Tech Support Forum - View Single Post - 2nd thread, malware: blue screen, bugs &amp; more

mrskoz · 06-19-2008, 05:38 AM

Hi,

Okay... I hope I did this right. When I dropped the CFScript onto combo fix, I received a pop-up that said, only, Installation Failed!. I clicked OK and then it went on with its normal operation...

Here are the logs:

ComboFix 08-06-16.5 - Genevieve 2008-06-18 19:31:46.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.603 [GMT -4:00]
Running from: C:\Documents and Settings\Genevieve\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Genevieve\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\docume~1\genevi~1\locals~1\temp\cportclm.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CCEVTMGR
-------\Legacy_CCSETMGR
-------\Legacy_CPORTCLM
-------\Legacy_SYMEVENT
-------\Service_ccEvtMgr
-------\Service_ccPwdSvc
-------\Service_ccSetMgr
-------\Service_cportclm
-------\Service_SymEvent

((((((((((((((((((((((((( Files Created from 2008-05-18 to 2008-06-18 )))))))))))))))))))))))))))))))
.

2008-06-17 15:40 . 2008-06-17 15:40 <DIR> d-------- C:\Deckard
2008-06-11 17:06 . 2008-04-14 07:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 17:06 . 2008-04-14 07:01 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-09 11:41 . 2008-06-09 11:41 <DIR> d-------- C:\Program Files\Attractel
2008-06-05 22:25 . 2008-06-05 22:25 <DIR> d-------- C:\Program Files\MSBuild
2008-06-05 22:23 . 2008-06-05 22:23 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-06-05 22:21 . 2008-06-05 22:21 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-06-05 22:20 . 2008-06-05 22:20 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-06-05 22:20 . 2008-06-05 22:20 <DIR> d-------- C:\b7d1273ec74308c1bcfdcfe654dc5bde
2008-06-05 22:20 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-06-05 22:12 . 2006-11-13 02:02 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll
2008-06-05 22:12 . 2006-11-13 02:02 116,736 --------- C:\WINDOWS\system32\aaclient.dll
2008-06-05 22:12 . 2006-11-13 02:02 36,352 --------- C:\WINDOWS\system32\tsgqec.dll
2008-06-05 21:55 . 2008-04-23 00:16 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-06-05 21:55 . 2007-04-17 05:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-06-05 21:55 . 2007-03-08 01:10 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-06-05 21:55 . 2008-04-23 00:16 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-06-05 21:55 . 2008-04-23 00:16 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-06-05 21:55 . 2008-04-23 00:16 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-06-05 21:55 . 2008-04-23 00:16 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-06-05 21:55 . 2008-04-23 00:16 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-06-05 21:55 . 2008-04-22 03:39 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-05 21:40 . 2008-06-14 21:47 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-06-05 21:39 . 2007-07-09 09:09 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-06-05 21:26 . 2005-01-13 22:41 11,254 --a------ C:\WINDOWS\system32\locate.com
2008-06-05 21:25 . 2008-06-06 00:11 48,271 --a------ C:\MGlogs.zip
2008-06-05 18:21 . 2008-06-05 18:21 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-05 17:27 . 2008-06-05 17:27 1,240,104 --a------ C:\MGtools.exe
2008-06-05 17:10 . 2008-06-05 17:10 <DIR> d-------- C:\Documents and Settings\Lauryn\Application Data\ESET
2008-06-05 17:08 . 2008-06-05 17:08 <DIR> d-------- C:\Documents and Settings\Christopher\Application Data\ESET
2008-06-05 17:05 . 2008-06-05 17:05 <DIR> d-------- C:\Documents and Settings\Brittney\Application Data\ESET
2008-06-05 16:57 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-05 16:55 . 2008-06-05 16:55 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-04 17:23 . 2008-06-04 17:23 <DIR> d-------- C:\Documents and Settings\Genevieve\Application Data\ESET
2008-06-04 17:22 . 2008-06-04 17:22 <DIR> d-------- C:\Program Files\ESET
2008-06-04 17:22 . 2008-06-04 17:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-06-04 12:19 . 2008-06-04 12:19 <DIR> d-------- C:\ie-spyad_zo
2008-06-04 12:18 . 2008-06-17 16:25 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-06-03 09:31 . 2008-06-03 09:31 <DIR> d-------- C:\Program Files\Panda Security
2008-05-31 21:44 . 2008-06-05 20:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-18 23:30 --------- d-----w C:\Documents and Settings\Genevieve\Application Data\.purple
2008-06-17 20:25 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-17 15:58 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-17 15:49 --------- d-----w C:\Documents and Settings\Genevieve\Application Data\Lavasoft
2008-06-17 15:36 --------- d-----w C:\Program Files\PhotoRescue Pro
2008-06-16 23:38 --------- d-----w C:\Documents and Settings\Brittney\Application Data\.purple
2008-06-16 02:11 --------- d-----w C:\Program Files\Java
2008-06-16 02:10 --------- d-----w C:\Program Files\Common Files\Knowledge Adventure
2008-06-12 11:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\1Click DVD Copy Pro
2008-06-10 16:26 --------- d-----w C:\Documents and Settings\Genevieve\Application Data\OpenOffice.org2
2008-06-06 02:19 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-06-04 11:40 --------- d-----w C:\Program Files\CleanUp!
2008-05-26 02:16 --------- d-----w C:\Documents and Settings\Genevieve\Application Data\gtk-2.0
2008-05-11 05:00 --------- d-----w C:\Program Files\Common Files\Real
2008-05-11 04:53 --------- d-----w C:\Program Files\1st Page 2000
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-25 16:18 --------- d-----w C:\Program Files\Apple Software Update
2008-04-25 16:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-04-20 01:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\vsosdk
2008-03-05 18:41 69,992 ----a-w C:\Documents and Settings\Genevieve\Application Data\GDIPFONTCACHEV1.DAT
2007-12-23 00:09 47,360 ----a-w C:\Documents and Settings\Genevieve\Application Data\pcouffin.sys
2007-12-22 22:02 87,608 ----a-w C:\Documents and Settings\Genevieve\Application Data\ezpinst.exe
2007-11-05 01:32 69,976 ----a-w C:\Documents and Settings\Brittney\Application Data\GDIPFONTCACHEV1.DAT
2006-06-25 23:38 152 --sh--r C:\WINDOWS\system32\10C1754A1D.sys
2006-06-25 23:38 7,518 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-06-18_13.49.35.82 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-03-13 15:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2005-10-21 00:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2008-06-18 23:35:22 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_6ec.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-19 05:41 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-19 05:38 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-19 05:42 118784]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 13:48 761947]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-11-12 04:41 1347584]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 23:35 397312 C:\WINDOWS\stsystra.exe]
"NWEReboot"="" []
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 08:21 1443072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-15 19:15 366400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Pidgin\\pidgin.exe"=
"C:\\Program Files\\CounterPath\\X-Lite\\x-lite.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R2 dlcq_device;dlcq_device;C:\WINDOWS\system32\dlcqcoms.exe [2006-12-12 04:22]
R2 RMSvc;Media Center Extender Resource Monitor;C:\WINDOWS\ehome\RMSvc.exe [2005-10-20 19:55]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-01-11 17:39]
S2 FILESpy;FILESpy;C:\Program Files\Softwin\BitDefender9\filespy.sys []
S3 QWAVE;QWAVE service;C:\WINDOWS\system32\svchost.exe [2004-08-10 07:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{682b5742-8eb9-11dc-b027-001422ef8271}]
\Shell\AutoRun\command - E:\wd_windows_tools\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-06-14 01:34:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-18 19:45:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
C:\WINDOWS\ehome\McrdSvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-06-18 19:50:39 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-18 23:50:36
ComboFix2.txt 2008-06-18 19:43:42
ComboFix3.txt 2008-06-18 17:49:49
ComboFix4.txt 2008-06-06 01:08:38
ComboFix5.txt 2007-12-26 20:51:58

Pre-Run: 18,337,771,520 bytes free
Post-Run: 18,347,884,544 bytes free

183 --- E O F --- 2008-06-17 11:53:05
&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, June 19, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, June 18, 2008 15:36:21
Records in database: 878919
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 95952
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 02:53:50

File name / Threat name / Threats count
C:\WINDOWS\system32\drivers\setup\downloader\files\pwtemp2.exe Infected: not-a-virus:PSWTool.Win32.NetPass.e 1

The selected area was scanned.
&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:22, on 2008-06-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\dlcqcoms.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.philly.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/downlo...BundleId=21871
O23 - Service: dlcq_device - - C:\WINDOWS\system32\dlcqcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: GoogleDesktopManager - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

--
End of file - 5320 bytes

06-19-2008, 05:38 AM	#42 (permalink)
mrskoz Registered User Join Date: May 2005 Posts: 35 OS: XP	Re: 2nd thread, malware: blue screen, bugs & more Hi, Okay... I hope I did this right. When I dropped the CFScript onto combo fix, I received a pop-up that said, only, Installation Failed!. I clicked OK and then it went on with its normal operation... Here are the logs: ComboFix 08-06-16.5 - Genevieve 2008-06-18 19:31:46.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.603 [GMT -4:00] Running from: C:\Documents and Settings\Genevieve\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Genevieve\Desktop\CFScript.txt * Created a new restore point FILE :: c:\docume~1\genevi~1\locals~1\temp\cportclm.sys . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_CCEVTMGR -------\Legacy_CCSETMGR -------\Legacy_CPORTCLM -------\Legacy_SYMEVENT -------\Service_ccEvtMgr -------\Service_ccPwdSvc -------\Service_ccSetMgr -------\Service_cportclm -------\Service_SymEvent ((((((((((((((((((((((((( Files Created from 2008-05-18 to 2008-06-18 ))))))))))))))))))))))))))))))) . 2008-06-17 15:40 . 2008-06-17 15:40 <DIR> d-------- C:\Deckard 2008-06-11 17:06 . 2008-04-14 07:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-06-11 17:06 . 2008-04-14 07:01 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-09 11:41 . 2008-06-09 11:41 <DIR> d-------- C:\Program Files\Attractel 2008-06-05 22:25 . 2008-06-05 22:25 <DIR> d-------- C:\Program Files\MSBuild 2008-06-05 22:23 . 2008-06-05 22:23 <DIR> d-------- C:\WINDOWS\system32\XPSViewer 2008-06-05 22:21 . 2008-06-05 22:21 <DIR> d-------- C:\Program Files\Reference Assemblies 2008-06-05 22:20 . 2008-06-05 22:20 <DIR> d-------- C:\Program Files\MSXML 6.0 2008-06-05 22:20 . 2008-06-05 22:20 <DIR> d-------- C:\b7d1273ec74308c1bcfdcfe654dc5bde 2008-06-05 22:20 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll 2008-06-05 22:12 . 2006-11-13 02:02 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll 2008-06-05 22:12 . 2006-11-13 02:02 116,736 --------- C:\WINDOWS\system32\aaclient.dll 2008-06-05 22:12 . 2006-11-13 02:02 36,352 --------- C:\WINDOWS\system32\tsgqec.dll 2008-06-05 21:55 . 2008-04-23 00:16 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-06-05 21:55 . 2007-04-17 05:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-06-05 21:55 . 2007-03-08 01:10 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-06-05 21:55 . 2008-04-23 00:16 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-06-05 21:55 . 2008-04-23 00:16 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-06-05 21:55 . 2008-04-23 00:16 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-06-05 21:55 . 2008-04-23 00:16 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll 2008-06-05 21:55 . 2008-04-23 00:16 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-06-05 21:55 . 2008-04-22 03:39 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-06-05 21:40 . 2008-06-14 21:47 1,374 --a------ C:\WINDOWS\imsins.BAK 2008-06-05 21:39 . 2007-07-09 09:09 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2008-06-05 21:26 . 2005-01-13 22:41 11,254 --a------ C:\WINDOWS\system32\locate.com 2008-06-05 21:25 . 2008-06-06 00:11 48,271 --a------ C:\MGlogs.zip 2008-06-05 18:21 . 2008-06-05 18:21 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-06-05 17:27 . 2008-06-05 17:27 1,240,104 --a------ C:\MGtools.exe 2008-06-05 17:10 . 2008-06-05 17:10 <DIR> d-------- C:\Documents and Settings\Lauryn\Application Data\ESET 2008-06-05 17:08 . 2008-06-05 17:08 <DIR> d-------- C:\Documents and Settings\Christopher\Application Data\ESET 2008-06-05 17:05 . 2008-06-05 17:05 <DIR> d-------- C:\Documents and Settings\Brittney\Application Data\ESET 2008-06-05 16:57 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-06-05 16:55 . 2008-06-05 16:55 <DIR> d-------- C:\Program Files\Common Files\Java 2008-06-04 17:23 . 2008-06-04 17:23 <DIR> d-------- C:\Documents and Settings\Genevieve\Application Data\ESET 2008-06-04 17:22 . 2008-06-04 17:22 <DIR> d-------- C:\Program Files\ESET 2008-06-04 17:22 . 2008-06-04 17:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET 2008-06-04 12:19 . 2008-06-04 12:19 <DIR> d-------- C:\ie-spyad_zo 2008-06-04 12:18 . 2008-06-17 16:25 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-06-03 09:31 . 2008-06-03 09:31 <DIR> d-------- C:\Program Files\Panda Security 2008-05-31 21:44 . 2008-06-05 20:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-18 23:30 --------- d-----w C:\Documents and Settings\Genevieve\Application Data\.purple 2008-06-17 20:25 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-06-17 15:58 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-06-17 15:49 --------- d-----w C:\Documents and Settings\Genevieve\Application Data\Lavasoft 2008-06-17 15:36 --------- d-----w C:\Program Files\PhotoRescue Pro 2008-06-16 23:38 --------- d-----w C:\Documents and Settings\Brittney\Application Data\.purple 2008-06-16 02:11 --------- d-----w C:\Program Files\Java 2008-06-16 02:10 --------- d-----w C:\Program Files\Common Files\Knowledge Adventure 2008-06-12 11:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\1Click DVD Copy Pro 2008-06-10 16:26 --------- d-----w C:\Documents and Settings\Genevieve\Application Data\OpenOffice.org2 2008-06-06 02:19 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-06-04 11:40 --------- d-----w C:\Program Files\CleanUp! 2008-05-26 02:16 --------- d-----w C:\Documents and Settings\Genevieve\Application Data\gtk-2.0 2008-05-11 05:00 --------- d-----w C:\Program Files\Common Files\Real 2008-05-11 04:53 --------- d-----w C:\Program Files\1st Page 2000 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-04-25 16:18 --------- d-----w C:\Program Files\Apple Software Update 2008-04-25 16:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple 2008-04-20 01:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\vsosdk 2008-03-05 18:41 69,992 ----a-w C:\Documents and Settings\Genevieve\Application Data\GDIPFONTCACHEV1.DAT 2007-12-23 00:09 47,360 ----a-w C:\Documents and Settings\Genevieve\Application Data\pcouffin.sys 2007-12-22 22:02 87,608 ----a-w C:\Documents and Settings\Genevieve\Application Data\ezpinst.exe 2007-11-05 01:32 69,976 ----a-w C:\Documents and Settings\Brittney\Application Data\GDIPFONTCACHEV1.DAT 2006-06-25 23:38 152 --sh--r C:\WINDOWS\system32\10C1754A1D.sys 2006-06-25 23:38 7,518 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( snapshot@2008-06-18_13.49.35.82 ))))))))))))))))))))))))))))))))))))))))) . - 2007-03-13 15:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE + 2005-10-21 00:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE + 2008-06-18 23:35:22 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_6ec.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-19 05:41 98304] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-19 05:38 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-19 05:42 118784] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 13:48 761947] "Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-11-12 04:41 1347584] "SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 23:35 397312 C:\WINDOWS\stsystra.exe] "NWEReboot"="" [] "egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 08:21 1443072] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784] "Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [ ] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-15 19:15 366400] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= msaud32_divx.acm [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "iPod Service"=3 (0x3) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\Pidgin\\pidgin.exe"= "C:\\Program Files\\CounterPath\\X-Lite\\x-lite.exe"= "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R2 dlcq_device;dlcq_device;C:\WINDOWS\system32\dlcqcoms.exe [2006-12-12 04:22] R2 RMSvc;Media Center Extender Resource Monitor;C:\WINDOWS\ehome\RMSvc.exe [2005-10-20 19:55] R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-01-11 17:39] S2 FILESpy;FILESpy;C:\Program Files\Softwin\BitDefender9\filespy.sys [] S3 QWAVE;QWAVE service;C:\WINDOWS\system32\svchost.exe [2004-08-10 07:00] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] QWAVE REG_MULTI_SZ QWAVE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}] \Shell\AutoRun\command - E:\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{682b5742-8eb9-11dc-b027-001422ef8271}] \Shell\AutoRun\command - E:\wd_windows_tools\setup.exe . Contents of the 'Scheduled Tasks' folder "2008-06-14 01:34:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-18 19:45:09 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\ehome\ehrecvr.exe C:\WINDOWS\ehome\ehSched.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe C:\WINDOWS\ehome\McrdSvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Digital Line Detect\DLG.exe C:\WINDOWS\ehome\RMSysTry.exe C:\WINDOWS\system32\verclsid.exe . ********************************************************************** . Completion time: 2008-06-18 19:50:39 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-18 23:50:36 ComboFix2.txt 2008-06-18 19:43:42 ComboFix3.txt 2008-06-18 17:49:49 ComboFix4.txt 2008-06-06 01:08:38 ComboFix5.txt 2007-12-26 20:51:58 Pre-Run: 18,337,771,520 bytes free Post-Run: 18,347,884,544 bytes free 183 --- E O F --- 2008-06-17 11:53:05 &&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& &&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Thursday, June 19, 2008 Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Wednesday, June 18, 2008 15:36:21 Records in database: 878919 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ Scan statistics: Files scanned: 95952 Threat name: 1 Infected objects: 1 Suspicious objects: 0 Duration of the scan: 02:53:50 File name / Threat name / Threats count C:\WINDOWS\system32\drivers\setup\downloader\files\pwtemp2.exe Infected: not-a-virus:PSWTool.Win32.NetPass.e 1 The selected area was scanned. &&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& &&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 07:22, on 2008-06-19 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\dlcqcoms.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\WINDOWS\ehome\RMSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\stsystra.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\WINDOWS\ehome\RMSysTry.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.philly.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/downlo...BundleId=21871 O23 - Service: dlcq_device - - C:\WINDOWS\system32\dlcqcoms.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: GoogleDesktopManager - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe -- End of file - 5320 bytes __________________ Life can't be all bad when for ten dollars you can buy all the Beethoven sonatas and listen to them for ten years.** William F. Buckley, Jr.