Need Help Please, Getting Popups and Buffer Overruns

WeatherNLU · 12-31-2007, 01:06 AM

I am usually capable of getting stuff out but this one has me ready to throw the computer out! :)

Need some expert help. I am getting a lot of popups, and some of the time nothing comes up. The popup tries but it says Internet Explorer could not find the page. I also get these ++ Windows Buffer Overruns which blanks out my Windows Desktop and causes me to have to reboot a lot of the time. I tried Hijack This and ComboFix and VundoFix and SpyBot and you name it. I am out of ideas, but it looks like the DSS program picked up some things I haven't seen yet.

Here's my main.txt file......

Deckard's System Scanner v20071014.68
Run by Shawn on 2007-12-31 01:53:57
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
103: 2007-12-31 07:54:07 UTC - RP642 - Deckard's System Scanner Restore Point
102: 2007-12-30 20:34:14 UTC - RP641 - Last known good configuration
101: 2007-12-30 20:33:51 UTC - RP640 - System Checkpoint
100: 2007-12-30 20:33:50 UTC - RP639 - Last known good configuration
99: 2007-12-30 20:33:48 UTC - RP638 - Last known good configuration

-- First Restore Point --
1: 2007-12-30 20:33:18 UTC - RP540 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Shawn.exe) -----------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-12-31 01:56:04
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon .exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Shawn\Desktop\Spyware Programs\dss.exe
C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
C:\Program Files\Symantec\LiveUpdate\LUALL.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBHO.dll
O2 - BHO: (no name) - {23E842E2-6C25-4D60-8E32-9DCD88244003} - C:\WINDOWS\system32\ddayv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot\SDHelper.dll
O2 - BHO: BndBlock4 BHO Class - {8F9E2BE3-766D-4831-BB0E-766D5B819995} - C:\Program Files\QdrDrive\QdrDrive9.dll (file missing)
O2 - BHO: (no name) - {B5F8AB42-308E-367A-D25C-31E676F40EB3} - C:\WINDOWS\system32\czl.dll (file missing)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot\SDHelper.dll
O15 - Trusted Zone: https://online.musicmatch.com (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/downlo...eckControl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://game1.pogo.com/cdl/launcher/P...rInstaller.CAB
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_inst...syInstallX.CAB
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://onlinedesigner.hgtv.com/images/app/view22rte.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.30.14/ttinst.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/download...ameManager.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...91/mcfscan.cab
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: lxct_device - Unknown owner - C:\WINDOWS\system32\lxctcoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 9722 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 catchme - c:\docume~1\shawn\locals~1\temp\catchme.sys (file missing)
S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 RMSvc (Media Center Extender Resource Monitor) - c:\windows\ehome\rmsvc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2007-12-31 01:55:38 422 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{CBAB6592-4352-4D85-B3ED-056C128B2498}.job
2007-12-30 03:00:00 498 --a------ C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job
2007-12-28 18:30:00 350 --a------ C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (ONEILMAIN-Shawn).job
2007-12-25 22:04:17 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

-- Files created between 2007-11-30 and 2007-12-31 -----------------------------

2007-12-31 01:40:22 0 d-------- C:\ie-spyad_zo
2007-12-31 01:34:40 0 d-------- C:\Program Files\SpywareBlaster
2007-12-31 00:44:23 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-12-30 16:07:06 0 d-------- C:\Program Files\Spybot
2007-12-30 16:07:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-29 18:18:39 0 d-------- C:\Documents and Settings\All Users\Application Data\HipSoft
2007-12-29 05:57:11 486616 --ahs---- C:\WINDOWS\system32\vyadd.ini2
2007-12-29 05:57:01 344064 --a------ C:\WINDOWS\system32\ddayv.dll
2007-12-29 04:49:39 0 d-------- C:\VundoFix Backups
2007-12-27 19:34:11 0 d-------- C:\Documents and Settings\Default User\Application Data\Apple Computer
2007-12-27 17:20:46 0 d-------- C:\Program Files\View22
2007-12-25 22:09:33 0 d-------- C:\Program Files\iPod
2007-12-25 22:09:26 0 d-------- C:\Program Files\iTunes
2007-12-25 22:04:08 0 d-------- C:\Program Files\Apple Software Update
2007-12-25 22:03:34 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-12-25 22:03:00 0 d-------- C:\Program Files\Common Files\Apple
2007-12-25 22:02:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-24 12:28:12 0 d-------- C:\Documents and Settings\Shawn\Application Data\Symantec
2007-12-24 11:43:10 0 d-------- C:\Program Files\Norton 360
2007-12-24 11:38:41 0 d-------- C:\Program Files\Symantec
2007-12-24 11:38:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-24 11:38:04 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-12-24 00:27:23 0 d-------- C:\WINDOWS\system32\appmgmt
2007-12-24 00:19:33 0 d-------- C:\Documents and Settings\Shawn\.housecall6.6
2007-12-23 21:27:25 0 d-------- C:\Documents and Settings\Shawn\Application Data\AdwareAlert
2007-12-23 21:27:22 0 d-------- C:\Program Files\AdwareAlert
2007-12-23 21:21:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-23 20:56:38 0 d-------- C:\WINDOWS\McAfee.com
2007-12-22 11:00:34 11534336 --a------ C:\Documents and Settings\Shawn\ntuser.dat
2007-12-22 11:00:33 1572864 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2007-12-19 20:52:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Gogii
2007-12-18 21:02:14 0 d-------- C:\Documents and Settings\Shawn\Application Data\Home Sweet Home
2007-12-18 08:18:49 0 d-------- C:\Program Files\PhotoRescue 3.1.2.10607 PC
2007-12-07 14:16:35 0 d-------- C:\Documents and Settings\Shawn\Application Data\MysteryStudio
2007-12-05 19:31:02 0 d-------- C:\Documents and Settings\All Users\Application Data\MumboJumbo
2007-12-02 19:39:29 0 d-------- C:\Program Files\Viva Media
2007-11-30 08:02:57 0 d-------- C:\Program Files\Nick Jr. Arcade

-- Find3M Report ---------------------------------------------------------------

2007-12-31 01:48:15 384 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000003-00000000-00000003-00001102-00000004-20061102}.dat
2007-12-31 01:48:15 384 --a------ C:\WINDOWS\system32\DVCState-{00000003-00000000-00000003-00001102-00000004-20061102}.dat
2007-12-31 00:55:22 0 d-------- C:\Program Files\Lexmark 5400 Series
2007-12-31 00:55:15 0 d-------- C:\Program Files\Common Files\LightScribe
2007-12-29 18:16:59 0 d-------- C:\Program Files\Yahoo! Games
2007-12-29 05:26:20 0 d-------- C:\Program Files\QuickTime
2007-12-29 05:21:07 0 d-------- C:\Program Files\Common Files
2007-12-28 23:12:30 0 d-------- C:\Program Files\Morpheus Ultra
2007-12-25 22:10:23 0 d-------- C:\Documents and Settings\Shawn\Application Data\Apple Computer
2007-12-23 21:21:27 0 d-------- C:\Program Files\Lavasoft
2007-12-23 21:21:21 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-23 20:47:31 0 d-------- C:\Program Files\Shockwave.com
2007-12-23 20:47:22 0 d-------- C:\Program Files\Windows Plus
2007-12-23 20:32:30 0 d-------- C:\Program Files\Online Services
2007-12-23 12:37:29 0 d-------- C:\Program Files\Windows NT
2007-12-18 20:07:41 0 d-------- C:\Program Files\Dora`s Carnival 2 - Boardwalk Adventure
2007-12-18 20:03:28 0 d-------- C:\Documents and Settings\Shawn\Application Data\Image Zone Express
2007-12-18 18:33:24 187 --a------ C:\Documents and Settings\Shawn\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
2007-12-16 11:47:50 0 d-------- C:\Program Files\Lx_cats
2007-12-15 21:08:49 1393627 --a------ C:\WINDOWS\Mall Tycoon 2 Deluxe Uninstaller.exe
2007-12-07 14:16:08 0 d-------- C:\Program Files\Gamenext
2007-12-04 08:02:29 33 --a----c- C:\WINDOWS\popcinfo.dat
2007-12-02 12:01:32 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-02 11:31:25 0 d-------- C:\Program Files\Barbie(TM)
2007-11-19 16:29:22 0 d-------- C:\Program Files\Common Files\Oberon Media
2007-11-17 12:10:24 0 d-------- C:\Documents and Settings\Shawn\Application Data\PlayFirst
2007-11-17 09:34:21 0 d-------- C:\Documents and Settings\Shawn\Application Data\My Games
2007-11-17 09:34:16 0 d-------- C:\Documents and Settings\Shawn\Application Data\GameHouse
2007-11-17 09:34:14 0 d-------- C:\Program Files\GameHouse
2007-11-15 22:26:14 0 d-------- C:\Documents and Settings\Shawn\Application Data\Talkback
2007-11-15 22:26:02 0 d-------- C:\Documents and Settings\Shawn\Application Data\Mozilla
2007-11-11 14:20:43 5852 --a------ C:\WINDOWS\system32\KGyGaAvL.sys
2007-11-11 14:20:41 88 -r-hs---- C:\WINDOWS\system32\57ECA1B239.sys
2007-11-10 17:01:20 0 d-------- C:\Program Files\Hexacto Games
2007-10-07 08:59:01 56 -r-hs--c- C:\WINDOWS\system32\39B2A1EC57.sys

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{23E842E2-6C25-4D60-8E32-9DCD88244003}]
2007-12-29 05:57 344064 --a------ C:\WINDOWS\system32\ddayv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8F9E2BE3-766D-4831-BB0E-766D5B819995}]
C:\Program Files\QdrDrive\QdrDrive9.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B5F8AB42-308E-367A-D25C-31E676F40EB3}]
C:\WINDOWS\system32\czl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" []
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" []
"CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" []
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" []
"CTHelper"="CTHELPER.EXE" [2004-03-11 14:50 C:\WINDOWS\system32\CTHELPER.EXE]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-12-31 01:49]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Extender Resource Monitor.lnk - C:\WINDOWS\ehome\RMSysTry.exe [2005-10-20 17:55:40]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddayv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ImageMixer for HDD Camcorder.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ImageMixer for HDD Camcorder.lnk
backup=C:\WINDOWS\pss\ImageMixer for HDD Camcorder.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdwareAlert]
C:\Program Files\AdwareAlert\AdwareAlert.exe -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\DellSupport\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
C:\WINDOWS\System32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
"C:\Program Files\Lexmark 5400 Series\ezprint.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1179615398\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
"C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe" -scheduler

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 5400 Series Fax Server]
"C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\system32\ddayv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXCTCATS]
rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxctmon.exe]
"C:\Program Files\Lexmark 5400 Series\lxctmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Magical Gatherings]
"C:\Program Files\Magical Gatherings\Magical Gatherings.exe" -r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QdrModule11]
"C:\Program Files\QdrModule\QdrModule11.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QdrPack11]
"C:\Program Files\QdrPack\QdrPack11.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask .exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Simple Star PhotoShow Media Manager]
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uaol]
"C:\WINDOWS\YSTEM~1\msiexec.exe" -vt yazb

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UltimateBuddy]
C:\Program Files\UltimateBuddy\UltimateBuddy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE QWAVE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd6313a2-b3cc-11dc-a87c-00038a000015}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://www.mgae.com/keylauncher/?code=3654339762556911

*Newly Created Service* - COMHOST

-- Hosts -----------------------------------------------------------------------

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

7791 more entries in hosts file.

-- End of Deckard's System Scanner: finished at 2007-12-31 01:57:07 ------------

WeatherNLU · 01-02-2008, 04:49 PM

I know it hasn't been quite 72 hours yet (it's close), but I am desperate and to the point of wiping the computer out.

WeatherNLU · 01-02-2008, 11:21 PM

I am trying not to be a pain in the rear and I see how busy you guys are here, but I am seeing a bunch of people who posted after me getting helped, so I am bumping this again incase someone is just not seeing it.

I apologize in advance if I am doing this wrong, but I am desperate for some help.

Thanks so much!

WeatherNLU · 01-03-2008, 06:55 AM

Bumping

WeatherNLU · 01-03-2008, 06:09 PM

Am I doing something wrong? If someone could just tell me what I am doing wrong I will fix it. I need help badly.

WeatherNLU · 01-03-2008, 06:19 PM

Pretty please??

WeatherNLU · 01-04-2008, 07:42 AM

Please!!!!!!

WeatherNLU · 01-04-2008, 04:55 PM

I mean who did I piss off? No one wants to help me? I mean if not, just let me know and I will go away.

WeatherNLU · 01-04-2008, 05:59 PM

Trying again.....maybe someone will actually see this.

WeatherNLU · 01-04-2008, 10:28 PM

Bump Bump Bump Bump Bump

**Pancake** · 01-04-2008, 10:56 PM

This will help to identify malware on your system.
Please download Combofix from any of these locations:

Here
or
Here

Save ComboFix to the desktop and please ensure that you disable realtime security/virus programs that monitors your PC while CF is running.

1. Double click on combo.exe & follow the prompts.
2. When finished, it will produce a logfile located at C:\ComboFix.txt.
3. Copy and Paste the contents of that log in your next reply with a new hijackthis log. Do not use Code or html unless asked for.
Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.

Caution...Never run and remove files using ComboFix without being supervised by a security analyst.

WeatherNLU · 01-05-2008, 01:42 AM

Done..........

ComboFix:

ComboFix 08-01-04.1 - Shawn 2008-01-05 2:25:15.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.442 [GMT -6:00]
Running from: C:\Documents and Settings\Shawn\Desktop\Spyware Programs\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\ddayv.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\vyadd.ini
C:\WINDOWS\system32\vyadd.ini2

.
((((((((((((((((((((((((( Files Created from 2007-12-05 to 2008-01-05 )))))))))))))))))))))))))))))))
.

2008-01-05 02:23 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-01 16:53 . 2008-01-01 16:53 89 --a------ C:\WINDOWS\PolkaDot.ini
2008-01-01 16:52 . 2008-01-01 16:52 <DIR> d-------- C:\Program Files\Common Files\Polka Dot
2008-01-01 16:52 . 2008-01-01 16:52 <DIR> d-------- C:\Program Files\Brighter Child
2008-01-01 16:51 . 2008-01-01 16:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Polka Dot
2007-12-31 01:53 . 2007-12-31 01:53 <DIR> d-------- C:\Deckard
2007-12-31 01:40 . 2007-12-31 01:40 <DIR> d-------- C:\ie-spyad_zo
2007-12-31 01:34 . 2007-12-31 01:37 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-12-31 01:34 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2007-12-31 00:44 . 2007-12-31 00:54 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-12-31 00:44 . 2007-12-31 00:44 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-12-31 00:44 . 2007-12-31 00:44 2,550 --------- C:\WINDOWS\system32\Uninstall.ico
2007-12-31 00:44 . 2007-12-31 00:44 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-12-30 16:07 . 2007-12-31 00:54 <DIR> d-------- C:\Program Files\Spybot
2007-12-30 16:07 . 2007-12-30 16:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-29 18:18 . 2007-12-29 18:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HipSoft
2007-12-29 04:49 . 2007-12-29 05:07 <DIR> d-------- C:\VundoFix Backups
2007-12-27 17:20 . 2007-12-27 17:20 <DIR> d-------- C:\Program Files\View22
2007-12-25 22:10 . 2008-01-04 09:57 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-25 22:10 . 2008-01-04 09:57 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-25 22:09 . 2008-01-04 17:43 <DIR> d-------- C:\Program Files\iTunes
2007-12-25 22:09 . 2007-12-25 22:09 <DIR> d-------- C:\Program Files\iPod
2007-12-25 22:04 . 2007-12-25 22:04 <DIR> d-------- C:\Program Files\Apple Software Update
2007-12-25 22:03 . 2007-12-25 22:03 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-12-25 22:03 . 2007-12-25 22:03 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-12-25 22:03 . 2007-10-31 14:09 30,464 --------- C:\WINDOWS\system32\drivers\usbaapl.sys
2007-12-25 22:02 . 2007-12-25 22:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-25 19:54 . 2007-05-29 13:55 22,112 --------- C:\WINDOWS\system32\drivers\COH_Mon.sys
2007-12-25 19:54 . 2007-05-29 13:55 10,592 --------- C:\WINDOWS\system32\drivers\COH_Mon.cat
2007-12-25 19:54 . 2007-05-29 13:55 705 --------- C:\WINDOWS\system32\drivers\COH_Mon.inf
2007-12-24 12:28 . 2007-12-24 12:28 <DIR> d-------- C:\Documents and Settings\Shawn\Application Data\Symantec
2007-12-24 11:43 . 2007-12-31 00:55 <DIR> d-------- C:\Program Files\Norton 360
2007-12-24 11:41 . 2007-12-24 15:55 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-24 11:41 . 2007-12-24 15:55 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-24 11:41 . 2007-12-24 15:55 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-24 11:41 . 2007-12-24 15:55 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-24 11:38 . 2007-12-24 15:55 <DIR> d-------- C:\Program Files\Symantec
2007-12-24 11:38 . 2008-01-05 00:15 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-12-24 11:38 . 2008-01-05 02:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-24 00:19 . 2007-12-24 00:33 <DIR> d-------- C:\Documents and Settings\Shawn\.housecall6.6
2007-12-23 21:27 . 2007-12-24 11:27 <DIR> d-------- C:\Program Files\AdwareAlert
2007-12-23 21:27 . 2007-12-23 21:31 <DIR> d-------- C:\Documents and Settings\Shawn\Application Data\AdwareAlert
2007-12-23 21:21 . 2007-12-23 21:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-23 20:56 . 2007-12-23 20:56 <DIR> d-------- C:\WINDOWS\McAfee.com
2007-12-23 20:51 . 2008-01-03 16:50 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2007-12-19 20:52 . 2007-12-19 20:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Gogii
2007-12-18 21:02 . 2007-12-18 21:02 <DIR> d-------- C:\Documents and Settings\Shawn\Application Data\Home Sweet Home
2007-12-18 08:18 . 2007-12-18 08:18 <DIR> d-------- C:\Program Files\PhotoRescue 3.1.2.10607 PC
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --------- C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --------- C:\WINDOWS\system32\QuickTime.qts
2007-12-07 14:16 . 2007-12-07 14:16 <DIR> d-------- C:\Documents and Settings\Shawn\Application Data\MysteryStudio
2007-12-05 19:31 . 2007-12-05 19:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MumboJumbo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-02 23:00 --------- d-----w C:\Program Files\Dora`s Carnival 2 - Boardwalk Adventure
2007-12-31 06:55 --------- d-----w C:\Program Files\Lexmark 5400 Series
2007-12-31 06:55 --------- d-----w C:\Program Files\Common Files\LightScribe
2007-12-30 00:16 --------- d-----w C:\Program Files\Yahoo! Games
2007-12-29 11:26 --------- d-----w C:\Program Files\QuickTime
2007-12-29 05:12 --------- d-----w C:\Program Files\Morpheus Ultra
2007-12-26 04:10 --------- d-----w C:\Documents and Settings\Shawn\Application Data\Apple Computer
2007-12-26 04:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-24 16:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2007-12-24 03:21 --------- d-----w C:\Program Files\Lavasoft
2007-12-24 03:21 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-24 03:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-12-24 02:47 --------- d-----w C:\Program Files\Windows Plus
2007-12-24 02:47 --------- d-----w C:\Program Files\Shockwave.com
2007-12-23 20:55 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-19 02:03 --------- d-----w C:\Documents and Settings\Shawn\Application Data\Image Zone Express
2007-12-16 17:47 --------- d-----w C:\Program Files\Lx_cats
2007-12-16 03:08 1,393,627 ------w C:\WINDOWS\Mall Tycoon 2 Deluxe Uninstaller.exe
2007-12-07 20:16 --------- d-----w C:\Program Files\Gamenext
2007-12-03 01:39 --------- d-----w C:\Program Files\Viva Media
2007-12-02 18:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-02 17:31 --------- d-----w C:\Program Files\Barbie(TM)
2007-12-01 05:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-12-01 05:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-12-01 05:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-12-01 05:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-12-01 05:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-12-01 05:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-12-01 05:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-12-01 05:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-12-01 05:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-30 14:03 --------- d-----w C:\Program Files\Nick Jr. Arcade
2007-11-19 22:29 --------- d-----w C:\Program Files\Common Files\Oberon Media
2007-11-19 22:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Fugazo
2007-11-17 18:10 --------- d-----w C:\Documents and Settings\Shawn\Application Data\PlayFirst
2007-11-17 18:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-11-17 17:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\NannyMania
2007-11-17 15:34 --------- d-----w C:\Program Files\GameHouse
2007-11-17 15:34 --------- d-----w C:\Documents and Settings\Shawn\Application Data\My Games
2007-11-17 15:34 --------- d-----w C:\Documents and Settings\Shawn\Application Data\GameHouse
2007-11-16 04:26 --------- d-----w C:\Documents and Settings\Shawn\Application Data\Talkback
2007-11-13 10:25 20,480 ------w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-10 23:01 --------- d-----w C:\Program Files\Hexacto Games

Hijack This:

Logfile of HijackThis v1.99.1
Scan saved at 02:42, on 2008-01-05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Shawn\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: (no name) - {B5F8AB42-308E-367A-D25C-31E676F40EB3} - C:\WINDOWS\system32\czl.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://game1.pogo.com/cdl/launcher/P...rInstaller.CAB
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_inst...syInstallX.CAB
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://onlinedesigner.hgtv.com/images/app/view22rte.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.30.14/ttinst.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/download...ameManager.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...91/mcfscan.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

**Pancake** · 01-05-2008, 02:31 AM

What is this "Polka Dot"? Can'nt say I have seen it before.Was that the complete Combofix log.It seems short.Has your problem been solved....

WeatherNLU · 01-05-2008, 09:39 AM

It's a game that I bought for my daughter at Best Buy. That's from a CD, nothing to do with the internet.

Things seem to be a little better, but I am not sure it's completely fixed.

I'll run ComboFix again, and post the new log but that was all that it gave me.

Thanks!

WeatherNLU · 01-05-2008, 10:16 AM

New ComboFix log:

ComboFix 08-01-04.1 - Shawn 2008-01-05 10:40:34.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.480 [GMT -6:00]
Running from: C:\Documents and Settings\Shawn\Desktop\Spyware Programs\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\ddayv.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\vyadd.ini
C:\WINDOWS\system32\vyadd.ini2

.
((((((((((((((((((((((((( Files Created from 2007-12-05 to 2008-01-05 )))))))))))))))))))))))))))))))
.

2008-01-05 02:23 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-01 16:53 . 2008-01-01 16:53 89 --a------ C:\WINDOWS\PolkaDot.ini
2008-01-01 16:52 . 2008-01-01 16:52 <DIR> d-------- C:\Program Files\Common Files\Polka Dot
2008-01-01 16:52 . 2008-01-01 16:52 <DIR> d-------- C:\Program Files\Brighter Child
2008-01-01 16:51 . 2008-01-01 16:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Polka Dot
2007-12-31 01:53 . 2007-12-31 01:53 <DIR> d-------- C:\Deckard
2007-12-31 01:40 . 2007-12-31 01:40 <DIR> d-------- C:\ie-spyad_zo
2007-12-31 01:34 . 2007-12-31 01:37 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-12-31 01:34 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2007-12-31 00:44 . 2007-12-31 00:54 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-12-31 00:44 . 2007-12-31 00:44 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-12-31 00:44 . 2007-12-31 00:44 2,550 --------- C:\WINDOWS\system32\Uninstall.ico
2007-12-31 00:44 . 2007-12-31 00:44 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-12-30 16:07 . 2007-12-31 00:54 <DIR> d-------- C:\Program Files\Spybot
2007-12-30 16:07 . 2007-12-30 16:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-29 18:18 . 2007-12-29 18:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HipSoft
2007-12-29 04:49 . 2007-12-29 05:07 <DIR> d-------- C:\VundoFix Backups
2007-12-27 17:20 . 2007-12-27 17:20 <DIR> d-------- C:\Program Files\View22
2007-12-25 22:10 . 2008-01-04 09:57 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-25 22:10 . 2008-01-04 09:57 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-25 22:09 . 2008-01-04 17:43 <DIR> d-------- C:\Program Files\iTunes
2007-12-25 22:09 . 2007-12-25 22:09 <DIR> d-------- C:\Program Files\iPod
2007-12-25 22:04 . 2007-12-25 22:04 <DIR> d-------- C:\Program Files\Apple Software Update
2007-12-25 22:03 . 2007-12-25 22:03 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-12-25 22:03 . 2007-12-25 22:03 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-12-25 22:03 . 2007-10-31 14:09 30,464 --------- C:\WINDOWS\system32\drivers\usbaapl.sys
2007-12-25 22:02 . 2007-12-25 22:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-25 19:54 . 2007-05-29 13:55 22,112 --------- C:\WINDOWS\system32\drivers\COH_Mon.sys
2007-12-25 19:54 . 2007-05-29 13:55 10,592 --------- C:\WINDOWS\system32\drivers\COH_Mon.cat
2007-12-25 19:54 . 2007-05-29 13:55 705 --------- C:\WINDOWS\system32\drivers\COH_Mon.inf
2007-12-24 12:28 . 2007-12-24 12:28 <DIR> d-------- C:\Documents and Settings\Shawn\Application Data\Symantec
2007-12-24 11:43 . 2007-12-31 00:55 <DIR> d-------- C:\Program Files\Norton 360
2007-12-24 11:41 . 2007-12-24 15:55 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-24 11:41 . 2007-12-24 15:55 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-24 11:41 . 2007-12-24 15:55 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-24 11:41 . 2007-12-24 15:55 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-24 11:38 . 2007-12-24 15:55 <DIR> d-------- C:\Program Files\Symantec
2007-12-24 11:38 . 2008-01-05 00:15 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-12-24 11:38 . 2008-01-05 10:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-24 00:19 . 2007-12-24 00:33 <DIR> d-------- C:\Documents and Settings\Shawn\.housecall6.6
2007-12-23 21:27 . 2007-12-24 11:27 <DIR> d-------- C:\Program Files\AdwareAlert
2007-12-23 21:27 . 2007-12-23 21:31 <DIR> d-------- C:\Documents and Settings\Shawn\Application Data\AdwareAlert
2007-12-23 21:21 . 2007-12-23 21:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-23 20:56 . 2007-12-23 20:56 <DIR> d-------- C:\WINDOWS\McAfee.com
2007-12-23 20:51 . 2008-01-03 16:50 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2007-12-19 20:52 . 2007-12-19 20:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Gogii
2007-12-18 21:02 . 2007-12-18 21:02 <DIR> d-------- C:\Documents and Settings\Shawn\Application Data\Home Sweet Home
2007-12-18 08:18 . 2007-12-18 08:18 <DIR> d-------- C:\Program Files\PhotoRescue 3.1.2.10607 PC
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --------- C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --------- C:\WINDOWS\system32\QuickTime.qts
2007-12-07 14:16 . 2007-12-07 14:16 <DIR> d-------- C:\Documents and Settings\Shawn\Application Data\MysteryStudio
2007-12-05 19:31 . 2007-12-05 19:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MumboJumbo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-03 22:50 15,360 ----a-w C:\WINDOWS\system32\dllcache\ctfmon.exe
2008-01-03 22:50 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe
2008-01-02 23:00 --------- d-----w C:\Program Files\Dora`s Carnival 2 - Boardwalk Adventure
2007-12-31 07:27 169,984 ------w C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
2007-12-31 06:55 --------- d-----w C:\Program Files\Lexmark 5400 Series
2007-12-31 06:55 --------- d-----w C:\Program Files\Common Files\LightScribe
2007-12-30 00:16 --------- d-----w C:\Program Files\Yahoo! Games
2007-12-29 11:26 --------- d-----w C:\Program Files\QuickTime
2007-12-29 05:12 --------- d-----w C:\Program Files\Morpheus Ultra
2007-12-26 04:10 --------- d-----w C:\Documents and Settings\Shawn\Application Data\Apple Computer
2007-12-26 04:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-24 16:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2007-12-24 03:21 --------- d-----w C:\Program Files\Lavasoft
2007-12-24 03:21 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-24 03:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-12-24 02:47 --------- d-----w C:\Program Files\Windows Plus
2007-12-24 02:47 --------- d-----w C:\Program Files\Shockwave.com
2007-12-23 20:55 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-19 02:03 --------- d-----w C:\Documents and Settings\Shawn\Application Data\Image Zone Express
2007-12-16 17:47 --------- d-----w C:\Program Files\Lx_cats
2007-12-16 03:08 1,393,627 ------w C:\WINDOWS\Mall Tycoon 2 Deluxe Uninstaller.exe
2007-12-07 20:16 --------- d-----w C:\Program Files\Gamenext
2007-12-03 01:42 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-12-03 01:39 --------- d-----w C:\Program Files\Viva Media
2007-12-02 18:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-02 17:31 --------- d-----w C:\Program Files\Barbie(TM)
2007-12-01 05:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-12-01 05:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-12-01 05:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-12-01 05:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-12-01 05:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-12-01 05:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-12-01 05:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-12-01 05:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-12-01 05:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-30 14:03 --------- d-----w C:\Program Files\Nick Jr. Arcade
2007-11-19 22:29 --------- d-----w C:\Program Files\Common Files\Oberon Media
2007-11-19 22:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Fugazo
2007-11-17 18:10 --------- d-----w C:\Documents and Settings\Shawn\Application Data\PlayFirst
2007-11-17 18:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-11-17 17:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\NannyMania
2007-11-17 15:34 --------- d-----w C:\Program Files\GameHouse
2007-11-17 15:34 --------- d-----w C:\Documents and Settings\Shawn\Application Data\My Games
2007-11-17 15:34 --------- d-----w C:\Documents and Settings\Shawn\Application Data\GameHouse
2007-11-16 04:26 --------- d-----w C:\Documents and Settings\Shawn\Application Data\Talkback
2007-11-13 10:25 20,480 ------w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-11 20:20 5,852 ------w C:\WINDOWS\system32\KGyGaAvL.sys
2007-11-10 23:01 --------- d-----w C:\Program Files\Hexacto Games
2007-10-30 23:42 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:35 1,287,680 ------w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:35 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 23:40 222,720 ------w C:\WINDOWS\system32\wmasf.dll
2007-10-27 23:40 222,720 ------w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:34 8,460,288 ------w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-10 23:56 824,832 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:56 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:56 1,159,680 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 23:55 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:55 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:55 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:55 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:55 478,208 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:55 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:55 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:55 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:55 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-10 23:55 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:55 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-10 23:55 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:55 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:55 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:55 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:55 132,608 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:55 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 23:55 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:55 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 10:59 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 10:59 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-10 05:46 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
.

Code:

<pre>
----a-w         6,362,352 2007-12-24 17:26:03  C:\Program Files\AdwareAlert\AdwareAlert .exe
----a-w           344,064 2007-12-26 06:34:41  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx .exe
----a-w            86,960 2007-12-30 20:32:09  C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
----a-w           213,936 2007-12-26 06:34:45  C:\Program Files\Common Files\InstallShield\UpdateService\isuspm        .exe
----a-w           588,288 2007-12-26 06:34:28  C:\Program Files\Common Files\InstallShield\UpdateService\isuspm       .exe
----a-w           588,288 2007-12-26 04:25:44  C:\Program Files\Common Files\InstallShield\UpdateService\isuspm      .exe
----a-w           588,288 2007-12-26 03:34:28  C:\Program Files\Common Files\InstallShield\UpdateService\isuspm     .exe
----a-w           588,288 2007-12-26 03:06:34  C:\Program Files\Common Files\InstallShield\UpdateService\isuspm    .exe
----a-w           213,936 2007-12-30 20:32:10  C:\Program Files\Common Files\InstallShield\UpdateService\isuspm   .exe
----a-w           213,936 2007-12-30 20:33:15  C:\Program Files\Common Files\InstallShield\UpdateService\isuspm  .exe
----a-w            45,056 2007-12-30 20:32:08  C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET .EXE
----a-w            57,344 2007-12-30 20:32:07  C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol .exe
----a-w           267,048 2007-12-30 20:32:11  C:\Program Files\iTunes\iTunesHelper .exe
----a-w            83,608 2007-12-30 20:32:06  C:\Program Files\Java\jre1.6.0_01\bin\jusched .exe
----a-w         1,121,792 2007-12-30 20:32:12  C:\Program Files\McAfee\SpamKiller\MSKDetct .exe
----a-w           282,624 2007-12-26 03:34:50  C:\Program Files\QuickTime\qttask          .exe
----a-w           661,504 2007-12-29 11:26:20  C:\Program Files\QuickTime\QTTask         .exe
----a-w           661,504 2007-12-29 11:14:16  C:\Program Files\QuickTime\QTTask        .exe
----a-w           661,504 2007-12-29 11:04:31  C:\Program Files\QuickTime\QTTask       .exe
----a-w           661,504 2007-12-29 10:47:45  C:\Program Files\QuickTime\QTTask      .exe
----a-w           661,504 2007-12-29 10:39:52  C:\Program Files\QuickTime\QTTask     .exe
----a-w           661,504 2007-12-29 10:26:53  C:\Program Files\QuickTime\QTTask    .exe
----a-w           661,504 2007-12-29 10:05:14  C:\Program Files\QuickTime\QTTask   .exe
----a-w           661,504 2007-12-28 03:36:39  C:\Program Files\QuickTime\QTTask  .exe
----a-w           661,504 2007-12-26 06:34:31  C:\Program Files\QuickTime\QTTask .exe
----a-w           204,288 2007-12-24 03:55:28  C:\Program Files\Windows Media Player\WMPNSCFG .exe
------w            67,584 2007-12-29 10:47:50  C:\WINDOWS\ehome\ehtray .exe
------w           169,984 2007-12-31 07:27:16  C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
----a-w            15,360 2008-01-03 22:50:00  C:\WINDOWS\system32\ctfmon .exe
</pre>

((((((((((((((((((((((((((((( snapshot@2007-12-29_ 5.27.47.50 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-06-15 23:33:54 1,132,192 ----a-w C:\WINDOWS\Downloaded Program Files\EPUWALcontrol.dll
+ 2006-06-16 00:33:54 1,132,192 ------w C:\WINDOWS\Downloaded Program Files\EPUWALcontrol.dll
- 2007-03-13 16:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2000-08-31 14:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
- 2007-12-26 17:59:02 102,400 ----a-r C:\WINDOWS\Installer\{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}\iTunesIco.exe
+ 2008-01-04 15:57:52 102,400 ----a-r C:\WINDOWS\Installer\{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}\iTunesIco.exe
+ 2007-03-29 15:20:50 110,592 ----a-w C:\WINDOWS\system32\ActiveScan\as.dll
+ 2006-10-05 22:15:26 233,472 ----a-w C:\WINDOWS\system32\ActiveScan\ascontrol.dll
+ 2005-06-03 20:03:18 96,256 ----a-w C:\WINDOWS\system32\ActiveScan\asmdat.dll
+ 2003-08-01 17:00:16 36,864 ----a-w C:\WINDOWS\system32\ActiveScan\certdll.dll
+ 2005-05-20 19:42:44 86,016 ----a-w C:\WINDOWS\system32\ActiveScan\instlsp.dll
+ 2007-11-12 15:46:18 26,112 ----a-w C:\WINDOWS\system32\ActiveScan\JID.dll
+ 2006-02-17 00:20:20 4,608 ----a-w C:\WINDOWS\system32\ActiveScan\memvfile.dll
+ 2005-10-26 00:08:32 348,160 ----a-w C:\WINDOWS\system32\ActiveScan\msvcr71.dll
+ 2007-11-26 17:10:36 61,440 ----a-w C:\WINDOWS\system32\ActiveScan\NanoWrapper.dll
+ 2004-05-04 21:01:02 139,264 ----a-w C:\WINDOWS\system32\ActiveScan\pavaleas.dll
+ 2006-07-14 19:04:10 45,056 ----a-w C:\WINDOWS\system32\ActiveScan\pavdr.exe
+ 2006-04-10 16:50:02 159,832 ----a-w C:\WINDOWS\system32\ActiveScan\pavexcom.dll
+ 2006-02-14 19:05:38 94,208 ----a-w C:\WINDOWS\system32\ActiveScan\pavinas.dll
+ 2006-02-17 00:35:38 180,224 ----a-w C:\WINDOWS\system32\ActiveScan\pavoe.dll
+ 2006-10-05 22:15:38 122,880 ----a-w C:\WINDOWS\system32\ActiveScan\pavpz.dll
+ 2007-06-04 17:31:52 57,344 ----a-w C:\WINDOWS\system32\ActiveScan\pavsddl.dll
+ 2006-06-30 20:13:38 8,704 ----a-w C:\WINDOWS\system32\ActiveScan\pfdnnt.exe
+ 2004-02-04 20:08:42 49,152 ----a-w C:\WINDOWS\system32\ActiveScan\port32.dll
+ 2007-10-30 16:04:14 36,864 ----a-w C:\WINDOWS\system32\ActiveScan\Prescan.dll
+ 2006-08-01 19:23:10 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\pscpu.dll
+ 2007-11-21 16:00:06 376,832 ----a-w C:\WINDOWS\system32\ActiveScan\pskahk.dll
+ 2007-10-31 19:05:06 32,768 ----a-w C:\WINDOWS\system32\ActiveScan\PSKAHKPRESCAN.dll
+ 2006-08-17 17:38:14 10,752 ----a-w C:\WINDOWS\system32\ActiveScan\pskalloc.dll
+ 2006-09-04 17:49:54 61,440 ----a-w C:\WINDOWS\system32\ActiveScan\pskas.dll
+ 2006-08-18 14:46:18 779,264 ----a-w C:\WINDOWS\system32\ActiveScan\pskavs.dll
+ 2007-03-26 20:25:34 417,792 ----a-w C:\WINDOWS\system32\ActiveScan\pskcmp.dll
+ 2006-08-09 16:42:24 90,112 ----a-w C:\WINDOWS\system32\ActiveScan\pskfss.dll
+ 2006-07-19 16:55:58 208,896 ----a-w C:\WINDOWS\system32\ActiveScan\pskhtml.dll
+ 2006-01-20 22:57:00 9,728 ----a-w C:\WINDOWS\system32\ActiveScan\pskmas.dll
+ 2006-05-17 15:50:12 14,336 ----a-w C:\WINDOWS\system32\ActiveScan\pskmdfs.dll
+ 2006-08-16 16:58:12 33,280 ----a-w C:\WINDOWS\system32\ActiveScan\pskpack.dll
+ 2006-06-30 20:42:36 266,240 ----a-w C:\WINDOWS\system32\ActiveScan\pskscs.dll
+ 2006-08-17 20:33:14 62,976 ----a-w C:\WINDOWS\system32\ActiveScan\pskutil.dll
+ 2006-08-08 19:13:10 13,312 ----a-w C:\WINDOWS\system32\ActiveScan\pskvfile.dll
+ 2006-08-18 14:53:08 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\pskvfs.dll
+ 2006-08-18 14:49:50 167,936 ----a-w C:\WINDOWS\system32\ActiveScan\pskvm.dll
+ 2007-10-18 15:30:16 105,472 ----a-w C:\WINDOWS\system32\ActiveScan\psnahk.dll
+ 2007-11-23 20:29:08 10,752 ----a-w C:\WINDOWS\system32\ActiveScan\psndsk.dll
+ 2007-10-18 15:30:38 42,496 ----a-w C:\WINDOWS\system32\ActiveScan\psnflg.dll
+ 2007-10-30 17:19:22 98,304 ----a-w C:\WINDOWS\system32\ActiveScan\psnglknt.dll
+ 2007-08-22 14:52:00 20,272 ----a-w C:\WINDOWS\system32\ActiveScan\psnhsh.dll
+ 2007-11-12 21:49:34 11,776 ----a-w C:\WINDOWS\system32\ActiveScan\psnjidsign.dll
+ 2007-08-22 14:52:04 76,080 ----a-w C:\WINDOWS\system32\ActiveScan\psnkrnl.dll
+ 2007-08-22 14:52:06 21,296 ----a-w C:\WINDOWS\system32\ActiveScan\psnmem.dll
+ 2007-10-04 21:26:28 28,672 ----a-w C:\WINDOWS\system32\ActiveScan\PsnPen.dll
+ 2007-10-23 17:40:10 86,016 ----a-w C:\WINDOWS\system32\ActiveScan\psntuc.dll
+ 2007-05-24 17:27:36 27,136 ----a-w C:\WINDOWS\system32\ActiveScan\PSNXprs.dll
+ 2007-04-18 23:16:04 353,840 ----a-w C:\WINDOWS\system32\ActiveScan\psscan.dll
+ 2007-01-22 20:42:48 35,328 ----a-w C:\WINDOWS\system32\ActiveScan\rawvfile.dll
+ 2007-06-08 15:44:36 8,576 ----a-w C:\WINDOWS\system32\ActiveScan\RKPavProc.sys
+ 2007-06-05 16:56:40 44,928 ----a-w C:\WINDOWS\system32\ActiveScan\sdthook.sys
+ 1997-09-18 12:12:32 9,488 ----a-w C:\WINDOWS\system32\ActiveScan\sporder.dll
+ 2006-02-28 23:23:40 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\tcpvfile.dll
+ 2007-09-17 15:14:08 126,976 ----a-w C:\WINDOWS\system32\ActiveScan\Tucan.dll
+ 2006-08-02 18:39:06 73,728 ----a-w C:\WINDOWS\system32\asuninst.exe
- 2007-12-02 23:00:05 18,684,536 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2007-12-02 21:00:06 18,684,536 ----a-w C:\WINDOWS\system32\MRT.exe
- 2007-12-14 03:26:50 156,160 -c--a-w C:\WINDOWS\system32\swreg.exe
+ 2000-08-31 14:00:00 156,160 ----a-w C:\WINDOWS\system32\swreg.exe
- 2006-09-22 09:52:26 40,960 -c----w C:\WINDOWS\system32\swsc.exe
+ 2000-08-31 14:00:00 136,704 ----a-w C:\WINDOWS\system32\swsc.exe
- 2006-12-01 11:20:32 212,480 ----a-w C:\WINDOWS\system32\swxcacls.exe
+ 2000-08-31 14:00:00 212,480 ----a-w C:\WINDOWS\system32\swxcacls.exe
- 2006-11-27 08:34:46 49,152 ----a-w C:\WINDOWS\system32\VFind.exe
+ 2000-08-31 14:00:00 49,152 ----a-w C:\WINDOWS\system32\VFind.exe
+ 2003-03-26 00:53:50 11,776 ------w C:\WINDOWS\system32\ZPORT4AS.dll
+ 2008-01-05 08:35:21 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_70c.dat
+ 2008-01-05 16:40:48 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_c84.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B5F8AB42-308E-367A-D25C-31E676F40EB3}]
C:\WINDOWS\system32\czl.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-03 16:50 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [ ]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [ ]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [ ]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [ ]
"CTHelper"="CTHELPER.EXE" [2004-03-11 14:50 28672 C:\WINDOWS\system32\CTHELPER.EXE]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-05-29 19:34 5419008]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Extender Resource Monitor.lnk - C:\WINDOWS\ehome\RMSysTry.exe [2005-10-20 17:55:40]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ImageMixer for HDD Camcorder.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ImageMixer for HDD Camcorder.lnk
backup=C:\WINDOWS\pss\ImageMixer for HDD Camcorder.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdwareAlert]
C:\Program Files\AdwareAlert\AdwareAlert.exe -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2006-10-23 06:50 71216 -ra------ C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2006-02-09 16:34 106496 --a--c--- C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-01-03 16:50 15360 --a------ C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
C:\Program Files\DellSupport\DSAgnt.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-09-08 04:20 122940 --a------ C:\WINDOWS\System32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 02:12 94208 --a------ C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2007-03-19 06:58 82864 --a------ C:\Program Files\Lexmark 5400 Series\ezprint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2006-09-25 18:52 50736 --a------ C:\Program Files\Common Files\AOL\1179615398\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 01:41 49152 --a------ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe -scheduler

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 5400 Series Fax Server]
C:\Program Files\Lexmark 5400 Series\fm3032.exe /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\system32\ddayv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXCTCATS]
rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxctmon.exe]
2007-03-19 06:58 291760 --a------ C:\Program Files\Lexmark 5400 Series\lxctmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Magical Gatherings]
C:\Program Files\Magical Gatherings\Magical Gatherings.exe -r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 15:40 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QdrModule11]
C:\Program Files\QdrModule\QdrModule11.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QdrPack11]
C:\Program Files\QdrPack\QdrPack11.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask .exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Simple Star PhotoShow Media Manager]
2006-01-13 15:22 233472 --a------ C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-05-21 11:43 68856 --a------ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uaol]
C:\WINDOWS\YSTEM~1\msiexec.exe -vt yazb

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UltimateBuddy]
2007-08-07 08:33 1029352 --a------ C:\Program Files\UltimateBuddy\UltimateBuddy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 00:00 90112 --------- C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2007-12-29 13:59 204288 --a------ C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -quiet

R2 RMSvc;Media Center Extender Resource Monitor;C:\WINDOWS\ehome\RMSvc.exe [2005-10-20 17:55]
S3 QWAVE;QWAVE service;C:\WINDOWS\system32\svchost.exe [2004-08-10 04:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd6313a2-b3cc-11dc-a87c-00038a000015}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://www.mgae.com/keylauncher/?code=3654339762556911

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-01-05 09:00:00 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert .ex
- C:\Program Files\AdwareAlert
"2008-01-01 20:19:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-05 00:30:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (ONEILMAIN-Shawn).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
"2008-01-05 16:45:00 C:\WINDOWS\Tasks\User_Feed_Synchronization-{CBAB6592-4352-4D85-B3ED-056C128B2498}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-05 10:46:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-05 10:47:43
ComboFix-quarantined-files.txt 2008-01-05 16:47:40
ComboFix2.txt 2007-12-29 11:59:28
ComboFix3.txt 2007-12-29 11:28:56
.
2007-12-12 09:05:57 --- E O F ---

**Pancake** · 01-05-2008, 02:52 PM

Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open *notepad* and copy/paste the text in the quotebox below into it:

Quote:

KillAll::

RENV::
----a-w 6,362,352 2007-12-24 17:26:03 C:\Program Files\AdwareAlert\AdwareAlert .exe
----a-w 344,064 2007-12-26 06:34:41 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx .exe
----a-w 86,960 2007-12-30 20:32:09 C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
----a-w 213,936 2007-12-26 06:34:45 C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
----a-w 588,288 2007-12-26 06:34:28 C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
----a-w 588,288 2007-12-26 04:25:44 C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
----a-w 588,288 2007-12-26 03:34:28 C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
----a-w 588,288 2007-12-26 03:06:34 C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
----a-w 213,936 2007-12-30 20:32:10 C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
----a-w 213,936 2007-12-30 20:33:15 C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
----a-w 45,056 2007-12-30 20:32:08 C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET .EXE
----a-w 57,344 2007-12-30 20:32:07 C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol .exe
----a-w 267,048 2007-12-30 20:32:11 C:\Program Files\iTunes\iTunesHelper .exe
----a-w 83,608 2007-12-30 20:32:06 C:\Program Files\Java\jre1.6.0_01\bin\jusched .exe
----a-w 1,121,792 2007-12-30 20:32:12 C:\Program Files\McAfee\SpamKiller\MSKDetct .exe
----a-w 282,624 2007-12-26 03:34:50 C:\Program Files\QuickTime\qttask .exe
----a-w 661,504 2007-12-29 11:26:20 C:\Program Files\QuickTime\QTTask .exe
----a-w 661,504 2007-12-29 11:14:16 C:\Program Files\QuickTime\QTTask .exe
----a-w 661,504 2007-12-29 11:04:31 C:\Program Files\QuickTime\QTTask .exe
----a-w 661,504 2007-12-29 10:47:45 C:\Program Files\QuickTime\QTTask .exe
----a-w 661,504 2007-12-29 10:39:52 C:\Program Files\QuickTime\QTTask .exe
----a-w 661,504 2007-12-29 10:26:53 C:\Program Files\QuickTime\QTTask .exe
----a-w 661,504 2007-12-29 10:05:14 C:\Program Files\QuickTime\QTTask .exe
----a-w 661,504 2007-12-28 03:36:39 C:\Program Files\QuickTime\QTTask .exe
----a-w 661,504 2007-12-26 06:34:31 C:\Program Files\QuickTime\QTTask .exe
----a-w 204,288 2007-12-24 03:55:28 C:\Program Files\Windows Media Player\WMPNSCFG .exe
------w 67,584 2007-12-29 10:47:50 C:\WINDOWS\ehome\ehtray .exe
------w 169,984 2007-12-31 07:27:16 C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
----a-w 15,360 2008-01-03 22:50:00 C:\WINDOWS\system32\ctfmon .exe

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B5F8AB42-308E-367A-D25C-31E676F40EB3}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]

Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.

Refering to the picture above, drag CFScript.txt into ComboFix.exe

Restart your computer.

When finished, it shall produce a log for you at C:\ComboFix.txt

Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please.

*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall*

WeatherNLU · 01-05-2008, 05:25 PM

Done, new logs:

ComboFix:

ComboFix 08-01-04.1 - Shawn 2008-01-05 17:51:30.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.492 [GMT -6:00]
Running from: C:\Documents and Settings\Shawn\Desktop\Spyware Programs\ComboFix.exe
Command switches used :: C:\Documents and Settings\Shawn\Desktop\Spyware Programs\cfscript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-12-06 to 2008-01-06 )))))))))))))))))))))))))))))))
.

2008-01-05 02:23 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-01 16:53 . 2008-01-01 16:53 89 --a------ C:\WINDOWS\PolkaDot.ini
2008-01-01 16:52 . 2008-01-01 16:52 <DIR> d-------- C:\Program Files\Common Files\Polka Dot
2008-01-01 16:52 . 2008-01-01 16:52 <DIR> d-------- C:\Program Files\Brighter Child
2008-01-01 16:51 . 2008-01-01 16:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Polka Dot
2007-12-31 01:53 . 2007-12-31 01:53 <DIR> d-------- C:\Deckard
2007-12-31 01:40 . 2007-12-31 01:40 <DIR> d-------- C:\ie-spyad_zo
2007-12-31 01:34 . 2007-12-31 01:37 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-12-31 01:34 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2007-12-31 00:44 . 2007-12-31 00:54 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-12-31 00:44 . 2007-12-31 00:44 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-12-31 00:44 . 2007-12-31 00:44 2,550 --------- C:\WINDOWS\system32\Uninstall.ico
2007-12-31 00:44 . 2007-12-31 00:44 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-12-30 16:07 . 2007-12-31 00:54 <DIR> d-------- C:\Program Files\Spybot
2007-12-30 16:07 . 2007-12-30 16:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-29 18:18 . 2007-12-29 18:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HipSoft
2007-12-29 04:49 . 2007-12-29 05:07 <DIR> d-------- C:\VundoFix Backups
2007-12-27 17:20 . 2007-12-27 17:20 <DIR> d-------- C:\Program Files\View22
2007-12-25 22:10 . 2008-01-05 18:15 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-25 22:10 . 2008-01-05 12:41 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-25 22:09 . 2008-01-05 12:41 <DIR> d-------- C:\Program Files\iTunes
2007-12-25 22:09 . 2007-12-25 22:09 <DIR> d-------- C:\Program Files\iPod
2007-12-25 22:04 . 2007-12-25 22:04 <DIR> d-------- C:\Program Files\Apple Software Update
2007-12-25 22:03 . 2007-12-25 22:03 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-12-25 22:03 . 2007-12-25 22:03 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-12-25 22:03 . 2007-10-31 14:09 30,464 --------- C:\WINDOWS\system32\drivers\usbaapl.sys
2007-12-25 22:02 . 2007-12-25 22:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-25 19:54 . 2007-05-29 13:55 22,112 --------- C:\WINDOWS\system32\drivers\COH_Mon.sys
2007-12-25 19:54 . 2007-05-29 13:55 10,592 --------- C:\WINDOWS\system32\drivers\COH_Mon.cat
2007-12-25 19:54 . 2007-05-29 13:55 705 --------- C:\WINDOWS\system32\drivers\COH_Mon.inf
2007-12-24 12:28 . 2007-12-24 12:28 <DIR> d-------- C:\Documents and Settings\Shawn\Application Data\Symantec
2007-12-24 11:43 . 2007-12-31 00:55 <DIR> d-------- C:\Program Files\Norton 360
2007-12-24 11:41 . 2007-12-24 15:55 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-24 11:41 . 2007-12-24 15:55 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-24 11:41 . 2007-12-24 15:55 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-24 11:41 . 2007-12-24 15:55 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-24 11:38 . 2007-12-24 15:55 <DIR> d-------- C:\Program Files\Symantec
2007-12-24 11:38 . 2008-01-05 00:15 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-12-24 11:38 . 2008-01-05 17:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-24 00:19 . 2007-12-24 00:33 <DIR> d-------- C:\Documents and Settings\Shawn\.housecall6.6
2007-12-23 21:27 . 2008-01-05 17:51 <DIR> d-------- C:\Program Files\AdwareAlert
2007-12-23 21:27 . 2007-12-23 21:31 <DIR> d-------- C:\Documents and Settings\Shawn\Application Data\AdwareAlert
2007-12-23 21:21 . 2007-12-23 21:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-23 20:56 . 2007-12-23 20:56 <DIR> d-------- C:\WINDOWS\McAfee.com
2007-12-23 20:51 . 2008-01-03 16:50 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2007-12-19 20:52 . 2007-12-19 20:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Gogii
2007-12-18 21:02 . 2007-12-18 21:02 <DIR> d-------- C:\Documents and Settings\Shawn\Application Data\Home Sweet Home
2007-12-18 08:18 . 2007-12-18 08:18 <DIR> d-------- C:\Program Files\PhotoRescue 3.1.2.10607 PC
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --------- C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --------- C:\WINDOWS\system32\QuickTime.qts
2007-12-07 14:16 . 2007-12-07 14:16 <DIR> d-------- C:\Documents and Settings\Shawn\Application Data\MysteryStudio

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-02 23:00 --------- d-----w C:\Program Files\Dora`s Carnival 2 - Boardwalk Adventure
2007-12-31 06:55 --------- d-----w C:\Program Files\Lexmark 5400 Series
2007-12-31 06:55 --------- d-----w C:\Program Files\Common Files\LightScribe
2007-12-30 00:16 --------- d-----w C:\Program Files\Yahoo! Games
2007-12-29 11:26 --------- d-----w C:\Program Files\QuickTime
2007-12-29 05:12 --------- d-----w C:\Program Files\Morpheus Ultra
2007-12-26 04:10 --------- d-----w C:\Documents and Settings\Shawn\Application Data\Apple Computer
2007-12-26 04:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-24 16:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2007-12-24 03:21 --------- d-----w C:\Program Files\Lavasoft
2007-12-24 03:21 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-24 03:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-12-24 02:47 --------- d-----w C:\Program Files\Windows Plus
2007-12-24 02:47 --------- d-----w C:\Program Files\Shockwave.com
2007-12-23 20:55 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-19 02:03 --------- d-----w C:\Documents and Settings\Shawn\Application Data\Image Zone Express
2007-12-16 17:47 --------- d-----w C:\Program Files\Lx_cats
2007-12-16 03:08 1,393,627 ------w C:\WINDOWS\Mall Tycoon 2 Deluxe Uninstaller.exe
2007-12-07 20:16 --------- d-----w C:\Program Files\Gamenext
2007-12-06 01:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\MumboJumbo
2007-12-03 01:39 --------- d-----w C:\Program Files\Viva Media
2007-12-02 18:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-02 17:31 --------- d-----w C:\Program Files\Barbie(TM)
2007-12-01 05:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-12-01 05:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-12-01 05:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-12-01 05:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-12-01 05:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-12-01 05:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-12-01 05:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-12-01 05:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-12-01 05:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-30 14:03 --------- d-----w C:\Program Files\Nick Jr. Arcade
2007-11-19 22:29 --------- d-----w C:\Program Files\Common Files\Oberon Media
2007-11-19 22:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Fugazo
2007-11-17 18:10 --------- d-----w C:\Documents and Settings\Shawn\Application Data\PlayFirst
2007-11-17 18:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-11-17 17:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\NannyMania
2007-11-17 15:34 --------- d-----w C:\Program Files\GameHouse
2007-11-17 15:34 --------- d-----w C:\Documents and Settings\Shawn\Application Data\My Games
2007-11-17 15:34 --------- d-----w C:\Documents and Settings\Shawn\Application Data\GameHouse
2007-11-16 04:26 --------- d-----w C:\Documents and Settings\Shawn\Application Data\Talkback
2007-11-13 10:25 20,480 ------w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-10 23:01 --------- d-----w C:\Program Files\Hexacto Games
.

Code:

<pre>
----a-w           344,064 2007-12-26 06:34:41  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx .exe
----a-w            86,960 2007-12-30 20:32:09  C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
----a-w           213,936 2007-12-26 06:34:45  C:\Program Files\Common Files\InstallShield\UpdateService\isuspm        .exe
----a-w           588,288 2007-12-26 06:34:28  C:\Program Files\Common Files\InstallShield\UpdateService\isuspm       .exe
----a-w           588,288 2007-12-26 04:25:44  C:\Program Files\Common Files\InstallShield\UpdateService\isuspm      .exe
----a-w           588,288 2007-12-26 03:34:28  C:\Program Files\Common Files\InstallShield\UpdateService\isuspm     .exe
----a-w           588,288 2007-12-26 03:06:34  C:\Program Files\Common Files\InstallShield\UpdateService\isuspm    .exe
----a-w           213,936 2007-12-30 20:32:10  C:\Program Files\Common Files\InstallShield\UpdateService\isuspm   .exe
----a-w           213,936 2007-12-30 20:33:15  C:\Program Files\Common Files\InstallShield\UpdateService\isuspm  .exe
----a-w            45,056 2007-12-30 20:32:08  C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET .EXE
----a-w            57,344 2007-12-30 20:32:07  C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol .exe
----a-w           267,048 2007-12-30 20:32:11  C:\Program Files\iTunes\iTunesHelper .exe
----a-w            83,608 2007-12-30 20:32:06  C:\Program Files\Java\jre1.6.0_01\bin\jusched .exe
----a-w         1,121,792 2007-12-30 20:32:12  C:\Program Files\McAfee\SpamKiller\MSKDetct .exe
----a-w           282,624 2007-12-26 03:34:50  C:\Program Files\QuickTime\qttask          .exe
----a-w           661,504 2007-12-29 11:26:20  C:\Program Files\QuickTime\QTTask         .exe
----a-w           661,504 2007-12-29 11:14:16  C:\Program Files\QuickTime\QTTask        .exe
----a-w           661,504 2007-12-29 11:04:31  C:\Program Files\QuickTime\QTTask       .exe
----a-w           661,504 2007-12-29 10:47:45  C:\Program Files\QuickTime\QTTask      .exe
----a-w           661,504 2007-12-29 10:39:52  C:\Program Files\QuickTime\QTTask     .exe
----a-w           661,504 2007-12-29 10:26:53  C:\Program Files\QuickTime\QTTask    .exe
----a-w           661,504 2007-12-29 10:05:14  C:\Program Files\QuickTime\QTTask   .exe
----a-w           661,504 2007-12-28 03:36:39  C:\Program Files\QuickTime\QTTask  .exe
----a-w           661,504 2007-12-26 06:34:31  C:\Program Files\QuickTime\QTTask .exe
----a-w           204,288 2007-12-24 03:55:28  C:\Program Files\Windows Media Player\WMPNSCFG .exe
------w            67,584 2007-12-29 10:47:50  C:\WINDOWS\ehome\ehtray .exe
------w           169,984 2007-12-31 07:27:16  C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
----a-w            15,360 2008-01-03 22:50:00  C:\WINDOWS\system32\ctfmon .exe
</pre>

((((((((((((((((((((((((((((( snapshot_2008-01-05_10.47.18.34 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-04 15:57:52 102,400 ----a-r C:\WINDOWS\Installer\{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}\iTunesIco.exe
+ 2008-01-05 18:41:17 102,400 ----a-r C:\WINDOWS\Installer\{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}\iTunesIco.exe
+ 2008-01-06 00:00:42 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6f0.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-03 16:50 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [ ]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [ ]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [ ]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [ ]
"CTHelper"="CTHELPER.EXE" [2004-03-11 14:50 28672 C:\WINDOWS\system32\CTHELPER.EXE]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-05-29 19:34 5419008]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Extender Resource Monitor.lnk - C:\WINDOWS\ehome\RMSysTry.exe [2005-10-20 17:55:40]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ImageMixer for HDD Camcorder.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ImageMixer for HDD Camcorder.lnk
backup=C:\WINDOWS\pss\ImageMixer for HDD Camcorder.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdwareAlert]
C:\Program Files\AdwareAlert\AdwareAlert.exe -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2006-10-23 06:50 71216 -ra------ C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2006-02-09 16:34 106496 --a--c--- C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-01-03 16:50 15360 --a------ C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
C:\Program Files\DellSupport\DSAgnt.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-09-08 04:20 122940 --a------ C:\WINDOWS\System32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 02:12 94208 --a------ C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2007-03-19 06:58 82864 --a------ C:\Program Files\Lexmark 5400 Series\ezprint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2006-09-25 18:52 50736 --a------ C:\Program Files\Common Files\AOL\1179615398\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 01:41 49152 --a------ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe -scheduler

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 5400 Series Fax Server]
C:\Program Files\Lexmark 5400 Series\fm3032.exe /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXCTCATS]
rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxctmon.exe]
2007-03-19 06:58 291760 --a------ C:\Program Files\Lexmark 5400 Series\lxctmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Magical Gatherings]
C:\Program Files\Magical Gatherings\Magical Gatherings.exe -r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 15:40 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QdrModule11]
C:\Program Files\QdrModule\QdrModule11.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QdrPack11]
C:\Program Files\QdrPack\QdrPack11.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask .exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Simple Star PhotoShow Media Manager]
2006-01-13 15:22 233472 --a------ C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-05-21 11:43 68856 --a------ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uaol]
C:\WINDOWS\YSTEM~1\msiexec.exe -vt yazb

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UltimateBuddy]
2007-08-07 08:33 1029352 --a------ C:\Program Files\UltimateBuddy\UltimateBuddy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 00:00 90112 --------- C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2007-12-29 13:59 204288 --a------ C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -quiet

R2 RMSvc;Media Center Extender Resource Monitor;C:\WINDOWS\ehome\RMSvc.exe [2005-10-20 17:55]
S3 QWAVE;QWAVE service;C:\WINDOWS\system32\svchost.exe [2004-08-10 04:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd6313a2-b3cc-11dc-a87c-00038a000015}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://www.mgae.com/keylauncher/?code=3654339762556911

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-01-05 09:00:00 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert .ex
- C:\Program Files\AdwareAlert
"2008-01-01 20:19:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-05 00:30:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (ONEILMAIN-Shawn).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
"2008-01-06 00:15:00 C:\WINDOWS\Tasks\User_Feed_Synchronization-{CBAB6592-4352-4D85-B3ED-056C128B2498}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-05 18:15:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-05 18:19:53 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-06 00:19:51
ComboFix2.txt 2008-01-05 16:47:44
ComboFix3.txt 2007-12-29 11:59:28
ComboFix4.txt 2007-12-29 11:28:56
.
2007-12-12 09:05:57 --- E O F ---

Hijack This:

Logfile of HijackThis v1.99.1
Scan saved at 6:25:20 PM, on 1/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Shawn\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://game1.pogo.com/cdl/launcher/P...rInstaller.CAB
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_inst...syInstallX.CAB
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://onlinedesigner.hgtv.com/images/app/view22rte.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.30.14/ttinst.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/download...ameManager.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...91/mcfscan.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

**Pancake** · 01-05-2008, 05:54 PM

Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out

portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open *notepad* and copy/paste the text in the quotebox below into it:

Quote:

Folder::
C:\Program Files\QdrPack

RenV::
----a-w 344,064 2007-12-26 06:34:41 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx .exe
----a-w 86,960 2007-12-30 20:32:09 C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
----a-w 213,936 2007-12-26 06:34:45 C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
----a-w 588,288 2007-12-26 06:34:28 C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
----a-w 588,288 2007-12-26 04:25:44 C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
----a-w 588,288 2007-12-26 03:34:28 C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
----a-w 588,288 2007-12-26 03

34 C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
----a-w 213,936 2007-12-30 20:32:10 C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
----a-w 213,936 2007-12-30 20:33:15 C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
----a-w 45,056 2007-12-30 20:32:08 C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET .EXE
----a-w 57,344 2007-12-30 20:32:07 C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol .exe
----a-w 267,048 2007-12-30 20:32:11 C:\Program Files\iTunes\iTunesHelper .exe
----a-w 83,608 2007-12-30 20:32:06 C:\Program Files\Java\jre1.6.0_01\bin\jusched .exe
----a-w 1,121,792 2007-12-30 20:32:12 C:\Program Files\McAfee\SpamKiller\MSKDetct .exe
----a-w 282,624 2007-12-26 03:34:50 C:\Program Files\QuickTime\qttask .exe
----a-w 661,504 2007-12-29 11:26:20 C:\Program Files\QuickTime\QTTask .exe
----a-w 661,504 2007-12-29 11:14:16 C:\Program Files\QuickTime\QTTask .exe
----a-w 661,504 2007-12-29 11:04:31 C:\Program Files\QuickTime\QTTask .exe
----a-w 661,504 2007-12-29 10:47:45 C:\Program Files\QuickTime\QTTask .exe
----a-w 661,504 2007-12-29 10:39:52 C:\Program Files\QuickTime\QTTask .exe
----a-w 661,504 2007-12-29 10:26:53 C:\Program Files\QuickTime\QTTask .exe
----a-w 661,504 2007-12-29 10:05:14 C:\Program Files\QuickTime\QTTask .exe
----a-w 661,504 2007-12-28 03:36:39 C:\Program Files\QuickTime\QTTask .exe
----a-w 661,504 2007-12-26 06:34:31 C:\Program Files\QuickTime\QTTask .exe
----a-w 204,288 2007-12-24 03:55:28 C:\Program Files\Windows Media Player\WMPNSCFG .exe
------w 67,584 2007-12-29 10:47:50 C:\WINDOWS\ehome\ehtray .exe
------w 169,984 2007-12-31 07:27:16 C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
----a-w 15,360 2008-01-03 22:50:00 C:\WINDOWS\system32\ctfmon .exe

Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.

Refering to the picture above, drag CFScript.txt into ComboFix.exe

Restart your computer.

When finished, it shall produce a log for you at C:\ComboFix.txt

Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please.

*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall*

WeatherNLU · 01-05-2008, 09:21 PM

Done again, new logs here...........

ComboFix:

ComboFix 08-01-04.1 - Shawn 2008-01-05 20:42:59.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.656 [GMT -6:00]
Running from: C:\Documents and Settings\Shawn\Desktop\Spyware Programs\ComboFix.exe
Command switches used :: C:\Documents and Settings\Shawn\Desktop\Spyware Programs\cfscript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-12-06 to 2008-01-06 )))))))))))))))))))))))))))))))
.

2008-01-05 18:29 . 2008-01-05 18:29 <DIR> d-------- C:\WINDOWS\LastGood
2008-01-05 02:23 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-01 16:53 . 2008-01-01 16:53 89 --a------ C:\WINDOWS\PolkaDot.ini
2008-01-01 16:52 . 2008-01-01 16:52 <DIR> d-------- C:\Program Files\Common Files\Polka Dot
2008-01-01 16:52 . 2008-01-01 16:52 <DIR> d-------- C:\Program Files\Brighter Child
2008-01-01 16:51 . 2008-01-01 16:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Polka Dot
2007-12-31 01:53 . 2007-12-31 01:53 <DIR> d-------- C:\Deckard
2007-12-31 01:40 . 2007-12-31 01:40 <DIR> d-------- C:\ie-spyad_zo
2007-12-31 01:34 . 2007-12-31 01:37 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-12-31 01:34 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2007-12-31 00:44 . 2007-12-31 00:54 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-12-31 00:44 . 2007-12-31 00:44 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-12-31 00:44 . 2007-12-31 00:44 2,550 --------- C:\WINDOWS\system32\Uninstall.ico
2007-12-31 00:44 . 2007-12-31 00:44 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-12-30 16:07 . 2007-12-31 00:54 <DIR> d-------- C:\Program Files\Spybot
2007-12-30 16:07 . 2007-12-30 16:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-29 18:18 . 2007-12-29 18:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HipSoft
2007-12-29 04:49 . 2007-12-29 05:07 <DIR> d-------- C:\VundoFix Backups
2007-12-27 17:20 . 2007-12-27 17:20 <DIR> d-------- C:\Program Files\View22
2007-12-25 22:10 . 2008-01-05 18:15 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-25 22:10 . 2008-01-05 12:41 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-25 22:09 . 2008-01-05 12:41 <DIR> d-------- C:\Program Files\iTunes
2007-12-25 22:09 . 2007-12-25 22:09 <DIR> d-------- C:\Program Files\iPod
2007-12-25 22:04 . 2007-12-25 22:04 <DIR> d-------- C:\Program Files\Apple Software Update
2007-12-25 22:03 . 2007-12-25 22:03 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-12-25 22:03 . 2007-12-25 22:03 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-12-25 22:03 . 2007-10-31 14:09 30,464 --------- C:\WINDOWS\system32\drivers\usbaapl.sys
2007-12-25 22:02 . 2007-12-25 22:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-25 19:54 . 2007-05-29 13:55 22,112 --------- C:\WINDOWS\system32\drivers\COH_Mon.sys
2007-12-25 19:54 . 2007-05-29 13:55 10,592 --------- C:\WINDOWS\system32\drivers\COH_Mon.cat
2007-12-25 19:54 . 2007-05-29 13:55 705 --------- C:\WINDOWS\system32\drivers\COH_Mon.inf
2007-12-24 12:28 . 2007-12-24 12:28 <DIR> d-------- C:\Documents and Settings\Shawn\Application Data\Symantec
2007-12-24 11:43 . 2007-12-31 00:55 <DIR> d-------- C:\Program Files\Norton 360
2007-12-24 11:41 . 2007-12-24 15:55 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-24 11:41 . 2007-12-24 15:55 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-24 11:41 . 2007-12-24 15:55 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-24 11:41 . 2007-12-24 15:55 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-24 11:38 . 2007-12-24 15:55 <DIR> d-------- C:\Program Files\Symantec
2007-12-24 11:38 . 2008-01-05 00:15 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-12-24 11:38 . 2008-01-05 20:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-24 00:19 . 2007-12-24 00:33 <DIR> d-------- C:\Documents and Settings\Shawn\.housecall6.6
2007-12-23 21:27 . 2008-01-05 17:51 <DIR> d-------- C:\Program Files\AdwareAlert
2007-12-23 21:27 . 2007-12-23 21:31 <DIR> d-------- C:\Documents and Settings\Shawn\Application Data\AdwareAlert
2007-12-23 21:21 . 2007-12-23 21:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-23 20:56 . 2007-12-23 20:56 <DIR> d-------- C:\WINDOWS\McAfee.com
2007-12-23 20:51 . 2008-01-03 16:50 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2007-12-19 20:52 . 2007-12-19 20:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Gogii
2007-12-18 21:02 . 2007-12-18 21:02 <DIR> d-------- C:\Documents and Settings\Shawn\Application Data\Home Sweet Home
2007-12-18 08:18 . 2007-12-18 08:18 <DIR> d-------- C:\Program Files\PhotoRescue 3.1.2.10607 PC
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --------- C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --------- C:\WINDOWS\system32\QuickTime.qts
2007-12-07 14:16 . 2007-12-07 14:16 <DIR> d-------- C:\Documents and Settings\Shawn\Application Data\MysteryStudio

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-03 22:50 15,360 ----a-w C:\WINDOWS\system32\dllcache\ctfmon.exe
2008-01-03 22:50 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe
2008-01-02 23:00 --------- d-----w C:\Program Files\Dora`s Carnival 2 - Boardwalk Adventure
2007-12-31 07:27 169,984 ------w C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
2007-12-31 06:55 --------- d-----w C:\Program Files\Lexmark 5400 Series
2007-12-31 06:55 --------- d-----w C:\Program Files\Common Files\LightScribe
2007-12-30 00:16 --------- d-----w C:\Program Files\Yahoo! Games
2007-12-29 11:26 --------- d-----w C:\Program Files\QuickTime
2007-12-29 05:12 --------- d-----w C:\Program Files\Morpheus Ultra
2007-12-26 04:10 --------- d-----w C:\Documents and Settings\Shawn\Application Data\Apple Computer
2007-12-26 04:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-24 16:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2007-12-24 03:21 --------- d-----w C:\Program Files\Lavasoft
2007-12-24 03:21 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-24 03:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-12-24 02:47 --------- d-----w C:\Program Files\Windows Plus
2007-12-24 02:47 --------- d-----w C:\Program Files\Shockwave.com
2007-12-23 20:55 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-19 02:03 --------- d-----w C:\Documents and Settings\Shawn\Application Data\Image Zone Express
2007-12-16 17:47 --------- d-----w C:\Program Files\Lx_cats
2007-12-16 03:08 1,393,627 ------w C:\WINDOWS\Mall Tycoon 2 Deluxe Uninstaller.exe
2007-12-07 20:16 --------- d-----w C:\Program Files\Gamenext
2007-12-06 01:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\MumboJumbo
2007-12-03 01:42 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-12-03 01:39 --------- d-----w C:\Program Files\Viva Media
2007-12-02 18:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-02 17:31 --------- d-----w C:\Program Files\Barbie(TM)
2007-12-01 05:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-12-01 05:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-12-01 05:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-12-01 05:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-12-01 05:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-12-01 05:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-12-01 05:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-12-01 05:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-12-01 05:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-30 14:03 --------- d-----w C:\Program Files\Nick Jr. Arcade
2007-11-19 22:29 --------- d-----w C:\Program Files\Common Files\Oberon Media
2007-11-19 22:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Fugazo
2007-11-17 18:10 --------- d-----w C:\Documents and Settings\Shawn\Application Data\PlayFirst
2007-11-17 18:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-11-17 17:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\NannyMania
2007-11-17 15:34 --------- d-----w C:\Program Files\GameHouse
2007-11-17 15:34 --------- d-----w C:\Documents and Settings\Shawn\Application Data\My Games
2007-11-17 15:34 --------- d-----w C:\Documents and Settings\Shawn\Application Data\GameHouse
2007-11-16 04:26 --------- d-----w C:\Documents and Settings\Shawn\Application Data\Talkback
2007-11-13 10:25 20,480 ------w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-11 20:20 5,852 ------w C:\WINDOWS\system32\KGyGaAvL.sys
2007-11-10 23:01 --------- d-----w C:\Program Files\Hexacto Games
2007-10-30 23:42 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:35 1,287,680 ------w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:35 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 23:40 222,720 ------w C:\WINDOWS\system32\wmasf.dll
2007-10-27 23:40 222,720 ------w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:34 8,460,288 ------w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-10 23:56 824,832 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:56 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:56 1,159,680 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 23:55 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:55 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:55 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:55 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:55 478,208 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:55 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:55 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:55 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:55 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-10 23:55 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:55 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-10 23:55 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:55 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:55 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:55 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:55 132,608 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:55 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 23:55 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:55 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 10:59 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 10:59 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-10 05:46 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
.

Code:

<pre>
----a-w            86,960 2007-12-30 20:32:09  C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
----a-w           213,936 2007-12-26 06:34:45  C:\Program Files\Common Files\InstallShield\UpdateService\isuspm        .exe
----a-w           588,288 2007-12-26 06:34:28  C:\Program Files\Common Files\InstallShield\UpdateService\isuspm       .exe
----a-w           588,288 2007-12-26 04:25:44  C:\Program Files\Common Files\InstallShield\UpdateService\isuspm      .exe
----a-w           588,288 2007-12-26 03:34:28  C:\Program Files\Common Files\InstallShield\UpdateService\isuspm     .exe
----a-w           588,288 2007-12-26 03:06:34  C:\Program Files\Common Files\InstallShield\UpdateService\isuspm    .exe
----a-w           213,936 2007-12-30 20:32:10  C:\Program Files\Common Files\InstallShield\UpdateService\isuspm   .exe
----a-w           213,936 2007-12-30 20:33:15  C:\Program Files\Common Files\InstallShield\UpdateService\isuspm  .exe
----a-w            45,056 2007-12-30 20:32:08  C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET .EXE
----a-w            57,344 2007-12-30 20:32:07  C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol .exe
----a-w           267,048 2007-12-30 20:32:11  C:\Program Files\iTunes\iTunesHelper .exe
----a-w            83,608 2007-12-30 20:32:06  C:\Program Files\Java\jre1.6.0_01\bin\jusched .exe
----a-w         1,121,792 2007-12-30 20:32:12  C:\Program Files\McAfee\SpamKiller\MSKDetct .exe
----a-w           282,624 2007-12-26 03:34:50  C:\Program Files\QuickTime\qttask          .exe
----a-w           661,504 2007-12-29 11:26:20  C:\Program Files\QuickTime\QTTask         .exe
----a-w           661,504 2007-12-29 11:14:16  C:\Program Files\QuickTime\QTTask        .exe
----a-w           661,504 2007-12-29 11:04:31  C:\Program Files\QuickTime\QTTask       .exe
----a-w           661,504 2007-12-29 10:47:45  C:\Program Files\QuickTime\QTTask      .exe
----a-w           661,504 2007-12-29 10:39:52  C:\Program Files\QuickTime\QTTask     .exe
----a-w           661,504 2007-12-29 10:26:53  C:\Program Files\QuickTime\QTTask    .exe
----a-w           661,504 2007-12-29 10:05:14  C:\Program Files\QuickTime\QTTask   .exe
----a-w           661,504 2007-12-28 03:36:39  C:\Program Files\QuickTime\QTTask  .exe
----a-w           661,504 2007-12-26 06:34:31  C:\Program Files\QuickTime\QTTask .exe
----a-w           204,288 2007-12-24 03:55:28  C:\Program Files\Windows Media Player\WMPNSCFG .exe
------w            67,584 2007-12-29 10:47:50  C:\WINDOWS\ehome\ehtray .exe
------w           169,984 2007-12-31 07:27:16  C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
----a-w            15,360 2008-01-03 22:50:00  C:\WINDOWS\system32\ctfmon .exe
</pre>

((((((((((((((((((((((((((((( snapshot_2008-01-05_18.19.32.96 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-12-10 09:51:34 413,696 ----a-w C:\WINDOWS\Downloaded Program Files\ttinst.dll
+ 2008-01-06 02:35:58 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_7b0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-03 16:50 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [ ]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2007-12-26 00:34 344064]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [ ]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [ ]
"CTHelper"="CTHELPER.EXE" [2004-03-11 14:50 28672 C:\WINDOWS\system32\CTHELPER.EXE]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-05-29 19:34 5419008]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Extender Resource Monitor.lnk - C:\WINDOWS\ehome\RMSysTry.exe [2005-10-20 17:55:40]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ImageMixer for HDD Camcorder.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ImageMixer for HDD Camcorder.lnk
backup=C:\WINDOWS\pss\ImageMixer for HDD Camcorder.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdwareAlert]
C:\Program Files\AdwareAlert\AdwareAlert.exe -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2006-10-23 06:50 71216 -ra------ C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2006-02-09 16:34 106496 --a--c--- C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-01-03 16:50 15360 --a------ C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
C:\Program Files\DellSupport\DSAgnt.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-09-08 04:20 122940 --a------ C:\WINDOWS\System32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 02:12 94208 --a------ C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2007-03-19 06:58 82864 --a------ C:\Program Files\Lexmark 5400 Series\ezprint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2006-09-25 18:52 50736 --a------ C:\Program Files\Common Files\AOL\1179615398\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 01:41 49152 --a------ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe -scheduler

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 5400 Series Fax Server]
C:\Program Files\Lexmark 5400 Series\fm3032.exe /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXCTCATS]
rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxctmon.exe]
2007-03-19 06:58 291760 --a------ C:\Program Files\Lexmark 5400 Series\lxctmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Magical Gatherings]
C:\Program Files\Magical Gatherings\Magical Gatherings.exe -r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 15:40 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QdrModule11]
C:\Program Files\QdrModule\QdrModule11.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QdrPack11]
C:\Program Files\QdrPack\QdrPack11.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask .exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Simple Star PhotoShow Media Manager]
2006-01-13 15:22 233472 --a------ C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-05-21 11:43 68856 --a------ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uaol]
C:\WINDOWS\YSTEM~1\msiexec.exe -vt yazb

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UltimateBuddy]
2007-08-07 08:33 1029352 --a------ C:\Program Files\UltimateBuddy\UltimateBuddy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 00:00 90112 --------- C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2007-12-29 13:59 204288 --a------ C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -quiet

R2 RMSvc;Media Center Extender Resource Monitor;C:\WINDOWS\ehome\RMSvc.exe [2005-10-20 17:55]
S3 QWAVE;QWAVE service;C:\WINDOWS\system32\svchost.exe [2004-08-10 04:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd6313a2-b3cc-11dc-a87c-00038a000015}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://www.mgae.com/keylauncher/?code=3654339762556911

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-01-05 09:00:00 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert .exe
- C:\Program Files\AdwareAlert
"2008-01-01 20:19:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-05 00:30:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (ONEILMAIN-Shawn).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
"2008-01-06 02:50:00 C:\WINDOWS\Tasks\User_Feed_Synchronization-{CBAB6592-4352-4D85-B3ED-056C128B2498}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-05 20:49:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-05 20:50:15
ComboFix-quarantined-files.txt 2008-01-06 02:50:12
ComboFix2.txt 2008-01-06 00:19:53
ComboFix3.txt 2008-01-05 16:47:44
ComboFix4.txt 2007-12-29 11:59:28
ComboFix5.txt 2007-12-29 11:28:56
.
2007-12-12 09:05:57 --- E O F ---

Hijack This:

Logfile of HijackThis v1.99.1
Scan saved at 10:20:49 PM, on 1/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Shawn\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://game1.pogo.com/cdl/launcher/P...rInstaller.CAB
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_inst...syInstallX.CAB
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://onlinedesigner.hgtv.com/images/app/view22rte.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.31.3/ttinst.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/download...ameManager.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...91/mcfscan.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

**Pancake** · 01-05-2008, 09:58 PM

Because this is a fairly new virus we are still working on better ways to clean it.It has contaminated a number of files which will need to be replaced and that is why I want you to delete just the Combofix.exe file from your desktop.Download the newer version from the same place as before and run it..dont bother posting a log.When you have done that carry out these instructions.....

Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open *notepad* and copy/paste the text in the quotebox below into it:

Code:

File::
C:\Program Files\QuickTime\QTTask         .exe
C:\Program Files\QuickTime\QTTask        .exe
C:\Program Files\QuickTime\QTTask       .exe
C:\Program Files\QuickTime\QTTask      .exe
C:\Program Files\QuickTime\QTTask     .exe
C:\Program Files\QuickTime\QTTask    .exe
C:\Program Files\QuickTime\QTTask   .exe
C:\Program Files\QuickTime\QTTask  .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm       .exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm      .exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm     .exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm    .exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm   .exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm  .exe

RenV::
----a-w           344,064 2007-12-26 06:34:41  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx .exe
----a-w            86,960 2007-12-30 20:32:09  C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
----a-w           213,936 2007-12-26 06:34:45  C:\Program Files\Common Files\InstallShield\UpdateService\isuspm        .exe
----a-w            45,056 2007-12-30 20:32:08  C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET .EXE
----a-w            57,344 2007-12-30 20:32:07  C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol .exe
----a-w           267,048 2007-12-30 20:32:11  C:\Program Files\iTunes\iTunesHelper .exe
----a-w            83,608 2007-12-30 20:32:06  C:\Program Files\Java\jre1.6.0_01\bin\jusched .exe
----a-w         1,121,792 2007-12-30 20:32:12  C:\Program Files\McAfee\SpamKiller\MSKDetct .exe
----a-w           282,624 2007-12-26 03:34:50  C:\Program Files\QuickTime\qttask          .exe
----a-w           204,288 2007-12-24 03:55:28  C:\Program Files\Windows Media Player\WMPNSCFG .exe
------w            67,584 2007-12-29 10:47:50  C:\WINDOWS\ehome\ehtray .exe
------w           169,984 2007-12-31 07:27:16  C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
----a-w            15,360 2008-01-03 22:50:00  C:\WINDOWS\system32\ctfmon .exe

Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.

Refering to the picture above, drag CFScript.txt into ComboFix.exe

Restart your computer.

When finished, it shall produce a log for you at C:\ComboFix.txt

Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please.

*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall*

01-02-2008, 04:49 PM	#2 (permalink)
WeatherNLU Registered User Join Date: Dec 2007 Posts: 18 OS: XP	Re: Need Help Please, Getting Popups and Buffer Overruns I know it hasn't been quite 72 hours yet (it's close), but I am desperate and to the point of wiping the computer out.

01-02-2008, 11:21 PM	#3 (permalink)
WeatherNLU Registered User Join Date: Dec 2007 Posts: 18 OS: XP	Re: Need Help Please, Getting Popups and Buffer Overruns I am trying not to be a pain in the rear and I see how busy you guys are here, but I am seeing a bunch of people who posted after me getting helped, so I am bumping this again incase someone is just not seeing it. I apologize in advance if I am doing this wrong, but I am desperate for some help. Thanks so much!

01-03-2008, 06:55 AM	#4 (permalink)
WeatherNLU Registered User Join Date: Dec 2007 Posts: 18 OS: XP	Re: Need Help Please, Getting Popups and Buffer Overruns Bumping

01-03-2008, 06:09 PM	#5 (permalink)
WeatherNLU Registered User Join Date: Dec 2007 Posts: 18 OS: XP	Re: Need Help Please, Getting Popups and Buffer Overruns Am I doing something wrong? If someone could just tell me what I am doing wrong I will fix it. I need help badly.

01-03-2008, 06:19 PM	#6 (permalink)
WeatherNLU Registered User Join Date: Dec 2007 Posts: 18 OS: XP	Re: Need Help Please, Getting Popups and Buffer Overruns Pretty please??

01-04-2008, 07:42 AM	#7 (permalink)
WeatherNLU Registered User Join Date: Dec 2007 Posts: 18 OS: XP	Re: Need Help Please, Getting Popups and Buffer Overruns Please!!!!!!

01-04-2008, 04:55 PM	#8 (permalink)
WeatherNLU Registered User Join Date: Dec 2007 Posts: 18 OS: XP	Re: Need Help Please, Getting Popups and Buffer Overruns I mean who did I piss off? No one wants to help me? I mean if not, just let me know and I will go away.

01-04-2008, 05:59 PM	#9 (permalink)
WeatherNLU Registered User Join Date: Dec 2007 Posts: 18 OS: XP	Re: Need Help Please, Getting Popups and Buffer Overruns Trying again.....maybe someone will actually see this.

01-04-2008, 10:28 PM	#10 (permalink)
WeatherNLU Registered User Join Date: Dec 2007 Posts: 18 OS: XP	Re: Need Help Please, Getting Popups and Buffer Overruns Bump Bump Bump Bump Bump

01-04-2008, 10:56 PM	#11 (permalink)
Pancake Security Team (ret.) Join Date: Nov 2003 Location: Victoria.Australia Posts: 7,404 OS: XP Pro SP3	Re: Need Help Please, Getting Popups and Buffer Overruns This will help to identify malware on your system. Please download Combofix from any of these locations: Here or Here Save ComboFix to the desktop and please ensure that you disable realtime security/virus programs that monitors your PC while CF is running. 1. Double click on combo.exe & follow the prompts. 2. When finished, it will produce a logfile located at C:\ComboFix.txt. 3. Copy and Paste the contents of that log in your next reply with a new hijackthis log. Do not use Code or html unless asked for. Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang. Caution...Never run and remove files using ComboFix without being supervised by a security analyst. __________________ Eddy

01-05-2008, 01:42 AM	#12 (permalink)
WeatherNLU Registered User Join Date: Dec 2007 Posts: 18 OS: XP	Re: Need Help Please, Getting Popups and Buffer Overruns Done.......... ComboFix: ComboFix 08-01-04.1 - Shawn 2008-01-05 2:25:15.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.442 [GMT -6:00] Running from: C:\Documents and Settings\Shawn\Desktop\Spyware Programs\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\ctfmon.exe.tmp C:\WINDOWS\system32\ddayv.dll C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\vyadd.ini C:\WINDOWS\system32\vyadd.ini2 . ((((((((((((((((((((((((( Files Created from 2007-12-05 to 2008-01-05 ))))))))))))))))))))))))))))))) . 2008-01-05 02:23 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-01 16:53 . 2008-01-01 16:53 89 --a------ C:\WINDOWS\PolkaDot.ini 2008-01-01 16:52 . 2008-01-01 16:52 <DIR> d-------- C:\Program Files\Common Files\Polka Dot 2008-01-01 16:52 . 2008-01-01 16:52 <DIR> d-------- C:\Program Files\Brighter Child 2008-01-01 16:51 . 2008-01-01 16:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Polka Dot 2007-12-31 01:53 . 2007-12-31 01:53 <DIR> d-------- C:\Deckard 2007-12-31 01:40 . 2007-12-31 01:40 <DIR> d-------- C:\ie-spyad_zo 2007-12-31 01:34 . 2007-12-31 01:37 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-12-31 01:34 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX 2007-12-31 00:44 . 2007-12-31 00:54 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-12-31 00:44 . 2007-12-31 00:44 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2007-12-31 00:44 . 2007-12-31 00:44 2,550 --------- C:\WINDOWS\system32\Uninstall.ico 2007-12-31 00:44 . 2007-12-31 00:44 1,406 --a------ C:\WINDOWS\system32\Help.ico 2007-12-30 16:07 . 2007-12-31 00:54 <DIR> d-------- C:\Program Files\Spybot 2007-12-30 16:07 . 2007-12-30 16:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-12-29 18:18 . 2007-12-29 18:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HipSoft 2007-12-29 04:49 . 2007-12-29 05:07 <DIR> d-------- C:\VundoFix Backups 2007-12-27 17:20 . 2007-12-27 17:20 <DIR> d-------- C:\Program Files\View22 2007-12-25 22:10 . 2008-01-04 09:57 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2007-12-25 22:10 . 2008-01-04 09:57 1,409 --a------ C:\WINDOWS\QTFont.for 2007-12-25 22:09 . 2008-01-04 17:43 <DIR> d-------- C:\Program Files\iTunes 2007-12-25 22:09 . 2007-12-25 22:09 <DIR> d-------- C:\Program Files\iPod 2007-12-25 22:04 . 2007-12-25 22:04 <DIR> d-------- C:\Program Files\Apple Software Update 2007-12-25 22:03 . 2007-12-25 22:03 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2007-12-25 22:03 . 2007-12-25 22:03 <DIR> d-------- C:\Program Files\Common Files\Apple 2007-12-25 22:03 . 2007-10-31 14:09 30,464 --------- C:\WINDOWS\system32\drivers\usbaapl.sys 2007-12-25 22:02 . 2007-12-25 22:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple 2007-12-25 19:54 . 2007-05-29 13:55 22,112 --------- C:\WINDOWS\system32\drivers\COH_Mon.sys 2007-12-25 19:54 . 2007-05-29 13:55 10,592 --------- C:\WINDOWS\system32\drivers\COH_Mon.cat 2007-12-25 19:54 . 2007-05-29 13:55 705 --------- C:\WINDOWS\system32\drivers\COH_Mon.inf 2007-12-24 12:28 . 2007-12-24 12:28 <DIR> d-------- C:\Documents and Settings\Shawn\Application Data\Symantec 2007-12-24 11:43 . 2007-12-31 00:55 <DIR> d-------- C:\Program Files\Norton 360 2007-12-24 11:41 . 2007-12-24 15:55 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-12-24 11:41 . 2007-12-24 15:55 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2007-12-24 11:41 . 2007-12-24 15:55 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2007-12-24 11:41 . 2007-12-24 15:55 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF 2007-12-24 11:38 . 2007-12-24 15:55 <DIR> d-------- C:\Program Files\Symantec 2007-12-24 11:38 . 2008-01-05 00:15 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared 2007-12-24 11:38 . 2008-01-05 02:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec 2007-12-24 00:19 . 2007-12-24 00:33 <DIR> d-------- C:\Documents and Settings\Shawn\.housecall6.6 2007-12-23 21:27 . 2007-12-24 11:27 <DIR> d-------- C:\Program Files\AdwareAlert 2007-12-23 21:27 . 2007-12-23 21:31 <DIR> d-------- C:\Documents and Settings\Shawn\Application Data\AdwareAlert 2007-12-23 21:21 . 2007-12-23 21:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-12-23 20:56 . 2007-12-23 20:56 <DIR> d-------- C:\WINDOWS\McAfee.com 2007-12-23 20:51 . 2008-01-03 16:50 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe 2007-12-19 20:52 . 2007-12-19 20:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Gogii 2007-12-18 21:02 . 2007-12-18 21:02 <DIR> d-------- C:\Documents and Settings\Shawn\Application Data\Home Sweet Home 2007-12-18 08:18 . 2007-12-18 08:18 <DIR> d-------- C:\Program Files\PhotoRescue 3.1.2.10607 PC 2007-12-11 10:57 . 2007-12-11 10:57 65,536 --------- C:\WINDOWS\system32\QuickTimeVR.qtx 2007-12-11 10:57 . 2007-12-11 10:57 49,152 --------- C:\WINDOWS\system32\QuickTime.qts 2007-12-07 14:16 . 2007-12-07 14:16 <DIR> d-------- C:\Documents and Settings\Shawn\Application Data\MysteryStudio 2007-12-05 19:31 . 2007-12-05 19:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MumboJumbo . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-02 23:00 --------- d-----w C:\Program Files\Dora`s Carnival 2 - Boardwalk Adventure 2007-12-31 06:55 --------- d-----w C:\Program Files\Lexmark 5400 Series 2007-12-31 06:55 --------- d-----w C:\Program Files\Common Files\LightScribe 2007-12-30 00:16 --------- d-----w C:\Program Files\Yahoo! Games 2007-12-29 11:26 --------- d-----w C:\Program Files\QuickTime 2007-12-29 05:12 --------- d-----w C:\Program Files\Morpheus Ultra 2007-12-26 04:10 --------- d-----w C:\Documents and Settings\Shawn\Application Data\Apple Computer 2007-12-26 04:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2007-12-24 16:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com 2007-12-24 03:21 --------- d-----w C:\Program Files\Lavasoft 2007-12-24 03:21 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-12-24 03:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee 2007-12-24 02:47 --------- d-----w C:\Program Files\Windows Plus 2007-12-24 02:47 --------- d-----w C:\Program Files\Shockwave.com 2007-12-23 20:55 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2007-12-19 02:03 --------- d-----w C:\Documents and Settings\Shawn\Application Data\Image Zone Express 2007-12-16 17:47 --------- d-----w C:\Program Files\Lx_cats 2007-12-16 03:08 1,393,627 ------w C:\WINDOWS\Mall Tycoon 2 Deluxe Uninstaller.exe 2007-12-07 20:16 --------- d-----w C:\Program Files\Gamenext 2007-12-03 01:39 --------- d-----w C:\Program Files\Viva Media 2007-12-02 18:01 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-02 17:31 --------- d-----w C:\Program Files\Barbie(TM) 2007-12-01 05:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys 2007-12-01 05:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys 2007-12-01 05:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys 2007-12-01 05:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat 2007-12-01 05:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat 2007-12-01 05:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat 2007-12-01 05:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf 2007-12-01 05:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf 2007-12-01 05:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf 2007-11-30 14:03 --------- d-----w C:\Program Files\Nick Jr. Arcade 2007-11-19 22:29 --------- d-----w C:\Program Files\Common Files\Oberon Media 2007-11-19 22:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Fugazo 2007-11-17 18:10 --------- d-----w C:\Documents and Settings\Shawn\Application Data\PlayFirst 2007-11-17 18:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst 2007-11-17 17:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\NannyMania 2007-11-17 15:34 --------- d-----w C:\Program Files\GameHouse 2007-11-17 15:34 --------- d-----w C:\Documents and Settings\Shawn\Application Data\My Games 2007-11-17 15:34 --------- d-----w C:\Documents and Settings\Shawn\Application Data\GameHouse 2007-11-16 04:26 --------- d-----w C:\Documents and Settings\Shawn\Application Data\Talkback 2007-11-13 10:25 20,480 ------w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-10 23:01 --------- d-----w C:\Program Files\Hexacto Games Hijack This: Logfile of HijackThis v1.99.1 Scan saved at 02:42, on 2008-01-05 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\ehome\RMSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\CTHELPER.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\ehome\RMSysTry.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Shawn\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll O2 - BHO: (no name) - {B5F8AB42-308E-367A-D25C-31E676F40EB3} - C:\WINDOWS\system32\czl.dll (file missing) O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://game1.pogo.com/cdl/launcher/P...rInstaller.CAB O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_inst...syInstallX.CAB O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://onlinedesigner.hgtv.com/images/app/view22rte.cab O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.30.14/ttinst.cab O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/download...ameManager.cab O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...91/mcfscan.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe Last edited by WeatherNLU; 01-05-2008 at 01:44 AM.

01-05-2008, 02:31 AM	#13 (permalink)
Pancake Security Team (ret.) Join Date: Nov 2003 Location: Victoria.Australia Posts: 7,404 OS: XP Pro SP3	Re: Need Help Please, Getting Popups and Buffer Overruns What is this "Polka Dot"? Can'nt say I have seen it before.Was that the complete Combofix log.It seems short.Has your problem been solved.... __________________ Eddy

01-05-2008, 09:39 AM	#14 (permalink)
WeatherNLU Registered User Join Date: Dec 2007 Posts: 18 OS: XP	Re: Need Help Please, Getting Popups and Buffer Overruns It's a game that I bought for my daughter at Best Buy. That's from a CD, nothing to do with the internet. Things seem to be a little better, but I am not sure it's completely fixed. I'll run ComboFix again, and post the new log but that was all that it gave me. Thanks!