PDA

View Full Version : Possible virus keeping me from internet connections



Hutch327
2007-10-16, 04:21
Hi,
For the past few days we have been having problems with web pages coming up. The alert says that the page cannot be found. Happens 7 out of 10 times. Also having problems with several other programs that require the internet to run. Ran Spybot and got an error message " zlob.zipcodec (ungultiger datentyp fur) a couple of the "u"s had the 2 dots over the top of them making me thing of German language? I am on a network with my wife's laptop which is also having the same problem. Ran the programs you suggested and herre are the results.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, October 14, 2007 8:09:47 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 14/10/2007
Kaspersky Anti-Virus database records: 435699
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan Statistics:
Total number of scanned objects: 335667
Number of viruses found: 17
Number of infected objects: 58
Number of suspicious objects: 0
Duration of the scan process: 03:13:06

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Pure Networks\Network Magic\Log\logfile.nmapp_exe.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Pure Networks\Network Magic\Log\logfile.nmsrvc_exe.txt Object is locked skipped
C:\Documents and Settings\Eddie\Application Data\Premiere\The BOB&TOM Media Center.log Object is locked skipped
C:\Documents and Settings\Eddie\Application Data\Skype\vistale327\call256.dbb Object is locked skipped
C:\Documents and Settings\Eddie\Application Data\Skype\vistale327\callmember256.dbb Object is locked skipped
C:\Documents and Settings\Eddie\Application Data\Skype\vistale327\chat512.dbb Object is locked skipped
C:\Documents and Settings\Eddie\Application Data\Skype\vistale327\chatmember256.dbb Object is locked skipped
C:\Documents and Settings\Eddie\Application Data\Skype\vistale327\chatmsg1024.dbb Object is locked skipped
C:\Documents and Settings\Eddie\Application Data\Skype\vistale327\chatmsg256.dbb Object is locked skipped
C:\Documents and Settings\Eddie\Application Data\Skype\vistale327\chatmsg512.dbb Object is locked skipped
C:\Documents and Settings\Eddie\Application Data\Skype\vistale327\contactgroup256.dbb Object is locked skipped
C:\Documents and Settings\Eddie\Application Data\Skype\vistale327\dyncontent\bundle.dat Object is locked skipped
C:\Documents and Settings\Eddie\Application Data\Skype\vistale327\index2.dat Object is locked skipped
C:\Documents and Settings\Eddie\Application Data\Skype\vistale327\profile16384.dbb Object is locked skipped
C:\Documents and Settings\Eddie\Application Data\Skype\vistale327\user1024.dbb Object is locked skipped
C:\Documents and Settings\Eddie\Application Data\Skype\vistale327\user16384.dbb Object is locked skipped
C:\Documents and Settings\Eddie\Application Data\Skype\vistale327\voicemail256.dbb Object is locked skipped
C:\Documents and Settings\Eddie\Application Data\SPAMfighter\Logs\Agent.log.txt Object is locked skipped
C:\Documents and Settings\Eddie\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Eddie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Eddie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Eddie\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Eddie\Local Settings\History\History.IE5\MSHist012007101420071015\index.dat Object is locked skipped
C:\Documents and Settings\Eddie\Local Settings\Temp\NERO13349\Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Documents and Settings\Eddie\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Eddie\ntuser.dat Object is locked skipped
C:\Documents and Settings\Eddie\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{58502D7D-F78C-4ABC-9B07-A74596EC3FC9}\RP693\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{C43C030D-8A41-4018-A24A-6A2E81F98866}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\mmf.sys Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\C drive\Pamers\Desktop\wow\Fraps.v2.7.1.WinALL.Retail-D@S.rar/Fraps.v2.7.1.WinALL.Retail-D@S.exe/data0005 Infected: Backdoor.Win32.Ciadoor.123.an skipped
D:\C drive\Pamers\Desktop\wow\Fraps.v2.7.1.WinALL.Retail-D@S.rar/Fraps.v2.7.1.WinALL.Retail-D@S.exe Infected: Backdoor.Win32.Ciadoor.123.an skipped
D:\C drive\Pamers\Desktop\wow\Fraps.v2.7.1.WinALL.Retail-D@S.rar RAR: infected - 2 skipped
D:\mirc616.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
D:\mirc616.exe mIRC: infected - 1 skipped
D:\ss\waterfree.exe/WISE0019.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bx skipped
D:\ss\waterfree.exe/WISE0024.BIN Infected: not-a-virus:AdWare.Win32.GigatechSuperBar skipped
D:\ss\waterfree.exe/WISE0025.BIN Infected: not-a-virus:AdWare.Win32.IGetNet skipped
D:\ss\waterfree.exe WiseSFX: infected - 3 skipped
I:\cdrive\Documents and Settings\Administrator.EDJR\My Documents\Data\all_files3.exe/data0002/data299033.zip/Setup.exe Infected: not-a-virus:AdWare.Win32.IEDriver.b skipped
I:\cdrive\Documents and Settings\Administrator.EDJR\My Documents\Data\all_files3.exe/data0002/data299033.zip/Files/3.exe Infected: not-a-virus:AdWare.Win32.IEDriver.b skipped
I:\cdrive\Documents and Settings\Administrator.EDJR\My Documents\Data\all_files3.exe/data0002/data299033.zip/Files/5.exe Infected: not-a-virus:AdWare.Win32.IEDriver.b skipped
I:\cdrive\Documents and Settings\Administrator.EDJR\My Documents\Data\all_files3.exe/data0002/data299033.zip/Files/IEDRIVER.EXE Infected: Trojan-Downloader.Win32.Turown.h skipped
I:\cdrive\Documents and Settings\Administrator.EDJR\My Documents\Data\all_files3.exe/data0002/data299033.zip/Files/ieupdate.exe Infected: Trojan-Downloader.Win32.Turown.b skipped
I:\cdrive\Documents and Settings\Administrator.EDJR\My Documents\Data\all_files3.exe/data0002/data299033.zip/Files/td.exe Infected: Trojan-Downloader.Win32.Turown.a skipped
I:\cdrive\Documents and Settings\Administrator.EDJR\My Documents\Data\all_files3.exe/data0002/data299033.zip Infected: Trojan-Downloader.Win32.Turown.a skipped
I:\cdrive\Documents and Settings\Administrator.EDJR\My Documents\Data\all_files3.exe/data0002 Infected: Trojan-Downloader.Win32.Turown.a skipped
I:\cdrive\Documents and Settings\Administrator.EDJR\My Documents\Data\all_files3.exe/data0003/data0003 Infected: not-a-virus:AdWare.Win32.Connector skipped
I:\cdrive\Documents and Settings\Administrator.EDJR\My Documents\Data\all_files3.exe/data0003/data0004 Infected: not-a-virus:AdWare.Win32.Connector skipped
I:\cdrive\Documents and Settings\Administrator.EDJR\My Documents\Data\all_files3.exe/data0003 Infected: not-a-virus:AdWare.Win32.Connector skipped
I:\cdrive\Documents and Settings\Administrator.EDJR\My Documents\Data\all_files3.exe/data0004 Infected: Trojan-Downloader.Win32.Agent.ec skipped
I:\cdrive\Documents and Settings\Administrator.EDJR\My Documents\Data\all_files3.exe/data0005/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.t skipped
I:\cdrive\Documents and Settings\Administrator.EDJR\My Documents\Data\all_files3.exe/data0005/data0001.cab/SaveUninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped
I:\cdrive\Documents and Settings\Administrator.EDJR\My Documents\Data\all_files3.exe/data0005/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped
I:\cdrive\Documents and Settings\Administrator.EDJR\My Documents\Data\all_files3.exe/data0005/data0002.cab/Sync.exe Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped
I:\cdrive\Documents and Settings\Administrator.EDJR\My Documents\Data\all_files3.exe/data0005/data0002.cab/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped
I:\cdrive\Documents and Settings\Administrator.EDJR\My Documents\Data\all_files3.exe/data0005/data0002.cab Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped
I:\cdrive\Documents and Settings\Administrator.EDJR\My Documents\Data\all_files3.exe/data0005 Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped
I:\cdrive\Documents and Settings\Administrator.EDJR\My Documents\Data\all_files3.exe/data0006 Infected: not-a-virus:AdWare.Win32.EZula skipped
I:\cdrive\Documents and Settings\Administrator.EDJR\My Documents\Data\all_files3.exe/data0007/data0120 Infected: not-a-virus:AdWare.Win32.HelpExpress skipped
I:\cdrive\Documents and Settings\Administrator.EDJR\My Documents\Data\all_files3.exe/data0007 Infected: not-a-virus:AdWare.Win32.HelpExpress skipped
I:\cdrive\Documents and Settings\Administrator.EDJR\My Documents\Data\all_files3.exe/data0008 Infected: not-a-virus:AdWare.Win32.HelpExpress skipped
I:\cdrive\Documents and Settings\Administrator.EDJR\My Documents\Data\all_files3.exe NSIS: infected - 23 skipped
I:\cdrive\Documents and Settings\Administrator.EDJR\My Documents\Data\Data\all_files3.exe/data0002/data299033.zip/Setup.exe Infected: not-a-virus:AdWare.Win32.IEDriver.b skipped
I:\cdrive\Documents and Settings\Administrator.EDJR\My Documents\Data\Data\all_files3.exe/data0002/data299033.zip/Files/3.exe Infected: not-a-virus:AdWare.Win32.IEDriver.b skipped
I:\cdrive\Documents and Settings\Administrator.EDJR\My Documents\Data\Data\all_files3.exe/data0002/data299033.zip/Files/5.exe Infected: not-a-virus:AdWare.Win32.IEDriver.b skipped
I:\cdrive\Documents and Settings\Administrator.EDJR\My Documents\Data\Data\all_files3.exe/data0002/data299033.zip/Files/IEDRIVER.EXE Infected: Trojan-Downloader.Win32.Turown.h skipped
I:\cdrive\Documents and Settings\Administrator.EDJR\My Documents\Data\Data\all_files3.exe/data0002/data299033.zip/Files/ieupdate.exe Infected: Trojan-Downloader.Win32.Turown.b skipped
I:\cdrive\Documents and Settings\Administrator.EDJR\My Documents\Data\Data\all_files3.exe/data0002/data299033.zip/Files/td.exe Infected: Trojan-Downloader.Win32.Turown.a skipped
I:\cdrive\Documents and Settings\Administrator.EDJR\My Documents\Data\Data\all_files3.exe/data0002/data299033.zip Infected: Trojan-Downloader.Win32.Turown.a skipped
I:\cdrive\Documents and Settings\Administrator.EDJR\My Documents\Data\Data\all_files3.exe/data0002 Infected: Trojan-Downloader.Win32.Turown.a skipped
I:\cdrive\Documents and Settings\Administrator.EDJR\My Documents\Data\Data\all_files3.exe/data0003/data0003 Infected: not-a-virus:AdWare.Win32.Connector skipped
I:\cdrive\Documents and Settings\Administrator.EDJR\My Documents\Data\Data\all_files3.exe/data0003/data0004 Infected: not-a-virus:AdWare.Win32.Connector skipped
I:\cdrive\Documents and Settings\Administrator.EDJR\My Documents\Data\Data\all_files3.exe/data0003 Infected: not-a-virus:AdWare.Win32.Connector skipped
I:\cdrive\Documents and Settings\Administrator.EDJR\My Documents\Data\Data\all_files3.exe/data0004 Infected: Trojan-Downloader.Win32.Agent.ec skipped
I:\cdrive\Documents and Settings\Administrator.EDJR\My Documents\Data\Data\all_files3.exe/data0005/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.t skipped
I:\cdrive\Documents and Settings\Administrator.EDJR\My Documents\Data\Data\all_files3.exe/data0005/data0001.cab/SaveUninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped
I:\cdrive\Documents and Settings\Administrator.EDJR\My Documents\Data\Data\all_files3.exe/data0005/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped
I:\cdrive\Documents and Settings\Administrator.EDJR\My Documents\Data\Data\all_files3.exe/data0005/data0002.cab/Sync.exe Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped
I:\cdrive\Documents and Settings\Administrator.EDJR\My Documents\Data\Data\all_files3.exe/data0005/data0002.cab/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped
I:\cdrive\Documents and Settings\Administrator.EDJR\My Documents\Data\Data\all_files3.exe/data0005/data0002.cab Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped
I:\cdrive\Documents and Settings\Administrator.EDJR\My Documents\Data\Data\all_files3.exe/data0005 Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped
I:\cdrive\Documents and Settings\Administrator.EDJR\My Documents\Data\Data\all_files3.exe/data0006 Infected: not-a-virus:AdWare.Win32.EZula skipped
I:\cdrive\Documents and Settings\Administrator.EDJR\My Documents\Data\Data\all_files3.exe/data0007/data0120 Infected: not-a-virus:AdWare.Win32.HelpExpress skipped
I:\cdrive\Documents and Settings\Administrator.EDJR\My Documents\Data\Data\all_files3.exe/data0007 Infected: not-a-virus:AdWare.Win32.HelpExpress skipped
I:\cdrive\Documents and Settings\Administrator.EDJR\My Documents\Data\Data\all_files3.exe/data0008 Infected: not-a-virus:AdWare.Win32.HelpExpress skipped
I:\cdrive\Documents and Settings\Administrator.EDJR\My Documents\Data\Data\all_files3.exe NSIS: infected - 23 skipped

Scan process completed.

Hutch327
2007-10-16, 04:23
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:21:54 PM, on 10/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\runservice.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\The BOB&TOM Media Center\The BOB&TOM Media Center.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Netscape\Netscape Browser\netscape.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
N4 - Mozilla: user_pref("browser.startup.homepage", "www.msn.com"); (C:\Documents and Settings\EDDIE\Application Data\Mozilla\Profiles\default\o3hv4lb7.slt\prefs.js)
N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\EDDIE\Application Data\Mozilla\Profiles\default\o3hv4lb7.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Tracker] C:\Program Files\MySoftware\MyInvoices\tracker.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [ScanSoft PDF Converter 4-reminder] "C:\Program Files\ScanSoft\PDF Converter 4\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PDF Converter\4\Ereg\Ereg.ini
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [The BOB&TOM Show] C:\Program Files\The BOB&TOM Media Center\The BOB&TOM Media Center.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\dlm.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with ScanSoft PDF Converter 4.0 - res://C:\Program Files\ScanSoft\PDF Converter 4\cnvres_eng.dll /100
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162067515312
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162068278078
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

--
End of file - 11521 bytes


Thanks a lot in advance

shelf life
2007-10-20, 20:46
hi Hutch327,

going by the online scan try this:
we will do it all in SAFE MODE. so you might want to copy/paste this into notepad and save it so you can find it in safe mode:

to reach safe mode you would tap the f8 key during a computer reboot. chose the first option on the list: safe mode. log in to usual account. once at the safe mode desktop:

look in add/remove programs panel and uninstall the following if found:

my web search
GigatechSuperBar
Save Now
---------------------------
next to show all files do this:
FOr XP: on the desktop double click my computer,go to tools>folder options>view> then select "show hidden files and folders", then UNcheck "hide protected operating system files " also UNcheck "hide extensions for known file types" click apply to all folders, apply then ok

what you need to do is navigate to here:

I:\cdrive\Documents and Settings\Administrator.EDJR\My Documents\Data

look for a folder called: all_files3.exe
looks like everything in there is infected:

look at the online scan: some of the entries:

I:\cdrive\Documents and Settings\Administrator.EDJR\My Documents\Data\all_files3.exe/data0005 Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped

I:\cdrive\Documents and Settings\Administrator.EDJR\My Documents\Data\all_files3.exe/data0006 Infected: not-a-virus:AdWare.Win32.EZula skipped

I:\cdrive\Documents and Settings\Administrator.EDJR\My Documents\Data\all_files3.exe/data0007/data0120 Infected: not-a-virus:AdWare.Win32.HelpExpress skipped

I:\cdrive\Documents and Settings\Administrator.EDJR\My Documents\Data\all_files3.exe/data0007 Infected: not-a-virus:AdWare.Win32.HelpExpress skipped

I:\cdrive\Documents and Settings\Administrator.EDJR\My Documents\Data\all_files3.exe/data0008 Infected: not-a-virus:AdWare.Win32.HelpExpress skipped

I:\cdrive\Documents and Settings\Administrator.EDJR\My Documents\Data\all_files3.exe NSIS: infected - 23 skipped
------------------------------
while still in safe mode run spybot and spyware doctor also.

reboot computer normally and if you can download this:
Please download ComboFix (by sUBs) from one of the following links:

http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Save it to the Desktop.
Double-click combofix.exe and follow the prompts.

CAUTION: Do not mouse-click ComboFix's window while it is running.
It may cause it to stall.

When finished, it produces a log.

Please provide the contents of the ComboFix log in your reply--
-----------------------
shelf life

Hutch327
2007-10-21, 05:48
ComboFix 07-10-21.1** - Eddie 2007-10-20 22:34:55.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1399 [GMT -4:00]
Running from: C:\Documents and Settings\Eddie\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\sfsync02.sys
D:\MPSCOPY.EXE
I:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_SFSYNC02
-------\sfsync02


((((((((((((((((((((((((( Files Created from 2007-09-21 to 2007-10-21 )))))))))))))))))))))))))))))))
.

2007-10-20 22:30 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-19 23:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-19 21:13 <DIR> d-------- C:\Program Files\PCSecurityShield
2007-10-19 21:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PCSecurityShield
2007-10-19 21:13 7,062,304 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-10-19 21:13 82,061 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-10-19 21:13 81,549 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-10-19 21:13 30,752 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-10-19 21:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-10-18 06:42 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-10-15 21:01 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-15 21:01 <DIR> d-------- C:\Documents and Settings\Eddie\Application Data\Lavasoft
2007-10-15 15:31 <DIR> d-------- C:\WINDOWS\CAVTemp
2007-10-15 15:27 <DIR> d-------- C:\Program Files\LimeWire
2007-10-15 15:27 <DIR> d-------- C:\Documents and Settings\Eddie\.limewire
2007-10-15 15:26 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-10-14 11:32 <DIR> d-------- C:\Program Files\STOPzilla!
2007-10-14 11:32 <DIR> d-------- C:\Program Files\Common Files\iS3
2007-10-14 11:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2007-10-14 08:37 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-14 01:09 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-14 01:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-13 17:18 <DIR> d-------- C:\Program Files\2K Games
2007-10-13 16:39 <DIR> d-------- C:\Documents and Settings\Eddie\.housecall6.6
2007-10-13 15:58 <DIR> d-------- C:\Program Files\TrojanHunter 4.0
2007-10-13 10:00 <DIR> d-------- C:\Documents and Settings\Eddie\Application Data\Bioshock
2007-10-12 22:21 <DIR> d-------- C:\Program Files\2K Games(2)
2007-10-12 21:21 <DIR> d-------- C:\Program Files\CA
2007-10-12 21:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CA
2007-10-09 22:15 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-09 06:56 <DIR> d-------- C:\Program Files\Thief2
2007-10-05 10:11 225,280 -ra------ C:\WINDOWS\system32\SZBase5.dll
2007-09-28 15:01 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-26 16:44 <DIR> d-------- C:\Program Files\IncGamers Client

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-21 02:42 3,225 --sha-w C:\WINDOWS\system32\mmf.sys
2007-10-21 02:40 95,420 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-10-21 02:40 3,884 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-10-20 12:22 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-20 03:45 --------- d-----w C:\Program Files\Java
2007-10-20 03:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-20 02:47 --------- d-----w C:\Documents and Settings\Eddie\Application Data\Skype
2007-10-18 02:21 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2007-10-18 01:34 51,072 ----a-w C:\WINDOWS\system32\drivers\ikhlayer.sys
2007-10-17 11:56 --------- d-----w C:\Program Files\World of Warcraft
2007-10-17 01:28 --------- d-----w C:\Program Files\Common Files\Scanner
2007-10-16 21:23 --------- d-----w C:\Program Files\Telltale Games
2007-10-16 02:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-15 19:31 66,182 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k0
2007-10-15 19:31 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k7
2007-10-15 19:31 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k6
2007-10-15 19:31 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k5
2007-10-15 19:31 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k4
2007-10-15 19:31 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k3
2007-10-15 19:31 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k2
2007-10-15 19:31 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k1
2007-10-15 19:29 --------- d-----w C:\Program Files\iTunes
2007-10-15 19:27 --------- d-----w C:\Program Files\Netscape
2007-10-15 19:26 --------- d-----w C:\Program Files\Skype
2007-10-15 19:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2007-10-13 11:51 3,225 --sha-w C:\WINDOWS\system32\mmf(3)(11)(2).sys
2007-10-13 04:12 --------- d-----w C:\Documents and Settings\Eddie\Application Data\Netscape
2007-10-13 01:26 3,225 --sha-w C:\WINDOWS\system32\mmf(3)(11).sys
2007-10-13 01:13 3,225 --sha-w C:\WINDOWS\system32\mmf(4)(5).sys
2007-10-12 10:23 3,225 --sha-w C:\WINDOWS\system32\mmf(3)(12)(2).sys
2007-10-10 20:34 3,225 --sha-w C:\WINDOWS\system32\mmf(3)(10).sys
2007-10-10 03:05 3,225 --sha-w C:\WINDOWS\system32\mmf(3)(12).sys
2007-10-04 10:27 3,225 --sha-w C:\WINDOWS\system32\mmf(4)(5)(2).sys
2007-10-04 10:27 3,225 --sha-w C:\WINDOWS\system32\mmf(4)(4).sys
2007-10-03 17:06 --------- d-----w C:\Program Files\iPod
2007-10-02 11:07 --------- d-----w C:\Program Files\RegCure
2007-09-26 23:39 --------- d-----w C:\Program Files\Paint Shop Pro 6
2007-09-20 15:52 3,225 --sha-w C:\WINDOWS\system32\mmf(3)(9).sys
2007-09-20 15:51 --------- d-----w C:\Program Files\PartyGaming
2007-09-14 01:29 --------- d-----w C:\Program Files\Apple Software Update
2007-09-13 20:36 311,296 ----a-r C:\WINDOWS\system32\IS3DBA5.dll
2007-09-13 20:36 126,976 ----a-r C:\WINDOWS\system32\IS3HTUI5.dll
2007-09-13 20:35 61,440 ----a-r C:\WINDOWS\system32\IS3Hks5.dll
2007-09-13 20:35 372,736 ----a-r C:\WINDOWS\system32\IS3UI5.dll
2007-09-13 20:35 23,040 ----a-r C:\WINDOWS\system32\IS3XDat5.dll
2007-09-13 20:34 94,208 ----a-r C:\WINDOWS\system32\IS3Inet5.dll
2007-09-13 20:34 90,112 ----a-r C:\WINDOWS\system32\IS3Svc5.dll
2007-09-13 20:34 700,416 ----a-r C:\WINDOWS\system32\IS3Base5.dll
2007-09-13 20:34 200,704 ----a-r C:\WINDOWS\system32\IS3Win325.dll
2007-09-07 21:23 --------- d-----w C:\Program Files\KODAK
2007-09-07 21:23 --------- d-----w C:\Program Files\Common Files\Kodak
2007-09-07 21:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kodak
2007-09-07 02:54 --------- d-----w C:\Program Files\Steam
2007-09-05 02:33 --------- d-----w C:\Documents and Settings\Eddie\Application Data\Creative
2007-08-30 23:57 --------- d-----w C:\Program Files\Common Files\Ahead
2007-08-30 01:20 --------- d-----w C:\Program Files\Creative
2007-08-30 01:16 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2007-08-30 01:16 413,696 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2007-08-30 01:16 --------- d-----w C:\Program Files\OpenAL
2007-08-29 00:18 --------- d-----w C:\Program Files\GameSpy
2007-08-28 22:38 --------- d-----w C:\Documents and Settings\Eddie\Application Data\IGN_DLM
2007-08-28 20:48 --------- d-----w C:\Program Files\Google
2007-08-28 20:33 --------- d-----w C:\Documents and Settings\Eddie\Application Data\My Games
2007-08-28 19:06 --------- d-----w C:\Program Files\Firaxis Games
2007-08-24 02:34 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-08-23 18:03 204,864 ----a-w C:\WINDOWS\system32\klogon.dll
2007-08-22 13:49 --------- d-----w C:\Documents and Settings\Eddie\Application Data\PC Tools
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-07-30 23:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 23:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 23:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 23:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 23:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 23:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-07-30 23:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-30 23:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 23:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 23:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-05-10 15:18 54,008 ----a-w C:\Documents and Settings\Eddie\Application Data\GDIPFONTCACHEV1.DAT
2007-05-15 13:36:36 3,225 --sha-w C:\WINDOWS\system32\mmf(2)(10).sys
2006-10-28 22:50:17 625 --sha-w C:\WINDOWS\system32\mmf(2)(2).sys
2006-10-29 02:08:24 625 --sha-w C:\WINDOWS\system32\mmf(2)(3).sys
2006-10-28 22:04:08 625 --sha-w C:\WINDOWS\system32\mmf(2)(4).sys
2006-10-29 03:32:34 625 --sha-w C:\WINDOWS\system32\mmf(2)(5).sys
2006-10-28 22:04:08 625 --sha-w C:\WINDOWS\system32\mmf(2)(6).sys
2006-10-28 22:04:08 625 --sha-w C:\WINDOWS\system32\mmf(2)(7).sys
2007-05-13 11:45:38 3,225 --sha-w C:\WINDOWS\system32\mmf(2)(8).sys
2007-05-15 14:04:44 3,225 --sha-w C:\WINDOWS\system32\mmf(2)(9).sys
2007-06-02 12:15:06 3,225 --sha-w C:\WINDOWS\system32\mmf(2).sys
2006-10-28 23:30:23 625 --sha-w C:\WINDOWS\system32\mmf(3)(2).sys
2006-10-29 01:24:02 625 --sha-w C:\WINDOWS\system32\mmf(3)(3).sys
2006-10-28 21:25:48 625 --sha-w C:\WINDOWS\system32\mmf(3)(4).sys
2006-10-28 22:42:11 625 --sha-w C:\WINDOWS\system32\mmf(3)(5).sys
2006-10-28 23:42:08 625 --sha-w C:\WINDOWS\system32\mmf(3)(6).sys
2006-10-28 21:25:48 625 --sha-w C:\WINDOWS\system32\mmf(3)(7).sys
2007-05-15 13:31:36 3,225 --sha-w C:\WINDOWS\system32\mmf(3)(8).sys
2006-10-28 22:42:11 625 --sha-w C:\WINDOWS\system32\mmf(4)(2).sys
2006-10-28 23:08:24 625 --sha-w C:\WINDOWS\system32\mmf(4)(3).sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2006-08-17 12:32 C:\WINDOWS\CTHELPER.EXE]
"Tracker"="C:\Program Files\MySoftware\MyInvoices\tracker.exe" [2002-11-25 13:22]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-11-09 01:37]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2006-11-01 00:04]
"ScanSoft PDF Converter 4-reminder"="C:\Program Files\ScanSoft\PDF Converter 4\Ereg\Ereg.exe" [2006-11-16 11:01]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-07-04 14:22]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 01:00]
"RCSystem"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 11:34]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-17 12:32 C:\WINDOWS\system32\CTXFIHLP.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-07 16:55]
"AVP"="C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe" [2007-08-23 14:16]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"The BOB&TOM Show"="C:\Program Files\The BOB&TOM Media Center\The BOB&TOM Media Center.exe" [2005-06-08 12:00]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23]
"igndlm.exe"="C:\Program Files\IGN\Download Manager\dlm.exe" [2007-03-05 13:57]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-28 16:50]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"=

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-04-06 01:37:10]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 02:06:58]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MySoftware NewsFlash.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MySoftware NewsFlash.lnk
backup=C:\WINDOWS\pss\MySoftware NewsFlash.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
C:\Program Files\GameSpy\Comrade\Comrade.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
CTXFIHLP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Weather 3]
C:\PROGRA~1\THEWEA~1\The Weather Channel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
C:\Program Files\Electronic Arts\EA Downloader\Core.exe -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mozilla Quick Launch]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
C:\Program Files\Napster\napster.exe /systray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF4 Registry Controller]
"C:\Program Files\ScanSoft\PDF Converter 4\RegistryController.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seekmo]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter]
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
"C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\The BOB&TOM Show]
C:\Program Files\The BOB&TOM Media Center\The BOB&TOM Media Center.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys
R1 ATITool;ATITool Overclocking Utility;C:\WINDOWS\system32\DRIVERS\ATITool.sys
R2 LicCtrlService;LicCtrl Service;C:\WINDOWS\runservice.exe
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys
S3 gAGP440p;gAGP440p;\??\C:\DOCUME~1\Eddie\LOCALS~1\Temp\gAGP440p.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command - G:\BSAutoRun.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-10-18 03:50:30 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-10-13 02:25:12 C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as Eddie at 9 22 PM.job"
.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-20 22:43:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-20 22:46:07 - machine was rebooted
.
--- E O F ---

shelf life
2007-10-21, 06:35
hi Hutch327,

ok thanks for the info. did you find those in the add/remove programs panel. where you able to delete this folder:
all_files3.exe

hows it looking on your end now?

shelf life

Hutch327
2007-10-21, 07:24
No I did not find them in the add remove programs or even see the all_files.exe
Is working now but like I said I am able to get on internet maybe 30% of the time. So I guess it comes and goes?

shelf life
2007-10-21, 15:34
hi Hutch327,


even see the all_files.exe
do this; then look for them

FOr XP: on the desktop double click my computer,go to tools>folder options>view> then select "show hidden files and folders", then UNcheck "hide protected operating system files " also UNcheck "hide extensions for known file types" click apply to all folders, apply then ok

iam trying to figure out what this is? you have more than one hard drive?
I:\cdrive\
you ran spybot and spysweeper in safe mode, did they find anything?

shelf life

Hutch327
2007-10-22, 01:41
I do have an "I" drive. the folder named cdrive contains backups from my actual c drive. I did run Spysweeper and came up with this.
12:57 PM: Traces Found: 45
12:57 PM: Full Sweep has completed. Elapsed time 03:28:48
12:57 PM: File Sweep Complete, Elapsed Time: 03:27:05
12:53 PM: Warning: SweepCompressedFiles: Access violation at address 00401D84 in module 'SpySweeper.exe'. Read of address 7E8E000C
12:53 PM: Warning: SweepCompressedFiles: Access violation at address 00401D84 in module 'SpySweeper.exe'. Read of address 7F93000C
Not enough storage is available to process this command
12:49 PM: Warning: Unable to sweep compressed file: System Error. Code: 8.
Not enough storage is available to process this command
12:49 PM: Warning: Unable to sweep compressed file: System Error. Code: 8.
Not enough storage is available to process this command
12:48 PM: Warning: Unable to sweep compressed file: System Error. Code: 8.
12:48 PM: Warning: TCompressedFile.GetStreams(1): Stream read error
12:48 PM: Warning: TCompressedFile.GetStreams(1): Stream read error
12:48 PM: Warning: TCompressedFile.GetStreams(1): Stream read error
Access is denied
12:48 PM: Warning: Unable to sweep compressed file: System Error. Code: 5.
Access is denied
12:48 PM: Warning: Unable to sweep compressed file: System Error. Code: 5.
Access is denied
12:48 PM: Warning: Unable to sweep compressed file: System Error. Code: 5.
Access is denied
12:48 PM: Warning: Unable to sweep compressed file: System Error. Code: 5.
Access is denied
12:48 PM: Warning: Unable to sweep compressed file: System Error. Code: 5.
Access is denied
12:48 PM: Warning: Unable to sweep compressed file: System Error. Code: 5.
Not enough storage is available to process this command
12:48 PM: Warning: Unable to sweep compressed file: System Error. Code: 8.
Not enough storage is available to process this command
12:48 PM: Warning: Unable to sweep compressed file: System Error. Code: 8.
Not enough storage is available to process this command
12:48 PM: Warning: Unable to sweep compressed file: System Error. Code: 8.
Not enough storage is available to process this command
12:48 PM: Warning: Unable to sweep compressed file: System Error. Code: 8.
Not enough storage is available to process this command
12:48 PM: Warning: Unable to sweep compressed file: System Error. Code: 8.
Access is denied
12:27 PM: Warning: Unable to sweep compressed file: System Error. Code: 5.
Access is denied
12:09 PM: Warning: Unable to sweep compressed file: System Error. Code: 5.
Not enough storage is available to process this command
11:58 AM: Warning: Unable to sweep compressed file: System Error. Code: 8.
Access is denied
11:29 AM: Warning: Unable to sweep compressed file: System Error. Code: 5.
Access is denied
11:29 AM: Warning: Unable to sweep compressed file: System Error. Code: 5.
Not enough storage is available to process this command
11:25 AM: Warning: Unable to sweep compressed file: System Error. Code: 8.
Not enough storage is available to process this command
11:17 AM: Warning: Unable to sweep compressed file: System Error. Code: 8.
Not enough storage is available to process this command
11:14 AM: Warning: Unable to sweep compressed file: System Error. Code: 8.
Access is denied
11:09 AM: Warning: Unable to sweep compressed file: System Error. Code: 5.
Not enough storage is available to process this command
11:09 AM: Warning: Unable to sweep compressed file: System Error. Code: 8.
11:05 AM: Warning: SweepDirectories: Cannot find directory "j:". This directory was not added to the list of paths to be scanned.
10:59 AM: Warning: SweepDirectories: Cannot find directory "h:". This directory was not added to the list of paths to be scanned.
10:58 AM: Warning: SweepDirectories: Cannot find directory "f:". This directory was not added to the list of paths to be scanned.
10:25 AM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\ssms0076062a-598e-45b6-a8ee-5351d1259a59.tmp". The operation completed successfully
10:25 AM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\ssms2e6ad9fc-4e74-49f4-aa1c-7cd189ce2e83.tmp". The operation completed successfully
10:25 AM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\ssmsedbb07a9-8fc4-4c5e-a0f5-dfae7023c371.tmp". The operation completed successfully
10:25 AM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\ssmsbb116113-1cf4-49f7-a86a-9c5d42d93ef8.tmp". The operation completed successfully
10:25 AM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\ssmse9a6e3a3-9a6a-4a76-9812-ffc22a69d4fa.tmp". The operation completed successfully
10:25 AM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\ssmse3ddf84d-101b-4538-b16b-3d2b2df1c149.tmp". The operation completed successfully
10:25 AM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\ssms5c3bf10b-8a46-4c22-8fd7-08b9a3236597.tmp". The operation completed successfully
10:25 AM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\ssms29ab3dfb-308e-43fb-b9d2-a2756b8a2af6.tmp". The operation completed successfully
10:25 AM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\ssmsd9051ee4-df37-416f-8db9-7699cdb89f1d.tmp". The operation completed successfully
10:25 AM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\ssms96bfa83f-4651-4f24-9966-aca53a3fdbf7.tmp". The operation completed successfully
10:25 AM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\ssmsdad99d5e-4429-416e-9508-201aa3c19c9f.tmp". The operation completed successfully
10:25 AM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\ssms076abfa8-0c8d-44c2-92a5-371bf912f4ac.tmp". The operation completed successfully
10:25 AM: Warning: Failed to open file "c:\windows\temp\sst29.tmp.log". The operation completed successfully
9:30 AM: Starting File Sweep
9:30 AM: Warning: SweepDirectories: Cannot find directory "a:". This directory was not added to the list of paths to be scanned.
9:30 AM: Cookie Sweep Complete, Elapsed Time: 00:00:02
9:30 AM: cookies.txt (ID = 6445)
9:30 AM: cookies.txt (ID = 3591)
9:30 AM: Found Spy Cookie: tripod cookie
9:30 AM: cookies.txt (ID = 6444)
9:30 AM: cookies.txt (ID = 6444)
9:30 AM: cookies.txt (ID = 6444)
9:30 AM: cookies.txt (ID = 3020)
9:30 AM: Found Spy Cookie: mrskin cookie
9:30 AM: eddie@xos.adbureau[2].txt (ID = 2060)
9:30 AM: eddie@www.trygames[1].txt (ID = 3594)
9:30 AM: Found Spy Cookie: try games cookie
9:30 AM: eddie@www.burstnet[1].txt (ID = 2337)
9:30 AM: eddie@tribalfusion[1].txt (ID = 3589)
9:30 AM: Found Spy Cookie: tribalfusion cookie
9:30 AM: eddie@tremor.adbureau[1].txt (ID = 2060)
9:30 AM: eddie@toplist[1].txt (ID = 3557)
9:30 AM: Found Spy Cookie: toplist cookie
9:30 AM: eddie@tacoda[1].txt (ID = 6444)
9:30 AM: eddie@statse.webtrendslive[1].txt (ID = 3667)
9:30 AM: Found Spy Cookie: webtrendslive cookie
9:30 AM: eddie@sports.espn.go[1].txt (ID = 2729)
9:30 AM: eddie@specificclick[2].txt (ID = 3399)
9:30 AM: eddie@server.iad.liveperson[1].txt (ID = 3341)
9:30 AM: Found Spy Cookie: server.iad.liveperson cookie
9:30 AM: eddie@scores.espn.go[1].txt (ID = 2729)
9:30 AM: eddie@rsi.espn.go[1].txt (ID = 2729)
9:30 AM: eddie@rsi.abc.go[1].txt (ID = 2729)
9:30 AM: eddie@realmedia[1].txt (ID = 3235)
9:30 AM: Found Spy Cookie: realmedia cookie
9:30 AM: eddie@questionmarket[2].txt (ID = 3217)
9:30 AM: Found Spy Cookie: questionmarket cookie
9:30 AM: eddie@military[1].txt (ID = 2996)
9:30 AM: Found Spy Cookie: military cookie
9:30 AM: eddie@go[2].txt (ID = 2728)
9:30 AM: eddie@espn.go[1].txt (ID = 2729)
9:30 AM: eddie@clickbank[1].txt (ID = 2398)
9:30 AM: Found Spy Cookie: clickbank cookie
9:30 AM: eddie@cgm.adbureau[2].txt (ID = 2060)
9:30 AM: Found Spy Cookie: adbureau cookie
9:30 AM: eddie@casalemedia[1].txt (ID = 2354)
9:30 AM: Found Spy Cookie: casalemedia cookie
9:30 AM: eddie@burstnet[2].txt (ID = 2336)
9:30 AM: Found Spy Cookie: burstnet cookie
9:30 AM: eddie@atwola[1].txt (ID = 2255)
9:30 AM: Found Spy Cookie: atwola cookie
9:30 AM: eddie@atdmt[1].txt (ID = 2253)
9:30 AM: Found Spy Cookie: atlas dmt cookie
9:30 AM: eddie@aptimus[2].txt (ID = 2233)
9:30 AM: Found Spy Cookie: aptimus cookie
9:30 AM: eddie@anat.tacoda[1].txt (ID = 6445)
9:30 AM: Found Spy Cookie: tacoda cookie
9:30 AM: eddie@advertising[1].txt (ID = 2175)
9:30 AM: Found Spy Cookie: advertising cookie
9:30 AM: eddie@adserver[1].txt (ID = 2141)
9:30 AM: Found Spy Cookie: adserver cookie
9:30 AM: eddie@ads.pointroll[1].txt (ID = 3148)
9:30 AM: Found Spy Cookie: pointroll cookie
9:30 AM: eddie@ads.addynamix[2].txt (ID = 2062)
9:30 AM: Found Spy Cookie: addynamix cookie
9:30 AM: eddie@adopt.specificclick[1].txt (ID = 3400)
9:30 AM: Found Spy Cookie: specificclick.com cookie
9:30 AM: eddie@adlegend[1].txt (ID = 2074)
9:30 AM: Found Spy Cookie: adlegend cookie
9:30 AM: eddie@ad.yieldmanager[1].txt (ID = 3751)
9:30 AM: Found Spy Cookie: yieldmanager cookie
9:30 AM: eddie@about[1].txt (ID = 2037)
9:30 AM: Found Spy Cookie: about cookie
9:30 AM: eddie@abc.go[1].txt (ID = 2729)
9:30 AM: Found Spy Cookie: go.com cookie
9:30 AM: eddie@2o7[2].txt (ID = 1957)
9:30 AM: Found Spy Cookie: 2o7.net cookie
9:30 AM: Starting Cookie Sweep
9:30 AM: Registry Sweep Complete, Elapsed Time:00:00:21
9:30 AM: HKLM\software\microsoft\internet explorer\activex compatibility\{9a578c98-3c2f-4630-890b-fc04196ef420}\ (ID = 2346201)
9:30 AM: Found Adware: cnsmin
9:30 AM: HKLM\software\microsoft\windows\currentversion\mcd\ (ID = 826065)
9:30 AM: Found Trojan Horse: ldpinch trojan
9:30 AM: Starting Registry Sweep
9:30 AM: Memory Sweep Complete, Elapsed Time: 00:01:03
9:29 AM: Warning: TFileCountEnum.ProcessPartition: TVolumeFAT.IC: invalid Boot Sector. Volume G:
9:29 AM: Starting Memory Sweep
9:28 AM: Sweep initiated using definitions version 1014
9:28 AM: Spy Sweeper 5.5.7.48 started
9:28 AM: | Start of Session, Sunday, October 21, 2007 |
***************
9:28 AM: Program Version 5.5.7.48 Using Spyware Definitions 1014
9:28 AM: Informational: Loaded AntiVirus Engine: 2.50.6; SDK Version: 4.22E; Virus Definitions: 10/21/2007 5:10:56 AM (GMT)
9:27 AM: Spy Sweeper 5.5.7.48 started
9:27 AM: | Start of Session, Sunday, October 21, 2007 |
***************
9:23 AM: Spyware Definitions: 1014
9:23 AM: Informational: Loaded AntiVirus Engine: 2.50.6; SDK Version: 4.22E; Virus Definitions: 10/21/2007 5:10:56 AM (GMT)
9:22 AM: Spy Sweeper 5.5.7.48 started
9:22 AM: Spy Sweeper 5.5.7.48 started
9:22 AM: | Start of Session, Sunday, October 21, 2007 |
***************

shelf life
2007-10-22, 03:03
hi Hutch327,

from the online scan you did it looks like the malware is in the i drive. did you try that step to show all files than deleting the
all_files3.exe in your backup drive.

that spysweeper i assume you ran on the I drive? dosnt look bad, cookies arent much to worry about and it cant scan compressed files.
i would try a another online scan just for another look, lets try f-secure this time:


F-secure scan:
http://support.f-secure.com/enu/home/ols.shtml

uses Internet Explorer only

click on the "start scanning button" near bottom of page.
click to accept/install the ActiveX applet
"accept" the License Agreement, click "full system scan"
Once the download completes,the scan will begin automatically.Download may take awhile
The scan will take some time to finish.
When the scan completes, click the Automatic cleaning (recommended) button.

Click the Show Report button and Copy&Paste the entire report in your next reply along with a current HijackThis log.

shelf life

Hutch327
2007-10-22, 14:26
Wow
I can't even stay online long enough to run F-Secure test.

Her eis my Hjt though.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:26:06 AM, on 10/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\runservice.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\The BOB&TOM Media Center\The BOB&TOM Media Center.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Netscape\Netscape Browser\netscape.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
N4 - Mozilla: user_pref("browser.startup.homepage", "www.msn.com"); (C:\Documents and Settings\EDDIE\Application Data\Mozilla\Profiles\default\o3hv4lb7.slt\prefs.js)
N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\EDDIE\Application Data\Mozilla\Profiles\default\o3hv4lb7.slt\prefs.js)
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Tracker] "C:\Program Files\MySoftware\MyInvoices\tracker.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [ScanSoft PDF Converter 4-reminder] "C:\Program Files\ScanSoft\PDF Converter 4\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PDF Converter\4\Ereg\Ereg.ini
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [The BOB&TOM Show] "C:\Program Files\The BOB&TOM Media Center\The BOB&TOM Media Center.exe"
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [igndlm.exe] "C:\Program Files\IGN\Download Manager\dlm.exe" /windowsstart /startifwork
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] (User 'Default user')
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with ScanSoft PDF Converter 4.0 - res://C:\Program Files\ScanSoft\PDF Converter 4\cnvres_eng.dll /100
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\scieplugin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162067515312
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162068278078
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: The Shield Deluxe 2008 (AVP) - PCSecurityShield - C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 11671 bytes

shelf life
2007-10-23, 02:00
hi Hutch327,

you have disabled your resident antivirus using msconfig?
you should re enable it, update it and do a scan with it, (all drives)

shelf life

tashi
2007-10-23, 18:42
Duplicate topic archived: http://forums.spybot.info/showthread.php?p=129815

Hutch327
2007-10-25, 03:16
Ok
I did the scan. came up with some Spy cookies. I deleted them but still seem to have a problem getting online. Any other suggestions other than reformatting? (please don't say reformat!!) :)

Thanks

shelf life
2007-10-25, 04:41
hi Hutch327,


look in add/remove programs panel for something like:
AskSBar or ask search assistant.
this is a debatable malware BHO. lets remove it.

after the uninstall reboot computer once.
-------------------------------
dont think its malware that is keeping you from getting online.
do you have your antivirus updated and you have scanned with it recently (all drives)?
------------------------------
lets see if combofix can dig up anything:

Please download ComboFix (by sUBs) from one of the following links:

http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Save it to the Desktop.
Double-click combofix.exe and follow the prompts.

CAUTION: Do not mouse-click ComboFix's window while it is running.
It may cause it to stall.

When finished, it produces a log.

Please provide the contents of the ComboFix log in your reply--
and a new hjt log.

shelf life

Hutch327
2007-10-26, 03:18
Here is the HJT. The combofix was too long. should I split it up?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:40:54 PM, on 10/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\runservice.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\The BOB&TOM Media Center\The BOB&TOM Media Center.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Netscape\Netscape Browser\netscape.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
N4 - Mozilla: user_pref("browser.startup.homepage", "www.msn.com"); (C:\Documents and Settings\EDDIE\Application Data\Mozilla\Profiles\default\o3hv4lb7.slt\prefs.js)
N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\EDDIE\Application Data\Mozilla\Profiles\default\o3hv4lb7.slt\prefs.js)
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Tracker] "C:\Program Files\MySoftware\MyInvoices\tracker.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [ScanSoft PDF Converter 4-reminder] "C:\Program Files\ScanSoft\PDF Converter 4\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PDF Converter\4\Ereg\Ereg.ini
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [The BOB&TOM Show] "C:\Program Files\The BOB&TOM Media Center\The BOB&TOM Media Center.exe"
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [igndlm.exe] "C:\Program Files\IGN\Download Manager\dlm.exe" /windowsstart /startifwork
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] (User 'Default user')
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with ScanSoft PDF Converter 4.0 - res://C:\Program Files\ScanSoft\PDF Converter 4\cnvres_eng.dll /100
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\scieplugin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162067515312
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162068278078
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: The Shield Deluxe 2008 (AVP) - PCSecurityShield - C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 11636 bytes

Hutch327
2007-10-26, 03:20
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:40:54 PM, on 10/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\runservice.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\The BOB&TOM Media Center\The BOB&TOM Media Center.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Netscape\Netscape Browser\netscape.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
N4 - Mozilla: user_pref("browser.startup.homepage", "www.msn.com"); (C:\Documents and Settings\EDDIE\Application Data\Mozilla\Profiles\default\o3hv4lb7.slt\prefs.js)
N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\EDDIE\Application Data\Mozilla\Profiles\default\o3hv4lb7.slt\prefs.js)
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Tracker] "C:\Program Files\MySoftware\MyInvoices\tracker.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [ScanSoft PDF Converter 4-reminder] "C:\Program Files\ScanSoft\PDF Converter 4\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PDF Converter\4\Ereg\Ereg.ini
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [The BOB&TOM Show] "C:\Program Files\The BOB&TOM Media Center\The BOB&TOM Media Center.exe"
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [igndlm.exe] "C:\Program Files\IGN\Download Manager\dlm.exe" /windowsstart /startifwork
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] (User 'Default user')
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with ScanSoft PDF Converter 4.0 - res://C:\Program Files\ScanSoft\PDF Converter 4\cnvres_eng.dll /100
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\scieplugin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162067515312
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162068278078
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: The Shield Deluxe 2008 (AVP) - PCSecurityShield - C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 11636 bytes

shelf life
2007-10-27, 01:07
hi,

yes you can split the combofix log up. hjt log looks ok did you uninstall that Ask toolbar via the add/remove programs panel?

shelf life

Hutch327
2007-10-27, 03:39
ve gotten rid of Ask Toolbar. Here is the combofix. Split in two parts


ComboFix 07-10-21.1** - Eddie 2007-10-26 20:29:59.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1476 [GMT -4:00]
Running from: C:\Documents and Settings\Eddie\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-09-27 to 2007-10-27 )))))))))))))))))))))))))))))))
.

2007-10-26 20:24 267,592 --a------ C:\Program Files\Uninstall Ask Toolbar.dll
2007-10-21 19:07 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2007-10-21 09:25 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2007-10-21 09:19 <DIR> d-------- C:\Program Files\Webroot
2007-10-21 09:19 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-10-21 09:19 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-10-21 09:19 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-10-21 09:19 <DIR> d-------- C:\Documents and Settings\Eddie\Application Data\Webroot
2007-10-21 09:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-10-21 09:19 1,526,072 --a------ C:\WINDOWS\WRSetup.dll
2007-10-21 09:19 163,640 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-10-21 09:19 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-10-21 09:19 21,816 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-10-21 09:16 164 --a------ C:\install.dat
2007-10-20 22:30 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-19 23:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-19 21:13 <DIR> d-------- C:\Program Files\PCSecurityShield
2007-10-19 21:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PCSecurityShield
2007-10-19 21:13 7,816,736 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-10-19 21:13 88,352 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-10-19 21:13 82,061 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-10-19 21:13 81,549 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-10-19 21:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-10-18 06:42 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-10-15 21:01 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-15 21:01 <DIR> d-------- C:\Documents and Settings\Eddie\Application Data\Lavasoft
2007-10-15 15:31 <DIR> d-------- C:\WINDOWS\CAVTemp
2007-10-15 15:27 <DIR> d-------- C:\Program Files\LimeWire
2007-10-15 15:27 <DIR> d-------- C:\Documents and Settings\Eddie\.limewire
2007-10-15 15:26 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-10-14 11:32 <DIR> d-------- C:\Program Files\STOPzilla!
2007-10-14 11:32 <DIR> d-------- C:\Program Files\Common Files\iS3
2007-10-14 11:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2007-10-14 08:37 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-14 01:09 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-14 01:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-13 17:18 <DIR> d-------- C:\Program Files\2K Games
2007-10-13 16:39 <DIR> d-------- C:\Documents and Settings\Eddie\.housecall6.6
2007-10-13 15:58 <DIR> d-------- C:\Program Files\TrojanHunter 4.0
2007-10-13 10:00 <DIR> d-------- C:\Documents and Settings\Eddie\Application Data\Bioshock
2007-10-12 22:21 <DIR> d-------- C:\Program Files\2K Games(2)
2007-10-12 21:21 <DIR> d-------- C:\Program Files\CA
2007-10-12 21:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CA
2007-10-09 22:15 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-09 06:56 <DIR> d-------- C:\Program Files\Thief2
2007-09-28 15:01 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-27 00:27 3,225 --sha-w C:\WINDOWS\system32\mmf.sys
2007-10-27 00:25 9,164 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-10-27 00:25 105,524 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-10-25 01:59 --------- d-----w C:\Program Files\PartyGaming
2007-10-25 00:13 --------- d-----w C:\Documents and Settings\Eddie\Application Data\Skype
2007-10-21 20:57 --------- d-----w C:\Documents and Settings\Eddie\Application Data\GetRightToGo
2007-10-20 12:22 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-20 03:45 --------- d-----w C:\Program Files\Java
2007-10-20 03:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-18 02:21 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2007-10-18 01:34 51,072 ----a-w C:\WINDOWS\system32\drivers\ikhlayer.sys
2007-10-17 11:56 --------- d-----w C:\Program Files\World of Warcraft
2007-10-17 01:28 --------- d-----w C:\Program Files\Common Files\Scanner
2007-10-16 21:23 --------- d-----w C:\Program Files\Telltale Games
2007-10-16 02:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-15 19:31 66,182 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k0
2007-10-15 19:31 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k7
2007-10-15 19:31 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k6
2007-10-15 19:31 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k5
2007-10-15 19:31 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k4
2007-10-15 19:31 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k3
2007-10-15 19:31 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k2
2007-10-15 19:31 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k1
2007-10-15 19:29 --------- d-----w C:\Program Files\iTunes
2007-10-15 19:27 --------- d-----w C:\Program Files\Netscape
2007-10-15 19:26 --------- d-----w C:\Program Files\Skype
2007-10-15 19:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2007-10-13 11:51 3,225 --sha-w C:\WINDOWS\system32\mmf(3)(11)(2).sys
2007-10-13 04:12 --------- d-----w C:\Documents and Settings\Eddie\Application Data\Netscape
2007-10-13 01:26 3,225 --sha-w C:\WINDOWS\system32\mmf(3)(11).sys
2007-10-13 01:13 3,225 --sha-w C:\WINDOWS\system32\mmf(4)(5).sys
2007-10-12 10:23 3,225 --sha-w C:\WINDOWS\system32\mmf(3)(12)(2).sys
2007-10-10 20:34 3,225 --sha-w C:\WINDOWS\system32\mmf(3)(10).sys
2007-10-10 03:05 3,225 --sha-w C:\WINDOWS\system32\mmf(3)(12).sys
2007-10-04 10:27 3,225 --sha-w C:\WINDOWS\system32\mmf(4)(5)(2).sys
2007-10-04 10:27 3,225 --sha-w C:\WINDOWS\system32\mmf(4)(4).sys
2007-10-03 17:06 --------- d-----w C:\Program Files\iPod
2007-10-02 11:07 --------- d-----w C:\Program Files\RegCure
2007-09-26 23:39 --------- d-----w C:\Program Files\Paint Shop Pro 6
2007-09-26 20:44 --------- d-----w C:\Program Files\IncGamers Client
2007-09-20 15:52 3,225 --sha-w C:\WINDOWS\system32\mmf(3)(9).sys
2007-09-14 01:29 --------- d-----w C:\Program Files\Apple Software Update
2007-09-07 21:23 --------- d-----w C:\Program Files\KODAK
2007-09-07 21:23 --------- d-----w C:\Program Files\Common Files\Kodak
2007-09-07 21:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kodak
2007-09-07 02:54 --------- d-----w C:\Program Files\Steam
2007-09-05 02:33 --------- d-----w C:\Documents and Settings\Eddie\Application Data\Creative
2007-08-30 23:57 --------- d-----w C:\Program Files\Common Files\Ahead
2007-08-30 01:20 --------- d-----w C:\Program Files\Creative
2007-08-30 01:16 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2007-08-30 01:16 413,696 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2007-08-30 01:16 --------- d-----w C:\Program Files\OpenAL
2007-08-29 00:18 --------- d-----w C:\Program Files\GameSpy
2007-08-28 22:38 --------- d-----w C:\Documents and Settings\Eddie\Application Data\IGN_DLM
2007-08-28 20:48 --------- d-----w C:\Program Files\Google
2007-08-28 20:33 --------- d-----w C:\Documents and Settings\Eddie\Application Data\My Games
2007-08-28 19:06 --------- d-----w C:\Program Files\Firaxis Games
2007-08-24 02:34 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-08-23 18:03 204,864 ----a-w C:\WINDOWS\system32\klogon.dll
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-07-30 23:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 23:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 23:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 23:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 23:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 23:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-07-30 23:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-30 23:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 23:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 23:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-05-10 15:18 54,008 ----a-w C:\Documents and Settings\Eddie\Application Data\GDIPFONTCACHEV1.DAT
2007-05-15 13:36:36 3,225 --sha-w C:\WINDOWS\system32\mmf(2)(10).sys
2006-10-28 22:50:17 625 --sha-w C:\WINDOWS\system32\mmf(2)(2).sys
2006-10-29 02:08:24 625 --sha-w C:\WINDOWS\system32\mmf(2)(3).sys
2006-10-28 22:04:08 625 --sha-w C:\WINDOWS\system32\mmf(2)(4).sys
2006-10-29 03:32:34 625 --sha-w C:\WINDOWS\system32\mmf(2)(5).sys
2006-10-28 22:04:08 625 --sha-w C:\WINDOWS\system32\mmf(2)(6).sys
2006-10-28 22:04:08 625 --sha-w C:\WINDOWS\system32\mmf(2)(7).sys
2007-05-13 11:45:38 3,225 --sha-w C:\WINDOWS\system32\mmf(2)(8).sys
2007-05-15 14:04:44 3,225 --sha-w C:\WINDOWS\system32\mmf(2)(9).sys
2007-06-02 12:15:06 3,225 --sha-w C:\WINDOWS\system32\mmf(2).sys
2006-10-28 23:30:23 625 --sha-w C:\WINDOWS\system32\mmf(3)(2).sys
2006-10-29 01:24:02 625 --sha-w C:\WINDOWS\system32\mmf(3)(3).sys
2006-10-28 21:25:48 625 --sha-w C:\WINDOWS\system32\mmf(3)(4).sys
2006-10-28 22:42:11 625 --sha-w C:\WINDOWS\system32\mmf(3)(5).sys
2006-10-28 23:42:08 625 --sha-w C:\WINDOWS\system32\mmf(3)(6).sys
2006-10-28 21:25:48 625 --sha-w C:\WINDOWS\system32\mmf(3)(7).sys
2007-05-15 13:31:36 3,225 --sha-w C:\WINDOWS\system32\mmf(3)(8).sys
2006-10-28 22:42:11 625 --sha-w C:\WINDOWS\system32\mmf(4)(2).sys
2006-10-28 23:08:24 625 --sha-w C:\WINDOWS\system32\mmf(4)(3).sys
.

Hutch327
2007-10-27, 03:39
Second part of combofix.



((((((((((((((((((((((((((((( snapshot@2007-10-20_22.44.10.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-05-07 20:38:46 500,120 ----a-w C:\WINDOWS\Downloaded Program Files\daas_s.dll
+ 2007-05-07 20:39:00 192,920 ----a-w C:\WINDOWS\Downloaded Program Files\fsauc.dll
+ 2007-05-07 20:39:24 254,360 ----a-w C:\WINDOWS\Downloaded Program Files\fscax.dll
- 2007-10-21 02:10:19 15,539 ----a-w C:\WINDOWS\mozver.dat
+ 2007-10-27 00:28:24 15,539 ----a-w C:\WINDOWS\mozver.dat
- 2007-10-20 19:12:29 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2007-10-21 20:42:22 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-10-20 19:12:29 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-10-21 20:42:22 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-10-20 19:12:29 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-10-21 20:42:22 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-10-16 21:46:29 402,580 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
+ 2007-10-24 00:36:01 247,360 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
+ 2007-10-01 20:24:34 16,184 ----a-w C:\WINDOWS\system32\ssiefr.EXE
+ 2007-10-01 20:24:36 219,448 ----a-w C:\WINDOWS\system32\WRLogonNtf.dll
+ 2007-10-01 20:24:36 26,424 ----a-w C:\WINDOWS\system32\wrlzma.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2006-08-17 12:32 C:\WINDOWS\CTHELPER.EXE]
"Tracker"="C:\Program Files\MySoftware\MyInvoices\tracker.exe" [2002-11-25 13:22]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-11-09 01:37]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2006-11-01 00:04]
"ScanSoft PDF Converter 4-reminder"="C:\Program Files\ScanSoft\PDF Converter 4\Ereg\Ereg.exe" [2006-11-16 11:01]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-07-04 14:22]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 01:00]
"RCSystem"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 11:34]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-17 12:32 C:\WINDOWS\system32\CTXFIHLP.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-07 16:55]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-10-01 16:40]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"The BOB&TOM Show"="C:\Program Files\The BOB&TOM Media Center\The BOB&TOM Media Center.exe" [2005-06-08 12:00]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23]
"igndlm.exe"="C:\Program Files\IGN\Download Manager\dlm.exe" [2007-03-05 13:57]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-28 16:50]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"=

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-04-06 01:37:10]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 02:06:58]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MySoftware NewsFlash.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MySoftware NewsFlash.lnk
backup=C:\WINDOWS\pss\MySoftware NewsFlash.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
C:\Program Files\GameSpy\Comrade\Comrade.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
CTXFIHLP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Weather 3]
C:\PROGRA~1\THEWEA~1\The Weather Channel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
C:\Program Files\Electronic Arts\EA Downloader\Core.exe -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mozilla Quick Launch]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
C:\Program Files\Napster\napster.exe /systray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF4 Registry Controller]
"C:\Program Files\ScanSoft\PDF Converter 4\RegistryController.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seekmo]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter]
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
"C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\The BOB&TOM Show]
C:\Program Files\The BOB&TOM Media Center\The BOB&TOM Media Center.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

R0 SSFS0BB9;Spy Sweeper File System Filer Driver: 0BB9;C:\WINDOWS\system32\Drivers\SSFS0BB9.SYS
R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys
R1 ATITool;ATITool Overclocking Utility;C:\WINDOWS\system32\DRIVERS\ATITool.sys
R2 LicCtrlService;LicCtrl Service;C:\WINDOWS\runservice.exe
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys
S3 gAGP440p;gAGP440p;\??\C:\DOCUME~1\Eddie\LOCALS~1\Temp\gAGP440p.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command - G:\BSAutoRun.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-10-25 03:50:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-10-13 02:25:12 C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as Eddie at 9 22 PM.job"
"2007-10-22 06:00:03 C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job"
.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-26 20:34:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-26 20:35:59
C:\ComboFix2.txt ... 2007-10-25 19:35
C:\ComboFix3.txt ... 2007-10-20 22:46
.
--- E O F ---

shelf life
2007-10-27, 17:12
hi,

logs look ok, not seeing anything that looks like malware. normally malware wants to use your connection, not disrupt it. you have that portmagic software, isnt that some kind of connection diagnostic tool? maybe that could shed some light.

shelf life

tashi
2007-11-06, 22:37
This topic has been moved to archives.

If you need the thread re-opened, please send me a private message (pm) and provide a link.

Applies only to the original poster, anyone else with similar problems please start your own topic.

Thank you shelf life.