Another "Warning! Spyware detected on your computer!" Thread
I'm sure you have seen your fair share of these threads by now so I won't describe the problem unless you need me to. None of my anti-virus/spyware prevention has done anything. Here is my HJT log:
Logfile of HijackThis v1.98.2
Scan saved at 21:02, on 6/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SysMetrix\SysMetrix.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Ad Muncher\AdMunch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ian\Desktop\Virus Protection\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: (no name) - <default> - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: QXK Olive - {61B97503-AC8C-49D3-B549-34C0EC92128D} - C:\WINDOWS\boqnrwdmdev.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O3 - Toolbar: atfxqogp - {910EF077-8B76-4A3C-B201-A5CAABA866F8} - C:\WINDOWS\atfxqogp.dll (file missing)
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Ad Muncher] "C:\Program Files\Ad Muncher\AdMunch.exe" /bt
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [AskPBar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -2
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [antivirus-2008pro.exe] C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_wi...&exversion=0.4&pass=935901DS&id=menu_ie_frame
O8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_wi...&exversion=0.4&pass=935901DS&id=menu_ie_image
O8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_wi...e&exversion=0.4&pass=935901DS&id=menu_ie_link
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher.com/request_wi...xversion=0.4&pass=935901DS&id=menu_ie_exclude
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_wi...exversion=0.4&pass=935901DS&id=menu_ie_report
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Help - {64D73E0C-CBE1-49BC-9864-CCC0F94962FB} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {A67E19C5-53D3-4E38-8220-6D93DF625538} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Support - {EEE798E8-E907-48C2-A46D-2178F2169153} - http://www.comcastsupport.com (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .avi: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npavi32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .wmv: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125018282765
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129679057640
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} -
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
And here is my ComboFix Log:
ComboFix 08-06-04.1 - Ian 2008-06-04 19:58:25.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.115 [GMT -4:00]Running from: C:\Documents and Settings\Ian\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Ian\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus-2008pro.lnk
C:\Documents and Settings\Ian\Start Menu\Programs\Antivirus 2008 PRO
C:\Documents and Settings\Ian\Start Menu\Programs\Antivirus 2008 PRO\antivirus-2008pro.lnk
C:\Documents and Settings\Owner\Application Data\{2CF0B992-5EEB-4143-99C0-5297EF71F444}
C:\setup.exe
C:\WINDOWS\privacy_danger
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MSUPDATE
-------\Legacy_NPF
-------\Service_msupdate
-------\Service_NPF
((((((((((((((((((((((((( Files Created from 2008-05-05 to 2008-06-05 )))))))))))))))))))))))))))))))
.
2008-06-03 19:34 . 2008-06-03 19:35 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-03 19:33 . 2008-06-01 19:13 <DIR> d-------- C:\SDFix
2008-06-03 19:22 . 2008-06-03 19:22 <DIR> d-------- C:\Documents and Settings\Ian\Application Data\Uniblue
2008-06-03 19:21 . 2008-06-03 19:21 <DIR> d-------- C:\Program Files\Uniblue
2008-06-03 15:56 . 2008-06-03 15:56 45 --a------ C:\TEST.XML
2008-06-03 15:13 . 2008-06-03 15:13 93,184 --a------ C:\WINDOWS\system32\lphccgqj0eg05.exe
2008-06-03 15:13 . 2008-06-03 15:13 90,838 --a------ C:\WINDOWS\system32\phccgqj0eg05.bmp
2008-06-03 15:13 . 2008-06-03 15:13 52,736 --a------ C:\WINDOWS\system32\blphccgqj0eg05.scr
2008-06-03 15:12 . 2008-06-03 15:12 29,440 --a------ C:\WINDOWS\system32\drivers\phF47.sys
2008-06-03 15:11 . 2008-06-03 07:52 94,208 --a------ C:\WINDOWS\esbq.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-04 23:51 --------- d-----w C:\Program Files\SysMetrix
2008-06-04 23:49 --------- d-----w C:\Program Files\PestPatrol
2008-06-03 21:42 --------- d-----w C:\Program Files\Java
2008-06-03 21:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-03 21:23 --------- d-----w C:\Program Files\AskPBar
2008-06-03 18:41 --------- d-----w C:\Program Files\themexp
2008-06-03 18:10 --------- d-----w C:\Program Files\The Weather Channel FW
2008-06-03 18:08 --------- d-----w C:\Program Files\Maxthon
2008-06-03 18:08 --------- d-----w C:\Program Files\Google
2008-05-06 17:37 --------- d-----w C:\Program Files\PeerGuardian2
2006-02-07 16:03 43,256 -c--a-w C:\Documents and Settings\Ian\Application Data\GDIPFONTCACHEV1.DAT
2005-12-04 00:22 309 -c--a-w C:\Program Files\PeckJoin.ini
2005-09-29 02:16 2,977 -c--a-w C:\Program Files\ST4UNST.LOG
2005-09-12 02:51 7,711,705 -c--a-w C:\Program Files\CCAAgent_Setup.exe
2005-08-26 01:29 19,789,475 -c--a-w C:\Program Files\musav.exe
2004-10-01 19:00 40,960 -c--a-w C:\Program Files\Uninstall_CDS.exe
2004-08-04 23:55 560 -c--a-w C:\Documents and Settings\Ian\PCDOC.BAT
2004-07-18 01:18 5,078,944 -c--a-w C:\Program Files\FirefoxSetup-0.9.2.exe
2004-07-15 19:29 25,603 -c--a-w C:\Program Files\AboutBuster.zip
2004-07-15 19:27 181,426 -c--a-w C:\Program Files\hijackthis.zip
2004-07-15 19:20 1,129,567 -c--a-w C:\Program Files\setup_ares.exe
2004-07-12 22:52 4,376,975 -c--a-w C:\Program Files\winamp503_full.exe
2004-07-11 17:52 978,369 -c--a-w C:\Program Files\areslite181.exe
2004-07-11 05:42 2,247,855 -c--a-w C:\Program Files\spywareblastersetup.exe
2004-06-19 21:39 289,738 -c--a-w C:\Program Files\Install_MM_0[1].2.0011.exe
2004-06-19 21:35 5,216,912 -c--a-w C:\Program Files\Install_AIM_np.exe
2004-06-09 20:38 1,844,787 -c--a-w C:\Program Files\burn4free_setup.exe
2004-06-01 03:14 10,135,688 -c--a-w C:\Program Files\MPSetupXP.exe
2004-05-16 18:19 4,354,084 -c--a-w C:\Program Files\spybotsd13.exe
2004-04-22 16:03 3,292,584 -c--a-w C:\Program Files\DivXPlayerInstaller.exe
2004-04-20 22:39 760 -c--a-w C:\Program Files\aswclnr.log
2004-04-20 22:03 330,752 -c--a-w C:\Program Files\aswclnr.exe
2004-04-20 20:58 5,489,153 -c--a-w C:\Program Files\asescanner.exe
2004-04-20 04:55 774,837 -c--a-w C:\Program Files\trtext.exe
2004-04-19 19:14 7,041,024 -c--a-w C:\Program Files\avg6656fu_free.exe
2004-04-18 18:46 1,087,159 -c--a-w C:\Program Files\PeerGuardian_v1.99_pr14.zip
2004-04-03 22:24 2,284,922 -c--a-w C:\Program Files\Aston Martin Vanquish UPDATE.zip
2004-04-03 22:11 867,615 -c--a-w C:\Program Files\rainlendar-0.19.2.exe
2004-04-03 21:44 7,909,376 -c--a-w C:\Program Files\sidebarb48.exe
2004-03-31 02:43 251,904 -c--a-w C:\Program Files\ie-spyad.exe
2004-03-31 02:01 7,845,559 -c--a-w C:\Program Files\setupeng.exe
2004-03-30 04:28 1,077,292 -c--a-w C:\Program Files\freeripmp3.exe
2004-03-24 23:30 935,026 -c--a-w C:\Program Files\spywareguardsetupmin.exe
2004-03-23 22:21 1,142,529 -c--a-w C:\Program Files\aressetup.exe
2004-03-23 01:29 76 -c--a-w C:\Program Files\backup-20040322-202902-504
2004-03-23 01:06 3,684,032 -c--a-w C:\Program Files\spybotsd12.exe
2004-03-22 18:18 7,833 -c--a-w C:\Program Files\startuplist.txt
2004-03-22 06:00 986,266 -c--a-w C:\Program Files\ie-ads-uninst.reg
2004-03-22 06:00 1,042,391 -c--a-w C:\Program Files\ie-ads.reg
2004-03-22 03:26 46 -c--a-w C:\Program Files\backup-20040321-222602-239
2004-03-22 03:18 107 -c--a-w C:\Program Files\backup-20040321-221801-452
2004-03-22 03:14 47 -c--a-w C:\Program Files\backup-20040321-221432-891
2004-03-22 03:10 897 -c--a-w C:\Program Files\backup-20040321-221053-458
2004-03-22 03:10 2,643 -c--a-w C:\Program Files\backup-20040321-221053-567
2004-03-22 03:10 1,053 -c--a-w C:\Program Files\backup-20040321-221052-397
2004-03-22 03:09 94 -c--a-w C:\Program Files\backup-20040321-220923-765
2004-03-22 03:09 92 -c--a-w C:\Program Files\backup-20040321-220923-334
2004-03-22 03:09 114 -c--a-w C:\Program Files\backup-20040321-220940-857
2004-03-22 03:09 114 -c--a-w C:\Program Files\backup-20040321-220923-964
2004-03-22 03:09 112 -c--a-w C:\Program Files\backup-20040321-220923-520
2004-03-22 03:09 101 -c--a-w C:\Program Files\backup-20040321-220923-157
2004-03-22 03:06 76 -c--a-w C:\Program Files\backup-20040321-220646-724
2004-03-22 03:04 160,768 -c--a-w C:\Program Files\HijackThis.exe
2004-03-22 01:00 141,984 -c--a-w C:\Program Files\ReadMe.txt
2004-03-01 18:24 944,362 -c--a-w C:\Program Files\zplaypro.exe
2004-03-01 01:06 985,659 -c--a-w C:\Documents and Settings\Ian\2020setup.exe
2004-02-19 21:29 5,093,533 -c--a-w C:\Program Files\StyleXPUpdate.zip
2004-02-11 05:42 5,182,805 -c--a-w C:\Program Files\ezcddax6.exe
2004-02-08 21:28 4,384,013 -c--a-w C:\Program Files\winamp502_full.exe
2004-02-02 22:54 1,200,886 -c--a-w C:\Program Files\setupares.exe
2004-01-27 19:32 267,472 -c--a-w C:\Program Files\NSSetup.exe
2004-01-22 03:56 291,396 -c--a-w C:\Program Files\WinBar 1.2.93 Setup.exe
2004-01-21 20:55 4,555,920 -c--a-w C:\Program Files\Install_AIM_5.5.3501_np.exe
2004-01-19 23:56 1,760,378 -c--a-w C:\Program Files\aaw6.exe
2004-01-12 05:17 765,001 -c--a-w C:\Program Files\slsk152.exe
2003-12-04 16:46 1,847,808 -c--a-w C:\Program Files\ftop3.exe
2003-12-03 05:28 2,150,145 -c-ha-w C:\Documents and Settings\Ian\kyf.dat
2003-11-29 03:00 3,815 -c--a-w C:\Program Files\LICENSE.TXT
2003-11-23 17:39 1,613 -c--a-w C:\Program Files\INSTALL.LOG
2003-11-23 17:38 3,468,472 -c--a-w C:\Program Files\winamp3_0-full.exe
2003-10-31 20:08 16,476,480 -c--a-w C:\Program Files\ow32enen721j.exe
2003-10-28 19:20 299,624 -c--a-w C:\Program Files\dxwebsetup.exe
2003-10-15 23:32 23,609,425 -c--a-w C:\Program Files\cc32d479.exe
2003-10-15 20:50 2,320,949 -c--a-w C:\Program Files\winamp291_full.exe
2003-10-02 21:53 2,178,923 -c--a-w C:\Program Files\regmech201.exe
2003-09-28 22:00 3,264 -c--a-w C:\Program Files\PleaseRead.txt
2003-09-28 22:00 10,225 -c--a-w C:\Program Files\install.bat
2003-09-19 19:01 227,552 -c--a-w C:\Program Files\N6Setup.exe
2003-09-12 16:07 928 -c--a-w C:\Program Files\sfx.log
2003-09-12 09:53 31,091,316 -c--a-w C:\Program Files\5100_enu_win2k_xp.exe
2003-09-08 20:53 81,920 -c--a-w C:\Program Files\Microsoft Office.exe
2003-09-05 21:29 756,572 -c--a-w C:\Program Files\GDiVX1.9.9.6.exe
2003-09-05 07:39 101,478 -c--a-w C:\Program Files\hkSFVsetup.exe
2003-09-05 07:35 17,187 -c--a-w C:\Program Files\AIM+Setup.exe
2003-09-03 06:37 1,111,950 -c--a-w C:\Program Files\setup1.exe
2003-09-03 05:46 433,432 -c--a-w C:\Program Files\GoogleToolbarInstaller.exe
2003-09-02 11:22 3,120,360 -c--a-w C:\Program Files\Install_AIM.exe
2003-06-20 05:47 162 -c--a-w C:\Program Files\hpsfx.ini
2003-06-09 23:27 1,530,829 -c--a-w C:\Program Files\snood_full.exe
1997-09-28 17:22 91,883 -c--a-w C:\Program Files\PeckJoin.hlp
2004-07-04 02:09 140,800 -c--a-w C:\Program Files\mozilla firefox\plugins\al2np.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{61B97503-AC8C-49D3-B549-34C0EC92128D}]
C:\WINDOWS\boqnrwdmdev.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{910EF077-8B76-4A3C-B201-A5CAABA866F8}"= "C:\WINDOWS\atfxqogp.dll" [ ]
[HKEY_CLASSES_ROOT\clsid\{910ef077-8b76-4a3c-b201-a5caaba866f8}]
[HKEY_CLASSES_ROOT\atfxqogp.1]
[HKEY_CLASSES_ROOT\TypeLib\{F25C07D1-1C0E-416F-8147-20AF5007A3F5}]
[HKEY_CLASSES_ROOT\atfxqogp]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"RealPlayer"="C:\Program Files\Real\RealPlayer\realplay.exe" [2006-08-31 17:35 1003520]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-08-18 09:53 50528]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
"antivirus-2008pro.exe"="C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-06-20 01:45 172032]
"WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [2000-08-08 16:00 24576]
"PCDRealtime"="C:\WINDOWS\realtime.exe" [2003-03-15 22:46 168448]
"PestPatrol Control Center"="c:\PROGRA~1\PESTPA~1\PPControl.exe" [2004-11-15 12:49 98304]
"PPMemCheck"="c:\PROGRA~1\PESTPA~1\PPMemCheck.exe" [2004-04-02 15:11 148480]
"CookiePatrol"="c:\PROGRA~1\PESTPA~1\CookiePatrol.exe" [2005-01-10 10:35 73728]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2006-03-16 04:00 1397760]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 16:44 66680]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-05-31 23:19 180269]
"SysMetrix"="C:\Program Files\SysMetrix\SysMetrix.exe" [2006-02-25 16:09 2637824]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Ad Muncher"="C:\Program Files\Ad Muncher\AdMunch.exe" [2006-10-28 03:37 705024]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-06-08 12:31 29696 C:\WINDOWS\KHALMNPR.Exe]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 11:56 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 13:10 267048]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AskPBar Uninstall"="C:\PROGRA~1\UNINST~1.DLL" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL" [2003-10-06 14:16 49152]
C:\Documents and Settings\Ian\Start Menu\Programs\Startup\
Rainlendar.lnk - C:\Program Files\Rainlendar\Rainlendar.exe [2005-07-22 11:14:46 118784]
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 20:05:35 360448]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2005-08-26 10:34:42 581632]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\Program Files\\TGTSoft\\StyleXP\\CurrentLogon.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i263_32.drv
"msacm.dvacm"= dvacm.acm
"VIDC.I263"= i263_32.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\phF47.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Mozilla Firefox\\plugins\\alhlp.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Real\\RealPlayer\\trueplay.exe"=
"C:\\Program Files\\Starcraft\\starcraft.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Ad Muncher\\AdMunch.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R2 nvTUNEP;nVidia WDM TVTuner;C:\WINDOWS\system32\DRIVERS\nvtunep.sys [2003-02-05 06:03]
R2 nvtvSND;nVidia WDM TVAudio Crossbar;C:\WINDOWS\system32\DRIVERS\nvtvsnd.sys [2003-02-05 06:03]
S3 ids00035;ids00035;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00035.sys []
S3 klstm;klstm;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\klstm.sys []
S3 map730c;map730c;C:\WINDOWS\system32\Drivers\map730c.sys [2005-06-16 19:11]
S3 map730m;map730m;C:\WINDOWS\system32\Drivers\map730m.sys [2005-06-16 19:13]
S3 map730u;map730u;C:\WINDOWS\system32\Drivers\map730u.sys [2006-08-16 17:56]
S3 MaRdPnp;MaRdPnp;C:\WINDOWS\system32\DRIVERS\MaRdP2K.sys [2005-08-18 12:44]
S4 .NET Connection Service;.NET Framework Service;C:\WINDOWS\svchost.exe []
S4 phF47;phF47;C:\WINDOWS\System32\drivers\phF47.sys [2008-06-03 15:12]
.
Contents of the 'Scheduled Tasks' folder
"2008-06-05 00:00:01 C:\WINDOWS\Tasks\ACAF149291848B7A.job"
- c:\docume~1\ian\applic~1\surfco~1\enc regs beep.exe
"2008-05-16 15:10:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-03 20:53:43 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-04 20:22:07
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
C:\WINDOWS\explorer.exe [3824] 0x8280DC18
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Logitech\SetPoint\lgscroll.dll
-> C:\Program Files\Ad Muncher\AM27105.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Zune\ZuneNss.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-06-04 20:42:24 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-05 00:41:01
Pre-Run: 21,954,494,464 bytes free
Post-Run: 22,170,361,856 bytes free
269 --- E O F --- 2008-06-03 21:54:40
Thanks a bunch for all of your help!
Logfile of HijackThis v1.98.2
Scan saved at 21:02, on 6/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SysMetrix\SysMetrix.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Ad Muncher\AdMunch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ian\Desktop\Virus Protection\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: (no name) - <default> - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: QXK Olive - {61B97503-AC8C-49D3-B549-34C0EC92128D} - C:\WINDOWS\boqnrwdmdev.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O3 - Toolbar: atfxqogp - {910EF077-8B76-4A3C-B201-A5CAABA866F8} - C:\WINDOWS\atfxqogp.dll (file missing)
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Ad Muncher] "C:\Program Files\Ad Muncher\AdMunch.exe" /bt
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [AskPBar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -2
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [antivirus-2008pro.exe] C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_wi...&exversion=0.4&pass=935901DS&id=menu_ie_frame
O8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_wi...&exversion=0.4&pass=935901DS&id=menu_ie_image
O8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_wi...e&exversion=0.4&pass=935901DS&id=menu_ie_link
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher.com/request_wi...xversion=0.4&pass=935901DS&id=menu_ie_exclude
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_wi...exversion=0.4&pass=935901DS&id=menu_ie_report
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Help - {64D73E0C-CBE1-49BC-9864-CCC0F94962FB} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {A67E19C5-53D3-4E38-8220-6D93DF625538} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Support - {EEE798E8-E907-48C2-A46D-2178F2169153} - http://www.comcastsupport.com (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .avi: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npavi32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .wmv: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125018282765
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129679057640
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} -
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
And here is my ComboFix Log:
ComboFix 08-06-04.1 - Ian 2008-06-04 19:58:25.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.115 [GMT -4:00]Running from: C:\Documents and Settings\Ian\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Ian\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus-2008pro.lnk
C:\Documents and Settings\Ian\Start Menu\Programs\Antivirus 2008 PRO
C:\Documents and Settings\Ian\Start Menu\Programs\Antivirus 2008 PRO\antivirus-2008pro.lnk
C:\Documents and Settings\Owner\Application Data\{2CF0B992-5EEB-4143-99C0-5297EF71F444}
C:\setup.exe
C:\WINDOWS\privacy_danger
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MSUPDATE
-------\Legacy_NPF
-------\Service_msupdate
-------\Service_NPF
((((((((((((((((((((((((( Files Created from 2008-05-05 to 2008-06-05 )))))))))))))))))))))))))))))))
.
2008-06-03 19:34 . 2008-06-03 19:35 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-03 19:33 . 2008-06-01 19:13 <DIR> d-------- C:\SDFix
2008-06-03 19:22 . 2008-06-03 19:22 <DIR> d-------- C:\Documents and Settings\Ian\Application Data\Uniblue
2008-06-03 19:21 . 2008-06-03 19:21 <DIR> d-------- C:\Program Files\Uniblue
2008-06-03 15:56 . 2008-06-03 15:56 45 --a------ C:\TEST.XML
2008-06-03 15:13 . 2008-06-03 15:13 93,184 --a------ C:\WINDOWS\system32\lphccgqj0eg05.exe
2008-06-03 15:13 . 2008-06-03 15:13 90,838 --a------ C:\WINDOWS\system32\phccgqj0eg05.bmp
2008-06-03 15:13 . 2008-06-03 15:13 52,736 --a------ C:\WINDOWS\system32\blphccgqj0eg05.scr
2008-06-03 15:12 . 2008-06-03 15:12 29,440 --a------ C:\WINDOWS\system32\drivers\phF47.sys
2008-06-03 15:11 . 2008-06-03 07:52 94,208 --a------ C:\WINDOWS\esbq.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-04 23:51 --------- d-----w C:\Program Files\SysMetrix
2008-06-04 23:49 --------- d-----w C:\Program Files\PestPatrol
2008-06-03 21:42 --------- d-----w C:\Program Files\Java
2008-06-03 21:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-03 21:23 --------- d-----w C:\Program Files\AskPBar
2008-06-03 18:41 --------- d-----w C:\Program Files\themexp
2008-06-03 18:10 --------- d-----w C:\Program Files\The Weather Channel FW
2008-06-03 18:08 --------- d-----w C:\Program Files\Maxthon
2008-06-03 18:08 --------- d-----w C:\Program Files\Google
2008-05-06 17:37 --------- d-----w C:\Program Files\PeerGuardian2
2006-02-07 16:03 43,256 -c--a-w C:\Documents and Settings\Ian\Application Data\GDIPFONTCACHEV1.DAT
2005-12-04 00:22 309 -c--a-w C:\Program Files\PeckJoin.ini
2005-09-29 02:16 2,977 -c--a-w C:\Program Files\ST4UNST.LOG
2005-09-12 02:51 7,711,705 -c--a-w C:\Program Files\CCAAgent_Setup.exe
2005-08-26 01:29 19,789,475 -c--a-w C:\Program Files\musav.exe
2004-10-01 19:00 40,960 -c--a-w C:\Program Files\Uninstall_CDS.exe
2004-08-04 23:55 560 -c--a-w C:\Documents and Settings\Ian\PCDOC.BAT
2004-07-18 01:18 5,078,944 -c--a-w C:\Program Files\FirefoxSetup-0.9.2.exe
2004-07-15 19:29 25,603 -c--a-w C:\Program Files\AboutBuster.zip
2004-07-15 19:27 181,426 -c--a-w C:\Program Files\hijackthis.zip
2004-07-15 19:20 1,129,567 -c--a-w C:\Program Files\setup_ares.exe
2004-07-12 22:52 4,376,975 -c--a-w C:\Program Files\winamp503_full.exe
2004-07-11 17:52 978,369 -c--a-w C:\Program Files\areslite181.exe
2004-07-11 05:42 2,247,855 -c--a-w C:\Program Files\spywareblastersetup.exe
2004-06-19 21:39 289,738 -c--a-w C:\Program Files\Install_MM_0[1].2.0011.exe
2004-06-19 21:35 5,216,912 -c--a-w C:\Program Files\Install_AIM_np.exe
2004-06-09 20:38 1,844,787 -c--a-w C:\Program Files\burn4free_setup.exe
2004-06-01 03:14 10,135,688 -c--a-w C:\Program Files\MPSetupXP.exe
2004-05-16 18:19 4,354,084 -c--a-w C:\Program Files\spybotsd13.exe
2004-04-22 16:03 3,292,584 -c--a-w C:\Program Files\DivXPlayerInstaller.exe
2004-04-20 22:39 760 -c--a-w C:\Program Files\aswclnr.log
2004-04-20 22:03 330,752 -c--a-w C:\Program Files\aswclnr.exe
2004-04-20 20:58 5,489,153 -c--a-w C:\Program Files\asescanner.exe
2004-04-20 04:55 774,837 -c--a-w C:\Program Files\trtext.exe
2004-04-19 19:14 7,041,024 -c--a-w C:\Program Files\avg6656fu_free.exe
2004-04-18 18:46 1,087,159 -c--a-w C:\Program Files\PeerGuardian_v1.99_pr14.zip
2004-04-03 22:24 2,284,922 -c--a-w C:\Program Files\Aston Martin Vanquish UPDATE.zip
2004-04-03 22:11 867,615 -c--a-w C:\Program Files\rainlendar-0.19.2.exe
2004-04-03 21:44 7,909,376 -c--a-w C:\Program Files\sidebarb48.exe
2004-03-31 02:43 251,904 -c--a-w C:\Program Files\ie-spyad.exe
2004-03-31 02:01 7,845,559 -c--a-w C:\Program Files\setupeng.exe
2004-03-30 04:28 1,077,292 -c--a-w C:\Program Files\freeripmp3.exe
2004-03-24 23:30 935,026 -c--a-w C:\Program Files\spywareguardsetupmin.exe
2004-03-23 22:21 1,142,529 -c--a-w C:\Program Files\aressetup.exe
2004-03-23 01:29 76 -c--a-w C:\Program Files\backup-20040322-202902-504
2004-03-23 01:06 3,684,032 -c--a-w C:\Program Files\spybotsd12.exe
2004-03-22 18:18 7,833 -c--a-w C:\Program Files\startuplist.txt
2004-03-22 06:00 986,266 -c--a-w C:\Program Files\ie-ads-uninst.reg
2004-03-22 06:00 1,042,391 -c--a-w C:\Program Files\ie-ads.reg
2004-03-22 03:26 46 -c--a-w C:\Program Files\backup-20040321-222602-239
2004-03-22 03:18 107 -c--a-w C:\Program Files\backup-20040321-221801-452
2004-03-22 03:14 47 -c--a-w C:\Program Files\backup-20040321-221432-891
2004-03-22 03:10 897 -c--a-w C:\Program Files\backup-20040321-221053-458
2004-03-22 03:10 2,643 -c--a-w C:\Program Files\backup-20040321-221053-567
2004-03-22 03:10 1,053 -c--a-w C:\Program Files\backup-20040321-221052-397
2004-03-22 03:09 94 -c--a-w C:\Program Files\backup-20040321-220923-765
2004-03-22 03:09 92 -c--a-w C:\Program Files\backup-20040321-220923-334
2004-03-22 03:09 114 -c--a-w C:\Program Files\backup-20040321-220940-857
2004-03-22 03:09 114 -c--a-w C:\Program Files\backup-20040321-220923-964
2004-03-22 03:09 112 -c--a-w C:\Program Files\backup-20040321-220923-520
2004-03-22 03:09 101 -c--a-w C:\Program Files\backup-20040321-220923-157
2004-03-22 03:06 76 -c--a-w C:\Program Files\backup-20040321-220646-724
2004-03-22 03:04 160,768 -c--a-w C:\Program Files\HijackThis.exe
2004-03-22 01:00 141,984 -c--a-w C:\Program Files\ReadMe.txt
2004-03-01 18:24 944,362 -c--a-w C:\Program Files\zplaypro.exe
2004-03-01 01:06 985,659 -c--a-w C:\Documents and Settings\Ian\2020setup.exe
2004-02-19 21:29 5,093,533 -c--a-w C:\Program Files\StyleXPUpdate.zip
2004-02-11 05:42 5,182,805 -c--a-w C:\Program Files\ezcddax6.exe
2004-02-08 21:28 4,384,013 -c--a-w C:\Program Files\winamp502_full.exe
2004-02-02 22:54 1,200,886 -c--a-w C:\Program Files\setupares.exe
2004-01-27 19:32 267,472 -c--a-w C:\Program Files\NSSetup.exe
2004-01-22 03:56 291,396 -c--a-w C:\Program Files\WinBar 1.2.93 Setup.exe
2004-01-21 20:55 4,555,920 -c--a-w C:\Program Files\Install_AIM_5.5.3501_np.exe
2004-01-19 23:56 1,760,378 -c--a-w C:\Program Files\aaw6.exe
2004-01-12 05:17 765,001 -c--a-w C:\Program Files\slsk152.exe
2003-12-04 16:46 1,847,808 -c--a-w C:\Program Files\ftop3.exe
2003-12-03 05:28 2,150,145 -c-ha-w C:\Documents and Settings\Ian\kyf.dat
2003-11-29 03:00 3,815 -c--a-w C:\Program Files\LICENSE.TXT
2003-11-23 17:39 1,613 -c--a-w C:\Program Files\INSTALL.LOG
2003-11-23 17:38 3,468,472 -c--a-w C:\Program Files\winamp3_0-full.exe
2003-10-31 20:08 16,476,480 -c--a-w C:\Program Files\ow32enen721j.exe
2003-10-28 19:20 299,624 -c--a-w C:\Program Files\dxwebsetup.exe
2003-10-15 23:32 23,609,425 -c--a-w C:\Program Files\cc32d479.exe
2003-10-15 20:50 2,320,949 -c--a-w C:\Program Files\winamp291_full.exe
2003-10-02 21:53 2,178,923 -c--a-w C:\Program Files\regmech201.exe
2003-09-28 22:00 3,264 -c--a-w C:\Program Files\PleaseRead.txt
2003-09-28 22:00 10,225 -c--a-w C:\Program Files\install.bat
2003-09-19 19:01 227,552 -c--a-w C:\Program Files\N6Setup.exe
2003-09-12 16:07 928 -c--a-w C:\Program Files\sfx.log
2003-09-12 09:53 31,091,316 -c--a-w C:\Program Files\5100_enu_win2k_xp.exe
2003-09-08 20:53 81,920 -c--a-w C:\Program Files\Microsoft Office.exe
2003-09-05 21:29 756,572 -c--a-w C:\Program Files\GDiVX1.9.9.6.exe
2003-09-05 07:39 101,478 -c--a-w C:\Program Files\hkSFVsetup.exe
2003-09-05 07:35 17,187 -c--a-w C:\Program Files\AIM+Setup.exe
2003-09-03 06:37 1,111,950 -c--a-w C:\Program Files\setup1.exe
2003-09-03 05:46 433,432 -c--a-w C:\Program Files\GoogleToolbarInstaller.exe
2003-09-02 11:22 3,120,360 -c--a-w C:\Program Files\Install_AIM.exe
2003-06-20 05:47 162 -c--a-w C:\Program Files\hpsfx.ini
2003-06-09 23:27 1,530,829 -c--a-w C:\Program Files\snood_full.exe
1997-09-28 17:22 91,883 -c--a-w C:\Program Files\PeckJoin.hlp
2004-07-04 02:09 140,800 -c--a-w C:\Program Files\mozilla firefox\plugins\al2np.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{61B97503-AC8C-49D3-B549-34C0EC92128D}]
C:\WINDOWS\boqnrwdmdev.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{910EF077-8B76-4A3C-B201-A5CAABA866F8}"= "C:\WINDOWS\atfxqogp.dll" [ ]
[HKEY_CLASSES_ROOT\clsid\{910ef077-8b76-4a3c-b201-a5caaba866f8}]
[HKEY_CLASSES_ROOT\atfxqogp.1]
[HKEY_CLASSES_ROOT\TypeLib\{F25C07D1-1C0E-416F-8147-20AF5007A3F5}]
[HKEY_CLASSES_ROOT\atfxqogp]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"RealPlayer"="C:\Program Files\Real\RealPlayer\realplay.exe" [2006-08-31 17:35 1003520]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-08-18 09:53 50528]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
"antivirus-2008pro.exe"="C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-06-20 01:45 172032]
"WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [2000-08-08 16:00 24576]
"PCDRealtime"="C:\WINDOWS\realtime.exe" [2003-03-15 22:46 168448]
"PestPatrol Control Center"="c:\PROGRA~1\PESTPA~1\PPControl.exe" [2004-11-15 12:49 98304]
"PPMemCheck"="c:\PROGRA~1\PESTPA~1\PPMemCheck.exe" [2004-04-02 15:11 148480]
"CookiePatrol"="c:\PROGRA~1\PESTPA~1\CookiePatrol.exe" [2005-01-10 10:35 73728]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2006-03-16 04:00 1397760]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 16:44 66680]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-05-31 23:19 180269]
"SysMetrix"="C:\Program Files\SysMetrix\SysMetrix.exe" [2006-02-25 16:09 2637824]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Ad Muncher"="C:\Program Files\Ad Muncher\AdMunch.exe" [2006-10-28 03:37 705024]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-06-08 12:31 29696 C:\WINDOWS\KHALMNPR.Exe]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 11:56 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 13:10 267048]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AskPBar Uninstall"="C:\PROGRA~1\UNINST~1.DLL" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL" [2003-10-06 14:16 49152]
C:\Documents and Settings\Ian\Start Menu\Programs\Startup\
Rainlendar.lnk - C:\Program Files\Rainlendar\Rainlendar.exe [2005-07-22 11:14:46 118784]
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 20:05:35 360448]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2005-08-26 10:34:42 581632]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\Program Files\\TGTSoft\\StyleXP\\CurrentLogon.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i263_32.drv
"msacm.dvacm"= dvacm.acm
"VIDC.I263"= i263_32.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\phF47.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Mozilla Firefox\\plugins\\alhlp.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Real\\RealPlayer\\trueplay.exe"=
"C:\\Program Files\\Starcraft\\starcraft.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Ad Muncher\\AdMunch.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R2 nvTUNEP;nVidia WDM TVTuner;C:\WINDOWS\system32\DRIVERS\nvtunep.sys [2003-02-05 06:03]
R2 nvtvSND;nVidia WDM TVAudio Crossbar;C:\WINDOWS\system32\DRIVERS\nvtvsnd.sys [2003-02-05 06:03]
S3 ids00035;ids00035;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00035.sys []
S3 klstm;klstm;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\klstm.sys []
S3 map730c;map730c;C:\WINDOWS\system32\Drivers\map730c.sys [2005-06-16 19:11]
S3 map730m;map730m;C:\WINDOWS\system32\Drivers\map730m.sys [2005-06-16 19:13]
S3 map730u;map730u;C:\WINDOWS\system32\Drivers\map730u.sys [2006-08-16 17:56]
S3 MaRdPnp;MaRdPnp;C:\WINDOWS\system32\DRIVERS\MaRdP2K.sys [2005-08-18 12:44]
S4 .NET Connection Service;.NET Framework Service;C:\WINDOWS\svchost.exe []
S4 phF47;phF47;C:\WINDOWS\System32\drivers\phF47.sys [2008-06-03 15:12]
.
Contents of the 'Scheduled Tasks' folder
"2008-06-05 00:00:01 C:\WINDOWS\Tasks\ACAF149291848B7A.job"
- c:\docume~1\ian\applic~1\surfco~1\enc regs beep.exe
"2008-05-16 15:10:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-03 20:53:43 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-04 20:22:07
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
C:\WINDOWS\explorer.exe [3824] 0x8280DC18
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Logitech\SetPoint\lgscroll.dll
-> C:\Program Files\Ad Muncher\AM27105.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Zune\ZuneNss.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-06-04 20:42:24 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-05 00:41:01
Pre-Run: 21,954,494,464 bytes free
Post-Run: 22,170,361,856 bytes free
269 --- E O F --- 2008-06-03 21:54:40
Thanks a bunch for all of your help!
- Status
- Not open for further replies.
1 - 1 of 1 Posts
1 - 1 of 1 Posts
- Status
- Not open for further replies.
Tech Support Forum
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Top Contributors this Month
View All
spunk.funk
137 Replies
wolfen1086
50 Replies
SpywareDr
50 Replies
Recommended Communities
