Thanks so much for ur prompt n detailed solution. tink e prob is gone now!!
ComboFix 07-10-12.4 - giff 2007-10-16 12:46:07.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.305 [GMT 8:00]
Running from: C:\Documents and Settings\giff\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
C:\autorun.inf
C:\pooh.vbs
C:\WINDOWS\Debug\pooh.vbs
C:\WINDOWS\system32\aikelyu.html
C:\WINDOWS\system32\kernel.dll.vbs
D:\autorun.inf
D:\Autorun.inf
D:\pooh.vbs
.
((((((((((((((((((((((((( Files Created from 2007-09-16 to 2007-10-16 )))))))))))))))))))))))))))))))
.
2007-10-16 12:44 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-30 15:09 <DIR> d-------- C:\Documents and Settings\giff\Application Data\Skype
2007-09-30 15:02 <DIR> d-------- C:\Program Files\Skype
2007-09-30 15:02 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-09-30 15:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-09-30 14:02 390,849 -ra------ C:\WINDOWS\system32\drivers\usbVM303.sys
2007-09-30 14:02 102,400 -ra------ C:\WINDOWS\VM303Cap.exe
2007-09-30 14:02 81,920 -ra------ C:\WINDOWS\system32\VM303STI.dll
2007-09-30 14:02 61,440 -ra------ C:\WINDOWS\VM303_STI.EXE
2007-09-24 22:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-09-19 16:41 77,053,970 --a------ C:\gifford.reg
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-16 04:50 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-07 13:09 --------- d-----w C:\Program Files\TVU Player
2007-09-15 14:13 --------- d-----w C:\Program Files\MSECache
2007-09-15 03:01 --------- d-----w C:\Program Files\XoftSpySE
2007-09-14 08:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2007-09-14 07:47 --------- d-----w C:\Program Files\Launch Manager
2007-09-12 04:52 182,672 ----a-w C:\WINDOWS\system32\drivers\ino_fltr.sys
2007-09-08 15:24 --------- d-----w C:\Documents and Settings\giff\Application Data\CyberLink
2007-09-08 15:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2007-08-27 10:10 --------- d-----w C:\Program Files\LimeWire
2007-08-27 09:59 --------- d-----w C:\Documents and Settings\giff\Application Data\LimeWire
2007-08-23 12:02 --------- d-----w C:\Program Files\Common Files\Adobe
2007-08-23 11:54 --------- d-----w C:\Documents and Settings\giff\Application Data\AdobeUM
2007-08-22 11:09 --------- d-----w C:\Program Files\Spyware Doctor
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-19 13:05 --------- d-----w C:\Documents and Settings\giff\Application Data\PC Tools
2007-07-30 11:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 11:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 11:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 11:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 11:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 11:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-07-30 11:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-30 11:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 11:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 11:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-03-30 12:52]
"eLockMonitor"="C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe" []
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2007-05-24 12:18]
"Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 22:12]
"Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2007-03-02 11:25]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 14:40]
"Realtime Monitor"="C:\Program Files\CA\eTrustITM\realmon.exe" [2005-12-10 01:57]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2007-08-19 21:07]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2007-07-01 17:31:21]
SMU VPN Client.lnk - C:\Program Files\SMU-VPN\ipsecdialer.exe [2007-07-02 15:30:26]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2006-03-26 22:44:08]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 13:11 233472]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
C:\Program Files\Acer\Bio-Protection fingerprint solution\WinNotify.dll 2007-06-30 18:33 2812928 C:\Program Files\Acer\Bio-Protection fingerprint solution\WinNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
C:\Program Files\Common Files\SPBA\homefus2.dll 2007-05-03 12:40 331264 C:\Program Files\Common Files\SPBA\homefus2.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli C:\Program Files\Acer\Bio-Protection fingerprint solution\PwdFilter
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aikelyu]
C:\WINDOWS\system32\aikelyu.html
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSet]
rundll32.exe C:\WINDOWS\PLFSet.dll,PLFDefSetting
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZPdtWzdVitaKey MC3000]
"C:\Program Files\Acer\Bio-Protection fingerprint solution\PdtWzd.exe" show
R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys
R1 NECPJTDI;NECPJTDI;C:\WINDOWS\system32\drivers\NECPJTDI.sys
R1 necpjzc;NEC Projecter tools I/O Protocol;C:\WINDOWS\system32\DRIVERS\necpjzc.sys
R2 CVPNDRV;SMU IPsec Driver;\??\C:\WINDOWS\system32\Drivers\CVPNDRV.sys
R2 Int15;int15;\??\C:\WINDOWS\System32\drivers\int15.sys
R2 tvicport;tvicport;\??\C:\WINDOWS\system32\drivers\tvicport.sys
R3 DKbFltr;Dritek Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
R3 EMSCR;EMSCR;C:\WINDOWS\system32\DRIVERS\EMS7SK.sys
R3 ESDCR;ESDCR;C:\WINDOWS\system32\DRIVERS\ESD7SK.sys
R3 ESMCR;ESMCR;C:\WINDOWS\system32\DRIVERS\ESM7SK.sys
R3 necpj;necpj;C:\WINDOWS\system32\DRIVERS\necpjvmd.sys
R3 psdfilter;psdfilter;\??\C:\WINDOWS\system32\Drivers\psdfilter.sys
R3 psdvdisk;psdvdisk;\??\C:\WINDOWS\system32\Drivers\psdvdisk.sys
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC);C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
R3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pooh.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f719fe2-6593-11dc-8756-00197ee286ae}]
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pooh.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d2beace-6003-11dc-8745-00197ee286ae}]
AutoRun\command - F:\sysboot.scr
open\Command - F:\sysboot.scr
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dcf2e51a-3d99-11dc-8710-0013e828fc19}]
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pooh.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea8aa1d4-5490-11dc-8729-0013e828fc19}]
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pooh.vbs
.
Contents of the 'Scheduled Tasks' folder
"2007-10-15 11:24:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
"2007-10-16 04:45:18 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-09-15 02:41:15 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-10-16 12:50:41
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-16 12:51:49 - machine was rebooted
.
--- E O F ---
uninstall_listAcer Bio-Protection fingerprint solution 3.0.1.0
Acer Crystal Eye webcam
Acer Crystal Eye webcam
Acer eDataSecurity Management
Acer eDataSecurity Management 2.0.4086
Acer eLock Management
Acer Empowering Technology
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer GridVista
Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.0
Adobe Shockwave Player
Agere Systems HDA Modem
Broadcom Gigabit Integrated Controller
CA eTrustITM Agent
CA iTechnology iGateway
Compatibility Pack for the 2007 Office system
EndNote X.0.2 Volume License Edition
getPlus®_ocx
HeuCampus
High Definition Audio Driver Package - KB888111
HijackThis 1.99.1
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB909667)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB917021)
Hotfix for Windows XP (KB918005)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
Intel® Graphics Media Accelerator Driver
ISI ResearchSoft - Export Helper
J2SE Runtime Environment 5.0 Update 6
Launch Manager
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Office Project Professional 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox (2.0.0.7)
MSXML 6.0 Parser (KB933579)
NTI Backup NOW! 4.7
NTI CD & DVD-Maker
OneCare Advisor (Windows Live Toolbar)
Popup Blocker (Windows Live Toolbar)
PowerDVD
Protector Suite VTAPI+ 5.6
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Skype™ 3.5
Smart Menus (Windows Live Toolbar)
Spyware Doctor 4.0
Synaptics Pointing Device Driver
Tabbed Browsing (Windows Live Toolbar)
TVUPlayer 1.5.12
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
VideoLAN VLC media player 0.8.5
Virtual Canvas Agent
VPN Client
WIDCOMM Bluetooth Software
Windows Communication Foundation
Windows Defender
Windows Desktop Search
Windows Driver Package - Intel (NETw4x32) net (02/25/2007 11.1.0.86)
Windows Driver Package - Intel (w29n51) net (02/08/2007 9.0.4.33)
Windows Driver Package - Intel net (02/25/2007 11.1.0.86)
Windows Driver Package - Intel net (02/25/2007 11.1.0.86)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Favorites for Windows Live Toolbar
Windows Live Messenger
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885453
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB895948
WinRAR archiver
WinZip 11.1
XoftSpySE
Logfile of HijackThis v1.99.1
Scan saved at 12:58:05 PM, on 10/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\SMU-VPN\cvpnd.exe
C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
C:\Program Files\CA\eTrustITM\InoRpc.exe
C:\Program Files\CA\eTrustITM\InoRT.exe
C:\Program Files\CA\eTrustITM\InoTask.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CA\eTrustITM\eaps.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\CA\eTrustITM\realmon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\giff\Desktop\installer\hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.adobe.com...om/default.html
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrustITM\realmon.exe" -s
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: SMU VPN Client.lnk = C:\Program Files\SMU-VPN\ipsecdialer.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites -
http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-sg\msntabres.dll.mui/229?44027bf3f5e94657b121eb689c5c403b
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-sg\msntabres.dll.mui/230?44027bf3f5e94657b121eb689c5c403b
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
http://pcpitstop.com...p/PCPitStop.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.mi...b?1183201515953
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) -
http://www.adobe.com...obat/nos/gp.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Bio-Protection fingerprint solution\WinNotify.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\SMU-VPN\cvpnd.exe
O23 - Service: eLock Service (eLockService) - - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iTechnology iGateway 4.0 (iGateway) - Computer Associates International, Inc. - C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
O23 - Service: eTrust ITM RPC Service (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrustITM\InoRpc.exe
O23 - Service: eTrust ITM Realtime Service (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrustITM\InoRT.exe
O23 - Service: eTrust ITM Job Service (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrustITM\InoTask.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
cheers
giff