Tech Support Forum - View Single Post

dbai18 · 12-09-2007, 05:55 PM

Here's the logs:

ComboFix 07-12-10.1 - Owner 2007-12-09 16:38:31.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1496 [GMT -8:00]
Running from: C:\Documents and Settings\Owner\desktop\combofix.exe
Command switches used :: /killall
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINNT\system32\wcptr.exe

.
((((((((((((((((((((((((( Files Created from 2007-11-10 to 2007-12-10 )))))))))))))))))))))))))))))))
.

2007-12-09 16:47 . 2007-12-03 02:17 12,800 --a------ C:\Documents and Settings\Owner\Application Data\zbypn.exe
2007-12-08 16:47 . 2007-12-03 02:17 12,800 --a------ C:\Documents and Settings\Owner\Application Data\cirvtq.exe
2007-12-04 20:22 . 2007-12-09 16:47 54,156 --ah----- C:\WINNT\QTFont.qfn
2007-12-04 20:22 . 2007-12-04 20:22 1,409 --a------ C:\WINNT\QTFont.for
2007-12-04 20:21 . 2007-12-04 20:22 <DIR> d-------- C:\Program Files\iTunes
2007-12-04 12:47 . 2007-12-04 12:47 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2007-12-04 12:47 . 2007-12-04 12:47 <DIR> d-------- C:\Program Files\MSECACHE
2007-12-03 17:02 . 2007-12-03 17:02 <DIR> d-------- C:\Program Files\Farm Frenzy
2007-12-03 07:32 . 2007-12-03 07:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Christmasville
2007-12-03 07:31 . 2007-12-03 07:31 <DIR> d-------- C:\Program Files\Christmasville
2007-12-03 07:31 . 2007-12-03 07:31 <DIR> d-------- C:\Program Files\bfgclient
2007-12-03 07:31 . 2007-12-03 07:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2007-12-03 06:30 . 2007-12-03 06:35 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-12-03 06:17 . 2007-12-03 06:17 490,496 --a------ C:\Documents and Settings\Owner\load.exe
2007-12-03 03:58 . 2007-12-03 02:17 12,800 --a------ C:\Documents and Settings\Owner\Application Data\rosob.exe
2007-12-03 03:55 . 2007-12-03 03:55 <DIR> d-------- C:\Deckard
2007-12-03 03:45 . 2007-12-03 03:45 <DIR> d-------- C:\ie-spyad_zo
2007-12-03 02:18 . 2007-12-03 02:18 52,736 --a------ C:\Documents and Settings\Owner\~.exe
2007-12-03 02:17 . 2007-12-03 02:17 12,800 --a------ C:\info.exe
2007-12-03 02:17 . 2007-12-03 02:17 12,800 --a------ C:\Documents and Settings\Owner\Application Data\otaqep.exe
2007-12-02 01:50 . 2007-12-02 01:50 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Jane s Hotel
2007-11-14 23:43 . 2007-11-14 23:43 65,536 --a------ C:\WINNT\system32\QuickTimeVR.qtx
2007-11-14 23:43 . 2007-11-14 23:43 49,152 --a------ C:\WINNT\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-09 14:18 --------- d-----w C:\Program Files\MangaViewer
2007-12-05 04:22 --------- d-----w C:\Program Files\iPod
2007-12-05 04:20 --------- d-----w C:\Program Files\QuickTime
2007-12-05 04:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-04 02:55 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-03 15:14 --------- d-----w C:\Documents and Settings\Owner\Application Data\PlayFirst
2007-12-03 15:13 --------- d-----w C:\Program Files\Yahoo! Games
2007-12-03 14:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-12-03 11:29 --------- d-----w C:\Program Files\SmartFTP
2007-12-03 11:24 --------- d-----w C:\Program Files\Mouse
2007-12-03 11:11 --------- d-----w C:\Program Files\Google
2007-12-03 11:11 --------- d-----w C:\Program Files\Gateway Utilities
2007-12-03 11:11 --------- d-----w C:\Program Files\ewido anti-malware
2007-12-03 11:09 --------- d-----w C:\Program Files\Common Files\LightScribe
2007-12-03 11:04 --------- d-----w C:\Program Files\AC3Filter
2007-12-03 10:31 --------- d-----w C:\Program Files\SpywareBlaster
2007-12-03 10:18 52,736 ----a-w C:\Documents and Settings\Owner\~.exe
2007-11-30 02:02 --------- d-----w C:\Program Files\Webteh
2007-11-28 10:16 --------- d-----w C:\Program Files\Ventrilo
2007-11-28 10:16 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-28 02:53 --------- d-----w C:\Program Files\Winamp
2007-11-23 09:26 --------- d-----w C:\Documents and Settings\Owner\Application Data\BitTorrent
2007-11-18 19:12 --------- d-----w C:\Program Files\AIM6
2007-11-18 19:09 --------- d-----w C:\Program Files\Viewpoint
2007-11-18 19:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-11-18 19:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-11-12 17:48 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2007-10-27 00:57 --------- d-----w C:\Program Files\Steam
2007-10-25 15:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-25 02:49 --------- d-----w C:\Program Files\Grimms Hatchery
2007-10-17 08:44 --------- d-----w C:\Program Files\LimeWire
2007-10-10 21:10 --------- d-----w C:\Program Files\BitTorrent
2007-02-28 11:31 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-06-27 20:12 4,189 ----a-w C:\Program Files\uninstal.log
2005-10-04 18:46 63,904 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2005-08-16 18:50 13,312 ----a-w C:\Documents and Settings\Owner\atwbxdet.dll
2004-09-01 04:45 76 ----a-w C:\Documents and Settings\Owner\Application Data\tvmcwrd.dll
2004-09-01 04:45 41 ----a-w C:\Documents and Settings\Owner\Application Data\tvmuknwrd.dll
2004-08-30 06:12 214,740 ----a-w C:\Documents and Settings\Owner\Application Data\tvmknwrd.dll
2006-06-08 05:51 56 --sh--r C:\WINNT\system32\6B6829B7D9.sys
2006-06-08 05:51 2,098 --sha-w C:\WINNT\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="" []
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 07:20]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-29 10:14]
"ctfmon.exe"="C:\WINNT\system32\ctfmon.exe" [2004-08-03 23:56]
"Microsft Windows Adapter 5.1.3013"="C:\Documents and Settings\Owner\Application Data\zbypn.exe" [2007-12-03 02:17]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Hot Key Kbd 9910 Daemon"="SK9910DM.EXE" [2001-01-03 11:50 C:\WINNT\system32\SK9910DM.EXE]
"Keyboard Preload Check"="C:\OEMDRVRS\KEYB\Preload.exe" []
"Gateway Ink Monitor"="C:\Program Files\Gateway Utilities\GWInkMonitor.exe" [2003-06-24 18:33]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [2003-03-03 11:29]
"DIGStream"="C:\Program Files\DIGStream\digstream.exe" []
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-16 17:21]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:56 C:\WINNT\system32\rundll32.exe]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 09:12]
"WheelMouse"="C:\Program Files\Mouse\Amoumain.exe" [2006-03-15 23:27]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2003-08-27 08:15:35]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINNT\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINNT\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
backup=C:\WINNT\pss\NkbMonitor.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
2003-03-26 09:15 684032 --a------ c:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-12-23 18:05 143360 --a------ C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DaemonTools_WhenUSaveNow_Installer]
2006-03-30 11:48 148480 --a------ C:\Program Files\DaemonTools_WhenUSaveNow_Installer\DaemonTools_WhenUSaveNow_Installer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-11-15 13:11 267048 --a------ C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINNT\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
c:\program files\steam\steam.exe -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-03-04 03:36 36975 --a------ C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_8 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]
RUNDLL32.exe C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll,cdaEngineMain

R1 ewido security suite driver;ewido security suite driver;\??\C:\Program Files\ewido anti-malware\guard.sys
R1 NPPTNT;NPPTNT;\??\C:\WINNT\System32\npptNT.sys
R2 SVKP;SVKP;\??\C:\WINNT\System32\SVKP.sys
R3 IPSECSHM;Nortel IPSECSHM Adapter;C:\WINNT\system32\DRIVERS\ipsecw2k.sys
S2 IPSECEXT;Nortel Extranet Access Protocol;C:\WINNT\system32\DRIVERS\ipsecw2k.sys
S3 ExtranetAccess;Contivity VPN Service;"C:\Program Files\Nortel Networks\Extranet_serv.exe"
S3 PCDRDRV;Pcdr Helper Driver;\??\C:\PROGRA~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys

.
Contents of the 'Scheduled Tasks' folder
"2004-09-19 15:15:00 C:\WINNT\Tasks\04-usher-confessions_(interlude)-esc.job"
- C:\Program Files\mIRC\download\04-usher-confessions_(interlude)-esc.mp3
"2007-12-05 03:37:02 C:\WINNT\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-09 16:47:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINNT\system32\winlogon.exe
-> C:\WINNT\System32\NavLogon.dll
.
Completion time: 2007-12-09 16:48:38 - machine was rebooted
.
--- E O F ---

HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:54:53 PM, on 12/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINNT\system32\MsgSys.EXE
C:\WINNT\Explorer.EXE
C:\WINNT\system32\wuauclt.exe
C:\WINNT\system32\SK9910DM.EXE
C:\Program Files\Gateway Utilities\GWInkMonitor.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Mouse\Amoumain.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINNT\system32\ctfmon.exe
C:\Documents and Settings\Owner\Application Data\cirvtq.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINNT\system32\DllHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.espn.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
O4 - HKLM\..\Run: [Gateway Ink Monitor] "C:\Program Files\Gateway Utilities\GWInkMonitor.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsft Windows Adapter 5.1.3013] C:\Documents and Settings\Owner\Application Data\zbypn.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Trend Micro Security Services - {D5E1CDC8-64B9-4f8c-8155-FC3B6D6749F7} - http://tmss.trendmicro.com/dashboard...GCAHCBEDFCHHBB (file missing)
O9 - Extra 'Tools' menuitem: Trend Micro Security Services - {D5E1CDC8-64B9-4f8c-8155-FC3B6D6749F7} - http://tmss.trendmicro.com/dashboard...GCAHCBEDFCHHBB (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} - http://www.clubbox.co.kr/neo.fld/NowStarter.cab
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} - http://www.uproar.com/applets/active...side_web18.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/p.../PCPitStop.CAB
O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/ca...C_2.1.0.69.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/re...s/MSNPUpld.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/soft...ch/alaunch.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/4...l/gtdownls.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = verizon.com
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Nortel Networks\Extranet_serv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9915 bytes

12-09-2007, 05:55 PM	#7 (permalink)
dbai18 Registered User Join Date: Oct 2004 Posts: 87 OS: Windows XP	Re: A couple persistent problems Here's the logs: ComboFix 07-12-10.1 - Owner 2007-12-09 16:38:31.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1496 [GMT -8:00] Running from: C:\Documents and Settings\Owner\desktop\combofix.exe Command switches used :: /killall . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINNT\system32\wcptr.exe . ((((((((((((((((((((((((( Files Created from 2007-11-10 to 2007-12-10 ))))))))))))))))))))))))))))))) . 2007-12-09 16:47 . 2007-12-03 02:17 12,800 --a------ C:\Documents and Settings\Owner\Application Data\zbypn.exe 2007-12-08 16:47 . 2007-12-03 02:17 12,800 --a------ C:\Documents and Settings\Owner\Application Data\cirvtq.exe 2007-12-04 20:22 . 2007-12-09 16:47 54,156 --ah----- C:\WINNT\QTFont.qfn 2007-12-04 20:22 . 2007-12-04 20:22 1,409 --a------ C:\WINNT\QTFont.for 2007-12-04 20:21 . 2007-12-04 20:22 <DIR> d-------- C:\Program Files\iTunes 2007-12-04 12:47 . 2007-12-04 12:47 <DIR> d-------- C:\Program Files\Windows Installer Clean Up 2007-12-04 12:47 . 2007-12-04 12:47 <DIR> d-------- C:\Program Files\MSECACHE 2007-12-03 17:02 . 2007-12-03 17:02 <DIR> d-------- C:\Program Files\Farm Frenzy 2007-12-03 07:32 . 2007-12-03 07:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Christmasville 2007-12-03 07:31 . 2007-12-03 07:31 <DIR> d-------- C:\Program Files\Christmasville 2007-12-03 07:31 . 2007-12-03 07:31 <DIR> d-------- C:\Program Files\bfgclient 2007-12-03 07:31 . 2007-12-03 07:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache 2007-12-03 06:30 . 2007-12-03 06:35 <DIR> d-------- C:\Program Files\Enigma Software Group 2007-12-03 06:17 . 2007-12-03 06:17 490,496 --a------ C:\Documents and Settings\Owner\load.exe 2007-12-03 03:58 . 2007-12-03 02:17 12,800 --a------ C:\Documents and Settings\Owner\Application Data\rosob.exe 2007-12-03 03:55 . 2007-12-03 03:55 <DIR> d-------- C:\Deckard 2007-12-03 03:45 . 2007-12-03 03:45 <DIR> d-------- C:\ie-spyad_zo 2007-12-03 02:18 . 2007-12-03 02:18 52,736 --a------ C:\Documents and Settings\Owner\~.exe 2007-12-03 02:17 . 2007-12-03 02:17 12,800 --a------ C:\info.exe 2007-12-03 02:17 . 2007-12-03 02:17 12,800 --a------ C:\Documents and Settings\Owner\Application Data\otaqep.exe 2007-12-02 01:50 . 2007-12-02 01:50 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Jane s Hotel 2007-11-14 23:43 . 2007-11-14 23:43 65,536 --a------ C:\WINNT\system32\QuickTimeVR.qtx 2007-11-14 23:43 . 2007-11-14 23:43 49,152 --a------ C:\WINNT\system32\QuickTime.qts . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-09 14:18 --------- d-----w C:\Program Files\MangaViewer 2007-12-05 04:22 --------- d-----w C:\Program Files\iPod 2007-12-05 04:20 --------- d-----w C:\Program Files\QuickTime 2007-12-05 04:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2007-12-04 02:55 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2007-12-03 15:14 --------- d-----w C:\Documents and Settings\Owner\Application Data\PlayFirst 2007-12-03 15:13 --------- d-----w C:\Program Files\Yahoo! Games 2007-12-03 14:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst 2007-12-03 11:29 --------- d-----w C:\Program Files\SmartFTP 2007-12-03 11:24 --------- d-----w C:\Program Files\Mouse 2007-12-03 11:11 --------- d-----w C:\Program Files\Google 2007-12-03 11:11 --------- d-----w C:\Program Files\Gateway Utilities 2007-12-03 11:11 --------- d-----w C:\Program Files\ewido anti-malware 2007-12-03 11:09 --------- d-----w C:\Program Files\Common Files\LightScribe 2007-12-03 11:04 --------- d-----w C:\Program Files\AC3Filter 2007-12-03 10:31 --------- d-----w C:\Program Files\SpywareBlaster 2007-12-03 10:18 52,736 ----a-w C:\Documents and Settings\Owner\~.exe 2007-11-30 02:02 --------- d-----w C:\Program Files\Webteh 2007-11-28 10:16 --------- d-----w C:\Program Files\Ventrilo 2007-11-28 10:16 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-11-28 02:53 --------- d-----w C:\Program Files\Winamp 2007-11-23 09:26 --------- d-----w C:\Documents and Settings\Owner\Application Data\BitTorrent 2007-11-18 19:12 --------- d-----w C:\Program Files\AIM6 2007-11-18 19:09 --------- d-----w C:\Program Files\Viewpoint 2007-11-18 19:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2007-11-18 19:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads 2007-11-12 17:48 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment 2007-10-27 00:57 --------- d-----w C:\Program Files\Steam 2007-10-25 15:15 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-10-25 02:49 --------- d-----w C:\Program Files\Grimms Hatchery 2007-10-17 08:44 --------- d-----w C:\Program Files\LimeWire 2007-10-10 21:10 --------- d-----w C:\Program Files\BitTorrent 2007-02-28 11:31 774,144 ----a-w C:\Program Files\RngInterstitial.dll 2006-06-27 20:12 4,189 ----a-w C:\Program Files\uninstal.log 2005-10-04 18:46 63,904 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT 2005-08-16 18:50 13,312 ----a-w C:\Documents and Settings\Owner\atwbxdet.dll 2004-09-01 04:45 76 ----a-w C:\Documents and Settings\Owner\Application Data\tvmcwrd.dll 2004-09-01 04:45 41 ----a-w C:\Documents and Settings\Owner\Application Data\tvmuknwrd.dll 2004-08-30 06:12 214,740 ----a-w C:\Documents and Settings\Owner\Application Data\tvmknwrd.dll 2006-06-08 05:51 56 --sh--r C:\WINNT\system32\6B6829B7D9.sys 2006-06-08 05:51 2,098 --sha-w C:\WINNT\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="" [] "Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 07:20] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-29 10:14] "ctfmon.exe"="C:\WINNT\system32\ctfmon.exe" [2004-08-03 23:56] "Microsft Windows Adapter 5.1.3013"="C:\Documents and Settings\Owner\Application Data\zbypn.exe" [2007-12-03 02:17] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Hot Key Kbd 9910 Daemon"="SK9910DM.EXE" [2001-01-03 11:50 C:\WINNT\system32\SK9910DM.EXE] "Keyboard Preload Check"="C:\OEMDRVRS\KEYB\Preload.exe" [] "Gateway Ink Monitor"="C:\Program Files\Gateway Utilities\GWInkMonitor.exe" [2003-06-24 18:33] "vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [2003-03-03 11:29] "DIGStream"="C:\Program Files\DIGStream\digstream.exe" [] "Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-16 17:21] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:56 C:\WINNT\system32\rundll32.exe] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 09:12] "WheelMouse"="C:\Program Files\Mouse\Amoumain.exe" [2006-03-15 23:27] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2003-08-27 08:15:35] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINNT\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=C:\WINNT\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk backup=C:\WINNT\pss\NkbMonitor.exe.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD] 2003-03-26 09:15 684032 --a------ c:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2006-12-23 18:05 143360 --a------ C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DaemonTools_WhenUSaveNow_Installer] 2006-03-30 11:48 148480 --a------ C:\Program Files\DaemonTools_WhenUSaveNow_Installer\DaemonTools_WhenUSaveNow_Installer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2007-11-15 13:11 267048 --a------ C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] C:\Program Files\MSN Messenger\msnmsgr.exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] c:\program files\steam\steam.exe -silent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2005-03-04 03:36 36975 --a------ C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_8 -reboot 1 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA] RUNDLL32.exe C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll,cdaEngineMain R1 ewido security suite driver;ewido security suite driver;\??\C:\Program Files\ewido anti-malware\guard.sys R1 NPPTNT;NPPTNT;\??\C:\WINNT\System32\npptNT.sys R2 SVKP;SVKP;\??\C:\WINNT\System32\SVKP.sys R3 IPSECSHM;Nortel IPSECSHM Adapter;C:\WINNT\system32\DRIVERS\ipsecw2k.sys S2 IPSECEXT;Nortel Extranet Access Protocol;C:\WINNT\system32\DRIVERS\ipsecw2k.sys S3 ExtranetAccess;Contivity VPN Service;"C:\Program Files\Nortel Networks\Extranet_serv.exe" S3 PCDRDRV;Pcdr Helper Driver;\??\C:\PROGRA~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys . Contents of the 'Scheduled Tasks' folder "2004-09-19 15:15:00 C:\WINNT\Tasks\04-usher-confessions_(interlude)-esc.job" - C:\Program Files\mIRC\download\04-usher-confessions_(interlude)-esc.mp3 "2007-12-05 03:37:02 C:\WINNT\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************ catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-09 16:47:20 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINNT\system32\winlogon.exe -> C:\WINNT\System32\NavLogon.dll . Completion time: 2007-12-09 16:48:38 - machine was rebooted . --- E O F --- HJT: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:54:53 PM, on 12/9/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\Ati2evxx.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\Ati2evxx.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe C:\WINNT\System32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINNT\system32\MsgSys.EXE C:\WINNT\Explorer.EXE C:\WINNT\system32\wuauclt.exe C:\WINNT\system32\SK9910DM.EXE C:\Program Files\Gateway Utilities\GWInkMonitor.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Program Files\Mouse\Amoumain.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINNT\system32\ctfmon.exe C:\Documents and Settings\Owner\Application Data\cirvtq.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\AIM6\aolsoftware.exe C:\WINNT\system32\DllHost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.espn.com/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check" O4 - HKLM\..\Run: [Gateway Ink Monitor] "C:\Program Files\Gateway Utilities\GWInkMonitor.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\Mouse\Amoumain.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe O4 - HKCU\..\Run: [Microsft Windows Adapter 5.1.3013] C:\Documents and Settings\Owner\Application Data\zbypn.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll O9 - Extra button: Trend Micro Security Services - {D5E1CDC8-64B9-4f8c-8155-FC3B6D6749F7} - http://tmss.trendmicro.com/dashboard...GCAHCBEDFCHHBB (file missing) O9 - Extra 'Tools' menuitem: Trend Micro Security Services - {D5E1CDC8-64B9-4f8c-8155-FC3B6D6749F7} - http://tmss.trendmicro.com/dashboard...GCAHCBEDFCHHBB (file missing) O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} - http://www.clubbox.co.kr/neo.fld/NowStarter.cab O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} - http://www.uproar.com/applets/active...side_web18.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/p.../PCPitStop.CAB O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/ca...C_2.1.0.69.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/re...s/MSNPUpld.cab O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/soft...ch/alaunch.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/4...l/gtdownls.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = verizon.com O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Nortel Networks\Extranet_serv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 9915 bytes