smss.exe infection

**dinsdale** · 2009-02-16, 20:55

symantec has detected an infection in smss.exe and says it cannot clean it or quarantine it.

can anyone please help?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:32:17 AM, on 17/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\System\smss.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\CF0020\Prodload.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\unzipped\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.wikipedia.org/wiki/Main_Page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dodo.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.optusnet.com.au/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] Winregs32.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ProdikeysAutorun] C:\CF0020\Prodload.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] Winregs32.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Monopoly3Setup.exe] C:\DOWNLO~1\MONOPO~1.EXE /r
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.optusnet.com.au/
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} (PortfolioManagerWT ProfileManager Class) - https://online.westpac.com.au/wtoa/w...omanagerwt.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logical Disk Manager NDIS (dmserver) - Unknown owner - C:\Program Files\System\smss.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 9017 bytes

**Blade81** · 2009-02-19, 16:51

Hi,

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

eMule

I'd like you to read this thread.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Delete these folders afterwards:

C:\Program Files\eMule

Empty Recycle Bin.

After that:

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.

When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt
Save both reports to your desktop. Post them back to your topic.

**dinsdale** · 2009-02-21, 20:23

thank you - i have removed emule.

DDS (Ver_09-02-01.01) - NTFSx86
Run by Owner at 6:16:32.01 on Sun 22/02/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.495.119 [GMT 11:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\CF0020\Prodload.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\GetRight\getright.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Downloads\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://en.wikipedia.org/wiki/Main_Page
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Page_URL = hxxp://www.dodo.com.au/
uInternet Connection Wizard,ShellNext = hxxp://www.optusnet.com.au/
uInternet Settings,ProxyOverride = localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Microsoft Update Machine] Winregs32.exe
uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\BackWeb-8876480.exe
uRun: [Monopoly3Setup.exe] c:\downlo~1\MONOPO~1.EXE /r
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [eMuleAutoStart] c:\program files\emule\emule.exe -AutoStart
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [vptray] c:\program files\symantec_client_security\symantec antivirus\vptray.exe
mRun: [Microsoft Update Machine] Winregs32.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [ProdikeysAutorun] c:\cf0020\Prodload.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SMSTray] c:\program files\samsung\samsung media studio 5\SMSTray.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [Microsoft Update Machine] Winregs32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\getrig~1.lnk - c:\program files\getright\getright.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
IE: Download with GetRight - c:\program files\getright\GRdownload.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: com.au\www.heraldsun
Trusted Zone: com.au\www.netbank.commbank
Trusted Zone: com.au\www3.netbank.commbank
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38201.2124421296
DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} - hxxps://online.westpac.com.au/wtoa/wtOtherAccounts/portfoliomanagerwt.cab
Name-Space Handler: ftp\GetRightIEClickCatcher - {73BA8F12-723E-11D1-A9E2-00403320FCF2} - c:\program files\getright\xx2gr.dll
Name-Space Handler: http\GetRightIEClickCatcher - {73BA8F12-723E-11D1-A9E2-00403320FCF2} - c:\program files\getright\xx2gr.dll
Notify: igfxcui - igfxsrvc.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath -

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.closed", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.document", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.frames", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.history", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.length", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.opener", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.parent", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.self", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.top", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.window", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\mozilla firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-11 64160]
R0 ntcdrdrv;ntcdrdrv;c:\windows\system32\drivers\ntcdrdrv.sys [2007-8-6 13440]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-19 950096]
R2 Logical Disk Manager NDIS (dmserver);Logical Disk Manager NDIS (dmserver);c:\program files\system\smss.exe [2009-1-28 8964]
R2 NAVAPEL;NAVAPEL;c:\program files\symantec_client_security\symantec antivirus\Navapel.sys [2003-5-2 30208]
R2 Norton AntiVirus Server;Symantec AntiVirus Client;c:\progra~1\symant~1\symant~1\Rtvscan.exe [2003-5-21 610304]
R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [2007-1-3 14092]
R3 NAVAP;NAVAP;c:\progra~1\symant~1\symant~1\NAVAP.sys [2003-5-2 224256]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090210.003\NAVENG.sys [2009-2-11 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090210.003\NAVEX15.sys [2009-2-11 876112]
R3 Prodikeys;Creative Prodikeys Driver;c:\windows\system32\drivers\ProdDrvr.sys [2004-8-10 14392]
S3 AVerFx2hbtv;AVerMedia C038 USB Capture Card;c:\windows\system32\drivers\AVerFx2hbtv.sys [2008-7-16 199552]
S3 mamotou;mamotou;c:\windows\system32\drivers\mamotou.sys [2007-6-3 49399]

=============== Created Last 30 ================

2009-02-11 13:04 15,688 a------- c:\windows\system32\lsdelete.exe
2009-02-11 11:30 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-02-11 11:10 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-28 08:19 <DIR> --d----- c:\program files\System
2009-01-23 10:35 13 a------- c:\windows\system32\WinSys32.crc
2009-01-23 10:33 913,560 a------- c:\windows\system32\wodFtpDLX.ocx
2009-01-23 10:32 233,472 a------- c:\windows\system32\Ilda32.dll
2009-01-23 10:32 18,944 a------- c:\windows\system32\BORLNDMM.DLL
2009-01-23 10:32 <DIR> --d----- c:\program files\CoffeeCup Software

==================== Find3M ====================

2009-04-23 06:24 951,115 -------- c:\program files\gwave4p.exe
2009-01-22 09:20 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-21 10:15 826,368 a------- c:\windows\system32\wininet.dll
2008-08-08 17:41 8,420,384 a------- c:\program files\etax2008_1.exe
2008-05-17 16:27 642,400 a------- c:\program files\wrar371 winrar.exe
2007-08-22 12:48 93 a------- c:\program files\220807.txt
2007-06-21 11:23 2,719,216 a------- c:\program files\ccsetup140.exe
2007-06-13 19:10 560 a------- c:\program files\Global.sw
2006-08-18 12:24 1,468,464 a------- c:\program files\ccsetup132.exe
2004-08-12 19:54 568,488 -------- c:\program files\bios_8igkpg_f3.exe
2004-08-12 19:25 414,774 -------- c:\program files\bios_8igkg_f2.exe
2004-08-08 19:07 823,296 -------- c:\program files\winmx353.exe
2004-08-04 01:05 2,000,324 -------- c:\program files\cdex_151.exe
2004-08-03 20:47 8,628 ----h--- c:\program files\Readme.GID
2004-08-03 20:36 109 -------- c:\program files\U32comm.ini
2004-08-03 19:37 22,016 -------- c:\program files\ShootTheMessenger.exe
2004-07-22 10:51 3,432,656 -------- c:\program files\ManagedDX.CAB
2004-07-19 22:58 1,156,363 -------- c:\program files\BDANT.cab
2004-07-19 22:53 976,020 -------- c:\program files\BDAXP.cab
2004-07-09 14:17 13,265,040 -------- c:\program files\dxnt.cab
2004-07-09 09:13 15,493,481 -------- c:\program files\DirectX.cab
2004-07-09 09:13 703,080 -------- c:\program files\BDA.cab
2004-07-09 04:08 472,576 -------- c:\program files\dxsetup.exe
2004-07-09 04:08 2,242,560 -------- c:\program files\dsetup32.dll
2004-07-09 03:03 62,976 -------- c:\program files\DSETUP.dll
2004-05-13 12:09 4,354,084 -------- c:\program files\spybotsd13.exe
2004-04-01 15:25 4,406,768 -------- c:\program files\winamp503_full.exe
2004-03-10 15:28 18 -------- c:\program files\autoexec.bat
2004-02-25 11:20 2,372,760 -------- c:\program files\winzip90.exe
2004-01-19 18:13 262,144 -------- c:\program files\8igkg.f2
2004-01-06 15:09 16,706,160 -------- c:\program files\AdbeRdr601_enu_full.exe
2003-12-30 15:02 176,364 -------- c:\program files\FLASH879.EXE
2002-12-16 17:56 2,339,986 -------- c:\program files\twkpro-171.exe
2002-10-30 11:29 1,384,448 -------- c:\program files\vstudio.exe
2002-10-30 11:17 200,704 -------- c:\program files\uvMPEG2.dll
2002-10-30 11:09 319,584 -------- c:\program files\sepa.dll
2002-09-08 19:55 32,768 a------- c:\program files\FileLister.exe
2002-08-01 13:30 20,480 -------- c:\program files\VFX_MMX.DLL
2002-08-01 13:30 73,728 -------- c:\program files\VFX32.dll
2002-08-01 13:28 348,160 -------- c:\program files\Tge.dll
2002-08-01 13:16 163,840 -------- c:\program files\Vft32.dll
2002-07-31 18:39 57,344 -------- c:\program files\u32Cfg.dll
2002-07-30 16:53 61,440 -------- c:\program files\dswrc.dll
2002-07-25 19:58 217,088 -------- c:\program files\DswUleadMpegCap.dll
2002-07-25 19:56 217,088 -------- c:\program files\Dswplug.dll
2002-07-23 11:09 24,576 -------- c:\program files\ulDMFTrans.dll
2002-07-23 11:09 634,880 -------- c:\program files\ufctxeff.dll
2002-07-23 11:08 167,936 -------- c:\program files\herrc.dll
2002-07-23 11:06 1,392,640 -------- c:\program files\DVDWZRC.dll
2002-07-23 10:57 40,960 -------- c:\program files\VfwUleadMpegCap.dll
2002-07-23 10:48 32,768 -------- c:\program files\ConverMpegPar.dll
2002-05-21 12:41 24,576 -------- c:\program files\upl_iabox2.dll
2002-05-21 12:41 24,576 -------- c:\program files\upl_iabox.dll
2002-05-21 12:41 32,768 -------- c:\program files\upl.dll
2002-05-16 23:05 24,576 -------- c:\program files\u32sn.dll
2002-05-14 12:30 598,016 -------- c:\program files\uviplW7.dll
2002-05-14 12:30 593,920 -------- c:\program files\uviplA6.dll
2002-05-14 12:30 573,440 -------- c:\program files\uviplM6.dll
2002-05-14 12:30 561,152 -------- c:\program files\uviplP6.dll
2002-05-14 12:30 557,056 -------- c:\program files\uviplM5.dll
2002-05-14 11:46 593,920 -------- c:\program files\uviplPX.dll
2002-05-14 11:46 20,480 -------- c:\program files\uvipl.dll
2002-04-15 12:28 110,592 -------- c:\program files\ufctxt.dll
2002-04-04 16:45 40,960 -------- c:\program files\UAboutbox.dll
2002-03-28 16:18 720,896 -------- c:\program files\u32Prod.dll
2002-03-21 21:28 98,304 -------- c:\program files\MpgSetin.dll
2002-03-05 11:21 733,184 -------- c:\program files\VS_Comm.dll
2002-02-26 15:25 77,824 -------- c:\program files\ulRender.dll
2002-02-20 18:22 589,824 -------- c:\program files\UfcStc.dll
2002-02-19 16:24 118,784 -------- c:\program files\Veui32.dll
2002-02-19 10:41 217,088 -------- c:\program files\ulprntp.dll
2002-02-06 13:16 53,248 -------- c:\program files\Ulclrtxt.dll
2002-01-30 12:42 40,960 -------- c:\program files\NTICdDrv.dll
2002-01-29 19:49 94,276 -------- c:\program files\TitleEng.dll
2002-01-27 19:12 12,288 -------- c:\program files\NTICdDrvRc.dll
2002-01-26 17:31 520,267 -------- c:\program files\libmmd.dll
2002-01-11 17:46 17,098 -------- c:\program files\Readme.hlp
2001-12-12 14:49 835,557 -------- c:\program files\VSGUIDE.HLP
2001-12-11 18:45 53,248 -------- c:\program files\UFCCOMM.dll
2001-12-07 09:56 2,035,193 -------- c:\program files\VSTUDIO.HLP
2001-12-05 14:55 364,544 -------- c:\program files\HerStepBmp.dll
2001-12-05 14:54 102,400 -------- c:\program files\wWebComp.dll
2001-12-05 14:54 147,456 -------- c:\program files\uRender.dll
2001-12-05 14:54 548,864 -------- c:\program files\U32path.dll
2001-12-05 14:52 40,960 -------- c:\program files\DVDVR.dll
2001-12-05 14:52 118,784 -------- c:\program files\ulPrev.dll
2001-12-05 14:52 24,576 -------- c:\program files\upppmgr.dll
2001-12-05 14:52 36,864 -------- c:\program files\uTitlePlug.dll
2001-12-05 14:51 249,856 -------- c:\program files\ufcvren.dll
2001-12-05 14:51 32,768 -------- c:\program files\aefilter.dll
2001-12-05 14:51 24,576 -------- c:\program files\ufcpnlbr.dll
2001-12-05 14:51 86,016 -------- c:\program files\ufclib.dll
2001-12-05 14:50 32,768 -------- c:\program files\ufctltip.dll
2001-12-05 14:50 4,239,360 -------- c:\program files\herbmp.dll
2001-12-05 14:50 24,576 -------- c:\program files\uvwprjio.dll
2001-12-05 14:50 28,672 -------- c:\program files\upbplug.dll
2001-12-05 14:49 24,576 -------- c:\program files\ubJob.dll
2001-12-05 14:49 32,768 -------- c:\program files\uRenderA.dll
2001-12-05 14:49 32,768 -------- c:\program files\ulPPMgr.dll
2001-12-05 14:49:40 -------- 57,344 c:\program files\uRenderS.dll
2008-10-13 12:26 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008101320081014\index.dat

============= FINISH: 6:17:24.70 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 31/07/2004 12:41:11 PM
System Uptime: 22/02/2009 5:54:51 AM (1 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | 8IG1000P-G
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Socket 478 | 3014/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 112 GiB total, 11.157 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1229: 15/01/2009 6:57:31 PM - Software Distribution Service 3.0
RP1230: 17/01/2009 3:00:20 AM - Software Distribution Service 3.0
RP1231: 18/01/2009 3:04:06 AM - System Checkpoint
RP1232: 19/01/2009 11:03:23 AM - System Checkpoint
RP1233: 20/01/2009 11:12:28 AM - System Checkpoint
RP1234: 21/01/2009 4:30:26 PM - System Checkpoint
RP1235: 22/01/2009 9:19:58 AM - Installed Java(TM) 6 Update 11
RP1236: 22/01/2009 5:22:15 PM - Spybot-S&D Spyware removal
RP1237: 24/01/2009 10:14:02 AM - System Checkpoint
RP1238: 25/01/2009 10:31:54 AM - System Checkpoint
RP1239: 26/01/2009 11:30:56 AM - System Checkpoint
RP1240: 27/01/2009 12:23:35 PM - System Checkpoint
RP1241: 30/01/2009 7:35:06 AM - System Checkpoint
RP1242: 1/02/2009 4:22:19 PM - System Checkpoint
RP1243: 3/02/2009 10:34:01 AM - System Checkpoint
RP1244: 4/02/2009 11:27:10 AM - System Checkpoint
RP1245: 6/02/2009 2:21:26 PM - System Checkpoint
RP1246: 9/02/2009 2:12:21 PM - System Checkpoint
RP1247: 10/02/2009 3:01:58 PM - System Checkpoint
RP1248: 11/02/2009 1:03:54 PM - Ad-Aware Checkpoint
RP1249: 12/02/2009 3:00:15 AM - Software Distribution Service 3.0
RP1250: 12/02/2009 7:19:24 PM - Software Distribution Service 3.0
RP1251: 13/02/2009 8:00:31 PM - System Checkpoint
RP1252: 14/02/2009 10:48:37 PM - System Checkpoint
RP1253: 16/02/2009 10:31:13 AM - System Checkpoint
RP1254: 17/02/2009 6:30:45 PM - System Checkpoint
RP1255: 18/02/2009 7:09:11 PM - System Checkpoint
RP1256: 20/02/2009 5:30:52 PM - System Checkpoint
RP1257: 21/02/2009 6:09:44 PM - System Checkpoint

==== Installed Programs ======================

3D World Atlas
500 for Windows 95
Accounts and Budget V3.0
Active GIF Creator 2.22
Ad-Aware
Adobe Download Manager 2.2 (Remove Only)
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Reader 7.1.0
Adobe Shockwave Player
Agere Systems PCI Soft Modem
AiO_Scan_CDA
AiOSoftwareNPI
AM-DeadLink
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoBase
ArcSoft PhotoStudio 2000
AVerMedia C038 USB Capture Card 1.0.0.23
BlackJack 1.0
Bonjour
BufferChm
C3100
c3100_Help
Cakewalk Pro Audio 8.0
CCleaner (remove only)
CDex extraction audio
CoffeeCup HTML Editor 2008
ContentSAFER for Wizmax
Creative Prodikeys DM
CSI
Destinations
DeviceManagementQFolder
Directory Lister v0.9
DocProc
DocProcQFolder
DVD Shrink 3.2
DVD Suite
e-Record 5
e-tax 2004
e-tax 2005
e-tax 2006
e-tax 2007
e-tax 2008
Enable S3 for USB Device
ERUNT 1.1j
eSupportQFolder
Fax_CDA
FileNet Desktop eForms
FileZilla Client 3.2.0
FinePixViewer Ver.4.2
Five Hundred
FLAC 1.2.1b (remove only)
Fonts, Screen Savers, Sound FX & Icons
FUJIFILM USB Driver
Galactic Magnate v1.2
GetRight
GoldWave v4.26
Google Earth
Google Toolbar for Internet Explorer
HangARoo v2.052
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Imaging Device Functions 7.0
HP Photosmart and Deskjet 7.0.A
HP Photosmart Essential
HP Solution Center 7.0
HP Update
HPPhotoSmartExpress
HPProductAssistant
Image Transfer
ImageMixer for Sony
ImageMixer VCD2 for FinePix
InCD
InCD EasyWrite Reader
InstantShareDevicesMFC
Intel(R) Extreme Graphics 2 Driver
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.1_02
Java 2 Runtime Environment, SE v1.4.2_06
Java Web Start
Java(TM) 6 Update 11
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
KaraFun 1.01a
Leadfoot
LiveUpdate 1.80 (Symantec Corporation)
LiveUpdate Administration Utility
Logitech Desktop Messenger
Logitech MouseWare 9.79
Lotto Calculator
Marvell Miniport Driver
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 97, Professional Edition
Microsoft User-Mode Driver Framework Feature Pack 1.0
Monopoly
Mozilla Firefox (1.5)
Mozilla Thunderbird (2.0.0.19)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MyFreeCodec
Nero Media Player
Nero OEM
NeroVision Express 2
NewCopy_CDA
OCR Software by I.R.I.S 7.0
OptusNet
PanoStandAlone
PhotoNow! 1.0
PowerDirector
PowerProducer
ProductContextNPI
QuickTime
RAW FILE CONVERTER LE
Readme
Real Alternative 1.60
Realtek AC'97 Audio
Samsung Media Studio 5
Scan
ScannerCopy
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960715)
Simple Budget
SolutionCenter
Sonic Foundry XFX vol2 v1.0b
Sonic Foundry XFX vol3 v1.0b
Sonic Foundry XFX1 v1.0b
Sony USB Driver
Sound Forge v4.5b 269
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
Status
Super TextTwist
SwannSmart IIx Internal modem installer
Symantec AntiVirus Client
Toolbox
TrayApp
Ulead VideoStudio 6 SE Basic
Unload
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
WebPix 1.07
WebReg
Winamp (remove only)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinMX
WinRAR archiver
WinZip
WordBiz version 1.8

==== Event Viewer Messages From Past Week ========

21/02/2009 6:37:33 PM, error: Service Control Manager [7000] - The nfr.sys service failed to start due to the following error: The system cannot find the file specified.

==== End Of File ===========================

thanks again!

**Blade81** · 2009-02-22, 14:12

Hi

If you plan to use Firefox it's recommended you uninstall old, unsupported 1.0.5 version and get the latest one here.

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

**dinsdale** · 2009-02-26, 22:35

i have removed firefox,
now i am backing up all data to an external hd
this should be done in another couple of days
thanks for your patience

**Blade81** · 2009-02-26, 22:47

Ok. Shall wait for your reply

**dinsdale** · 2009-03-02, 00:49

thanks blade;

here is the combofix log:

ComboFix 09-03-01.01 - Owner 2009-03-02 10:09:02.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.495.224 [GMT 11:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\system\smss.exe
c:\program files\system\smss.exe.assembly
c:\windows\system32\hikcxm.exe
c:\windows\system32\jttgdu.exe
c:\windows\system32\pevhyr.exe

.
((((((((((((((((((((((((( Files Created from 2009-02-01 to 2009-03-01 )))))))))))))))))))))))))))))))
.

2009-02-28 09:36 . 2009-02-28 09:36 <DIR> d-------- c:\program files\Western Digital Corp
2009-02-26 08:29 . 2009-02-26 08:29 <DIR> d-------- c:\windows\system32\IOSUBSYS
2009-02-26 08:29 . 2006-10-05 13:42 2,560 --------- c:\windows\system32\drivers\cdralw2k.sys
2009-02-26 08:29 . 2006-10-05 13:42 2,432 --------- c:\windows\system32\drivers\cdr4_xp.sys
2009-02-26 08:28 . 2009-02-26 08:29 <DIR> d-------- c:\program files\Picasa2
2009-02-26 08:25 . 2009-02-26 08:25 <DIR> d-------- c:\program files\Western Digital
2009-02-12 03:01 . 2009-02-12 19:21 1,374 --a------ c:\windows\imsins.BAK
2009-02-11 13:04 . 2009-02-11 11:29 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-02-11 11:30 . 2009-02-11 11:28 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-02-11 11:10 . 2009-02-11 11:10 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-11 09:58 . 2009-02-11 09:59 <DIR> d-------- c:\program files\ERUNT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-22 19:24 951,115 ------w c:\program files\gwave4p.exe
2009-03-01 23:09 --------- d-----w c:\program files\System
2009-03-01 22:54 --------- d-----w c:\program files\GetRight
2009-03-01 22:50 --------- d-----w c:\program files\Mozilla Thunderbird
2009-02-25 21:26 --------- d-----w c:\program files\Google
2009-02-11 02:13 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-11 00:09 --------- d-----w c:\program files\Lavasoft
2009-01-23 02:22 --------- d-----w c:\program files\CoffeeCup Software
2009-01-23 02:21 --------- d-----w c:\documents and settings\Owner\Application Data\FileZilla
2009-01-22 23:24 --------- d-----w c:\program files\FileZilla FTP Client
2009-01-21 22:20 --------- d-----w c:\program files\Java
2009-01-12 06:46 --------- d-----w c:\program files\soundforge
2009-01-04 03:37 --------- d-----w c:\program files\IrfanView
2009-01-02 20:55 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2008-08-08 06:41 8,420,384 ----a-w c:\program files\etax2008_1.exe
2008-05-17 05:27 642,400 ----a-w c:\program files\wrar371 winrar.exe
2007-08-22 01:48 93 ----a-w c:\program files\220807.txt
2007-06-21 00:23 2,719,216 ----a-w c:\program files\ccsetup140.exe
2007-06-13 08:10 560 ----a-w c:\program files\Global.sw
2006-08-18 01:24 1,468,464 ----a-w c:\program files\ccsetup132.exe
2004-08-12 08:54 568,488 ------w c:\program files\bios_8igkpg_f3.exe
2004-08-12 08:25 414,774 ------w c:\program files\bios_8igkg_f2.exe
2004-08-08 08:07 823,296 ------w c:\program files\winmx353.exe
2004-08-03 14:05 2,000,324 ------w c:\program files\cdex_151.exe
2004-08-03 09:47 8,628 ---h--w c:\program files\Readme.GID
2004-08-03 09:36 109 ------w c:\program files\U32comm.ini
2004-08-03 08:37 22,016 ------w c:\program files\ShootTheMessenger.exe
2004-07-21 23:51 3,432,656 ------w c:\program files\ManagedDX.CAB
2004-07-19 11:58 1,156,363 ------w c:\program files\BDANT.cab
2004-07-19 11:53 976,020 ------w c:\program files\BDAXP.cab
2004-07-09 03:17 13,265,040 ------w c:\program files\dxnt.cab
2004-07-08 22:13 703,080 ------w c:\program files\BDA.cab
2004-07-08 22:13 15,493,481 ------w c:\program files\DirectX.cab
2004-07-08 17:08 472,576 ------w c:\program files\dxsetup.exe
2004-07-08 17:08 2,242,560 ------w c:\program files\dsetup32.dll
2004-07-08 16:03 62,976 ------w c:\program files\DSETUP.dll
2004-05-13 01:09 4,354,084 ------w c:\program files\spybotsd13.exe
2004-04-01 04:25 4,406,768 ------w c:\program files\winamp503_full.exe
2004-03-10 04:28 18 ------w c:\program files\autoexec.bat
2004-02-25 00:20 2,372,760 ------w c:\program files\winzip90.exe
2004-01-19 07:13 262,144 ------w c:\program files\8igkg.f2
2004-01-06 04:09 16,706,160 ------w c:\program files\AdbeRdr601_enu_full.exe
2003-12-30 04:02 176,364 ------w c:\program files\FLASH879.EXE
2002-12-16 06:56 2,339,986 ------w c:\program files\twkpro-171.exe
2002-10-30 00:29 1,384,448 ------w c:\program files\vstudio.exe
2002-10-30 00:17 200,704 ------w c:\program files\uvMPEG2.dll
2002-10-30 00:09 319,584 ------w c:\program files\sepa.dll
2002-09-08 08:55 32,768 ----a-w c:\program files\FileLister.exe
2002-08-01 02:30 73,728 ------w c:\program files\VFX32.dll
2002-08-01 02:30 20,480 ------w c:\program files\VFX_MMX.DLL
2002-08-01 02:28 348,160 ------w c:\program files\Tge.dll
2002-08-01 02:16 163,840 ------w c:\program files\Vft32.dll
2002-07-31 07:39 57,344 ------w c:\program files\u32Cfg.dll
2002-07-30 05:53 61,440 ------w c:\program files\dswrc.dll
2002-07-25 08:58 217,088 ------w c:\program files\DswUleadMpegCap.dll
2002-07-25 08:56 217,088 ------w c:\program files\Dswplug.dll
2002-07-23 00:09 634,880 ------w c:\program files\ufctxeff.dll
2002-07-23 00:09 24,576 ------w c:\program files\ulDMFTrans.dll
2002-07-23 00:08 167,936 ------w c:\program files\herrc.dll
2002-07-23 00:06 1,392,640 ------w c:\program files\DVDWZRC.dll
2002-07-22 23:57 40,960 ------w c:\program files\VfwUleadMpegCap.dll
2002-07-22 23:48 32,768 ------w c:\program files\ConverMpegPar.dll
2002-05-21 01:41 32,768 ------w c:\program files\upl.dll
2002-05-21 01:41 24,576 ------w c:\program files\upl_iabox2.dll
2002-05-21 01:41 24,576 ------w c:\program files\upl_iabox.dll
2002-05-16 12:05 24,576 ------w c:\program files\u32sn.dll
2002-05-14 01:30 598,016 ------w c:\program files\uviplW7.dll
2002-05-14 01:30 593,920 ------w c:\program files\uviplA6.dll
2002-05-14 01:30 573,440 ------w c:\program files\uviplM6.dll
2002-05-14 01:30 561,152 ------w c:\program files\uviplP6.dll
2002-05-14 01:30 557,056 ------w c:\program files\uviplM5.dll
2002-05-14 00:46 593,920 ------w c:\program files\uviplPX.dll
2002-05-14 00:46 20,480 ------w c:\program files\uvipl.dll
2002-04-15 01:28 110,592 ------w c:\program files\ufctxt.dll
2002-04-04 05:45 40,960 ------w c:\program files\UAboutbox.dll
2002-03-28 05:18 720,896 ------w c:\program files\u32Prod.dll
2002-03-21 10:28 98,304 ------w c:\program files\MpgSetin.dll
2002-03-05 00:21 733,184 ------w c:\program files\VS_Comm.dll
2002-02-26 04:25 77,824 ------w c:\program files\ulRender.dll
2002-02-20 07:22 589,824 ------w c:\program files\UfcStc.dll
2002-02-19 05:24 118,784 ------w c:\program files\Veui32.dll
2002-02-18 23:41 217,088 ------w c:\program files\ulprntp.dll
2002-02-06 02:16 53,248 ------w c:\program files\Ulclrtxt.dll
2002-01-30 01:42 40,960 ------w c:\program files\NTICdDrv.dll
2002-01-29 08:49 94,276 ------w c:\program files\TitleEng.dll
2002-01-27 08:12 12,288 ------w c:\program files\NTICdDrvRc.dll
2002-01-26 06:31 520,267 ------w c:\program files\libmmd.dll
2002-01-11 06:46 17,098 ------w c:\program files\Readme.hlp
2001-12-12 03:49 835,557 ------w c:\program files\VSGUIDE.HLP
2001-12-11 07:45 53,248 ------w c:\program files\UFCCOMM.dll
2001-12-06 22:56 2,035,193 ------w c:\program files\VSTUDIO.HLP
2001-12-05 03:55 364,544 ------w c:\program files\HerStepBmp.dll
2001-12-05 03:54 548,864 ------w c:\program files\U32path.dll
2001-12-05 03:54 147,456 ------w c:\program files\uRender.dll
2001-12-05 03:54 102,400 ------w c:\program files\wWebComp.dll
2001-12-05 03:52 40,960 ------w c:\program files\DVDVR.dll
2001-12-05 03:52 36,864 ------w c:\program files\uTitlePlug.dll
2001-12-05 03:52 24,576 ------w c:\program files\upppmgr.dll
2001-12-05 03:52 118,784 ------w c:\program files\ulPrev.dll
2001-12-05 03:51 86,016 ------w c:\program files\ufclib.dll
2008-10-13 01:26 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008101320081014\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2007-04-17 16384]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-12 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-11-18 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-11-18 118784]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"vptray"="c:\program files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe" [2003-05-21 90112]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-22 136600]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-12-14 132624]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-11 509784]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-02-26 1838592]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 366400]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 c:\windows\AGRSMMSG.exe]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 c:\windows\LOGI_MWX.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
GetRight - Tray Icon.lnk - c:\program files\GetRight\getright.exe [2004-08-24 1875968]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-04-17 169472]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-08-01 51984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi8"= ProdMidi.dll
"MIDI2"= vpnt.dll
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Image Transfer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Image Transfer.lnk
backup=c:\windows\pss\Image Transfer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
backup=c:\windows\pss\Microsoft Find Fast.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--------- 2004-03-25 02:41 1294446 c:\program files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2003-12-18 17:00 64512 c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\WinMX\\WinMX.exe"=
"c:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\j2re1.4.1_02\\bin\\javaw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\CyberLink\\PowerDirector\\PDR.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-11 64160]
R0 ntcdrdrv;ntcdrdrv;c:\windows\system32\drivers\ntcdrdrv.sys [2007-08-06 13440]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-19 950096]
R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [2007-01-03 14092]
S2 Logical Disk Manager NDIS (dmserver);Logical Disk Manager NDIS (dmserver);c:\program files\System\smss.exe --> c:\program files\System\smss.exe [?]
S3 AVerFx2hbtv;AVerMedia C038 USB Capture Card;c:\windows\system32\drivers\AVerFx2hbtv.sys [2008-07-16 199552]
S3 mamotou;mamotou;c:\windows\system32\drivers\mamotou.sys [2007-06-03 49399]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\wdsync.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10bd0a9a-e8cb-11dd-a033-000d616a8e50}]
\Shell\AutoRun\command - E:\StartPortableApps.exe
.
Contents of the 'Scheduled Tasks' folder

2009-02-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-11 11:27]

2009-02-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Monopoly3Setup.exe - c:\downlo~1\MONOPO~1.EXE
HKCU-Run-eMuleAutoStart - c:\program files\eMule\emule.exe
HKU-Default-Run-Microsoft Update Machine - Winregs32.exe
Notify-WgaLogon - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://en.wikipedia.org/wiki/Main_Page
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.optusnet.com.au/
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm
Trusted Zone: com.au\www.heraldsun
Trusted Zone: com.au\www.netbank.commbank
Trusted Zone: com.au\www3.netbank.commbank
Name-Space Handler: ftp\GetRightIEClickCatcher - {73BA8F12-723E-11D1-A9E2-00403320FCF2} - c:\program files\GetRight\xx2gr.dll
Name-Space Handler: http\GetRightIEClickCatcher - {73BA8F12-723E-11D1-A9E2-00403320FCF2} - c:\program files\GetRight\xx2gr.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-02 10:14:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Ahead\InCD\incdsrv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\progra~1\SYMANT~1\SYMANT~1\DefWatch.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\SYMANT~1\SYMANT~1\Rtvscan.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Logitech\MouseWare\system\EM_EXEC.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2009-03-02 10:22:59 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-01 23:22:52

Pre-Run: 47,742,894,080 bytes free
Post-Run: 47,825,342,464 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

288 --- E O F --- 2009-02-26 03:21:39

looking forward to hearing from you, and thanks again for your help;
dinsdale

**Blade81** · 2009-03-02, 07:00

Hi again

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

WinMX

I'd like you to read this thread.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Delete these folders afterwards:

C:\Program Files\WinMX

Empty Recycle Bin.

After that:

Uninstall these old Java versions:
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.1_02
Java 2 Runtime Environment, SE v1.4.2_06
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1

Uninstall old Adobe Reader versions and get the latest one here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader!

Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Read the requirements and privacy statement then click on the Accept button.

The program will launch and start to download the latest definition files.

You will be prompted to install an application from Kaspersky. Click Run

Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
Spyware, Adware, Dialers, and other potentially dangerous programs
Archives

Click on My Computer under Scan.

Once the scan is complete, it will display the results. Click on View Scan Report.

Click on Save Report As....

Change the Files of type to Text file (.txt) before clicking on the Save button.

Save this report to a convenient place.

Copy and paste that information & a fresh hjt log into your topic.

The scan will take a while so be patient and let it run. As it scans your machine very deeply it could take hours to complete, Kaspersky suggests running it during a time of low activity.

If you need a tutorial, see here

**Blade81** · 2009-03-08, 11:43

Due to inactivity, this thread will now be closed.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.

Thread: smss.exe infection

Thread Tools

Display

smss.exe infection

Posting Permissions