Popups/can't connect to various sites.

ScottG489 · 08-09-2008, 04:55 PM

Hey, I've been a fan of your site for a while and fortunately haven't needed your help ever before until now.

I have recently been getting popups, mostly from porn websites. I also haven't been able to connect to various sites, notably gmail. The popups haven't been too bad. And it kinda seems the inability to connect to some sites is inconsistent. However, I am NEVER able to connect to gmail.

Now I am not 100% sure the inability to connect to the websites has anything to do with a bug on my computer, but hopefully the logs will tell you that.

I read the 5 step process so I hope I've done everything right.

One thing to note though, when I try to do the online Panda ActiveScan thing in step 2, I get various errors along the way including:

Oops! There's been an error...
Don't worry, we've taken note and we're working on a solution. Please try again later.

Anyways...

Here are my DSS results:

Deckard's System Scanner v20071014.68
Run by Scott on 2008-08-09 16:03:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
45: 2008-08-09 20:03:41 UTC - RP417 - Deckard's System Scanner Restore Point
44: 2008-08-09 07:14:08 UTC - RP416 - System Checkpoint
43: 2008-08-08 06:20:51 UTC - RP415 - System Checkpoint
42: 2008-08-07 06:16:41 UTC - RP414 - Last known good configuration
41: 2008-08-07 06:16:37 UTC - RP413 - Installed UltraMon

-- First Restore Point --
1: 2008-08-07 06:16:32 UTC - RP373 - Installed DirectX

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Scott.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:07:08 PM, on 8/9/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
C:\Program Files\Winamp Remote\bin\OrbMediaService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Winamp Remote\bin\Orb.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\program files\steam\steam.exe
C:\Program Files\No-IP\DUC20.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Scott\My Documents\My Downloads\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Scott.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\SnagIt 8\SnagItBHO.dll
O2 - BHO: (no name) - {099AC52C-1CD4-434C-9CC6-FF56DABB5010} - C:\WINDOWS\system32\tuvUMgGW.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {8AAD6F49-51DE-4A21-B4D3-A3B733944327} - C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\BU16A1YN\3077htsbdjyf[1].dll
O2 - BHO: {b623668c-411f-b849-2684-93b186d4530a} - {a0354d68-1b39-4862-948b-f114c866326b} - C:\WINDOWS\system32\kdmftw.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {DD85B0A1-2202-45FC-BCEC-35099C8B8EAd} - C:\WINDOWS\system32\ucauesum.dll
O2 - BHO: (no name) - {E78A4E2A-8295-4182-B28B-333173EDC0D4} - C:\WINDOWS\system32\ljJBsQjh.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [90de9f8d] rundll32.exe "C:\WINDOWS\system32\xmasoitw.dll",b
O4 - HKLM\..\Run: [BM93edac11] Rundll32.exe "C:\WINDOWS\system32\pkfsiytp.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Main Display.lnk = ?
O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: UltraMon.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.3.24.3\gears.dll
O9 - Extra 'Tools' menuitem: &Google Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.3.24.3\gears.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{63AD31E0-CA3E-468E-B894-EB756F47FF40}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: tuvUMgGW - C:\WINDOWS\SYSTEM32\tuvUMgGW.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c89399ca824af8) (gupdate1c89399ca824af8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: OrbMediaService - Orb Networks - C:\Program Files\Winamp Remote\bin\OrbMediaService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe
O24 - Desktop Component 1: (no name) - http://www.cybersalt.org/images/stor.../ringclock.swf

--
End of file - 11598 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
.js - jsfile - DefaultIcon - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe",7
.js - jsfile - shell\open\command - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 UltraMonUtility (UltraMon Utility Driver) - c:\program files\common files\realtime soft\ultramonmirrordrv\x32\ultramonutility.sys <Not Verified; Realtime Soft; UltraMon>
R3 UltraMonMirror - c:\windows\system32\drivers\ultramonmirror.sys <Not Verified; Realtime Soft; UltraMon>

S3 RT25USBAP (Nintendo Wi-Fi USB Connector Service) - c:\windows\system32\drivers\rt25usbap.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11g Wireless USB Adapters>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
R2 OrbMediaService - "c:\program files\winamp remote\bin\orbmediaservice.exe" <Not Verified; Orb Networks; Orb>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 wampapache - "c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server>
S3 wampmysqld - c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe wampmysqld
S4 GoToMyPC - "c:\program files\citrix\gotomypc\g2svc.exe" -service (file missing)

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\ATK0110\1010110
Manufacturer:
Name:
PNP Device ID: ACPI\ATK0110\1010110
Service:

-- Scheduled Tasks -------------------------------------------------------------

2008-08-09 12:42:01 296 --a------ C:\WINDOWS\Tasks\GoogleUpdateTask.job
2008-08-05 10:31:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-08-03 07:49:43 408 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job

-- Files created between 2008-07-09 and 2008-08-09 -----------------------------

2008-08-09 15:52:09 0 d-------- C:\Program Files\Panda Security
2008-08-09 08:29:13 2048 --a------ C:\WINDOWS\system32\qvyfgtpm.exe
2008-08-09 08:26:13 80384 --a------ C:\WINDOWS\system32\xmasoitw.dll
2008-08-09 08:23:14 96768 --a------ C:\WINDOWS\system32\kdmftw.dll
2008-08-09 08:23:13 96768 --a------ C:\WINDOWS\system32\ndobnmlk.dll
2008-08-09 08:20:13 90112 --a------ C:\WINDOWS\system32\pkfsiytp.dll
2008-08-09 00:23:09 0 d-------- C:\Program Files\Trend Micro
2008-08-08 17:11:56 0 d-------- C:\Documents and Settings\Scott\Application Data\Opera
2008-08-08 08:26:24 2048 --a------ C:\WINDOWS\system32\ikcrpocc.exe
2008-08-08 08:23:25 96256 --a------ C:\WINDOWS\system32\ywundo.dll
2008-08-08 08:23:24 96256 --a------ C:\WINDOWS\system32\kgqvumgf.dll
2008-08-08 08:20:24 90624 --a------ C:\WINDOWS\system32\hvvgefwd.dll
2008-08-07 12:13:08 0 d-------- C:\Program Files\KellySoftware
2008-08-07 08:29:25 94720 --a------ C:\WINDOWS\system32\jadkur.dll
2008-08-07 08:29:23 94720 --a------ C:\WINDOWS\system32\ayhjsuyx.dll
2008-08-07 08:23:23 2048 --a------ C:\WINDOWS\system32\kttexdad.exe
2008-08-07 08:20:23 91136 --a------ C:\WINDOWS\system32\chjabidm.dll
2008-08-07 02:17:56 95744 --a------ C:\WINDOWS\system32\euidmd.dll
2008-08-07 02:17:53 95744 --a------ C:\WINDOWS\system32\ihepancs.dll
2008-08-07 02:17:08 118784 --a------ C:\WINDOWS\system32\ucauesum.dll
2008-08-07 02:16:22 889837 --ahs---- C:\WINDOWS\system32\hjQsBJjl.ini2
2008-08-07 02:16:16 246272 --a------ C:\WINDOWS\system32\ljJBsQjh.dll
2008-08-07 02:12:16 0 d-------- C:\Documents and Settings\Scott\Application Data\Realtime Soft
2008-08-07 02:12:11 0 d-------- C:\Program Files\UltraMon
2008-08-07 02:12:11 0 d-------- C:\Program Files\Common Files\Realtime Soft
2008-08-07 02:12:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Realtime Soft
2008-08-07 02:11:15 36864 --a------ C:\WINDOWS\system32\tuvUMgGW.dll
2008-08-07 02:11:15 36864 --a------ C:\WINDOWS\system32\byXOFVnk.dll
2008-08-01 19:52:42 669184 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-08-01 19:41:44 0 d-------- C:\WINDOWS\Prefetch
2008-08-01 19:20:21 0 d-------- C:\Documents and Settings\All Users\Application Data\NCH Software
2008-08-01 19:20:10 0 d-------- C:\Program Files\NCH Swift Sound
2008-08-01 19:20:10 0 d-------- C:\Documents and Settings\Scott\Application Data\NCH Swift Sound
2008-08-01 19:20:10 0 d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-08-01 17:06:57 0 d-------- C:\WINDOWS\system32\scripting
2008-08-01 17:06:56 0 d-------- C:\WINDOWS\system32\en
2008-08-01 17:06:56 0 d-------- C:\WINDOWS\l2schemas
2008-07-24 16:34:06 0 d-------- C:\Program Files\No-IP
2008-07-14 23:57:29 0 d-------- C:\wamp
2008-07-14 23:44:02 0 d-------- C:\website
2008-07-13 12:22:49 0 d-------- C:\Program Files\The Specialists

-- Find3M Report ---------------------------------------------------------------

2008-08-09 13:05:24 0 d-------- C:\Program Files\Viewpoint
2008-08-09 12:42:23 0 d-------- C:\Program Files\Steam
2008-08-09 07:41:53 0 d-------- C:\Program Files\LogMeIn
2008-08-08 18:23:25 0 d-------- C:\Program Files\Winamp Remote
2008-08-07 19:23:26 0 d-------- C:\Documents and Settings\Scott\Application Data\ZoomBrowser EX
2008-08-07 02:12:31 0 d-------- C:\Documents and Settings\Scott\Application Data\Azureus
2008-08-07 02:12:11 0 d-------- C:\Program Files\Common Files
2008-08-06 13:32:07 4096 --a------ C:\WINDOWS\system32\crash
2008-08-06 11:08:16 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-08-03 05:00:00 0 d-------- C:\Program Files\Norton Security Scan
2008-08-01 18:43:03 0 d-------- C:\Program Files\Windows Grep
2008-08-01 17:07:06 0 d-------- C:\Program Files\Messenger
2008-08-01 17:06:56 0 d-------- C:\Program Files\Movie Maker
2008-08-01 17:05:30 0 d-------- C:\Program Files\Windows NT
2008-07-31 06:58:47 0 d-------- C:\Program Files\Spyware Doctor
2008-07-29 08:06:53 0 d-------- C:\Program Files\Java
2008-07-25 15:08:15 0 d-------- C:\Program Files\Google
2008-07-24 17:05:07 0 d-------- C:\Program Files\Windows Media Connect 2
2008-07-24 17:05:06 0 d-------- C:\Program Files\SnagIt 8
2008-07-24 17:05:04 0 d-------- C:\Program Files\Halo 2
2008-07-24 17:05:04 0 d-------- C:\Program Files\Gizmo5
2008-07-24 17:05:03 0 d-------- C:\Program Files\DivX
2008-07-24 17:05:03 0 d-------- C:\Program Files\Desktop Waller
2008-07-24 17:04:59 5632 --ahs---- C:\Program Files\Common Files\Thumbs.db
2008-07-24 17:04:59 0 d-------- C:\Program Files\AIM
2008-07-21 11:00:16 0 d-------- C:\Documents and Settings\Scott\Application Data\Adobe
2008-07-20 23:52:13 56794 --a------ C:\Documents and Settings\Scott\Application Data\.googlewebacchosts
2008-07-15 00:46:36 0 d-------- C:\Program Files\HTML Validator
2008-07-14 23:53:10 0 d-------- C:\Program Files\PFConfig
2008-07-14 22:30:24 0 d-------- C:\Program Files\Winamp
2008-07-14 22:18:24 0 d-------- C:\Documents and Settings\Scott\Application Data\Winamp
2008-07-09 23:01:06 0 d-------- C:\Program Files\Diablo II
2008-07-09 20:22:40 0 d-------- C:\Documents and Settings\Scott\Application Data\SSH
2008-07-09 15:48:18 47536 --a------ C:\Documents and Settings\Scott\Application Data\GDIPFONTCACHEV1.DAT
2008-07-08 02:03:43 0 d-------- C:\Program Files\Common Files\Control Panels
2008-07-08 02:03:13 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-08 02:02:05 0 d-------- C:\Program Files\Bonjour
2008-07-07 13:44:52 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-07 13:44:44 0 d-------- C:\Program Files\SSH Communications Security
2008-07-07 01:36:38 0 d-------- C:\Program Files\Azureus
2008-07-03 12:28:41 0 d-------- C:\Documents and Settings\Scott\Application Data\Bioshock
2008-07-03 11:27:42 0 d-------- C:\Program Files\Electronic Arts
2008-07-01 23:53:10 18693 --a------ C:\WINDOWS\DIIUnin.dat
2008-07-01 23:50:13 21840 --a-----t C:\WINDOWS\system32\SIntfNT.dll
2008-07-01 23:50:13 17212 --a-----t C:\WINDOWS\system32\SIntf32.dll
2008-07-01 23:50:13 12067 --a-----t C:\WINDOWS\system32\SIntf16.dll
2008-07-01 23:36:24 2829 --a------ C:\WINDOWS\DIIUnin.pif
2008-07-01 23:36:24 94208 --a------ C:\WINDOWS\DIIUnin.exe <Not Verified; Blizzard Entertainment; Diablo II Uninstaller>
2008-06-20 15:54:56 0 d-------- C:\Documents and Settings\Scott\Application Data\SPORE Creature Creator
2008-06-20 00:08:00 0 d-------- C:\Documents and Settings\Scott\Application Data\Mozilla
2008-06-18 19:31:05 0 d-------- C:\Program Files\WiFiConnector

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{099AC52C-1CD4-434C-9CC6-FF56DABB5010}]
08/07/2008 02:11 AM 36864 --a------ C:\WINDOWS\system32\tuvUMgGW.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8AAD6F49-51DE-4A21-B4D3-A3B733944327}]
08/07/2008 02:24 AM 91648 --a------ C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\BU16A1YN\3077htsbdjyf[1].dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a0354d68-1b39-4862-948b-f114c866326b}]
08/09/2008 08:23 AM 96768 --a------ C:\WINDOWS\system32\kdmftw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DD85B0A1-2202-45FC-BCEC-35099C8B8EAd}]
08/07/2008 02:17 AM 118784 --a------ C:\WINDOWS\system32\ucauesum.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E78A4E2A-8295-4182-B28B-333173EDC0D4}]
08/07/2008 02:16 AM 246272 --a------ C:\WINDOWS\system32\ljJBsQjh.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/10/2006 01:35 PM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [12/18/2006 10:34 PM]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [07/13/2006 08:12 AM]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [08/29/2002 08:00 AM]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [08/29/2002 08:00 AM]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [08/03/2007 04:09 PM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [04/29/2008 10:32 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [01/24/2005 07:58 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [01/07/2008 01:04 AM]
"90de9f8d"="C:\WINDOWS\system32\xmasoitw.dll" [08/09/2008 08:26 AM]
"BM93edac11"="C:\WINDOWS\system32\pkfsiytp.dll" [08/09/2008 08:20 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 08:12 PM]
"AIM"="C:\Program Files\AIM\aim.exe" [08/01/2006 04:35 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [01/07/2008 12:45 AM]
"Steam"="c:\program files\steam\steam.exe" [03/27/2008 11:32 PM]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector" []
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [01/07/2008 04:02 PM]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Documents and Settings\Scott\Start Menu\Programs\Startup\
Main Display.lnk - C:\Documents and Settings\Scott\Application Data\Realtime Soft\UltraMon\3.0.2\Profiles\Main Display.umprofile [8/7/2008 3:48:51 AM]
No-IP DUC.lnk - C:\Program Files\No-IP\DUC20.exe [7/24/2008 4:34:06 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [1/7/2008 12:45:27 AM]
UltraMon.lnk - C:\WINDOWS\Installer\{AF0FA6D7-96F3-468A-ABB7-28BE006EA8E9}\IcoUltraMon.ico [8/7/2008 2:12:12 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{099AC52C-1CD4-434C-9CC6-FF56DABB5010}"= C:\WINDOWS\system32\tuvUMgGW.dll [08/07/2008 02:11 AM 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 05/28/2008 12:32 PM 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvUMgGW]
tuvUMgGW.dll 08/07/2008 02:11 AM 36864 C:\WINDOWS\system32\tuvUMgGW.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ljJBsQjh

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Google Web Accelerator.lnk
backup=C:\WINDOWS\pss\Run Google Web Accelerator.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Nintendo Wi-Fi USB Connector Registration Tool.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Nintendo Wi-Fi USB Connector Registration Tool.lnk
backup=C:\WINDOWS\pss\Run Nintendo Wi-Fi USB Connector Registration Tool.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Scott^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Scott\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gizmo5]
"C:\Program Files\Gizmo5\Gizmo5.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoToMyPC]
"C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -logon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Nero\Nero8\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
"C:\Program Files\Spyware Doctor\pctsTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
C:\Program Files\Nero\Nero8\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"C:\Program Files\Winamp\winampa.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"GoToMyPC"=2 (0x2)
"PnkBstrA"=2 (0x2)
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"wampmysqld"=3 (0x3)
"wampapache"=3 (0x3)
"Viewpoint Manager Service"=2 (0x2)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc

-- End of Deckard's System Scanner: finished at 2008-08-09 16:07:43 ------------

I am fairly computer knowledgeable and I will try to check this thread often to get back to you as soon as possible. I might be going out tonight, though. Thanks in advance!

ScottG489 · 08-12-2008, 10:58 AM

BUMP, please

**chemist** · 08-12-2008, 01:46 PM

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please explain why there is no antivirus program installed and running on this computer.

Connecting to the internet without antivirus protection is an open invitation for infection.

------------------------------------------------------

Quote:

C:\Documents and Settings\Scott\My Documents\My Downloads\dss.exe

Please note that tools are best Run from the Desktop. Save to the Desktop and then Run from the Desktop.

Easier to find and perform specialized functions which may be required. Thanks.

------------------------------------------------------

I see you have P2P software ( Azureus Vuze and Limewire ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

References for the risk of these programs are here, here, and here.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

If you decide to uninstall Azureus Vuze and Limewire, also delete these Folders if they still exist:

C:\Documents and Settings\Scott\Application Data\Azureus
C:\Documents and Settings\Scott\Application Data\LimeWire
C:\Program Files\Azureus
C:\Program Files\LimeWire

------------------------------------------------------

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

First, we need to install the Windows Recovery Console.

The Windows Recovery Console will allow you to boot up into a special recovery(repair) mode, if needed. This allows us to help you in the case that your computer has a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Download the file from this Microsoft page:

http://www.microsoft.com/downloads/d...displaylang=en

Do not be concerned that this file is for SP2 and you have SP3. It will work just fine on your system.

Save it as it is originally named to your Desktop.

Now close all open windows and programs, including all antivirus and antispyware programs. Get help here

Then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Recovery Console.

As part of installing the Recovery Console, ComboFix will begin to run. Your desktop may disappear. This is normal. It will return.

ComboFix will now automatically install the Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Windows Recovery Console option when you start your computer unless requested to by a helper.

Once the Recovery Console is installed, this blue window will appear:

Please continue as follows:

Close/disable all antivirus and antispyware programs so they do not interfere with the running of ComboFix. Get help here
Please click Yes to continue scanning for malware.

When the tool is finished, it will produce a log for you.

Please post that log, ComboFix.txt along with a new HijackThis log so we may continue cleansing the system.

------------------------------------------------------

Open HijackThis and click on 'Do a System Scan and Save a Logfile'. Save the logfile and post it here.

------------------------------------------------------

Please post the following in your next reply:

C:\ComboFix.txt
new HijackThis log

If you have any questions along the way...STOP and ask them before proceeding.

ScottG489 · 08-12-2008, 02:22 PM

First let me say thank you very much for responding. I have been waiting for about 3 days lol.

I'd also like to point out real quick that since I originally ran dss.exe I have set up a second monitor.

To answer your first question. the reason I don't have an antivirus running on this computer is because (1) I could never really find a good free antivirus program, (2) I'm afraid they will slow down my computer while gaming occasionally, (3) I actually do have Spyware Doctor on this computer (got it with the Google Pack) but for the reason that I don't really believe that many antivirus programs work very well (at least free ones), that they seem to use up a lot of CPU usage, and was blocking some programs from starting up, I leave it close for extended periods of time. If you could recommend a good free program that doesn't hog up too much of my CPU I would happily try it out since someone like you would have a lot of knowledge on this subject.

I just moved dss.exe to my desktop.

I am also aware of the dangers of using P2P programs but they are a very integrated part of how I work on my computer. I totally understand where you are coming from though.

I just downloaded and then put ComboFix.exe onto my desktop

I am now closing this window and am going to follow the rest of the steps from a text file. I figure I will just post this then post my results when I finish following your steps.

ScottG489 · 08-12-2008, 03:48 PM

OK, I followed the directions and ran ComboFix.exe. It seemed to run fine and then it went to restart my computer. It was on the "Windows is shutting down" screen for about 15-20 minutes I'm guessing when I decided to just press my restart button because I didn't believe that it was going to shut down itself.

After my computer restarted the log.txt file was open (from ComboFix. I then also ran HijackThis and got a hijackthis.log. Both logs are posted below.

Here is the ComboFix.txt and hijackthis.log files respectively:

ComboFix 08-08-12.01 - Scott 2008-08-12 16:41:24.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526 [GMT -4:00]
Running from: C:\Documents and Settings\Scott\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Scott\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Scott\Application Data\macromedia\Flash Player\#SharedObjects\ANQSDRXB\interclick.com
C:\Documents and Settings\Scott\Application Data\macromedia\Flash Player\#SharedObjects\ANQSDRXB\interclick.com\ud.sol
C:\Documents and Settings\Scott\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Scott\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\temp.dmf
C:\WINDOWS\BM93edac11.txt
C:\WINDOWS\BM93edac11.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\ayhjsuyx.dll
C:\WINDOWS\system32\byXOFVnk.dll
C:\WINDOWS\system32\ctoglw.dll
C:\WINDOWS\system32\dxvttc.dll
C:\WINDOWS\system32\euidmd.dll
C:\WINDOWS\system32\fghupgif.dll
C:\WINDOWS\system32\hjQsBJjl.ini
C:\WINDOWS\system32\hjQsBJjl.ini2
C:\WINDOWS\system32\hvvgefwd.dll
C:\WINDOWS\system32\ihepancs.dll
C:\WINDOWS\system32\iugfltvy.dll
C:\WINDOWS\system32\ixkxggxr.dll
C:\WINDOWS\system32\jadkur.dll
C:\WINDOWS\system32\jyinfrry.ini
C:\WINDOWS\system32\kdmftw.dll
C:\WINDOWS\system32\kfalglwt.ini
C:\WINDOWS\system32\kgqvumgf.dll
C:\WINDOWS\system32\lhjjsl.dll
C:\WINDOWS\system32\ljJBsQjh.dll
C:\WINDOWS\system32\ndobnmlk.dll
C:\WINDOWS\system32\nemtbddw.dll
C:\WINDOWS\system32\nfsiqetp.ini
C:\WINDOWS\system32\ngaimdug.dll
C:\WINDOWS\system32\oxdkigds.dll
C:\WINDOWS\system32\pkfsiytp.dll
C:\WINDOWS\system32\pteqisfn.dll
C:\WINDOWS\system32\rhvjeptd.dll
C:\WINDOWS\system32\rxggxkxi.ini
C:\WINDOWS\system32\tuvUMgGW.dll
C:\WINDOWS\system32\twlglafk.dll
C:\WINDOWS\system32\ucauesum.dll
C:\WINDOWS\system32\uwuqnhss.dll
C:\WINDOWS\system32\wtiosamx.ini
C:\WINDOWS\system32\xlgwvxtw.dll
C:\WINDOWS\system32\xttkdccs.dll
C:\WINDOWS\system32\ygpixafp.ini
C:\WINDOWS\system32\yqibie.dll
C:\WINDOWS\system32\yvtlfgui.ini
C:\WINDOWS\system32\ywundo.dll
C:\WINDOWS\system32\yxmqgwvx.ini

.
((((((((((((((((((((((((( Files Created from 2008-07-12 to 2008-08-12 )))))))))))))))))))))))))))))))
.

2008-08-12 01:25 . 2008-08-12 01:25 <DIR> d-------- C:\Documents and Settings\Scott\mindterm
2008-08-11 18:20 . 2008-08-11 18:20 2,048 --a------ C:\WINDOWS\system32\crtmglko.exe
2008-08-11 17:52 . 2008-08-11 17:52 2,048 --a------ C:\WINDOWS\system32\sirvntrq.exe
2008-08-11 08:23 . 2008-08-11 08:23 2,048 --a------ C:\WINDOWS\system32\bosvswbt.exe
2008-08-10 08:30 . 2008-08-10 08:30 2,048 --a------ C:\WINDOWS\system32\ajflvgcl.exe
2008-08-09 17:50 . 2008-08-09 17:50 <DIR> d-------- C:\ie-spyad_zo
2008-08-09 17:47 . 2008-08-09 17:49 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-08-09 16:02 . 2008-08-09 16:02 <DIR> d-------- C:\Deckard
2008-08-09 15:52 . 2008-08-09 15:52 <DIR> d-------- C:\Program Files\Panda Security
2008-08-09 08:29 . 2008-08-09 08:29 2,048 --a------ C:\WINDOWS\system32\qvyfgtpm.exe
2008-08-09 00:23 . 2008-08-09 00:23 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-08 08:26 . 2008-08-08 08:26 2,048 --a------ C:\WINDOWS\system32\ikcrpocc.exe
2008-08-07 12:13 . 2008-08-07 14:42 <DIR> d-------- C:\Program Files\KellySoftware
2008-08-07 08:23 . 2008-08-07 08:23 2,048 --a------ C:\WINDOWS\system32\kttexdad.exe
2008-08-07 02:12 . 2008-08-07 02:12 <DIR> d-------- C:\Program Files\UltraMon
2008-08-07 02:12 . 2008-08-07 02:12 <DIR> d-------- C:\Program Files\Common Files\Realtime Soft
2008-08-07 02:12 . 2008-08-07 02:12 <DIR> d-------- C:\Documents and Settings\Scott\Application Data\Realtime Soft
2008-08-07 02:12 . 2008-08-07 02:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Realtime Soft
2008-08-01 19:52 . 2008-08-01 19:52 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-08-01 19:52 . 2008-08-01 19:52 22,328 --a------ C:\Documents and Settings\Scott\Application Data\PnkBstrK.sys
2008-08-01 19:20 . 2008-08-01 19:26 <DIR> d-------- C:\Program Files\NCH Swift Sound
2008-08-01 19:20 . 2008-08-01 19:20 <DIR> d-------- C:\Documents and Settings\Scott\Application Data\NCH Swift Sound
2008-08-01 19:20 . 2008-08-01 19:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-08-01 19:20 . 2008-08-01 19:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Software
2008-08-01 17:06 . 2008-08-01 17:06 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-01 17:06 . 2008-08-01 17:06 <DIR> d-------- C:\WINDOWS\system32\en
2008-08-01 17:06 . 2008-08-01 17:06 <DIR> d-------- C:\WINDOWS\l2schemas
2008-07-24 16:34 . 2008-07-24 16:34 <DIR> d-------- C:\Program Files\No-IP
2008-07-14 23:57 . 2008-07-25 00:56 <DIR> d-------- C:\wamp
2008-07-14 23:44 . 2008-07-25 00:52 <DIR> d-------- C:\website
2008-07-13 12:22 . 2008-07-13 12:22 <DIR> d-------- C:\Program Files\The Specialists

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-12 21:04 --------- d-----w C:\Program Files\Steam
2008-08-12 06:11 --------- d-----w C:\Program Files\LogMeIn
2008-08-11 23:26 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-11 21:55 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-11 21:50 --------- d-----w C:\Documents and Settings\Scott\Application Data\SSH
2008-08-10 22:36 --------- d-----w C:\Program Files\Winamp Remote
2008-08-10 22:34 --------- d-----w C:\Program Files\Norton Security Scan
2008-08-10 00:37 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-08-09 17:05 --------- d-----w C:\Program Files\Viewpoint
2008-08-09 17:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-08-07 23:23 --------- d-----w C:\Documents and Settings\Scott\Application Data\ZoomBrowser EX
2008-08-07 23:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-08-07 06:12 --------- d-----w C:\Documents and Settings\Scott\Application Data\Azureus
2008-08-02 00:43 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-08-01 23:52 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-08-01 23:52 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-08-01 22:43 --------- d-----w C:\Program Files\Windows Grep
2008-07-31 10:58 --------- d-----w C:\Program Files\Spyware Doctor
2008-07-29 12:06 --------- d-----w C:\Program Files\Java
2008-07-25 19:08 --------- d-----w C:\Program Files\Google
2008-07-24 21:05 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-07-24 21:05 --------- d-----w C:\Program Files\SnagIt 8
2008-07-24 21:05 --------- d-----w C:\Program Files\Halo 2
2008-07-24 21:05 --------- d-----w C:\Program Files\Gizmo5
2008-07-24 21:05 --------- d-----w C:\Program Files\DivX
2008-07-24 21:05 --------- d-----w C:\Program Files\Desktop Waller
2008-07-24 21:04 5,632 --sha-w C:\Program Files\Common Files\Thumbs.db
2008-07-24 21:04 --------- d-----w C:\Program Files\AIM
2008-07-15 04:46 --------- d-----w C:\Program Files\HTML Validator
2008-07-15 03:53 --------- d-----w C:\Program Files\PFConfig
2008-07-15 02:30 --------- d-----w C:\Program Files\Winamp
2008-07-15 02:18 --------- d-----w C:\Documents and Settings\Scott\Application Data\Winamp
2008-07-10 03:01 --------- d-----w C:\Program Files\Diablo II
2008-07-09 19:48 47,536 ----a-w C:\Documents and Settings\Scott\Application Data\GDIPFONTCACHEV1.DAT
2008-07-08 06:03 --------- d-----w C:\Program Files\Common Files\Control Panels
2008-07-08 06:03 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-08 06:02 --------- d-----w C:\Program Files\Bonjour
2008-07-07 17:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-07 17:44 --------- d-----w C:\Program Files\SSH Communications Security
2008-07-07 05:36 --------- d-----w C:\Program Files\Azureus
2008-07-03 16:28 --------- d-----w C:\Documents and Settings\Scott\Application Data\Bioshock
2008-07-03 15:27 --------- d-----w C:\Program Files\Electronic Arts
2008-07-02 03:50 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2008-07-02 03:50 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2008-07-02 03:50 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2008-07-02 03:36 94,208 ----a-w C:\WINDOWS\DIIUnin.exe
2008-07-02 03:36 2,829 ----a-w C:\WINDOWS\DIIUnin.pif
2008-06-20 19:54 --------- d-----w C:\Documents and Settings\Scott\Application Data\SPORE Creature Creator
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 04:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogMeIn
2008-06-18 23:31 --------- d-----w C:\Program Files\WiFiConnector
2008-06-16 16:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-28 16:33 83,288 ----a-w C:\WINDOWS\system32\LMIRfsClientNP.dll
2008-05-28 16:32 87,352 ----a-w C:\WINDOWS\system32\LMIinit.dll
2008-05-28 16:32 24,608 ----a-w C:\WINDOWS\system32\LMIport.dll
2008-05-28 16:32 23,736 ----a-w C:\WINDOWS\system32\lmimirr.dll
2008-05-28 16:32 10,040 ----a-w C:\WINDOWS\system32\lmimirr2.dll
2008-04-05 02:58 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-09-30 21:07 161,862 ------w C:\Program Files\Common Files\uninstall.ico
2007-08-09 18:08 8,784 ----a-w C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-08-09 18:10 245,408 ----a-w C:\Program Files\mozilla firefox\plugins\unicows.dll
2006-05-03 09:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2007-12-13 22:02 96552 --a------ C:\Program Files\Nero\Nero8\InCD\NBHShx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector" [X]
"AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 16:35 67112]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-07 00:45 68856]
"Steam"="c:\program files\steam\steam.exe" [2008-03-27 23:32 1271032]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 16:02 495616]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 22:34 868352]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 08:00 455168]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 08:00 455168]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 16:09 63048]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-29 10:32 29744]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 19:58 81920]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-07 01:04 185632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-25 21:23 443968]

C:\Documents and Settings\Scott\Start Menu\Programs\Startup\
Main Display.lnk - C:\Documents and Settings\Scott\Application Data\Realtime Soft\UltraMon\3.0.2\Profiles\Main Display.umprofile [2008-08-07 03:48:51 237]
No-IP DUC.lnk - C:\Program Files\No-IP\DUC20.exe [2008-07-24 16:34:06 1172992]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-01-07 00:45:27 125624]
UltraMon.lnk - C:\WINDOWS\Installer\{AF0FA6D7-96F3-468A-ABB7-28BE006EA8E9}\IcoUltraMon.ico [2008-08-07 02:12:12 29310]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"msacm.divxa32"= divxa32.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Google Web Accelerator.lnk
backup=C:\WINDOWS\pss\Run Google Web Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Nintendo Wi-Fi USB Connector Registration Tool.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Nintendo Wi-Fi USB Connector Registration Tool.lnk
backup=C:\WINDOWS\pss\Run Nintendo Wi-Fi USB Connector Registration Tool.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Scott^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Scott\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gizmo5]
--a------ 2008-05-29 20:32 5267456 C:\Program Files\Gizmo5\Gizmo5.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-04 01:31 208952 C:\WINDOWS\ime\IMJP8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2007-12-13 22:02 1082152 C:\Program Files\Nero\Nero8\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-12-13 19:10 1688872 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
--a------ 2008-02-01 12:55 1103240 C:\Program Files\Spyware Doctor\pctsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 20:12 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-12-03 14:21 2213160 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 14:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2007-08-06 20:05 200704 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
--a------ 2007-12-13 22:02 2048808 C:\Program Files\Nero\Nero8\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-12 20:10 21898024 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-01-07 01:04 185632 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-07-09 17:33 36352 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"GoToMyPC"=2 (0x2)
"PnkBstrA"=2 (0x2)
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"wampmysqld"=3 (0x3)
"wampapache"=3 (0x3)
"Viewpoint Manager Service"=2 (0x2)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Steam\\steamapps\\goldcow64\\team fortress classic\\hl.exe"=
"C:\\Program Files\\Steam\\steamapps\\goldcow64\\condition zero deleted scenes\\hl.exe"=
"C:\\Program Files\\Steam\\steamapps\\goldcow64\\team fortress 2\\hl2.exe"=
"C:\\Program Files\\Steam\\steamapps\\goldcow64\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\Steam\\steamapps\\goldcow64\\counter-strike\\hl.exe"=
"C:\\Program Files\\Steam\\steamapps\\goldcow64\\day of defeat source\\hl2.exe"=
"C:\\Program Files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCry.exe"=
"C:\\Program Files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCryConfigurator.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Halo 2\\halo2.exe"=
"C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Steam\\steamapps\\goldcow64\\garrysmod\\hl2.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"=
"C:\\Program Files\\Gizmo5\\Gizmo5.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"C:\\Program Files\\Steam\\steamapps\\goldcow64\\half-life 2 deathmatch\\hl2.exe"=
"C:\\Program Files\\Steam\\steamapps\\goldcow64\\source sdk base\\hl2.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2008-02-28 15:31]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39]
R2 NeroRegInCDSrv;Nero Registry InCD Service;C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2007-12-13 22:02]
R2 UltraMonUtility;UltraMon Utility Driver;C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2006-09-24 20:22]
R3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys [2006-09-24 20:23]
S2 gupdate1c89399ca824af8;Google Update Service (gupdate1c89399ca824af8);C:\Program Files\Google\Update\GoogleUpdate.exe [2008-07-15 21:32]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-04-29 10:32]
S3 radpms;Driver for RADPMS Device;C:\WINDOWS\system32\DRIVERS\radpms.sys [2007-08-03 16:04]
S4 wampapache;wampapache;c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe [2008-01-18 00:37]
S4 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe wampmysqld []
.
Contents of the 'Scheduled Tasks' folder

2008-08-12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2008-08-10 C:\WINDOWS\Tasks\Norton Security Scan.job
- C:\Program Files\Norton Security Scan\Nss.exe [2007-09-19 00:42]
.
- - - - ORPHANS REMOVED - - - -

BHO-{8AAD6F49-51DE-4A21-B4D3-A3B733944327} - C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\BU16A1YN\3077htsbdjyf[1].dll
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKLM-Run-BM93edac11 - C:\WINDOWS\system32\fghupgif.dll
HKLM-Run-90de9f8d - C:\WINDOWS\system32\iugfltvy.dll
MSConfigStartUp-GoToMyPC - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
MSConfigStartUp-iTunesHelper - C:\Program Files\iTunes\iTunesHelper.exe
MSConfigStartUp-RocketDock - C:\Program Files\RocketDock\RocketDock.exe
MSConfigStartUp-CTFMON - (no file)

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\dvcqly7h.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/ig
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - c:\Program Files\Microsoft Silverlight\2.0.30523.6\npctrl.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npRACtrl.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-12 17:04:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\LogMeIn\x86\ramaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Winamp Remote\bin\OrbMediaService.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
.
**************************************************************************
.
Completion time: 2008-08-12 17:25:50 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-12 21:24:47

Pre-Run: 50,215,661,568 bytes free
Post-Run: 50,683,768,832 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /usepmtimer

381 --- E O F --- 2008-08-02 04:36:05

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:46:24 PM, on 8/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
C:\Program Files\Winamp Remote\bin\OrbMediaService.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\SnagIt 8\SnagItBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Main Display.lnk = ?
O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: UltraMon.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.3.24.3\gears.dll
O9 - Extra 'Tools' menuitem: &Google Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.3.24.3\gears.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{63AD31E0-CA3E-468E-B894-EB756F47FF40}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c89399ca824af8) (gupdate1c89399ca824af8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: OrbMediaService - Orb Networks - C:\Program Files\Winamp Remote\bin\OrbMediaService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O24 - Desktop Component 1: (no name) - http://www.cybersalt.org/images/stor.../ringclock.swf

--
End of file - 9075 bytes

**chemist** · 08-12-2008, 05:20 PM

Hello again, ScottG489. Please tell us how your system is behaving after doing the following.

Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Quote:

I'm afraid they will slow down my computer while gaming occasionally

Would you rather game and get infected or keep your computer from getting infected? Let me point out that you are encouraged to use all our other forums as much as you wish, but we only expect to see a user once in this forum. If you continue surfing the internet or gaming while not protected by an antivirus and get infected again, you will probably not receive further help in this forum.

Quote:

I actually do have Spyware Doctor on this computer (got it with the Google Pack) but for the reason that I don't really believe that many antivirus programs work very well (at least free ones), that they seem to use up a lot of CPU usage, and was blocking some programs from starting up, I leave it close for extended periods of time.

Not much good if you keep it closed. If you are not going to use it, I would uninstall it.

Quote:

If you could recommend a good free program that doesn't hog up too much of my CPU I would happily try it out

I can suggest a good, free one that is very easy on system resources in my next reply.

------------------------------------------------------

Close any open browsers.

Disable your antivirus and antispyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with ComboFix.

Open Notepad and copy/paste all the text in the quotebox below into Notepad:

Quote:

http://www.techsupportforum.com/security-center/hijackthis-log-help/278709-popups-can-t-connect-various-sites.html#post1645415

Colect::
C:\WINDOWS\system32\crtmglko.exe
C:\WINDOWS\system32\sirvntrq.exe
C:\WINDOWS\system32\bosvswbt.exe
C:\WINDOWS\system32\ajflvgcl.exe
C:\WINDOWS\system32\qvyfgtpm.exe
C:\WINDOWS\system32\ikcrpocc.exe
C:\WINDOWS\system32\kttexdad.exe

File::
C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

Folder::
C:\Program Files\Common Files\Symantec Shared
C:\Program Files\Viewpoint
C:\Documents and Settings\All Users\Application Data\Viewpoint

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service"=-

Save this Notepad file as CFScript.txt to your Desktop and then close the file.

Referring to the picture above, drag CFScript onto ComboFix

If you are prompted to update ComboFix, please click Yes

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, ComboFix.txt in your next reply.

Note:
Do not mouseclick ComboFix's window whilst it's running. That may cause it to stall.

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed.

With the above script, ComboFix will capture a file to submit for analysis.

Ensure you are connected to the internet and click OK. A browser will open. Simply follow the instructions to copy/paste/send the requested file.

Please let your helper know you successfully submitted the file.

------------------------------------------------------

You have old versions of Java still installed. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components.

Close any programs you may have running - especially your web browser.
Go to Start(or My Computer) > Control Panel and click on Add or Remove Programs
Click (highlight) the following items:
- Java(TM) 6 Update 2
- Java(TM) 6 Update 3
- Java(TM) 6 Update 5
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.

------------------------------------------------------

Please download ATF-Cleaner by Atribune and Save it to your Desktop.
This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

------------------------------------------------------

Please run this online scan to help look for remnants.

Go here to run an online scannner from ESET.

**Note**
To optimize scanning time and produce a more sensible report for review:

Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note: You will need to use Internet Explorer for this scan.
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the ActiveX control to install.
Close/disable all running programs, including your antivirus and all antispyware programs.
Click Start
Click Start
Make sure that the option Remove found threats is unchecked.
Make sure the option Scan unwanted applications is checked.
Click Scan
Wait for the scan to finish.
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic, along with a new HijackThis log and a description of any remaining problems.

------------------------------------------------------

Open HijackThis and click on 'Do a System Scan and Save a Logfile'. Save the logfile and post it here.

------------------------------------------------------

Please post the following in your next reply:

C:\ComboFix.txt
log.txt
new HijackThis log
report on system behavior

ScottG489 · 08-12-2008, 09:57 PM

Hey, the ESET scan too a while but everything went very well with the scans. Here are my ComboFix.txt, log.txt, and hijackthis.log respectively:

ComboFix 08-08-12.01 - Scott 2008-08-12 20:44:25.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1516 [GMT -4:00]
Running from: C:\Documents and Settings\Scott\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Scott\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
.

((((((((((((((((((((((((( Files Created from 2008-07-13 to 2008-08-13 )))))))))))))))))))))))))))))))
.

2008-08-12 01:25 . 2008-08-12 01:25 <DIR> d-------- C:\Documents and Settings\Scott\mindterm
2008-08-11 18:20 . 2008-08-11 18:20 2,048 --a------ C:\WINDOWS\system32\crtmglko.exe
2008-08-11 17:52 . 2008-08-11 17:52 2,048 --a------ C:\WINDOWS\system32\sirvntrq.exe
2008-08-11 08:23 . 2008-08-11 08:23 2,048 --a------ C:\WINDOWS\system32\bosvswbt.exe
2008-08-10 08:30 . 2008-08-10 08:30 2,048 --a------ C:\WINDOWS\system32\ajflvgcl.exe
2008-08-09 17:50 . 2008-08-09 17:50 <DIR> d-------- C:\ie-spyad_zo
2008-08-09 17:47 . 2008-08-09 17:49 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-08-09 16:02 . 2008-08-09 16:02 <DIR> d-------- C:\Deckard
2008-08-09 15:52 . 2008-08-09 15:52 <DIR> d-------- C:\Program Files\Panda Security
2008-08-09 08:29 . 2008-08-09 08:29 2,048 --a------ C:\WINDOWS\system32\qvyfgtpm.exe
2008-08-09 00:23 . 2008-08-09 00:23 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-08 08:26 . 2008-08-08 08:26 2,048 --a------ C:\WINDOWS\system32\ikcrpocc.exe
2008-08-07 12:13 . 2008-08-07 14:42 <DIR> d-------- C:\Program Files\KellySoftware
2008-08-07 08:23 . 2008-08-07 08:23 2,048 --a------ C:\WINDOWS\system32\kttexdad.exe
2008-08-07 02:12 . 2008-08-07 02:12 <DIR> d-------- C:\Program Files\UltraMon
2008-08-07 02:12 . 2008-08-07 02:12 <DIR> d-------- C:\Program Files\Common Files\Realtime Soft
2008-08-07 02:12 . 2008-08-07 02:12 <DIR> d-------- C:\Documents and Settings\Scott\Application Data\Realtime Soft
2008-08-07 02:12 . 2008-08-07 02:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Realtime Soft
2008-08-01 19:52 . 2008-08-01 19:52 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-08-01 19:52 . 2008-08-01 19:52 22,328 --a------ C:\Documents and Settings\Scott\Application Data\PnkBstrK.sys
2008-08-01 19:20 . 2008-08-01 19:26 <DIR> d-------- C:\Program Files\NCH Swift Sound
2008-08-01 19:20 . 2008-08-01 19:20 <DIR> d-------- C:\Documents and Settings\Scott\Application Data\NCH Swift Sound
2008-08-01 19:20 . 2008-08-01 19:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-08-01 19:20 . 2008-08-01 19:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Software
2008-08-01 17:06 . 2008-08-01 17:06 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-01 17:06 . 2008-08-01 17:06 <DIR> d-------- C:\WINDOWS\system32\en
2008-08-01 17:06 . 2008-08-01 17:06 <DIR> d-------- C:\WINDOWS\l2schemas
2008-07-24 16:34 . 2008-07-24 16:34 <DIR> d-------- C:\Program Files\No-IP
2008-07-14 23:57 . 2008-07-25 00:56 <DIR> d-------- C:\wamp
2008-07-14 23:44 . 2008-07-25 00:52 <DIR> d-------- C:\website
2008-07-13 12:22 . 2008-07-13 12:22 <DIR> d-------- C:\Program Files\The Specialists

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-12 21:04 --------- d-----w C:\Program Files\Steam
2008-08-12 06:11 --------- d-----w C:\Program Files\LogMeIn
2008-08-11 23:26 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-11 21:50 --------- d-----w C:\Documents and Settings\Scott\Application Data\SSH
2008-08-10 22:36 --------- d-----w C:\Program Files\Winamp Remote
2008-08-10 22:34 --------- d-----w C:\Program Files\Norton Security Scan
2008-08-10 00:37 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-08-07 23:23 --------- d-----w C:\Documents and Settings\Scott\Application Data\ZoomBrowser EX
2008-08-07 23:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-08-07 06:12 --------- d-----w C:\Documents and Settings\Scott\Application Data\Azureus
2008-08-02 00:43 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-08-01 23:52 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-08-01 23:52 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-08-01 22:43 --------- d-----w C:\Program Files\Windows Grep
2008-07-31 10:58 --------- d-----w C:\Program Files\Spyware Doctor
2008-07-29 12:06 --------- d-----w C:\Program Files\Java
2008-07-25 19:08 --------- d-----w C:\Program Files\Google
2008-07-24 21:05 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-07-24 21:05 --------- d-----w C:\Program Files\SnagIt 8
2008-07-24 21:05 --------- d-----w C:\Program Files\Halo 2
2008-07-24 21:05 --------- d-----w C:\Program Files\Gizmo5
2008-07-24 21:05 --------- d-----w C:\Program Files\DivX
2008-07-24 21:05 --------- d-----w C:\Program Files\Desktop Waller
2008-07-24 21:04 5,632 --sha-w C:\Program Files\Common Files\Thumbs.db
2008-07-24 21:04 --------- d-----w C:\Program Files\AIM
2008-07-15 04:46 --------- d-----w C:\Program Files\HTML Validator
2008-07-15 03:53 --------- d-----w C:\Program Files\PFConfig
2008-07-15 02:30 --------- d-----w C:\Program Files\Winamp
2008-07-15 02:18 --------- d-----w C:\Documents and Settings\Scott\Application Data\Winamp
2008-07-10 03:01 --------- d-----w C:\Program Files\Diablo II
2008-07-09 19:48 47,536 ----a-w C:\Documents and Settings\Scott\Application Data\GDIPFONTCACHEV1.DAT
2008-07-08 06:03 --------- d-----w C:\Program Files\Common Files\Control Panels
2008-07-08 06:03 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-08 06:02 --------- d-----w C:\Program Files\Bonjour
2008-07-07 17:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-07 17:44 --------- d-----w C:\Program Files\SSH Communications Security
2008-07-07 05:36 --------- d-----w C:\Program Files\Azureus
2008-07-03 16:28 --------- d-----w C:\Documents and Settings\Scott\Application Data\Bioshock
2008-07-03 15:27 --------- d-----w C:\Program Files\Electronic Arts
2008-07-02 03:50 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2008-07-02 03:50 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2008-07-02 03:50 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2008-07-02 03:36 94,208 ----a-w C:\WINDOWS\DIIUnin.exe
2008-07-02 03:36 2,829 ----a-w C:\WINDOWS\DIIUnin.pif
2008-06-20 19:54 --------- d-----w C:\Documents and Settings\Scott\Application Data\SPORE Creature Creator
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 04:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogMeIn
2008-06-18 23:31 --------- d-----w C:\Program Files\WiFiConnector
2008-06-16 16:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-28 16:33 83,288 ----a-w C:\WINDOWS\system32\LMIRfsClientNP.dll
2008-05-28 16:32 87,352 ----a-w C:\WINDOWS\system32\LMIinit.dll
2008-05-28 16:32 24,608 ----a-w C:\WINDOWS\system32\LMIport.dll
2008-05-28 16:32 23,736 ----a-w C:\WINDOWS\system32\lmimirr.dll
2008-05-28 16:32 10,040 ----a-w C:\WINDOWS\system32\lmimirr2.dll
2008-04-05 02:58 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-09-30 21:07 161,862 ------w C:\Program Files\Common Files\uninstall.ico
2007-08-09 18:08 8,784 ----a-w C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-08-09 18:10 245,408 ----a-w C:\Program Files\mozilla firefox\plugins\unicows.dll
2006-05-03 09:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2007-12-13 22:02 96552 --a------ C:\Program Files\Nero\Nero8\InCD\NBHShx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector" [X]
"AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 16:35 67112]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-07 00:45 68856]
"Steam"="c:\program files\steam\steam.exe" [2008-03-27 23:32 1271032]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 16:02 495616]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 22:34 868352]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 08:00 455168]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 08:00 455168]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 16:09 63048]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-29 10:32 29744]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 19:58 81920]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-07 01:04 185632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-25 21:23 443968]

C:\Documents and Settings\Scott\Start Menu\Programs\Startup\
Main Display.lnk - C:\Documents and Settings\Scott\Application Data\Realtime Soft\UltraMon\3.0.2\Profiles\Main Display.umprofile [2008-08-07 03:48:51 237]
No-IP DUC.lnk - C:\Program Files\No-IP\DUC20.exe [2008-07-24 16:34:06 1172992]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-01-07 00:45:27 125624]
UltraMon.lnk - C:\WINDOWS\Installer\{AF0FA6D7-96F3-468A-ABB7-28BE006EA8E9}\IcoUltraMon.ico [2008-08-07 02:12:12 29310]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"msacm.divxa32"= divxa32.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Google Web Accelerator.lnk
backup=C:\WINDOWS\pss\Run Google Web Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Nintendo Wi-Fi USB Connector Registration Tool.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Nintendo Wi-Fi USB Connector Registration Tool.lnk
backup=C:\WINDOWS\pss\Run Nintendo Wi-Fi USB Connector Registration Tool.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Scott^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Scott\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gizmo5]
--a------ 2008-05-29 20:32 5267456 C:\Program Files\Gizmo5\Gizmo5.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-04 01:31 208952 C:\WINDOWS\ime\IMJP8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2007-12-13 22:02 1082152 C:\Program Files\Nero\Nero8\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-12-13 19:10 1688872 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
--a------ 2008-02-01 12:55 1103240 C:\Program Files\Spyware Doctor\pctsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 20:12 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-12-03 14:21 2213160 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 14:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2007-08-06 20:05 200704 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
--a------ 2007-12-13 22:02 2048808 C:\Program Files\Nero\Nero8\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-12 20:10 21898024 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-01-07 01:04 185632 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-07-09 17:33 36352 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"GoToMyPC"=2 (0x2)
"PnkBstrA"=2 (0x2)
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"wampmysqld"=3 (0x3)
"wampapache"=3 (0x3)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Steam\\steamapps\\goldcow64\\team fortress classic\\hl.exe"=
"C:\\Program Files\\Steam\\steamapps\\goldcow64\\condition zero deleted scenes\\hl.exe"=
"C:\\Program Files\\Steam\\steamapps\\goldcow64\\team fortress 2\\hl2.exe"=
"C:\\Program Files\\Steam\\steamapps\\goldcow64\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\Steam\\steamapps\\goldcow64\\counter-strike\\hl.exe"=
"C:\\Program Files\\Steam\\steamapps\\goldcow64\\day of defeat source\\hl2.exe"=
"C:\\Program Files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCry.exe"=
"C:\\Program Files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCryConfigurator.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Halo 2\\halo2.exe"=
"C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Steam\\steamapps\\goldcow64\\garrysmod\\hl2.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"=
"C:\\Program Files\\Gizmo5\\Gizmo5.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"C:\\Program Files\\Steam\\steamapps\\goldcow64\\half-life 2 deathmatch\\hl2.exe"=
"C:\\Program Files\\Steam\\steamapps\\goldcow64\\source sdk base\\hl2.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39]
R2 UltraMonUtility;UltraMon Utility Driver;C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2006-09-24 20:22]
R3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys [2006-09-24 20:23]
S2 gupdate1c89399ca824af8;Google Update Service (gupdate1c89399ca824af8);C:\Program Files\Google\Update\GoogleUpdate.exe [2008-07-15 21:32]
S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2008-02-28 15:31]
S2 NeroRegInCDSrv;Nero Registry InCD Service;C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2007-12-13 22:02]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-04-29 10:32]
S3 radpms;Driver for RADPMS Device;C:\WINDOWS\system32\DRIVERS\radpms.sys [2007-08-03 16:04]
S4 wampapache;wampapache;c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe [2008-01-18 00:37]
S4 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe wampmysqld []
.
Contents of the 'Scheduled Tasks' folder

2008-08-12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2008-08-10 C:\WINDOWS\Tasks\Norton Security Scan.job
- C:\Program Files\Norton Security Scan\Nss.exe [2007-09-19 00:42]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-12 20:45:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2008-08-12 20:48:24
ComboFix-quarantined-files.txt 2008-08-13 00:47:22
ComboFix2.txt 2008-08-13 00:34:21
ComboFix3.txt 2008-08-12 21:25:51

Pre-Run: 50,700,861,440 bytes free
Post-Run: 50,686,132,224 bytes free

274 --- E O F --- 2008-08-02 04:36:05

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3350 (20080812)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=d03f192f849cef45b2b8f9bb510c8ed8
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2008-08-13 03:49:26
# local_time=2008-08-12 11:49:26 (-0500, Eastern Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=1157081
# found=9
# scan_time=6059
C:\Deckard\System Scanner\backup\DOCUME~1\Scott\LOCALS~1\Temp\removalfile.bat Win32/Adware.Virtumonde application 9A7EF09167A6F4433681B94351509043
C:\Documents and Settings\All Users\Documents\Program Files\AIM\Sysfiles\WxBug.EXE Win32/Adware.WBug.A application E0D92AC5FDD264E4ED40D45C75934F1B
C:\Documents and Settings\All Users\Documents\Program Files\AIM\Sysfiles\WxBug.EXE »WISE »MiniBugTransporter.dll Win32/Adware.WBug.A application 00000000000000000000000000000000
C:\Documents and Settings\All Users\Documents\Program Files\Barrel Mania\bmania.RWG probably unknown NewHeur_PE virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\byXOFVnk.dll.vir Win32/Adware.Virtumonde.FP application C3EDC108F090EEE423160E96DCA7A04C
C:\QooBox\Quarantine\C\WINDOWS\system32\ctoglw.dll.vir Win32/BHO.NFH trojan B51D11C81AF4153EA8A6A688D0468BE4
C:\QooBox\Quarantine\C\WINDOWS\system32\rhvjeptd.dll.vir Win32/Adware.AdMedia application 8CC6F12E3AEF1FA7FD45B5875CFB289A
C:\QooBox\Quarantine\C\WINDOWS\system32\tuvUMgGW.dll.vir Win32/Adware.Virtumonde.FP application C3EDC108F090EEE423160E96DCA7A04C
C:\QooBox\Quarantine\C\WINDOWS\system32\xlgwvxtw.dll.vir Win32/BHO.NFH trojan B51D11C81AF4153EA8A6A688D0468BE4

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:06:23 AM, on 8/13/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\SnagIt 8\SnagItBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Main Display.lnk = ?
O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: UltraMon.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.3.24.3\gears.dll
O9 - Extra 'Tools' menuitem: &Google Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.3.24.3\gears.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{63AD31E0-CA3E-468E-B894-EB756F47FF40}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c89399ca824af8) (gupdate1c89399ca824af8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: OrbMediaService - Orb Networks - C:\Program Files\Winamp Remote\bin\OrbMediaService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O24 - Desktop Component 1: (no name) - http://www.cybersalt.org/images/stor.../ringclock.swf

--
End of file - 9140 bytes

Edit: On my system behavior, I can now access my email. My popups weren't too frequent before so I won't know for a while if they have stopped for good. However, me not having connection problems with certain sites is a good sign.

**chemist** · 08-13-2008, 05:16 AM

Hello again, ScottG489. Almost done.

Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Close any open browsers.

Disable your antivirus and antispyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with ComboFix.

Open Notepad and copy/paste all the text in the quotebox below into Notepad:

Quote:

File::
C:\WINDOWS\system32\crtmglko.exe
C:\WINDOWS\system32\sirvntrq.exe
C:\WINDOWS\system32\bosvswbt.exe
C:\WINDOWS\system32\ajflvgcl.exe
C:\WINDOWS\system32\qvyfgtpm.exe
C:\WINDOWS\system32\ikcrpocc.exe
C:\WINDOWS\system32\kttexdad.exe
C:\Documents and Settings\All Users\Documents\Program Files\AIM\Sysfiles\WxBug.EXE

SkipFix::

Save this Notepad file as CFScript.txt to your Desktop and then close the file.

Referring to the picture above, drag CFScript onto ComboFix

If you are prompted to update ComboFix, please click Yes

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, ComboFix.txt in your next reply.

Note:
Do not mouseclick ComboFix's window whilst it's running. That may cause it to stall.

------------------------------------------------------

Open HijackThis and click on 'Do a System Scan and Save a Logfile'. Save the logfile and post it here.

------------------------------------------------------

Please post the following in your next reply:

C:\ComboFix.txt
new HijackThis log

ScottG489 · 08-13-2008, 08:38 AM

Hey, just woke up so sorry for a bit of a delay. You can call me Scott, btw, if you want haha.

Ran ComboFix.exe with that file and then I ran hijackthis.exe. ComboFix.txt and hijackthis.txt are posted below respectively.

Also, I haven't noticed any problems with the computer so everthing seems to be going well.

ComboFix 08-08-12.01 - Scott 2008-08-13 10:30:09.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1485 [GMT -4:00]
Running from: C:\Documents and Settings\Scott\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Scott\Desktop\CFScript.txt
* Created a new restore point
.
- REDUCED FUNCTIONALITY MODE -

FILE ::
C:\Documents and Settings\All Users\Documents\Program Files\AIM\Sysfiles\WxBug.EXE
C:\WINDOWS\system32\ajflvgcl.exe
C:\WINDOWS\system32\bosvswbt.exe
C:\WINDOWS\system32\crtmglko.exe
C:\WINDOWS\system32\ikcrpocc.exe
C:\WINDOWS\system32\kttexdad.exe
C:\WINDOWS\system32\qvyfgtpm.exe
C:\WINDOWS\system32\sirvntrq.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Documents\Program Files\AIM\Sysfiles\WxBug.EXE
C:\WINDOWS\system32\ajflvgcl.exe
C:\WINDOWS\system32\bosvswbt.exe
C:\WINDOWS\system32\crtmglko.exe
C:\WINDOWS\system32\ikcrpocc.exe
C:\WINDOWS\system32\kttexdad.exe
C:\WINDOWS\system32\qvyfgtpm.exe
C:\WINDOWS\system32\sirvntrq.exe

.
((((((((((((((((((((((((( Files Created from 2008-07-13 to 2008-08-13 )))))))))))))))))))))))))))))))
.

2008-08-12 21:28 . 2008-08-12 23:49 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-08-12 01:25 . 2008-08-12 01:25 <DIR> d-------- C:\Documents and Settings\Scott\mindterm
2008-08-09 17:50 . 2008-08-09 17:50 <DIR> d-------- C:\ie-spyad_zo
2008-08-09 17:47 . 2008-08-09 17:49 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-08-09 16:02 . 2008-08-09 16:02 <DIR> d-------- C:\Deckard
2008-08-09 15:52 . 2008-08-09 15:52 <DIR> d-------- C:\Program Files\Panda Security
2008-08-09 00:23 . 2008-08-09 00:23 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-07 12:13 . 2008-08-07 14:42 <DIR> d-------- C:\Program Files\KellySoftware
2008-08-07 02:12 . 2008-08-07 02:12 <DIR> d-------- C:\Program Files\UltraMon
2008-08-07 02:12 . 2008-08-07 02:12 <DIR> d-------- C:\Program Files\Common Files\Realtime Soft
2008-08-07 02:12 . 2008-08-07 02:12 <DIR> d-------- C:\Documents and Settings\Scott\Application Data\Realtime Soft
2008-08-07 02:12 . 2008-08-07 02:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Realtime Soft
2008-08-01 19:52 . 2008-08-01 19:52 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-08-01 19:52 . 2008-08-01 19:52 22,328 --a------ C:\Documents and Settings\Scott\Application Data\PnkBstrK.sys
2008-08-01 19:20 . 2008-08-01 19:26 <DIR> d-------- C:\Program Files\NCH Swift Sound
2008-08-01 19:20 . 2008-08-01 19:20 <DIR> d-------- C:\Documents and Settings\Scott\Application Data\NCH Swift Sound
2008-08-01 19:20 . 2008-08-01 19:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-08-01 19:20 . 2008-08-01 19:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Software
2008-08-01 17:06 . 2008-08-01 17:06 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-01 17:06 . 2008-08-01 17:06 <DIR> d-------- C:\WINDOWS\system32\en
2008-08-01 17:06 . 2008-08-01 17:06 <DIR> d-------- C:\WINDOWS\l2schemas
2008-07-24 16:34 . 2008-07-24 16:34 <DIR> d-------- C:\Program Files\No-IP
2008-07-14 23:57 . 2008-07-25 00:56 <DIR> d-------- C:\wamp
2008-07-14 23:44 . 2008-07-25 00:52 <DIR> d-------- C:\website
2008-07-13 12:22 . 2008-07-13 12:22 <DIR> d-------- C:\Program Files\The Specialists

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-13 00:56 --------- d-----w C:\Program Files\Steam
2008-08-13 00:55 --------- d-----w C:\Program Files\Winamp Remote
2008-08-13 00:50 --------- d-----w C:\Program Files\Java
2008-08-12 06:11 --------- d-----w C:\Program Files\LogMeIn
2008-08-11 23:26 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-11 21:50 --------- d-----w C:\Documents and Settings\Scott\Application Data\SSH
2008-08-10 22:34 --------- d-----w C:\Program Files\Norton Security Scan
2008-08-10 00:37 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-08-07 23:23 --------- d-----w C:\Documents and Settings\Scott\Application Data\ZoomBrowser EX
2008-08-07 23:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-08-07 06:12 --------- d-----w C:\Documents and Settings\Scott\Application Data\Azureus
2008-08-02 00:43 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-08-01 23:52 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-08-01 23:52 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-08-01 22:43 --------- d-----w C:\Program Files\Windows Grep
2008-07-31 10:58 --------- d-----w C:\Program Files\Spyware Doctor
2008-07-25 19:08 --------- d-----w C:\Program Files\Google
2008-07-24 21:05 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-07-24 21:05 --------- d-----w C:\Program Files\SnagIt 8
2008-07-24 21:05 --------- d-----w C:\Program Files\Halo 2
2008-07-24 21:05 --------- d-----w C:\Program Files\Gizmo5
2008-07-24 21:05 --------- d-----w C:\Program Files\DivX
2008-07-24 21:05 --------- d-----w C:\Program Files\Desktop Waller
2008-07-24 21:04 5,632 --sha-w C:\Program Files\Common Files\Thumbs.db
2008-07-24 21:04 --------- d-----w C:\Program Files\AIM
2008-07-15 04:46 --------- d-----w C:\Program Files\HTML Validator
2008-07-15 03:53 --------- d-----w C:\Program Files\PFConfig
2008-07-15 02:30 --------- d-----w C:\Program Files\Winamp
2008-07-15 02:18 --------- d-----w C:\Documents and Settings\Scott\Application Data\Winamp
2008-07-10 03:01 --------- d-----w C:\Program Files\Diablo II
2008-07-09 19:48 47,536 ----a-w C:\Documents and Settings\Scott\Application Data\GDIPFONTCACHEV1.DAT
2008-07-08 06:03 --------- d-----w C:\Program Files\Common Files\Control Panels
2008-07-08 06:03 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-08 06:02 --------- d-----w C:\Program Files\Bonjour
2008-07-07 17:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-07 17:44 --------- d-----w C:\Program Files\SSH Communications Security
2008-07-07 05:36 --------- d-----w C:\Program Files\Azureus
2008-07-03 16:28 --------- d-----w C:\Documents and Settings\Scott\Application Data\Bioshock
2008-07-03 15:27 --------- d-----w C:\Program Files\Electronic Arts
2008-07-02 03:50 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2008-07-02 03:50 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2008-07-02 03:50 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2008-07-02 03:36 94,208 ----a-w C:\WINDOWS\DIIUnin.exe
2008-07-02 03:36 2,829 ----a-w C:\WINDOWS\DIIUnin.pif
2008-06-20 19:54 --------- d-----w C:\Documents and Settings\Scott\Application Data\SPORE Creature Creator
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 04:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogMeIn
2008-06-18 23:31 --------- d-----w C:\Program Files\WiFiConnector
2008-06-16 16:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-28 16:33 83,288 ----a-w C:\WINDOWS\system32\LMIRfsClientNP.dll
2008-05-28 16:32 87,352 ----a-w C:\WINDOWS\system32\LMIinit.dll
2008-05-28 16:32 24,608 ----a-w C:\WINDOWS\system32\LMIport.dll
2008-05-28 16:32 23,736 ----a-w C:\WINDOWS\system32\lmimirr.dll
2008-05-28 16:32 10,040 ----a-w C:\WINDOWS\system32\lmimirr2.dll
2008-04-05 02:58 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-09-30 21:07 161,862 ------w C:\Program Files\Common Files\uninstall.ico
2007-08-09 18:08 8,784 ----a-w C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-08-09 18:10 245,408 ----a-w C:\Program Files\mozilla firefox\plugins\unicows.dll
2006-05-03 09:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((( snapshot@2008-08-12_17.24.33.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-07-27 19:49:02 196,683 ----a-w C:\WINDOWS\system32\lnod32apiA.dll
+ 2007-07-27 19:49:02 225,355 ----a-w C:\WINDOWS\system32\lnod32apiW.dll
+ 2005-12-06 00:25:22 139,264 ----a-w C:\WINDOWS\system32\lnod32umc.dll
+ 2005-12-05 17:37:10 106,496 ----a-w C:\WINDOWS\system32\lnod32upd.dll
+ 2007-08-02 22:11:28 253,952 ----a-w C:\WINDOWS\system32\OnlineScannerDLLA.dll
+ 2007-08-02 22:11:14 241,664 ----a-w C:\WINDOWS\system32\OnlineScannerDLLW.dll
+ 2007-08-06 17:17:40 19,456 ----a-w C:\WINDOWS\system32\OnlineScannerLang.dll
+ 2007-06-13 15:10:34 77,824 ----a-w C:\WINDOWS\system32\OnlineScannerUninstaller.exe
+ 2004-12-07 15:11:34 258,352 ----a-w C:\WINDOWS\system32\unicows.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2007-12-13 22:02 96552 --a------ C:\Program Files\Nero\Nero8\InCD\NBHShx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector" [X]
"AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 16:35 67112]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-07 00:45 68856]
"Steam"="c:\program files\steam\steam.exe" [2008-03-27 23:32 1271032]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 16:02 495616]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 22:34 868352]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 08:00 455168]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 08:00 455168]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 16:09 63048]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-29 10:32 29744]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 19:58 81920]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-07 01:04 185632]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-25 21:23 443968]

C:\Documents and Settings\Scott\Start Menu\Programs\Startup\
Main Display.lnk - C:\Documents and Settings\Scott\Application Data\Realtime Soft\UltraMon\3.0.2\Profiles\Main Display.umprofile [2008-08-07 03:48:51 237]
No-IP DUC.lnk - C:\Program Files\No-IP\DUC20.exe [2008-07-24 16:34:06 1172992]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-01-07 00:45:27 125624]
UltraMon.lnk - C:\WINDOWS\Installer\{AF0FA6D7-96F3-468A-ABB7-28BE006EA8E9}\IcoUltraMon.ico [2008-08-07 02:12:12 29310]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"msacm.divxa32"= divxa32.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Google Web Accelerator.lnk
backup=C:\WINDOWS\pss\Run Google Web Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Nintendo Wi-Fi USB Connector Registration Tool.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Nintendo Wi-Fi USB Connector Registration Tool.lnk
backup=C:\WINDOWS\pss\Run Nintendo Wi-Fi USB Connector Registration Tool.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Scott^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Scott\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gizmo5]
--a------ 2008-05-29 20:32 5267456 C:\Program Files\Gizmo5\Gizmo5.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-04 01:31 208952 C:\WINDOWS\ime\IMJP8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2007-12-13 22:02 1082152 C:\Program Files\Nero\Nero8\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-12-13 19:10 1688872 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
--a------ 2008-02-01 12:55 1103240 C:\Program Files\Spyware Doctor\pctsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 20:12 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-12-03 14:21 2213160 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 14:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2007-08-06 20:05 200704 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
--a------ 2007-12-13 22:02 2048808 C:\Program Files\Nero\Nero8\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-12 20:10 21898024 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-01-07 01:04 185632 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-07-09 17:33 36352 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"GoToMyPC"=2 (0x2)
"PnkBstrA"=2 (0x2)
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"wampmysqld"=3 (0x3)
"wampapache"=3 (0x3)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Steam\\steamapps\\goldcow64\\team fortress classic\\hl.exe"=
"C:\\Program Files\\Steam\\steamapps\\goldcow64\\condition zero deleted scenes\\hl.exe"=
"C:\\Program Files\\Steam\\steamapps\\goldcow64\\team fortress 2\\hl2.exe"=
"C:\\Program Files\\Steam\\steamapps\\goldcow64\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\Steam\\steamapps\\goldcow64\\counter-strike\\hl.exe"=
"C:\\Program Files\\Steam\\steamapps\\goldcow64\\day of defeat source\\hl2.exe"=
"C:\\Program Files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCry.exe"=
"C:\\Program Files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCryConfigurator.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Halo 2\\halo2.exe"=
"C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Steam\\steamapps\\goldcow64\\garrysmod\\hl2.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"=
"C:\\Program Files\\Gizmo5\\Gizmo5.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"C:\\Program Files\\Steam\\steamapps\\goldcow64\\half-life 2 deathmatch\\hl2.exe"=
"C:\\Program Files\\Steam\\steamapps\\goldcow64\\source sdk base\\hl2.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39]
R2 UltraMonUtility;UltraMon Utility Driver;C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2006-09-24 20:22]
R3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys [2006-09-24 20:23]
S2 gupdate1c89399ca824af8;Google Update Service (gupdate1c89399ca824af8);C:\Program Files\Google\Update\GoogleUpdate.exe [2008-07-15 21:32]
S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2008-02-28 15:31]
S2 NeroRegInCDSrv;Nero Registry InCD Service;C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2007-12-13 22:02]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-04-29 10:32]
S3 radpms;Driver for RADPMS Device;C:\WINDOWS\system32\DRIVERS\radpms.sys [2007-08-03 16:04]
S4 wampapache;wampapache;c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe [2008-01-18 00:37]
S4 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe wampmysqld []

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder

2008-08-12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2008-08-10 C:\WINDOWS\Tasks\Norton Security Scan.job
- C:\Program Files\Norton Security Scan\Nss.exe [2007-09-19 00:42]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-13 10:30:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-13 10:43:20
ComboFix-quarantined-files.txt 2008-08-13 14:42:50
ComboFix2.txt 2008-08-13 00:48:26
ComboFix3.txt 2008-08-13 00:34:21
ComboFix4.txt 2008-08-12 21:25:51

Pre-Run: 50,760,327,168 bytes free
Post-Run: 50,748,145,664 bytes free

304 --- E O F --- 2008-08-02 04:36:05

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:44:45 AM, on 8/13/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\SnagIt 8\SnagItBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Main Display.lnk = ?
O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: UltraMon.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.3.24.3\gears.dll
O9 - Extra 'Tools' menuitem: &Google Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.3.24.3\gears.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{63AD31E0-CA3E-468E-B894-EB756F47FF40}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c89399ca824af8) (gupdate1c89399ca824af8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: OrbMediaService - Orb Networks - C:\Program Files\Winamp Remote\bin\OrbMediaService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O24 - Desktop Component 1: (no name) - http://www.cybersalt.org/images/stor.../ringclock.swf

--
End of file - 8942 bytes

**chemist** · 08-13-2008, 09:14 AM

Hi Scott.

Let's get an antivirus program installed on this computer.

Did you uninstall Spyware Doctor? Best to do that first in Add or Remove Programs in your Control Panel.

Download AVG and Save it to your Desktop.

Double-click on the avg_free~.exe file and follow the prompts to install it, then update AVG, and run a full system scan.

Open HijackThis and click on 'Do a System Scan and Save a Logfile'. Save the logfile and post it here.

ScottG489 · 08-15-2008, 11:09 AM

Hi, sorry about the late response. I didn't think you responded yet because I never got an email alert. I just uninstalled Spyware Doctor. Should I uninstall SpywareBlaster too?

I'm downloading AVG right now. Right now I'm on break from work and I have to go back. When I get home I will put the download on my desktop, restart my computer (because Spyware Doctor needs me too to complete the uninstallation), run AVG, update and then run a full system scan. Then I will post a HijackThis log.

Once again I'm really sorry for the slow response. I'll post all that stuff in 3-4 hours depending on how long that scan takes.

**chemist** · 08-15-2008, 02:52 PM

Hello Scott. No, do not uninstall SpywareBlaster. We recommend that program be installed. I await your reply.

ScottG489 · 08-15-2008, 03:21 PM

Ok, well I have to to work at my other job now. The scan just rounded 1 hour. Ill be getting home at 12 tonight (or tomorrow morning lol) and then I will post all of those logs. Sorry for this taking so long. Thanks so much for your help, though.

Oh yea and I had one more quick question. Do you have any program that would be good for scanning single files or folders that I suspect could be or contain malicious software? It wouldn't matter how much system resources it would take up since I would just use it when I needed to. I would prefer it be free, but if you know a non-free program that is very good for that sort of thing, I would be happy to look into it. Thanks again!

ScottG489 · 08-15-2008, 10:18 PM

Ok, the system scan finished. It found a few things. You didn't say to actually remove the things it said so I just left it there and then ran HijackThis. Here is the hijackthis.log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:27:27 AM, on 8/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
C:\Program Files\Winamp Remote\bin\OrbMediaService.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Winamp Remote\bin\Orb.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\program files\steam\steam.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\SnagIt 8\SnagItBHO.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Main Display.lnk = ?
O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: UltraMon.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.3.24.3\gears.dll
O9 - Extra 'Tools' menuitem: &Google Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.3.24.3\gears.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{63AD31E0-CA3E-468E-B894-EB756F47FF40}: NameServer = 192.168.1.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c89399ca824af8) (gupdate1c89399ca824af8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: OrbMediaService - Orb Networks - C:\Program Files\Winamp Remote\bin\OrbMediaService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O24 - Desktop Component 1: (no name) - http://www.cybersalt.org/images/stor.../ringclock.swf

--
End of file - 10853 bytes

I'll be at work until 3:30 tomorrow. If you post before 9 though I'll try to check before I leave for work in the morning. Thanks!

**chemist** · 08-15-2008, 11:34 PM

What 'things' did it find? Nothing is showing in your logs.

AVG can scan specific folders.

How about uploading suspicious files here >> http://www.virustotal.com/

ScottG489 · 08-16-2008, 07:15 PM

Here is a screenshot of a few things it found. I don't think it can output a log or anything:

The first two are from the infections tab (the second is just scrolled down) and the 3rd is the warnings tab.

http://img504.imageshack.us/img504/5349/11093092bo7.jpg

http://img524.imageshack.us/img524/7209/10817368ia9.jpg

http://img205.imageshack.us/img205/8233/81175015sa6.jpg

And about the file/folder scaner: Which do you think would be better (AVG or virustotal?)? Or which is better for what type of file.

And would they both be able to, say, scan a .mp3 file and tell if its malicious or not?

Hope to hear back from you soon!

**chemist** · 08-16-2008, 07:53 PM

Hello Scott.

Quote:

Here is a screenshot of a few things it found.

The very first file, bmania, in the first screenshot is likely a false positive. By the way, it's always safe to move to vault. That way if you move something legit, you can move it back. And as long as it's in the vault, it can do no harm.

The very next two Canon do seem to be infected. They should be legit, unless they were downloaded from a crack/warez site.

All the rest are files that have been quarantined by ComboFix or are in old System Restore Points, or are cookies. We will delete all of these later.

Quote:

And about the file/folder scaner: Which do you think would be better (AVG or virustotal?)? Or which is better for what type of file.

And would they both be able to, say, scan a .mp3 file and tell if its malicious or not?

Yes, you can use both. Let's test that Canon file with VirusTotal:

------------------------------------------------------

Please go to: VirusTotal

On the page you'll find a Browse button.
Next to the Browse button you'll see a box to enter text.
Please copy/paste the following bolded text into the box:

C:\Documents and Settings\Scott\My Documents\My Downloads\Programs\Canon PowerShot A540 Software\Canon.PhotoStitch.v3.1.20.44-DSi.rar:\loader.exe
Then click the Send File button just below.
This will scan the file. Please be patient.
Once scanned, copy and paste the results in your next reply.

------------------------------------------------------

Let me know how your system is behaving.

ScottG489 · 08-16-2008, 11:05 PM

I don't think that PhotoStitch software is bad but I will scan it anyways.

Ok this is what I get when I send that file in VirusTotal:

0 bytes size received / Se ha recibido un archivo vacio

Seems like there is an error or something in sending it?

And my system has been behaving great for the past few days.

**chemist** · 08-17-2008, 05:06 AM

Quote:

I don't think that PhotoStitch software is bad but I will scan it anyways.

Those files should be legit if you installed them from a legit source.

Not sure why you got that error. I've never had a user submit a rar file before. I was just using that as an example of how you can submit any file to VirusTotal for analysis by 32 different scanners.

Try submitting this:

C:\Documents and Settings\Scott\My Documents\My Downloads\Programs\Canon PowerShot A540 Software\Canon.PhotoStitch.v3.1.20.44-DSi.rar

If that doesn't work, submit this file quarantined by ComboFix:

C:\Qoobox\Quarantine\C\Windows\system32\ajflvgcl.exe.vir

Quote:

And my system has been behaving great for the past few days.

Glad to hear it.

------------------------------------------------------

Congratulations, Scott. Well done! Your logs appear clean. You should be good to go.

As far as those infected objects listed in the ESET log, those are safely tucked away in ComboFix's quarantine folder or in old System Restore points, which we will be taking care of now.

Please delete dss.exe from your desktop or wherever it is located. Please read >> http://www.techsupportforum.com/secu...r-dss-exe.html

Go to Start >> Run and Copy/Paste the following single-line command into the Run box and click OK

combofix /u

This will uninstall ComboFix and delete ComboFix's quarantine folder. It will also implement some cleanup procedures, remove old System Restore points which contain previous infections, and create a fresh, clean System Restore point.

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

FIREWALL
Using a third-party Firewall will allow you to give/deny access for applications that want to go online. Select one of these, or another of your choice:

Do not install more than one Firewall program as they will conflict with each other.

SPYWARE PREVENTION
This is a good time to set up protection against further attacks. In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read these well written articles:

How Did I Get Infected In The First Place? by TonyKlein
PC Safety and Security--What Do I Need?

To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

SpywareBlaster prevents the installation of ActiveX-based malware, blocks cookies, and restricts the actions of "bad" sites in Internet Explorer. See tutorial here
SpywareGuard catches and blocks spyware installation and browser hijacking in real-time. See tutorial here
IE-Spyad is another excellent program that places over 5000 dubious websites and domains in the IE Restricted list, which will help prevent attempts to infect your system. It basically prevents any downloads from the sites listed, although you will still be able to connect to the site. See tutorial here
MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows Vista here
Spybot - Search & Destroy is an excellent spyware remover and also offers real-time protection against critical registry changes. Don't use the Immunize feature if you use SpywareBlaster. See tutorial here

Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.

ScottG489 · 08-17-2008, 01:47 PM

Ok, I pasted the following to VirusTotal

C:\Documents and Settings\Scott\My Documents\My Downloads\Programs\Canon PowerShot A540 Software\Canon.PhotoStitch.v3.1.20.44-DSi.rar

These were the results:

File has already been analysed:
MD5: 1b684cc45ca7d2f9350aeb731cbcb5dc
First received: 01.11.2008 18:12:58 (CET)
Date: 08.11.2008 10:11:31 (CET) [>6D]
Results: 3/36
Permalink: analisis/4120b800dc11d3826706ba5481ead309

I also forgot to tell you (because I forgot I had it) that I have norton on this computer. if I install all of those programs you recommend, should I uninstall Norton? There isnt a reason I have Norton on here, it just came with the Google Pack. I would be fine with uninstalling it if those programs are better.

However, I'm still a little confused why I need all those other programs. You recommended that I install AVG, which I did. I'm a little worried that with all those programs installed its really going to start to slow down my system. If you strongly recommend that I install them, then I will, I just want to make sure.

08-12-2008, 10:58 AM	#2 (permalink)
ScottG489 Registered User Join Date: Aug 2008 Location: New York State Posts: 50 OS: XP Pro SP 3	Re: Popups/can't connect to various sites. BUMP, please

08-12-2008, 02:22 PM	#4 (permalink)
ScottG489 Registered User Join Date: Aug 2008 Location: New York State Posts: 50 OS: XP Pro SP 3	Re: Popups/can't connect to various sites. First let me say thank you very much for responding. I have been waiting for about 3 days lol. I'd also like to point out real quick that since I originally ran dss.exe I have set up a second monitor. To answer your first question. the reason I don't have an antivirus running on this computer is because (1) I could never really find a good free antivirus program, (2) I'm afraid they will slow down my computer while gaming occasionally, (3) I actually do have Spyware Doctor on this computer (got it with the Google Pack) but for the reason that I don't really believe that many antivirus programs work very well (at least free ones), that they seem to use up a lot of CPU usage, and was blocking some programs from starting up, I leave it close for extended periods of time. If you could recommend a good free program that doesn't hog up too much of my CPU I would happily try it out since someone like you would have a lot of knowledge on this subject. I just moved dss.exe to my desktop. I am also aware of the dangers of using P2P programs but they are a very integrated part of how I work on my computer. I totally understand where you are coming from though. I just downloaded and then put ComboFix.exe onto my desktop I am now closing this window and am going to follow the rest of the steps from a text file. I figure I will just post this then post my results when I finish following your steps.

08-12-2008, 03:48 PM	#5 (permalink)
ScottG489 Registered User Join Date: Aug 2008 Location: New York State Posts: 50 OS: XP Pro SP 3	Re: Popups/can't connect to various sites. OK, I followed the directions and ran ComboFix.exe. It seemed to run fine and then it went to restart my computer. It was on the "Windows is shutting down" screen for about 15-20 minutes I'm guessing when I decided to just press my restart button because I didn't believe that it was going to shut down itself. After my computer restarted the log.txt file was open (from ComboFix. I then also ran HijackThis and got a hijackthis.log. Both logs are posted below. Here is the ComboFix.txt and hijackthis.log files respectively: ComboFix 08-08-12.01 - Scott 2008-08-12 16:41:24.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526 [GMT -4:00] Running from: C:\Documents and Settings\Scott\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Scott\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Scott\Application Data\macromedia\Flash Player\#SharedObjects\ANQSDRXB\interclick.com C:\Documents and Settings\Scott\Application Data\macromedia\Flash Player\#SharedObjects\ANQSDRXB\interclick.com\ud.sol C:\Documents and Settings\Scott\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com C:\Documents and Settings\Scott\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\temp.dmf C:\WINDOWS\BM93edac11.txt C:\WINDOWS\BM93edac11.xml C:\WINDOWS\pskt.ini C:\WINDOWS\system32\ayhjsuyx.dll C:\WINDOWS\system32\byXOFVnk.dll C:\WINDOWS\system32\ctoglw.dll C:\WINDOWS\system32\dxvttc.dll C:\WINDOWS\system32\euidmd.dll C:\WINDOWS\system32\fghupgif.dll C:\WINDOWS\system32\hjQsBJjl.ini C:\WINDOWS\system32\hjQsBJjl.ini2 C:\WINDOWS\system32\hvvgefwd.dll C:\WINDOWS\system32\ihepancs.dll C:\WINDOWS\system32\iugfltvy.dll C:\WINDOWS\system32\ixkxggxr.dll C:\WINDOWS\system32\jadkur.dll C:\WINDOWS\system32\jyinfrry.ini C:\WINDOWS\system32\kdmftw.dll C:\WINDOWS\system32\kfalglwt.ini C:\WINDOWS\system32\kgqvumgf.dll C:\WINDOWS\system32\lhjjsl.dll C:\WINDOWS\system32\ljJBsQjh.dll C:\WINDOWS\system32\ndobnmlk.dll C:\WINDOWS\system32\nemtbddw.dll C:\WINDOWS\system32\nfsiqetp.ini C:\WINDOWS\system32\ngaimdug.dll C:\WINDOWS\system32\oxdkigds.dll C:\WINDOWS\system32\pkfsiytp.dll C:\WINDOWS\system32\pteqisfn.dll C:\WINDOWS\system32\rhvjeptd.dll C:\WINDOWS\system32\rxggxkxi.ini C:\WINDOWS\system32\tuvUMgGW.dll C:\WINDOWS\system32\twlglafk.dll C:\WINDOWS\system32\ucauesum.dll C:\WINDOWS\system32\uwuqnhss.dll C:\WINDOWS\system32\wtiosamx.ini C:\WINDOWS\system32\xlgwvxtw.dll C:\WINDOWS\system32\xttkdccs.dll C:\WINDOWS\system32\ygpixafp.ini C:\WINDOWS\system32\yqibie.dll C:\WINDOWS\system32\yvtlfgui.ini C:\WINDOWS\system32\ywundo.dll C:\WINDOWS\system32\yxmqgwvx.ini . ((((((((((((((((((((((((( Files Created from 2008-07-12 to 2008-08-12 ))))))))))))))))))))))))))))))) . 2008-08-12 01:25 . 2008-08-12 01:25 <DIR> d-------- C:\Documents and Settings\Scott\mindterm 2008-08-11 18:20 . 2008-08-11 18:20 2,048 --a------ C:\WINDOWS\system32\crtmglko.exe 2008-08-11 17:52 . 2008-08-11 17:52 2,048 --a------ C:\WINDOWS\system32\sirvntrq.exe 2008-08-11 08:23 . 2008-08-11 08:23 2,048 --a------ C:\WINDOWS\system32\bosvswbt.exe 2008-08-10 08:30 . 2008-08-10 08:30 2,048 --a------ C:\WINDOWS\system32\ajflvgcl.exe 2008-08-09 17:50 . 2008-08-09 17:50 <DIR> d-------- C:\ie-spyad_zo 2008-08-09 17:47 . 2008-08-09 17:49 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-08-09 16:02 . 2008-08-09 16:02 <DIR> d-------- C:\Deckard 2008-08-09 15:52 . 2008-08-09 15:52 <DIR> d-------- C:\Program Files\Panda Security 2008-08-09 08:29 . 2008-08-09 08:29 2,048 --a------ C:\WINDOWS\system32\qvyfgtpm.exe 2008-08-09 00:23 . 2008-08-09 00:23 <DIR> d-------- C:\Program Files\Trend Micro 2008-08-08 08:26 . 2008-08-08 08:26 2,048 --a------ C:\WINDOWS\system32\ikcrpocc.exe 2008-08-07 12:13 . 2008-08-07 14:42 <DIR> d-------- C:\Program Files\KellySoftware 2008-08-07 08:23 . 2008-08-07 08:23 2,048 --a------ C:\WINDOWS\system32\kttexdad.exe 2008-08-07 02:12 . 2008-08-07 02:12 <DIR> d-------- C:\Program Files\UltraMon 2008-08-07 02:12 . 2008-08-07 02:12 <DIR> d-------- C:\Program Files\Common Files\Realtime Soft 2008-08-07 02:12 . 2008-08-07 02:12 <DIR> d-------- C:\Documents and Settings\Scott\Application Data\Realtime Soft 2008-08-07 02:12 . 2008-08-07 02:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Realtime Soft 2008-08-01 19:52 . 2008-08-01 19:52 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe 2008-08-01 19:52 . 2008-08-01 19:52 22,328 --a------ C:\Documents and Settings\Scott\Application Data\PnkBstrK.sys 2008-08-01 19:20 . 2008-08-01 19:26 <DIR> d-------- C:\Program Files\NCH Swift Sound 2008-08-01 19:20 . 2008-08-01 19:20 <DIR> d-------- C:\Documents and Settings\Scott\Application Data\NCH Swift Sound 2008-08-01 19:20 . 2008-08-01 19:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound 2008-08-01 19:20 . 2008-08-01 19:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Software 2008-08-01 17:06 . 2008-08-01 17:06 <DIR> d-------- C:\WINDOWS\system32\scripting 2008-08-01 17:06 . 2008-08-01 17:06 <DIR> d-------- C:\WINDOWS\system32\en 2008-08-01 17:06 . 2008-08-01 17:06 <DIR> d-------- C:\WINDOWS\l2schemas 2008-07-24 16:34 . 2008-07-24 16:34 <DIR> d-------- C:\Program Files\No-IP 2008-07-14 23:57 . 2008-07-25 00:56 <DIR> d-------- C:\wamp 2008-07-14 23:44 . 2008-07-25 00:52 <DIR> d-------- C:\website 2008-07-13 12:22 . 2008-07-13 12:22 <DIR> d-------- C:\Program Files\The Specialists . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-12 21:04 --------- d-----w C:\Program Files\Steam 2008-08-12 06:11 --------- d-----w C:\Program Files\LogMeIn 2008-08-11 23:26 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-08-11 21:55 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-08-11 21:50 --------- d-----w C:\Documents and Settings\Scott\Application Data\SSH 2008-08-10 22:36 --------- d-----w C:\Program Files\Winamp Remote 2008-08-10 22:34 --------- d-----w C:\Program Files\Norton Security Scan 2008-08-10 00:37 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-08-09 17:05 --------- d-----w C:\Program Files\Viewpoint 2008-08-09 17:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2008-08-07 23:23 --------- d-----w C:\Documents and Settings\Scott\Application Data\ZoomBrowser EX 2008-08-07 23:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser 2008-08-07 06:12 --------- d-----w C:\Documents and Settings\Scott\Application Data\Azureus 2008-08-02 00:43 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-08-01 23:52 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe 2008-08-01 23:52 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-08-01 22:43 --------- d-----w C:\Program Files\Windows Grep 2008-07-31 10:58 --------- d-----w C:\Program Files\Spyware Doctor 2008-07-29 12:06 --------- d-----w C:\Program Files\Java 2008-07-25 19:08 --------- d-----w C:\Program Files\Google 2008-07-24 21:05 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-07-24 21:05 --------- d-----w C:\Program Files\SnagIt 8 2008-07-24 21:05 --------- d-----w C:\Program Files\Halo 2 2008-07-24 21:05 --------- d-----w C:\Program Files\Gizmo5 2008-07-24 21:05 --------- d-----w C:\Program Files\DivX 2008-07-24 21:05 --------- d-----w C:\Program Files\Desktop Waller 2008-07-24 21:04 5,632 --sha-w C:\Program Files\Common Files\Thumbs.db 2008-07-24 21:04 --------- d-----w C:\Program Files\AIM 2008-07-15 04:46 --------- d-----w C:\Program Files\HTML Validator 2008-07-15 03:53 --------- d-----w C:\Program Files\PFConfig 2008-07-15 02:30 --------- d-----w C:\Program Files\Winamp 2008-07-15 02:18 --------- d-----w C:\Documents and Settings\Scott\Application Data\Winamp 2008-07-10 03:01 --------- d-----w C:\Program Files\Diablo II 2008-07-09 19:48 47,536 ----a-w C:\Documents and Settings\Scott\Application Data\GDIPFONTCACHEV1.DAT 2008-07-08 06:03 --------- d-----w C:\Program Files\Common Files\Control Panels 2008-07-08 06:03 --------- d-----w C:\Program Files\Common Files\Adobe 2008-07-08 06:02 --------- d-----w C:\Program Files\Bonjour 2008-07-07 17:44 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-07 17:44 --------- d-----w C:\Program Files\SSH Communications Security 2008-07-07 05:36 --------- d-----w C:\Program Files\Azureus 2008-07-03 16:28 --------- d-----w C:\Documents and Settings\Scott\Application Data\Bioshock 2008-07-03 15:27 --------- d-----w C:\Program Files\Electronic Arts 2008-07-02 03:50 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll 2008-07-02 03:50 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll 2008-07-02 03:50 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll 2008-07-02 03:36 94,208 ----a-w C:\WINDOWS\DIIUnin.exe 2008-07-02 03:36 2,829 ----a-w C:\WINDOWS\DIIUnin.pif 2008-06-20 19:54 --------- d-----w C:\Documents and Settings\Scott\Application Data\SPORE Creature Creator 2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-19 04:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogMeIn 2008-06-18 23:31 --------- d-----w C:\Program Files\WiFiConnector 2008-06-16 16:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-05-28 16:33 83,288 ----a-w C:\WINDOWS\system32\LMIRfsClientNP.dll 2008-05-28 16:32 87,352 ----a-w C:\WINDOWS\system32\LMIinit.dll 2008-05-28 16:32 24,608 ----a-w C:\WINDOWS\system32\LMIport.dll 2008-05-28 16:32 23,736 ----a-w C:\WINDOWS\system32\lmimirr.dll 2008-05-28 16:32 10,040 ----a-w C:\WINDOWS\system32\lmimirr2.dll 2008-04-05 02:58 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2007-09-30 21:07 161,862 ------w C:\Program Files\Common Files\uninstall.ico 2007-08-09 18:08 8,784 ----a-w C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll 2007-08-09 18:10 245,408 ----a-w C:\Program Files\mozilla firefox\plugins\unicows.dll 2006-05-03 09:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll 2007-02-21 10:47 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt] @="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}" [HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}] 2007-12-13 22:02 96552 --a------ C:\Program Files\Nero\Nero8\InCD\NBHShx.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector" [X] "AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 16:35 67112] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-07 00:45 68856] "Steam"="c:\program files\steam\steam.exe" [2008-03-27 23:32 1271032] "Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 16:02 495616] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 22:34 868352] "PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 08:00 455168] "PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 08:00 455168] "LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 16:09 63048] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-29 10:32 29744] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 19:58 81920] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-07 01:04 185632] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-25 21:23 443968] C:\Documents and Settings\Scott\Start Menu\Programs\Startup\ Main Display.lnk - C:\Documents and Settings\Scott\Application Data\Realtime Soft\UltraMon\3.0.2\Profiles\Main Display.umprofile [2008-08-07 03:48:51 237] No-IP DUC.lnk - C:\Program Files\No-IP\DUC20.exe [2008-07-24 16:34:06 1172992] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-01-07 00:45:27 125624] UltraMon.lnk - C:\WINDOWS\Installer\{AF0FA6D7-96F3-468A-ABB7-28BE006EA8E9}\IcoUltraMon.ico [2008-08-07 02:12:12 29310] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.yv12"= yv12vfw.dll "msacm.l3fhg"= mp3fhg.acm "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv "msacm.divxa32"= divxa32.acm [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Google Web Accelerator.lnk backup=C:\WINDOWS\pss\Run Google Web Accelerator.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Nintendo Wi-Fi USB Connector Registration Tool.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Nintendo Wi-Fi USB Connector Registration Tool.lnk backup=C:\WINDOWS\pss\Run Nintendo Wi-Fi USB Connector Registration Tool.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Scott^Start Menu^Programs^Startup^Adobe Gamma.lnk] path=C:\Documents and Settings\Scott\Start Menu\Programs\Startup\Adobe Gamma.lnk backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gizmo5] --a------ 2008-05-29 20:32 5267456 C:\Program Files\Gizmo5\Gizmo5.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1] --a------ 2004-08-04 01:31 208952 C:\WINDOWS\ime\IMJP8_1\imjpmig.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] --a------ 2007-12-13 22:02 1082152 C:\Program Files\Nero\Nero8\InCD\InCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2007-12-13 19:10 1688872 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray] --a------ 2008-02-01 12:55 1103240 C:\Program Files\Spyware Doctor\pctsTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2008-04-13 20:12 1695232 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] --a------ 2007-12-03 14:21 2213160 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-01 14:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] --a------ 2007-08-06 20:05 200704 C:\Program Files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc] --a------ 2007-12-13 22:02 2048808 C:\Program Files\Nero\Nero8\InCD\NBHGui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2008-02-12 20:10 21898024 C:\Program Files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2008-01-07 01:04 185632 C:\Program Files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2008-07-09 17:33 36352 C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "GoToMyPC"=2 (0x2) "PnkBstrA"=2 (0x2) "iPod Service"=3 (0x3) "Apple Mobile Device"=2 (0x2) "WMPNetworkSvc"=3 (0x3) "wampmysqld"=3 (0x3) "wampapache"=3 (0x3) "Viewpoint Manager Service"=2 (0x2) "sdCoreService"=3 (0x3) "sdAuxService"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\AIM\\aim.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Azureus\\Azureus.exe"= "C:\\Program Files\\Steam\\steamapps\\goldcow64\\team fortress classic\\hl.exe"= "C:\\Program Files\\Steam\\steamapps\\goldcow64\\condition zero deleted scenes\\hl.exe"= "C:\\Program Files\\Steam\\steamapps\\goldcow64\\team fortress 2\\hl2.exe"= "C:\\Program Files\\Steam\\steamapps\\goldcow64\\counter-strike source\\hl2.exe"= "C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"= "C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"= "C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"= "C:\\Program Files\\Steam\\steamapps\\goldcow64\\counter-strike\\hl.exe"= "C:\\Program Files\\Steam\\steamapps\\goldcow64\\day of defeat source\\hl2.exe"= "C:\\Program Files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCry.exe"= "C:\\Program Files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCryConfigurator.exe"= "C:\\Program Files\\Steam\\Steam.exe"= "C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "C:\\Program Files\\Halo 2\\halo2.exe"= "C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"= "C:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\Steam\\steamapps\\goldcow64\\garrysmod\\hl2.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"= "C:\\Program Files\\Gizmo5\\Gizmo5.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"= "C:\\Program Files\\Steam\\steamapps\\goldcow64\\half-life 2 deathmatch\\hl2.exe"= "C:\\Program Files\\Steam\\steamapps\\goldcow64\\source sdk base\\hl2.exe"= "C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"= "C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2008-02-28 15:31] R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39] R2 NeroRegInCDSrv;Nero Registry InCD Service;C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2007-12-13 22:02] R2 UltraMonUtility;UltraMon Utility Driver;C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2006-09-24 20:22] R3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys [2006-09-24 20:23] S2 gupdate1c89399ca824af8;Google Update Service (gupdate1c89399ca824af8);C:\Program Files\Google\Update\GoogleUpdate.exe [2008-07-15 21:32] S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-04-29 10:32] S3 radpms;Driver for RADPMS Device;C:\WINDOWS\system32\DRIVERS\radpms.sys [2007-08-03 16:04] S4 wampapache;wampapache;c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe [2008-01-18 00:37] S4 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe wampmysqld [] . Contents of the 'Scheduled Tasks' folder 2008-08-12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57] 2008-08-10 C:\WINDOWS\Tasks\Norton Security Scan.job - C:\Program Files\Norton Security Scan\Nss.exe [2007-09-19 00:42] . - - - - ORPHANS REMOVED - - - - BHO-{8AAD6F49-51DE-4A21-B4D3-A3B733944327} - C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\BU16A1YN\3077htsbdjyf[1].dll WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file) HKLM-Run-BM93edac11 - C:\WINDOWS\system32\fghupgif.dll HKLM-Run-90de9f8d - C:\WINDOWS\system32\iugfltvy.dll MSConfigStartUp-GoToMyPC - C:\Program Files\Citrix\GoToMyPC\g2svc.exe MSConfigStartUp-iTunesHelper - C:\Program Files\iTunes\iTunesHelper.exe MSConfigStartUp-RocketDock - C:\Program Files\RocketDock\RocketDock.exe MSConfigStartUp-CTFMON - (no file) . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\dvcqly7h.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/ig FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll FF -: plugin - c:\Program Files\Microsoft Silverlight\2.0.30523.6\npctrl.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npRACtrl.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-12 17:04:25 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe C:\Program Files\LogMeIn\x86\ramaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\Winamp Remote\bin\OrbMediaService.exe C:\WINDOWS\system32\PnkBstrB.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe C:\Program Files\UltraMon\UltraMon.exe C:\Program Files\UltraMon\UltraMonTaskbar.exe . ************************************************************************ . Completion time: 2008-08-12 17:25:50 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-12 21:24:47 Pre-Run: 50,215,661,568 bytes free Post-Run: 50,683,768,832 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /usepmtimer 381 --- E O F --- 2008-08-02 04:36:05 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:46:24 PM, on 8/12/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe C:\Program Files\Winamp Remote\bin\OrbMediaService.exe C:\WINDOWS\system32\PnkBstrB.exe C:\Program Files\Winamp Remote\bin\OrbTray.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\SnagIt 8\SnagItBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\SnagIt 8\SnagItIEAddin.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Startup: Main Display.lnk = ? O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: UltraMon.lnk = ? O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.3.24.3\gears.dll O9 - Extra 'Tools' menuitem: &Google Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.3.24.3\gears.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{63AD31E0-CA3E-468E-B894-EB756F47FF40}: NameServer = 192.168.1.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update Service (gupdate1c89399ca824af8) (gupdate1c89399ca824af8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: OrbMediaService - Orb Networks - C:\Program Files\Winamp Remote\bin\OrbMediaService.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O24 - Desktop Component 1: (no name) - http://www.cybersalt.org/images/stor.../ringclock.swf -- End of file - 9075 bytes

08-12-2008, 09:57 PM	#7 (permalink)
ScottG489 Registered User Join Date: Aug 2008 Location: New York State Posts: 50 OS: XP Pro SP 3	Re: Popups/can't connect to various sites. Hey, the ESET scan too a while but everything went very well with the scans. Here are my ComboFix.txt, log.txt, and hijackthis.log respectively: ComboFix 08-08-12.01 - Scott 2008-08-12 20:44:25.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1516 [GMT -4:00] Running from: C:\Documents and Settings\Scott\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Scott\Desktop\CFScript.txt * Created a new restore point FILE :: C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll . ((((((((((((((((((((((((( Files Created from 2008-07-13 to 2008-08-13 ))))))))))))))))))))))))))))))) . 2008-08-12 01:25 . 2008-08-12 01:25 <DIR> d-------- C:\Documents and Settings\Scott\mindterm 2008-08-11 18:20 . 2008-08-11 18:20 2,048 --a------ C:\WINDOWS\system32\crtmglko.exe 2008-08-11 17:52 . 2008-08-11 17:52 2,048 --a------ C:\WINDOWS\system32\sirvntrq.exe 2008-08-11 08:23 . 2008-08-11 08:23 2,048 --a------ C:\WINDOWS\system32\bosvswbt.exe 2008-08-10 08:30 . 2008-08-10 08:30 2,048 --a------ C:\WINDOWS\system32\ajflvgcl.exe 2008-08-09 17:50 . 2008-08-09 17:50 <DIR> d-------- C:\ie-spyad_zo 2008-08-09 17:47 . 2008-08-09 17:49 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-08-09 16:02 . 2008-08-09 16:02 <DIR> d-------- C:\Deckard 2008-08-09 15:52 . 2008-08-09 15:52 <DIR> d-------- C:\Program Files\Panda Security 2008-08-09 08:29 . 2008-08-09 08:29 2,048 --a------ C:\WINDOWS\system32\qvyfgtpm.exe 2008-08-09 00:23 . 2008-08-09 00:23 <DIR> d-------- C:\Program Files\Trend Micro 2008-08-08 08:26 . 2008-08-08 08:26 2,048 --a------ C:\WINDOWS\system32\ikcrpocc.exe 2008-08-07 12:13 . 2008-08-07 14:42 <DIR> d-------- C:\Program Files\KellySoftware 2008-08-07 08:23 . 2008-08-07 08:23 2,048 --a------ C:\WINDOWS\system32\kttexdad.exe 2008-08-07 02:12 . 2008-08-07 02:12 <DIR> d-------- C:\Program Files\UltraMon 2008-08-07 02:12 . 2008-08-07 02:12 <DIR> d-------- C:\Program Files\Common Files\Realtime Soft 2008-08-07 02:12 . 2008-08-07 02:12 <DIR> d-------- C:\Documents and Settings\Scott\Application Data\Realtime Soft 2008-08-07 02:12 . 2008-08-07 02:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Realtime Soft 2008-08-01 19:52 . 2008-08-01 19:52 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe 2008-08-01 19:52 . 2008-08-01 19:52 22,328 --a------ C:\Documents and Settings\Scott\Application Data\PnkBstrK.sys 2008-08-01 19:20 . 2008-08-01 19:26 <DIR> d-------- C:\Program Files\NCH Swift Sound 2008-08-01 19:20 . 2008-08-01 19:20 <DIR> d-------- C:\Documents and Settings\Scott\Application Data\NCH Swift Sound 2008-08-01 19:20 . 2008-08-01 19:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound 2008-08-01 19:20 . 2008-08-01 19:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Software 2008-08-01 17:06 . 2008-08-01 17:06 <DIR> d-------- C:\WINDOWS\system32\scripting 2008-08-01 17:06 . 2008-08-01 17:06 <DIR> d-------- C:\WINDOWS\system32\en 2008-08-01 17:06 . 2008-08-01 17:06 <DIR> d-------- C:\WINDOWS\l2schemas 2008-07-24 16:34 . 2008-07-24 16:34 <DIR> d-------- C:\Program Files\No-IP 2008-07-14 23:57 . 2008-07-25 00:56 <DIR> d-------- C:\wamp 2008-07-14 23:44 . 2008-07-25 00:52 <DIR> d-------- C:\website 2008-07-13 12:22 . 2008-07-13 12:22 <DIR> d-------- C:\Program Files\The Specialists . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-12 21:04 --------- d-----w C:\Program Files\Steam 2008-08-12 06:11 --------- d-----w C:\Program Files\LogMeIn 2008-08-11 23:26 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-08-11 21:50 --------- d-----w C:\Documents and Settings\Scott\Application Data\SSH 2008-08-10 22:36 --------- d-----w C:\Program Files\Winamp Remote 2008-08-10 22:34 --------- d-----w C:\Program Files\Norton Security Scan 2008-08-10 00:37 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-08-07 23:23 --------- d-----w C:\Documents and Settings\Scott\Application Data\ZoomBrowser EX 2008-08-07 23:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser 2008-08-07 06:12 --------- d-----w C:\Documents and Settings\Scott\Application Data\Azureus 2008-08-02 00:43 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-08-01 23:52 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe 2008-08-01 23:52 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-08-01 22:43 --------- d-----w C:\Program Files\Windows Grep 2008-07-31 10:58 --------- d-----w C:\Program Files\Spyware Doctor 2008-07-29 12:06 --------- d-----w C:\Program Files\Java 2008-07-25 19:08 --------- d-----w C:\Program Files\Google 2008-07-24 21:05 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-07-24 21:05 --------- d-----w C:\Program Files\SnagIt 8 2008-07-24 21:05 --------- d-----w C:\Program Files\Halo 2 2008-07-24 21:05 --------- d-----w C:\Program Files\Gizmo5 2008-07-24 21:05 --------- d-----w C:\Program Files\DivX 2008-07-24 21:05 --------- d-----w C:\Program Files\Desktop Waller 2008-07-24 21:04 5,632 --sha-w C:\Program Files\Common Files\Thumbs.db 2008-07-24 21:04 --------- d-----w C:\Program Files\AIM 2008-07-15 04:46 --------- d-----w C:\Program Files\HTML Validator 2008-07-15 03:53 --------- d-----w C:\Program Files\PFConfig 2008-07-15 02:30 --------- d-----w C:\Program Files\Winamp 2008-07-15 02:18 --------- d-----w C:\Documents and Settings\Scott\Application Data\Winamp 2008-07-10 03:01 --------- d-----w C:\Program Files\Diablo II 2008-07-09 19:48 47,536 ----a-w C:\Documents and Settings\Scott\Application Data\GDIPFONTCACHEV1.DAT 2008-07-08 06:03 --------- d-----w C:\Program Files\Common Files\Control Panels 2008-07-08 06:03 --------- d-----w C:\Program Files\Common Files\Adobe 2008-07-08 06:02 --------- d-----w C:\Program Files\Bonjour 2008-07-07 17:44 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-07 17:44 --------- d-----w C:\Program Files\SSH Communications Security 2008-07-07 05:36 --------- d-----w C:\Program Files\Azureus 2008-07-03 16:28 --------- d-----w C:\Documents and Settings\Scott\Application Data\Bioshock 2008-07-03 15:27 --------- d-----w C:\Program Files\Electronic Arts 2008-07-02 03:50 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll 2008-07-02 03:50 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll 2008-07-02 03:50 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll 2008-07-02 03:36 94,208 ----a-w C:\WINDOWS\DIIUnin.exe 2008-07-02 03:36 2,829 ----a-w C:\WINDOWS\DIIUnin.pif 2008-06-20 19:54 --------- d-----w C:\Documents and Settings\Scott\Application Data\SPORE Creature Creator 2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-19 04:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogMeIn 2008-06-18 23:31 --------- d-----w C:\Program Files\WiFiConnector 2008-06-16 16:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-05-28 16:33 83,288 ----a-w C:\WINDOWS\system32\LMIRfsClientNP.dll 2008-05-28 16:32 87,352 ----a-w C:\WINDOWS\system32\LMIinit.dll 2008-05-28 16:32 24,608 ----a-w C:\WINDOWS\system32\LMIport.dll 2008-05-28 16:32 23,736 ----a-w C:\WINDOWS\system32\lmimirr.dll 2008-05-28 16:32 10,040 ----a-w C:\WINDOWS\system32\lmimirr2.dll 2008-04-05 02:58 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2007-09-30 21:07 161,862 ------w C:\Program Files\Common Files\uninstall.ico 2007-08-09 18:08 8,784 ----a-w C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll 2007-08-09 18:10 245,408 ----a-w C:\Program Files\mozilla firefox\plugins\unicows.dll 2006-05-03 09:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll 2007-02-21 10:47 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt] @="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}" [HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}] 2007-12-13 22:02 96552 --a------ C:\Program Files\Nero\Nero8\InCD\NBHShx.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector" [X] "AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 16:35 67112] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-07 00:45 68856] "Steam"="c:\program files\steam\steam.exe" [2008-03-27 23:32 1271032] "Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 16:02 495616] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 22:34 868352] "PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 08:00 455168] "PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 08:00 455168] "LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 16:09 63048] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-29 10:32 29744] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 19:58 81920] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-07 01:04 185632] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-25 21:23 443968] C:\Documents and Settings\Scott\Start Menu\Programs\Startup\ Main Display.lnk - C:\Documents and Settings\Scott\Application Data\Realtime Soft\UltraMon\3.0.2\Profiles\Main Display.umprofile [2008-08-07 03:48:51 237] No-IP DUC.lnk - C:\Program Files\No-IP\DUC20.exe [2008-07-24 16:34:06 1172992] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-01-07 00:45:27 125624] UltraMon.lnk - C:\WINDOWS\Installer\{AF0FA6D7-96F3-468A-ABB7-28BE006EA8E9}\IcoUltraMon.ico [2008-08-07 02:12:12 29310] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.yv12"= yv12vfw.dll "msacm.l3fhg"= mp3fhg.acm "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv "msacm.divxa32"= divxa32.acm [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Google Web Accelerator.lnk backup=C:\WINDOWS\pss\Run Google Web Accelerator.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Nintendo Wi-Fi USB Connector Registration Tool.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Nintendo Wi-Fi USB Connector Registration Tool.lnk backup=C:\WINDOWS\pss\Run Nintendo Wi-Fi USB Connector Registration Tool.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Scott^Start Menu^Programs^Startup^Adobe Gamma.lnk] path=C:\Documents and Settings\Scott\Start Menu\Programs\Startup\Adobe Gamma.lnk backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gizmo5] --a------ 2008-05-29 20:32 5267456 C:\Program Files\Gizmo5\Gizmo5.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1] --a------ 2004-08-04 01:31 208952 C:\WINDOWS\ime\IMJP8_1\imjpmig.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] --a------ 2007-12-13 22:02 1082152 C:\Program Files\Nero\Nero8\InCD\InCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2007-12-13 19:10 1688872 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray] --a------ 2008-02-01 12:55 1103240 C:\Program Files\Spyware Doctor\pctsTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2008-04-13 20:12 1695232 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] --a------ 2007-12-03 14:21 2213160 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-01 14:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] --a------ 2007-08-06 20:05 200704 C:\Program Files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc] --a------ 2007-12-13 22:02 2048808 C:\Program Files\Nero\Nero8\InCD\NBHGui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2008-02-12 20:10 21898024 C:\Program Files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2008-01-07 01:04 185632 C:\Program Files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2008-07-09 17:33 36352 C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "GoToMyPC"=2 (0x2) "PnkBstrA"=2 (0x2) "iPod Service"=3 (0x3) "Apple Mobile Device"=2 (0x2) "WMPNetworkSvc"=3 (0x3) "wampmysqld"=3 (0x3) "wampapache"=3 (0x3) "sdCoreService"=3 (0x3) "sdAuxService"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\AIM\\aim.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Azureus\\Azureus.exe"= "C:\\Program Files\\Steam\\steamapps\\goldcow64\\team fortress classic\\hl.exe"= "C:\\Program Files\\Steam\\steamapps\\goldcow64\\condition zero deleted scenes\\hl.exe"= "C:\\Program Files\\Steam\\steamapps\\goldcow64\\team fortress 2\\hl2.exe"= "C:\\Program Files\\Steam\\steamapps\\goldcow64\\counter-strike source\\hl2.exe"= "C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"= "C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"= "C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"= "C:\\Program Files\\Steam\\steamapps\\goldcow64\\counter-strike\\hl.exe"= "C:\\Program Files\\Steam\\steamapps\\goldcow64\\day of defeat source\\hl2.exe"= "C:\\Program Files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCry.exe"= "C:\\Program Files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCryConfigurator.exe"= "C:\\Program Files\\Steam\\Steam.exe"= "C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "C:\\Program Files\\Halo 2\\halo2.exe"= "C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"= "C:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\Steam\\steamapps\\goldcow64\\garrysmod\\hl2.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"= "C:\\Program Files\\Gizmo5\\Gizmo5.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"= "C:\\Program Files\\Steam\\steamapps\\goldcow64\\half-life 2 deathmatch\\hl2.exe"= "C:\\Program Files\\Steam\\steamapps\\goldcow64\\source sdk base\\hl2.exe"= "C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"= "C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39] R2 UltraMonUtility;UltraMon Utility Driver;C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2006-09-24 20:22] R3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys [2006-09-24 20:23] S2 gupdate1c89399ca824af8;Google Update Service (gupdate1c89399ca824af8);C:\Program Files\Google\Update\GoogleUpdate.exe [2008-07-15 21:32] S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2008-02-28 15:31] S2 NeroRegInCDSrv;Nero Registry InCD Service;C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2007-12-13 22:02] S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-04-29 10:32] S3 radpms;Driver for RADPMS Device;C:\WINDOWS\system32\DRIVERS\radpms.sys [2007-08-03 16:04] S4 wampapache;wampapache;c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe [2008-01-18 00:37] S4 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe wampmysqld [] . Contents of the 'Scheduled Tasks' folder 2008-08-12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57] 2008-08-10 C:\WINDOWS\Tasks\Norton Security Scan.job - C:\Program Files\Norton Security Scan\Nss.exe [2007-09-19 00:42] . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-12 20:45:12 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************ . Completion time: 2008-08-12 20:48:24 ComboFix-quarantined-files.txt 2008-08-13 00:47:22 ComboFix2.txt 2008-08-13 00:34:21 ComboFix3.txt 2008-08-12 21:25:51 Pre-Run: 50,700,861,440 bytes free Post-Run: 50,686,132,224 bytes free 274 --- E O F --- 2008-08-02 04:36:05 # version=4 # OnlineScanner.ocx=1.0.0.56 # OnlineScannerDLLA.dll=1, 0, 0, 51 # OnlineScannerDLLW.dll=1, 0, 0, 51 # OnlineScannerUninstaller.exe=1, 0, 0, 49 # vers_standard_module=3350 (20080812) # vers_arch_module=1.064 (20080214) # vers_adv_heur_module=1.066 (20070917) # EOSSerial=d03f192f849cef45b2b8f9bb510c8ed8 # end=finished # remove_checked=false # unwanted_checked=true # utc_time=2008-08-13 03:49:26 # local_time=2008-08-12 11:49:26 (-0500, Eastern Daylight Time) # country="United States" # osver=5.1.2600 NT Service Pack 3 # scanned=1157081 # found=9 # scan_time=6059 C:\Deckard\System Scanner\backup\DOCUME~1\Scott\LOCALS~1\Temp\removalfile.bat Win32/Adware.Virtumonde application 9A7EF09167A6F4433681B94351509043 C:\Documents and Settings\All Users\Documents\Program Files\AIM\Sysfiles\WxBug.EXE Win32/Adware.WBug.A application E0D92AC5FDD264E4ED40D45C75934F1B C:\Documents and Settings\All Users\Documents\Program Files\AIM\Sysfiles\WxBug.EXE »WISE »MiniBugTransporter.dll Win32/Adware.WBug.A application 00000000000000000000000000000000 C:\Documents and Settings\All Users\Documents\Program Files\Barrel Mania\bmania.RWG probably unknown NewHeur_PE virus 00000000000000000000000000000000 C:\QooBox\Quarantine\C\WINDOWS\system32\byXOFVnk.dll.vir Win32/Adware.Virtumonde.FP application C3EDC108F090EEE423160E96DCA7A04C C:\QooBox\Quarantine\C\WINDOWS\system32\ctoglw.dll.vir Win32/BHO.NFH trojan B51D11C81AF4153EA8A6A688D0468BE4 C:\QooBox\Quarantine\C\WINDOWS\system32\rhvjeptd.dll.vir Win32/Adware.AdMedia application 8CC6F12E3AEF1FA7FD45B5875CFB289A C:\QooBox\Quarantine\C\WINDOWS\system32\tuvUMgGW.dll.vir Win32/Adware.Virtumonde.FP application C3EDC108F090EEE423160E96DCA7A04C C:\QooBox\Quarantine\C\WINDOWS\system32\xlgwvxtw.dll.vir Win32/BHO.NFH trojan B51D11C81AF4153EA8A6A688D0468BE4 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:06:23 AM, on 8/13/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\SnagIt 8\SnagItBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\SnagIt 8\SnagItIEAddin.dll O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Startup: Main Display.lnk = ? O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: UltraMon.lnk = ? O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.3.24.3\gears.dll O9 - Extra 'Tools' menuitem: &Google Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.3.24.3\gears.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{63AD31E0-CA3E-468E-B894-EB756F47FF40}: NameServer = 192.168.1.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update Service (gupdate1c89399ca824af8) (gupdate1c89399ca824af8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: OrbMediaService - Orb Networks - C:\Program Files\Winamp Remote\bin\OrbMediaService.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O24 - Desktop Component 1: (no name) - http://www.cybersalt.org/images/stor.../ringclock.swf -- End of file - 9140 bytes Edit: On my system behavior, I can now access my email. My popups weren't too frequent before so I won't know for a while if they have stopped for good. However, me not having connection problems with certain sites is a good sign. Last edited by ScottG489; 08-12-2008 at 10:09 PM.

08-13-2008, 08:38 AM	#9 (permalink)
ScottG489 Registered User Join Date: Aug 2008 Location: New York State Posts: 50 OS: XP Pro SP 3	Re: Popups/can't connect to various sites. Hey, just woke up so sorry for a bit of a delay. You can call me Scott, btw, if you want haha. Ran ComboFix.exe with that file and then I ran hijackthis.exe. ComboFix.txt and hijackthis.txt are posted below respectively. Also, I haven't noticed any problems with the computer so everthing seems to be going well. ComboFix 08-08-12.01 - Scott 2008-08-13 10:30:09.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1485 [GMT -4:00] Running from: C:\Documents and Settings\Scott\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Scott\Desktop\CFScript.txt * Created a new restore point . - REDUCED FUNCTIONALITY MODE - FILE :: C:\Documents and Settings\All Users\Documents\Program Files\AIM\Sysfiles\WxBug.EXE C:\WINDOWS\system32\ajflvgcl.exe C:\WINDOWS\system32\bosvswbt.exe C:\WINDOWS\system32\crtmglko.exe C:\WINDOWS\system32\ikcrpocc.exe C:\WINDOWS\system32\kttexdad.exe C:\WINDOWS\system32\qvyfgtpm.exe C:\WINDOWS\system32\sirvntrq.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Documents\Program Files\AIM\Sysfiles\WxBug.EXE C:\WINDOWS\system32\ajflvgcl.exe C:\WINDOWS\system32\bosvswbt.exe C:\WINDOWS\system32\crtmglko.exe C:\WINDOWS\system32\ikcrpocc.exe C:\WINDOWS\system32\kttexdad.exe C:\WINDOWS\system32\qvyfgtpm.exe C:\WINDOWS\system32\sirvntrq.exe . ((((((((((((((((((((((((( Files Created from 2008-07-13 to 2008-08-13 ))))))))))))))))))))))))))))))) . 2008-08-12 21:28 . 2008-08-12 23:49 <DIR> d-------- C:\Program Files\EsetOnlineScanner 2008-08-12 01:25 . 2008-08-12 01:25 <DIR> d-------- C:\Documents and Settings\Scott\mindterm 2008-08-09 17:50 . 2008-08-09 17:50 <DIR> d-------- C:\ie-spyad_zo 2008-08-09 17:47 . 2008-08-09 17:49 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-08-09 16:02 . 2008-08-09 16:02 <DIR> d-------- C:\Deckard 2008-08-09 15:52 . 2008-08-09 15:52 <DIR> d-------- C:\Program Files\Panda Security 2008-08-09 00:23 . 2008-08-09 00:23 <DIR> d-------- C:\Program Files\Trend Micro 2008-08-07 12:13 . 2008-08-07 14:42 <DIR> d-------- C:\Program Files\KellySoftware 2008-08-07 02:12 . 2008-08-07 02:12 <DIR> d-------- C:\Program Files\UltraMon 2008-08-07 02:12 . 2008-08-07 02:12 <DIR> d-------- C:\Program Files\Common Files\Realtime Soft 2008-08-07 02:12 . 2008-08-07 02:12 <DIR> d-------- C:\Documents and Settings\Scott\Application Data\Realtime Soft 2008-08-07 02:12 . 2008-08-07 02:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Realtime Soft 2008-08-01 19:52 . 2008-08-01 19:52 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe 2008-08-01 19:52 . 2008-08-01 19:52 22,328 --a------ C:\Documents and Settings\Scott\Application Data\PnkBstrK.sys 2008-08-01 19:20 . 2008-08-01 19:26 <DIR> d-------- C:\Program Files\NCH Swift Sound 2008-08-01 19:20 . 2008-08-01 19:20 <DIR> d-------- C:\Documents and Settings\Scott\Application Data\NCH Swift Sound 2008-08-01 19:20 . 2008-08-01 19:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound 2008-08-01 19:20 . 2008-08-01 19:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Software 2008-08-01 17:06 . 2008-08-01 17:06 <DIR> d-------- C:\WINDOWS\system32\scripting 2008-08-01 17:06 . 2008-08-01 17:06 <DIR> d-------- C:\WINDOWS\system32\en 2008-08-01 17:06 . 2008-08-01 17:06 <DIR> d-------- C:\WINDOWS\l2schemas 2008-07-24 16:34 . 2008-07-24 16:34 <DIR> d-------- C:\Program Files\No-IP 2008-07-14 23:57 . 2008-07-25 00:56 <DIR> d-------- C:\wamp 2008-07-14 23:44 . 2008-07-25 00:52 <DIR> d-------- C:\website 2008-07-13 12:22 . 2008-07-13 12:22 <DIR> d-------- C:\Program Files\The Specialists . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-13 00:56 --------- d-----w C:\Program Files\Steam 2008-08-13 00:55 --------- d-----w C:\Program Files\Winamp Remote 2008-08-13 00:50 --------- d-----w C:\Program Files\Java 2008-08-12 06:11 --------- d-----w C:\Program Files\LogMeIn 2008-08-11 23:26 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-08-11 21:50 --------- d-----w C:\Documents and Settings\Scott\Application Data\SSH 2008-08-10 22:34 --------- d-----w C:\Program Files\Norton Security Scan 2008-08-10 00:37 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-08-07 23:23 --------- d-----w C:\Documents and Settings\Scott\Application Data\ZoomBrowser EX 2008-08-07 23:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser 2008-08-07 06:12 --------- d-----w C:\Documents and Settings\Scott\Application Data\Azureus 2008-08-02 00:43 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-08-01 23:52 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe 2008-08-01 23:52 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-08-01 22:43 --------- d-----w C:\Program Files\Windows Grep 2008-07-31 10:58 --------- d-----w C:\Program Files\Spyware Doctor 2008-07-25 19:08 --------- d-----w C:\Program Files\Google 2008-07-24 21:05 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-07-24 21:05 --------- d-----w C:\Program Files\SnagIt 8 2008-07-24 21:05 --------- d-----w C:\Program Files\Halo 2 2008-07-24 21:05 --------- d-----w C:\Program Files\Gizmo5 2008-07-24 21:05 --------- d-----w C:\Program Files\DivX 2008-07-24 21:05 --------- d-----w C:\Program Files\Desktop Waller 2008-07-24 21:04 5,632 --sha-w C:\Program Files\Common Files\Thumbs.db 2008-07-24 21:04 --------- d-----w C:\Program Files\AIM 2008-07-15 04:46 --------- d-----w C:\Program Files\HTML Validator 2008-07-15 03:53 --------- d-----w C:\Program Files\PFConfig 2008-07-15 02:30 --------- d-----w C:\Program Files\Winamp 2008-07-15 02:18 --------- d-----w C:\Documents and Settings\Scott\Application Data\Winamp 2008-07-10 03:01 --------- d-----w C:\Program Files\Diablo II 2008-07-09 19:48 47,536 ----a-w C:\Documents and Settings\Scott\Application Data\GDIPFONTCACHEV1.DAT 2008-07-08 06:03 --------- d-----w C:\Program Files\Common Files\Control Panels 2008-07-08 06:03 --------- d-----w C:\Program Files\Common Files\Adobe 2008-07-08 06:02 --------- d-----w C:\Program Files\Bonjour 2008-07-07 17:44 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-07 17:44 --------- d-----w C:\Program Files\SSH Communications Security 2008-07-07 05:36 --------- d-----w C:\Program Files\Azureus 2008-07-03 16:28 --------- d-----w C:\Documents and Settings\Scott\Application Data\Bioshock 2008-07-03 15:27 --------- d-----w C:\Program Files\Electronic Arts 2008-07-02 03:50 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll 2008-07-02 03:50 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll 2008-07-02 03:50 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll 2008-07-02 03:36 94,208 ----a-w C:\WINDOWS\DIIUnin.exe 2008-07-02 03:36 2,829 ----a-w C:\WINDOWS\DIIUnin.pif 2008-06-20 19:54 --------- d-----w C:\Documents and Settings\Scott\Application Data\SPORE Creature Creator 2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-19 04:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogMeIn 2008-06-18 23:31 --------- d-----w C:\Program Files\WiFiConnector 2008-06-16 16:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-05-28 16:33 83,288 ----a-w C:\WINDOWS\system32\LMIRfsClientNP.dll 2008-05-28 16:32 87,352 ----a-w C:\WINDOWS\system32\LMIinit.dll 2008-05-28 16:32 24,608 ----a-w C:\WINDOWS\system32\LMIport.dll 2008-05-28 16:32 23,736 ----a-w C:\WINDOWS\system32\lmimirr.dll 2008-05-28 16:32 10,040 ----a-w C:\WINDOWS\system32\lmimirr2.dll 2008-04-05 02:58 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2007-09-30 21:07 161,862 ------w C:\Program Files\Common Files\uninstall.ico 2007-08-09 18:08 8,784 ----a-w C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll 2007-08-09 18:10 245,408 ----a-w C:\Program Files\mozilla firefox\plugins\unicows.dll 2006-05-03 09:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll 2007-02-21 10:47 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll . ((((((((((((((((((((((((((((( snapshot@2008-08-12_17.24.33.04 ))))))))))))))))))))))))))))))))))))))))) . + 2007-07-27 19:49:02 196,683 ----a-w C:\WINDOWS\system32\lnod32apiA.dll + 2007-07-27 19:49:02 225,355 ----a-w C:\WINDOWS\system32\lnod32apiW.dll + 2005-12-06 00:25:22 139,264 ----a-w C:\WINDOWS\system32\lnod32umc.dll + 2005-12-05 17:37:10 106,496 ----a-w C:\WINDOWS\system32\lnod32upd.dll + 2007-08-02 22:11:28 253,952 ----a-w C:\WINDOWS\system32\OnlineScannerDLLA.dll + 2007-08-02 22:11:14 241,664 ----a-w C:\WINDOWS\system32\OnlineScannerDLLW.dll + 2007-08-06 17:17:40 19,456 ----a-w C:\WINDOWS\system32\OnlineScannerLang.dll + 2007-06-13 15:10:34 77,824 ----a-w C:\WINDOWS\system32\OnlineScannerUninstaller.exe + 2004-12-07 15:11:34 258,352 ----a-w C:\WINDOWS\system32\unicows.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt] @="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}" [HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}] 2007-12-13 22:02 96552 --a------ C:\Program Files\Nero\Nero8\InCD\NBHShx.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector" [X] "AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 16:35 67112] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-07 00:45 68856] "Steam"="c:\program files\steam\steam.exe" [2008-03-27 23:32 1271032] "Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 16:02 495616] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 22:34 868352] "PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 08:00 455168] "PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 08:00 455168] "LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 16:09 63048] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-29 10:32 29744] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 19:58 81920] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-07 01:04 185632] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-25 21:23 443968] C:\Documents and Settings\Scott\Start Menu\Programs\Startup\ Main Display.lnk - C:\Documents and Settings\Scott\Application Data\Realtime Soft\UltraMon\3.0.2\Profiles\Main Display.umprofile [2008-08-07 03:48:51 237] No-IP DUC.lnk - C:\Program Files\No-IP\DUC20.exe [2008-07-24 16:34:06 1172992] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-01-07 00:45:27 125624] UltraMon.lnk - C:\WINDOWS\Installer\{AF0FA6D7-96F3-468A-ABB7-28BE006EA8E9}\IcoUltraMon.ico [2008-08-07 02:12:12 29310] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.yv12"= yv12vfw.dll "msacm.l3fhg"= mp3fhg.acm "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv "msacm.divxa32"= divxa32.acm [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Google Web Accelerator.lnk backup=C:\WINDOWS\pss\Run Google Web Accelerator.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Nintendo Wi-Fi USB Connector Registration Tool.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Nintendo Wi-Fi USB Connector Registration Tool.lnk backup=C:\WINDOWS\pss\Run Nintendo Wi-Fi USB Connector Registration Tool.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Scott^Start Menu^Programs^Startup^Adobe Gamma.lnk] path=C:\Documents and Settings\Scott\Start Menu\Programs\Startup\Adobe Gamma.lnk backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gizmo5] --a------ 2008-05-29 20:32 5267456 C:\Program Files\Gizmo5\Gizmo5.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1] --a------ 2004-08-04 01:31 208952 C:\WINDOWS\ime\IMJP8_1\imjpmig.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] --a------ 2007-12-13 22:02 1082152 C:\Program Files\Nero\Nero8\InCD\InCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2007-12-13 19:10 1688872 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray] --a------ 2008-02-01 12:55 1103240 C:\Program Files\Spyware Doctor\pctsTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2008-04-13 20:12 1695232 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] --a------ 2007-12-03 14:21 2213160 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-01 14:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] --a------ 2007-08-06 20:05 200704 C:\Program Files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc] --a------ 2007-12-13 22:02 2048808 C:\Program Files\Nero\Nero8\InCD\NBHGui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2008-02-12 20:10 21898024 C:\Program Files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2008-01-07 01:04 185632 C:\Program Files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2008-07-09 17:33 36352 C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "GoToMyPC"=2 (0x2) "PnkBstrA"=2 (0x2) "iPod Service"=3 (0x3) "Apple Mobile Device"=2 (0x2) "WMPNetworkSvc"=3 (0x3) "wampmysqld"=3 (0x3) "wampapache"=3 (0x3) "sdCoreService"=3 (0x3) "sdAuxService"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\AIM\\aim.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Azureus\\Azureus.exe"= "C:\\Program Files\\Steam\\steamapps\\goldcow64\\team fortress classic\\hl.exe"= "C:\\Program Files\\Steam\\steamapps\\goldcow64\\condition zero deleted scenes\\hl.exe"= "C:\\Program Files\\Steam\\steamapps\\goldcow64\\team fortress 2\\hl2.exe"= "C:\\Program Files\\Steam\\steamapps\\goldcow64\\counter-strike source\\hl2.exe"= "C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"= "C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"= "C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"= "C:\\Program Files\\Steam\\steamapps\\goldcow64\\counter-strike\\hl.exe"= "C:\\Program Files\\Steam\\steamapps\\goldcow64\\day of defeat source\\hl2.exe"= "C:\\Program Files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCry.exe"= "C:\\Program Files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCryConfigurator.exe"= "C:\\Program Files\\Steam\\Steam.exe"= "C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "C:\\Program Files\\Halo 2\\halo2.exe"= "C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"= "C:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\Steam\\steamapps\\goldcow64\\garrysmod\\hl2.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"= "C:\\Program Files\\Gizmo5\\Gizmo5.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"= "C:\\Program Files\\Steam\\steamapps\\goldcow64\\half-life 2 deathmatch\\hl2.exe"= "C:\\Program Files\\Steam\\steamapps\\goldcow64\\source sdk base\\hl2.exe"= "C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"= "C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39] R2 UltraMonUtility;UltraMon Utility Driver;C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2006-09-24 20:22] R3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys [2006-09-24 20:23] S2 gupdate1c89399ca824af8;Google Update Service (gupdate1c89399ca824af8);C:\Program Files\Google\Update\GoogleUpdate.exe [2008-07-15 21:32] S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2008-02-28 15:31] S2 NeroRegInCDSrv;Nero Registry InCD Service;C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2007-12-13 22:02] S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-04-29 10:32] S3 radpms;Driver for RADPMS Device;C:\WINDOWS\system32\DRIVERS\radpms.sys [2007-08-03 16:04] S4 wampapache;wampapache;c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe [2008-01-18 00:37] S4 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe wampmysqld [] Newly Created Service - CATCHME . Contents of the 'Scheduled Tasks' folder 2008-08-12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57] 2008-08-10 C:\WINDOWS\Tasks\Norton Security Scan.job - C:\Program Files\Norton Security Scan\Nss.exe [2007-09-19 00:42] . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-13 10:30:24 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-08-13 10:43:20 ComboFix-quarantined-files.txt 2008-08-13 14:42:50 ComboFix2.txt 2008-08-13 00:48:26 ComboFix3.txt 2008-08-13 00:34:21 ComboFix4.txt 2008-08-12 21:25:51 Pre-Run: 50,760,327,168 bytes free Post-Run: 50,748,145,664 bytes free 304 --- E O F --- 2008-08-02 04:36:05 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:44:45 AM, on 8/13/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\SnagIt 8\SnagItBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\SnagIt 8\SnagItIEAddin.dll O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Startup: Main Display.lnk = ? O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: UltraMon.lnk = ? O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.3.24.3\gears.dll O9 - Extra 'Tools' menuitem: &Google Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.3.24.3\gears.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{63AD31E0-CA3E-468E-B894-EB756F47FF40}: NameServer = 192.168.1.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update Service (gupdate1c89399ca824af8) (gupdate1c89399ca824af8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: OrbMediaService - Orb Networks - C:\Program Files\Winamp Remote\bin\OrbMediaService.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O24 - Desktop Component 1: (no name) - http://www.cybersalt.org/images/stor.../ringclock.swf -- End of file - 8942 bytes

08-13-2008, 09:14 AM	#10 (permalink)
chemist Moderator, Analyst, Security Team; Rangemaster, TSF Academy Join Date: Oct 2007 Location: Georgia Posts: 10,426 OS: XP SP3	Re: Popups/can't connect to various sites. Hi Scott. Let's get an antivirus program installed on this computer. Did you uninstall Spyware Doctor? Best to do that first in Add or Remove Programs in your Control Panel. Download AVG and Save it to your Desktop. Double-click on the avg_free~.exe file and follow the prompts to install it, then update AVG, and run a full system scan. Open HijackThis and click on 'Do a System Scan and Save a Logfile'. Save the logfile and post it here. __________________ Our help is free but please donate Proud member of ASAP Proud member of UNITE Last edited by chemist; 08-13-2008 at 09:27 AM.

08-15-2008, 11:09 AM	#11 (permalink)
ScottG489 Registered User Join Date: Aug 2008 Location: New York State Posts: 50 OS: XP Pro SP 3	Re: Popups/can't connect to various sites. Hi, sorry about the late response. I didn't think you responded yet because I never got an email alert. I just uninstalled Spyware Doctor. Should I uninstall SpywareBlaster too? I'm downloading AVG right now. Right now I'm on break from work and I have to go back. When I get home I will put the download on my desktop, restart my computer (because Spyware Doctor needs me too to complete the uninstallation), run AVG, update and then run a full system scan. Then I will post a HijackThis log. Once again I'm really sorry for the slow response. I'll post all that stuff in 3-4 hours depending on how long that scan takes.

08-15-2008, 02:52 PM	#12 (permalink)
chemist Moderator, Analyst, Security Team; Rangemaster, TSF Academy Join Date: Oct 2007 Location: Georgia Posts: 10,426 OS: XP SP3	Re: Popups/can't connect to various sites. Hello Scott. No, do not uninstall SpywareBlaster. We recommend that program be installed. I await your reply. __________________ Our help is free but please donate Proud member of ASAP Proud member of UNITE

08-15-2008, 03:21 PM	#13 (permalink)
ScottG489 Registered User Join Date: Aug 2008 Location: New York State Posts: 50 OS: XP Pro SP 3	Re: Popups/can't connect to various sites. Ok, well I have to to work at my other job now. The scan just rounded 1 hour. Ill be getting home at 12 tonight (or tomorrow morning lol) and then I will post all of those logs. Sorry for this taking so long. Thanks so much for your help, though. Oh yea and I had one more quick question. Do you have any program that would be good for scanning single files or folders that I suspect could be or contain malicious software? It wouldn't matter how much system resources it would take up since I would just use it when I needed to. I would prefer it be free, but if you know a non-free program that is very good for that sort of thing, I would be happy to look into it. Thanks again! Last edited by ScottG489; 08-15-2008 at 03:23 PM.

08-15-2008, 10:18 PM	#14 (permalink)
ScottG489 Registered User Join Date: Aug 2008 Location: New York State Posts: 50 OS: XP Pro SP 3	Re: Popups/can't connect to various sites. Ok, the system scan finished. It found a few things. You didn't say to actually remove the things it said so I just left it there and then ran HijackThis. Here is the hijackthis.log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:27:27 AM, on 8/16/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe C:\Program Files\Winamp Remote\bin\OrbMediaService.exe C:\WINDOWS\system32\PnkBstrB.exe C:\Program Files\Winamp Remote\bin\OrbTray.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Winamp Remote\bin\Orb.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\AIM\aim.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\program files\steam\steam.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\UltraMon\UltraMon.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\UltraMon\UltraMonTaskbar.exe C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\AVG\AVG8\avgui.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\SnagIt 8\SnagItBHO.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\SnagIt 8\SnagItIEAddin.dll O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Startup: Main Display.lnk = ? O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: UltraMon.lnk = ? O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.3.24.3\gears.dll O9 - Extra 'Tools' menuitem: &Google Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.3.24.3\gears.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{63AD31E0-CA3E-468E-B894-EB756F47FF40}: NameServer = 192.168.1.1 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update Service (gupdate1c89399ca824af8) (gupdate1c89399ca824af8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: OrbMediaService - Orb Networks - C:\Program Files\Winamp Remote\bin\OrbMediaService.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O24 - Desktop Component 1: (no name) - http://www.cybersalt.org/images/stor.../ringclock.swf -- End of file - 10853 bytes I'll be at work until 3:30 tomorrow. If you post before 9 though I'll try to check before I leave for work in the morning. Thanks!

08-15-2008, 11:34 PM	#15 (permalink)
chemist Moderator, Analyst, Security Team; Rangemaster, TSF Academy Join Date: Oct 2007 Location: Georgia Posts: 10,426 OS: XP SP3	Re: Popups/can't connect to various sites. What 'things' did it find? Nothing is showing in your logs. AVG can scan specific folders. How about uploading suspicious files here >> http://www.virustotal.com/ __________________ Our help is free but please donate Proud member of ASAP Proud member of UNITE

08-16-2008, 07:15 PM	#16 (permalink)
ScottG489 Registered User Join Date: Aug 2008 Location: New York State Posts: 50 OS: XP Pro SP 3	Re: Popups/can't connect to various sites. Here is a screenshot of a few things it found. I don't think it can output a log or anything: The first two are from the infections tab (the second is just scrolled down) and the 3rd is the warnings tab. http://img504.imageshack.us/img504/5349/11093092bo7.jpg http://img524.imageshack.us/img524/7209/10817368ia9.jpg http://img205.imageshack.us/img205/8233/81175015sa6.jpg And about the file/folder scaner: Which do you think would be better (AVG or virustotal?)? Or which is better for what type of file. And would they both be able to, say, scan a .mp3 file and tell if its malicious or not? Hope to hear back from you soon!

08-16-2008, 11:05 PM	#18 (permalink)
ScottG489 Registered User Join Date: Aug 2008 Location: New York State Posts: 50 OS: XP Pro SP 3	Re: Popups/can't connect to various sites. I don't think that PhotoStitch software is bad but I will scan it anyways. Ok this is what I get when I send that file in VirusTotal: 0 bytes size received / Se ha recibido un archivo vacio Seems like there is an error or something in sending it? And my system has been behaving great for the past few days.

08-17-2008, 01:47 PM	#20 (permalink)
ScottG489 Registered User Join Date: Aug 2008 Location: New York State Posts: 50 OS: XP Pro SP 3	Re: Popups/can't connect to various sites. Ok, I pasted the following to VirusTotal C:\Documents and Settings\Scott\My Documents\My Downloads\Programs\Canon PowerShot A540 Software\Canon.PhotoStitch.v3.1.20.44-DSi.rar These were the results: File has already been analysed: MD5: 1b684cc45ca7d2f9350aeb731cbcb5dc First received: 01.11.2008 18:12:58 (CET) Date: 08.11.2008 10:11:31 (CET) [>6D] Results: 3/36 Permalink: analisis/4120b800dc11d3826706ba5481ead309 I also forgot to tell you (because I forgot I had it) that I have norton on this computer. if I install all of those programs you recommend, should I uninstall Norton? There isnt a reason I have Norton on here, it just came with the Google Pack. I would be fine with uninstalling it if those programs are better. However, I'm still a little confused why I need all those other programs. You recommended that I install AVG, which I did. I'm a little worried that with all those programs installed its really going to start to slow down my system. If you strongly recommend that I install them, then I will, I just want to make sure.