Tech Support Forum - View Single Post - [SOLVED] Browser freezes upon opening then goes to an advertisement page

keeferzjr · 11-15-2008, 07:31 AM

THanks for your help Katana. I beleive the problem is gone now. Here is the combofix log and the hijack this log. Let ne know if I need to do anything else. THank you so much,
Keefer

ComboFix 08-11-13.01 - Keefer 2008-11-15 9:11:36.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.1997 [GMT -5:00]
Running from: d:\archives\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\setup.inf

.
((((((((((((((((((((((((( Files Created from 2008-10-15 to 2008-11-15 )))))))))))))))))))))))))))))))
.

2008-11-14 23:29 . 2008-11-14 23:34 1,905 --a------ c:\windows\diagwrn.xml
2008-11-14 23:29 . 2008-11-14 23:34 1,905 --a------ c:\windows\diagerr.xml
2008-11-14 17:23 . 2008-11-14 17:23 <DIR> d-------- c:\users\All Users\Malwarebytes
2008-11-14 17:23 . 2008-11-14 17:23 <DIR> d-------- c:\programdata\Malwarebytes
2008-11-14 17:23 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-11-14 17:23 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-11-14 13:00 . 2008-11-14 13:00 112,128 --a------ c:\windows\MSAPP32.exe
2008-11-12 08:14 . 2008-09-09 22:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-12 08:14 . 2008-09-05 00:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-12 08:14 . 2008-08-26 20:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-11 08:55 . 2007-02-06 15:02 1,044,480 --a------ c:\windows\System32\libdivx.dll
2008-11-11 08:55 . 2007-02-06 15:02 593,920 --a------ c:\windows\System32\dpuGUI11.dll
2008-11-11 08:55 . 2007-02-06 15:02 577,536 --a------ c:\windows\System32\divxdec.ax
2008-11-11 08:55 . 2007-02-06 15:18 389,120 --a------ c:\windows\System32\actskn43.ocx
2008-11-11 08:55 . 2007-02-06 15:02 294,912 --a------ c:\windows\System32\dpu11.dll
2008-11-11 08:55 . 2007-02-06 15:02 200,704 --a------ c:\windows\System32\ssldivx.dll
2008-11-11 08:55 . 2007-02-06 15:02 200,704 --a------ c:\windows\System32\dtu100.dll
2008-11-11 08:55 . 2007-02-06 15:02 57,344 --a------ c:\windows\System32\dpv11.dll
2008-11-11 08:55 . 2007-02-06 15:01 45,056 --a------ c:\windows\System32\wnaspi32.dll
2008-11-11 08:55 . 2007-02-06 15:01 16,512 --a------ c:\windows\System32\drivers\aspi32.sys
2008-11-09 19:47 . 2008-07-03 18:04 732,376 -ra------ c:\windows\System32\drivers\cfosspeed.sys
2008-11-09 19:46 . 2008-07-03 18:04 290,008 --a------ c:\windows\System32\cfosspeed.dll
2008-11-07 16:23 . 2008-11-07 16:23 <DIR> d-------- C:\rsit
2008-11-07 14:07 . 2008-11-07 14:07 250 --a------ c:\windows\gmer.ini
2008-11-07 12:25 . 2008-11-09 18:38 <DIR> d-------- c:\users\All Users\Spybot - Search & Destroy
2008-11-07 12:25 . 2008-11-09 18:38 <DIR> d-------- c:\programdata\Spybot - Search & Destroy
2008-11-06 23:06 . 2008-11-06 23:07 <DIR> d-------- c:\users\All Users\Lavasoft
2008-11-06 23:06 . 2008-11-06 23:07 <DIR> d-------- c:\programdata\Lavasoft
2008-11-05 16:19 . 2008-11-14 23:21 565 --a------ c:\windows\System32\tversity.cookies
2008-11-05 12:18 . 2008-07-19 10:36 51,280 --a------ c:\windows\System32\drivers\aswMonFlt.sys
2008-11-05 11:16 . 2008-11-05 11:16 <DIR> d-------- c:\windows\Microblots
2008-11-05 11:16 . 2008-11-05 11:16 17,884,674 --a------ c:\windows\System32\xa91549420.exe
2008-11-05 11:16 . 2008-11-05 11:16 17,884,674 --a------ c:\windows\System32\xa91548515.exe
2008-11-05 11:16 . 2008-11-05 11:16 176,128 --a------ c:\windows\System32\wr43808.dll
2008-11-05 04:27 . 2008-07-09 03:05 421,888 --a------ c:\windows\System32\ac3filter.acm
2008-10-29 06:25 . 2008-08-11 22:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-10-29 06:25 . 2008-09-17 23:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2008-10-29 06:25 . 2008-09-17 23:56 125,952 --a------ c:\windows\System32\wersvc.dll
2008-10-22 07:37 . 2008-08-05 04:49 428,544 --a------ c:\windows\System32\EncDec.dll
2008-10-22 07:37 . 2008-08-05 04:49 293,376 --a------ c:\windows\System32\psisdecd.dll
2008-10-22 07:37 . 2008-08-05 04:48 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-10-22 07:37 . 2008-08-05 04:48 177,664 --a------ c:\windows\System32\mpg2splt.ax
2008-10-22 07:37 . 2008-08-05 04:48 80,896 --a------ c:\windows\System32\MSNP.ax
2008-10-16 20:01 . 2008-10-16 20:01 <DIR> d-------- c:\users\Keefer\Media Server
2008-10-16 19:26 . 2008-11-01 05:26 263,003,300 --a------ c:\windows\MEMORY.DMP
2008-10-16 16:02 . 2007-11-29 11:52 60,273 --a------ c:\windows\System32\pthreadGC2.dll
2008-10-16 16:00 . 2008-10-16 16:02 <DIR> d-------- c:\program files\TVersity Codec Pack
2008-10-15 14:34 . 2008-10-15 14:34 <DIR> d-------- c:\program files\Google
2008-10-15 08:40 . 2008-10-15 08:40 <DIR> d-------- c:\users\All Users\Apple Computer
2008-10-15 08:40 . 2008-10-15 08:40 <DIR> d-------- c:\users\All Users\Apple
2008-10-15 08:40 . 2008-10-15 08:40 <DIR> d-------- c:\programdata\Apple Computer
2008-10-15 08:40 . 2008-10-15 08:40 <DIR> d-------- c:\programdata\Apple
2008-10-15 08:40 . 2008-10-15 08:40 <DIR> d-------- c:\program files\Common Files\Apple
2008-10-15 08:40 . 2008-10-15 08:40 <DIR> d-------- c:\program files\Apple Software Update
2008-10-15 08:38 . 2008-10-15 08:38 <DIR> d-------- c:\program files\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-22 13:50 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-14 23:16 --------- d-----w c:\program files\Windows Mail
2008-10-13 15:49 --------- d-----w c:\programdata\FLEXnet
2008-10-13 15:26 --------- d-----w c:\program files\Common Files\Macrovision Shared
2008-10-13 15:25 --------- d-----w c:\program files\Common Files\Adobe
2008-10-08 00:09 --------- d-----w c:\programdata\AOL OCP
2008-10-08 00:08 --------- d-----w c:\programdata\Viewpoint
2008-10-08 00:08 --------- d-----w c:\programdata\AOL
2008-10-08 00:08 --------- d-----w c:\programdata\acccore
2008-10-08 00:08 --------- d-----w c:\program files\Viewpoint
2008-10-08 00:08 --------- d-----w c:\program files\Common Files\AOL
2008-10-08 00:08 --------- d-----w c:\program files\AIM6
2008-10-07 08:27 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-10-07 08:27 --------- d-----w c:\programdata\Hewlett-Packard
2008-10-07 08:12 --------- d-----w c:\program files\HP
2008-10-06 23:09 174 --sha-w c:\program files\desktop.ini
2008-10-06 23:04 --------- d-----w c:\program files\Windows Sidebar
2008-10-06 23:04 --------- d-----w c:\program files\Windows Photo Gallery
2008-10-06 23:04 --------- d-----w c:\program files\Windows Journal
2008-10-06 23:04 --------- d-----w c:\program files\Windows Defender
2008-10-06 23:04 --------- d-----w c:\program files\Windows Collaboration
2008-10-06 23:04 --------- d-----w c:\program files\Windows Calendar
2008-10-06 22:57 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-10-06 22:57 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-10-06 14:05 --------- d-----w c:\users\Laurie\AppData\Roaming\ATI
2008-10-04 16:37 --------- d-----w c:\program files\Microsoft IntelliType Pro
2008-10-04 07:59 --------- d-----w c:\program files\Tag Support Plugin for Media Player
2008-10-04 05:54 269,312 ----a-w c:\windows\System32\es.dll
2008-10-04 05:53 988,216 ----a-w c:\windows\System32\winload.exe
2008-10-04 05:53 927,288 ----a-w c:\windows\System32\winresume.exe
2008-10-04 05:53 615,992 ----a-w c:\windows\System32\ci.dll
2008-10-04 05:53 6,656 ----a-w c:\windows\System32\kbd106n.dll
2008-10-04 05:53 46,592 ----a-w c:\windows\System32\setbcdlocale.dll
2008-10-04 05:53 40,960 ----a-w c:\windows\System32\srclient.dll
2008-10-04 05:53 378,368 ----a-w c:\windows\System32\srcore.dll
2008-10-04 05:53 318,464 ----a-w c:\windows\System32\rstrui.exe
2008-10-04 05:53 19,000 ----a-w c:\windows\System32\kd1394.dll
2008-10-04 05:53 14,848 ----a-w c:\windows\System32\srdelayed.exe
2008-10-04 05:43 --------- d-----w c:\program files\ATI
2008-10-04 05:42 --------- d-----w c:\programdata\ATI
2008-10-04 05:40 --------- d-----w c:\program files\ATI Technologies
2008-10-04 05:12 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-03 22:46 --------- d-----w c:\program files\Microsoft ActiveSync
2008-10-03 22:45 --------- d-----w c:\program files\Microsoft.NET
2008-10-03 18:29 499,712 ----a-w c:\windows\System32\msvcp71.dll
2008-10-03 18:29 348,160 ----a-w c:\windows\System32\msvcr71.dll
2008-10-03 18:29 --------- d-----w c:\program files\Real
2008-10-03 18:29 --------- d-----w c:\program files\Common Files\xing shared
2008-10-03 18:29 --------- d-----w c:\program files\Common Files\Real
2008-10-03 12:46 --------- d-----w c:\program files\Intel Desktop Board
2008-10-03 01:43 --------- d-----w c:\program files\Microsoft Games
2008-10-03 01:43 --------- d-----w c:\program files\BitLocker
2008-10-03 01:37 61,440 ----a-w c:\windows\System32\winipsec.dll
2008-10-03 01:37 361,984 ----a-w c:\windows\System32\IPSECSVC.DLL
2008-10-03 01:37 28,672 ----a-w c:\windows\System32\FwRemoteSvr.dll
2008-10-03 01:37 272,896 ----a-w c:\windows\System32\polstore.dll
2008-10-03 01:35 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-10-03 01:35 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-10-03 01:35 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2008-10-03 01:35 28,160 ----a-w c:\windows\System32\Apphlpdm.dll
2008-10-03 01:35 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2008-10-03 01:35 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-10-03 01:35 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-10-03 01:35 1,695,744 ----a-w c:\windows\System32\gameux.dll
2008-10-03 01:29 233,888 ----a-w c:\windows\System32\DreamScene.dll
2008-10-03 01:28 2,048 ----a-w c:\windows\System32\tzres.dll
2008-10-03 01:27 303,616 ----a-w c:\windows\System32\wmpeffects.dll
2008-10-03 01:15 295,936 ----a-w c:\windows\System32\gdi32.dll
2008-10-03 01:14 1,171,848 ----a-w c:\windows\System32\SecureKeyBackupCPL.dll
2008-10-03 01:12 678,408 ----a-w c:\windows\System32\gpprefcl.dll
2008-10-03 01:12 14,848 ----a-w c:\windows\System32\wshrm.dll
2008-10-03 01:12 113,664 ----a-w c:\windows\system32\drivers\rmcast.sys
2008-10-03 01:11 84,480 ----a-w c:\windows\System32\INETRES.dll
2008-10-03 01:11 738,304 ----a-w c:\windows\System32\inetcomm.dll
2008-10-03 01:10 1,314,816 ----a-w c:\windows\System32\quartz.dll
2008-10-03 00:46 83,456 ----a-w c:\windows\System32\wudriver.dll
2008-10-03 00:46 563,912 ----a-w c:\windows\System32\wuapi.dll
2008-10-03 00:46 53,448 ----a-w c:\windows\System32\wuauclt.exe
2008-10-03 00:46 45,768 ----a-w c:\windows\System32\wups2.dll
2008-10-03 00:46 36,552 ----a-w c:\windows\System32\wups.dll
2008-10-03 00:46 1,811,656 ----a-w c:\windows\System32\wuaueng.dll
2008-10-03 00:46 1,524,736 ----a-w c:\windows\System32\wucltux.dll
2008-10-03 00:45 31,232 ----a-w c:\windows\System32\wuapp.exe
2008-10-03 00:45 163,904 ----a-w c:\windows\System32\wuwebv.dll
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-09-03 03:59 468,992 ----a-w c:\windows\System32\newdev.dll
2008-09-03 03:58 74,752 ----a-w c:\windows\System32\newdev.exe
2008-08-28 14:50 30,720 ----a-w c:\windows\System32\soundschemes2.exe
2008-08-21 06:14 425,984 ----a-w c:\windows\System32\ATIDEMGX.dll
2008-08-21 06:13 159,744 ----a-w c:\windows\System32\atitmmxx.dll
2008-08-21 06:12 43,520 ----a-w c:\windows\System32\ati2edxx.dll
2008-08-21 06:12 327,680 ----a-w c:\windows\System32\atipdlxx.dll
2008-08-21 06:12 270,336 ----a-w c:\windows\System32\Ati2evxx.dll
2008-08-21 06:12 262,144 ----a-w c:\windows\System32\Oemdspif.dll
2008-08-21 06:11 700,416 ----a-w c:\windows\System32\Ati2evxx.exe
2008-08-21 05:57 4,003,328 ----a-w c:\windows\System32\atiumdag.dll
2008-08-21 05:43 9,838,592 ----a-w c:\windows\System32\atioglxx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"MSAPP32"="c:\windows\MSAPP32.exe" [2008-11-14 112128]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-10-15 30192]
"avast!"="d:\program files\Alwil Software\Avast4\ashDisp.exe" [2008-07-19 78008]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-03 185872]
"cFosSpeed"="d:\program files\cFos\cFosSpeed.exe" [2008-07-03 867544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=acaptuser32.dll c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-10-03 13:29 185872 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4293528446-699344150-2208012878-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{7F248CD3-F482-4E4E-87C9-65D3078C643A}"= UDP:c:\windows\System32\migwiz\migwiz.exe:Windows Easy Transfer
"{E59F6FFE-584C-4CEF-A6AA-9E8530E18EF2}"= TCP:c:\windows\System32\migwiz\migwiz.exe:Windows Easy Transfer
"TCP Query User{09548169-4116-4FE2-8BF5-43DB3D574965}c:\\users\\keefer\\appdata\\local\\yahoo!\\messenger for vista\\yahoo.messenger.ymapp.exe"= UDP:c:\users\keefer\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe:yahoo.messenger.ymapp.exe
"UDP Query User{0CAF0891-0713-4B2C-9CBE-0C1B0299BC0B}c:\\users\\keefer\\appdata\\local\\yahoo!\\messenger for vista\\yahoo.messenger.ymapp.exe"= TCP:c:\users\keefer\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe:yahoo.messenger.ymapp.exe
"TCP Query User{7BF4EC1C-ADA4-4531-B576-AC8C1D352009}d:\\unrealtournament\\system\\unrealtournament.exe"= UDP:d:\unrealtournament\system\unrealtournament.exe:UnrealTournament
"UDP Query User{E45395BF-9666-48E9-8F5E-586AD36DC42C}d:\\unrealtournament\\system\\unrealtournament.exe"= TCP:d:\unrealtournament\system\unrealtournament.exe:UnrealTournament
"TCP Query User{F87BAB35-29FC-4162-B62E-4ECAD3B67C6E}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{6048C9E6-2E59-4E1E-A968-C25531292BDB}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{79FAD72D-E957-46C6-838D-D48261A89314}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{96D63189-9C83-4872-9010-C03222997467}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{800F61A5-9B1D-4899-8E81-36462B01C4AA}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{4C3E6C61-7CA3-480B-B9FB-99FF50E14A5A}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{46787F86-0729-4F18-9AF3-5EA98DC9DF04}"= UDP:d:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{08B34042-0EC2-4956-976D-E0B49D5784F8}"= TCP:d:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{8C9905A6-1946-46F5-8C74-51AC01031571}"= UDP:d:\program files\TVersity\Media Server\MediaServer.exe:TVersity Media Server
"{F74E6356-F7D4-4BEE-AAAF-DE4FAAF6B488}"= TCP:d:\program files\TVersity\Media Server\MediaServer.exe:TVersity Media Server
"TCP Query User{3BE4450E-8CB7-4AC9-804F-0DD81FEE0698}d:\\unrealtournament\\system\\unrealtournament.exe"= UDP:d:\unrealtournament\system\unrealtournament.exe:UnrealTournament
"UDP Query User{B65F46B6-9334-4B05-A436-C809F072C6F7}d:\\unrealtournament\\system\\unrealtournament.exe"= TCP:d:\unrealtournament\system\unrealtournament.exe:UnrealTournament

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 amacpi;Microsoft Away Mode System;c:\windows\system32\DRIVERS\null.sys [2008-01-19 4608]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R2 SBSDWSCService;SBSD Security Center Service;d:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 809296]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 atikmdag;atikmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2008-08-21 3928576]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-10-15 30192]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e1d67f1-90fc-11dd-9847-806e6f6e6963}]
\shell\AutoRun\command - E:\SETUP.EXE /AUTORUN
\shell\configure\command - E:\SETUP.EXE
\shell\install\command - E:\SETUP.EXE

*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
Contents of the 'Scheduled Tasks' folder

2008-11-15 c:\windows\Tasks\User_Feed_Synchronization-{66B33B75-BA8D-4721-8067-7157045D2322}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 02:33]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search/?q=%s
O8 -: &ieSpell Options - d:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 -: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 -: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Check &Spelling - d:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 -: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 -: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 -: E&xport to Microsoft Excel - d:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 -: Lookup on Merriam Webster - file://d:\program files\ieSpell\Merriam Webster.HTM
O8 -: Lookup on Wikipedia - file://d:\program files\ieSpell\wikipedia.HTM
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-15 09:13:16
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2008-11-15 9:15:35
ComboFix-quarantined-files.txt 2008-11-15 14:14:32

Pre-Run: 21,777,809,408 bytes free
Post-Run: 21,724,319,744 bytes free

273 --- E O F --- 2008-11-14 03:46:35

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:27:01 AM, on 11/15/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
D:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\cFos\cfosspeed.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\MSAPP32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Archives\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [avast!] "d:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [cFosSpeed] D:\Program Files\cFos\cFosSpeed.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MSAPP32] C:\Windows\MSAPP32.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &ieSpell Options - res://D:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Check &Spelling - res://D:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://D:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://D:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - D:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - D:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - D:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - D:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite....x/qtplugin.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab
O20 - AppInit_DLLs: acaptuser32.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - D:\Program Files\cFos\spd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TVersityMediaServer - Unknown owner - D:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7249 bytes

11-15-2008, 07:31 AM	#8 (permalink)
keeferzjr Registered User Join Date: Nov 2008 Posts: 9 OS: Vista SP1	Re: Browser freezes upon opening then goes to an advertisement page THanks for your help Katana. I beleive the problem is gone now. Here is the combofix log and the hijack this log. Let ne know if I need to do anything else. THank you so much, Keefer ComboFix 08-11-13.01 - Keefer 2008-11-15 9:11:36.1 - NTFSx86 Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.1997 [GMT -5:00] Running from: d:\archives\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Downloaded Program Files\setup.inf . ((((((((((((((((((((((((( Files Created from 2008-10-15 to 2008-11-15 ))))))))))))))))))))))))))))))) . 2008-11-14 23:29 . 2008-11-14 23:34 1,905 --a------ c:\windows\diagwrn.xml 2008-11-14 23:29 . 2008-11-14 23:34 1,905 --a------ c:\windows\diagerr.xml 2008-11-14 17:23 . 2008-11-14 17:23 <DIR> d-------- c:\users\All Users\Malwarebytes 2008-11-14 17:23 . 2008-11-14 17:23 <DIR> d-------- c:\programdata\Malwarebytes 2008-11-14 17:23 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys 2008-11-14 17:23 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys 2008-11-14 13:00 . 2008-11-14 13:00 112,128 --a------ c:\windows\MSAPP32.exe 2008-11-12 08:14 . 2008-09-09 22:40 1,334,272 --a------ c:\windows\System32\msxml6.dll 2008-11-12 08:14 . 2008-09-05 00:14 1,191,936 --a------ c:\windows\System32\msxml3.dll 2008-11-12 08:14 . 2008-08-26 20:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys 2008-11-11 08:55 . 2007-02-06 15:02 1,044,480 --a------ c:\windows\System32\libdivx.dll 2008-11-11 08:55 . 2007-02-06 15:02 593,920 --a------ c:\windows\System32\dpuGUI11.dll 2008-11-11 08:55 . 2007-02-06 15:02 577,536 --a------ c:\windows\System32\divxdec.ax 2008-11-11 08:55 . 2007-02-06 15:18 389,120 --a------ c:\windows\System32\actskn43.ocx 2008-11-11 08:55 . 2007-02-06 15:02 294,912 --a------ c:\windows\System32\dpu11.dll 2008-11-11 08:55 . 2007-02-06 15:02 200,704 --a------ c:\windows\System32\ssldivx.dll 2008-11-11 08:55 . 2007-02-06 15:02 200,704 --a------ c:\windows\System32\dtu100.dll 2008-11-11 08:55 . 2007-02-06 15:02 57,344 --a------ c:\windows\System32\dpv11.dll 2008-11-11 08:55 . 2007-02-06 15:01 45,056 --a------ c:\windows\System32\wnaspi32.dll 2008-11-11 08:55 . 2007-02-06 15:01 16,512 --a------ c:\windows\System32\drivers\aspi32.sys 2008-11-09 19:47 . 2008-07-03 18:04 732,376 -ra------ c:\windows\System32\drivers\cfosspeed.sys 2008-11-09 19:46 . 2008-07-03 18:04 290,008 --a------ c:\windows\System32\cfosspeed.dll 2008-11-07 16:23 . 2008-11-07 16:23 <DIR> d-------- C:\rsit 2008-11-07 14:07 . 2008-11-07 14:07 250 --a------ c:\windows\gmer.ini 2008-11-07 12:25 . 2008-11-09 18:38 <DIR> d-------- c:\users\All Users\Spybot - Search & Destroy 2008-11-07 12:25 . 2008-11-09 18:38 <DIR> d-------- c:\programdata\Spybot - Search & Destroy 2008-11-06 23:06 . 2008-11-06 23:07 <DIR> d-------- c:\users\All Users\Lavasoft 2008-11-06 23:06 . 2008-11-06 23:07 <DIR> d-------- c:\programdata\Lavasoft 2008-11-05 16:19 . 2008-11-14 23:21 565 --a------ c:\windows\System32\tversity.cookies 2008-11-05 12:18 . 2008-07-19 10:36 51,280 --a------ c:\windows\System32\drivers\aswMonFlt.sys 2008-11-05 11:16 . 2008-11-05 11:16 <DIR> d-------- c:\windows\Microblots 2008-11-05 11:16 . 2008-11-05 11:16 17,884,674 --a------ c:\windows\System32\xa91549420.exe 2008-11-05 11:16 . 2008-11-05 11:16 17,884,674 --a------ c:\windows\System32\xa91548515.exe 2008-11-05 11:16 . 2008-11-05 11:16 176,128 --a------ c:\windows\System32\wr43808.dll 2008-11-05 04:27 . 2008-07-09 03:05 421,888 --a------ c:\windows\System32\ac3filter.acm 2008-10-29 06:25 . 2008-08-11 22:39 443,392 --a------ c:\windows\System32\win32spl.dll 2008-10-29 06:25 . 2008-09-17 23:56 147,456 --a------ c:\windows\System32\Faultrep.dll 2008-10-29 06:25 . 2008-09-17 23:56 125,952 --a------ c:\windows\System32\wersvc.dll 2008-10-22 07:37 . 2008-08-05 04:49 428,544 --a------ c:\windows\System32\EncDec.dll 2008-10-22 07:37 . 2008-08-05 04:49 293,376 --a------ c:\windows\System32\psisdecd.dll 2008-10-22 07:37 . 2008-08-05 04:48 217,088 --a------ c:\windows\System32\psisrndr.ax 2008-10-22 07:37 . 2008-08-05 04:48 177,664 --a------ c:\windows\System32\mpg2splt.ax 2008-10-22 07:37 . 2008-08-05 04:48 80,896 --a------ c:\windows\System32\MSNP.ax 2008-10-16 20:01 . 2008-10-16 20:01 <DIR> d-------- c:\users\Keefer\Media Server 2008-10-16 19:26 . 2008-11-01 05:26 263,003,300 --a------ c:\windows\MEMORY.DMP 2008-10-16 16:02 . 2007-11-29 11:52 60,273 --a------ c:\windows\System32\pthreadGC2.dll 2008-10-16 16:00 . 2008-10-16 16:02 <DIR> d-------- c:\program files\TVersity Codec Pack 2008-10-15 14:34 . 2008-10-15 14:34 <DIR> d-------- c:\program files\Google 2008-10-15 08:40 . 2008-10-15 08:40 <DIR> d-------- c:\users\All Users\Apple Computer 2008-10-15 08:40 . 2008-10-15 08:40 <DIR> d-------- c:\users\All Users\Apple 2008-10-15 08:40 . 2008-10-15 08:40 <DIR> d-------- c:\programdata\Apple Computer 2008-10-15 08:40 . 2008-10-15 08:40 <DIR> d-------- c:\programdata\Apple 2008-10-15 08:40 . 2008-10-15 08:40 <DIR> d-------- c:\program files\Common Files\Apple 2008-10-15 08:40 . 2008-10-15 08:40 <DIR> d-------- c:\program files\Apple Software Update 2008-10-15 08:38 . 2008-10-15 08:38 <DIR> d-------- c:\program files\QuickTime . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-22 13:50 --------- d-----w c:\program files\Microsoft Silverlight 2008-10-14 23:16 --------- d-----w c:\program files\Windows Mail 2008-10-13 15:49 --------- d-----w c:\programdata\FLEXnet 2008-10-13 15:26 --------- d-----w c:\program files\Common Files\Macrovision Shared 2008-10-13 15:25 --------- d-----w c:\program files\Common Files\Adobe 2008-10-08 00:09 --------- d-----w c:\programdata\AOL OCP 2008-10-08 00:08 --------- d-----w c:\programdata\Viewpoint 2008-10-08 00:08 --------- d-----w c:\programdata\AOL 2008-10-08 00:08 --------- d-----w c:\programdata\acccore 2008-10-08 00:08 --------- d-----w c:\program files\Viewpoint 2008-10-08 00:08 --------- d-----w c:\program files\Common Files\AOL 2008-10-08 00:08 --------- d-----w c:\program files\AIM6 2008-10-07 08:27 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2008-10-07 08:27 --------- d-----w c:\programdata\Hewlett-Packard 2008-10-07 08:12 --------- d-----w c:\program files\HP 2008-10-06 23:09 174 --sha-w c:\program files\desktop.ini 2008-10-06 23:04 --------- d-----w c:\program files\Windows Sidebar 2008-10-06 23:04 --------- d-----w c:\program files\Windows Photo Gallery 2008-10-06 23:04 --------- d-----w c:\program files\Windows Journal 2008-10-06 23:04 --------- d-----w c:\program files\Windows Defender 2008-10-06 23:04 --------- d-----w c:\program files\Windows Collaboration 2008-10-06 23:04 --------- d-----w c:\program files\Windows Calendar 2008-10-06 22:57 82,432 ----a-w c:\windows\System32\axaltocm.dll 2008-10-06 22:57 101,888 ----a-w c:\windows\System32\ifxcardm.dll 2008-10-06 14:05 --------- d-----w c:\users\Laurie\AppData\Roaming\ATI 2008-10-04 16:37 --------- d-----w c:\program files\Microsoft IntelliType Pro 2008-10-04 07:59 --------- d-----w c:\program files\Tag Support Plugin for Media Player 2008-10-04 05:54 269,312 ----a-w c:\windows\System32\es.dll 2008-10-04 05:53 988,216 ----a-w c:\windows\System32\winload.exe 2008-10-04 05:53 927,288 ----a-w c:\windows\System32\winresume.exe 2008-10-04 05:53 615,992 ----a-w c:\windows\System32\ci.dll 2008-10-04 05:53 6,656 ----a-w c:\windows\System32\kbd106n.dll 2008-10-04 05:53 46,592 ----a-w c:\windows\System32\setbcdlocale.dll 2008-10-04 05:53 40,960 ----a-w c:\windows\System32\srclient.dll 2008-10-04 05:53 378,368 ----a-w c:\windows\System32\srcore.dll 2008-10-04 05:53 318,464 ----a-w c:\windows\System32\rstrui.exe 2008-10-04 05:53 19,000 ----a-w c:\windows\System32\kd1394.dll 2008-10-04 05:53 14,848 ----a-w c:\windows\System32\srdelayed.exe 2008-10-04 05:43 --------- d-----w c:\program files\ATI 2008-10-04 05:42 --------- d-----w c:\programdata\ATI 2008-10-04 05:40 --------- d-----w c:\program files\ATI Technologies 2008-10-04 05:12 --------- d-----w c:\program files\Common Files\InstallShield 2008-10-03 22:46 --------- d-----w c:\program files\Microsoft ActiveSync 2008-10-03 22:45 --------- d-----w c:\program files\Microsoft.NET 2008-10-03 18:29 499,712 ----a-w c:\windows\System32\msvcp71.dll 2008-10-03 18:29 348,160 ----a-w c:\windows\System32\msvcr71.dll 2008-10-03 18:29 --------- d-----w c:\program files\Real 2008-10-03 18:29 --------- d-----w c:\program files\Common Files\xing shared 2008-10-03 18:29 --------- d-----w c:\program files\Common Files\Real 2008-10-03 12:46 --------- d-----w c:\program files\Intel Desktop Board 2008-10-03 01:43 --------- d-----w c:\program files\Microsoft Games 2008-10-03 01:43 --------- d-----w c:\program files\BitLocker 2008-10-03 01:37 61,440 ----a-w c:\windows\System32\winipsec.dll 2008-10-03 01:37 361,984 ----a-w c:\windows\System32\IPSECSVC.DLL 2008-10-03 01:37 28,672 ----a-w c:\windows\System32\FwRemoteSvr.dll 2008-10-03 01:37 272,896 ----a-w c:\windows\System32\polstore.dll 2008-10-03 01:35 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll 2008-10-03 01:35 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll 2008-10-03 01:35 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll 2008-10-03 01:35 28,160 ----a-w c:\windows\System32\Apphlpdm.dll 2008-10-03 01:35 2,560 ----a-w c:\windows\AppPatch\AcRes.dll 2008-10-03 01:35 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll 2008-10-03 01:35 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll 2008-10-03 01:35 1,695,744 ----a-w c:\windows\System32\gameux.dll 2008-10-03 01:29 233,888 ----a-w c:\windows\System32\DreamScene.dll 2008-10-03 01:28 2,048 ----a-w c:\windows\System32\tzres.dll 2008-10-03 01:27 303,616 ----a-w c:\windows\System32\wmpeffects.dll 2008-10-03 01:15 295,936 ----a-w c:\windows\System32\gdi32.dll 2008-10-03 01:14 1,171,848 ----a-w c:\windows\System32\SecureKeyBackupCPL.dll 2008-10-03 01:12 678,408 ----a-w c:\windows\System32\gpprefcl.dll 2008-10-03 01:12 14,848 ----a-w c:\windows\System32\wshrm.dll 2008-10-03 01:12 113,664 ----a-w c:\windows\system32\drivers\rmcast.sys 2008-10-03 01:11 84,480 ----a-w c:\windows\System32\INETRES.dll 2008-10-03 01:11 738,304 ----a-w c:\windows\System32\inetcomm.dll 2008-10-03 01:10 1,314,816 ----a-w c:\windows\System32\quartz.dll 2008-10-03 00:46 83,456 ----a-w c:\windows\System32\wudriver.dll 2008-10-03 00:46 563,912 ----a-w c:\windows\System32\wuapi.dll 2008-10-03 00:46 53,448 ----a-w c:\windows\System32\wuauclt.exe 2008-10-03 00:46 45,768 ----a-w c:\windows\System32\wups2.dll 2008-10-03 00:46 36,552 ----a-w c:\windows\System32\wups.dll 2008-10-03 00:46 1,811,656 ----a-w c:\windows\System32\wuaueng.dll 2008-10-03 00:46 1,524,736 ----a-w c:\windows\System32\wucltux.dll 2008-10-03 00:45 31,232 ----a-w c:\windows\System32\wuapp.exe 2008-10-03 00:45 163,904 ----a-w c:\windows\System32\wuwebv.dll 2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll 2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe 2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe 2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys 2008-09-03 03:59 468,992 ----a-w c:\windows\System32\newdev.dll 2008-09-03 03:58 74,752 ----a-w c:\windows\System32\newdev.exe 2008-08-28 14:50 30,720 ----a-w c:\windows\System32\soundschemes2.exe 2008-08-21 06:14 425,984 ----a-w c:\windows\System32\ATIDEMGX.dll 2008-08-21 06:13 159,744 ----a-w c:\windows\System32\atitmmxx.dll 2008-08-21 06:12 43,520 ----a-w c:\windows\System32\ati2edxx.dll 2008-08-21 06:12 327,680 ----a-w c:\windows\System32\atipdlxx.dll 2008-08-21 06:12 270,336 ----a-w c:\windows\System32\Ati2evxx.dll 2008-08-21 06:12 262,144 ----a-w c:\windows\System32\Oemdspif.dll 2008-08-21 06:11 700,416 ----a-w c:\windows\System32\Ati2evxx.exe 2008-08-21 05:57 4,003,328 ----a-w c:\windows\System32\atiumdag.dll 2008-08-21 05:43 9,838,592 ----a-w c:\windows\System32\atioglxx.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "MSAPP32"="c:\windows\MSAPP32.exe" [2008-11-14 112128] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-10-15 30192] "avast!"="d:\program files\Alwil Software\Avast4\ashDisp.exe" [2008-07-19 78008] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-03 185872] "cFosSpeed"="d:\program files\cFos\cFosSpeed.exe" [2008-07-03 867544] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=acaptuser32.dll c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.ac3filter"= ac3filter.acm [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2008-10-03 13:29 185872 c:\program files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4293528446-699344150-2208012878-1000] "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{7F248CD3-F482-4E4E-87C9-65D3078C643A}"= UDP:c:\windows\System32\migwiz\migwiz.exe:Windows Easy Transfer "{E59F6FFE-584C-4CEF-A6AA-9E8530E18EF2}"= TCP:c:\windows\System32\migwiz\migwiz.exe:Windows Easy Transfer "TCP Query User{09548169-4116-4FE2-8BF5-43DB3D574965}c:\\users\\keefer\\appdata\\local\\yahoo!\\messenger for vista\\yahoo.messenger.ymapp.exe"= UDP:c:\users\keefer\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe:yahoo.messenger.ymapp.exe "UDP Query User{0CAF0891-0713-4B2C-9CBE-0C1B0299BC0B}c:\\users\\keefer\\appdata\\local\\yahoo!\\messenger for vista\\yahoo.messenger.ymapp.exe"= TCP:c:\users\keefer\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe:yahoo.messenger.ymapp.exe "TCP Query User{7BF4EC1C-ADA4-4531-B576-AC8C1D352009}d:\\unrealtournament\\system\\unrealtournament.exe"= UDP:d:\unrealtournament\system\unrealtournament.exe:UnrealTournament "UDP Query User{E45395BF-9666-48E9-8F5E-586AD36DC42C}d:\\unrealtournament\\system\\unrealtournament.exe"= TCP:d:\unrealtournament\system\unrealtournament.exe:UnrealTournament "TCP Query User{F87BAB35-29FC-4162-B62E-4ECAD3B67C6E}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{6048C9E6-2E59-4E1E-A968-C25531292BDB}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "{79FAD72D-E957-46C6-838D-D48261A89314}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{96D63189-9C83-4872-9010-C03222997467}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{800F61A5-9B1D-4899-8E81-36462B01C4AA}"= UDP:c:\program files\AIM6\aim6.exe:AIM "{4C3E6C61-7CA3-480B-B9FB-99FF50E14A5A}"= TCP:c:\program files\AIM6\aim6.exe:AIM "{46787F86-0729-4F18-9AF3-5EA98DC9DF04}"= UDP:d:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{08B34042-0EC2-4956-976D-E0B49D5784F8}"= TCP:d:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "{8C9905A6-1946-46F5-8C74-51AC01031571}"= UDP:d:\program files\TVersity\Media Server\MediaServer.exe:TVersity Media Server "{F74E6356-F7D4-4BEE-AAAF-DE4FAAF6B488}"= TCP:d:\program files\TVersity\Media Server\MediaServer.exe:TVersity Media Server "TCP Query User{3BE4450E-8CB7-4AC9-804F-0DD81FEE0698}d:\\unrealtournament\\system\\unrealtournament.exe"= UDP:d:\unrealtournament\system\unrealtournament.exe:UnrealTournament "UDP Query User{B65F46B6-9334-4B05-A436-C809F072C6F7}d:\\unrealtournament\\system\\unrealtournament.exe"= TCP:d:\unrealtournament\system\unrealtournament.exe:UnrealTournament [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R0 amacpi;Microsoft Away Mode System;c:\windows\system32\DRIVERS\null.sys [2008-01-19 4608] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-19 78416] R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280] R2 SBSDWSCService;SBSD Security Center Service;d:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 809296] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652] R3 atikmdag;atikmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2008-08-21 3928576] S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-10-15 30192] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e1d67f1-90fc-11dd-9847-806e6f6e6963}] \shell\AutoRun\command - E:\SETUP.EXE /AUTORUN \shell\configure\command - E:\SETUP.EXE \shell\install\command - E:\SETUP.EXE Newly Created Service - PROCEXP90 [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}] %SystemRoot%\system32\soundschemes.exe /AddRegistration [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}] %SystemRoot%\system32\soundschemes2.exe /AddRegistration . Contents of the 'Scheduled Tasks' folder 2008-11-15 c:\windows\Tasks\User_Feed_Synchronization-{66B33B75-BA8D-4721-8067-7157045D2322}.job - c:\windows\system32\msfeedssync.exe [2008-01-19 02:33] . - - - - ORPHANS REMOVED - - - - HKCU-Run-Aim6 - (no file) . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.google.com/ R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search/?q=%s O8 -: &ieSpell Options - d:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM O8 -: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 -: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 -: Check &Spelling - d:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM O8 -: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 -: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 -: E&xport to Microsoft Excel - d:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 -: Lookup on Merriam Webster - file://d:\program files\ieSpell\Merriam Webster.HTM O8 -: Lookup on Wikipedia - file://d:\program files\ieSpell\wikipedia.HTM . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-15 09:13:16 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************ . Completion time: 2008-11-15 9:15:35 ComboFix-quarantined-files.txt 2008-11-15 14:14:32 Pre-Run: 21,777,809,408 bytes free Post-Run: 21,724,319,744 bytes free 273 --- E O F --- 2008-11-14 03:46:35 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:27:01 AM, on 11/15/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe D:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe D:\Program Files\cFos\cfosspeed.exe C:\Windows\ehome\ehtray.exe C:\Windows\MSAPP32.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE D:\Archives\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [avast!] "d:\Program Files\Alwil Software\Avast4\ashDisp.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [cFosSpeed] D:\Program Files\cFos\cFosSpeed.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [MSAPP32] C:\Windows\MSAPP32.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O8 - Extra context menu item: &ieSpell Options - res://D:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Check &Spelling - res://D:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Lookup on Merriam Webster - file://D:\Program Files\ieSpell\Merriam Webster.HTM O8 - Extra context menu item: Lookup on Wikipedia - file://D:\Program Files\ieSpell\wikipedia.HTM O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - D:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - D:\Program Files\ieSpell\iespell.dll O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - D:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - D:\Program Files\ieSpell\iespell.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite....x/qtplugin.cab O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab O20 - AppInit_DLLs: acaptuser32.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - D:\Program Files\cFos\spd.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: TVersityMediaServer - Unknown owner - D:\Program Files\TVersity\Media Server\MediaServer.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 7249 bytes