Tech Support Forum - View Single Post - Help! Constant Svchost.exe and DEP Error Messages

Raynman · 08-16-2008, 02:58 PM

As requested, ComboFix.txt file and HJT log are provided below. Thanks!

ComboFix 08-08-15.04 - Carli 2008-08-16 16:29:37.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1581 [GMT -4:00]
Running from: C:\Documents and Settings\Carli\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Chris\Cookies\chris@afy11[1].txt
C:\Documents and Settings\Chris\Cookies\chris@bigfishgames[2].txt
C:\Documents and Settings\Chris\Cookies\chris@contextweb[2].txt
C:\Documents and Settings\Chris\Cookies\chris@deviantart[2].txt
C:\Documents and Settings\Chris\Cookies\chris@hp.wildgames[1].txt
C:\Documents and Settings\Chris\Cookies\chris@insightexpressai[2].txt
C:\Documents and Settings\Chris\Cookies\chris@myspace[1].txt
C:\Documents and Settings\Chris\Cookies\chris@www.addictinggames[1].txt
C:\Documents and Settings\Chris\Cookies\chris@www.bassguitarsecrets[1].txt
C:\Documents and Settings\Chris\Cookies\chris@www.masterthelowend[1].txt
C:\Documents and Settings\Guest\Cookies\guest@ad[1].txt
C:\Documents and Settings\Guest\Cookies\guest@myspace[1].txt
C:\Documents and Settings\Guest\Cookies\guest@webreports.digitalinsight[2].txt
.
---- Previous Run -------
.
C:\302.exe
C:\328520.exe
C:\autorun.inf
C:\Documents and Settings\Carli\Application Data\macromedia\Flash Player\#SharedObjects\98ADDTWU\interclick.com
C:\Documents and Settings\Carli\Application Data\macromedia\Flash Player\#SharedObjects\98ADDTWU\interclick.com\ud.sol
C:\Documents and Settings\Carli\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Carli\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Carli\Cookies.\carli@ask[1].txt
C:\Documents and Settings\Carli\Cookies.\carli@delb.opt.fimserve[1].txt
C:\Documents and Settings\Carli\Cookies.\carli@delb.opt.fimserve[2].txt
C:\Documents and Settings\Carli\Cookies.\carli@demr.opt.fimserve[1].txt
C:\Documents and Settings\Carli\Cookies.\carli@myspace[2].txt
C:\Documents and Settings\Carli\Cookies.\carli@myspace[4].txt
C:\Documents and Settings\Carli\Cookies.\carli@slide[2].txt
C:\Documents and Settings\Carli\Cookies.\carli@www.pandasecurity[1].txt
C:\Documents and Settings\Chris\Application Data\macromedia\Flash Player\#SharedObjects\PU8E2Z8Y\interclick.com
C:\Documents and Settings\Chris\Application Data\macromedia\Flash Player\#SharedObjects\PU8E2Z8Y\interclick.com\ud.sol
C:\Documents and Settings\Chris\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Chris\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\Guest\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Program Files\Common Files\dobe~1
C:\Program Files\Common Files\dobe~1\?dobe\
C:\Program Files\Common Files\elitemediagroupoinuninstaller.exe
C:\Program Files\Common Files\stem32~1
C:\tyktjfww.exe
C:\WINDOWS\ecurit~1
C:\WINDOWS\gimmygames101.dat
C:\WINDOWS\gimmygames91.dat
C:\WINDOWS\MediaGateway.exe.bin
C:\WINDOWS\ms0596205104592006.exe
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo0.dll
C:\WINDOWS\system32\amvo1.dll
C:\WINDOWS\system32\amvo2.dll
C:\WINDOWS\system32\ckvo.exe
C:\WINDOWS\system32\ckvo0.dll
C:\WINDOWS\system32\ckvo1.dll
C:\WINDOWS\win320805104599622006.exe
C:\WINDOWS\win321010459962052006.exe
C:\WINDOWS\yoinsi.exe
C:\x0.cmd
D:\Autorun.inf
D:\tyktjfww.exe
D:\x0.cmd
G:\Autorun.inf
G:\tyktjfww.exe
G:\x0.cmd
H:\Autorun.inf
H:\tyktjfww.exe
H:\x0.cmd

.
((((((((((((((((((((((((( Files Created from 2008-07-16 to 2008-08-16 )))))))))))))))))))))))))))))))
.

2008-08-14 20:59 . 2008-08-14 20:59 89,901 -r-hs---- C:\t1ypkh.exe
2008-08-10 20:31 . 2008-08-10 20:31 <DIR> d-------- C:\Deckard
2008-08-10 17:37 . 2008-08-10 17:37 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-10 17:37 . 2008-08-10 17:37 <DIR> d-------- C:\WINDOWS\system32\en
2008-08-10 17:37 . 2008-08-10 17:37 <DIR> d-------- C:\WINDOWS\system32\bits
2008-08-10 17:37 . 2008-08-10 17:37 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-10 17:36 . 2008-08-10 17:36 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-08-10 17:30 . 2008-08-10 17:30 <DIR> d-------- C:\WINDOWS\EHome
2008-08-10 17:24 . 2008-04-13 20:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-08-10 16:40 . 2008-08-10 16:40 <DIR> d-------- C:\ie-spyad_zo
2008-08-10 16:10 . 2008-08-10 16:12 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-08-10 16:10 . 2008-08-14 21:49 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-10 13:01 . 2008-08-10 13:01 <DIR> d-------- C:\Program Files\Panda Security
2008-08-10 13:01 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-08-10 12:16 . 2008-08-10 17:48 90,295 -r-hs---- C:\r2nl.com
2008-08-10 12:09 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-08-10 12:09 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys
2008-08-10 12:09 . 2008-04-13 14:45 10,368 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-08-09 22:42 . 2008-04-23 00:16 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-08-09 22:42 . 2007-04-17 05:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-08-09 22:42 . 2007-03-08 01:10 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-08-09 22:42 . 2008-04-23 00:16 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-08-09 22:42 . 2008-04-23 00:16 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-08-09 22:42 . 2008-04-23 00:16 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-08-09 22:42 . 2008-04-23 00:16 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-08-09 22:42 . 2008-04-23 00:16 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-08-09 22:42 . 2008-04-22 03:39 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-07-29 08:34 . 2008-07-29 08:34 <DIR> d-------- C:\Documents and Settings\Chris\Application Data\Corel
2008-07-26 14:41 . 2008-07-26 14:41 <DIR> d-------- C:\Program Files\Gamevance

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-10 02:20 --------- d-----w C:\Program Files\Viewpoint
2008-08-08 19:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-08-05 15:46 2,276 -c--a-w C:\Documents and Settings\Chris\Application Data\wklnhst.dat
2008-08-03 18:07 --------- d-----w C:\Program Files\Apple Software Update
2008-08-03 18:04 --------- d-----w C:\Program Files\Safari
2008-07-19 14:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-17 14:59 --------- d-----w C:\Program Files\Yahoo!
2008-07-03 22:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-30 13:38 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-30 13:21 --------- d-----w C:\Documents and Settings\Administrator.YOUR-27E1513D96\Application Data\You've Got Pictures Screensaver
2008-06-30 10:21 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-30 10:18 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-06-30 01:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-30 01:55 --------- d-----w C:\Program Files\Lavasoft
2008-06-30 01:53 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-29 22:30 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 01:03 90,112 ----a-w C:\WINDOWS\DUMP54e6.tmp
2008-06-06 00:40 4,382 ----a-w C:\Documents and Settings\Carli\Application Data\wklnhst.dat
2006-04-08 12:06 28,032 ----a-w C:\Documents and Settings\HP_Owner\drsmartload348a.exe
2006-03-11 13:45 7,634,340 ----a-w C:\Documents and Settings\HP_Owner\Install_AIM.exe
1989-12-12 15:10 550,000 -csh--r C:\WINDOWS\vsrkfrl.exe
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 20:12 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-08 13:59 77824]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-06-08 14:03 114688]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 02:34 245760]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-05 01:46 172032]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [2002-08-28 14:12 77824]
"DXM6Patch_981116"="C:\WINDOWS\p_981116.exe" [1998-11-30 18:04 497376]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2007-07-24 19:08 26112]
"DiscWizardMonitor.exe"="C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2007-04-19 22:24 1169744]
"AcronisTimounterMonitor"="C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe" [2007-04-19 22:38 1945688]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe" [2007-04-19 22:29 149024]
"Samsung Common SM"="C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" [2005-07-03 03:20 372736]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-10-02 14:45 67488]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"Corel Photo Downloader"="C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-28 13:00 531272]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 04:07 61952 C:\WINDOWS\system32\HdAShCut.exe]

C:\Documents and Settings\Chris\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2008-06-01 13:40:44 225280]
Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe [2008-03-18 20:31:20 4742184]

C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]
Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe [2008-03-18 20:31:20 4742184]

C:\Documents and Settings\Carli\Start Menu\Programs\Startup\
MEMonitor.lnk - C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe [2008-05-27 20:04:55 947544]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
D-Link AirPlus USB.lnk - C:\Program Files\AIRPLUS\D-Link AirPlus DWL-120+ Wireless USB Adapter\AIRPLUS.EXE [2007-08-26 07:30:30 258048]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 10:23:26 282624]
Updates from HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [2005-11-29 03:40:52 36903]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll
"vidc.3IV2"= 3ivxVfWCodec_dec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"46731:TCP"= 46731:TCP:PORT_46731
"60107:TCP"= 60107:TCP:PORT_60107
"12396:TCP"= 12396:TCP:PORT_12396
"36520:TCP"= 36520:TCP:PORT_36520
"52800:TCP"= 52800:TCP:PORT_52800
"50423:TCP"= 50423:TCP:PORT_50423
"58880:TCP"= 58880:TCP:PORT_58880
"28676:TCP"= 28676:TCP:PORT_28676
"33882:TCP"= 33882:TCP:PORT_33882
"23184:TCP"= 23184:TCP:PORT_23184
"64543:TCP"= 64543:TCP:PORT_64543
"38379:TCP"= 38379:TCP:PORT_38379
"18707:TCP"= 18707:TCP:PORT_18707
"25040:TCP"= 25040:TCP:PORT_25040
"27547:TCP"= 27547:TCP:PORT_27547
"57492:TCP"= 57492:TCP:PORT_57492
"21076:TCP"= 21076:TCP:PORT_21076
"18351:TCP"= 18351:TCP:PORT_18351
"45894:TCP"= 45894:TCP:PORT_45894
"46919:TCP"= 46919:TCP:PORT_46919
"16741:TCP"= 16741:TCP:PORT_16741
"41155:TCP"= 41155:TCP:PORT_41155
"57720:TCP"= 57720:TCP:PORT_57720
"55924:TCP"= 55924:TCP:PORT_55924
"37891:TCP"= 37891:TCP:PORT_37891
"33523:TCP"= 33523:TCP:PORT_33523
"44177:TCP"= 44177:TCP:PORT_44177
"48649:TCP"= 48649:TCP:PORT_48649
"39626:TCP"= 39626:TCP:PORT_39626
"52572:TCP"= 52572:TCP:PORT_52572
"53996:TCP"= 53996:TCP:PORT_53996
"46566:TCP"= 46566:TCP:PORT_46566
"9591:TCP"= 9591:TCP:PORT_9591
"12835:TCP"= 12835:TCP:PORT_12835
"24958:TCP"= 24958:TCP:PORT_24958
"38180:TCP"= 38180:TCP:PORT_38180
"43821:TCP"= 43821:TCP:PORT_43821
"42395:TCP"= 42395:TCP:PORT_42395
"18591:TCP"= 18591:TCP:PORT_18591
"28030:TCP"= 28030:TCP:PORT_28030
"59132:TCP"= 59132:TCP:PORT_59132
"59590:TCP"= 59590:TCP:PORT_59590
"37861:TCP"= 37861:TCP:PORT_37861
"8985:TCP"= 8985:TCP:PORT_8985
"40339:TCP"= 40339:TCP:PORT_40339
"64305:TCP"= 64305:TCP:PORT_64305
"65009:TCP"= 65009:TCP:PORT_65009
"63645:TCP"= 63645:TCP:PORT_63645
"58870:TCP"= 58870:TCP:PORT_58870
"17066:TCP"= 17066:TCP:PORT_17066
"62837:TCP"= 62837:TCP:PORT_62837
"11713:TCP"= 11713:TCP:PORT_11713
"65224:TCP"= 65224:TCP:PORT_65224
"18908:TCP"= 18908:TCP:PORT_18908
"64520:TCP"= 64520:TCP:PORT_64520
"61239:TCP"= 61239:TCP:PORT_61239
"40778:TCP"= 40778:TCP:PORT_40778
"30200:TCP"= 30200:TCP:PORT_30200
"52008:TCP"= 52008:TCP:PORT_52008
"59334:TCP"= 59334:TCP:PORT_59334
"34528:TCP"= 34528:TCP:PORT_34528
"42707:TCP"= 42707:TCP:PORT_42707
"17453:TCP"= 17453:TCP:PORT_17453
"64540:TCP"= 64540:TCP:PORT_64540
"27094:TCP"= 27094:TCP:PORT_27094
"10102:TCP"= 10102:TCP:PORT_10102
"40255:TCP"= 40255:TCP:PORT_40255
"43296:TCP"= 43296:TCP:PORT_43296

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R1 ewido security suite driver;ewido security suite driver;C:\Program Files\ewido anti-malware\guard.sys [2005-12-30 07:12]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-10-02 14:46]
S2 SVSAV;System Internal AntiVirus;C:\WINDOWS\system32\svsnt.exe []
S3 TIAcxubt;D-Link WLAN USB Boot Device;C:\WINDOWS\system32\Drivers\tiacxubt.sys [2003-04-24 17:59]
S3 TIACXUSB;D-Link AirPlus DWL-120+ Wireless USB Adapter;C:\WINDOWS\system32\Drivers\tiacxusb.sys [2003-04-29 10:49]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{85261ab9-db54-11dc-9de0-00400555603b}]
\Shell\AutoRun\command - I:\uis.com
\Shell\explore\Command - I:\uis.com
\Shell\open\Command - I:\uis.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd8f060d-9082-11dc-8833-00400555603b}]
\Shell\AutoRun\command - I:\x.com
\Shell\explore\Command - I:\x.com
\Shell\open\Command - I:\x.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cdb6ea60-9446-11db-86ef-00400555603b}]
\Shell\AutoRun\command - I:\system\viewer\Viewer.exe
\Shell\View your videos\command - I:\system\viewer\Viewer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5df356f-dd69-11dc-9de2-00400555603b}]
\Shell\AutoRun\command - I:\tyktjfww.exe
\Shell\explore\Command - I:\tyktjfww.exe
\Shell\open\Command - I:\tyktjfww.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0b8ef71-e1ee-11da-866d-00400555603b}]
\Shell\AutoRun\command - I:\e.cmd
\Shell\explore\Command - I:\e.cmd
\Shell\open\Command - I:\e.cmd
.
Contents of the 'Scheduled Tasks' folder

2008-08-08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2008-08-08 C:\WINDOWS\Tasks\Norton Security Scan.job
- C:\Program Files\Norton Security Scan\Nss.exe [2007-01-18 18:24]

2005-11-29 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2004-12-14 23:24]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Uniblue RegistryBooster 2 - C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
HKCU-Run-kamsoft - C:\WINDOWS\system32\ckvo.exe
HKCU-Run-Aim6 - (no file)
HKLM-Run-ImInstaller_IncrediMail - C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe
HKLM-Run-PCDrProfiler - (no file)

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Carli\Application Data\Mozilla\Firefox\Profiles\9o3ht63p.default\

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-16 16:40:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\NavLogon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-08-16 16:46:20 - machine was rebooted [Carli]
ComboFix-quarantined-files.txt 2008-08-16 20:45:57

Pre-Run: 180,983,021,568 bytes free
Post-Run: 180,871,520,256 bytes free

357 --- E O F --- 2008-08-10 02:43:27

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:52:56 PM, on 8/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIRPLUS\D-Link AirPlus DWL-120+ Wireless USB Adapter\AIRPLUS.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Documents and Settings\Carli\Desktop\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;*.local;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
O4 - Global Startup: D-Link AirPlus USB.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {26522409-8BBF-4C5B-A4D3-CF4B1D6F255B} (UMediaPlayer Class) - http://www.umediaserver.net/bin/UMediaControl5.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1145380212593
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: System Internal AntiVirus (SVSAV) - Unknown owner - C:\WINDOWS\system32\svsnt.exe (file missing)
O24 - Desktop Component 0: (no name) - http://a943.ac-images.myspacecdn.com...a09620d8c6.jpg
O24 - Desktop Component 1: (no name) - http://artslivres.com/images/Resized...jpg&w=300&q=80
O24 - Desktop Component 3: Yahoo! - http://www.yahoo.com/

--
End of file - 11251 bytes

08-16-2008, 02:58 PM	#5 (permalink)
Raynman Registered User Join Date: Apr 2006 Posts: 13 OS: XP	Re: Help! Constant Svchost.exe and DEP Error Messages As requested, ComboFix.txt file and HJT log are provided below. Thanks! ComboFix 08-08-15.04 - Carli 2008-08-16 16:29:37.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1581 [GMT -4:00] Running from: C:\Documents and Settings\Carli\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Chris\Cookies\chris@afy11[1].txt C:\Documents and Settings\Chris\Cookies\chris@bigfishgames[2].txt C:\Documents and Settings\Chris\Cookies\chris@contextweb[2].txt C:\Documents and Settings\Chris\Cookies\chris@deviantart[2].txt C:\Documents and Settings\Chris\Cookies\chris@hp.wildgames[1].txt C:\Documents and Settings\Chris\Cookies\chris@insightexpressai[2].txt C:\Documents and Settings\Chris\Cookies\chris@myspace[1].txt C:\Documents and Settings\Chris\Cookies\chris@www.addictinggames[1].txt C:\Documents and Settings\Chris\Cookies\chris@www.bassguitarsecrets[1].txt C:\Documents and Settings\Chris\Cookies\chris@www.masterthelowend[1].txt C:\Documents and Settings\Guest\Cookies\guest@ad[1].txt C:\Documents and Settings\Guest\Cookies\guest@myspace[1].txt C:\Documents and Settings\Guest\Cookies\guest@webreports.digitalinsight[2].txt . ---- Previous Run ------- . C:\302.exe C:\328520.exe C:\autorun.inf C:\Documents and Settings\Carli\Application Data\macromedia\Flash Player\#SharedObjects\98ADDTWU\interclick.com C:\Documents and Settings\Carli\Application Data\macromedia\Flash Player\#SharedObjects\98ADDTWU\interclick.com\ud.sol C:\Documents and Settings\Carli\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com C:\Documents and Settings\Carli\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol C:\Documents and Settings\Carli\Cookies.\carli@ask[1].txt C:\Documents and Settings\Carli\Cookies.\carli@delb.opt.fimserve[1].txt C:\Documents and Settings\Carli\Cookies.\carli@delb.opt.fimserve[2].txt C:\Documents and Settings\Carli\Cookies.\carli@demr.opt.fimserve[1].txt C:\Documents and Settings\Carli\Cookies.\carli@myspace[2].txt C:\Documents and Settings\Carli\Cookies.\carli@myspace[4].txt C:\Documents and Settings\Carli\Cookies.\carli@slide[2].txt C:\Documents and Settings\Carli\Cookies.\carli@www.pandasecurity[1].txt C:\Documents and Settings\Chris\Application Data\macromedia\Flash Player\#SharedObjects\PU8E2Z8Y\interclick.com C:\Documents and Settings\Chris\Application Data\macromedia\Flash Player\#SharedObjects\PU8E2Z8Y\interclick.com\ud.sol C:\Documents and Settings\Chris\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com C:\Documents and Settings\Chris\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML C:\Documents and Settings\Guest\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML C:\Program Files\Common Files\dobe~1 C:\Program Files\Common Files\dobe~1\?dobe\ C:\Program Files\Common Files\elitemediagroupoinuninstaller.exe C:\Program Files\Common Files\stem32~1 C:\tyktjfww.exe C:\WINDOWS\ecurit~1 C:\WINDOWS\gimmygames101.dat C:\WINDOWS\gimmygames91.dat C:\WINDOWS\MediaGateway.exe.bin C:\WINDOWS\ms0596205104592006.exe C:\WINDOWS\system32\amvo.exe C:\WINDOWS\system32\amvo0.dll C:\WINDOWS\system32\amvo1.dll C:\WINDOWS\system32\amvo2.dll C:\WINDOWS\system32\ckvo.exe C:\WINDOWS\system32\ckvo0.dll C:\WINDOWS\system32\ckvo1.dll C:\WINDOWS\win320805104599622006.exe C:\WINDOWS\win321010459962052006.exe C:\WINDOWS\yoinsi.exe C:\x0.cmd D:\Autorun.inf D:\tyktjfww.exe D:\x0.cmd G:\Autorun.inf G:\tyktjfww.exe G:\x0.cmd H:\Autorun.inf H:\tyktjfww.exe H:\x0.cmd . ((((((((((((((((((((((((( Files Created from 2008-07-16 to 2008-08-16 ))))))))))))))))))))))))))))))) . 2008-08-14 20:59 . 2008-08-14 20:59 89,901 -r-hs---- C:\t1ypkh.exe 2008-08-10 20:31 . 2008-08-10 20:31 <DIR> d-------- C:\Deckard 2008-08-10 17:37 . 2008-08-10 17:37 <DIR> d-------- C:\WINDOWS\system32\scripting 2008-08-10 17:37 . 2008-08-10 17:37 <DIR> d-------- C:\WINDOWS\system32\en 2008-08-10 17:37 . 2008-08-10 17:37 <DIR> d-------- C:\WINDOWS\system32\bits 2008-08-10 17:37 . 2008-08-10 17:37 <DIR> d-------- C:\WINDOWS\l2schemas 2008-08-10 17:36 . 2008-08-10 17:36 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-08-10 17:30 . 2008-08-10 17:30 <DIR> d-------- C:\WINDOWS\EHome 2008-08-10 17:24 . 2008-04-13 20:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll 2008-08-10 16:40 . 2008-08-10 16:40 <DIR> d-------- C:\ie-spyad_zo 2008-08-10 16:10 . 2008-08-10 16:12 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-08-10 16:10 . 2008-08-14 21:49 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-08-10 13:01 . 2008-08-10 13:01 <DIR> d-------- C:\Program Files\Panda Security 2008-08-10 13:01 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys 2008-08-10 12:16 . 2008-08-10 17:48 90,295 -r-hs---- C:\r2nl.com 2008-08-10 12:09 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2008-08-10 12:09 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys 2008-08-10 12:09 . 2008-04-13 14:45 10,368 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2008-08-09 22:42 . 2008-04-23 00:16 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-08-09 22:42 . 2007-04-17 05:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-08-09 22:42 . 2007-03-08 01:10 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-08-09 22:42 . 2008-04-23 00:16 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-08-09 22:42 . 2008-04-23 00:16 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-08-09 22:42 . 2008-04-23 00:16 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-08-09 22:42 . 2008-04-23 00:16 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll 2008-08-09 22:42 . 2008-04-23 00:16 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-08-09 22:42 . 2008-04-22 03:39 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-07-29 08:34 . 2008-07-29 08:34 <DIR> d-------- C:\Documents and Settings\Chris\Application Data\Corel 2008-07-26 14:41 . 2008-07-26 14:41 <DIR> d-------- C:\Program Files\Gamevance . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-10 02:20 --------- d-----w C:\Program Files\Viewpoint 2008-08-08 19:00 --------- d-----w C:\Program Files\Norton Security Scan 2008-08-05 15:46 2,276 -c--a-w C:\Documents and Settings\Chris\Application Data\wklnhst.dat 2008-08-03 18:07 --------- d-----w C:\Program Files\Apple Software Update 2008-08-03 18:04 --------- d-----w C:\Program Files\Safari 2008-07-19 14:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-07-17 14:59 --------- d-----w C:\Program Files\Yahoo! 2008-07-03 22:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-06-30 13:38 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-06-30 13:21 --------- d-----w C:\Documents and Settings\Administrator.YOUR-27E1513D96\Application Data\You've Got Pictures Screensaver 2008-06-30 10:21 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-06-30 10:18 691,545 ----a-w C:\WINDOWS\unins000.exe 2008-06-30 01:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-06-30 01:55 --------- d-----w C:\Program Files\Lavasoft 2008-06-30 01:53 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-06-29 22:30 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-14 01:03 90,112 ----a-w C:\WINDOWS\DUMP54e6.tmp 2008-06-06 00:40 4,382 ----a-w C:\Documents and Settings\Carli\Application Data\wklnhst.dat 2006-04-08 12:06 28,032 ----a-w C:\Documents and Settings\HP_Owner\drsmartload348a.exe 2006-03-11 13:45 7,634,340 ----a-w C:\Documents and Settings\HP_Owner\Install_AIM.exe 1989-12-12 15:10 550,000 -csh--r C:\WINDOWS\vsrkfrl.exe 2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll 2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 20:12 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-08 13:59 77824] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-06-08 14:03 114688] "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 02:34 245760] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-05 01:46 172032] "vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [2002-08-28 14:12 77824] "DXM6Patch_981116"="C:\WINDOWS\p_981116.exe" [1998-11-30 18:04 497376] "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2007-07-24 19:08 26112] "DiscWizardMonitor.exe"="C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2007-04-19 22:24 1169744] "AcronisTimounterMonitor"="C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe" [2007-04-19 22:38 1945688] "Acronis Scheduler2 Service"="C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe" [2007-04-19 22:29 149024] "Samsung Common SM"="C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" [2005-07-03 03:20 372736] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-10-02 14:45 67488] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "Corel Photo Downloader"="C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-28 13:00 531272] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 04:07 61952 C:\WINDOWS\system32\HdAShCut.exe] C:\Documents and Settings\Chris\Start Menu\Programs\Startup\ PowerReg Scheduler V3.exe [2008-06-01 13:40:44 225280] Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe [2008-03-18 20:31:20 4742184] C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\ SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448] Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe [2008-03-18 20:31:20 4742184] C:\Documents and Settings\Carli\Start Menu\Programs\Startup\ MEMonitor.lnk - C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe [2008-05-27 20:04:55 947544] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ D-Link AirPlus USB.lnk - C:\Program Files\AIRPLUS\D-Link AirPlus DWL-120+ Wireless USB Adapter\AIRPLUS.EXE [2007-08-26 07:30:30 258048] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 10:23:26 282624] Updates from HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [2005-11-29 03:40:52 36903] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "AllowLegacyWebView"= 1 (0x1) "AllowUnhashedWebView"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= i420vfw.dll "vidc.yv12"= yv12vfw.dll "vidc.3IV2"= 3ivxVfWCodec_dec.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 relog_ap [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"= "C:\\Program Files\\AIM\\aim.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "C:\\Program Files\\AIM6\\aim6.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "46731:TCP"= 46731:TCP:PORT_46731 "60107:TCP"= 60107:TCP:PORT_60107 "12396:TCP"= 12396:TCP:PORT_12396 "36520:TCP"= 36520:TCP:PORT_36520 "52800:TCP"= 52800:TCP:PORT_52800 "50423:TCP"= 50423:TCP:PORT_50423 "58880:TCP"= 58880:TCP:PORT_58880 "28676:TCP"= 28676:TCP:PORT_28676 "33882:TCP"= 33882:TCP:PORT_33882 "23184:TCP"= 23184:TCP:PORT_23184 "64543:TCP"= 64543:TCP:PORT_64543 "38379:TCP"= 38379:TCP:PORT_38379 "18707:TCP"= 18707:TCP:PORT_18707 "25040:TCP"= 25040:TCP:PORT_25040 "27547:TCP"= 27547:TCP:PORT_27547 "57492:TCP"= 57492:TCP:PORT_57492 "21076:TCP"= 21076:TCP:PORT_21076 "18351:TCP"= 18351:TCP:PORT_18351 "45894:TCP"= 45894:TCP:PORT_45894 "46919:TCP"= 46919:TCP:PORT_46919 "16741:TCP"= 16741:TCP:PORT_16741 "41155:TCP"= 41155:TCP:PORT_41155 "57720:TCP"= 57720:TCP:PORT_57720 "55924:TCP"= 55924:TCP:PORT_55924 "37891:TCP"= 37891:TCP:PORT_37891 "33523:TCP"= 33523:TCP:PORT_33523 "44177:TCP"= 44177:TCP:PORT_44177 "48649:TCP"= 48649:TCP:PORT_48649 "39626:TCP"= 39626:TCP:PORT_39626 "52572:TCP"= 52572:TCP:PORT_52572 "53996:TCP"= 53996:TCP:PORT_53996 "46566:TCP"= 46566:TCP:PORT_46566 "9591:TCP"= 9591:TCP:PORT_9591 "12835:TCP"= 12835:TCP:PORT_12835 "24958:TCP"= 24958:TCP:PORT_24958 "38180:TCP"= 38180:TCP:PORT_38180 "43821:TCP"= 43821:TCP:PORT_43821 "42395:TCP"= 42395:TCP:PORT_42395 "18591:TCP"= 18591:TCP:PORT_18591 "28030:TCP"= 28030:TCP:PORT_28030 "59132:TCP"= 59132:TCP:PORT_59132 "59590:TCP"= 59590:TCP:PORT_59590 "37861:TCP"= 37861:TCP:PORT_37861 "8985:TCP"= 8985:TCP:PORT_8985 "40339:TCP"= 40339:TCP:PORT_40339 "64305:TCP"= 64305:TCP:PORT_64305 "65009:TCP"= 65009:TCP:PORT_65009 "63645:TCP"= 63645:TCP:PORT_63645 "58870:TCP"= 58870:TCP:PORT_58870 "17066:TCP"= 17066:TCP:PORT_17066 "62837:TCP"= 62837:TCP:PORT_62837 "11713:TCP"= 11713:TCP:PORT_11713 "65224:TCP"= 65224:TCP:PORT_65224 "18908:TCP"= 18908:TCP:PORT_18908 "64520:TCP"= 64520:TCP:PORT_64520 "61239:TCP"= 61239:TCP:PORT_61239 "40778:TCP"= 40778:TCP:PORT_40778 "30200:TCP"= 30200:TCP:PORT_30200 "52008:TCP"= 52008:TCP:PORT_52008 "59334:TCP"= 59334:TCP:PORT_59334 "34528:TCP"= 34528:TCP:PORT_34528 "42707:TCP"= 42707:TCP:PORT_42707 "17453:TCP"= 17453:TCP:PORT_17453 "64540:TCP"= 64540:TCP:PORT_64540 "27094:TCP"= 27094:TCP:PORT_27094 "10102:TCP"= 10102:TCP:PORT_10102 "40255:TCP"= 40255:TCP:PORT_40255 "43296:TCP"= 43296:TCP:PORT_43296 R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24] R1 ewido security suite driver;ewido security suite driver;C:\Program Files\ewido anti-malware\guard.sys [2005-12-30 07:12] R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-10-02 14:46] S2 SVSAV;System Internal AntiVirus;C:\WINDOWS\system32\svsnt.exe [] S3 TIAcxubt;D-Link WLAN USB Boot Device;C:\WINDOWS\system32\Drivers\tiacxubt.sys [2003-04-24 17:59] S3 TIACXUSB;D-Link AirPlus DWL-120+ Wireless USB Adapter;C:\WINDOWS\system32\Drivers\tiacxusb.sys [2003-04-29 10:49] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{85261ab9-db54-11dc-9de0-00400555603b}] \Shell\AutoRun\command - I:\uis.com \Shell\explore\Command - I:\uis.com \Shell\open\Command - I:\uis.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd8f060d-9082-11dc-8833-00400555603b}] \Shell\AutoRun\command - I:\x.com \Shell\explore\Command - I:\x.com \Shell\open\Command - I:\x.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cdb6ea60-9446-11db-86ef-00400555603b}] \Shell\AutoRun\command - I:\system\viewer\Viewer.exe \Shell\View your videos\command - I:\system\viewer\Viewer.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5df356f-dd69-11dc-9de2-00400555603b}] \Shell\AutoRun\command - I:\tyktjfww.exe \Shell\explore\Command - I:\tyktjfww.exe \Shell\open\Command - I:\tyktjfww.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0b8ef71-e1ee-11da-866d-00400555603b}] \Shell\AutoRun\command - I:\e.cmd \Shell\explore\Command - I:\e.cmd \Shell\open\Command - I:\e.cmd . Contents of the 'Scheduled Tasks' folder 2008-08-08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57] 2008-08-08 C:\WINDOWS\Tasks\Norton Security Scan.job - C:\Program Files\Norton Security Scan\Nss.exe [2007-01-18 18:24] 2005-11-29 C:\WINDOWS\Tasks\Symantec NetDetect.job - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2004-12-14 23:24] . - - - - ORPHANS REMOVED - - - - HKCU-Run-Uniblue RegistryBooster 2 - C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe HKCU-Run-kamsoft - C:\WINDOWS\system32\ckvo.exe HKCU-Run-Aim6 - (no file) HKLM-Run-ImInstaller_IncrediMail - C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe HKLM-Run-PCDrProfiler - (no file) . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Carli\Application Data\Mozilla\Firefox\Profiles\9o3ht63p.default\ ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-16 16:40:21 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\NavLogon.dll . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\verclsid.exe . ************************************************************************ . Completion time: 2008-08-16 16:46:20 - machine was rebooted [Carli] ComboFix-quarantined-files.txt 2008-08-16 20:45:57 Pre-Run: 180,983,021,568 bytes free Post-Run: 180,871,520,256 bytes free 357 --- E O F --- 2008-08-10 02:43:27 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:52:56 PM, on 8/16/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe C:\Program Files\HP\HP Software Update\HPwuSchd2.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\AIRPLUS\D-Link AirPlus DWL-120+ Wireless USB Adapter\AIRPLUS.EXE C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\explorer.exe C:\WINDOWS\SOUNDMAN.EXE C:\Documents and Settings\Carli\Desktop\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;*.local;<local> O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe O4 - Global Startup: D-Link AirPlus USB.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {26522409-8BBF-4C5B-A4D3-CF4B1D6F255B} (UMediaPlayer Class) - http://www.umediaserver.net/bin/UMediaControl5.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1145380212593 O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: System Internal AntiVirus (SVSAV) - Unknown owner - C:\WINDOWS\system32\svsnt.exe (file missing) O24 - Desktop Component 0: (no name) - http://a943.ac-images.myspacecdn.com...a09620d8c6.jpg O24 - Desktop Component 1: (no name) - http://artslivres.com/images/Resized...jpg&w=300&q=80 O24 - Desktop Component 3: Yahoo! - http://www.yahoo.com/ -- End of file - 11251 bytes