Tech Support Forum - View Single Post - Computer running slow and pop-ups all the time

echris · 08-07-2007, 05:53 AM

Combofix log:

ComboFix 07-08-07.5 - "Espen" 2007-08-07 12:42:36.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.236 [GMT 2:00]
* Created a new restore point

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Program Files\Common Files\ymbols~1
C:\Program Files\Common Files\ymbols~1\wuauclt.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\sks~1
C:\Program Files\sks~1\?poolsv.exe
C:\Program Files\Ultimate Cleaner
C:\WINDOWS\Casino.ico
C:\WINDOWS\Free Online Dating.ico
C:\WINDOWS\mgrs.exe
C:\WINDOWS\Spyware Remover.ico
C:\WINDOWS\system32\asgathkn.ini
C:\WINDOWS\system32\ddycyuno.exe
C:\WINDOWS\system32\dusgtxvb.exe
C:\WINDOWS\system32\ffsdkjff.exe
C:\WINDOWS\system32\hlpsrv.exe
C:\WINDOWS\system32\iifdcda.dll
C:\WINDOWS\system32\jqaxudov.ini
C:\WINDOWS\system32\kbllaacv.dll
C:\WINDOWS\system32\ksd.dll
C:\WINDOWS\system32\mlnmp.bak1
C:\WINDOWS\system32\mlnmp.bak2
C:\WINDOWS\system32\mlnmp.ini
C:\WINDOWS\system32\mlnmp.ini2
C:\WINDOWS\system32\mlnmp.tmp
C:\WINDOWS\system32\nkhtagsa.dll
C:\WINDOWS\system32\nlpaxvjg.exe
C:\WINDOWS\system32\pmnlm.dll
C:\WINDOWS\system32\qqypgdms.exe
C:\WINDOWS\system32\ssqqnom.dll
C:\WINDOWS\system32\syswin.exe
C:\WINDOWS\system32\ubwmbuel.exe
C:\WINDOWS\system32\uvacoqph.dll
C:\WINDOWS\system32\voduxaqj.dll
C:\WINDOWS\system32\wfsuyccp.exe
C:\WINDOWS\system32\winwil32.dll
C:\WINDOWS\system32\xtiupudp.exe

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_DOMAINSERVICE
-------\DomainService

((((((((((((((((((((((((( Files Created from 2007-07-07 to 2007-08-07 )))))))))))))))))))))))))))))))

2007-08-07 12:46 125,504 --a------ C:\WINDOWS\system32\tmmtksrp.dll
2007-08-07 12:43 40,183 ---hs---- C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
2007-08-07 12:43 2 --a------ C:\WINDOWS\system32\wnsapiisv32.exe
2007-08-07 12:42 93,696 --a------ C:\WINDOWS\system32\drvnux.dll
2007-08-07 12:40 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-07 12:28 13,312 --a------ C:\Program Files\s2f.exe
2007-08-06 13:12 <DIR> dr-h----- C:\MSOCache
2007-08-06 12:10 <DIR> d-------- C:\Deckard
2007-08-06 12:04 96,512 --a------ C:\Program Files\ucleaner_setup.exe
2007-08-06 12:01 70,252 --a------ C:\Program Files\setup.exe
2007-08-06 00:17 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-08-06 00:14 21,312 --a------ C:\WINDOWS\choice.exe
2007-08-06 00:01 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-08-05 01:35 <DIR> d-------- C:\Program Files\Lavasoft
2007-07-20 01:24 81,920 --a------ C:\WINDOWS\system32\DirectShowSource.dll
2007-07-20 01:24 719,872 --a------ C:\WINDOWS\system32\devil.dll
2007-07-20 01:24 286,720 --a------ C:\WINDOWS\system32\avisynth.dll
2007-07-19 23:27 <DIR> d-------- C:\DOCUME~1\Espen\APPLIC~1\Key Metric Software

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-07 12:51 384 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000001-00000000-0000000A-00001102-00000004-40021102}.dat
2007-08-07 12:51 384 --a------ C:\WINDOWS\system32\DVCState-{00000001-00000000-0000000A-00001102-00000004-40021102}.dat
2007-08-04 17:27 81984 --a------ C:\WINDOWS\system32\bdod.bin
2007-07-18 22:55 --------- d-------- C:\DOCUME~1\Espen\APPLIC~1\Creative
2007-07-04 21:55 --------- d-------- C:\DOCUME~1\Espen\APPLIC~1\EmuPatchMixDSP
2007-07-04 21:12 --------- d-------- C:\DOCUME~1\Espen\APPLIC~1\Steinberg
2007-07-04 01:53 --------- d-------- C:\DOCUME~1\Espen\APPLIC~1\Bitdefender
2007-07-04 01:35 --------- d-------- C:\DOCUME~1\Espen\APPLIC~1\vlc
2007-07-04 00:57 --------- d-------- C:\DOCUME~1\Espen\APPLIC~1\Lavasoft
2007-07-03 18:27 --------- d-------- C:\DOCUME~1\Espen\APPLIC~1\AdobeUM
2007-07-03 16:39 --------- d-------- C:\DOCUME~1\Espen\APPLIC~1\Propellerhead Software
2007-07-01 17:12 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2007-06-28 16:20 233472 --a------ C:\WINDOWS\system32\REX Shared Library.dll
2007-06-08 15:02 15781 --a------ C:\WINDOWS\system32\drivers\mdc8021x.sys
2007-06-08 15:02 --------- d-------- C:\Program Files\ORiNOCO
2007-05-16 17:32 86528 --a--c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 17:32 85504 --a--c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 17:32 683520 --a--c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 17:32 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 17:32 510976 --a--c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 17:32 1314816 --a--c--- C:\WINDOWS\system32\dllcache\msoe.dll
2007-05-01 17:35 146432 ---hs---- C:\Program Files\Common Files\Yazzle1162OinAdmin.exe

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86C510E9-97EF-4749-914F-0280247BE3A6}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-04-14 12:54]
"proxim_orinoco_11abg"="C:\Program Files\ORiNOCO\WirelessClient\Utility\orinoco.exe" [2004-03-24 15:54]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:21]
"Lrdt"="C:\PROGRA~1\COMMON~1\YMBOLS~1\wuauclt.exe" []
"Gygzkl"="C:\Program Files\??sks\?poolsv.exe" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsHistory"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=sockspy.dll

R3 NTPR_NIC_SERVICE2;ORiNOCO AS 802.11abg ComboCard Adapter Service;C:\WINDOWS\system32\DRIVERS\ntpr11ag.sys
R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator;C:\WINDOWS\system32\drivers\nvax.sys
R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio;C:\WINDOWS\system32\drivers\nvapu.sys
S1 bdpredir;bdpredir;\??\C:\Program Files\Softwin\BitDefender10\bdpredir.sys
S2 BDRSDRV;BDRSDRV;\??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys
S3 Jukebox3;Jukebox3;C:\WINDOWS\system32\DRIVERS\ctpdusb.sys
S3 rt2500usb;DWL-G122(rev.B) USB Wireless LAN Driver;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys
S3 vaxscsi;vaxscsi;C:\WINDOWS\system32\Drivers\vaxscsi.sys

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-07 13:48:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-07 13:50:19 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-07 13:49

--- E O F ---

HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 13:50:44, on 07.08.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\ORiNOCO\WirelessClient\Utility\orinoco.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Espen\Desktop\Espen.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {86C510E9-97EF-4749-914F-0280247BE3A6} - (no file)
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [proxim_orinoco_11abg] C:\Program Files\ORiNOCO\WirelessClient\Utility\orinoco.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Lrdt] "C:\PROGRA~1\COMMON~1\YMBOLS~1\wuauclt.exe" -vt yazb
O4 - HKCU\..\Run: [Gygzkl] "C:\Program Files\??sks\?poolsv.exe"
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemp...ogin-devel.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Thanks again!

08-07-2007, 05:53 AM	#3 (permalink)
echris Registered User Join Date: Aug 2007 Posts: 6 OS: Windows XP	Re: Computer running slow and pop-ups all the time Combofix log: ComboFix 07-08-07.5 - "Espen" 2007-08-07 12:42:36.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.236 [GMT 2:00] * Created a new restore point ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Program Files\Common Files\ymbols~1 C:\Program Files\Common Files\ymbols~1\wuauclt.exe C:\Program Files\outerinfo C:\Program Files\outerinfo\Terms.rtf C:\Program Files\sks~1 C:\Program Files\sks~1\?poolsv.exe C:\Program Files\Ultimate Cleaner C:\WINDOWS\Casino.ico C:\WINDOWS\Free Online Dating.ico C:\WINDOWS\mgrs.exe C:\WINDOWS\Spyware Remover.ico C:\WINDOWS\system32\asgathkn.ini C:\WINDOWS\system32\ddycyuno.exe C:\WINDOWS\system32\dusgtxvb.exe C:\WINDOWS\system32\ffsdkjff.exe C:\WINDOWS\system32\hlpsrv.exe C:\WINDOWS\system32\iifdcda.dll C:\WINDOWS\system32\jqaxudov.ini C:\WINDOWS\system32\kbllaacv.dll C:\WINDOWS\system32\ksd.dll C:\WINDOWS\system32\mlnmp.bak1 C:\WINDOWS\system32\mlnmp.bak2 C:\WINDOWS\system32\mlnmp.ini C:\WINDOWS\system32\mlnmp.ini2 C:\WINDOWS\system32\mlnmp.tmp C:\WINDOWS\system32\nkhtagsa.dll C:\WINDOWS\system32\nlpaxvjg.exe C:\WINDOWS\system32\pmnlm.dll C:\WINDOWS\system32\qqypgdms.exe C:\WINDOWS\system32\ssqqnom.dll C:\WINDOWS\system32\syswin.exe C:\WINDOWS\system32\ubwmbuel.exe C:\WINDOWS\system32\uvacoqph.dll C:\WINDOWS\system32\voduxaqj.dll C:\WINDOWS\system32\wfsuyccp.exe C:\WINDOWS\system32\winwil32.dll C:\WINDOWS\system32\xtiupudp.exe ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_DOMAINSERVICE -------\DomainService ((((((((((((((((((((((((( Files Created from 2007-07-07 to 2007-08-07 ))))))))))))))))))))))))))))))) 2007-08-07 12:46 125,504 --a------ C:\WINDOWS\system32\tmmtksrp.dll 2007-08-07 12:43 40,183 ---hs---- C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe 2007-08-07 12:43 2 --a------ C:\WINDOWS\system32\wnsapiisv32.exe 2007-08-07 12:42 93,696 --a------ C:\WINDOWS\system32\drvnux.dll 2007-08-07 12:40 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-07 12:28 13,312 --a------ C:\Program Files\s2f.exe 2007-08-06 13:12 <DIR> dr-h----- C:\MSOCache 2007-08-06 12:10 <DIR> d-------- C:\Deckard 2007-08-06 12:04 96,512 --a------ C:\Program Files\ucleaner_setup.exe 2007-08-06 12:01 70,252 --a------ C:\Program Files\setup.exe 2007-08-06 00:17 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-08-06 00:14 21,312 --a------ C:\WINDOWS\choice.exe 2007-08-06 00:01 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-08-05 01:35 <DIR> d-------- C:\Program Files\Lavasoft 2007-07-20 01:24 81,920 --a------ C:\WINDOWS\system32\DirectShowSource.dll 2007-07-20 01:24 719,872 --a------ C:\WINDOWS\system32\devil.dll 2007-07-20 01:24 286,720 --a------ C:\WINDOWS\system32\avisynth.dll 2007-07-19 23:27 <DIR> d-------- C:\DOCUME~1\Espen\APPLIC~1\Key Metric Software (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-07 12:51 384 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000001-00000000-0000000A-00001102-00000004-40021102}.dat 2007-08-07 12:51 384 --a------ C:\WINDOWS\system32\DVCState-{00000001-00000000-0000000A-00001102-00000004-40021102}.dat 2007-08-04 17:27 81984 --a------ C:\WINDOWS\system32\bdod.bin 2007-07-18 22:55 --------- d-------- C:\DOCUME~1\Espen\APPLIC~1\Creative 2007-07-04 21:55 --------- d-------- C:\DOCUME~1\Espen\APPLIC~1\EmuPatchMixDSP 2007-07-04 21:12 --------- d-------- C:\DOCUME~1\Espen\APPLIC~1\Steinberg 2007-07-04 01:53 --------- d-------- C:\DOCUME~1\Espen\APPLIC~1\Bitdefender 2007-07-04 01:35 --------- d-------- C:\DOCUME~1\Espen\APPLIC~1\vlc 2007-07-04 00:57 --------- d-------- C:\DOCUME~1\Espen\APPLIC~1\Lavasoft 2007-07-03 18:27 --------- d-------- C:\DOCUME~1\Espen\APPLIC~1\AdobeUM 2007-07-03 16:39 --------- d-------- C:\DOCUME~1\Espen\APPLIC~1\Propellerhead Software 2007-07-01 17:12 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys 2007-06-28 16:20 233472 --a------ C:\WINDOWS\system32\REX Shared Library.dll 2007-06-08 15:02 15781 --a------ C:\WINDOWS\system32\drivers\mdc8021x.sys 2007-06-08 15:02 --------- d-------- C:\Program Files\ORiNOCO 2007-05-16 17:32 86528 --a--c--- C:\WINDOWS\system32\dllcache\directdb.dll 2007-05-16 17:32 85504 --a--c--- C:\WINDOWS\system32\dllcache\wabimp.dll 2007-05-16 17:32 683520 --a--c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2007-05-16 17:32 683520 --a------ C:\WINDOWS\system32\inetcomm.dll 2007-05-16 17:32 510976 --a--c--- C:\WINDOWS\system32\dllcache\wab32.dll 2007-05-16 17:32 1314816 --a--c--- C:\WINDOWS\system32\dllcache\msoe.dll 2007-05-01 17:35 146432 ---hs---- C:\Program Files\Common Files\Yazzle1162OinAdmin.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86C510E9-97EF-4749-914F-0280247BE3A6}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-04-14 12:54] "proxim_orinoco_11abg"="C:\Program Files\ORiNOCO\WirelessClient\Utility\orinoco.exe" [2004-03-24 15:54] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:21] "Lrdt"="C:\PROGRA~1\COMMON~1\YMBOLS~1\wuauclt.exe" [] "Gygzkl"="C:\Program Files\??sks\?poolsv.exe" [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsHistory"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=sockspy.dll R3 NTPR_NIC_SERVICE2;ORiNOCO AS 802.11abg ComboCard Adapter Service;C:\WINDOWS\system32\DRIVERS\ntpr11ag.sys R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator;C:\WINDOWS\system32\drivers\nvax.sys R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio;C:\WINDOWS\system32\drivers\nvapu.sys S1 bdpredir;bdpredir;\??\C:\Program Files\Softwin\BitDefender10\bdpredir.sys S2 BDRSDRV;BDRSDRV;\??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys S3 Jukebox3;Jukebox3;C:\WINDOWS\system32\DRIVERS\ctpdusb.sys S3 rt2500usb;DWL-G122(rev.B) USB Wireless LAN Driver;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys S3 vaxscsi;vaxscsi;C:\WINDOWS\system32\Drivers\vaxscsi.sys ************************************************************************ catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-07 13:48:31 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** Completion time: 2007-08-07 13:50:19 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-08-07 13:49 --- E O F --- HJT log:** Logfile of HijackThis v1.99.1 Scan saved at 13:50:44, on 07.08.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files\ORiNOCO\WirelessClient\Utility\orinoco.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\Espen\Desktop\Espen.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/ R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {86C510E9-97EF-4749-914F-0280247BE3A6} - (no file) O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [proxim_orinoco_11abg] C:\Program Files\ORiNOCO\WirelessClient\Utility\orinoco.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Lrdt] "C:\PROGRA~1\COMMON~1\YMBOLS~1\wuauclt.exe" -vt yazb O4 - HKCU\..\Run: [Gygzkl] "C:\Program Files\??sks\?poolsv.exe" O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemp...ogin-devel.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing) O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing) O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing) O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing) Thanks again!