Tech Support Forum - View Single Post - Computer is constantly accessing internet

MLBenatar · 11-10-2008, 10:17 AM

as requested

ComboFix 08-11-09.04 - Morris Benatar 2008-11-10 12:10:03.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1320 [GMT -5:00]
Running from: c:\documents and settings\Morris Benatar\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Morris Benatar\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\windows\system32\FlRtq55M.exe_
.

((((((((((((((((((((((((( Files Created from 2008-10-10 to 2008-11-10 )))))))))))))))))))))))))))))))
.

2008-11-10 10:11 . 2008-11-10 10:11 41,986 --a------ c:\windows\system32\FlRtq55M.exe
2008-11-05 16:04 . 2008-11-05 16:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\TEMP
2008-11-05 16:03 . 2008-11-05 16:06 <DIR> d-------- c:\program files\SpywareBlaster
2008-11-04 17:25 . 2008-11-04 17:26 <DIR> d-------- C:\rsit
2008-11-04 17:25 . 2008-11-10 11:33 <DIR> d-------- c:\program files\trend micro
2008-11-04 16:56 . 2008-11-05 08:08 250 --a------ c:\windows\gmer.ini
2008-11-03 14:56 . 2008-11-03 14:56 <DIR> d-------- c:\documents and settings\Morris Benatar\Application Data\System Tweaker
2008-11-03 14:47 . 2008-11-10 08:43 <DIR> d-------- c:\program files\Uniblue
2008-11-03 14:47 . 2008-11-10 08:43 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\~0
2008-11-03 08:49 . 2008-11-03 08:49 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-03 08:01 . 2008-11-03 08:01 <DIR> d-------- C:\myspaceguardian_update
2008-10-28 17:36 . 2008-10-28 17:36 823,296 --a------ c:\windows\system32\divx_xx0c.dll
2008-10-28 17:36 . 2008-10-28 17:36 823,296 --a------ c:\windows\system32\divx_xx07.dll
2008-10-28 17:35 . 2008-10-28 17:35 815,104 --a------ c:\windows\system32\divx_xx0a.dll
2008-10-28 17:35 . 2008-10-28 17:35 802,816 --a------ c:\windows\system32\divx_xx11.dll
2008-10-28 17:35 . 2008-10-28 17:35 729,088 --a------ c:\windows\system32\divxdec.ax
2008-10-28 17:35 . 2008-10-28 17:35 684,032 --a------ c:\windows\system32\DivX.dll
2008-10-24 06:24 . 2008-10-15 11:34 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
2008-10-15 08:08 . 2008-08-14 05:11 2,189,184 --------- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-15 08:08 . 2008-08-14 05:09 2,145,280 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-15 08:08 . 2008-08-14 04:33 2,066,048 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-15 08:08 . 2008-08-14 04:33 2,023,936 --------- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-15 08:08 . 2008-09-15 07:12 1,846,400 --------- c:\windows\system32\dllcache\win32k.sys
2008-10-15 08:08 . 2008-09-08 05:41 333,824 --------- c:\windows\system32\dllcache\srv.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-10 12:14 --------- d-----w c:\program files\Symantec AntiVirus
2008-11-07 20:00 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-05 12:44 --------- d-----w c:\documents and settings\All Users\Application Data\Retrospect
2008-11-04 20:46 --------- d-----w c:\program files\DivX
2008-11-04 18:11 --------- d-----w c:\program files\Google
2008-11-04 17:05 --------- d-----w c:\program files\Common Files\Real
2008-11-04 17:04 --------- d-----w c:\program files\Punch! Pro - Platinum
2008-11-03 19:39 --------- d-----w c:\documents and settings\Morris Benatar\Application Data\Uniblue
2008-11-02 21:02 --------- d-----w c:\program files\Virtual Earth 3D
2008-10-15 00:15 --------- d-----w c:\documents and settings\Morris Benatar\Application Data\Move Networks
2008-10-03 17:41 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-09-25 08:03 81,920 ----a-w c:\windows\system32\dpl100.dll
2008-09-25 08:03 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-09-25 08:03 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-09-25 08:03 53,248 ----a-w c:\windows\system32\dpuGUI10.dll
2008-09-25 08:03 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-09-25 08:03 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu10.dll
2008-09-25 08:03 196,608 ----a-w c:\windows\system32\dtu100.dll
2008-09-25 08:03 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-09-19 21:57 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-09-19 21:55 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-09-19 21:55 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-09-19 21:54 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2008-09-15 14:41 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-09-15 14:39 --------- d-----w c:\program files\Lavasoft
2008-09-15 14:33 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-15 14:06 --------- d-----w c:\program files\TeaTimer (Spybot - Search & Destroy)
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 11:26 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-09-06 04:30 241,704 ------w c:\windows\system32\dllcache\wgaLogon.dll
2008-09-06 04:29 917,032 ------w c:\windows\system32\dllcache\WgaTray.exe
2008-08-28 07:46 74,752 ----a-w c:\windows\system32\msw3prt.dll
2008-08-28 07:46 74,752 ------w c:\windows\system32\dllcache\msw3prt.dll
2008-08-28 07:46 104,960 ----a-w c:\windows\system32\win32spl.dll
2008-08-28 07:46 104,960 ------w c:\windows\system32\dllcache\win32spl.dll
2008-08-27 08:24 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-08-25 08:38 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-08-25 08:37 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-08-23 05:56 635,848 ------w c:\windows\system32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-08-14 10:09 2,145,280 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 10:04 138,496 ------w c:\windows\system32\dllcache\afd.sys
2008-08-14 09:33 2,023,936 ----a-w c:\windows\system32\ntkrnlpa.exe
2007-12-31 13:23 60,968 ----a-w c:\documents and settings\Morris Benatar\GoToAssistDownloadHelper.exe
2007-05-02 15:54 56,912 ----a-w c:\documents and settings\Morris Benatar\g2mdlhlpx.exe
.

((((((((((((((((((((((((((((( snapshot@2008-11-07_15.09.31.20 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-07 20:02:31 223,879 ----a-w c:\windows\system32\inetsrv\MetaBase.bin
+ 2008-11-10 12:14:46 223,883 ----a-w c:\windows\system32\inetsrv\MetaBase.bin
+ 2008-11-10 15:39:47 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_30c.dat
+ 2008-11-10 12:13:15 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_65c.dat
+ 2008-11-10 12:14:58 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_938.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{C46CED39-05C9-40C3-88D1-E07AB8128EFE}"= "c:\program files\MySpace Guardian\Toolbar\SpaceGuard.dll" [2007-06-13 389120]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-05 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 48752]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-19 7401472]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2007-12-31 08:24 10792 c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Program Neighborhood Agent.lnk]
backup=c:\windows\pss\Program Neighborhood Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
backup=c:\windows\pss\Service Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\@BackupScheduler]
--a------ 2007-01-16 17:56 611768 c:\program files\Online Backup\OnlineBackup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2008-01-11 19:54 623992 c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
-ra------ 2005-10-07 13:13 176128 c:\program files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 19:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a------ 2006-06-29 13:13 1032192 c:\progra~1\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2006-08-28 22:57 395776 c:\program files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
--a------ 2005-09-08 06:20 122940 c:\windows\system32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Document Manager]
--a------ 2006-05-16 13:35 102400 c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-12-09 21:29 49152 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 06:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
--a------ 2006-10-18 17:58 696320 c:\program files\Intel\Wireless\Bin\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
--a------ 2006-10-18 18:04 802816 c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-07-27 17:50 221184 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-06-01 15:51 257088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 19:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-01-19 09:14 7401472 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 05:24 286720 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-09-16 12:16 1833296 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-07-05 06:14 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
--a------ 2006-01-19 09:14 73728 c:\windows\system32\nvhotkey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-01-19 09:14 1519616 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 2006-03-24 17:30 282624 c:\windows\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Button Manager]
--a------ 2007-12-30 12:18 331776 c:\windows\system32\WDBtnMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"gusvc"=2 (0x2)
"Fax"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"Uniblue RegistryBooster 2009"=c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe /S
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"vptray"=c:\progra~1\SYMANT~1\VPTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 PBADRV;PBADRV;c:\windows\system32\drivers\pbadrv.sys [2005-12-09 18816]
S3 ADM851X;ADM851X USB To Fast Ethernet Adapter;c:\windows\system32\DRIVERS\ADM851X.SYS [ ]
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;c:\windows\system32\Drivers\BrSerIf.sys [2006-01-18 53248]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;c:\windows\system32\Drivers\BrUsbSer.sys [2006-01-18 11904]
S3 cmudau;C-Media USB Sound Interface;c:\windows\system32\drivers\cmudaxu.sys [ ]
S3 GoToAssist;GoToAssist;c:\program files\Citrix\GoToAssist\480\g2aservice.exe Start=service [ ]
S3 p2pgasvc;Peer Networking Group Authentication;c:\windows\system32\svchost.exe [2008-04-13 14336]
S3 p2pimsvc;Peer Networking Identity Manager;c:\windows\system32\svchost.exe [2008-04-13 14336]
S3 p2psvc;Peer Networking;c:\windows\system32\svchost.exe [2008-04-13 14336]
S3 PNRPSvc;Peer Name Resolution Protocol;c:\windows\system32\svchost.exe [2008-04-13 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder

2008-10-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 12:42]

2008-11-10 c:\windows\Tasks\At1.job
- c:\windows\system32\FlRtq55M.exe [2008-11-10 10:11]

2008-11-10 c:\windows\Tasks\At10.job
- c:\windows\system32\FlRtq55M.exe [2008-11-10 10:11]

2008-11-10 c:\windows\Tasks\At11.job
- c:\windows\system32\FlRtq55M.exe [2008-11-10 10:11]

2008-11-10 c:\windows\Tasks\At12.job
- c:\windows\system32\FlRtq55M.exe [2008-11-10 10:11]

2008-11-10 c:\windows\Tasks\At13.job
- c:\windows\system32\FlRtq55M.exe [2008-11-10 10:11]

2008-11-10 c:\windows\Tasks\At14.job
- c:\windows\system32\FlRtq55M.exe [2008-11-10 10:11]

2008-11-10 c:\windows\Tasks\At15.job
- c:\windows\system32\FlRtq55M.exe [2008-11-10 10:11]

2008-11-10 c:\windows\Tasks\At16.job
- c:\windows\system32\FlRtq55M.exe [2008-11-10 10:11]

2008-11-10 c:\windows\Tasks\At17.job
- c:\windows\system32\FlRtq55M.exe [2008-11-10 10:11]

2008-11-10 c:\windows\Tasks\At18.job
- c:\windows\system32\FlRtq55M.exe [2008-11-10 10:11]

2008-11-10 c:\windows\Tasks\At19.job
- c:\windows\system32\FlRtq55M.exe [2008-11-10 10:11]

2008-11-10 c:\windows\Tasks\At2.job
- c:\windows\system32\FlRtq55M.exe [2008-11-10 10:11]

2008-11-10 c:\windows\Tasks\At20.job
- c:\windows\system32\FlRtq55M.exe [2008-11-10 10:11]

2008-11-10 c:\windows\Tasks\At21.job
- c:\windows\system32\FlRtq55M.exe [2008-11-10 10:11]

2008-11-10 c:\windows\Tasks\At22.job
- c:\windows\system32\FlRtq55M.exe [2008-11-10 10:11]

2008-11-10 c:\windows\Tasks\At23.job
- c:\windows\system32\FlRtq55M.exe [2008-11-10 10:11]

2008-11-10 c:\windows\Tasks\At24.job
- c:\windows\system32\FlRtq55M.exe [2008-11-10 10:11]

2008-11-10 c:\windows\Tasks\At3.job
- c:\windows\system32\FlRtq55M.exe [2008-11-10 10:11]

2008-11-10 c:\windows\Tasks\At4.job
- c:\windows\system32\FlRtq55M.exe [2008-11-10 10:11]

2008-11-10 c:\windows\Tasks\At5.job
- c:\windows\system32\FlRtq55M.exe [2008-11-10 10:11]

2008-11-10 c:\windows\Tasks\At6.job
- c:\windows\system32\FlRtq55M.exe [2008-11-10 10:11]

2008-11-10 c:\windows\Tasks\At7.job
- c:\windows\system32\FlRtq55M.exe [2008-11-10 10:11]

2008-11-10 c:\windows\Tasks\At8.job
- c:\windows\system32\FlRtq55M.exe [2008-11-10 10:11]

2008-11-10 c:\windows\Tasks\At9.job
- c:\windows\system32\FlRtq55M.exe [2008-11-10 10:11]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-10 12:12:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: c:\windows\system32\winlogon.exe
-> c:\windows\system32\detoured.dll

PROCESS: c:\windows\system32\lsass.exe
-> c:\windows\system32\detoured.dll
.
Completion time: 2008-11-10 12:13:49
ComboFix-quarantined-files.txt 2008-11-10 17:13:46
ComboFix2.txt 2008-11-10 13:57:17
ComboFix3.txt 2008-11-07 20:10:12

Pre-Run: 67,085,619,200 bytes free
Post-Run: 67,096,842,240 bytes free

279 --- E O F --- 2008-11-02 21:02:37
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:15:10 PM, on 11/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\FlRtq55M.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Morris Benatar\Desktop\Morris Benatar.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.att.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=5070103
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: MGuardianBHO Class - {8B07F268-2962-4D3D-81EE-2C651E8CAD66} - C:\Program Files\MySpace Guardian\Toolbar\vsns.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: MySpace Guardian - {C46CED39-05C9-40C3-88D1-E07AB8128EFE} - C:\Program Files\MySpace Guardian\Toolbar\SpaceGuard.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedIn...derControl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1169048217265
O16 - DPF: {AAD32D2E-02C8-11D7-81B3-0050FC352236} (Softwell_DVR_Monitor.monitor) - http://192.0.0.170/activeX/DvrActiveXSetup.exe
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6CB86279-C230-45C5-B6A6-2D94E142F298}: NameServer = 205.152.37.23,205.152.144.23
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 11182 bytes

11-10-2008, 10:17 AM	#17 (permalink)
MLBenatar Registered User Join Date: Nov 2008 Posts: 13 OS: XP	Re: Computer is constantly accessing internet as requested ComboFix 08-11-09.04 - Morris Benatar 2008-11-10 12:10:03.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1320 [GMT -5:00] Running from: c:\documents and settings\Morris Benatar\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Morris Benatar\Desktop\CFScript.txt * Created a new restore point FILE :: c:\windows\system32\FlRtq55M.exe_ . ((((((((((((((((((((((((( Files Created from 2008-10-10 to 2008-11-10 ))))))))))))))))))))))))))))))) . 2008-11-10 10:11 . 2008-11-10 10:11 41,986 --a------ c:\windows\system32\FlRtq55M.exe 2008-11-05 16:04 . 2008-11-05 16:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\TEMP 2008-11-05 16:03 . 2008-11-05 16:06 <DIR> d-------- c:\program files\SpywareBlaster 2008-11-04 17:25 . 2008-11-04 17:26 <DIR> d-------- C:\rsit 2008-11-04 17:25 . 2008-11-10 11:33 <DIR> d-------- c:\program files\trend micro 2008-11-04 16:56 . 2008-11-05 08:08 250 --a------ c:\windows\gmer.ini 2008-11-03 14:56 . 2008-11-03 14:56 <DIR> d-------- c:\documents and settings\Morris Benatar\Application Data\System Tweaker 2008-11-03 14:47 . 2008-11-10 08:43 <DIR> d-------- c:\program files\Uniblue 2008-11-03 14:47 . 2008-11-10 08:43 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\~0 2008-11-03 08:49 . 2008-11-03 08:49 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard 2008-11-03 08:01 . 2008-11-03 08:01 <DIR> d-------- C:\myspaceguardian_update 2008-10-28 17:36 . 2008-10-28 17:36 823,296 --a------ c:\windows\system32\divx_xx0c.dll 2008-10-28 17:36 . 2008-10-28 17:36 823,296 --a------ c:\windows\system32\divx_xx07.dll 2008-10-28 17:35 . 2008-10-28 17:35 815,104 --a------ c:\windows\system32\divx_xx0a.dll 2008-10-28 17:35 . 2008-10-28 17:35 802,816 --a------ c:\windows\system32\divx_xx11.dll 2008-10-28 17:35 . 2008-10-28 17:35 729,088 --a------ c:\windows\system32\divxdec.ax 2008-10-28 17:35 . 2008-10-28 17:35 684,032 --a------ c:\windows\system32\DivX.dll 2008-10-24 06:24 . 2008-10-15 11:34 337,408 --------- c:\windows\system32\dllcache\netapi32.dll 2008-10-15 08:08 . 2008-08-14 05:11 2,189,184 --------- c:\windows\system32\dllcache\ntoskrnl.exe 2008-10-15 08:08 . 2008-08-14 05:09 2,145,280 --------- c:\windows\system32\dllcache\ntkrnlmp.exe 2008-10-15 08:08 . 2008-08-14 04:33 2,066,048 --------- c:\windows\system32\dllcache\ntkrnlpa.exe 2008-10-15 08:08 . 2008-08-14 04:33 2,023,936 --------- c:\windows\system32\dllcache\ntkrpamp.exe 2008-10-15 08:08 . 2008-09-15 07:12 1,846,400 --------- c:\windows\system32\dllcache\win32k.sys 2008-10-15 08:08 . 2008-09-08 05:41 333,824 --------- c:\windows\system32\dllcache\srv.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-10 12:14 --------- d-----w c:\program files\Symantec AntiVirus 2008-11-07 20:00 --------- d-----w c:\program files\Spybot - Search & Destroy 2008-11-05 12:44 --------- d-----w c:\documents and settings\All Users\Application Data\Retrospect 2008-11-04 20:46 --------- d-----w c:\program files\DivX 2008-11-04 18:11 --------- d-----w c:\program files\Google 2008-11-04 17:05 --------- d-----w c:\program files\Common Files\Real 2008-11-04 17:04 --------- d-----w c:\program files\Punch! Pro - Platinum 2008-11-03 19:39 --------- d-----w c:\documents and settings\Morris Benatar\Application Data\Uniblue 2008-11-02 21:02 --------- d-----w c:\program files\Virtual Earth 3D 2008-10-15 00:15 --------- d-----w c:\documents and settings\Morris Benatar\Application Data\Move Networks 2008-10-03 17:41 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll 2008-09-25 08:03 81,920 ----a-w c:\windows\system32\dpl100.dll 2008-09-25 08:03 593,920 ----a-w c:\windows\system32\dpuGUI11.dll 2008-09-25 08:03 57,344 ----a-w c:\windows\system32\dpv11.dll 2008-09-25 08:03 53,248 ----a-w c:\windows\system32\dpuGUI10.dll 2008-09-25 08:03 524,288 ----a-w c:\windows\system32\DivXsm.exe 2008-09-25 08:03 344,064 ----a-w c:\windows\system32\dpus11.dll 2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu11.dll 2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu10.dll 2008-09-25 08:03 196,608 ----a-w c:\windows\system32\dtu100.dll 2008-09-25 08:03 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe 2008-09-19 21:57 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll 2008-09-19 21:55 200,704 ----a-w c:\windows\system32\ssldivx.dll 2008-09-19 21:55 1,044,480 ----a-w c:\windows\system32\libdivx.dll 2008-09-19 21:54 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll 2008-09-15 14:41 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft 2008-09-15 14:39 --------- d-----w c:\program files\Lavasoft 2008-09-15 14:33 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-09-15 14:06 --------- d-----w c:\program files\TeaTimer (Spybot - Search & Destroy) 2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys 2008-09-10 11:26 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2008-09-06 04:30 241,704 ------w c:\windows\system32\dllcache\wgaLogon.dll 2008-09-06 04:29 917,032 ------w c:\windows\system32\dllcache\WgaTray.exe 2008-08-28 07:46 74,752 ----a-w c:\windows\system32\msw3prt.dll 2008-08-28 07:46 74,752 ------w c:\windows\system32\dllcache\msw3prt.dll 2008-08-28 07:46 104,960 ----a-w c:\windows\system32\win32spl.dll 2008-08-28 07:46 104,960 ------w c:\windows\system32\dllcache\win32spl.dll 2008-08-27 08:24 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll 2008-08-25 08:38 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe 2008-08-25 08:37 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe 2008-08-23 05:56 635,848 ------w c:\windows\system32\dllcache\iexplore.exe 2008-08-23 05:54 161,792 ------w c:\windows\system32\dllcache\ieakui.dll 2008-08-14 10:09 2,145,280 ----a-w c:\windows\system32\ntoskrnl.exe 2008-08-14 10:04 138,496 ------w c:\windows\system32\dllcache\afd.sys 2008-08-14 09:33 2,023,936 ----a-w c:\windows\system32\ntkrnlpa.exe 2007-12-31 13:23 60,968 ----a-w c:\documents and settings\Morris Benatar\GoToAssistDownloadHelper.exe 2007-05-02 15:54 56,912 ----a-w c:\documents and settings\Morris Benatar\g2mdlhlpx.exe . ((((((((((((((((((((((((((((( snapshot@2008-11-07_15.09.31.20 ))))))))))))))))))))))))))))))))))))))))) . - 2008-11-07 20:02:31 223,879 ----a-w c:\windows\system32\inetsrv\MetaBase.bin + 2008-11-10 12:14:46 223,883 ----a-w c:\windows\system32\inetsrv\MetaBase.bin + 2008-11-10 15:39:47 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_30c.dat + 2008-11-10 12:13:15 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_65c.dat + 2008-11-10 12:14:58 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_938.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{C46CED39-05C9-40C3-88D1-E07AB8128EFE}"= "c:\program files\MySpace Guardian\Toolbar\SpaceGuard.dll" [2007-06-13 389120] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-05 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 48752] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-19 7401472] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2007-12-31 08:24 10792 c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Program Neighborhood Agent.lnk] backup=c:\windows\pss\Program Neighborhood Agent.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk] backup=c:\windows\pss\Service Manager.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\@BackupScheduler] --a------ 2007-01-16 17:56 611768 c:\program files\Online Backup\OnlineBackup.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] --a------ 2008-01-11 19:54 623992 c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint] -ra------ 2005-10-07 13:13 176128 c:\program files\Apoint\Apoint.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2008-04-13 19:12 15360 c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet] --a------ 2006-06-29 13:13 1032192 c:\progra~1\Dell\QuickSet\quickset.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport] --a------ 2006-08-28 22:57 395776 c:\program files\Dell Support\DSAgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA] --a------ 2005-09-08 06:20 122940 c:\windows\system32\DLA\DLACTRLW.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Document Manager] --a------ 2006-05-16 13:35 102400 c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher] --------- 2005-12-09 21:29 49152 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] --a------ 2007-08-24 06:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless] --a------ 2006-10-18 17:58 696320 c:\program files\Intel\Wireless\Bin\iFrmewrk.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig] --a------ 2006-10-18 18:04 802816 c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2004-07-27 17:50 221184 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2007-06-01 15:51 257088 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2008-04-13 19:12 1695232 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2006-01-19 09:14 7401472 c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-06-29 05:24 286720 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] -rahs---- 2008-09-16 12:16 1833296 c:\program files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-07-05 06:14 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey] --a------ 2006-01-19 09:14 73728 c:\windows\system32\nvhotkey.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2006-01-19 09:14 1519616 c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp] --a------ 2006-03-24 17:30 282624 c:\windows\stsystra.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Button Manager] --a------ 2007-12-30 12:18 331776 c:\windows\system32\WDBtnMgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "iPod Service"=3 (0x3) "gusvc"=2 (0x2) "Fax"=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=c:\windows\system32\ctfmon.exe "MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background "Uniblue RegistryBooster 2009"=c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe /S "swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start "NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup "vptray"=c:\progra~1\SYMANT~1\VPTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping "3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R0 PBADRV;PBADRV;c:\windows\system32\drivers\pbadrv.sys [2005-12-09 18816] S3 ADM851X;ADM851X USB To Fast Ethernet Adapter;c:\windows\system32\DRIVERS\ADM851X.SYS [ ] S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;c:\windows\system32\Drivers\BrSerIf.sys [2006-01-18 53248] S3 BrUsbSer;Brother MFC USB Serial WDM Driver;c:\windows\system32\Drivers\BrUsbSer.sys [2006-01-18 11904] S3 cmudau;C-Media USB Sound Interface;c:\windows\system32\drivers\cmudaxu.sys [ ] S3 GoToAssist;GoToAssist;c:\program files\Citrix\GoToAssist\480\g2aservice.exe Start=service [ ] S3 p2pgasvc;Peer Networking Group Authentication;c:\windows\system32\svchost.exe [2008-04-13 14336] S3 p2pimsvc;Peer Networking Identity Manager;c:\windows\system32\svchost.exe [2008-04-13 14336] S3 p2psvc;Peer Networking;c:\windows\system32\svchost.exe [2008-04-13 14336] S3 PNRPSvc;Peer Name Resolution Protocol;c:\windows\system32\svchost.exe [2008-04-13 14336] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc . Contents of the 'Scheduled Tasks' folder 2008-10-16 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 12:42] 2008-11-10 c:\windows\Tasks\At1.job - c:\windows\system32\FlRtq55M.exe [2008-11-10 10:11] 2008-11-10 c:\windows\Tasks\At10.job - c:\windows\system32\FlRtq55M.exe [2008-11-10 10:11] 2008-11-10 c:\windows\Tasks\At11.job - c:\windows\system32\FlRtq55M.exe [2008-11-10 10:11] 2008-11-10 c:\windows\Tasks\At12.job - c:\windows\system32\FlRtq55M.exe [2008-11-10 10:11] 2008-11-10 c:\windows\Tasks\At13.job - c:\windows\system32\FlRtq55M.exe [2008-11-10 10:11] 2008-11-10 c:\windows\Tasks\At14.job - c:\windows\system32\FlRtq55M.exe [2008-11-10 10:11] 2008-11-10 c:\windows\Tasks\At15.job - c:\windows\system32\FlRtq55M.exe [2008-11-10 10:11] 2008-11-10 c:\windows\Tasks\At16.job - c:\windows\system32\FlRtq55M.exe [2008-11-10 10:11] 2008-11-10 c:\windows\Tasks\At17.job - c:\windows\system32\FlRtq55M.exe [2008-11-10 10:11] 2008-11-10 c:\windows\Tasks\At18.job - c:\windows\system32\FlRtq55M.exe [2008-11-10 10:11] 2008-11-10 c:\windows\Tasks\At19.job - c:\windows\system32\FlRtq55M.exe [2008-11-10 10:11] 2008-11-10 c:\windows\Tasks\At2.job - c:\windows\system32\FlRtq55M.exe [2008-11-10 10:11] 2008-11-10 c:\windows\Tasks\At20.job - c:\windows\system32\FlRtq55M.exe [2008-11-10 10:11] 2008-11-10 c:\windows\Tasks\At21.job - c:\windows\system32\FlRtq55M.exe [2008-11-10 10:11] 2008-11-10 c:\windows\Tasks\At22.job - c:\windows\system32\FlRtq55M.exe [2008-11-10 10:11] 2008-11-10 c:\windows\Tasks\At23.job - c:\windows\system32\FlRtq55M.exe [2008-11-10 10:11] 2008-11-10 c:\windows\Tasks\At24.job - c:\windows\system32\FlRtq55M.exe [2008-11-10 10:11] 2008-11-10 c:\windows\Tasks\At3.job - c:\windows\system32\FlRtq55M.exe [2008-11-10 10:11] 2008-11-10 c:\windows\Tasks\At4.job - c:\windows\system32\FlRtq55M.exe [2008-11-10 10:11] 2008-11-10 c:\windows\Tasks\At5.job - c:\windows\system32\FlRtq55M.exe [2008-11-10 10:11] 2008-11-10 c:\windows\Tasks\At6.job - c:\windows\system32\FlRtq55M.exe [2008-11-10 10:11] 2008-11-10 c:\windows\Tasks\At7.job - c:\windows\system32\FlRtq55M.exe [2008-11-10 10:11] 2008-11-10 c:\windows\Tasks\At8.job - c:\windows\system32\FlRtq55M.exe [2008-11-10 10:11] 2008-11-10 c:\windows\Tasks\At9.job - c:\windows\system32\FlRtq55M.exe [2008-11-10 10:11] . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-10 12:12:53 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: c:\windows\system32\winlogon.exe -> c:\windows\system32\detoured.dll PROCESS: c:\windows\system32\lsass.exe -> c:\windows\system32\detoured.dll . Completion time: 2008-11-10 12:13:49 ComboFix-quarantined-files.txt 2008-11-10 17:13:46 ComboFix2.txt 2008-11-10 13:57:17 ComboFix3.txt 2008-11-07 20:10:12 Pre-Run: 67,085,619,200 bytes free Post-Run: 67,096,842,240 bytes free 279 --- E O F --- 2008-11-02 21:02:37 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:15:10 PM, on 11/10/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Wave Systems Corp\Common\DataServer.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Dantz\Retrospect\retrorun.exe C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\FlRtq55M.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\explorer.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Documents and Settings\Morris Benatar\Desktop\Morris Benatar.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.att.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=5070103 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: MGuardianBHO Class - {8B07F268-2962-4D3D-81EE-2C651E8CAD66} - C:\Program Files\MySpace Guardian\Toolbar\vsns.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: MySpace Guardian - {C46CED39-05C9-40C3-88D1-E07AB8128EFE} - C:\Program Files\MySpace Guardian\Toolbar\SpaceGuard.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedIn...derControl.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1169048217265 O16 - DPF: {AAD32D2E-02C8-11D7-81B3-0050FC352236} (Softwell_DVR_Monitor.monitor) - http://192.0.0.170/activeX/DvrActiveXSetup.exe O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{6CB86279-C230-45C5-B6A6-2D94E142F298}: NameServer = 205.152.37.23,205.152.144.23 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 11182 bytes