]
    "DWZKillMe"="c:\winnt\DZSAVEME.EXE" [2001-07-25 20480]
    "USBToolTip"="c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2004-04-23 192512]
    "Profiler"="c:\program files\Saitek\Software\Profiler.exe" [2004-10-20 159744]
    "SaiSmart"="c:\program files\Saitek\Software\SaiSmart.exe" [2004-10-20 98304]
    "SaiMfd"="c:\program files\Saitek\Software\SaiMfd.exe" [2004-10-20 135168]
    "TrueImageMonitor.exe"="d:\program files\Acronis\TrueImage\TrueImageMonitor.exe" [2005-12-27 988736]
    "OSSelectorReinstall"="c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2006-04-12 1261475]
    "NvCplDaemon"="c:\winnt\system32\NvCpl.dll" [2008-10-07 13574144]
    "PCLEPCI"="c:\progra~1\Pinnacle\PPE\PPE.EXE" [2004-02-03 49152]
    "DWPersistentQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE" [2007-02-26 437160]
    "Acrobat Assistant 7.0"="d:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-13 483328]
    "SetDefPrt"="c:\program files\Brother\Brmfl04g\BrStDvPt.exe" [2004-11-11 49152]
    "ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2004-11-12 864256]
    "WinSys2"="c:\winnt\system32\winsys2.exe" [2006-04-29 208896]
    "GuideMenu"="c:\program files\Corel\Corel GuideMenu\GuideMenu.exe" [2007-08-07 1282048]
    "NvMediaCenter"="c:\winnt\system32\NvMcTray.dll" [2008-10-07 86016]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472]
    "CyberPatrolNew"="c:\program files\CyberPatrol LLC\CyberPatrol\cphq.exe" [2008-12-19 1975552]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
    "UpdatePDRShortCut"="d:\program files\CyberLink\PowerDirector\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
    "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\winnt\system32\bthprops.cpl [2008-04-14 110592]
    "nwiz"="nwiz.exe" - c:\winnt\system32\nwiz.exe [2008-10-07 1630208]
    "SoundMan"="SOUNDMAN.EXE" - c:\winnt\SOUNDMAN.EXE [2005-06-21 77824]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\winnt\KHALMNPR.Exe [2005-12-20 28160]
    "CTHelper"="CTHELPER.EXE" - c:\winnt\system32\CtHelper.exe [2008-06-27 19456]
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2008-04-14 214528]
    "tscuninstall"="c:\winnt\system32\tscupgrd.exe" [2004-08-04 44544]
    "SetDefaultMIDI"="MIDIDEF.EXE" - c:\winnt\system32\MIDIDEF.EXE [2008-06-27 28672]
    c:\documents and settings\CPC\Start Menu\Programs\Startup\
    Launch Microsoft Office Outlook (2).lnk - d:\program files\Microsoft Office\OFFICE11\OUTLOOK.EXE [2008-4-23 199688]
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Acrobat Speed Launcher.lnk - c:\winnt\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-2-28 25214]
    APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2008-1-15 221247]
    ASUS WiFi-AP Solo.lnk - c:\program files\ASUS WiFi-AP Solo\RtWLan.exe [2007-11-26 995328]
    BTTray.lnk - d:\program files\Billionton\Bluetooth Software\BTTray.exe [2004-11-29 569405]
    HP Digital Imaging Monitor.lnk - d:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
    Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-11-16 67128]
    SetPoint.lnk - d:\program files\SetPoint\SetPoint.exe [2007-5-4 532480]
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoRecentDocs Menu"= 1 (0x1)
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\RDM+]
    2008-04-13 11:43 61440 ----a-w c:\program files\RDM+\notify.dll
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
    "aux"= mmdrv.dll
    "wave5"= serwvdrv.dll
    "wave"= serwvdrv.dll
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0oodbs
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
    @="FSFilter Activity Monitor"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Audible Download Manager.lnk]
    backup=c:\winnt\pss\Audible Download Manager.lnkCommon Startup
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
    backup=c:\winnt\pss\Microsoft Works Calendar Reminders.lnkCommon Startup
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
    backup=c:\winnt\pss\QuickBooks Update Agent.lnkCommon Startup
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SATARAID5.lnk]
    backup=c:\winnt\pss\SATARAID5.lnkCommon Startup
    [HKLM\~\startupfolder\C:^Documents and Settings^CC^Start Menu^Programs^Startup^PdaNet Desktop.lnk]
    backup=c:\winnt\pss\PdaNet Desktop.lnkStartup
    [HKLM\~\startupfolder\C:^Documents and Settings^CC^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
    backup=c:\winnt\pss\Picture Motion Browser Media Check Tool.lnkStartup
    [HKLM\~\startupfolder\C:^Documents and Settings^CC^Start Menu^Programs^Startup^YouTube Uploader.lnk]
    backup=c:\winnt\pss\YouTube Uploader.lnkStartup
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "ZuneNetworkSvc"=3 (0x3)
    "VMware NAT Service"=2 (0x2)
    "vmount2"=2 (0x2)
    "VMnetDHCP"=2 (0x2)
    "vmh"=3 (0x3)
    "VMAuthdService"=2 (0x2)
    "Virtual Server"=2 (0x2)
    "UleadBurningHelper"=2 (0x2)
    "O&O Defrag"=2 (0x2)
    "LiveUpdate Notice"=2 (0x2)
    "LiveUpdate"=3 (0x3)
    "IDriverT"=3 (0x3)
    "gusvc"=3 (0x3)
    "Automatic LiveUpdate Scheduler"=2 (0x2)
    "RoxWatch9"=2 (0x2)
    "RoxMediaDB9"=3 (0x3)
    "iPod Service"=3 (0x3)
    "DTSRVC"=2 (0x2)
    "awhost32"=2 (0x2)
    "Viewpoint Manager Service"=2 (0x2)
    "PnkBstrB"=2 (0x2)
    "PnkBstrA"=2 (0x2)
    "nTuneService"=2 (0x2)
    "Nero BackItUp Scheduler 3"=2 (0x2)
    "CCALib8"=2 (0x2)
    "Apple Mobile Device"=2 (0x2)
    "AcrSch2Svc"=2 (0x2)
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "s:\\!softwarelibrary\\bitcomet\\BitComet.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\WINNT\\system32\\ZoneLabs\\vsmon.exe"=
    "c:\\Program Files\\Sprite Software\\Sprite Backup\\SpriteService.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "d:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
    "d:\program files\Microsoft ActiveSync\rapimgr.exe"= d:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "d:\program files\Microsoft ActiveSync\wcescomm.exe"= d:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "d:\program files\Microsoft ActiveSync\WCESMgr.exe"= d:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\WINNT\\system32\\PnkBstrA.exe"=
    "c:\\WINNT\\system32\\PnkBstrB.exe"=
    "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "d:\\Program Files\\River Past\\Video Cleaner Pro\\VideoCleaner.exe"=
    "d:\\Program Files\\America's Army Deploy Client\\AADeployClient.exe"=
    "d:\\Program Files\\America's Army\\System\\ArmyOps.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "9420:TCP"= 9420:TCP:Red Swoosh
    "5000:UDP"= 5000:UDP:Red Swoosh
    "19911:TCP"= 19911:TCP:BitComet 19911 TCP
    "19911:UDP"= 19911:UDP:BitComet 19911 UDP
    "9978:TCP"= 9978:TCP:BitComet 9978 TCP
    "9978:UDP"= 9978:UDP:BitComet 9978 UDP
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    R0 iteraid;ITERAID_Service_Install;c:\winnt\system32\drivers\iteraid.sys [11/23/2005 11:42 AM 21851]
    R0 PCTCore;PCTools KDS;c:\winnt\system32\drivers\PCTCore.sys [5/4/2009 11:55 AM 130936]
    R0 SymEFA;Symantec Extended File Attributes;c:\winnt\system32\drivers\NIS\1005000.087\SymEFA.sys [5/7/2009 12:48 PM 310320]
    R1 BHDrvx86;Symantec Heuristics Driver;c:\winnt\system32\drivers\NIS\1005000.087\BHDrvx86.sys [5/7/2009 12:48 PM 258608]
    R1 ccHP;Symantec Hash Provider;c:\winnt\system32\drivers\NIS\1005000.087\cchpx86.sys [5/7/2009 12:48 PM 482352]
    R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090508.002\IDSXpx86.sys [5/8/2009 3:22 PM 276344]
    R2 BCMNTIO;BCMNTIO;d:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [12/19/2005 7:33 PM 3744]
    R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [5/7/2009 12:48 PM 115560]
    R3 COMMONFX.SYS;COMMONFX.SYS;c:\winnt\system32\drivers\COMMONFX.sys [6/27/2008 8:21 PM 99352]
    R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\winnt\system32\drivers\CTAUDFX.sys [6/27/2008 8:21 PM 555032]
    R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\winnt\system32\drivers\CTSBLFX.sys [6/27/2008 8:21 PM 566296]
    R3 dfmirage;dfmirage;c:\winnt\system32\drivers\dfmirage.sys [4/15/2008 6:49 AM 31896]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/7/2009 1:09 PM 101936]
    R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\winnt\system32\drivers\RTL8187.sys [1/11/2007 7:20 PM 194304]
    S2 gupdate1c9bbef516989fe;Google Update Service (gupdate1c9bbef516989fe);c:\program files\Google\Update\GoogleUpdate.exe [4/12/2009 11:21 PM 133104]
    S2 NTFILERW;NTFILERW;\??\c:\winnt\System32\Drivers\NTFILERW.SYS --> c:\winnt\System32\Drivers\NTFILERW.SYS [?]
    S2 RDMPLocalService;RDM+ Local Service;"c:\program files\RDM+\rdmpserv.exe" --> c:\program files\RDM+\rdmpserv.exe [?]
    S3 autorun;autorun;\??\c:\huadio.tmp --> c:\huadio.tmp [?]
    S3 BW2NDIS5;BW2NDIS5;c:\winnt\system32\Drivers\BW2NDIS5.sys --> c:\winnt\system32\Drivers\BW2NDIS5.sys [?]
    S3 COMMONFX;COMMONFX;c:\winnt\system32\drivers\COMMONFX.sys [6/27/2008 8:21 PM 99352]
    S3 CTAUDFX;CTAUDFX;c:\winnt\system32\drivers\CTAUDFX.sys [6/27/2008 8:21 PM 555032]
    S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\winnt\system32\drivers\CTERFXFX.sys [6/27/2008 8:21 PM 100888]
    S3 CTERFXFX;CTERFXFX;c:\winnt\system32\drivers\CTERFXFX.sys [6/27/2008 8:21 PM 100888]
    S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\winnt\system32\drivers\ctlsb16.sys [5/14/2007 4:21 PM 96256]
    S3 CTSBLFX;CTSBLFX;c:\winnt\system32\drivers\CTSBLFX.sys [6/27/2008 8:21 PM 566296]
    S3 CyberPatrol UpdateService;CyberPatrol UpdateService;c:\program files\CyberPatrol LLC\CyberPatrol\UpdateService.exe [3/27/2009 5:31 PM 144704]
    S3 mgau;mgau;c:\winnt\system32\drivers\mgaum.sys [7/19/2006 6:48 PM 320384]
    S3 pcx2nd5;Toshiba PCX2000 USB Cable Modem networking driver (NDIS);c:\winnt\system32\drivers\pcx2nd5.sys [1/23/2007 7:20 PM 17648]
    S3 pcx2unic;Toshiba PCX2000 USB Cable Modem WDM driver;c:\winnt\system32\drivers\pcx2unic.sys [1/23/2007 7:20 PM 69456]
    S3 pnetmdm;PdaNet Modem;c:\winnt\system32\drivers\pnetmdm.sys [1/12/2006 3:04 PM 9472]
    S3 PortTalk;PortTalk;c:\winnt\system32\drivers\PortTalk.sys [6/5/2006 7:37 PM 3567]
    S3 SaiH0255;SaiH0255;c:\winnt\system32\drivers\SaiH0255.sys [5/23/2006 9:57 PM 121984]
    S3 sdAuxService;PC Tools Auxiliary Service;d:\program files\Spyware Doctor\pctsAuxs.exe [5/4/2009 11:55 AM 348752]
    S3 SetupNTGLM7X;SetupNTGLM7X;\??\y:\ntglm7x.sys --> y:\NTGLM7X.sys [?]
    S3 viz2000;Visioneer USB Kernel V2.0;c:\winnt\system32\drivers\usbscan.sys [10/12/2008 5:01 PM 15104]
    S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [9/24/2008 10:49 PM 24652]
    S4 Virtual Server;Virtual Server;c:\program files\Microsoft Virtual Server\vssrvc.exe [7/23/2004 7:58 PM 2983288]
    S4 vmh;Virtual Machine Helper;c:\program files\Microsoft Virtual Server\vmh.exe [7/23/2004 7:47 PM 137984]
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
    \Shell\AutoRun\command - l:\.\Bin\Assetup.exe
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4fe6b294-1621-11db-bc85-000fea353c5e}]
    \Shell\AutoRun\command - L:\setupSNK.exe
    .
    Contents of the 'Scheduled Tasks' folder
    2009-05-09 c:\winnt\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
    2009-05-14 c:\winnt\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-26 04:19]
    2009-05-14 c:\winnt\Tasks\GoogleUpdateTaskMachine.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-13 04:20]
    2007-10-03 c:\winnt\Tasks\Spybot - Search & Destroy - Scheduled Task.job
    - n:\spybot - search & destroy\SpybotSD.exe [2004-05-12 06:04]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mStart Page = hxxp://www.yahoo.com/
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    IE: Convert link target to Adobe PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert to existing PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Send To &Bluetooth - d:\program files\Billionton\Bluetooth Software\btsendto_ie_ctx.htm
    LSP: c:\winnt\system32\cplsp.dll
    Trusted Zone: cingular.com\www.myaccount
    Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
    DPF: {6ABE4BC3-7253-418E-85E8-F334A73154D3} - hxxp://www.smart-clip.com/activex/SmartClip.cab
    DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxps://mail03.mygulfstream.com/dwa8W.cab
    DPF: {F53270D3-0E32-48B7-B63B-159E33210F70} - hxxps://km.mygulfstream.com/llnksupport/webexp/lledit.cab
    FF - ProfilePath - c:\documents and settings\CC\Application Data\Mozilla\Firefox\Profiles\9ehoe3sv.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
    FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
    FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
    .
    **************************************************************************
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-05-13 21:21
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    GuideMenu = c:\program files\Corel\Corel GuideMenu\GuideMenu.exe -hide??x??????mP???????X???????????????\???????????????????????Y????N??????????[?????+x????????????????????????W???`???????????????????????????S?????>?????????????????????????/?????+x????????????0??????????
    CTHelper = CTHELPER.EXE?
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Norton Internet Security]
    "ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.5.0.135\diMaster.dll\" /prefetch:1"
    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\autorun]
    "ImagePath"="\??\c:\huadio.tmp"
    .
     
  11. chrisboc

    chrisboc Thread Starter

    Joined:
    May 10, 2009
    Messages:
    17
    --------------------- LOCKED REGISTRY KEYS ---------------------
    [HKEY_USERS\S-1-5-21-1417001333-1336601894-839522115-1000\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    [HKEY_USERS\S-1-5-21-1417001333-1336601894-839522115-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:35,a3,bc,98,85,19,39,9c,12,51,50,3a,2c,b3,8f,a1,ed,cc,7b,10,49,90,42,
    ef,5c,8b,92,63,60,85,21,08,d6,f3,96,17,42,47,87,65,ef,44,31,81,6e,e8,84,73,\
    "??"=hex:c5,e7,c1,65,0d,c8,31,19,27,1d,8a,43,4a,0f,e3,ed
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINNT\\System32\\OLE32.DLL"
    "cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,37,f7,a0,ba,8e,
    94,53,87,c8,28,51,af,b0,29,a3,98,f6,30,24,0c,5b,34,2d,54,e2,63,26,f1,3f,c8,\
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINNT\\System32\\OLE32.DLL"
    "bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,2e,ab,34,d1,51,
    eb,cb,75,71,3b,04,66,8b,46,0d,96,84,93,d5,40,10,a4,e2,f2,6a,9c,d6,61,af,45,\
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINNT\\System32\\OLE32.DLL"
    "2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,ce,96,c6,22,ad,
    82,7c,cb,25,da,ec,7e,55,20,c9,26,40,f3,0d,53,ca,26,e9,cb,ff,7c,85,e0,43,d4,\
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINNT\\System32\\OLE32.DLL"
    "2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,0d,21,c9,92,5f,
    57,14,b3,3e,1e,9e,e0,57,5a,93,61,5b,a6,0e,70,1b,cc,b6,0b,86,8c,21,01,be,91,\
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINNT\\System32\\OLE32.DLL"
    "caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,9c,18,50,80,c9,
    cf,9f,c1,cd,44,cd,b9,a6,33,6c,cd,31,a4,11,0f,d7,d4,b1,e3,f5,1d,4d,73,a8,13,\
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINNT\\System32\\OLE32.DLL"
    "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,c3,68,3f,e9,a5,
    58,fc,29,b0,18,ed,a7,3f,8d,37,a4,d3,9d,f8,29,4c,d2,84,61,df,20,58,62,78,6b,\
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINNT\\System32\\OLE32.DLL"
    "4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,a8,18,9a,0a,05,
    83,47,06,31,77,e1,ba,b1,f8,68,02,96,8e,62,bf,ad,a0,ec,cb,fb,a7,78,e6,12,2f,\
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINNT\\System32\\OLE32.DLL"
    "1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,e2,61,db,16,01,
    64,33,7b,83,6c,56,8b,a0,85,96,ab,d6,5e,20,2a,00,1b,67,65,01,3a,48,fc,e8,04,\
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINNT\\System32\\OLE32.DLL"
    "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,a9,a7,11,22,36,
    15,39,66,51,fa,6e,91,28,9e,14,cc,73,bd,82,8e,36,d7,46,f6,f6,0f,4e,58,98,5b,\
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINNT\\System32\\OLE32.DLL"
    "f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,6c,8d,a5,6d,9f,
    62,2c,f9,b1,cd,45,5a,a8,c4,f8,b9,ba,56,cc,2b,8a,52,8c,88,3d,ce,ea,26,2d,45,\
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINNT\\System32\\OLE32.DLL"
    "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,7d,77,bc,80,1c,
    e5,73,ce,e3,0e,66,d5,eb,bc,2f,6b,43,28,43,9b,7b,f9,dd,65,2a,b7,cc,b5,b9,7f,\
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINNT\\System32\\OLE32.DLL"
    "8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,8e,53,dd,18,93,
    99,f7,4e,fa,ea,66,7f,d4,3b,6b,70,a5,c7,af,03,55,92,56,20,6c,43,2d,1e,aa,22,\
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
    "OODEFRAG06.00.00.01WORKSTATION"="800682321E698C33013C144E8573D1509A792389D5406787526A8942B51AAE67632038A0BA1091F6F2027CC56384CFC854FDD9C5A20BDE5DD892E9757B9DD7DCB52CDC0727987695F2C57676D59026566FE8A94373EC2490F471BF03865C28C75728093695922860A92B2BFC27DDA4AA7FA5720C4B80874DC05638FEB06691F40C6D5D715723DADE23B0CC6BC3455FA77AF4139FCE739E733DE606F7FADE4BDF7AA47B70668106FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A6A0AC4980AC79339DB7CE019D40AA5CFEBC9E127BECC74C3595F99AFE27EA720B880129042AD2FAF7500ACADC95A00619DE6220007857F95A8CB77C63340E59E6B9B01AD3EA2E7EF480D5DCAA788268D4F746AFC27D9A1F570745684576FB9B01C58F3DCC6B1CC890F105CBC9A83A95D2EF1FAEC506F88CC5DABEA7E8454F070EADBD4FDD7CCE6BBCEE5D65788DADFAE177F81BB534A93071C29586069B39AC7852B38EEB118A3821217A76E535554F8723B3752F4D7CC15C5C0E5745997A63DD7D383C4E42A645971B4B55B8514088786E024144BB543A39AA407148006CC60FD76B2050CA0E6F2E4F13D708340D6322B6ED07FB8D26D6F21499AB2137793291F3BC04338A44D52818E7D9E2D971E0253BD0D44F757C9624625B6655C8A1CA20C2F4B72B065C5A7C30B3BBC85CB845D2A2DB3BAD47F6C11DC49A8062657773271D2B8D5FE5FC25D339B7E0AFFE3F1733F511CDF6FE465FE24D3F62365FA15948BDCEDB6BF364A00FB784B080A5F42402234BA582B831BD2F7306F3332D5C6959C4217D6122E1FC3F13819718D860FAAFFB33601BB792EC6D8F7FA2316877D4E2B43850C382D82C2B186804C7461B715EB44B9DFCE0D6423DE111617A52D413A4F47D370A4F44E6CC77CA6AD3BDD09EE5E765015B3F0358750B73A5CF4DEBDE0E512E9A22E22E27544588C2753545DED2912935DB00AB0B9C93B3E7625FC934C579DC636A3D372C23F95A87D9454B526394946619F4FAFAEF633127D9348B5724006F80B7829479CFF1C9B823AA4DDE8BB57444A093308EE04B2364D01B654EB75D1F64D0790ED5A46D37DAE446C829F39DEF8474F61C6E92FC102557851F6042EB7A07F31000CCA092D375299C4F9F76DAFBDE8A5CA6885D0ED574EF0B939FB86C62614F5559ACF666A6136BD785F223DE65114CA6490CCE7925DD1166B05BC5808D72887D200A0CD78AC41E4424953DFDCA5B195A126F279D8174A6F77BAB44B1843EB65F6C3BFB372F1DA652F8C03D72A202432124ECDABC46CC8F400C69C7E82649E477E95B96B71634DB1865F0CD5932CC0F4AB580937D1E809D688B339577A221146559C8DAF297260D4C5F65CF34968AB7460F69ABE98AAF1A3939EAA7"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    - - - - - - - > 'winlogon.exe'(2028)
    c:\program files\RDM+\notify.dll
    - - - - - - - > 'lsass.exe'(484)
    c:\winnt\system32\relog_ap.dll
    - - - - - - - > 'explorer.exe'(2152)
    c:\winnt\system32\nview.dll
    d:\program files\SetPoint\lgscroll.dll
    c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
    c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
    c:\winnt\system32\mshtml.dll
    c:\winnt\IME\SPGRMR.DLL
    c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
    c:\winnt\system32\WPDShServiceObj.dll
    c:\winnt\system32\PortableDeviceTypes.dll
    c:\winnt\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe
    c:\program files\Bonjour\mDNSResponder.exe
    d:\program files\Billionton\Bluetooth Software\bin\btwdins.exe
    c:\program files\Juniper Networks\Common Files\dsNcService.exe
    c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\winnt\system32\nvsvc32.exe
    c:\winnt\system32\HPZipm12.exe
    c:\program files\Common Files\Protexis\License Service\PSIService.exe
    c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\winnt\system32\wscntfy.exe
    c:\winnt\system32\rundll32.exe
    c:\winnt\system32\rundll32.exe
    c:\winnt\system32\rundll32.exe
    c:\program files\CyberPatrol LLC\CyberPatrol\cpserver.exe
    c:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe
    c:\program files\CyberPatrol LLC\CyberPatrol\cpACtrl.exe
    c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    c:\program files\CyberPatrol LLC\CyberPatrol\cpCCtrl.exe
    c:\program files\CyberPatrol LLC\CyberPatrol\cpkbinst.exe
    d:\program files\HP\Digital Imaging\bin\hpqste08.exe
    .
    **************************************************************************
    .
    Completion time: 2009-05-14 21:27 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-05-14 02:27
    ComboFix2.txt 2009-05-11 01:24
    ComboFix3.txt 2009-05-11 01:11
    Pre-Run: 19,335,208,960 bytes free
    Post-Run: 19,695,620,096 bytes free
    Current=2 Default=2 Failed=1 LastKnownGood=5 Sets=1,2,3,4,5
    504 --- E O F --- 2009-04-29 08:01
     
  12. chrisboc

    chrisboc Thread Starter

    Joined:
    May 10, 2009
    Messages:
    17
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:23:06 PM, on 5/13/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16827)
    Boot mode: Normal
    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    D:\Program Files\Billionton\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
    C:\WINNT\system32\nvsvc32.exe
    C:\WINNT\system32\HPZipm12.exe
    C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
    C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
    C:\WINNT\system32\rundll32.exe
    C:\Program Files\Saitek\Software\Profiler.exe
    C:\Program Files\Saitek\Software\SaiSmart.exe
    C:\Program Files\Saitek\Software\SaiMfd.exe
    D:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
    C:\WINNT\SOUNDMAN.EXE
    D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\WINNT\system32\rundll32.exe
    C:\Program Files\Corel\Corel GuideMenu\GuideMenu.exe
    C:\WINNT\system32\RUNDLL32.EXE
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\CyberPatrol LLC\CyberPatrol\cphq.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\CyberPatrol LLC\CyberPatrol\cpserver.exe
    C:\Program Files\AWS\WeatherBug\Weather.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
    D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    D:\Program Files\SetPoint\SetPoint.exe
    C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
    C:\Program Files\CyberPatrol LLC\CyberPatrol\cpACtrl.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\Program Files\CyberPatrol LLC\CyberPatrol\cpCCtrl.exe
    C:\Program Files\CyberPatrol LLC\CyberPatrol\cpkbinst.exe
    D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINNT\explorer.exe
    C:\WINNT\system32\notepad.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - N:\SPYBOT~1\SDHelper.dll
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
    O4 - HKLM\..\Run: [DWZCABoot] C:\WINNT\System32\DZCABoot.exe
    O4 - HKLM\..\Run: [DWZKillMe] C:\WINNT\DZSAVEME.EXE
    O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
    O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
    O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
    O4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
    O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\PPE.EXE
    O4 - HKLM\..\Run: [DWPersistentQueuedReporting] C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE -a
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
    O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [WinSys2] C:\WINNT\system32\winsys2.exe
    O4 - HKLM\..\Run: [GuideMenu] C:\Program Files\Corel\Corel GuideMenu\GuideMenu.exe -hide
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [CyberPatrolNew] "C:\Program Files\CyberPatrol LLC\CyberPatrol\cphq.exe" /m
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [UpdatePDRShortCut] "d:\Program Files\CyberLink\PowerDirector\PowerDirector\MUITransfer\MUIStartMenu.exe" "d:\Program Files\CyberLink\PowerDirector\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
    O4 - HKCU\..\Run: [NVIDIA Performance Examiner] C:\WINNT\system32\nvCplUI.exe /page:{"0832D71B-1429-4747-8D59-B4B784798112"}
    O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [NortonUtilities] C:\Program Files\Norton Utilities 14\nu.exe /S
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\RunOnce: [] C:\Program Files\Internet Explorer\iexplore.exe http://www.symantec.com/techsupp/se...0000049.000000b9&g=00000082.000000e6.0000026f
    O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-1004\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Kids')
    O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-1004\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Kids')
    O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-1004\..\Run: [Microsoft Works Update Detection] ???\WkDetect.exe (User 'Kids')
    O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-1004\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe (User 'Kids')
    O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-1004\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (User 'Kids')
    O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-1004\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe" (User 'Kids')
    O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-1004\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'Kids')
    O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-1005\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'CPC')
    O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-1012\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe (User 'Georgette')
    O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-1013\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe (User 'Caitlin')
    O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-1014\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe (User 'Austin')
    O4 - HKUS\S-1-5-21-1417001333-1336601894-839522115-501\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Guest')
    O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
    O4 - S-1-5-21-1417001333-1336601894-839522115-1005 User Startup: Launch Microsoft Office Outlook (2).lnk = D:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE (User 'CPC')
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: APC UPS Status.lnk = ?
    O4 - Global Startup: ASUS WiFi-AP Solo.lnk = C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: SetPoint.lnk = ?
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Send To &Bluetooth - D:\Program Files\Billionton\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~1\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\Billionton\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\Billionton\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - N:\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - N:\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab53083.cab
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab53083.cab
    O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://mail03.mygulfstream.com/iNotes6W.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
    O16 - DPF: {40F8967E-34A6-474A-837A-CEC1E7DAC54C} (QuickBooks Online Edition Utilities Class v9) - https://accounting.quickbooks.com/c4/v16.568/qboax9.cab
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab53083.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133845250247
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
    O16 - DPF: {6ABE4BC3-7253-418E-85E8-F334A73154D3} (CSmartClient Object) - http://www.smart-clip.com/activex/SmartClip.cab
    O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1133846345904
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/software/launch/alaunch.cab
    O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} (Domino Web Access 8 Control) - https://mail03.mygulfstream.com/dwa8W.cab
    O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab53083.cab
    O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab53083.cab
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab53852.cab
    O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://northtexas.clio.medcity.net/dana-cached/setup/JuniperSetupSP1.cab
    O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://livenj04.rightnowtech.com/7513-b224h/rnl/java/RntX.cab
    O16 - DPF: {F53270D3-0E32-48B7-B63B-159E33210F70} (Livelink Edit Control) - https://km.mygulfstream.com/llnksupport/webexp/lledit.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O20 - Winlogon Notify: RDM+ - C:\Program Files\RDM+\notify.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
    O23 - Service: Asset Management Daemon - Unknown owner - C:\Program Files\Portrait Displays\PerfectSuite\dtsslsrv.exe (file missing)
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Program Files\Billionton\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: CyberPatrol UpdateService - CyberPatrol LLC - C:\Program Files\CyberPatrol LLC\CyberPatrol\UpdateService.exe
    O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
    O23 - Service: Google Update Service (gupdate1c9bbef516989fe) (gupdate1c9bbef516989fe) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
    O23 - Service: RDM+ Local Service (RDMPLocalService) - Unknown owner - C:\Program Files\RDM+\rdmpserv.exe (file missing)
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - d:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - d:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    --
    End of file - 21983 bytes
     
  13. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,607
    Please download Malwarebytes' Anti-Malware from Here.

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish, so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the entire report in your next reply.
    Extra Note:

    If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
     
  14. chrisboc

    chrisboc Thread Starter

    Joined:
    May 10, 2009
    Messages:
    17
    Malwarebytes' Anti-Malware 1.36
    Database version: 2139
    Windows 5.1.2600 Service Pack 3
    5/15/2009 8:57:27 PM
    mbam-log-2009-05-15 (20-57-27).txt
    Scan type: Quick Scan
    Objects scanned: 148206
    Time elapsed: 5 minute(s), 20 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 10
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 1
    Files Infected: 5
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000162-9980-0010-8000-00aa00389b71} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{bb05bd70-4605-4829-93fc-ad80d8cc5b66} (Rogue.PerformanceCenter) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\DVDConv (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDConv (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINNT\system32\erdmpg-5.3.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    C:\Documents and Settings\CC\Start Menu\Programs\DVDConv (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    Files Infected:
    C:\Documents and Settings\CC\Start Menu\Programs\DVDConv\Uninstall.lnk (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Documents and Settings\CPC\Cookies\MM2048.DAT (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\CPC\Cookies\MM256.DAT (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINNT\system32\erdmpg-5.3.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINNT\system32\csrss.old2 (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
     
  15. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,607
    Please do an online scan with Kaspersky WebScanner

    Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have Java then you will need to go to the following link and download the latest version:

    JRE 6 Update 13

    Instructions for Kaspersky scan:

    1. Read through the requirements and privacy statement and click on Accept button.
    2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    3. When the downloads have finished, click on Settings.
    4. Make sure the following is checked.
      • Spyware, Adware, Dialers, and other potentially dangerous programs
        Archives
        Mail databases
    5. Click on My Computer under Scan.
    6. Once the scan is complete, it will display the results. Click on View Scan Report.
    7. You will see a list of infected items there. Click on Save Report As....
    8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
    9. Please post this log in your next reply.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/825976