Jump to content

pskarulis

Members
  • Content Count

    171
  • Joined

  • Last visited

About pskarulis

  • Rank
    Member
  • Birthday 11/09/1948

Profile Information

  • Gender
    Male

Previous Fields

  • Teams:
    Nothing Selected
  1. I am getting ready to replace the hard drive on my HP Pavillion 23. It showing early signs of failure. Blue screens etc. The installation seems straight forward enough. However the rub is reinstalling windows. I don't have any media. My copy is digitally enabled, I downloaded the crate media tool from microsoft to a blank flash drive, but when opening the file, it started a setup screen which I aborted. I don't want to damage the system while trying to create a way to reinstall it. Please help. (I wish we still had the old replacement discs. lol)
  2. Just a quick note. The problem is resolved. I uninstalled the diver for the network adapter and reinstalled it.
  3. Thanks for replying Tom, The commands yousent ddn't work. The modem is for wireless broadband (WIFI). I get the message that it can't be renewed while it is disconnected. I did it earlier today whil on the phone with clear (internet provider). All I remember was the commands referred to clearing a cache, and something about "winsock". Sorry if this ll seems ignorant, but I didn't think to write the commands down as she was dictating them.
  4. The IP address keeps disappearing from the network connection. When I click on repair, e error msg says that it is unable to complete the repair. I know there is a way to reset this from the command prompt, but do not remember how. More importantly, I need to know why this is happening. I am running xp service pak 3. Thanks
  5. The problem may be the difference in operating systems. Seems to me, when I set up my wirteless network, (Windows 7).there wasw a comment about not being able to use different operating systems when it comes to sharing devices.( xp,etc.).
  6. No, it shows up as a registry entry in the current user section under run, it is in a groupimg that includes ctfmon and spyware doctor.
  7. Does any one know what FSN is? I have googles it, with no response that are relevant. I have disables it, but would like to know what it is and why all of a sudden it show up in the list of startup programs. Thanls for your help
  8. Juliet All done. Once aagain, thanks for all of your help.
  9. Hi, New logs . I hope we're near the end of this. ComboFix 08-04-09.9 - Peter Sakrulis 2008-04-10 11:35:05.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.131 [GMT -4:00] Running from: C:\Documents and Settings\Peter Sakrulis\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Peter Sakrulis\Desktop\CFScript.txt * Created a new restore point FILE :: C:\Program Files\Trend Micro\HijackThis\backups\backup-20080408-215228-627.dll C:\WINDOWS\system32\ocntkkdn.exe C:\WINDOWS\system32\vbzip10.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\Trend Micro\HijackThis\backups\backup-20080408-215228-627.dll C:\SDFix C:\SDFix\apps\assosfix.reg C:\SDFix\apps\cliptext.exe C:\SDFix\apps\download.exe C:\SDFix\apps\dummy.sys C:\SDFix\apps\Enable_Command_Prompt.reg C:\SDFix\apps\ERDNT.E_E C:\SDFix\apps\ERDNTDOS.LOC C:\SDFix\apps\ERDNTWIN.LOC C:\SDFix\apps\ERUNT.EXE C:\SDFix\apps\ERUNT.LOC C:\SDFix\apps\fix.reg C:\SDFix\apps\FixBH.reg C:\SDFix\apps\FixComponents.reg C:\SDFix\apps\FIXCU.reg C:\SDFix\apps\FIXLM.reg C:\SDFix\apps\FixPath.exe C:\SDFix\apps\FixRedir.reg C:\SDFix\apps\FixSchedule.reg C:\SDFix\apps\FixWebCheck.reg C:\SDFix\apps\fixXP.reg C:\SDFix\apps\FixXPsp2.reg C:\SDFix\apps\grep.exe C:\SDFix\apps\HPFix.reg C:\SDFix\apps\HPFix2.reg C:\SDFix\apps\HPFix3.reg C:\SDFix\apps\HPFix4.reg C:\SDFix\apps\HPFix5.reg C:\SDFix\apps\HPFix6.reg C:\SDFix\apps\HPFix7.reg C:\SDFix\apps\isadmin.exe C:\SDFix\apps\leg2.txt C:\SDFix\apps\legacy.txt C:\SDFix\apps\legacybk.txt C:\SDFix\apps\locate.com C:\SDFix\apps\LS.exe C:\SDFix\apps\MD5File.exe C:\SDFix\apps\MyGcpvFix.reg C:\SDFix\apps\MyGkFix2.reg C:\SDFix\apps\Process.exe C:\SDFix\apps\procs.exe C:\SDFix\apps\psservice.exe C:\SDFix\apps\Rem.txt C:\SDFix\apps\Rem2.txt C:\SDFix\apps\Replace\regedit.exe C:\SDFix\apps\Replace\W2K.exe C:\SDFix\apps\Replace\w2k\beep.sys C:\SDFix\apps\Replace\w2k\null.sys C:\SDFix\apps\Replace\XP.exe C:\SDFix\apps\Replace\xp\beep.sys C:\SDFix\apps\Replace\xp\null.sys C:\SDFix\apps\Reset_AppInit_DLLs.reg C:\SDFix\apps\RestartIt!.exe C:\SDFix\apps\Restore_SecurityCenter.reg C:\SDFix\apps\Restore_SharedAccess.reg C:\SDFix\apps\sc.exe C:\SDFix\apps\sed.exe C:\SDFix\apps\SF.exe C:\SDFix\apps\shutdown.exe C:\SDFix\apps\srv2.txt C:\SDFix\apps\srv2bk.txt C:\SDFix\apps\svc.txt C:\SDFix\apps\svcbk.txt C:\SDFix\apps\swreg.exe C:\SDFix\apps\swsc.exe C:\SDFix\apps\unzip.exe C:\SDFix\apps\vfind.exe C:\SDFix\apps\WINMSG.EXE C:\SDFix\apps\winsec.reg C:\SDFix\apps\zip.exe C:\SDFix\catchme.exe C:\SDFix\dummy.sys C:\SDFix\Report.txt C:\SDFix\RunThis.bat C:\SDFix\SDFIX_ReadMe_Online.url C:\WINDOWS\system32\bharebio18 C:\WINDOWS\system32\bharebio18\bharebio182328.exe C:\WINDOWS\system32\ocntkkdn.exe C:\WINDOWS\system32\vbzip10.dll . ((((((((((((((((((((((((( Files Created from 2008-03-10 to 2008-04-10 ))))))))))))))))))))))))))))))) . 2008-04-10 11:08 . 2008-04-10 11:09 <DIR> d-------- C:\Documents and Settings\Peter Sakrulis\.SunDownloadManager 2008-04-10 08:38 . 2008-04-10 08:38 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-04-10 08:38 . 2008-04-10 08:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-04-08 22:01 . 2008-04-08 22:01 <DIR> d-------- C:\WINDOWS\ERUNT 2008-04-08 13:46 . 2008-04-08 13:46 <DIR> d-------- C:\Documents and Settings\Peter Sakrulis\Application Data\Grisoft 2008-04-08 13:46 . 2008-04-08 13:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-04-08 13:46 . 2007-05-30 08:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-04-07 18:58 . 2008-04-07 18:58 <DIR> d-------- C:\Program Files\Alwil Software 2008-04-07 15:31 . 2008-04-09 20:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater 2008-04-07 14:29 . 2008-04-07 15:27 <DIR> d-------- C:\Program Files\Hitware Popup Killer Lite 3 2008-04-07 12:33 . 2008-04-07 13:29 <DIR> d-------- C:\Program Files\Spyware Doctor 2008-04-07 08:42 . 2008-04-07 08:42 <DIR> d-------- C:\Program Files\Trend Micro 2008-04-06 23:04 . 2008-04-06 23:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SITEguard 2008-04-06 23:03 . 2008-04-06 23:03 <DIR> d-------- C:\Program Files\Common Files\iS3 2008-04-06 23:03 . 2008-04-07 11:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla! 2008-04-06 22:07 . 2008-04-06 22:07 <DIR> d-------- C:\Program Files\Lavasoft 2008-04-06 22:07 . 2008-04-06 22:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-04-06 22:06 . 2008-04-06 22:06 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-04-06 19:49 . 2008-04-08 14:45 <DIR> d-------- C:\Temp 2008-04-03 21:21 . 2008-04-03 21:21 <DIR> d-------- C:\Program Files\OpenOffice.org 2.4 2008-04-03 12:23 . 2008-04-03 12:23 <DIR> d-------- C:\Program Files\Vasilios Applications 2008-04-03 12:23 . 2008-04-03 12:23 17,408 --a------ C:\psapi.dll 2008-04-02 08:44 . 2008-04-02 08:45 <DIR> d-------- C:\WINDOWS\system32\Adobe 2008-03-23 11:35 . 2008-03-23 11:35 <DIR> d-------- C:\Documents and Settings\Peter Sakrulis\Application Data\Uniblue 2008-03-18 12:44 . 2008-03-26 18:31 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-03-18 12:44 . 2008-03-18 12:44 1,409 --a------ C:\WINDOWS\QTFont.for 2008-03-18 12:43 . 2008-03-18 12:44 <DIR> d-------- C:\Documents and Settings\Peter Sakrulis\Application Data\Apple Computer 2008-03-18 12:42 . 2008-03-18 12:42 <DIR> d-------- C:\Program Files\QuickTime 2008-03-18 12:42 . 2008-03-18 12:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-03-18 12:41 . 2008-03-18 12:41 <DIR> d-------- C:\Program Files\Common Files\Apple 2008-03-18 12:41 . 2008-03-18 12:41 <DIR> d-------- C:\Program Files\Apple Software Update 2008-03-18 12:41 . 2008-03-18 12:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple 2008-03-10 14:10 . 2008-04-07 12:25 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-10 15:33 --------- d-----w C:\Documents and Settings\Peter Sakrulis\Application Data\OpenOffice.org2 2008-04-10 15:25 --------- d-----w C:\Program Files\Java 2008-04-10 01:12 --------- d-----w C:\Documents and Settings\Peter Sakrulis\Application Data\LimeWire 2008-04-10 01:11 --------- d-----w C:\Program Files\LimeWire 2008-04-08 19:25 --------- d-----w C:\Program Files\PCPitstop 2008-04-08 19:25 --------- d-----w C:\Program Files\Common Files\Scanner 2008-04-07 19:32 --------- d-----w C:\Program Files\Google 2008-04-07 16:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-02-28 18:14 --------- d-----w C:\Documents and Settings\Peter Sakrulis\Application Data\acccore 2008-02-28 18:09 --------- d-----w C:\Program Files\Common Files\AOL 2008-02-28 18:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL 2008-02-28 18:07 --------- d-----w C:\Program Files\Common Files\aolshare 2008-02-28 18:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP 2008-02-28 18:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads 2008-02-26 14:34 691,545 ----a-w C:\WINDOWS\unins000.exe 2008-02-23 15:09 --------- d-----w C:\Program Files\Common Files\SupportSoft 2008-02-23 15:09 --------- d-----w C:\Program Files\Comcast 2008-02-23 15:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-02-17 20:03 --------- d-----w C:\Program Files\Windows Media Connect 2 2007-08-24 13:50 32 ----a-r C:\Documents and Settings\All Users\hash.dat . ((((((((((((((((((((((((((((( snapshot_2008-04-10_ 8.06.44.78 ))))))))))))))))))))))))))))))))))))))))) . - 2008-04-10 12:06:26 53,248 ----a-w C:\WINDOWS\PSEXESVC.EXE + 2008-04-10 15:36:35 53,248 ----a-w C:\WINDOWS\PSEXESVC.EXE - 2007-12-14 04:57:22 135,168 ----a-w C:\WINDOWS\system32\java.exe + 2008-02-22 05:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe - 2007-12-14 04:57:24 135,168 ----a-w C:\WINDOWS\system32\javaw.exe + 2008-02-22 05:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe - 2007-12-14 05:59:16 139,264 ----a-w C:\WINDOWS\system32\javaws.exe + 2008-02-22 06:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe + 2005-05-24 16:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll + 2007-08-29 19:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe + 2007-08-29 19:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 16:00 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-07 15:31 68856] "Spyware Doctor"="C:\PROGRA~1\SPYWAR~1\swdoctor.exe" [2005-05-26 09:52 1506544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 16:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 16:00 455168] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-11-17 17:29 7700480] "RTHDCPL"="RTHDCPL.EXE" [2007-05-10 18:08 16342528 C:\WINDOWS\RTHDCPL.EXE] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-11-17 17:29 86016] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25 6731312] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] C:\Documents and Settings\Peter Sakrulis\Start Menu\Programs\Startup\ OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 15:41:28 393216] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-10 16:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMOFFICE4DMOUSE] --a------ 2007-02-13 22:52 958464 C:\Program Files\Wireless Optical Mouse\MOffice.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= R3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver;C:\WINDOWS\system32\drivers\HCWBT8XX.sys [2006-01-25 17:14] R3 moufiltr;Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\moufiltr.sys [2007-02-13 22:52] S1 ndistapii;ndistapii;C:\WINDOWS\system32\drivers\ndistapii.sys [] S3 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 18:46] S3 psdfilter;psdfilter;C:\WINDOWS\system32\Drivers\psdfilter.sys [2006-04-08 00:17] S3 psdvdisk;psdvdisk;C:\WINDOWS\system32\Drivers\psdvdisk.sys [2006-03-08 21:10] S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [] . Contents of the 'Scheduled Tasks' folder "2007-10-18 02:01:05 C:\WINDOWS\Tasks\American_Gangster_1018_0200.job" - C:\PROGRA~1\WinTV\WinTV2K.EXEF -c62 -ntod -startr:American_Gangster_1018_0200.mpg -qdef -limit:3600 "2007-09-20 23:46:20 C:\WINDOWS\Tasks\Inside_American_Jail_0921_0000.job" - C:\PROGRA~1\WinTV\WinTV2K.EXEI -c49 -ntod -startr:Inside_American_Jail_0921_0000.mpg -qdef -limit:1800 "2007-09-17 23:53:00 C:\WINDOWS\Tasks\WinTV_01.job" - C:\PROGRA~1\WinTV\WinTV2K.EXE3 -c49 -ntod -startr:WinTV_01.mpg -qvcd -limit:3600 . ************************************************************************** catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-10 11:36:42 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv] "ImagePath"="\??\C:\DOCUME~1\PETERS~1\LOCALS~1\Temp\mc21.tmp" . Completion time: 2008-04-10 11:37:15 ComboFix-quarantined-files.txt 2008-04-10 15:37:04 ComboFix2.txt 2008-04-09 02:45:20 Pre-Run: 61,293,998,080 bytes free Post-Run: 61,277,126,656 bytes free . 2008-04-10 11:14:43 --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:39:54 AM, on 4/10/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [spyware Doctor] C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} (SupportSoft External Control) - https://actsvr.comcastonline.com/techtools/...%20Controls.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1173896411512 O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- End of file - 7882 bytes
  10. Hi, Will do as recommended. Computer seems to be fine. Will post logs as soon as complete
  11. Hi Juliet Kapersky and HJT just finished. Here are the logs ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Thursday, April 10, 2008 9:50:28 AM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 10/04/2008 Kaspersky Anti-Virus database records: 695757 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ F:\ G:\ H:\ I:\ Scan Statistics: Total number of scanned objects: 62499 Number of viruses found: 11 Number of infected objects: 32 Number of suspicious objects: 0 Duration of the scan process: 00:45:28 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\SupportSoft\ddoctorv2\SYSTEM\state\logs\sprtcmd.log Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Peter Sakrulis\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Peter Sakrulis\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Peter Sakrulis\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Peter Sakrulis\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Peter Sakrulis\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Peter Sakrulis\ntuser.dat Object is locked skipped C:\Documents and Settings\Peter Sakrulis\ntuser.dat.LOG Object is locked skipped C:\Program Files\Trend Micro\HijackThis\backups\backup-20080408-215228-627.dll Infected: not-a-virus:Downloader.Win32.PopCap.b skipped C:\QooBox\Quarantine\C\SDFix\backups\backups.zip.vir/backups/lsass.exe Infected: Backdoor.Win32.VB.czs skipped C:\QooBox\Quarantine\C\SDFix\backups\backups.zip.vir ZIP: infected - 1 skipped C:\QooBox\Quarantine\C\WINDOWS\system32\axV\weag2NT.exe.vir Infected: Trojan-Downloader.Win32.Small.tzu skipped C:\QooBox\Quarantine\C\WINDOWS\system32\jxmsyrsd.dll.vir Infected: Packed.Win32.Monder.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\pdiajmlq.dll_old.vir Infected: Packed.Win32.Monder.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\ppxyphih.dll.vir Infected: Packed.Win32.Monder.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\qfgphovq.dll.vir Infected: Packed.Win32.Monder.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\wii\HTgn1dll.exe.vir/stream/data0003 Infected: not-a-virus:AdWare.Win32.TrafficSol.ai skipped C:\QooBox\Quarantine\C\WINDOWS\system32\wii\HTgn1dll.exe.vir/stream Infected: not-a-virus:AdWare.Win32.TrafficSol.ai skipped C:\QooBox\Quarantine\C\WINDOWS\system32\wii\HTgn1dll.exe.vir NSIS: infected - 2 skipped C:\QooBox\Quarantine\catchme2008-04-08_224138.92.zip/Documents and Settings/Peter Sakrulis/Desktop/catchme.zip/mlJbxxXQ.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mxj skipped C:\QooBox\Quarantine\catchme2008-04-08_224138.92.zip/Documents and Settings/Peter Sakrulis/Desktop/catchme.zip/xxywTKBu.dll Infected: Packed.Win32.Monder.gen skipped C:\QooBox\Quarantine\catchme2008-04-08_224138.92.zip/Documents and Settings/Peter Sakrulis/Desktop/catchme.zip Infected: Packed.Win32.Monder.gen skipped C:\QooBox\Quarantine\catchme2008-04-08_224138.92.zip ZIP: infected - 3 skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\tracking.log Object is locked skipped C:\System Volume Information\_restore{56686BB7-17B2-473F-821C-EB36BA31F9DE}\RP58\A0032194.dll Infected: Packed.Win32.Monder.gen skipped C:\System Volume Information\_restore{56686BB7-17B2-473F-821C-EB36BA31F9DE}\RP58\A0032196.exe Infected: Trojan-Downloader.Win32.Homles.au skipped C:\System Volume Information\_restore{56686BB7-17B2-473F-821C-EB36BA31F9DE}\RP58\A0032197.exe Infected: Trojan-Downloader.Win32.Homles.au skipped C:\System Volume Information\_restore{56686BB7-17B2-473F-821C-EB36BA31F9DE}\RP60\A0032243.dll Infected: not-a-virus:AdWare.Win32.TrafficSol.ai skipped C:\System Volume Information\_restore{56686BB7-17B2-473F-821C-EB36BA31F9DE}\RP60\A0032287.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mxi skipped C:\System Volume Information\_restore{56686BB7-17B2-473F-821C-EB36BA31F9DE}\RP61\A0034559.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.am skipped C:\System Volume Information\_restore{56686BB7-17B2-473F-821C-EB36BA31F9DE}\RP61\A0034601.exe Infected: Backdoor.Win32.VB.czs skipped C:\System Volume Information\_restore{56686BB7-17B2-473F-821C-EB36BA31F9DE}\RP61\A0034609.exe Infected: Backdoor.Win32.VB.czs skipped C:\System Volume Information\_restore{56686BB7-17B2-473F-821C-EB36BA31F9DE}\RP62\A0034652.dll Infected: Packed.Win32.Monder.gen skipped C:\System Volume Information\_restore{56686BB7-17B2-473F-821C-EB36BA31F9DE}\RP62\A0034653.dll Infected: Packed.Win32.Monder.gen skipped C:\System Volume Information\_restore{56686BB7-17B2-473F-821C-EB36BA31F9DE}\RP62\A0034654.dll Infected: Packed.Win32.Monder.gen skipped C:\System Volume Information\_restore{56686BB7-17B2-473F-821C-EB36BA31F9DE}\RP65\A0035854.exe Infected: Trojan-Downloader.Win32.Small.tzu skipped C:\System Volume Information\_restore{56686BB7-17B2-473F-821C-EB36BA31F9DE}\RP65\A0035856.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.TrafficSol.ai skipped C:\System Volume Information\_restore{56686BB7-17B2-473F-821C-EB36BA31F9DE}\RP65\A0035856.exe/stream Infected: not-a-virus:AdWare.Win32.TrafficSol.ai skipped C:\System Volume Information\_restore{56686BB7-17B2-473F-821C-EB36BA31F9DE}\RP65\A0035856.exe NSIS: infected - 2 skipped C:\System Volume Information\_restore{56686BB7-17B2-473F-821C-EB36BA31F9DE}\RP65\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\system32\bharebio18\bharebio182328.exe Infected: Trojan-Downloader.Win32.VB.dsk skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\ocntkkdn.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.aw skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:53:30 AM, on 4/10/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\alg.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} (SupportSoft External Control) - https://actsvr.comcastonline.com/techtools/...%20Controls.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1173896411512 O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- End of file - 7606 bytes
  12. Hi, I am posting two logs. WE HAVE A PROBLEM. My computer says it is running XP Media Edition. When downloading from microsoft I checked Home edition.. When Combofix did it's thing, the log says Windows XP professional Edition WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect /usepmtimer C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons ComboFix 08-04-09.9 - Peter Sakrulis 2008-04-10 8:05:06.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.191 [GMT -4:00] Running from: C:\Documents and Settings\Peter Sakrulis\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Peter Sakrulis\Desktop\CFScript.txt * Created a new restore point FILE :: C:\DOCUME~1\PETERS~1\LOCALS~1\Temp\mc26.tmp C:\Program Files\wt3d.ini C:\WINDOWS\system32\ikdedord.ini C:\WINDOWS\system32\pdiajmlq.dll_old C:\WINDOWS\system32\targetedbanner-uninst.exe C:\WINDOWS\system32\vktyydow.dll C:\WINDOWS\system32\winpfz33.sys . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\Coupons C:\Program Files\Coupons\Coupons.com.url C:\Program Files\Coupons\uninstall.exe C:\Program Files\Coupons\Uninstall\IRIMG1.JPG C:\Program Files\Coupons\Uninstall\IRIMG2.JPG C:\Program Files\Coupons\Uninstall\IRIMG3.JPG C:\Program Files\Coupons\Uninstall\IRIMG4.JPG C:\Program Files\Coupons\Uninstall\IRIMG5.JPG C:\Program Files\Coupons\Uninstall\IRIMG6.JPG C:\Program Files\Coupons\Uninstall\IRIMG7.JPG C:\Program Files\Coupons\Uninstall\IRIMG8.JPG C:\Program Files\Coupons\Uninstall\uninstall.dat C:\Program Files\Coupons\Uninstall\uninstall.xml C:\Program Files\wt3d.ini C:\SDFix\backups C:\SDFix\backups\backupreg.zip C:\SDFix\backups\backups.zip C:\SDFix\backups\catchme.log C:\SDFix\backups\catchme.zip C:\SDFix\backups\HOSTS C:\WINDOWS\system32\axV C:\WINDOWS\system32\axV\weag2NT.exe C:\WINDOWS\system32\ExTmp C:\WINDOWS\system32\IDE2 C:\WINDOWS\system32\IDE2\mdllcom2.exe C:\WINDOWS\system32\ikdedord.ini C:\WINDOWS\system32\pdiajmlq.dll_old C:\WINDOWS\system32\pinz1 C:\WINDOWS\system32\targetedbanner-uninst.exe C:\WINDOWS\system32\vktyydow.dll C:\WINDOWS\system32\wii C:\WINDOWS\system32\wii\HTgn1dll.exe C:\WINDOWS\system32\winpfz33.sys . ((((((((((((((((((((((((( Files Created from 2008-03-10 to 2008-04-10 ))))))))))))))))))))))))))))))) . 2008-04-08 22:01 . 2008-04-08 22:01 <DIR> d-------- C:\WINDOWS\ERUNT 2008-04-08 19:34 . 2008-04-10 08:05 <DIR> d-------- C:\SDFix 2008-04-08 13:46 . 2008-04-08 13:46 <DIR> d-------- C:\Documents and Settings\Peter Sakrulis\Application Data\Grisoft 2008-04-08 13:46 . 2008-04-08 13:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-04-08 13:46 . 2007-05-30 08:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-04-07 18:58 . 2008-04-07 18:58 <DIR> d-------- C:\Program Files\Alwil Software 2008-04-07 15:31 . 2008-04-09 20:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater 2008-04-07 14:29 . 2008-04-07 15:27 <DIR> d-------- C:\Program Files\Hitware Popup Killer Lite 3 2008-04-07 12:33 . 2008-04-07 13:29 <DIR> d-------- C:\Program Files\Spyware Doctor 2008-04-07 08:42 . 2008-04-07 08:42 <DIR> d-------- C:\Program Files\Trend Micro 2008-04-06 23:04 . 2008-04-06 23:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SITEguard 2008-04-06 23:03 . 2008-04-06 23:03 <DIR> d-------- C:\Program Files\Common Files\iS3 2008-04-06 23:03 . 2008-04-07 11:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla! 2008-04-06 22:07 . 2008-04-06 22:07 <DIR> d-------- C:\Program Files\Lavasoft 2008-04-06 22:07 . 2008-04-06 22:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-04-06 22:06 . 2008-04-06 22:06 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-04-06 19:52 . 2008-04-06 19:52 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll 2008-04-06 19:51 . 2008-04-06 19:51 196,678 --a------ C:\WINDOWS\system32\ocntkkdn.exe 2008-04-06 19:49 . 2008-04-06 19:49 <DIR> d-------- C:\WINDOWS\system32\bharebio18 2008-04-06 19:49 . 2008-04-08 14:45 <DIR> d-------- C:\Temp 2008-04-03 21:21 . 2008-04-03 21:21 <DIR> d-------- C:\Program Files\OpenOffice.org 2.4 2008-04-03 12:23 . 2008-04-03 12:23 <DIR> d-------- C:\Program Files\Vasilios Applications 2008-04-03 12:23 . 2008-04-03 12:23 17,408 --a------ C:\psapi.dll 2008-04-02 08:44 . 2008-04-02 08:45 <DIR> d-------- C:\WINDOWS\system32\Adobe 2008-03-23 11:35 . 2008-03-23 11:35 <DIR> d-------- C:\Documents and Settings\Peter Sakrulis\Application Data\Uniblue 2008-03-18 12:44 . 2008-03-26 18:31 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-03-18 12:44 . 2008-03-18 12:44 1,409 --a------ C:\WINDOWS\QTFont.for 2008-03-18 12:43 . 2008-03-18 12:44 <DIR> d-------- C:\Documents and Settings\Peter Sakrulis\Application Data\Apple Computer 2008-03-18 12:42 . 2008-03-18 12:42 <DIR> d-------- C:\Program Files\QuickTime 2008-03-18 12:42 . 2008-03-18 12:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-03-18 12:41 . 2008-03-18 12:41 <DIR> d-------- C:\Program Files\Common Files\Apple 2008-03-18 12:41 . 2008-03-18 12:41 <DIR> d-------- C:\Program Files\Apple Software Update 2008-03-18 12:41 . 2008-03-18 12:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple 2008-03-10 14:10 . 2008-04-07 12:25 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-10 11:46 --------- d-----w C:\Documents and Settings\Peter Sakrulis\Application Data\OpenOffice.org2 2008-04-10 01:12 --------- d-----w C:\Documents and Settings\Peter Sakrulis\Application Data\LimeWire 2008-04-10 01:11 --------- d-----w C:\Program Files\LimeWire 2008-04-08 19:25 --------- d-----w C:\Program Files\PCPitstop 2008-04-08 19:25 --------- d-----w C:\Program Files\Common Files\Scanner 2008-04-07 19:32 --------- d-----w C:\Program Files\Google 2008-04-07 16:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-04-04 01:18 --------- d-----w C:\Program Files\Java 2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-02-28 18:14 --------- d-----w C:\Documents and Settings\Peter Sakrulis\Application Data\acccore 2008-02-28 18:09 --------- d-----w C:\Program Files\Common Files\AOL 2008-02-28 18:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL 2008-02-28 18:07 --------- d-----w C:\Program Files\Common Files\aolshare 2008-02-28 18:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP 2008-02-28 18:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads 2008-02-26 14:34 691,545 ----a-w C:\WINDOWS\unins000.exe 2008-02-23 15:09 --------- d-----w C:\Program Files\Common Files\SupportSoft 2008-02-23 15:09 --------- d-----w C:\Program Files\Comcast 2008-02-23 15:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-02-17 20:03 --------- d-----w C:\Program Files\Windows Media Connect 2 2007-08-24 13:50 32 ----a-r C:\Documents and Settings\All Users\hash.dat . ((((((((((((((((((((((((((((( [email protected]_22.44.39.45 ))))))))))))))))))))))))))))))))))))))))) . + 2008-03-19 09:40:27 1,845,888 ----a-w C:\WINDOWS\$hf_mig$\KB941693\SP2QFE\win32k.sys + 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spmsg.dll + 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spuninst.exe + 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\spcustom.dll + 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\update.exe + 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\updspapi.dll + 2008-02-20 05:19:35 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsapi.dll + 2008-02-20 18:49:36 45,568 ----a-w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsrslvr.dll + 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB945553\spmsg.dll + 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB945553\spuninst.exe + 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\spcustom.dll + 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\update.exe + 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\updspapi.dll + 2008-02-20 06:52:43 282,624 ----a-w C:\WINDOWS\$hf_mig$\KB948590\SP2QFE\gdi32.dll + 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB948590\spmsg.dll + 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB948590\spuninst.exe + 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\spcustom.dll + 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\update.exe + 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\updspapi.dll + 2007-12-07 02:21:45 124,928 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\advpack.dll + 2007-12-19 23:01:06 347,136 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtmsft.dll + 2007-12-07 02:21:45 214,528 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtrans.dll + 2007-12-07 02:21:45 133,120 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\extmgr.dll + 2007-12-07 02:21:45 63,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\icardie.dll + 2007-12-06 11:00:57 70,656 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ie4uinit.exe + 2007-12-07 02:21:45 153,088 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakeng.dll + 2007-12-07 02:21:45 230,400 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieaksie.dll + 2007-12-06 04:59:51 161,792 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakui.dll + 2007-12-07 02:21:45 383,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dll + 2007-12-07 02:21:45 384,512 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iedkcs32.dll + 2007-12-07 02:21:46 6,066,176 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieframe.dll + 2007-12-07 02:21:46 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iernonce.dll + 2007-12-07 02:21:46 267,776 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iertutil.dll + 2007-12-06 11:00:58 13,824 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieudinit.exe + 2007-12-06 11:01:25 625,664 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe + 2007-12-07 02:21:47 27,648 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\jsproxy.dll + 2007-12-07 02:21:47 459,264 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeeds.dll + 2007-12-07 02:21:47 52,224 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeedsbs.dll + 2007-12-08 05:21:48 3,592,192 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtml.dll + 2007-12-07 02:21:47 478,208 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtmled.dll + 2007-12-07 02:21:48 193,024 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msrating.dll + 2007-12-07 02:21:48 671,232 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mstime.dll + 2007-12-07 02:21:48 102,912 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\occache.dll + 2008-01-11 05:53:32 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\pngfilt.dll + 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe + 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\updspapi.dll + 2007-12-07 02:21:48 105,984 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\url.dll + 2007-12-07 02:21:48 1,159,680 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\urlmon.dll + 2007-12-07 02:21:48 233,472 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\webcheck.dll + 2007-12-07 02:21:48 824,832 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll + 2008-04-10 12:06:26 53,248 ----a-w C:\WINDOWS\PSEXESVC.EXE - 2007-12-07 02:21:45 124,928 ----a-w C:\WINDOWS\system32\advpack.dll + 2008-03-01 13:06:20 124,928 ----a-w C:\WINDOWS\system32\advpack.dll - 2007-12-07 02:21:45 124,928 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll + 2008-03-01 13:06:20 124,928 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll - 2006-06-26 17:37:10 148,480 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll + 2008-02-20 05:32:43 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll - 2004-08-10 20:00:00 45,568 -c--a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll + 2008-02-20 05:32:43 45,568 -c--a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll - 2007-12-19 23:01:06 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll + 2008-03-01 13:06:21 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll - 2007-12-07 02:21:45 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll + 2008-03-01 13:06:21 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll - 2007-12-07 02:21:45 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll + 2008-03-01 13:06:21 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll - 2007-06-19 13:31:19 282,112 -c--a-w C:\WINDOWS\system32\dllcache\gdi32.dll + 2008-02-20 06:51:05 282,624 -c--a-w C:\WINDOWS\system32\dllcache\gdi32.dll - 2007-12-07 02:21:45 63,488 -c--a-w C:\WINDOWS\system32\dllcache\icardie.dll + 2008-03-01 13:06:21 63,488 -c--a-w C:\WINDOWS\system32\dllcache\icardie.dll - 2007-12-06 11:00:57 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe + 2008-02-29 08:55:23 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe - 2007-12-07 02:21:45 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll + 2008-03-01 13:06:21 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll - 2007-12-07 02:21:45 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll + 2008-03-01 13:06:21 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll - 2007-12-06 04:59:51 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll + 2008-02-15 05:44:25 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll - 2007-12-07 02:21:45 383,488 -c--a-w C:\WINDOWS\system32\dllcache\ieapfltr.dll + 2008-03-01 13:06:22 383,488 -c--a-w C:\WINDOWS\system32\dllcache\ieapfltr.dll - 2007-12-07 02:21:45 384,512 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll + 2008-03-01 13:06:22 384,512 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll - 2007-12-07 02:21:46 6,066,176 -c--a-w C:\WINDOWS\system32\dllcache\ieframe.dll + 2008-03-01 13:06:24 6,066,176 -c--a-w C:\WINDOWS\system32\dllcache\ieframe.dll - 2007-12-07 02:21:46 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll + 2008-03-01 13:06:24 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll - 2007-12-07 02:21:46 267,776 -c--a-w C:\WINDOWS\system32\dllcache\iertutil.dll + 2008-03-01 13:06:25 267,776 -c--a-w C:\WINDOWS\system32\dllcache\iertutil.dll - 2007-12-06 11:00:58 13,824 -c--a-w C:\WINDOWS\system32\dllcache\ieudinit.exe + 2008-02-22 10:00:51 13,824 -c--a-w C:\WINDOWS\system32\dllcache\ieudinit.exe - 2007-12-06 11:01:25 625,664 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe + 2008-02-29 08:55:46 625,664 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe - 2007-12-07 02:21:47 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll + 2008-03-01 13:06:25 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll - 2007-12-07 02:21:47 459,264 -c--a-w C:\WINDOWS\system32\dllcache\msfeeds.dll + 2008-03-01 13:06:26 459,264 -c--a-w C:\WINDOWS\system32\dllcache\msfeeds.dll - 2007-12-07 02:21:47 52,224 -c--a-w C:\WINDOWS\system32\dllcache\msfeedsbs.dll + 2008-03-01 13:06:26 52,224 -c--a-w C:\WINDOWS\system32\dllcache\msfeedsbs.dll - 2007-12-08 05:21:48 3,592,192 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll + 2008-03-01 22:36:30 3,591,680 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll - 2007-12-07 02:21:47 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll + 2008-03-01 13:06:28 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll - 2007-12-07 02:21:48 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll + 2008-03-01 13:06:28 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll - 2007-12-07 02:21:48 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll + 2008-03-01 13:06:29 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll - 2007-12-07 02:21:48 102,912 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll + 2008-03-01 13:06:29 102,912 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll - 2008-01-11 05:53:32 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll + 2008-03-01 13:06:29 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll - 2007-12-07 02:21:48 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll + 2008-03-01 13:06:29 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll - 2007-12-07 02:21:48 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll + 2008-03-01 13:06:30 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll - 2007-12-07 02:21:48 233,472 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll + 2008-03-01 13:06:30 233,472 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll - 2007-03-08 13:47:48 1,843,584 -c--a-w C:\WINDOWS\system32\dllcache\win32k.sys + 2008-03-19 09:47:00 1,845,248 -c--a-w C:\WINDOWS\system32\dllcache\win32k.sys - 2007-12-07 02:21:48 824,832 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll + 2008-03-01 13:06:31 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll - 2006-06-26 17:37:10 148,480 ----a-w C:\WINDOWS\system32\dnsapi.dll + 2008-02-20 05:32:43 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll - 2007-12-19 23:01:06 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll + 2008-03-01 13:06:21 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll - 2007-12-07 02:21:45 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll + 2008-03-01 13:06:21 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll - 2007-12-07 02:21:45 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll + 2008-03-01 13:06:21 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll - 2008-04-07 01:42:04 194,568 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT + 2008-04-10 11:44:22 194,568 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT - 2007-12-07 02:21:45 63,488 ----a-w C:\WINDOWS\system32\icardie.dll + 2008-03-01 13:06:21 63,488 ----a-w C:\WINDOWS\system32\icardie.dll - 2007-12-06 11:00:57 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe + 2008-02-29 08:55:23 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe - 2007-12-07 02:21:45 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll + 2008-03-01 13:06:21 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll - 2007-12-07 02:21:45 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll + 2008-03-01 13:06:21 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll - 2007-12-06 04:59:51 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll + 2008-02-15 05:44:25 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll - 2007-12-07 02:21:45 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll + 2008-03-01 13:06:22 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll - 2007-12-07 02:21:45 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll + 2008-03-01 13:06:22 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll - 2007-12-07 02:21:46 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll + 2008-03-01 13:06:24 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll - 2007-12-07 02:21:46 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll + 2008-03-01 13:06:24 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll - 2007-12-07 02:21:46 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll + 2008-03-01 13:06:25 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll - 2007-12-06 11:00:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe + 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe - 2007-12-07 02:21:47 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll + 2008-03-01 13:06:25 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll + 2008-04-06 02:56:22 19,836,024 ----a-w C:\WINDOWS\system32\MRT.exe - 2007-12-07 02:21:47 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll + 2008-03-01 13:06:26 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll - 2007-12-07 02:21:47 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll + 2008-03-01 13:06:26 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll - 2007-12-08 05:21:48 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll + 2008-03-01 22:36:30 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll - 2007-12-07 02:21:47 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll + 2008-03-01 13:06:28 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll - 2007-12-07 02:21:48 193,024 ----a-w C:\WINDOWS\system32\msrating.dll + 2008-03-01 13:06:28 193,024 ----a-w C:\WINDOWS\system32\msrating.dll - 2007-12-07 02:21:48 671,232 ----a-w C:\WINDOWS\system32\mstime.dll + 2008-03-01 13:06:29 671,232 ----a-w C:\WINDOWS\system32\mstime.dll - 2007-12-07 02:21:48 102,912 ----a-w C:\WINDOWS\system32\occache.dll + 2008-03-01 13:06:29 102,912 ----a-w C:\WINDOWS\system32\occache.dll - 2008-01-11 05:53:32 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll + 2008-03-01 13:06:29 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll - 2007-12-07 02:21:48 105,984 ----a-w C:\WINDOWS\system32\url.dll + 2008-03-01 13:06:29 105,984 ----a-w C:\WINDOWS\system32\url.dll - 2007-12-07 02:21:48 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll + 2008-03-01 13:06:30 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll - 2007-12-07 02:21:48 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll + 2008-03-01 13:06:30 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Spyware Doctor"="C:\PROGRA~1\SPYWAR~1\swdoctor.exe" [2005-05-26 09:52 1506544] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 16:00 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-07 15:31 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 16:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 16:00 455168] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-11-17 17:29 7700480] "RTHDCPL"="RTHDCPL.EXE" [2007-05-10 18:08 16342528 C:\WINDOWS\RTHDCPL.EXE] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-11-17 17:29 86016] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25 6731312] C:\Documents and Settings\Peter Sakrulis\Start Menu\Programs\Startup\ OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 15:41:28 393216] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-10 16:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMOFFICE4DMOUSE] --a------ 2007-02-13 22:52 958464 C:\Program Files\Wireless Optical Mouse\MOffice.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= R3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver;C:\WINDOWS\system32\drivers\HCWBT8XX.sys [2006-01-25 17:14] R3 moufiltr;Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\moufiltr.sys [2007-02-13 22:52] S1 ndistapii;ndistapii;C:\WINDOWS\system32\drivers\ndistapii.sys [] S3 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 18:46] S3 psdfilter;psdfilter;C:\WINDOWS\system32\Drivers\psdfilter.sys [2006-04-08 00:17] S3 psdvdisk;psdvdisk;C:\WINDOWS\system32\Drivers\psdvdisk.sys [2006-03-08 21:10] S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [] . Contents of the 'Scheduled Tasks' folder "2007-10-18 02:01:05 C:\WINDOWS\Tasks\American_Gangster_1018_0200.job" - C:\PROGRA~1\WinTV\WinTV2K.EXEF -c62 -ntod -startr:American_Gangster_1018_0200.mpg -qdef -limit:3600 "2007-09-20 23:46:20 C:\WINDOWS\Tasks\Inside_American_Jail_0921_0000.job" - C:\PROGRA~1\WinTV\WinTV2K.EXEI -c49 -ntod -startr:Inside_American_Jail_0921_0000.mpg -qdef -limit:1800 "2007-09-17 23:53:00 C:\WINDOWS\Tasks\WinTV_01.job" - C:\PROGRA~1\WinTV\WinTV2K.EXE3 -c49 -ntod -startr:WinTV_01.mpg -qvcd -limit:3600 . ************************************************************************** catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-10 08:06:31 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv] "ImagePath"="\??\C:\DOCUME~1\PETERS~1\LOCALS~1\Temp\mc25.tmp" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv] "ImagePath"="\??\C:\DOCUME~1\PETERS~1\LOCALS~1\Temp\mc25.tmp" . Completion time: 2008-04-10 8:07:04 ComboFix-quarantined-files.txt 2008-04-10 12:06:53 ComboFix2.txt 2008-04-09 02:45:20 Pre-Run: 60,747,653,120 bytes free Post-Run: 60,733,775,872 bytes free . 2008-04-10 11:14:43 --- E O F ---
  13. Hi, The computer seems to be over what was ailing it. In fact, the work done yesterday took care of a few probvlems that I thought were unrelated. I understand the need for installing the recovery console and will do that asap. along with the other items mentioned. It may be Friday before it is completed though. Thank you for all your help Pete
  14. Here is the combofix and a new hijack this.. The problem seems to be solved Thank you ComboFix 08-04-08.7 - Peter Sakrulis 2008-04-08 22:35:54.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.170 [GMT -4:00] Running from: C:\Documents and Settings\Peter Sakrulis\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Peter Sakrulis\Application Data\AntiSpywareBot C:\WINDOWS\BMd73e5df3.xml C:\WINDOWS\pskt.ini C:\WINDOWS\system32\AyIlkUtv.ini C:\WINDOWS\system32\AyIlkUtv.ini2 C:\WINDOWS\system32\jxmsyrsd.dll C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\mlJbxxXQ.dll C:\WINDOWS\system32\ppxyphih.dll C:\WINDOWS\system32\qfgphovq.dll C:\WINDOWS\system32\qvohpgfq.ini C:\WINDOWS\system32\uBKTwyxx.ini C:\WINDOWS\system32\uBKTwyxx.ini2 C:\WINDOWS\system32\VyyIQXbc.ini C:\WINDOWS\system32\VyyIQXbc.ini2 C:\WINDOWS\system32\xxywTKBu.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SZKG5 ((((((((((((((((((((((((( Files Created from 2008-03-09 to 2008-04-09 ))))))))))))))))))))))))))))))) . 2008-04-08 22:01 . 2008-04-08 22:01 <DIR> d-------- C:\WINDOWS\ERUNT 2008-04-08 19:34 . 2008-04-08 22:10 <DIR> d-------- C:\SDFix 2008-04-08 13:46 . 2008-04-08 13:46 <DIR> d-------- C:\Documents and Settings\Peter Sakrulis\Application Data\Grisoft 2008-04-08 13:46 . 2008-04-08 13:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-04-08 13:46 . 2007-05-30 08:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-04-08 12:52 . 2008-04-08 12:52 3,648 --a------ C:\WINDOWS\system32\vktyydow.dll 2008-04-07 18:58 . 2008-04-07 18:58 <DIR> d-------- C:\Program Files\Alwil Software 2008-04-07 15:31 . 2008-04-08 17:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater 2008-04-07 14:29 . 2008-04-07 15:27 <DIR> d-------- C:\Program Files\Hitware Popup Killer Lite 3 2008-04-07 12:33 . 2008-04-07 13:29 <DIR> d-------- C:\Program Files\Spyware Doctor 2008-04-07 11:54 . 2008-04-07 11:54 294 ---hs---- C:\WINDOWS\system32\ikdedord.ini 2008-04-07 11:51 . 2008-04-07 11:51 88,128 --------- C:\WINDOWS\system32\pdiajmlq.dll_old 2008-04-07 08:42 . 2008-04-07 08:42 <DIR> d-------- C:\Program Files\Trend Micro 2008-04-06 23:04 . 2008-04-06 23:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SITEguard 2008-04-06 23:03 . 2008-04-06 23:03 <DIR> d-------- C:\Program Files\Common Files\iS3 2008-04-06 23:03 . 2008-04-07 11:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla! 2008-04-06 22:07 . 2008-04-06 22:07 <DIR> d-------- C:\Program Files\Lavasoft 2008-04-06 22:07 . 2008-04-06 22:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-04-06 22:06 . 2008-04-06 22:06 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-04-06 19:52 . 2008-04-06 19:52 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll 2008-04-06 19:51 . 2008-04-06 19:51 196,678 --a------ C:\WINDOWS\system32\ocntkkdn.exe 2008-04-06 19:51 . 2008-04-06 19:51 937 --a------ C:\WINDOWS\system32\winpfz33.sys 2008-04-06 19:50 . 2008-04-06 19:50 39,883 --a------ C:\WINDOWS\system32\targetedbanner-uninst.exe 2008-04-06 19:49 . 2008-04-06 19:49 <DIR> d-------- C:\WINDOWS\system32\wii 2008-04-06 19:49 . 2008-04-08 18:30 <DIR> d-------- C:\WINDOWS\system32\pinz1 2008-04-06 19:49 . 2008-04-06 19:49 <DIR> d-------- C:\WINDOWS\system32\IDE2 2008-04-06 19:49 . 2008-04-06 22:24 <DIR> d-------- C:\WINDOWS\system32\ExTmp 2008-04-06 19:49 . 2008-04-06 19:49 <DIR> d-------- C:\WINDOWS\system32\bharebio18 2008-04-06 19:49 . 2008-04-06 19:49 <DIR> d-------- C:\WINDOWS\system32\axV 2008-04-06 19:49 . 2008-04-08 14:45 <DIR> d-------- C:\Temp 2008-04-03 21:21 . 2008-04-03 21:21 <DIR> d-------- C:\Program Files\OpenOffice.org 2.4 2008-04-03 12:23 . 2008-04-03 12:23 <DIR> d-------- C:\Program Files\Vasilios Applications 2008-04-03 12:23 . 2008-04-03 12:23 17,408 --a------ C:\psapi.dll 2008-04-02 08:44 . 2008-04-02 08:45 <DIR> d-------- C:\WINDOWS\system32\Adobe 2008-03-23 11:35 . 2008-03-23 11:35 <DIR> d-------- C:\Documents and Settings\Peter Sakrulis\Application Data\Uniblue 2008-03-18 12:44 . 2008-03-26 18:31 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-03-18 12:44 . 2008-03-18 12:44 1,409 --a------ C:\WINDOWS\QTFont.for 2008-03-18 12:43 . 2008-03-18 12:44 <DIR> d-------- C:\Documents and Settings\Peter Sakrulis\Application Data\Apple Computer 2008-03-18 12:42 . 2008-03-18 12:42 <DIR> d-------- C:\Program Files\QuickTime 2008-03-18 12:42 . 2008-03-18 12:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-03-18 12:41 . 2008-03-18 12:41 <DIR> d-------- C:\Program Files\Common Files\Apple 2008-03-18 12:41 . 2008-03-18 12:41 <DIR> d-------- C:\Program Files\Apple Software Update 2008-03-18 12:41 . 2008-03-18 12:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple 2008-03-10 14:10 . 2008-04-07 12:25 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-09 02:12 --------- d-----w C:\Documents and Settings\Peter Sakrulis\Application Data\OpenOffice.org2 2008-04-08 19:25 --------- d-----w C:\Program Files\PCPitstop 2008-04-08 19:25 --------- d-----w C:\Program Files\Common Files\Scanner 2008-04-07 20:59 --------- d-----w C:\Program Files\LimeWire 2008-04-07 20:59 --------- d-----w C:\Documents and Settings\Peter Sakrulis\Application Data\LimeWire 2008-04-07 19:32 --------- d-----w C:\Program Files\Google 2008-04-07 16:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-04-04 01:18 --------- d-----w C:\Program Files\Java 2008-03-31 17:50 --------- d-----w C:\Program Files\Coupons 2008-02-28 18:14 --------- d-----w C:\Documents and Settings\Peter Sakrulis\Application Data\acccore 2008-02-28 18:09 --------- d-----w C:\Program Files\Common Files\AOL 2008-02-28 18:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL 2008-02-28 18:07 --------- d-----w C:\Program Files\Common Files\aolshare 2008-02-28 18:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP 2008-02-28 18:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads 2008-02-26 14:34 691,545 ----a-w C:\WINDOWS\unins000.exe 2008-02-23 15:09 --------- d-----w C:\Program Files\Common Files\SupportSoft 2008-02-23 15:09 --------- d-----w C:\Program Files\Comcast 2008-02-23 15:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft 2008-02-17 20:03 --------- d-----w C:\Program Files\Windows Media Connect 2 2007-08-24 13:50 32 ----a-r C:\Documents and Settings\All Users\hash.dat 2006-11-20 04:49 251 -c--a-w C:\Program Files\wt3d.ini . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2005-05-26 09:52 1506544] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 16:00 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-07 15:31 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 16:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 16:00 455168] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-11-17 17:29 7700480] "RTHDCPL"="RTHDCPL.EXE" [2007-05-10 18:08 16342528 C:\WINDOWS\RTHDCPL.EXE] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-11-17 17:29 86016] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25 6731312] C:\Documents and Settings\Peter Sakrulis\Start Menu\Programs\Startup\ OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 15:41:28 393216] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-07 15:31:55 124400] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlJbxxXQ] mlJbxxXQ.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.alf2cd"= alf2cd.acm [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-10 16:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMOFFICE4DMOUSE] --a------ 2007-02-13 22:52 958464 C:\Program Files\Wireless Optical Mouse\MOffice.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= R3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver;C:\WINDOWS\system32\drivers\HCWBT8XX.sys [2006-01-25 17:14] R3 moufiltr;Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\moufiltr.sys [2007-02-13 22:52] S1 ndistapii;ndistapii;C:\WINDOWS\system32\drivers\ndistapii.sys [] S3 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 18:46] S3 psdfilter;psdfilter;C:\WINDOWS\system32\Drivers\psdfilter.sys [2006-04-08 00:17] S3 psdvdisk;psdvdisk;C:\WINDOWS\system32\Drivers\psdvdisk.sys [2006-03-08 21:10] S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [] . Contents of the 'Scheduled Tasks' folder "2007-10-18 02:01:05 C:\WINDOWS\Tasks\American_Gangster_1018_0200.job" - C:\PROGRA~1\WinTV\WinTV2K.EXEF -c62 -ntod -startr:American_Gangster_1018_0200.mpg -qdef -limit:3600 "2007-09-20 23:46:20 C:\WINDOWS\Tasks\Inside_American_Jail_0921_0000.job" - C:\PROGRA~1\WinTV\WinTV2K.EXEI -c49 -ntod -startr:Inside_American_Jail_0921_0000.mpg -qdef -limit:1800 "2007-09-17 23:53:00 C:\WINDOWS\Tasks\WinTV_01.job" - C:\PROGRA~1\WinTV\WinTV2K.EXE3 -c49 -ntod -startr:WinTV_01.mpg -qvcd -limit:3600 . ************************************************************************** catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-08 22:41:52 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv] "ImagePath"="\??\C:\DOCUME~1\PETERS~1\LOCALS~1\Temp\mc26.tmp" . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN C:\WINDOWS\system32\wscntfy.exe . ************************************************************************** . Completion time: 2008-04-08 22:45:18 - machine was rebooted ComboFix-quarantined-files.txt 2008-04-09 02:45:11 Pre-Run: 61,062,615,040 bytes free Post-Run: 60,992,753,664 bytes free . 2008-03-11 21:21:29 --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:51:31 PM, on 4/8/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB O16 - DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} (SupportSoft External Control) - https://actsvr.comcastonline.com/techtools/...%20Controls.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1173896411512 O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O20 - Winlogon Notify: mlJbxxXQ - mlJbxxXQ.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- End of file - 7832 bytes
  15. Here are the two logs you asked for. SDFix: Version 1.167 Run by Peter Sakrulis on Tue 04/08/2008 at 10:04 PM Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\Documents and Settings\Peter Sakrulis\lsass.exe - Deleted C:\WINDOWS\system32\drivers\core.cache.dsk - Deleted C:\WINDOWS\system32\pac.txt - Deleted C:\WINDOWS\system32\drivers\NDISTA~1.sys - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1351.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-08 22:09:04 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT] "EventMessageFile"=str(2):"c:\windows\system32\ESENT.dll" "CategoryMessageFile"=str(2):"c:\windows\system32\ESENT.dll" scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 1 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Disabled:LimeWire" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Sat 8 Mar 2008 31 A..H. --- "C:\WINDOWS\uccspecc.sys" Sat 20 Nov 2004 26,112 A..H. --- "C:\WINDOWS\AcerDRV\InsD1211.exe" Wed 16 Nov 2005 26,112 A..H. --- "C:\WINDOWS\AcerDRV\InsD1215.exe" Mon 30 Aug 2004 44,032 A..H. --- "C:\WINDOWS\AcerDRV\rescan.exe" Tue 1 May 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Finished! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:23:09 PM, on 4/8/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [bMd73e5df3] Rundll32.exe "C:\WINDOWS\system32\ppxyphih.dll",s O4 - HKCU\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB O16 - DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} (SupportSoft External Control) - https://actsvr.comcastonline.com/techtools/...%20Controls.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1173896411512 O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- End of file - 7317 bytes Let me know what you think. There is an immediate ifference. There have been no pop ups during this session
×
×
  • Create New...