Tech Support Forum - View Single Post

ScottG489 · 08-12-2008, 03:48 PM

OK, I followed the directions and ran ComboFix.exe. It seemed to run fine and then it went to restart my computer. It was on the "Windows is shutting down" screen for about 15-20 minutes I'm guessing when I decided to just press my restart button because I didn't believe that it was going to shut down itself.

After my computer restarted the log.txt file was open (from ComboFix. I then also ran HijackThis and got a hijackthis.log. Both logs are posted below.

Here is the ComboFix.txt and hijackthis.log files respectively:

ComboFix 08-08-12.01 - Scott 2008-08-12 16:41:24.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526 [GMT -4:00]
Running from: C:\Documents and Settings\Scott\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Scott\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Scott\Application Data\macromedia\Flash Player\#SharedObjects\ANQSDRXB\interclick.com
C:\Documents and Settings\Scott\Application Data\macromedia\Flash Player\#SharedObjects\ANQSDRXB\interclick.com\ud.sol
C:\Documents and Settings\Scott\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Scott\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\temp.dmf
C:\WINDOWS\BM93edac11.txt
C:\WINDOWS\BM93edac11.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\ayhjsuyx.dll
C:\WINDOWS\system32\byXOFVnk.dll
C:\WINDOWS\system32\ctoglw.dll
C:\WINDOWS\system32\dxvttc.dll
C:\WINDOWS\system32\euidmd.dll
C:\WINDOWS\system32\fghupgif.dll
C:\WINDOWS\system32\hjQsBJjl.ini
C:\WINDOWS\system32\hjQsBJjl.ini2
C:\WINDOWS\system32\hvvgefwd.dll
C:\WINDOWS\system32\ihepancs.dll
C:\WINDOWS\system32\iugfltvy.dll
C:\WINDOWS\system32\ixkxggxr.dll
C:\WINDOWS\system32\jadkur.dll
C:\WINDOWS\system32\jyinfrry.ini
C:\WINDOWS\system32\kdmftw.dll
C:\WINDOWS\system32\kfalglwt.ini
C:\WINDOWS\system32\kgqvumgf.dll
C:\WINDOWS\system32\lhjjsl.dll
C:\WINDOWS\system32\ljJBsQjh.dll
C:\WINDOWS\system32\ndobnmlk.dll
C:\WINDOWS\system32\nemtbddw.dll
C:\WINDOWS\system32\nfsiqetp.ini
C:\WINDOWS\system32\ngaimdug.dll
C:\WINDOWS\system32\oxdkigds.dll
C:\WINDOWS\system32\pkfsiytp.dll
C:\WINDOWS\system32\pteqisfn.dll
C:\WINDOWS\system32\rhvjeptd.dll
C:\WINDOWS\system32\rxggxkxi.ini
C:\WINDOWS\system32\tuvUMgGW.dll
C:\WINDOWS\system32\twlglafk.dll
C:\WINDOWS\system32\ucauesum.dll
C:\WINDOWS\system32\uwuqnhss.dll
C:\WINDOWS\system32\wtiosamx.ini
C:\WINDOWS\system32\xlgwvxtw.dll
C:\WINDOWS\system32\xttkdccs.dll
C:\WINDOWS\system32\ygpixafp.ini
C:\WINDOWS\system32\yqibie.dll
C:\WINDOWS\system32\yvtlfgui.ini
C:\WINDOWS\system32\ywundo.dll
C:\WINDOWS\system32\yxmqgwvx.ini

.
((((((((((((((((((((((((( Files Created from 2008-07-12 to 2008-08-12 )))))))))))))))))))))))))))))))
.

2008-08-12 01:25 . 2008-08-12 01:25 <DIR> d-------- C:\Documents and Settings\Scott\mindterm
2008-08-11 18:20 . 2008-08-11 18:20 2,048 --a------ C:\WINDOWS\system32\crtmglko.exe
2008-08-11 17:52 . 2008-08-11 17:52 2,048 --a------ C:\WINDOWS\system32\sirvntrq.exe
2008-08-11 08:23 . 2008-08-11 08:23 2,048 --a------ C:\WINDOWS\system32\bosvswbt.exe
2008-08-10 08:30 . 2008-08-10 08:30 2,048 --a------ C:\WINDOWS\system32\ajflvgcl.exe
2008-08-09 17:50 . 2008-08-09 17:50 <DIR> d-------- C:\ie-spyad_zo
2008-08-09 17:47 . 2008-08-09 17:49 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-08-09 16:02 . 2008-08-09 16:02 <DIR> d-------- C:\Deckard
2008-08-09 15:52 . 2008-08-09 15:52 <DIR> d-------- C:\Program Files\Panda Security
2008-08-09 08:29 . 2008-08-09 08:29 2,048 --a------ C:\WINDOWS\system32\qvyfgtpm.exe
2008-08-09 00:23 . 2008-08-09 00:23 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-08 08:26 . 2008-08-08 08:26 2,048 --a------ C:\WINDOWS\system32\ikcrpocc.exe
2008-08-07 12:13 . 2008-08-07 14:42 <DIR> d-------- C:\Program Files\KellySoftware
2008-08-07 08:23 . 2008-08-07 08:23 2,048 --a------ C:\WINDOWS\system32\kttexdad.exe
2008-08-07 02:12 . 2008-08-07 02:12 <DIR> d-------- C:\Program Files\UltraMon
2008-08-07 02:12 . 2008-08-07 02:12 <DIR> d-------- C:\Program Files\Common Files\Realtime Soft
2008-08-07 02:12 . 2008-08-07 02:12 <DIR> d-------- C:\Documents and Settings\Scott\Application Data\Realtime Soft
2008-08-07 02:12 . 2008-08-07 02:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Realtime Soft
2008-08-01 19:52 . 2008-08-01 19:52 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-08-01 19:52 . 2008-08-01 19:52 22,328 --a------ C:\Documents and Settings\Scott\Application Data\PnkBstrK.sys
2008-08-01 19:20 . 2008-08-01 19:26 <DIR> d-------- C:\Program Files\NCH Swift Sound
2008-08-01 19:20 . 2008-08-01 19:20 <DIR> d-------- C:\Documents and Settings\Scott\Application Data\NCH Swift Sound
2008-08-01 19:20 . 2008-08-01 19:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-08-01 19:20 . 2008-08-01 19:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Software
2008-08-01 17:06 . 2008-08-01 17:06 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-01 17:06 . 2008-08-01 17:06 <DIR> d-------- C:\WINDOWS\system32\en
2008-08-01 17:06 . 2008-08-01 17:06 <DIR> d-------- C:\WINDOWS\l2schemas
2008-07-24 16:34 . 2008-07-24 16:34 <DIR> d-------- C:\Program Files\No-IP
2008-07-14 23:57 . 2008-07-25 00:56 <DIR> d-------- C:\wamp
2008-07-14 23:44 . 2008-07-25 00:52 <DIR> d-------- C:\website
2008-07-13 12:22 . 2008-07-13 12:22 <DIR> d-------- C:\Program Files\The Specialists

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-12 21:04 --------- d-----w C:\Program Files\Steam
2008-08-12 06:11 --------- d-----w C:\Program Files\LogMeIn
2008-08-11 23:26 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-11 21:55 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-11 21:50 --------- d-----w C:\Documents and Settings\Scott\Application Data\SSH
2008-08-10 22:36 --------- d-----w C:\Program Files\Winamp Remote
2008-08-10 22:34 --------- d-----w C:\Program Files\Norton Security Scan
2008-08-10 00:37 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-08-09 17:05 --------- d-----w C:\Program Files\Viewpoint
2008-08-09 17:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-08-07 23:23 --------- d-----w C:\Documents and Settings\Scott\Application Data\ZoomBrowser EX
2008-08-07 23:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-08-07 06:12 --------- d-----w C:\Documents and Settings\Scott\Application Data\Azureus
2008-08-02 00:43 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-08-01 23:52 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-08-01 23:52 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-08-01 22:43 --------- d-----w C:\Program Files\Windows Grep
2008-07-31 10:58 --------- d-----w C:\Program Files\Spyware Doctor
2008-07-29 12:06 --------- d-----w C:\Program Files\Java
2008-07-25 19:08 --------- d-----w C:\Program Files\Google
2008-07-24 21:05 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-07-24 21:05 --------- d-----w C:\Program Files\SnagIt 8
2008-07-24 21:05 --------- d-----w C:\Program Files\Halo 2
2008-07-24 21:05 --------- d-----w C:\Program Files\Gizmo5
2008-07-24 21:05 --------- d-----w C:\Program Files\DivX
2008-07-24 21:05 --------- d-----w C:\Program Files\Desktop Waller
2008-07-24 21:04 5,632 --sha-w C:\Program Files\Common Files\Thumbs.db
2008-07-24 21:04 --------- d-----w C:\Program Files\AIM
2008-07-15 04:46 --------- d-----w C:\Program Files\HTML Validator
2008-07-15 03:53 --------- d-----w C:\Program Files\PFConfig
2008-07-15 02:30 --------- d-----w C:\Program Files\Winamp
2008-07-15 02:18 --------- d-----w C:\Documents and Settings\Scott\Application Data\Winamp
2008-07-10 03:01 --------- d-----w C:\Program Files\Diablo II
2008-07-09 19:48 47,536 ----a-w C:\Documents and Settings\Scott\Application Data\GDIPFONTCACHEV1.DAT
2008-07-08 06:03 --------- d-----w C:\Program Files\Common Files\Control Panels
2008-07-08 06:03 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-08 06:02 --------- d-----w C:\Program Files\Bonjour
2008-07-07 17:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-07 17:44 --------- d-----w C:\Program Files\SSH Communications Security
2008-07-07 05:36 --------- d-----w C:\Program Files\Azureus
2008-07-03 16:28 --------- d-----w C:\Documents and Settings\Scott\Application Data\Bioshock
2008-07-03 15:27 --------- d-----w C:\Program Files\Electronic Arts
2008-07-02 03:50 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2008-07-02 03:50 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2008-07-02 03:50 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2008-07-02 03:36 94,208 ----a-w C:\WINDOWS\DIIUnin.exe
2008-07-02 03:36 2,829 ----a-w C:\WINDOWS\DIIUnin.pif
2008-06-20 19:54 --------- d-----w C:\Documents and Settings\Scott\Application Data\SPORE Creature Creator
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 04:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogMeIn
2008-06-18 23:31 --------- d-----w C:\Program Files\WiFiConnector
2008-06-16 16:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-28 16:33 83,288 ----a-w C:\WINDOWS\system32\LMIRfsClientNP.dll
2008-05-28 16:32 87,352 ----a-w C:\WINDOWS\system32\LMIinit.dll
2008-05-28 16:32 24,608 ----a-w C:\WINDOWS\system32\LMIport.dll
2008-05-28 16:32 23,736 ----a-w C:\WINDOWS\system32\lmimirr.dll
2008-05-28 16:32 10,040 ----a-w C:\WINDOWS\system32\lmimirr2.dll
2008-04-05 02:58 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-09-30 21:07 161,862 ------w C:\Program Files\Common Files\uninstall.ico
2007-08-09 18:08 8,784 ----a-w C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-08-09 18:10 245,408 ----a-w C:\Program Files\mozilla firefox\plugins\unicows.dll
2006-05-03 09:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2007-12-13 22:02 96552 --a------ C:\Program Files\Nero\Nero8\InCD\NBHShx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector" [X]
"AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 16:35 67112]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-07 00:45 68856]
"Steam"="c:\program files\steam\steam.exe" [2008-03-27 23:32 1271032]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 16:02 495616]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 22:34 868352]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 08:00 455168]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 08:00 455168]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 16:09 63048]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-29 10:32 29744]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 19:58 81920]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-07 01:04 185632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-25 21:23 443968]

C:\Documents and Settings\Scott\Start Menu\Programs\Startup\
Main Display.lnk - C:\Documents and Settings\Scott\Application Data\Realtime Soft\UltraMon\3.0.2\Profiles\Main Display.umprofile [2008-08-07 03:48:51 237]
No-IP DUC.lnk - C:\Program Files\No-IP\DUC20.exe [2008-07-24 16:34:06 1172992]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-01-07 00:45:27 125624]
UltraMon.lnk - C:\WINDOWS\Installer\{AF0FA6D7-96F3-468A-ABB7-28BE006EA8E9}\IcoUltraMon.ico [2008-08-07 02:12:12 29310]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"msacm.divxa32"= divxa32.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Google Web Accelerator.lnk
backup=C:\WINDOWS\pss\Run Google Web Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Nintendo Wi-Fi USB Connector Registration Tool.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Nintendo Wi-Fi USB Connector Registration Tool.lnk
backup=C:\WINDOWS\pss\Run Nintendo Wi-Fi USB Connector Registration Tool.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Scott^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Scott\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gizmo5]
--a------ 2008-05-29 20:32 5267456 C:\Program Files\Gizmo5\Gizmo5.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-04 01:31 208952 C:\WINDOWS\ime\IMJP8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2007-12-13 22:02 1082152 C:\Program Files\Nero\Nero8\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-12-13 19:10 1688872 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
--a------ 2008-02-01 12:55 1103240 C:\Program Files\Spyware Doctor\pctsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 20:12 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-12-03 14:21 2213160 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 14:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2007-08-06 20:05 200704 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
--a------ 2007-12-13 22:02 2048808 C:\Program Files\Nero\Nero8\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-12 20:10 21898024 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-01-07 01:04 185632 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-07-09 17:33 36352 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"GoToMyPC"=2 (0x2)
"PnkBstrA"=2 (0x2)
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"wampmysqld"=3 (0x3)
"wampapache"=3 (0x3)
"Viewpoint Manager Service"=2 (0x2)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Steam\\steamapps\\goldcow64\\team fortress classic\\hl.exe"=
"C:\\Program Files\\Steam\\steamapps\\goldcow64\\condition zero deleted scenes\\hl.exe"=
"C:\\Program Files\\Steam\\steamapps\\goldcow64\\team fortress 2\\hl2.exe"=
"C:\\Program Files\\Steam\\steamapps\\goldcow64\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\Steam\\steamapps\\goldcow64\\counter-strike\\hl.exe"=
"C:\\Program Files\\Steam\\steamapps\\goldcow64\\day of defeat source\\hl2.exe"=
"C:\\Program Files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCry.exe"=
"C:\\Program Files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCryConfigurator.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Halo 2\\halo2.exe"=
"C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Steam\\steamapps\\goldcow64\\garrysmod\\hl2.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"=
"C:\\Program Files\\Gizmo5\\Gizmo5.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"C:\\Program Files\\Steam\\steamapps\\goldcow64\\half-life 2 deathmatch\\hl2.exe"=
"C:\\Program Files\\Steam\\steamapps\\goldcow64\\source sdk base\\hl2.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2008-02-28 15:31]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39]
R2 NeroRegInCDSrv;Nero Registry InCD Service;C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2007-12-13 22:02]
R2 UltraMonUtility;UltraMon Utility Driver;C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2006-09-24 20:22]
R3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys [2006-09-24 20:23]
S2 gupdate1c89399ca824af8;Google Update Service (gupdate1c89399ca824af8);C:\Program Files\Google\Update\GoogleUpdate.exe [2008-07-15 21:32]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-04-29 10:32]
S3 radpms;Driver for RADPMS Device;C:\WINDOWS\system32\DRIVERS\radpms.sys [2007-08-03 16:04]
S4 wampapache;wampapache;c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe [2008-01-18 00:37]
S4 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe wampmysqld []
.
Contents of the 'Scheduled Tasks' folder

2008-08-12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2008-08-10 C:\WINDOWS\Tasks\Norton Security Scan.job
- C:\Program Files\Norton Security Scan\Nss.exe [2007-09-19 00:42]
.
- - - - ORPHANS REMOVED - - - -

BHO-{8AAD6F49-51DE-4A21-B4D3-A3B733944327} - C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\BU16A1YN\3077htsbdjyf[1].dll
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKLM-Run-BM93edac11 - C:\WINDOWS\system32\fghupgif.dll
HKLM-Run-90de9f8d - C:\WINDOWS\system32\iugfltvy.dll
MSConfigStartUp-GoToMyPC - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
MSConfigStartUp-iTunesHelper - C:\Program Files\iTunes\iTunesHelper.exe
MSConfigStartUp-RocketDock - C:\Program Files\RocketDock\RocketDock.exe
MSConfigStartUp-CTFMON - (no file)

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\dvcqly7h.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/ig
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - c:\Program Files\Microsoft Silverlight\2.0.30523.6\npctrl.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npRACtrl.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-12 17:04:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\LogMeIn\x86\ramaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Winamp Remote\bin\OrbMediaService.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
.
**************************************************************************
.
Completion time: 2008-08-12 17:25:50 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-12 21:24:47

Pre-Run: 50,215,661,568 bytes free
Post-Run: 50,683,768,832 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /usepmtimer

381 --- E O F --- 2008-08-02 04:36:05

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:46:24 PM, on 8/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
C:\Program Files\Winamp Remote\bin\OrbMediaService.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\SnagIt 8\SnagItBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Main Display.lnk = ?
O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: UltraMon.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.3.24.3\gears.dll
O9 - Extra 'Tools' menuitem: &Google Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.3.24.3\gears.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{63AD31E0-CA3E-468E-B894-EB756F47FF40}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c89399ca824af8) (gupdate1c89399ca824af8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: OrbMediaService - Orb Networks - C:\Program Files\Winamp Remote\bin\OrbMediaService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O24 - Desktop Component 1: (no name) - http://www.cybersalt.org/images/stor.../ringclock.swf

--
End of file - 9075 bytes

08-12-2008, 03:48 PM	#5 (permalink)
ScottG489 Registered User Join Date: Aug 2008 Location: New York State Posts: 50 OS: XP Pro SP 3	Re: Popups/can't connect to various sites. OK, I followed the directions and ran ComboFix.exe. It seemed to run fine and then it went to restart my computer. It was on the "Windows is shutting down" screen for about 15-20 minutes I'm guessing when I decided to just press my restart button because I didn't believe that it was going to shut down itself. After my computer restarted the log.txt file was open (from ComboFix. I then also ran HijackThis and got a hijackthis.log. Both logs are posted below. Here is the ComboFix.txt and hijackthis.log files respectively: ComboFix 08-08-12.01 - Scott 2008-08-12 16:41:24.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526 [GMT -4:00] Running from: C:\Documents and Settings\Scott\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Scott\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Scott\Application Data\macromedia\Flash Player\#SharedObjects\ANQSDRXB\interclick.com C:\Documents and Settings\Scott\Application Data\macromedia\Flash Player\#SharedObjects\ANQSDRXB\interclick.com\ud.sol C:\Documents and Settings\Scott\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com C:\Documents and Settings\Scott\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\temp.dmf C:\WINDOWS\BM93edac11.txt C:\WINDOWS\BM93edac11.xml C:\WINDOWS\pskt.ini C:\WINDOWS\system32\ayhjsuyx.dll C:\WINDOWS\system32\byXOFVnk.dll C:\WINDOWS\system32\ctoglw.dll C:\WINDOWS\system32\dxvttc.dll C:\WINDOWS\system32\euidmd.dll C:\WINDOWS\system32\fghupgif.dll C:\WINDOWS\system32\hjQsBJjl.ini C:\WINDOWS\system32\hjQsBJjl.ini2 C:\WINDOWS\system32\hvvgefwd.dll C:\WINDOWS\system32\ihepancs.dll C:\WINDOWS\system32\iugfltvy.dll C:\WINDOWS\system32\ixkxggxr.dll C:\WINDOWS\system32\jadkur.dll C:\WINDOWS\system32\jyinfrry.ini C:\WINDOWS\system32\kdmftw.dll C:\WINDOWS\system32\kfalglwt.ini C:\WINDOWS\system32\kgqvumgf.dll C:\WINDOWS\system32\lhjjsl.dll C:\WINDOWS\system32\ljJBsQjh.dll C:\WINDOWS\system32\ndobnmlk.dll C:\WINDOWS\system32\nemtbddw.dll C:\WINDOWS\system32\nfsiqetp.ini C:\WINDOWS\system32\ngaimdug.dll C:\WINDOWS\system32\oxdkigds.dll C:\WINDOWS\system32\pkfsiytp.dll C:\WINDOWS\system32\pteqisfn.dll C:\WINDOWS\system32\rhvjeptd.dll C:\WINDOWS\system32\rxggxkxi.ini C:\WINDOWS\system32\tuvUMgGW.dll C:\WINDOWS\system32\twlglafk.dll C:\WINDOWS\system32\ucauesum.dll C:\WINDOWS\system32\uwuqnhss.dll C:\WINDOWS\system32\wtiosamx.ini C:\WINDOWS\system32\xlgwvxtw.dll C:\WINDOWS\system32\xttkdccs.dll C:\WINDOWS\system32\ygpixafp.ini C:\WINDOWS\system32\yqibie.dll C:\WINDOWS\system32\yvtlfgui.ini C:\WINDOWS\system32\ywundo.dll C:\WINDOWS\system32\yxmqgwvx.ini . ((((((((((((((((((((((((( Files Created from 2008-07-12 to 2008-08-12 ))))))))))))))))))))))))))))))) . 2008-08-12 01:25 . 2008-08-12 01:25 <DIR> d-------- C:\Documents and Settings\Scott\mindterm 2008-08-11 18:20 . 2008-08-11 18:20 2,048 --a------ C:\WINDOWS\system32\crtmglko.exe 2008-08-11 17:52 . 2008-08-11 17:52 2,048 --a------ C:\WINDOWS\system32\sirvntrq.exe 2008-08-11 08:23 . 2008-08-11 08:23 2,048 --a------ C:\WINDOWS\system32\bosvswbt.exe 2008-08-10 08:30 . 2008-08-10 08:30 2,048 --a------ C:\WINDOWS\system32\ajflvgcl.exe 2008-08-09 17:50 . 2008-08-09 17:50 <DIR> d-------- C:\ie-spyad_zo 2008-08-09 17:47 . 2008-08-09 17:49 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-08-09 16:02 . 2008-08-09 16:02 <DIR> d-------- C:\Deckard 2008-08-09 15:52 . 2008-08-09 15:52 <DIR> d-------- C:\Program Files\Panda Security 2008-08-09 08:29 . 2008-08-09 08:29 2,048 --a------ C:\WINDOWS\system32\qvyfgtpm.exe 2008-08-09 00:23 . 2008-08-09 00:23 <DIR> d-------- C:\Program Files\Trend Micro 2008-08-08 08:26 . 2008-08-08 08:26 2,048 --a------ C:\WINDOWS\system32\ikcrpocc.exe 2008-08-07 12:13 . 2008-08-07 14:42 <DIR> d-------- C:\Program Files\KellySoftware 2008-08-07 08:23 . 2008-08-07 08:23 2,048 --a------ C:\WINDOWS\system32\kttexdad.exe 2008-08-07 02:12 . 2008-08-07 02:12 <DIR> d-------- C:\Program Files\UltraMon 2008-08-07 02:12 . 2008-08-07 02:12 <DIR> d-------- C:\Program Files\Common Files\Realtime Soft 2008-08-07 02:12 . 2008-08-07 02:12 <DIR> d-------- C:\Documents and Settings\Scott\Application Data\Realtime Soft 2008-08-07 02:12 . 2008-08-07 02:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Realtime Soft 2008-08-01 19:52 . 2008-08-01 19:52 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe 2008-08-01 19:52 . 2008-08-01 19:52 22,328 --a------ C:\Documents and Settings\Scott\Application Data\PnkBstrK.sys 2008-08-01 19:20 . 2008-08-01 19:26 <DIR> d-------- C:\Program Files\NCH Swift Sound 2008-08-01 19:20 . 2008-08-01 19:20 <DIR> d-------- C:\Documents and Settings\Scott\Application Data\NCH Swift Sound 2008-08-01 19:20 . 2008-08-01 19:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound 2008-08-01 19:20 . 2008-08-01 19:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Software 2008-08-01 17:06 . 2008-08-01 17:06 <DIR> d-------- C:\WINDOWS\system32\scripting 2008-08-01 17:06 . 2008-08-01 17:06 <DIR> d-------- C:\WINDOWS\system32\en 2008-08-01 17:06 . 2008-08-01 17:06 <DIR> d-------- C:\WINDOWS\l2schemas 2008-07-24 16:34 . 2008-07-24 16:34 <DIR> d-------- C:\Program Files\No-IP 2008-07-14 23:57 . 2008-07-25 00:56 <DIR> d-------- C:\wamp 2008-07-14 23:44 . 2008-07-25 00:52 <DIR> d-------- C:\website 2008-07-13 12:22 . 2008-07-13 12:22 <DIR> d-------- C:\Program Files\The Specialists . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-12 21:04 --------- d-----w C:\Program Files\Steam 2008-08-12 06:11 --------- d-----w C:\Program Files\LogMeIn 2008-08-11 23:26 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-08-11 21:55 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-08-11 21:50 --------- d-----w C:\Documents and Settings\Scott\Application Data\SSH 2008-08-10 22:36 --------- d-----w C:\Program Files\Winamp Remote 2008-08-10 22:34 --------- d-----w C:\Program Files\Norton Security Scan 2008-08-10 00:37 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-08-09 17:05 --------- d-----w C:\Program Files\Viewpoint 2008-08-09 17:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2008-08-07 23:23 --------- d-----w C:\Documents and Settings\Scott\Application Data\ZoomBrowser EX 2008-08-07 23:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser 2008-08-07 06:12 --------- d-----w C:\Documents and Settings\Scott\Application Data\Azureus 2008-08-02 00:43 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-08-01 23:52 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe 2008-08-01 23:52 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-08-01 22:43 --------- d-----w C:\Program Files\Windows Grep 2008-07-31 10:58 --------- d-----w C:\Program Files\Spyware Doctor 2008-07-29 12:06 --------- d-----w C:\Program Files\Java 2008-07-25 19:08 --------- d-----w C:\Program Files\Google 2008-07-24 21:05 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-07-24 21:05 --------- d-----w C:\Program Files\SnagIt 8 2008-07-24 21:05 --------- d-----w C:\Program Files\Halo 2 2008-07-24 21:05 --------- d-----w C:\Program Files\Gizmo5 2008-07-24 21:05 --------- d-----w C:\Program Files\DivX 2008-07-24 21:05 --------- d-----w C:\Program Files\Desktop Waller 2008-07-24 21:04 5,632 --sha-w C:\Program Files\Common Files\Thumbs.db 2008-07-24 21:04 --------- d-----w C:\Program Files\AIM 2008-07-15 04:46 --------- d-----w C:\Program Files\HTML Validator 2008-07-15 03:53 --------- d-----w C:\Program Files\PFConfig 2008-07-15 02:30 --------- d-----w C:\Program Files\Winamp 2008-07-15 02:18 --------- d-----w C:\Documents and Settings\Scott\Application Data\Winamp 2008-07-10 03:01 --------- d-----w C:\Program Files\Diablo II 2008-07-09 19:48 47,536 ----a-w C:\Documents and Settings\Scott\Application Data\GDIPFONTCACHEV1.DAT 2008-07-08 06:03 --------- d-----w C:\Program Files\Common Files\Control Panels 2008-07-08 06:03 --------- d-----w C:\Program Files\Common Files\Adobe 2008-07-08 06:02 --------- d-----w C:\Program Files\Bonjour 2008-07-07 17:44 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-07 17:44 --------- d-----w C:\Program Files\SSH Communications Security 2008-07-07 05:36 --------- d-----w C:\Program Files\Azureus 2008-07-03 16:28 --------- d-----w C:\Documents and Settings\Scott\Application Data\Bioshock 2008-07-03 15:27 --------- d-----w C:\Program Files\Electronic Arts 2008-07-02 03:50 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll 2008-07-02 03:50 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll 2008-07-02 03:50 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll 2008-07-02 03:36 94,208 ----a-w C:\WINDOWS\DIIUnin.exe 2008-07-02 03:36 2,829 ----a-w C:\WINDOWS\DIIUnin.pif 2008-06-20 19:54 --------- d-----w C:\Documents and Settings\Scott\Application Data\SPORE Creature Creator 2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-19 04:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogMeIn 2008-06-18 23:31 --------- d-----w C:\Program Files\WiFiConnector 2008-06-16 16:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-05-28 16:33 83,288 ----a-w C:\WINDOWS\system32\LMIRfsClientNP.dll 2008-05-28 16:32 87,352 ----a-w C:\WINDOWS\system32\LMIinit.dll 2008-05-28 16:32 24,608 ----a-w C:\WINDOWS\system32\LMIport.dll 2008-05-28 16:32 23,736 ----a-w C:\WINDOWS\system32\lmimirr.dll 2008-05-28 16:32 10,040 ----a-w C:\WINDOWS\system32\lmimirr2.dll 2008-04-05 02:58 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2007-09-30 21:07 161,862 ------w C:\Program Files\Common Files\uninstall.ico 2007-08-09 18:08 8,784 ----a-w C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll 2007-08-09 18:10 245,408 ----a-w C:\Program Files\mozilla firefox\plugins\unicows.dll 2006-05-03 09:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll 2007-02-21 10:47 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt] @="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}" [HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}] 2007-12-13 22:02 96552 --a------ C:\Program Files\Nero\Nero8\InCD\NBHShx.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector" [X] "AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 16:35 67112] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-07 00:45 68856] "Steam"="c:\program files\steam\steam.exe" [2008-03-27 23:32 1271032] "Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 16:02 495616] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 22:34 868352] "PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 08:00 455168] "PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 08:00 455168] "LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 16:09 63048] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-29 10:32 29744] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 19:58 81920] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-07 01:04 185632] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-25 21:23 443968] C:\Documents and Settings\Scott\Start Menu\Programs\Startup\ Main Display.lnk - C:\Documents and Settings\Scott\Application Data\Realtime Soft\UltraMon\3.0.2\Profiles\Main Display.umprofile [2008-08-07 03:48:51 237] No-IP DUC.lnk - C:\Program Files\No-IP\DUC20.exe [2008-07-24 16:34:06 1172992] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-01-07 00:45:27 125624] UltraMon.lnk - C:\WINDOWS\Installer\{AF0FA6D7-96F3-468A-ABB7-28BE006EA8E9}\IcoUltraMon.ico [2008-08-07 02:12:12 29310] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.yv12"= yv12vfw.dll "msacm.l3fhg"= mp3fhg.acm "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv "msacm.divxa32"= divxa32.acm [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Google Web Accelerator.lnk backup=C:\WINDOWS\pss\Run Google Web Accelerator.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Nintendo Wi-Fi USB Connector Registration Tool.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Nintendo Wi-Fi USB Connector Registration Tool.lnk backup=C:\WINDOWS\pss\Run Nintendo Wi-Fi USB Connector Registration Tool.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Scott^Start Menu^Programs^Startup^Adobe Gamma.lnk] path=C:\Documents and Settings\Scott\Start Menu\Programs\Startup\Adobe Gamma.lnk backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gizmo5] --a------ 2008-05-29 20:32 5267456 C:\Program Files\Gizmo5\Gizmo5.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1] --a------ 2004-08-04 01:31 208952 C:\WINDOWS\ime\IMJP8_1\imjpmig.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] --a------ 2007-12-13 22:02 1082152 C:\Program Files\Nero\Nero8\InCD\InCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2007-12-13 19:10 1688872 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray] --a------ 2008-02-01 12:55 1103240 C:\Program Files\Spyware Doctor\pctsTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2008-04-13 20:12 1695232 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] --a------ 2007-12-03 14:21 2213160 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-01 14:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] --a------ 2007-08-06 20:05 200704 C:\Program Files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc] --a------ 2007-12-13 22:02 2048808 C:\Program Files\Nero\Nero8\InCD\NBHGui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2008-02-12 20:10 21898024 C:\Program Files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2008-01-07 01:04 185632 C:\Program Files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2008-07-09 17:33 36352 C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "GoToMyPC"=2 (0x2) "PnkBstrA"=2 (0x2) "iPod Service"=3 (0x3) "Apple Mobile Device"=2 (0x2) "WMPNetworkSvc"=3 (0x3) "wampmysqld"=3 (0x3) "wampapache"=3 (0x3) "Viewpoint Manager Service"=2 (0x2) "sdCoreService"=3 (0x3) "sdAuxService"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\AIM\\aim.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Azureus\\Azureus.exe"= "C:\\Program Files\\Steam\\steamapps\\goldcow64\\team fortress classic\\hl.exe"= "C:\\Program Files\\Steam\\steamapps\\goldcow64\\condition zero deleted scenes\\hl.exe"= "C:\\Program Files\\Steam\\steamapps\\goldcow64\\team fortress 2\\hl2.exe"= "C:\\Program Files\\Steam\\steamapps\\goldcow64\\counter-strike source\\hl2.exe"= "C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"= "C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"= "C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"= "C:\\Program Files\\Steam\\steamapps\\goldcow64\\counter-strike\\hl.exe"= "C:\\Program Files\\Steam\\steamapps\\goldcow64\\day of defeat source\\hl2.exe"= "C:\\Program Files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCry.exe"= "C:\\Program Files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCryConfigurator.exe"= "C:\\Program Files\\Steam\\Steam.exe"= "C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "C:\\Program Files\\Halo 2\\halo2.exe"= "C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"= "C:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\Steam\\steamapps\\goldcow64\\garrysmod\\hl2.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"= "C:\\Program Files\\Gizmo5\\Gizmo5.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"= "C:\\Program Files\\Steam\\steamapps\\goldcow64\\half-life 2 deathmatch\\hl2.exe"= "C:\\Program Files\\Steam\\steamapps\\goldcow64\\source sdk base\\hl2.exe"= "C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"= "C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2008-02-28 15:31] R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39] R2 NeroRegInCDSrv;Nero Registry InCD Service;C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2007-12-13 22:02] R2 UltraMonUtility;UltraMon Utility Driver;C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2006-09-24 20:22] R3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys [2006-09-24 20:23] S2 gupdate1c89399ca824af8;Google Update Service (gupdate1c89399ca824af8);C:\Program Files\Google\Update\GoogleUpdate.exe [2008-07-15 21:32] S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-04-29 10:32] S3 radpms;Driver for RADPMS Device;C:\WINDOWS\system32\DRIVERS\radpms.sys [2007-08-03 16:04] S4 wampapache;wampapache;c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe [2008-01-18 00:37] S4 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe wampmysqld [] . Contents of the 'Scheduled Tasks' folder 2008-08-12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57] 2008-08-10 C:\WINDOWS\Tasks\Norton Security Scan.job - C:\Program Files\Norton Security Scan\Nss.exe [2007-09-19 00:42] . - - - - ORPHANS REMOVED - - - - BHO-{8AAD6F49-51DE-4A21-B4D3-A3B733944327} - C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\BU16A1YN\3077htsbdjyf[1].dll WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file) HKLM-Run-BM93edac11 - C:\WINDOWS\system32\fghupgif.dll HKLM-Run-90de9f8d - C:\WINDOWS\system32\iugfltvy.dll MSConfigStartUp-GoToMyPC - C:\Program Files\Citrix\GoToMyPC\g2svc.exe MSConfigStartUp-iTunesHelper - C:\Program Files\iTunes\iTunesHelper.exe MSConfigStartUp-RocketDock - C:\Program Files\RocketDock\RocketDock.exe MSConfigStartUp-CTFMON - (no file) . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\dvcqly7h.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/ig FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll FF -: plugin - c:\Program Files\Microsoft Silverlight\2.0.30523.6\npctrl.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npRACtrl.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-12 17:04:25 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe C:\Program Files\LogMeIn\x86\ramaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\Winamp Remote\bin\OrbMediaService.exe C:\WINDOWS\system32\PnkBstrB.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe C:\Program Files\UltraMon\UltraMon.exe C:\Program Files\UltraMon\UltraMonTaskbar.exe . ************************************************************************ . Completion time: 2008-08-12 17:25:50 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-12 21:24:47 Pre-Run: 50,215,661,568 bytes free Post-Run: 50,683,768,832 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /usepmtimer 381 --- E O F --- 2008-08-02 04:36:05 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:46:24 PM, on 8/12/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe C:\Program Files\Winamp Remote\bin\OrbMediaService.exe C:\WINDOWS\system32\PnkBstrB.exe C:\Program Files\Winamp Remote\bin\OrbTray.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\SnagIt 8\SnagItBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\SnagIt 8\SnagItIEAddin.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Startup: Main Display.lnk = ? O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: UltraMon.lnk = ? O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.3.24.3\gears.dll O9 - Extra 'Tools' menuitem: &Google Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.3.24.3\gears.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{63AD31E0-CA3E-468E-B894-EB756F47FF40}: NameServer = 192.168.1.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update Service (gupdate1c89399ca824af8) (gupdate1c89399ca824af8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: OrbMediaService - Orb Networks - C:\Program Files\Winamp Remote\bin\OrbMediaService.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O24 - Desktop Component 1: (no name) - http://www.cybersalt.org/images/stor.../ringclock.swf -- End of file - 9075 bytes