 [Resolved] Help! Downloaded Riyo Codec on Vista |
Welcome! Register for a free account (or login) > How does it work?
|
|
  |
 Feb 22 2008, 11:14 AM
Post
#1
|
|
|
New Member  Group: New Member Posts: 6 Joined: 22-February 08 Member No.: 77,047 Operating System: Windows Vista Basic  |
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:05:32, on 22/02/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16609) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe C:\Program Files\Azureus\Azureus.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4 (file missing) O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redire...1&site=home (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{2C27F812-7064-4F18-AC9E-9E1EA73F0F68}: NameServer = 85.255.114.110,85.255.112.229 O17 - HKLM\System\CCS\Services\Tcpip\..\{C421E1F6-E537-45EE-87B6-D616139C5FD0}: NameServer = 85.255.114.110,85.255.112.229 O17 - HKLM\System\CCS\Services\Tcpip\..\{D29C9B3D-B8BE-4DCA-9A08-2B936F24E337}: NameServer = 85.255.114.110,85.255.112.229 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.110 85.255.112.229 O17 - HKLM\System\CS1\Services\Tcpip\..\{2C27F812-7064-4F18-AC9E-9E1EA73F0F68}: NameServer = 85.255.114.110,85.255.112.229 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.110 85.255.112.229 O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: Windows Management Service - Unknown owner - C:\Windows\system32\dmzfh.exe -- End of file - 8592 bytes Please Help! Moved by Doug |
 |
 
|
|
Feb 28 2008, 05:09 PM
Post
#2
|
|
 Forum God  Group: Root Admin Posts: 48,377 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276 
|
Hello and Welcome to the forum.
I suggest you do this: Download ComboFix from Here or Here to your Desktop. **Note: In the event you already have Combofix, please delete it from your desktop and download this new version . It is important that it is saved directly to your desktop** --------------------------------------------------------------------
-------------------------------------------------------------------- Double click on combofix.exe & follow the prompts. When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze **** *If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections. Give it atleast 20-30 minutes to finish |
|
|
|
|
Feb 29 2008, 06:46 AM
Post
#3
|
|
|
New Member Group: New Member Posts: 6 Joined: 22-February 08 Member No.: 77,047 Operating System: Windows Vista Basic |
Okay, here's the ComboFix Log:
ComboFix 08-02-25.3 - Mikki 2008-02-29 12:32:05.2 - NTFSx86 Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.268 [GMT 0:00] Running from: C:\Users\Mikki\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2008-01-28 to 2008-02-29 ))))))))))))))))))))))))))))))) . 2008-02-25 22:03 . 2008-02-25 22:03 <DIR> d-------- C:\Program Files\Common Files\Adobe 2008-02-25 21:58 . 2008-02-25 21:58 <DIR> d-------- C:\Program Files\iTunes 2008-02-25 21:58 . 2008-02-25 21:58 <DIR> d-------- C:\Program Files\iPod 2008-02-25 21:58 . 2008-02-25 21:58 54,156 --ah----- C:\Windows\QTFont.qfn 2008-02-25 21:58 . 2008-02-25 21:58 1,409 --a------ C:\Windows\QTFont.for 2008-02-25 21:56 . 2008-02-25 21:56 <DIR> d-------- C:\Program Files\QuickTime 2008-02-24 18:14 . 2008-02-24 18:15 606 --a------ C:\NCO_BHO.reg 2008-02-24 14:34 . 2008-02-24 14:40 <DIR> d-------- C:\fixwareout 2008-02-23 00:30 . 2008-02-23 00:30 <DIR> d-------- C:\Users\All Users\Lavasoft 2008-02-23 00:30 . 2008-02-23 00:30 <DIR> d-------- C:\ProgramData\Lavasoft 2008-02-23 00:30 . 2008-02-23 00:30 <DIR> d-------- C:\Program Files\Lavasoft 2008-02-22 17:05 . 2008-02-22 17:05 <DIR> d-------- C:\Program Files\Trend Micro 2008-02-17 17:12 . 2008-02-17 17:12 <DIR> d-------- C:\Users\Mikki\AppData\Roaming\vlc 2008-02-15 20:52 . 2008-02-15 20:52 <DIR> d-------- C:\Users\Mikki\AppData\Roaming\DivX 2008-02-15 20:40 . 2008-02-15 20:40 <DIR> d-------- C:\Program Files\Google 2008-02-14 12:35 . 2008-02-14 12:35 <DIR> d-------- C:\Users\All Users\WEBREG 2008-02-14 12:35 . 2008-02-14 12:35 <DIR> d-------- C:\ProgramData\WEBREG 2008-02-14 12:34 . 2008-02-14 12:35 <DIR> d-------- C:\Users\Mikki\AppData\Roaming\HP 2008-02-14 12:33 . 2008-02-14 12:33 <DIR> d-------- C:\Users\All Users\HPSSUPPLY 2008-02-14 12:33 . 2008-02-14 12:33 <DIR> d-------- C:\ProgramData\HPSSUPPLY 2008-02-14 12:30 . 2008-02-14 12:30 <DIR> d-------- C:\Program Files\Hewlett-Packard 2008-02-14 12:30 . 2008-02-14 12:33 <DIR> d-------- C:\Program Files\Common Files\HP 2008-02-14 12:30 . 2008-02-14 12:30 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard 2008-02-14 12:24 . 2008-02-14 12:33 <DIR> d-------- C:\Program Files\HP 2008-02-14 12:23 . 2008-02-16 12:31 <DIR> d-------- C:\Users\All Users\HP 2008-02-14 12:23 . 2008-02-16 12:31 <DIR> d-------- C:\ProgramData\HP 2008-02-14 12:23 . 2006-12-16 06:19 675,840 --a------ C:\Windows\System32\hpowiav1.dll 2008-02-14 12:23 . 2006-12-16 06:19 573,440 --a------ C:\Windows\System32\hpotscl1.dll 2008-02-14 12:23 . 2006-12-16 06:19 303,104 --a------ C:\Windows\System32\hpovst01.dll 2008-02-14 12:23 . 2006-11-20 21:36 258,048 --a------ C:\Windows\System32\hpzids01.dll 2008-02-14 12:23 . 2008-02-14 12:35 148,920 --a------ C:\Windows\hpoins19.dat 2008-02-14 12:23 . 2007-03-13 19:52 26,952 --a------ C:\Windows\hpomdl19.dat 2008-02-14 03:13 . 2008-02-14 03:13 194,560 --a------ C:\Windows\System32\WebClnt.dll 2008-02-14 03:13 . 2008-02-14 03:13 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys 2008-02-14 03:08 . 2008-02-14 03:08 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe 2008-02-14 03:07 . 2008-02-14 03:07 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-02-14 03:07 . 2008-02-14 03:07 1,686,528 --a------ C:\Windows\System32\gameux.dll 2008-02-14 03:04 . 2008-02-14 03:04 1,383,424 --a------ C:\Windows\System32\mshtml.tlb 2008-02-14 03:04 . 2008-02-14 03:04 824,832 --a------ C:\Windows\System32\wininet.dll 2008-02-14 03:03 . 2008-02-14 03:03 1,831,424 --a------ C:\Windows\System32\inetcpl.cpl 2008-02-14 03:03 . 2008-02-14 03:03 56,320 --a------ C:\Windows\System32\iesetup.dll 2008-02-14 03:03 . 2008-02-14 03:03 26,624 --a------ C:\Windows\System32\ieUnatt.exe 2008-02-11 14:32 . 2008-02-22 17:25 <DIR> d-------- C:\Users\Mikki\AppData\Roaming\LimeWire 2008-02-11 14:32 . 2008-02-11 14:32 <DIR> d-------- C:\Program Files\LimeWire 2008-02-08 00:43 . 2006-05-10 12:15 1,929,216 --a------ C:\Windows\System32\cdintf250.dll 2008-02-08 00:43 . 2008-02-08 00:43 1,024 --a------ C:\Windows\System32\clauth2.dll 2008-02-08 00:43 . 2008-02-08 00:43 1,024 --a------ C:\Windows\System32\clauth1.dll 2008-02-08 00:43 . 2008-02-08 00:44 14 --a------ C:\Windows\System32\ssprs.tgz 2008-02-08 00:43 . 2008-02-08 00:43 0 --a------ C:\Windows\System32\nsprs.tgz 2008-02-08 00:40 . 2008-02-23 19:15 <DIR> d-------- C:\Program Files\SPSS 2008-02-08 00:40 . 2008-02-08 00:40 1,025 --a------ C:\Windows\System32\sysprs7.tgz 2008-02-08 00:40 . 2008-02-08 00:40 1,025 --a------ C:\Windows\System32\sysprs7.dll 2008-02-08 00:40 . 2008-02-08 00:44 219 --a------ C:\Windows\System32\lsprst7.tgz 2008-02-08 00:39 . 2008-02-08 17:34 16 ---h----- C:\Windows\System32\servdat.slm 2008-02-06 17:02 . 2008-02-23 19:15 <DIR> d-------- C:\Program Files\VideoLAN 2008-02-06 16:48 . 2008-02-06 16:48 2,923,520 --a------ C:\Windows\explorer.exe 2008-02-06 16:45 . 2008-02-06 16:45 8,147,968 --a------ C:\Windows\System32\wmploc.DLL 2008-02-06 16:45 . 2008-02-06 16:45 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll 2008-02-06 16:45 . 2008-02-06 16:45 7,680 --a------ C:\Windows\System32\spwmp.dll 2008-02-06 16:45 . 2008-02-06 16:45 4,096 --a------ C:\Windows\System32\msdxm.ocx 2008-02-06 16:45 . 2008-02-06 16:45 4,096 --a------ C:\Windows\System32\dxmasf.dll 2008-02-06 16:39 . 2008-02-06 16:39 1,191,936 --a------ C:\Windows\System32\msxml3.dll 2008-02-06 16:39 . 2008-02-06 16:39 2,048 --a------ C:\Windows\System32\msxml3r.dll 2008-02-06 16:38 . 2008-02-06 16:38 1,327,104 --a------ C:\Windows\System32\quartz.dll 2008-02-06 16:38 . 2008-02-06 16:38 223,232 --a------ C:\Windows\System32\WMASF.DLL 2008-02-06 16:38 . 2008-02-06 16:38 9,728 --a------ C:\Windows\System32\LAPRXY.DLL 2008-02-06 16:38 . 2008-02-06 16:38 2,048 --a------ C:\Windows\System32\asferror.dll 2008-02-06 16:37 . 2008-02-06 16:37 1,335,296 --a------ C:\Windows\System32\msxml6.dll 2008-02-06 16:37 . 2008-02-06 16:37 2,048 --a------ C:\Windows\System32\msxml6r.dll 2008-02-06 16:35 . 2008-02-06 16:35 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys 2008-02-06 16:35 . 2008-02-06 16:35 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys 2008-02-06 16:35 . 2008-02-06 16:35 11,776 --a------ C:\Windows\System32\sbunattend.exe 2008-02-06 16:32 . 2008-02-06 16:32 788,992 --a------ C:\Windows\System32\rpcrt4.dll 2008-02-06 16:32 . 2008-02-06 16:32 130,048 --a------ C:\Windows\System32\drivers\srv2.sys 2008-02-06 16:32 . 2008-02-06 16:32 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys 2008-02-06 16:32 . 2008-02-06 16:32 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys 2008-02-06 16:32 . 2008-02-06 16:32 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys 2008-02-06 16:30 . 2008-02-06 16:30 2,048 --a------ C:\Windows\System32\tzres.dll 2008-02-06 16:29 . 2008-02-06 16:29 750,080 --a------ C:\Windows\System32\qmgr.dll 2008-02-05 19:10 . 2008-02-05 19:10 <DIR> d-------- C:\Users\Mikki\AppData\Roaming\TuneUp Software 2008-02-05 19:10 . 2008-02-05 19:10 <DIR> d-------- C:\Program Files\TuneUp Utilities 2007 2008-02-05 19:10 . 2007-03-28 19:42 29,704 --a------ C:\Windows\System32\uxtuneup.dll 2008-02-05 19:10 . 2007-04-26 15:57 16,904 --a------ C:\Windows\System32\authuitu.dll 2008-02-05 19:09 . 2008-02-05 19:09 <DIR> d-------- C:\Users\All Users\TuneUp Software 2008-02-05 19:09 . 2008-02-05 19:09 <DIR> d-------- C:\ProgramData\TuneUp Software 2008-02-05 19:09 . 2008-02-23 00:29 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-02-05 18:47 . 2008-02-05 18:47 <DIR> dr------- C:\Windows\System32\config\systemprofile\Music 2008-02-05 18:00 . 2008-02-05 18:01 <DIR> d-------- C:\Program Files\DivX 2008-02-05 18:00 . 2008-02-05 18:00 <DIR> d-------- C:\Program Files\Common Files\PX Storage Engine 2008-02-05 16:31 . 2008-02-05 16:31 <DIR> d-------- C:\Users\Mikki\AppData\Roaming\Apple Computer 2008-02-05 16:29 . 2008-02-05 16:29 <DIR> d-------- C:\Program Files\Bonjour 2008-02-05 16:28 . 2008-02-05 16:31 <DIR> d-------- C:\Users\All Users\Apple Computer 2008-02-05 16:28 . 2008-02-05 16:31 <DIR> d-------- C:\ProgramData\Apple Computer 2008-02-05 16:27 . 2008-02-05 16:27 <DIR> d-------- C:\Program Files\Apple Software Update 2008-02-05 16:26 . 2008-02-05 16:26 <DIR> d-------- C:\Users\All Users\Apple 2008-02-05 16:26 . 2008-02-05 16:26 <DIR> d-------- C:\ProgramData\Apple 2008-02-05 16:26 . 2008-02-05 16:26 <DIR> d-------- C:\Program Files\Common Files\Apple 2008-02-05 16:21 . 2006-10-26 19:56 32,592 --a------ C:\Windows\System32\msonpmon.dll 2008-02-05 16:20 . 2008-02-23 19:15 <DIR> d-------- C:\Program Files\Microsoft Works 2008-02-05 16:19 . 2008-02-05 16:19 <DIR> d-------- C:\Program Files\Microsoft.NET . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-23 19:15 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-02-14 03:08 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys 2008-02-14 03:08 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys 2008-02-14 03:08 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe 2008-02-14 03:08 24,064 ----a-w C:\Windows\System32\netcfg.exe 2008-02-14 03:08 22,016 ----a-w C:\Windows\System32\netiougc.exe 2008-02-14 03:08 216,632 ----a-w C:\Windows\system32\drivers\netio.sys 2008-02-14 03:08 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys 2008-02-14 03:08 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys 2008-02-14 03:08 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll 2008-02-14 03:08 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys 2008-02-14 03:08 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys 2008-02-14 03:07 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-02-14 03:07 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-02-14 03:07 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-02-14 03:07 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-02-14 03:03 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-02-08 00:38 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-02-06 17:10 174 --sha-w C:\Program Files\desktop.ini 2008-02-06 17:05 --------- d-----w C:\Program Files\Windows Sidebar 2008-02-06 17:05 --------- d-----w C:\Program Files\Windows Mail 2008-02-06 17:05 --------- d-----w C:\Program Files\Windows Calendar 2008-02-06 16:48 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr 2008-02-06 16:36 88,576 ----a-w C:\Windows\System32\avifil32.dll 2008-02-05 18:43 --------- d-----w C:\Program Files\Norton Internet Security 2008-02-05 18:35 --------- d-----w C:\ProgramData\Symantec 2008-02-05 18:33 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF 2008-02-05 18:33 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS 2008-02-05 18:33 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT 2008-02-05 18:33 --------- d-----w C:\Program Files\Symantec 2008-02-05 14:17 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-01-15 02:39 30,464 ----a-w C:\Windows\system32\drivers\usbaapl.sys 2008-01-04 21:59 524,288 ----a-w C:\Windows\System32\DivXsm.exe 2008-01-04 21:58 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll 2008-01-04 21:58 200,704 ----a-w C:\Windows\System32\ssldivx.dll 2008-01-04 21:58 1,044,480 ----a-w C:\Windows\System32\libdivx.dll 2008-01-04 21:57 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll 2008-01-04 21:57 823,296 ----a-w C:\Windows\System32\divx_xx07.dll 2008-01-04 21:57 81,920 ----a-w C:\Windows\System32\dpl100.dll 2008-01-04 21:57 802,816 ----a-w C:\Windows\System32\divx_xx11.dll 2008-01-04 21:57 682,496 ----a-w C:\Windows\System32\DivX.dll 2008-01-04 21:57 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll 2008-01-04 21:57 57,344 ----a-w C:\Windows\System32\dpv11.dll 2008-01-04 21:57 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll 2008-01-04 21:57 344,064 ----a-w C:\Windows\System32\dpus11.dll 2008-01-04 21:57 294,912 ----a-w C:\Windows\System32\dpu11.dll 2008-01-04 21:57 294,912 ----a-w C:\Windows\System32\dpu10.dll 2008-01-04 21:57 196,608 ----a-w C:\Windows\System32\dtu100.dll 2008-01-04 21:56 156,992 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe 2008-01-04 21:56 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll 2007-12-14 11:32 12,632 ----a-w C:\Windows\System32\lsdelete.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-02-06 16:35 1232896] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "dmblg.tmp"="C:\Windows\system32\dmblg.tmp" [ ] "dmuqs.tmp"="C:\Windows\system32\dmuqs.tmp" [ ] "dmagw.tmp"="C:\Windows\system32\dmagw.tmp" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-28 11:15 1006264] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-22 17:37 894248] "NDSTray.exe"="NDSTray.exe" [] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 21:59 115816] "Toshiba Registration"="C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 11:05 571024] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52 49152] "dmkel.exe"="C:\Windows\system32\dmkel.exe" [2008-02-06 16:48 70144] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime "Desktop SMS"=C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto "RtHDVCpl"=RtHDVCpl.exe "HotKeysCmds"=C:\Windows\system32\hkcmd.exe "IgfxTray"=C:\Windows\system32\igfxtray.exe "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "Skytel"=Skytel.exe "topi"=C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{53A04F87-6BED-4ED8-A34F-58C3EE795A4C}C:\program files\azureus\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus|Desc=Azureus "UDP Query User{F81D350F-75BC-4F78-92A7-0612AAD27D0F}C:\program files\azureus\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus|Desc=Azureus "{EB952FF8-9C81-4F7A-B7AA-845239ACD7C9}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{5539E36B-1368-42EB-B5B5-CF9696CE1F1B}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{836968B6-CBF9-496F-A036-AC132172FEBC}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{26954958-8F3F-4994-BD37-5D9FFDB94A9D}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{A05F006D-DF77-4A39-BC50-0A99AD6C71D6}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE| "{B29A5AF7-B732-4AD6-BB9F-13DCB00C9781}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire "{0DF1B16E-BC81-4561-8BE9-5C6DE004BA24}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire "{932E1522-B7AD-43F3-875C-854835EAD83F}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{942822CD-4444-4C27-B118-14F4F911BB7F}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R0 tos_sps32;TOSHIBA tos_sps32 Service;C:\Windows\system32\DRIVERS\tos_sps32.sys [2007-07-26 15:18] R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080227.001\IDSvix86.sys [2008-02-13 16:18] R2 ASLDRService;ASLDR Service;C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-02-05 17:13] R2 TNaviSrv;TOSHIBA Navi Support Service;C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [2007-07-26 15:20] R2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [2006-11-02 09:45] R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-05-31 08:51] R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8187B.sys [2007-06-01 11:07] R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 19:55] R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver;C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 11:50] S4 KR10I;KR10I;C:\Windows\system32\drivers\kr10i.sys [2007-01-18 14:40] S4 KR10N;KR10N;C:\Windows\system32\drivers\kr10n.sys [2007-01-18 14:47] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp *Newly Created Service* - COMHOST . Contents of the 'Scheduled Tasks' folder "2008-02-22 17:17:10 C:\Windows\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe "2008-02-05 18:44:03 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Mikki.job" - C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK: . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-29 12:34:09 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-02-29 12:34:53 ComboFix-quarantined-files.txt 2008-02-29 12:34:48 ComboFix2.txt 2008-02-24 15:02:04 . 2008-02-16 12:37:22 --- E O F --- And the HijackThis Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:46:13, on 29/02/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16609) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.exe C:\Windows\system32\notepad.exe C:\Program Files\Internet Explorer\IEUser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [dmkel.exe] C:\Windows\system32\dmkel.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [dmblg.tmp] C:\Windows\system32\dmblg.tmp O4 - HKCU\..\Run: [dmuqs.tmp] C:\Windows\system32\dmuqs.tmp O4 - HKCU\..\Run: [dmagw.tmp] C:\Windows\system32\dmagw.tmp O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4 (file missing) O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redire...1&site=home (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{2C27F812-7064-4F18-AC9E-9E1EA73F0F68}: NameServer = 85.255.114.110,85.255.112.229 O17 - HKLM\System\CCS\Services\Tcpip\..\{C421E1F6-E537-45EE-87B6-D616139C5FD0}: NameServer = 85.255.114.110,85.255.112.229 O17 - HKLM\System\CCS\Services\Tcpip\..\{D29C9B3D-B8BE-4DCA-9A08-2B936F24E337}: NameServer = 85.255.114.110,85.255.112.229 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.110 85.255.112.229 O17 - HKLM\System\CS1\Services\Tcpip\..\{2C27F812-7064-4F18-AC9E-9E1EA73F0F68}: NameServer = 85.255.114.110,85.255.112.229 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.110 85.255.112.229 O17 - HKLM\System\CS2\Services\Tcpip\..\{2C27F812-7064-4F18-AC9E-9E1EA73F0F68}: NameServer = 85.255.114.110,85.255.112.229 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.110 85.255.112.229 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 8558 bytes Thanks for your help! |
|
|
|
|
Feb 29 2008, 03:40 PM
Post
#4
|
|
|
Forum God Group: Root Admin Posts: 48,377 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276
|
Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a checkmark/tick in the box on the left side on these:
O4 - HKLM\..\Run: [dmkel.exe] C:\Windows\system32\dmkel.exe O4 - HKCU\..\Run: [dmblg.tmp] C:\Windows\system32\dmblg.tmp O4 - HKCU\..\Run: [dmuqs.tmp] C:\Windows\system32\dmuqs.tmp O4 - HKCU\..\Run: [dmagw.tmp] C:\Windows\system32\dmagw.tmp O17 - HKLM\System\CCS\Services\Tcpip\..\{2C27F812-7064-4F18-AC9E-9E1EA73F0F68}: NameServer = 85.255.114.110,85.255.112.229 O17 - HKLM\System\CCS\Services\Tcpip\..\{C421E1F6-E537-45EE-87B6-D616139C5FD0}: NameServer = 85.255.114.110,85.255.112.229 O17 - HKLM\System\CCS\Services\Tcpip\..\{D29C9B3D-B8BE-4DCA-9A08-2B936F24E337}: NameServer = 85.255.114.110,85.255.112.229 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.110 85.255.112.229 O17 - HKLM\System\CS1\Services\Tcpip\..\{2C27F812-7064-4F18-AC9E-9E1EA73F0F68}: NameServer = 85.255.114.110,85.255.112.229 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.110 85.255.112.229 O17 - HKLM\System\CS2\Services\Tcpip\..\{2C27F812-7064-4F18-AC9E-9E1EA73F0F68}: NameServer = 85.255.114.110,85.255.112.229 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.110 85.255.112.229 Close ALL windows and browsers except HijackThis and click "Fix checked" Next: Open notepad and copy/paste the text in the quotebox below into it: CODE File:: C:\Windows\system32\dmblg.tmp C:\Windows\system32\dmuqs.tmp C:\Windows\system32\dmagw.tmp C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\dmkel.exe Folder:: C:\Program Files\Bonjour Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "dmblg.tmp"=- "dmuqs.tmp"=- "dmagw.tmp"=- Save this as Save this as "CFScript"  Drag CFScript.txt into ComboFix.exe Then post the results log and a new HijackThis log. Also please describe how your computer behaves at the moment. |
|
|
|
|
Mar 3 2008, 09:38 AM
Post
#5
|
|
|
New Member Group: New Member Posts: 6 Joined: 22-February 08 Member No.: 77,047 Operating System: Windows Vista Basic |
Here's the Combofix log:
ComboFix 08-02-25.3 - Mikki 2008-03-03 15:25:31.3 - NTFSx86 Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.209 [GMT 0:00] Running from: C:\Users\Mikki\Desktop\ComboFix.exe Command switches used :: C:\Users\Mikki\Desktop\CFScript.txt * Created a new restore point FILE :: C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\dmagw.tmp C:\Windows\system32\dmblg.tmp C:\Windows\system32\dmkel.exe C:\Windows\system32\dmuqs.tmp . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\Bonjour C:\Program Files\Bonjour\About Bonjour.rtf C:\Program Files\Bonjour\mdnsNSP.dll C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\dmkel.exe . ((((((((((((((((((((((((( Files Created from 2008-02-03 to 2008-03-03 ))))))))))))))))))))))))))))))) . 2008-02-25 22:03 . 2008-02-25 22:03 <DIR> d-------- C:\Program Files\Common Files\Adobe 2008-02-25 21:58 . 2008-02-25 21:58 <DIR> d-------- C:\Program Files\iTunes 2008-02-25 21:58 . 2008-02-25 21:58 <DIR> d-------- C:\Program Files\iPod 2008-02-25 21:58 . 2008-02-25 21:58 54,156 --ah----- C:\Windows\QTFont.qfn 2008-02-25 21:58 . 2008-02-25 21:58 1,409 --a------ C:\Windows\QTFont.for 2008-02-25 21:56 . 2008-02-25 21:56 <DIR> d-------- C:\Program Files\QuickTime 2008-02-24 18:14 . 2008-02-24 18:15 606 --a------ C:\NCO_BHO.reg 2008-02-24 14:34 . 2008-02-24 14:40 <DIR> d-------- C:\fixwareout 2008-02-23 00:30 . 2008-02-23 00:30 <DIR> d-------- C:\Users\All Users\Lavasoft 2008-02-23 00:30 . 2008-02-23 00:30 <DIR> d-------- C:\ProgramData\Lavasoft 2008-02-23 00:30 . 2008-02-23 00:30 <DIR> d-------- C:\Program Files\Lavasoft 2008-02-22 17:05 . 2008-02-22 17:05 <DIR> d-------- C:\Program Files\Trend Micro 2008-02-17 17:12 . 2008-02-17 17:12 <DIR> d-------- C:\Users\Mikki\AppData\Roaming\vlc 2008-02-15 20:52 . 2008-02-15 20:52 <DIR> d-------- C:\Users\Mikki\AppData\Roaming\DivX 2008-02-15 20:40 . 2008-02-15 20:40 <DIR> d-------- C:\Program Files\Google 2008-02-14 12:35 . 2008-02-14 12:35 <DIR> d-------- C:\Users\All Users\WEBREG 2008-02-14 12:35 . 2008-02-14 12:35 <DIR> d-------- C:\ProgramData\WEBREG 2008-02-14 12:34 . 2008-02-14 12:35 <DIR> d-------- C:\Users\Mikki\AppData\Roaming\HP 2008-02-14 12:33 . 2008-02-14 12:33 <DIR> d-------- C:\Users\All Users\HPSSUPPLY 2008-02-14 12:33 . 2008-02-14 12:33 <DIR> d-------- C:\ProgramData\HPSSUPPLY 2008-02-14 12:30 . 2008-02-14 12:30 <DIR> d-------- C:\Program Files\Hewlett-Packard 2008-02-14 12:30 . 2008-02-14 12:33 <DIR> d-------- C:\Program Files\Common Files\HP 2008-02-14 12:30 . 2008-02-14 12:30 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard 2008-02-14 12:24 . 2008-02-14 12:33 <DIR> d-------- C:\Program Files\HP 2008-02-14 12:23 . 2008-02-16 12:31 <DIR> d-------- C:\Users\All Users\HP 2008-02-14 12:23 . 2008-02-16 12:31 <DIR> d-------- C:\ProgramData\HP 2008-02-14 12:23 . 2006-12-16 06:19 675,840 --a------ C:\Windows\System32\hpowiav1.dll 2008-02-14 12:23 . 2006-12-16 06:19 573,440 --a------ C:\Windows\System32\hpotscl1.dll 2008-02-14 12:23 . 2006-12-16 06:19 303,104 --a------ C:\Windows\System32\hpovst01.dll 2008-02-14 12:23 . 2006-11-20 21:36 258,048 --a------ C:\Windows\System32\hpzids01.dll 2008-02-14 12:23 . 2008-02-14 12:35 148,920 --a------ C:\Windows\hpoins19.dat 2008-02-14 12:23 . 2007-03-13 19:52 26,952 --a------ C:\Windows\hpomdl19.dat 2008-02-14 03:13 . 2008-02-14 03:13 194,560 --a------ C:\Windows\System32\WebClnt.dll 2008-02-14 03:13 . 2008-02-14 03:13 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys 2008-02-14 03:08 . 2008-02-14 03:08 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe 2008-02-14 03:07 . 2008-02-14 03:07 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-02-14 03:07 . 2008-02-14 03:07 1,686,528 --a------ C:\Windows\System32\gameux.dll 2008-02-14 03:04 . 2008-02-14 03:04 1,383,424 --a------ C:\Windows\System32\mshtml.tlb 2008-02-14 03:04 . 2008-02-14 03:04 824,832 --a------ C:\Windows\System32\wininet.dll 2008-02-14 03:03 . 2008-02-14 03:03 1,831,424 --a------ C:\Windows\System32\inetcpl.cpl 2008-02-14 03:03 . 2008-02-14 03:03 56,320 --a------ C:\Windows\System32\iesetup.dll 2008-02-14 03:03 . 2008-02-14 03:03 26,624 --a------ C:\Windows\System32\ieUnatt.exe 2008-02-11 14:32 . 2008-02-22 17:25 <DIR> d-------- C:\Users\Mikki\AppData\Roaming\LimeWire 2008-02-11 14:32 . 2008-02-11 14:32 <DIR> d-------- C:\Program Files\LimeWire 2008-02-08 00:43 . 2006-05-10 12:15 1,929,216 --a------ C:\Windows\System32\cdintf250.dll 2008-02-08 00:43 . 2008-02-08 00:43 1,024 --a------ C:\Windows\System32\clauth2.dll 2008-02-08 00:43 . 2008-02-08 00:43 1,024 --a------ C:\Windows\System32\clauth1.dll 2008-02-08 00:43 . 2008-02-08 00:44 14 --a------ C:\Windows\System32\ssprs.tgz 2008-02-08 00:43 . 2008-02-08 00:43 0 --a------ C:\Windows\System32\nsprs.tgz 2008-02-08 00:40 . 2008-02-23 19:15 <DIR> d-------- C:\Program Files\SPSS 2008-02-08 00:40 . 2008-02-08 00:40 1,025 --a------ C:\Windows\System32\sysprs7.tgz 2008-02-08 00:40 . 2008-02-08 00:40 1,025 --a------ C:\Windows\System32\sysprs7.dll 2008-02-08 00:40 . 2008-02-08 00:44 219 --a------ C:\Windows\System32\lsprst7.tgz 2008-02-08 00:39 . 2008-02-08 17:34 16 ---h----- C:\Windows\System32\servdat.slm 2008-02-06 17:02 . 2008-02-23 19:15 <DIR> d-------- C:\Program Files\VideoLAN 2008-02-06 16:48 . 2008-02-06 16:48 2,923,520 --a------ C:\Windows\explorer.exe 2008-02-06 16:45 . 2008-02-06 16:45 8,147,968 --a------ C:\Windows\System32\wmploc.DLL 2008-02-06 16:45 . 2008-02-06 16:45 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll 2008-02-06 16:45 . 2008-02-06 16:45 7,680 --a------ C:\Windows\System32\spwmp.dll 2008-02-06 16:45 . 2008-02-06 16:45 4,096 --a------ C:\Windows\System32\msdxm.ocx 2008-02-06 16:45 . 2008-02-06 16:45 4,096 --a------ C:\Windows\System32\dxmasf.dll 2008-02-06 16:39 . 2008-02-06 16:39 1,191,936 --a------ C:\Windows\System32\msxml3.dll 2008-02-06 16:39 . 2008-02-06 16:39 2,048 --a------ C:\Windows\System32\msxml3r.dll 2008-02-06 16:38 . 2008-02-06 16:38 1,327,104 --a------ C:\Windows\System32\quartz.dll 2008-02-06 16:38 . 2008-02-06 16:38 223,232 --a------ C:\Windows\System32\WMASF.DLL 2008-02-06 16:38 . 2008-02-06 16:38 9,728 --a------ C:\Windows\System32\LAPRXY.DLL 2008-02-06 16:38 . 2008-02-06 16:38 2,048 --a------ C:\Windows\System32\asferror.dll 2008-02-06 16:37 . 2008-02-06 16:37 1,335,296 --a------ C:\Windows\System32\msxml6.dll 2008-02-06 16:37 . 2008-02-06 16:37 2,048 --a------ C:\Windows\System32\msxml6r.dll 2008-02-06 16:35 . 2008-02-06 16:35 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys 2008-02-06 16:35 . 2008-02-06 16:35 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys 2008-02-06 16:35 . 2008-02-06 16:35 11,776 --a------ C:\Windows\System32\sbunattend.exe 2008-02-06 16:32 . 2008-02-06 16:32 788,992 --a------ C:\Windows\System32\rpcrt4.dll 2008-02-06 16:32 . 2008-02-06 16:32 130,048 --a------ C:\Windows\System32\drivers\srv2.sys 2008-02-06 16:32 . 2008-02-06 16:32 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys 2008-02-06 16:32 . 2008-02-06 16:32 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys 2008-02-06 16:32 . 2008-02-06 16:32 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys 2008-02-06 16:30 . 2008-02-06 16:30 2,048 --a------ C:\Windows\System32\tzres.dll 2008-02-06 16:29 . 2008-02-06 16:29 750,080 --a------ C:\Windows\System32\qmgr.dll 2008-02-05 19:10 . 2008-02-05 19:10 <DIR> d-------- C:\Users\Mikki\AppData\Roaming\TuneUp Software 2008-02-05 19:10 . 2008-02-05 19:10 <DIR> d-------- C:\Program Files\TuneUp Utilities 2007 2008-02-05 19:10 . 2007-03-28 19:42 29,704 --a------ C:\Windows\System32\uxtuneup.dll 2008-02-05 19:10 . 2007-04-26 15:57 16,904 --a------ C:\Windows\System32\authuitu.dll 2008-02-05 19:09 . 2008-02-05 19:09 <DIR> d-------- C:\Users\All Users\TuneUp Software 2008-02-05 19:09 . 2008-02-05 19:09 <DIR> d-------- C:\ProgramData\TuneUp Software 2008-02-05 19:09 . 2008-02-23 00:29 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-02-05 18:47 . 2008-02-05 18:47 <DIR> dr------- C:\Windows\System32\config\systemprofile\Music 2008-02-05 18:00 . 2008-02-05 18:01 <DIR> d-------- C:\Program Files\DivX 2008-02-05 18:00 . 2008-02-05 18:00 <DIR> d-------- C:\Program Files\Common Files\PX Storage Engine 2008-02-05 16:31 . 2008-02-05 16:31 <DIR> d-------- C:\Users\Mikki\AppData\Roaming\Apple Computer 2008-02-05 16:28 . 2008-02-05 16:31 <DIR> d-------- C:\Users\All Users\Apple Computer 2008-02-05 16:28 . 2008-02-05 16:31 <DIR> d-------- C:\ProgramData\Apple Computer 2008-02-05 16:27 . 2008-02-05 16:27 <DIR> d-------- C:\Program Files\Apple Software Update 2008-02-05 16:26 . 2008-02-05 16:26 <DIR> d-------- C:\Users\All Users\Apple 2008-02-05 16:26 . 2008-02-05 16:26 <DIR> d-------- C:\ProgramData\Apple 2008-02-05 16:26 . 2008-02-05 16:26 <DIR> d-------- C:\Program Files\Common Files\Apple 2008-02-05 16:21 . 2006-10-26 19:56 32,592 --a------ C:\Windows\System32\msonpmon.dll 2008-02-05 16:20 . 2008-02-23 19:15 <DIR> d-------- C:\Program Files\Microsoft Works 2008-02-05 16:19 . 2008-02-05 16:19 <DIR> d-------- C:\Program Files\Microsoft.NET 2008-02-05 16:18 . 2008-02-05 16:18 <DIR> d-------- C:\Windows\SHELLNEW . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-23 19:15 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-02-14 03:08 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys 2008-02-14 03:08 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys 2008-02-14 03:08 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe 2008-02-14 03:08 24,064 ----a-w C:\Windows\System32\netcfg.exe 2008-02-14 03:08 22,016 ----a-w C:\Windows\System32\netiougc.exe 2008-02-14 03:08 216,632 ----a-w C:\Windows\system32\drivers\netio.sys 2008-02-14 03:08 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys 2008-02-14 03:08 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys 2008-02-14 03:08 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll 2008-02-14 03:08 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys 2008-02-14 03:08 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys 2008-02-14 03:07 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-02-14 03:07 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-02-14 03:07 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-02-14 03:07 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-02-14 03:03 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-02-08 00:38 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-02-06 17:10 174 --sha-w C:\Program Files\desktop.ini 2008-02-06 17:05 --------- d-----w C:\Program Files\Windows Sidebar 2008-02-06 17:05 --------- d-----w C:\Program Files\Windows Mail 2008-02-06 17:05 --------- d-----w C:\Program Files\Windows Calendar 2008-02-06 16:48 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr 2008-02-06 16:36 88,576 ----a-w C:\Windows\System32\avifil32.dll 2008-02-05 18:43 --------- d-----w C:\Program Files\Norton Internet Security 2008-02-05 18:35 --------- d-----w C:\ProgramData\Symantec 2008-02-05 18:33 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF 2008-02-05 18:33 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS 2008-02-05 18:33 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT 2008-02-05 18:33 --------- d-----w C:\Program Files\Symantec 2008-02-05 14:17 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-01-15 02:39 30,464 ----a-w C:\Windows\system32\drivers\usbaapl.sys 2008-01-04 21:59 524,288 ----a-w C:\Windows\System32\DivXsm.exe 2008-01-04 21:58 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll 2008-01-04 21:58 200,704 ----a-w C:\Windows\System32\ssldivx.dll 2008-01-04 21:58 1,044,480 ----a-w C:\Windows\System32\libdivx.dll 2008-01-04 21:57 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll 2008-01-04 21:57 823,296 ----a-w C:\Windows\System32\divx_xx07.dll 2008-01-04 21:57 81,920 ----a-w C:\Windows\System32\dpl100.dll 2008-01-04 21:57 802,816 ----a-w C:\Windows\System32\divx_xx11.dll 2008-01-04 21:57 682,496 ----a-w C:\Windows\System32\DivX.dll 2008-01-04 21:57 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll 2008-01-04 21:57 57,344 ----a-w C:\Windows\System32\dpv11.dll 2008-01-04 21:57 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll 2008-01-04 21:57 344,064 ----a-w C:\Windows\System32\dpus11.dll 2008-01-04 21:57 294,912 ----a-w C:\Windows\System32\dpu11.dll 2008-01-04 21:57 294,912 ----a-w C:\Windows\System32\dpu10.dll 2008-01-04 21:57 196,608 ----a-w C:\Windows\System32\dtu100.dll 2008-01-04 21:56 156,992 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe 2008-01-04 21:56 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll 2007-12-14 11:32 12,632 ----a-w C:\Windows\System32\lsdelete.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-02-06 16:35 1232896] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "dmyus.tmp"="C:\Windows\system32\dmyus.tmp" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-28 11:15 1006264] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-22 17:37 894248] "NDSTray.exe"="NDSTray.exe" [] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 21:59 115816] "Toshiba Registration"="C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 11:05 571024] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52 49152] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime "Desktop SMS"=C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto "RtHDVCpl"=RtHDVCpl.exe "HotKeysCmds"=C:\Windows\system32\hkcmd.exe "IgfxTray"=C:\Windows\system32\igfxtray.exe "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "Skytel"=Skytel.exe "topi"=C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{53A04F87-6BED-4ED8-A34F-58C3EE795A4C}C:\program files\azureus\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus|Desc=Azureus "UDP Query User{F81D350F-75BC-4F78-92A7-0612AAD27D0F}C:\program files\azureus\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus|Desc=Azureus "{EB952FF8-9C81-4F7A-B7AA-845239ACD7C9}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{5539E36B-1368-42EB-B5B5-CF9696CE1F1B}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{836968B6-CBF9-496F-A036-AC132172FEBC}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{26954958-8F3F-4994-BD37-5D9FFDB94A9D}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{A05F006D-DF77-4A39-BC50-0A99AD6C71D6}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE| "{B29A5AF7-B732-4AD6-BB9F-13DCB00C9781}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire "{0DF1B16E-BC81-4561-8BE9-5C6DE004BA24}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire "{932E1522-B7AD-43F3-875C-854835EAD83F}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{942822CD-4444-4C27-B118-14F4F911BB7F}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R0 tos_sps32;TOSHIBA tos_sps32 Service;C:\Windows\system32\DRIVERS\tos_sps32.sys [2007-07-26 15:18] R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080227.001\IDSvix86.sys [2008-02-13 16:18] R2 ASLDRService;ASLDR Service;C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-02-05 17:13] R2 TNaviSrv;TOSHIBA Navi Support Service;C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [2007-07-26 15:20] R2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [2006-11-02 09:45] R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-05-31 08:51] R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8187B.sys [2007-06-01 11:07] R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 19:55] R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver;C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 11:50] S4 KR10I;KR10I;C:\Windows\system32\drivers\kr10i.sys [2007-01-18 14:40] S4 KR10N;KR10N;C:\Windows\system32\drivers\kr10n.sys [2007-01-18 14:47] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp *Newly Created Service* - COMHOST . Contents of the 'Scheduled Tasks' folder "2008-02-22 17:17:10 C:\Windows\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe "2008-02-05 18:44:03 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Mikki.job" - C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK: . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-03 15:27:15 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-03-03 15:27:57 ComboFix-quarantined-files.txt 2008-03-03 15:27:54 ComboFix2.txt 2008-02-29 12:34:54 ComboFix3.txt 2008-02-24 15:02:04 . 2008-02-16 12:37:22 --- E O F --- And the HijackThis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:37:28, on 03/03/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16609) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Internet Explorer\IEUser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [dmyus.tmp] C:\Windows\system32\dmyus.tmp O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4 (file missing) O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redire...1&site=home (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bonjour Service - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 7409 bytes I will see how my computer behaves over the next few hours and post again later. |
|
|
|
|
Mar 3 2008, 03:51 PM
Post
#6
|
|
|
Forum God Group: Root Admin Posts: 48,377 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276
|
Open notepad and copy/paste the text in the quotebox below into it:
CODE File:: C:\Windows\system32\dmyus.tmp Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "dmyus.tmp"=- Save this as Save this as "CFScript" Drag CFScript.txt into ComboFix.exe Then post the results log and a new HijackThis log. Also please describe how your computer behaves at the moment. |
|
|
|
|
Mar 4 2008, 06:26 AM
Post
#7
|
|
|
New Member Group: New Member Posts: 6 Joined: 22-February 08 Member No.: 77,047 Operating System: Windows Vista Basic |
Combofix Log:
ComboFix 08-02-25.3 - Mikki 2008-03-04 12:16:01.4 - NTFSx86 Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.212 [GMT 0:00] Running from: C:\Users\Mikki\Desktop\ComboFix.exe Command switches used :: C:\Users\Mikki\Desktop\CFScript.txt * Created a new restore point FILE :: C:\Windows\system32\dmyus.tmp . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\system32\x64 . ((((((((((((((((((((((((( Files Created from 2008-02-04 to 2008-03-04 ))))))))))))))))))))))))))))))) . 2008-03-04 03:01 . 2008-03-04 03:02 <DIR> d-------- C:\Windows\LastGood 2008-02-25 22:03 . 2008-02-25 22:03 <DIR> d-------- C:\Program Files\Common Files\Adobe 2008-02-25 21:58 . 2008-02-25 21:58 <DIR> d-------- C:\Program Files\iTunes 2008-02-25 21:58 . 2008-02-25 21:58 <DIR> d-------- C:\Program Files\iPod 2008-02-25 21:58 . 2008-02-25 21:58 54,156 --ah----- C:\Windows\QTFont.qfn 2008-02-25 21:58 . 2008-02-25 21:58 1,409 --a------ C:\Windows\QTFont.for 2008-02-25 21:56 . 2008-02-25 21:56 <DIR> d-------- C:\Program Files\QuickTime 2008-02-24 18:14 . 2008-02-24 18:15 606 --a------ C:\NCO_BHO.reg 2008-02-24 14:34 . 2008-02-24 14:40 <DIR> d-------- C:\fixwareout 2008-02-23 00:30 . 2008-02-23 00:30 <DIR> d-------- C:\Users\All Users\Lavasoft 2008-02-23 00:30 . 2008-02-23 00:30 <DIR> d-------- C:\ProgramData\Lavasoft 2008-02-23 00:30 . 2008-02-23 00:30 <DIR> d-------- C:\Program Files\Lavasoft 2008-02-22 17:05 . 2008-02-22 17:05 <DIR> d-------- C:\Program Files\Trend Micro 2008-02-17 17:12 . 2008-02-17 17:12 <DIR> d-------- C:\Users\Mikki\AppData\Roaming\vlc 2008-02-15 20:52 . 2008-02-15 20:52 <DIR> d-------- C:\Users\Mikki\AppData\Roaming\DivX 2008-02-15 20:40 . 2008-02-15 20:40 <DIR> d-------- C:\Program Files\Google 2008-02-14 12:35 . 2008-02-14 12:35 <DIR> d-------- C:\Users\All Users\WEBREG 2008-02-14 12:35 . 2008-02-14 12:35 <DIR> d-------- C:\ProgramData\WEBREG 2008-02-14 12:34 . 2008-02-14 12:35 <DIR> d-------- C:\Users\Mikki\AppData\Roaming\HP 2008-02-14 12:33 . 2008-02-14 12:33 <DIR> d-------- C:\Users\All Users\HPSSUPPLY 2008-02-14 12:33 . 2008-02-14 12:33 <DIR> d-------- C:\ProgramData\HPSSUPPLY 2008-02-14 12:30 . 2008-02-14 12:30 <DIR> d-------- C:\Program Files\Hewlett-Packard 2008-02-14 12:30 . 2008-02-14 12:33 <DIR> d-------- C:\Program Files\Common Files\HP 2008-02-14 12:30 . 2008-02-14 12:30 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard 2008-02-14 12:24 . 2008-02-14 12:33 <DIR> d-------- C:\Program Files\HP 2008-02-14 12:23 . 2008-02-16 12:31 <DIR> d-------- C:\Users\All Users\HP 2008-02-14 12:23 . 2008-02-16 12:31 <DIR> d-------- C:\ProgramData\HP 2008-02-14 12:23 . 2006-12-16 06:19 675,840 --a------ C:\Windows\System32\hpowiav1.dll 2008-02-14 12:23 . 2006-12-16 06:19 573,440 --a------ C:\Windows\System32\hpotscl1.dll 2008-02-14 12:23 . 2006-12-16 06:19 303,104 --a------ C:\Windows\System32\hpovst01.dll 2008-02-14 12:23 . 2006-11-20 21:36 258,048 --a------ C:\Windows\System32\hpzids01.dll 2008-02-14 12:23 . 2008-02-14 12:35 148,920 --a------ C:\Windows\hpoins19.dat 2008-02-14 12:23 . 2007-03-13 19:52 26,952 --a------ C:\Windows\hpomdl19.dat 2008-02-14 03:13 . 2008-02-14 03:13 194,560 --a------ C:\Windows\System32\WebClnt.dll 2008-02-14 03:13 . 2008-02-14 03:13 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys 2008-02-14 03:08 . 2008-02-14 03:08 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe 2008-02-14 03:07 . 2008-02-14 03:07 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-02-14 03:07 . 2008-02-14 03:07 1,686,528 --a------ C:\Windows\System32\gameux.dll 2008-02-14 03:04 . 2008-02-14 03:04 1,383,424 --a------ C:\Windows\System32\mshtml.tlb 2008-02-14 03:04 . 2008-02-14 03:04 824,832 --a------ C:\Windows\System32\wininet.dll 2008-02-14 03:03 . 2008-02-14 03:03 1,831,424 --a------ C:\Windows\System32\inetcpl.cpl 2008-02-14 03:03 . 2008-02-14 03:03 56,320 --a------ C:\Windows\System32\iesetup.dll 2008-02-14 03:03 . 2008-02-14 03:03 26,624 --a------ C:\Windows\System32\ieUnatt.exe 2008-02-11 14:32 . 2008-02-22 17:25 <DIR> d-------- C:\Users\Mikki\AppData\Roaming\LimeWire 2008-02-11 14:32 . 2008-02-11 14:32 <DIR> d-------- C:\Program Files\LimeWire 2008-02-08 00:43 . 2006-05-10 12:15 1,929,216 --a------ C:\Windows\System32\cdintf250.dll 2008-02-08 00:43 . 2008-02-08 00:43 1,024 --a------ C:\Windows\System32\clauth2.dll 2008-02-08 00:43 . 2008-02-08 00:43 1,024 --a------ C:\Windows\System32\clauth1.dll 2008-02-08 00:43 . 2008-02-08 00:44 14 --a------ C:\Windows\System32\ssprs.tgz 2008-02-08 00:43 . 2008-02-08 00:43 0 --a------ C:\Windows\System32\nsprs.tgz 2008-02-08 00:40 . 2008-02-23 19:15 <DIR> d-------- C:\Program Files\SPSS 2008-02-08 00:40 . 2008-02-08 00:40 1,025 --a------ C:\Windows\System32\sysprs7.tgz 2008-02-08 00:40 . 2008-02-08 00:40 1,025 --a------ C:\Windows\System32\sysprs7.dll 2008-02-08 00:40 . 2008-02-08 00:44 219 --a------ C:\Windows\System32\lsprst7.tgz 2008-02-08 00:39 . 2008-02-08 17:34 16 ---h----- C:\Windows\System32\servdat.slm 2008-02-06 17:02 . 2008-02-23 19:15 <DIR> d-------- C:\Program Files\VideoLAN 2008-02-06 16:48 . 2008-02-06 16:48 2,923,520 --a------ C:\Windows\explorer.exe 2008-02-06 16:45 . 2008-02-06 16:45 8,147,968 --a------ C:\Windows\System32\wmploc.DLL 2008-02-06 16:45 . 2008-02-06 16:45 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll 2008-02-06 16:45 . 2008-02-06 16:45 7,680 --a------ C:\Windows\System32\spwmp.dll 2008-02-06 16:45 . 2008-02-06 16:45 4,096 --a------ C:\Windows\System32\msdxm.ocx 2008-02-06 16:45 . 2008-02-06 16:45 4,096 --a------ C:\Windows\System32\dxmasf.dll 2008-02-06 16:39 . 2008-02-06 16:39 1,191,936 --a------ C:\Windows\System32\msxml3.dll 2008-02-06 16:39 . 2008-02-06 16:39 2,048 --a------ C:\Windows\System32\msxml3r.dll 2008-02-06 16:38 . 2008-02-06 16:38 1,327,104 --a------ C:\Windows\System32\quartz.dll 2008-02-06 16:38 . 2008-02-06 16:38 223,232 --a------ C:\Windows\System32\WMASF.DLL 2008-02-06 16:38 . 2008-02-06 16:38 9,728 --a------ C:\Windows\System32\LAPRXY.DLL 2008-02-06 16:38 . 2008-02-06 16:38 2,048 --a------ C:\Windows\System32\asferror.dll 2008-02-06 16:37 . 2008-02-06 16:37 1,335,296 --a------ C:\Windows\System32\msxml6.dll 2008-02-06 16:37 . 2008-02-06 16:37 2,048 --a------ C:\Windows\System32\msxml6r.dll 2008-02-06 16:35 . 2008-02-06 16:35 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys 2008-02-06 16:35 . 2008-02-06 16:35 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys 2008-02-06 16:35 . 2008-02-06 16:35 11,776 --a------ C:\Windows\System32\sbunattend.exe 2008-02-06 16:32 . 2008-02-06 16:32 788,992 --a------ C:\Windows\System32\rpcrt4.dll 2008-02-06 16:32 . 2008-02-06 16:32 130,048 --a------ C:\Windows\System32\drivers\srv2.sys 2008-02-06 16:32 . 2008-02-06 16:32 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys 2008-02-06 16:32 . 2008-02-06 16:32 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys 2008-02-06 16:32 . 2008-02-06 16:32 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys 2008-02-06 16:30 . 2008-02-06 16:30 2,048 --a------ C:\Windows\System32\tzres.dll 2008-02-06 16:29 . 2008-02-06 16:29 750,080 --a------ C:\Windows\System32\qmgr.dll 2008-02-05 19:10 . 2008-02-05 19:10 <DIR> d-------- C:\Users\Mikki\AppData\Roaming\TuneUp Software 2008-02-05 19:10 . 2008-02-05 19:10 <DIR> d-------- C:\Program Files\TuneUp Utilities 2007 2008-02-05 19:10 . 2007-03-28 19:42 29,704 --a------ C:\Windows\System32\uxtuneup.dll 2008-02-05 19:10 . 2007-04-26 15:57 16,904 --a------ C:\Windows\System32\authuitu.dll 2008-02-05 19:09 . 2008-02-05 19:09 <DIR> d-------- C:\Users\All Users\TuneUp Software 2008-02-05 19:09 . 2008-02-05 19:09 <DIR> d-------- C:\ProgramData\TuneUp Software 2008-02-05 19:09 . 2008-02-23 00:29 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-02-05 18:47 . 2008-02-05 18:47 <DIR> dr------- C:\Windows\System32\config\systemprofile\Music 2008-02-05 18:00 . 2008-02-05 18:01 <DIR> d-------- C:\Program Files\DivX 2008-02-05 18:00 . 2008-02-05 18:00 <DIR> d-------- C:\Program Files\Common Files\PX Storage Engine 2008-02-05 16:31 . 2008-02-05 16:31 <DIR> d-------- C:\Users\Mikki\AppData\Roaming\Apple Computer 2008-02-05 16:28 . 2008-02-05 16:31 <DIR> d-------- C:\Users\All Users\Apple Computer 2008-02-05 16:28 . 2008-02-05 16:31 <DIR> d-------- C:\ProgramData\Apple Computer 2008-02-05 16:27 . 2008-02-05 16:27 <DIR> d-------- C:\Program Files\Apple Software Update 2008-02-05 16:26 . 2008-02-05 16:26 <DIR> d-------- C:\Users\All Users\Apple 2008-02-05 16:26 . 2008-02-05 16:26 <DIR> d-------- C:\ProgramData\Apple 2008-02-05 16:26 . 2008-02-05 16:26 <DIR> d-------- C:\Program Files\Common Files\Apple 2008-02-05 16:21 . 2006-10-26 19:56 32,592 --a------ C:\Windows\System32\msonpmon.dll 2008-02-05 16:20 . 2008-02-23 19:15 <DIR> d-------- C:\Program Files\Microsoft Works 2008-02-05 16:19 . 2008-02-05 16:19 <DIR> d-------- C:\Program Files\Microsoft.NET . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-23 19:15 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-02-14 03:08 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys 2008-02-14 03:08 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys 2008-02-14 03:08 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe 2008-02-14 03:08 24,064 ----a-w C:\Windows\System32\netcfg.exe 2008-02-14 03:08 22,016 ----a-w C:\Windows\System32\netiougc.exe 2008-02-14 03:08 216,632 ----a-w C:\Windows\system32\drivers\netio.sys 2008-02-14 03:08 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys 2008-02-14 03:08 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys 2008-02-14 03:08 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll 2008-02-14 03:08 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys 2008-02-14 03:08 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys 2008-02-14 03:07 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-02-14 03:07 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-02-14 03:07 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-02-14 03:07 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-02-14 03:03 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-02-08 00:38 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-02-06 17:10 174 --sha-w C:\Program Files\desktop.ini 2008-02-06 17:05 --------- d-----w C:\Program Files\Windows Sidebar 2008-02-06 17:05 --------- d-----w C:\Program Files\Windows Mail 2008-02-06 17:05 --------- d-----w C:\Program Files\Windows Calendar 2008-02-06 16:48 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr 2008-02-06 16:36 88,576 ----a-w C:\Windows\System32\avifil32.dll 2008-02-05 18:43 --------- d-----w C:\Program Files\Norton Internet Security 2008-02-05 18:35 --------- d-----w C:\ProgramData\Symantec 2008-02-05 18:33 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF 2008-02-05 18:33 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS 2008-02-05 18:33 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT 2008-02-05 18:33 --------- d-----w C:\Program Files\Symantec 2008-02-05 14:17 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-01-15 02:39 30,464 ----a-w C:\Windows\system32\drivers\usbaapl.sys 2008-01-04 21:59 524,288 ----a-w C:\Windows\System32\DivXsm.exe 2008-01-04 21:58 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll 2008-01-04 21:58 200,704 ----a-w C:\Windows\System32\ssldivx.dll 2008-01-04 21:58 1,044,480 ----a-w C:\Windows\System32\libdivx.dll 2008-01-04 21:57 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll 2008-01-04 21:57 823,296 ----a-w C:\Windows\System32\divx_xx07.dll 2008-01-04 21:57 81,920 ----a-w C:\Windows\System32\dpl100.dll 2008-01-04 21:57 802,816 ----a-w C:\Windows\System32\divx_xx11.dll 2008-01-04 21:57 682,496 ----a-w C:\Windows\System32\DivX.dll 2008-01-04 21:57 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll 2008-01-04 21:57 57,344 ----a-w C:\Windows\System32\dpv11.dll 2008-01-04 21:57 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll 2008-01-04 21:57 344,064 ----a-w C:\Windows\System32\dpus11.dll 2008-01-04 21:57 294,912 ----a-w C:\Windows\System32\dpu11.dll 2008-01-04 21:57 294,912 ----a-w C:\Windows\System32\dpu10.dll 2008-01-04 21:57 196,608 ----a-w C:\Windows\System32\dtu100.dll 2008-01-04 21:56 156,992 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe 2008-01-04 21:56 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll 2008-01-02 17:07 920,088 ----a-w C:\Windows\System32\igxpun.exe 2008-01-02 17:07 256,536 ----a-w C:\Windows\System32\igfxsrvc.exe 2008-01-02 17:07 170,520 ----a-w C:\Windows\System32\igfxzoom.exe 2008-01-02 17:07 141,848 ----a-w C:\Windows\System32\igfxtray.exe 2008-01-02 17:07 133,656 ----a-w C:\Windows\System32\igfxpers.exe 2008-01-02 17:06 530,968 ----a-w C:\Windows\System32\igfxcfg.exe 2008-01-02 17:06 170,520 ----a-w C:\Windows\System32\igfxext.exe 2008-01-02 17:06 166,424 ----a-w C:\Windows\System32\hkcmd.exe 2008-01-02 16:57 147,456 ----a-w C:\Windows\System32\igfxCoIn_v1409.dll 2008-01-02 16:48 2,580,480 ----a-w C:\Windows\System32\igdumd32.dll 2008-01-02 16:47 104,636 ----a-w C:\Windows\System32\igmedcompkrn.dll 2008-01-02 16:47 1,953,696 ----a-w C:\Windows\System32\igklg400.dll 2008-01-02 16:47 1,533,360 ----a-w C:\Windows\System32\igklg450.dll 2008-01-02 16:42 1,658,880 ----a-w C:\Windows\System32\ig4dev32.dll 2008-01-02 16:41 2,416,640 ----a-w C:\Windows\System32\ig4icd32.dll 2008-01-02 16:34 69,632 ----a-w C:\Windows\System32\oemdspif.dll 2008-01-02 16:34 48,128 ----a-w C:\Windows\System32\igfxsrvc.dll 2008-01-02 16:34 241,664 ----a-w C:\Windows\System32\igfxTMM.dll 2008-01-02 16:34 24,576 ----a-w C:\Windows\System32\igfxexps.dll 2008-01-02 16:34 204,800 ----a-w C:\Windows\System32\igfxpph.dll 2008-01-02 16:33 3,293,184 ----a-w C:\Windows\System32\igfxress.dll 2008-01-02 16:33 200,704 ----a-w C:\Windows\System32\igfxdev.dll 2008-01-02 16:33 135,168 ----a-w C:\Windows\System32\igfxdo.dll 2008-01-02 16:33 102,400 ----a-w C:\Windows\System32\hccutils.dll 2007-12-14 11:32 12,632 ----a-w C:\Windows\System32\lsdelete.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-02-06 16:35 1232896] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-28 11:15 1006264] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-22 17:37 894248] "NDSTray.exe"="NDSTray.exe" [] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 21:59 115816] "Toshiba Registration"="C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 11:05 571024] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52 49152] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-01-02 17:07 141848] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-01-02 17:06 166424] "Persistence"="C:\Windows\system32\igfxpers.exe" [2008-01-02 17:07 133656] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime "Desktop SMS"=C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto "RtHDVCpl"=RtHDVCpl.exe "HotKeysCmds"=C:\Windows\system32\hkcmd.exe "IgfxTray"=C:\Windows\system32\igfxtray.exe "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "Skytel"=Skytel.exe "topi"=C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{53A04F87-6BED-4ED8-A34F-58C3EE795A4C}C:\program files\azureus\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus|Desc=Azureus "UDP Query User{F81D350F-75BC-4F78-92A7-0612AAD27D0F}C:\program files\azureus\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus|Desc=Azureus "{EB952FF8-9C81-4F7A-B7AA-845239ACD7C9}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{5539E36B-1368-42EB-B5B5-CF9696CE1F1B}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{836968B6-CBF9-496F-A036-AC132172FEBC}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{26954958-8F3F-4994-BD37-5D9FFDB94A9D}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{A05F006D-DF77-4A39-BC50-0A99AD6C71D6}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE| "{B29A5AF7-B732-4AD6-BB9F-13DCB00C9781}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire "{0DF1B16E-BC81-4561-8BE9-5C6DE004BA24}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire "{932E1522-B7AD-43F3-875C-854835EAD83F}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{942822CD-4444-4C27-B118-14F4F911BB7F}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R0 tos_sps32;TOSHIBA tos_sps32 Service;C:\Windows\system32\DRIVERS\tos_sps32.sys [2007-07-26 15:18] R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080227.001\IDSvix86.sys [2008-02-13 16:18] R2 ASLDRService;ASLDR Service;C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-02-05 17:13] R2 TNaviSrv;TOSHIBA Navi Support Service;C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [2007-07-26 15:20] R2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [2006-11-02 09:45] R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 16:48] R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8187B.sys [2007-06-01 11:07] R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 19:55] R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver;C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 11:50] S4 KR10I;KR10I;C:\Windows\system32\drivers\kr10i.sys [2007-01-18 14:40] S4 KR10N;KR10N;C:\Windows\system32\drivers\kr10n.sys [2007-01-18 14:47] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp *Newly Created Service* - COMHOST . Contents of the 'Scheduled Tasks' folder "2008-02-22 17:17:10 C:\Windows\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe "2008-02-05 18:44:03 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Mikki.job" - C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK: . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-04 12:17:47 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-03-04 12:18:24 ComboFix-quarantined-files.txt 2008-03-04 12:18:20 ComboFix2.txt 2008-03-03 15:27:58 ComboFix3.txt 2008-02-29 12:34:54 ComboFix4.txt 2008-02-24 15:02:04 . 2008-03-04 03:03:28 --- E O F --- HijackThis Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:20:45, on 04/03/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16609) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Windows\Explorer.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4 (file missing) O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redire...1&site=home (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bonjour Service - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 7486 bytes So far, when I have tried Google, it has not been redirecting me, so hopefully it will stay that way! Also, websites that would not work previously now do work. There aren't any other problems to my knowledge. |
|
|
|
|
Mar 4 2008, 06:32 AM
Post
#8
|
|
|
Forum God Group: Root Admin Posts: 48,377 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276
|
Here's my usual all clean post Log looks good  You need to create a new Clean restore point. Note: This will remove all previous Restore Points Turn off System Restore: On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. Check Turn off System Restore. Click Apply, and then click OK. Restart your computer, turn it back on. On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. Remove the Check Turn off System Restore. Click Apply, and then click OK. |
|
|
|
 Mar 4 2008, 12:34 PM
Post
#9
|
|
|
New Member Group: New Member Posts: 6 Joined: 22-February 08 Member No.: 77,047 Operating System: Windows Vista Basic |
All done! Thank you very much for your help, it is VERY appreciated.
Mikaela. |
|
|
|
|
Mar 4 2008, 05:16 PM
Post
#10
|
|
|
Forum God Group: Root Admin Posts: 48,377 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276
|
Great job
 You're more then welcome. Glad we were able to help |
|
|
|
|
Mar 4 2008, 05:16 PM
Post
#11
|
|
|
Forum God Group: Root Admin Posts: 48,377 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276
|
Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic. |
|
|
|
|
Similar Topics
| Topic Title | Replies | Topic Starter | Views | Last Action | |||
|---|---|---|---|---|---|---|---|
 |
5 | ajones | 107 | Today, 02:10 AM Last post by: oldman960 |
|||
|
11 | pacificjade | 128 | Yesterday, 05:00 PM Last post by: LDTate |
|||
|
7 | 3streamMusic | 166 | Yesterday, 02:39 PM Last post by: LDTate |
|||
 |
14 | ShawBuck | 169 | Yesterday, 10:50 AM Last post by: CatByte |
|||
|
Time is now: 19th March 2010 - 04:34 PM |
Member site: Alliance of Security Analysis Professionals | UNITE Against Malware
Memory Forums | Auto Repair Forum
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy
