PDA

View Full Version : PC Going Haywire with Pop-ups, Delays


sgtmike44
2007-12-07, 18:52
Help, my PC has gone haywire. It takes about 15-30 minutes to start and runs slow when it does. I get frequent pop-ups in Internet Explorer even though I never use that browser...they just open on their own. I use Mozilla Firefox and that browser keeps freezing and crashing.

Spybot reports that I have been infected with several trojans, including Win32.Agent, DropAgent, and Virtumonde. Each was fixed but returned. My Norton AV also alledgedly fixed these problems but they came back. AdAware found nothing but cookies. I even ran VundoFix without result.

The Kaspersky Virus Scanner report is to long to post but here are the keys lines:

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\43JDW1B3\d_14_0[1] Infected: Trojan.Win32.Golid.l skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G9SRU3ON\d_13_0[1] Infected: Trojan.Win32.Golid.l skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G9SRU3ON\d_15_0[1] Infected: Trojan.Win32.Golid.g skipped

C:\Documents and Settings\Michael Cozine\Local Settings\Temporary Internet Files\Content.IE5\26SMO9M8\ggdll[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.bjl skipped

C:\My Download Files\Gutterball 2.zip/Gutterball 2.exe Infected: Trojan-Dropper.Win32.Delf.xo skipped
C:\My Download Files\Gutterball 2.zip/Reflexive Arcade Games KeyGen.exe Infected: Trojan-Dropper.Win32.Delf.xo skipped
C:\My Download Files\Gutterball 2.zip ZIP: infected - 2 skipped

C:\System Volume Information\_restore{CD45504F-D983-486E-9C46-F5C3E4ADCBD7}\RP1\A0004330.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\System Volume Information\_restore{CD45504F-D983-486E-9C46-F5C3E4ADCBD7}\RP1\A0004331.exe Infected: Trojan-Downloader.Win32.Agent.fhv skipped
C:\System Volume Information\_restore{CD45504F-D983-486E-9C46-F5C3E4ADCBD7}\RP18\A0020150.exe/Stream/data0002/EXE-file Infected: Trojan-Downloader.Win32.Agent.gn skipped
C:\System Volume Information\_restore{CD45504F-D983-486E-9C46-F5C3E4ADCBD7}\RP18\A0020150.exe/Stream/data0002 Infected: Trojan-Downloader.Win32.Agent.gn skipped
C:\System Volume Information\_restore{CD45504F-D983-486E-9C46-F5C3E4ADCBD7}\RP18\A0020150.exe/Stream Infected: Trojan-Downloader.Win32.Agent.gn skipped
C:\System Volume Information\_restore{CD45504F-D983-486E-9C46-F5C3E4ADCBD7}\RP18\A0020150.exe Inno: infected - 3 skipped
C:\System Volume Information\_restore{CD45504F-D983-486E-9C46-F5C3E4ADCBD7}\RP2\A0007079.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.apn skipped
C:\System Volume Information\_restore{CD45504F-D983-486E-9C46-F5C3E4ADCBD7}\RP2\A0007080.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.apn skipped
C:\System Volume Information\_restore{CD45504F-D983-486E-9C46-F5C3E4ADCBD7}\RP2\A0007082.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.apn skipped
C:\System Volume Information\_restore{CD45504F-D983-486E-9C46-F5C3E4ADCBD7}\RP20\change.log Object is locked skipped
C:\System Volume Information\_restore{CD45504F-D983-486E-9C46-F5C3E4ADCBD7}\RP7\A0012398.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\unzipped\halo2xp_v0.3\halo2xp_v0.3\INSTALL\cmdow.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped
C:\WINDOWS\bundles\bs5-goodyr1.exe/data0002 Infected: not-a-virus:AdWare.Win32.BookedSpace.c skipped
C:\WINDOWS\bundles\bs5-goodyr1.exe NSIS: infected - 1 skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Fonts\a.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\a.zip ZIP: infected - 1 skipped

C:\WINDOWS\system32\fseihnof.exe Infected: Trojan-Proxy.Win32.Agent.l skipped

C:\WINDOWS\system32\in10b6s.dll Infected: Trojan-Dropper.Win32.Small.jz skipped

G:\Cradle of Rome\CradleOfRome.exe Infected: Trojan-Dropper.Win32.Delf.xo skipped
G:\Program Files\Cradle of Rome\CradleOfRome.exe Infected: Trojan-Dropper.Win32.Delf.xo skipped
G:\unzipped\Bigfish Games - Cradle of Rome + Crack {DanManInSane}\Bigfish Games - Cradle of Rome + Crack {DanManInSane}\CRACK\CradleOfRome.exe Infected: Trojan-Dropper.Win32.Delf.xo skipped
G:\unzipped\Bigfish Games - Cradle of Rome + Crack {DanManInSane}\Bigfish Games - Cradle of Rome + Crack {DanManInSane}\Cradle of Rome Installer.exe Infected: Trojan-Dropper.Win32.Delf.xo skipped

Additionally, the HiJackThis report is as follows:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:13:00 PM, on 12/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
G:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\SEC\MagicTune3.6_Client_pivot\GammaTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SansaDispatch] G:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~2\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [28cd6fbb] rundll32.exe "C:\WINDOWS\system32\onfntpat.dll",b
O4 - HKCU\..\RunOnce: [] C:\Program Files\Mozilla Firefox\firefox.exe http://www.symantec.com/techsupp/servlet/ProductMessages?module=2007&error=0&language=en&product=SymNRT&version=2008.0.1.19&build=Symantec&a=00000082.00000007.0000000f&b=00000082.00000016.00000023&c=00000082.00000020.0000004c&d=00000082.00000021.0000004d&e=00000082.00000096.000001d8
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: MagicTune3.6.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - ?p=ZNfox000
O8 - Extra context menu item: Download all with Free Download Manager - file://F:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://F:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://F:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: FlashFetcher - {07174FC7-B4C1-4643-9C03-B4D2148EB057} - C:\WINDOWS\system32\SHDOCVW.dll
O9 - Extra 'Tools' menuitem: FlashFetcher - {07174FC7-B4C1-4643-9C03-B4D2148EB057} - C:\WINDOWS\system32\SHDOCVW.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Michael Cozine\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ControlInstaller Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {4EC99A0B-E57C-4FBE-B9C4-8428424FBF88} (McciUtilsSpecialFolder Class) - http://supportcenter.verizon.net/euserv/jsp/VOLAWeb.cab
O16 - DPF: {53406295-12AB-4F49-824A-C5EAD19365DE} (CHSInstaller Class) - http://www.compaq.com/athome/support/PCHInstallTrust01.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/19a485a73091124c8e03/netzip/RdxIE601.cab
O16 - DPF: {5CE8C9BE-B561-4311-8C03-D6F6C1CAF7E1} (CSND_AX.ctlCSND_AX) - http://wwss1pro.compaq.com/support/sndetect/CSND_AX.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159064994889
O16 - DPF: {64D01C7F-810D-446E-A07E-365764235644} (AtlAtomadersCtlAttrib Class) - http://kraisoft.com/files/realone/atomaders.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148231912109
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partners/verizon/bounce/install.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.15.40/ttinst.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includes/MotivePreQual.cab
O16 - DPF: {C8A88E8D-9D33-4F01-80EC-E558545C0A9E} (Detector Class) - http://www.optimumonline.com/downloads/xdetector.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://anu.popcap.com/games/popcaploader_v5.cab
O16 - DPF: {E123BED4-B8C7-42BB-958F-F13CA77EF95D} (Anark Client ActiveX Control) - http://install.anark.com/client/version2/windows-ie/en/AMClient.cab
O16 - DPF: {E6B72B91-7AC8-42A3-9545-A38C12700F6B} (JamagicCtl Class) - http://www.clickteam.com/~webftp/files/Jamagic/jamagic.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://www29.compaq.com/falco/SysQuery.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15033/CTPID.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: szjquequxajw (MsUpdate6) - Unknown owner - C:\WINDOWS\System32\msupd6.exe (file missing)
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Digital Home 8\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe
O24 - Desktop Component 0: (no name) - http://www.lego.com/bionicle/images/extras/screensavers/img100x65ss_nuhvok.gif
O24 - Desktop Component 1: (no name) - http://www.sonic-gif.com/images/img-sz/sonic/ani/3d/sonic-wow.gif
O24 - Desktop Component 2: (no name) - http://www.lego.com/upload/contentTemplating/LEGOFactory-Content-Winners/images/2057/pic5595CF5A-4737-4A59-B501-7423420D123B.jpg

--
End of file - 13180 bytes

Any examination of these reports and possible solution to my problems would be greatly appreciated. As is stands now, my PC is practically unusable due to all the delays and popups.
Mr_JAk3
2007-12-09, 11:50
Hello sgtmike44 and welcome to the Forums :)

One or more of the identified infections steal information. If this system is used for online banking or has credit card information on it, all passwords should be changed immediately by using a different computer (not the infected one!) to make the changes. Banking and credit card institutions, if any, should be notified of the possible security breech. I suggest that you read this (http://www.dslreports.com/faq/10451) article too.

Rename HijackThis.exe to skanneri.exe by doing the following;

Navigate here using Windows Explorer (windows button + E) or My Computer Local Disk C: C:\Program Files\Trend Micro\HijackThis
Right-click on the HijackThis.exe
Choose from the pull-down menu; "Rename"
And now Rename HijackThis.exe to skanneri.exe


Download SDFix (http://downloads.andymanchesta.com/RemovalTools/SDFix.zip) and save it to your desktop.

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

In Safe Mode, right click the SDFix.zip folder and choose Extract All,
Open the extracted folder and double click RunThis.bat to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log
sgtmike44
2007-12-09, 22:15
Thanks for your assistance

The result of SDfix are as follows:

SDFix: Version 1.117

Run by Michael Cozine on Sun 12/09/2007 at 01:20 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\DOCUME~1\MICHAE~1\Desktop\SDFix\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\HALO_M~1.EXE - Deleted
C:\WINDOWS\system32\drivers\etc\hosts.bho - Deleted
C:\WINDOWS\Fonts\*.zip - 1 File(s) 637,946 bytes - Deleted




Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

And, the new HJT reports is:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:05:09 PM, on 12/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
G:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SansaDispatch] G:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~2\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [28cd6fbb] rundll32.exe "C:\WINDOWS\system32\sjkiyvic.dll",b
O4 - HKCU\..\RunOnce: [] C:\Program Files\Mozilla Firefox\firefox.exe http://www.symantec.com/techsupp/servlet/ProductMessages?module=2007&error=0&language=en&product=SymNRT&version=2008.0.1.19&build=Symantec&a=00000082.00000007.0000000f&b=00000082.00000016.00000023&c=00000082.00000020.0000004c&d=00000082.00000021.0000004d&e=00000082.00000096.000001d8
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: MagicTune3.6.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - ?p=ZNfox000
O8 - Extra context menu item: Download all with Free Download Manager - file://F:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://F:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://F:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: FlashFetcher - {07174FC7-B4C1-4643-9C03-B4D2148EB057} - C:\WINDOWS\system32\SHDOCVW.dll
O9 - Extra 'Tools' menuitem: FlashFetcher - {07174FC7-B4C1-4643-9C03-B4D2148EB057} - C:\WINDOWS\system32\SHDOCVW.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Michael Cozine\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {4EC99A0B-E57C-4FBE-B9C4-8428424FBF88} (McciUtilsSpecialFolder Class) - http://supportcenter.verizon.net/euserv/jsp/VOLAWeb.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159064994889
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148231912109
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.15.40/ttinst.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includes/MotivePreQual.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: szjquequxajw (MsUpdate6) - Unknown owner - C:\WINDOWS\System32\msupd6.exe (file missing)
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Digital Home 8\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe
O24 - Desktop Component 0: (no name) - http://www.lego.com/bionicle/images/extras/screensavers/img100x65ss_nuhvok.gif
O24 - Desktop Component 1: (no name) - http://www.sonic-gif.com/images/img-sz/sonic/ani/3d/sonic-wow.gif
O24 - Desktop Component 2: (no name) - http://www.lego.com/upload/contentTemplating/LEGOFactory-Content-Winners/images/2057/pic5595CF5A-4737-4A59-B501-7423420D123B.jpg

--
End of file - 10715 bytes

My system stills runs incredibly slow...about 25-30 mins. from Welcome screen before I can actually do something. I haven't seen any pop-ups but I've only been on the machine long enough to follow your instructions. Any help with that?
sgtmike44
2007-12-10, 04:48
After further working with my PC, the Pop-Ups continue to occur and Firefox keeps crashing.
Mr_JAk3
2007-12-10, 19:18
Ok we'll continue...

Rename HijackThis.exe to skanneri.exe by doing the following;

Navigate here using Windows Explorer (windows button + E) or My Computer Local Disk C: C:\Program Files\Trend Micro\HijackThis
Right-click on the HijackThis.exe
Choose from the pull-down menu; "Rename"
And now Rename HijackThis.exe to skanneri.exe

1. Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply along with a fresh HijacKThis log

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
sgtmike44
2007-12-11, 07:11
I'm not sure what it did, but ComboFix certainly sped up my machine. System Startup to Windows Welcome screen = about 2.5 minutes (this still seems pretty slow). Windows Welcome screen to full PC usability = about 2 minutes. Explorer seems to hang a little bit still.

Here are the logs you requested:

ComboFix 07-12-09.1 - Michael Cozine 2007-12-10 23:59:54.1 - NTFSx86
Running from: C:\Documents and Settings\Michael Cozine\Desktop\ComboFix\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Michael Cozine\Application Data\Sskdmns.dll
C:\WINDOWS\bundles
C:\WINDOWS\bundles\bs5-goodyr1.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\bdeeg.ini
C:\WINDOWS\system32\bdeeg.ini2
C:\WINDOWS\system32\bpqtgmwd.ini
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\civyikjs.ini
C:\WINDOWS\system32\dwmgtqpb.dll
C:\WINDOWS\system32\ffdbtqvn.dll
C:\WINDOWS\system32\garwawtu.ini
C:\WINDOWS\system32\geedb.dll
C:\WINDOWS\system32\nvaduwko.dll
C:\WINDOWS\system32\ohdswbvw.dll
C:\WINDOWS\system32\okwudavn.ini
C:\WINDOWS\system32\onfntpat.dll
C:\WINDOWS\system32\pgwmxmui.dll
C:\WINDOWS\system32\qmgntkhl.dll
C:\WINDOWS\system32\rluysfgt.dll
C:\WINDOWS\system32\sjkiyvic.dll
C:\WINDOWS\system32\taptnfno.ini
C:\WINDOWS\system32\utwawrag.dll

.
((((((((((((((((((((((((( Files Created from 2007-11-11 to 2007-12-11 )))))))))))))))))))))))))))))))
.

2007-12-09 22:22 . 2003-12-11 11:15 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll
2007-12-09 22:22 . 2003-12-11 11:15 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll
2007-12-09 22:22 . 2003-12-11 11:15 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll
2007-12-09 22:22 . 2003-12-11 11:15 44,544 -ra------ C:\WINDOWS\system32\MSXML4a.dll
2007-12-09 22:21 . 2007-12-09 22:24 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-12-09 22:20 . 2007-12-09 22:21 <DIR> d-------- C:\Program Files\HP
2007-12-09 22:17 . 2007-12-09 22:26 72,850 --a------ C:\WINDOWS\hpdj5700.his
2007-12-09 22:17 . 2007-12-09 22:26 7,262 --a------ C:\WINDOWS\hpdj5700.ini
2007-12-09 22:16 . 2007-12-09 22:16 1,531 --a------ C:\WINDOWS\hpbvspst.his
2007-12-09 22:16 . 2007-12-09 22:16 414 --a------ C:\WINDOWS\hpbvspst.ini
2007-12-09 21:47 . 2007-12-09 21:47 <DIR> d--h-c--- C:\BJPrinter
2007-12-09 21:39 . 2007-12-09 21:39 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2007-12-09 21:39 . 2005-03-08 18:17 90,112 --a------ C:\WINDOWS\system32\CNMCP47.exe
2007-12-09 20:40 . 2005-03-08 18:17 90,112 --a------ C:\WINDOWS\system32\cnm1CE.tmp
2007-12-09 20:23 . 2002-06-12 11:48 73,728 -ra------ C:\WINDOWS\system32\cnm171.tmp
2007-12-09 19:51 . 2002-06-12 11:48 73,728 -ra------ C:\WINDOWS\system32\cnm84.tmp
2007-12-09 19:47 . 2002-06-12 11:48 73,728 -ra------ C:\WINDOWS\system32\cnm5D.tmp
2007-12-09 18:03 . 2002-06-12 11:48 73,728 -ra------ C:\WINDOWS\system32\cnm2F.tmp
2007-12-09 17:54 . 2002-06-17 00:00 87,552 --a------ C:\WINDOWS\system32\CNMLM47.DLL
2007-12-09 17:54 . 2002-06-17 00:00 5,632 --a------ C:\WINDOWS\system32\CNMVS47.DLL
2007-12-09 13:18 . 2007-12-09 13:18 <DIR> d-------- C:\WINDOWS\ERUNT
2007-12-07 13:20 . 2007-12-09 00:03 534 ---hs---- C:\WINDOWS\system32\vykuyjtk.ini
2007-12-07 12:11 . 2007-12-09 16:04 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-06 09:43 . 2007-12-07 12:05 774 --ahs---- C:\WINDOWS\system32\pjnftbso.ini
2007-12-06 08:43 . 2007-12-06 08:43 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-06 08:43 . 2007-12-06 08:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-05 09:43 . 2007-12-06 08:07 594 --ahs---- C:\WINDOWS\system32\cylkeotx.ini
2007-12-05 08:43 . 2007-12-05 08:43 294 --ahs---- C:\WINDOWS\system32\ojfevgad.ini
2007-12-04 01:14 . 2007-12-05 08:43 354 ---hs---- C:\WINDOWS\system32\vjtiwfjh.ini
2007-12-03 15:13 . 2007-12-11 00:23 31,056 --a------ C:\WINDOWS\system32\BMXStateBkp-{00000000-00000000-0000000A-00001102-00000004-20021102}.rfx
2007-12-03 15:13 . 2007-12-11 00:23 31,056 --a------ C:\WINDOWS\system32\BMXState-{00000000-00000000-0000000A-00001102-00000004-20021102}.rfx
2007-12-03 15:13 . 2007-12-11 00:23 1,080 --a------ C:\WINDOWS\system32\settingsbkup.sfm
2007-12-03 15:13 . 2007-12-11 00:23 1,080 --a------ C:\WINDOWS\system32\settings.sfm
2007-12-03 15:13 . 2007-12-11 00:23 384 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000000-00000000-0000000A-00001102-00000004-20021102}.dat
2007-12-03 15:13 . 2007-12-11 00:23 384 --a------ C:\WINDOWS\system32\DVCState-{00000000-00000000-0000000A-00001102-00000004-20021102}.dat
2007-12-03 13:43 . 2007-12-11 00:23 30,528 --a------ C:\WINDOWS\system32\BMXCtrlState-{00000000-00000000-0000000A-00001102-00000004-20021102}.rfx
2007-12-03 13:43 . 2007-12-11 00:23 30,528 --a------ C:\WINDOWS\system32\BMXBkpCtrlState-{00000000-00000000-0000000A-00001102-00000004-20021102}.rfx
2007-12-03 13:41 . 2003-12-25 22:53 43,517 --a------ C:\WINDOWS\system32\e10kxwdm.ini
2007-12-03 13:28 . 2007-12-07 09:09 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-03 13:28 . 2007-12-03 13:28 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-03 12:00 . 2007-12-03 13:52 1,073,307,648 --a------ C:\WINDOWS\MEMORY.DMP
2007-12-03 11:36 . 2001-08-23 07:00 113,222 --a--c--- C:\WINDOWS\system32\dllcache\zoneclim.dll
2007-12-03 11:36 . 2001-08-23 07:00 41,029 --a--c--- C:\WINDOWS\system32\dllcache\zcorem.dll
2007-12-03 11:36 . 2001-08-23 07:00 36,937 --a--c--- C:\WINDOWS\system32\dllcache\zclientm.exe
2007-12-03 11:36 . 2001-08-23 07:00 29,760 --a--c--- C:\WINDOWS\system32\dllcache\znetm.dll
2007-12-03 11:36 . 2001-08-23 07:00 13,894 --a--c--- C:\WINDOWS\system32\dllcache\zonelibm.dll
2007-12-03 11:36 . 2001-08-23 07:00 4,677 --a--c--- C:\WINDOWS\system32\dllcache\zeeverm.dll
2007-12-03 11:35 . 2004-08-03 23:56 363,520 --a--c--- C:\WINDOWS\system32\dllcache\w3svc.dll
2007-12-03 11:35 . 2004-08-03 23:56 76,800 --a--c--- C:\WINDOWS\system32\dllcache\wam51.dll
2007-12-03 11:35 . 2001-08-23 07:00 73,728 --a--c--- C:\WINDOWS\system32\dllcache\w3ext.dll
2007-12-03 11:35 . 2004-08-03 23:56 53,248 --a--c--- C:\WINDOWS\system32\dllcache\wamreg51.dll
2007-12-03 11:35 . 2001-08-23 07:00 48,256 --a--c--- C:\WINDOWS\system32\dllcache\w32.dll
2007-12-03 11:35 . 2001-08-23 07:00 41,600 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.dll
2007-12-03 11:35 . 2001-08-23 07:00 31,232 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.sys
2007-12-03 11:35 . 2001-08-23 07:00 9,216 --a--c--- C:\WINDOWS\system32\dllcache\wamps51.dll
2007-12-03 11:35 . 2001-08-23 07:00 5,632 --a--c--- C:\WINDOWS\system32\dllcache\w3svapi.dll
2007-12-03 11:35 . 2001-08-23 07:00 4,608 --a--c--- C:\WINDOWS\system32\dllcache\w3ctrs51.dll
2007-12-03 11:33 . 2001-08-23 07:00 753,236 --a--c--- C:\WINDOWS\system32\dllcache\rvseres.dll
2007-12-03 11:32 . 2001-08-23 07:00 111,104 --a--c--- C:\WINDOWS\system32\dllcache\mtstocom.exe
2007-12-03 11:32 . 2001-08-23 07:00 53,248 --a--c--- C:\WINDOWS\system32\dllcache\nextlink.dll
2007-12-03 11:32 . 2004-08-03 23:56 44,544 --a--c--- C:\WINDOWS\system32\dllcache\nsepm.dll
2007-12-03 11:32 . 2001-08-17 22:36 38,912 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_ntfsdrv.dll
2007-12-03 11:30 . 2001-08-23 07:00 10,096,640 --a--c--- C:\WINDOWS\system32\dllcache\hwxcht.dll
2007-12-03 11:29 . 2004-08-03 23:56 562,176 --a--c--- C:\WINDOWS\system32\dllcache\fxsst.dll
2007-12-03 11:28 . 2001-08-23 07:00 1,817,687 --a--c--- C:\WINDOWS\system32\dllcache\bckgres.dll
2007-12-03 11:27 . 2004-08-03 23:56 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll
2007-12-03 11:26 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll
2007-12-03 11:18 . 2007-12-03 11:18 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2007-12-03 11:17 . 2007-12-03 11:17 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2007-12-03 11:17 . 2007-12-03 11:17 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2007-12-03 11:17 . 2007-12-03 11:17 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2007-12-03 11:17 . 2007-12-03 11:17 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2007-12-03 11:17 . 2007-12-03 11:17 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2007-12-03 10:50 . 2004-08-03 22:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2007-12-03 10:42 . 2001-08-23 07:00 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-12-03 10:42 . 2001-08-23 07:00 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
2007-12-03 10:42 . 2001-08-23 07:00 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-12-03 10:42 . 2001-08-23 07:00 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
2007-12-03 00:13 . 2007-12-03 00:14 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-12-03 00:05 . 2007-12-03 00:09 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-12-01 09:19 . 2007-12-02 12:23 781,124 --ahs---- C:\WINDOWS\system32\huicpmrp.ini
2007-11-30 23:57 . 2007-11-30 23:57 317,616 --a------ C:\WINDOWS\system32\drivers\srtspl.sys
2007-11-30 23:57 . 2007-11-30 23:57 279,088 --a------ C:\WINDOWS\system32\drivers\srtsp.sys
2007-11-30 23:57 . 2007-11-30 23:57 43,696 --a------ C:\WINDOWS\system32\drivers\srtspx.sys
2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\WINDOWS\system32\drivers\srtspx.cat
2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\WINDOWS\system32\drivers\srtspl.cat
2007-11-30 23:57 . 2007-11-30 23:57 10,545 --a------ C:\WINDOWS\system32\drivers\srtsp.cat
2007-11-30 23:57 . 2007-11-30 23:57 1,430 --a------ C:\WINDOWS\system32\drivers\srtspl.inf
2007-11-30 23:57 . 2007-11-30 23:57 1,421 --a------ C:\WINDOWS\system32\drivers\srtspx.inf
2007-11-30 23:57 . 2007-11-30 23:57 1,415 --a------ C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-30 02:24 . 2007-03-24 11:50 1,765 --a--c--- C:\Adobe Reader Speed Launch.lnk
2007-11-30 00:51 . 2007-11-30 00:51 <DIR> d-------- C:\Program Files\AviSynth 2.5
2007-11-30 00:51 . 2004-02-22 10:11 719,872 --a------ C:\WINDOWS\system32\devil.dll
2007-11-30 00:51 . 2006-10-07 17:43 502,784 --a------ C:\WINDOWS\x2.64.exe
2007-11-30 00:51 . 2007-05-14 15:24 394,240 --a------ C:\WINDOWS\system32\Smab.dll
2007-11-30 00:51 . 2007-05-17 17:30 318,976 --a------ C:\WINDOWS\system32\avisynth.dll
2007-11-30 00:51 . 2005-02-28 13:16 240,128 --a------ C:\WINDOWS\system32\x.264.exe
2007-11-30 00:51 . 2006-04-12 09:47 217,073 --a------ C:\WINDOWS\meta4.exe
2007-11-30 00:51 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\i420vfw.dll
2007-11-30 00:51 . 2006-04-05 08:09 66,560 --a------ C:\WINDOWS\MOTA113.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-11 04:05 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-09 05:27 --------- d-----w C:\Program Files\Incomplete
2007-12-08 21:18 --------- d-----w C:\Program Files\LimeWire
2007-12-08 21:15 --------- d-----w C:\Program Files\CinemaForge
2007-12-03 18:29 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-29 18:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-11-29 16:11 --------- d-----w C:\Documents and Settings\Michael Cozine\Application Data\U3
2007-11-27 07:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-23 06:20 --------- d-----w C:\Program Files\Lavasoft
2007-11-21 05:40 --------- d-----w C:\Program Files\PMStitch20
2007-11-20 05:50 --------- d-----w C:\Documents and Settings\Michael Cozine\Application Data\Symantec
2007-11-19 16:53 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-19 02:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-11-18 20:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-18 20:45 --------- d-----w C:\Program Files\Common Files\AOL
2007-11-10 05:58 --------- d-----w C:\Program Files\Viewpoint
2007-11-10 05:01 --------- d-----w C:\Program Files\ACW
2007-11-10 02:38 --------- d-----w C:\Program Files\Microsoft Picture It! PhotoPub
2007-11-09 18:41 --------- d-----w C:\Program Files\Bonjour
2007-11-09 18:18 --------- d-----w C:\Program Files\Giant
2007-11-08 18:09 --------- d-----w C:\Program Files\Common Files\ATI
2007-11-08 18:09 --------- d-----w C:\Program Files\ATI Multimedia
2007-11-08 18:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI MMC
2007-11-02 16:58 --------- d-----w C:\Documents and Settings\LocalService\Application Data\EarthLink Toolbar
2007-11-02 16:57 --------- d-----w C:\Program Files\Common Files\Viewpoint
2007-10-25 18:29 1,558,280 ----a-w C:\WINDOWS\screengenie.scr
2007-10-24 02:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-10-22 01:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2007-10-21 22:41 --------- d-----w C:\Program Files\GameSpy Arcade
2007-10-17 20:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-10-14 22:08 --------- d-----w C:\Program Files\Total Video Player
2007-10-13 23:08 --------- d-----w C:\Documents and Settings\Karen\Application Data\Symantec
2007-10-13 23:02 --------- d-----w C:\Documents and Settings\Michael Cozine\Application Data\Media Player Classic
2007-10-13 16:48 --------- d-----w C:\Documents and Settings\Michael Cozine\Application Data\ArcSoft
2007-10-13 16:11 --------- d-----w C:\Program Files\Common Files\ArcSoft
2007-10-13 13:43 --------- d-----w C:\Documents and Settings\Michael Cozine\Application Data\Microsoft Game Studios
2007-10-13 13:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Games
2007-10-11 16:47 --------- d-----w C:\Program Files\BFG
2007-03-15 21:27 4 ----a-w C:\Documents and Settings\All Users\Application Data\8CD6F142.DAT
2005-01-23 21:04 65,018 -c--a-w C:\Program Files\swin32.dll
2003-11-18 17:37 241,664 -c--a-w C:\Program Files\npmusicn.dll
2003-01-20 23:13 344 -c--a-w C:\Program Files\MIB2ROM.TXT
2007-06-11 02:20 64 -csha-r C:\WINDOWS\624CEA234027101A.bin
2007-01-30 00:04 104 --sha-r C:\WINDOWS\system32\9A0455F5B6.sys
2007-03-09 07:12 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
2006-05-03 09:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2007-01-30 00:04 3,350 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-02-21 10:47 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{009506E8-8CAD-4CA9-81D4-D815E7E4330A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2EED42F2-649D-4056-99F6-8A2872E80B54}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34D685B1-D2CC-9374-F7DE-779C1591D5EB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4472244A-6F82-4C97-B5E9-1D1CB9224A5E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-24 22:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2007-11-20 01:21 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8F2C9688-129E-4994-AD8D-E29825E6032C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B7B10C76-2114-0B7A-A22F-1623BC70D3EE}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 22:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 22:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"@"="C:\Program Files\Mozilla Firefox\firefox.exe" [2007-12-01 22:57]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 10:43]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2006-06-13 05:20]
"SansaDispatch"="G:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe" [2007-05-02 18:00]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-25 00:07]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-24 23:53]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~2\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 09:46]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-18 12:55]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2007-08-23 15:35]
sgtmike44
2007-12-11, 07:15
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-07-04 18:51:20]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
Color Calibration.lnk - C:\Program Files\SEC\MagicTune3.6_Client_pivot\GammaTray.exe [2006-06-12 16:15:38]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-09-25 18:29:32]
MagicTune3.6.lnk - C:\Program Files\SEC\MagicTune3.6_Client_pivot\MagicTuneTray.exe [2006-06-12 16:15:55]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NaturalColorLoad.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NaturalColorLoad.lnk
backup=C:\WINDOWS\pss\NaturalColorLoad.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Sonic CinePlayer Quick Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sonic CinePlayer Quick Launch.lnk
backup=C:\WINDOWS\pss\Sonic CinePlayer Quick Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Online Support Center.lnk]
backup=C:\WINDOWS\pss\Verizon Online Support Center.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Michael Cozine^Start Menu^Programs^Startup^GTVEpg.lnk.disabled]
path=C:\Documents and Settings\Michael Cozine\Start Menu\Programs\Startup\GTVEpg.lnk.disabled
backup=C:\WINDOWS\pss\GTVEpg.lnk.disabledStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Michael Cozine^Start Menu^Programs^Startup^GTVRec.lnk.disabled]
path=C:\Documents and Settings\Michael Cozine\Start Menu\Programs\Startup\GTVRec.lnk.disabled
backup=C:\WINDOWS\pss\GTVRec.lnk.disabledStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mikey^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Mikey\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mikey^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
path=C:\Documents and Settings\Mikey\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
backup=C:\WINDOWS\pss\RollerCoaster Tycoon 3 Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-09-25 09:12 90112 --a------ C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
2003-06-18 00:00 45056 --------- C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E6TaskPanel]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1134611018\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2002-05-15 05:20 114688 --a------ C:\WINDOWS\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
1998-05-07 18:04 52736 --a--c--- c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2002-05-15 05:29 155648 --a------ C:\WINDOWS\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
2001-08-18 07:00 44032 --a--c--- C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-09-26 13:42 267064 --a------ C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
c:\Program Files\Microsoft Works\WkDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 09:50 155648 --a------ C:\WINDOWS\System32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton SystemWorks]
C:\Program Files\Norton SystemWorks\cfgwiz.exe /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteCenter]
2003-10-08 16:35 139264 --a--c--- C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2006-06-13 22:58 167936 --a------ C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBDrvDet]
C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\srmclean]
2001-07-24 23:34 36864 --a------ C:\Cpqs\Scom\srmclean.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-03-04 03:36 36975 --a--c--- C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfSideKick 2]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 00:00 90112 --a------ C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VFC Drive Monitoring Agent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WCOLOREAL]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]
CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WT GameChannel]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XeroxScannerDaemon]
2001-08-17 22:37 27648 --a------ C:\Program Files\Xerox\NWWia\XrxFTPLt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service"=2 (0x2)
"LightScribeService"=2 (0x2)
"iPod Service"=3 (0x3)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Jet Detection"=C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
"Microsoft Works Update Detection"=c:\Program Files\Microsoft Works\WkDetect.exe
"ao2nRRK6S"=cnbax2.exe
"RemoteCenter"=C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
"RemoteControl"=
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
"ATI DeviceDetect"=C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
"Creative MediaSource Go"="C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" /SCB
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"ATI Launchpad"="C:\Program Files\ATI Multimedia\main\LaunchPd.exe"
"ATI Scheduler"=C:\Program Files\ATI Multimedia\main\ATISched.EXE
"AlcoholAutomount"="G:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
"Aim6"=
"<NO NAME>"=
"ATI Remote Control"="C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE
"zBrowser Launcher"=C:\PROGRA~1\Logitech\iTouch\iTouch.exe
"Motive SmartBridge"=C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
"CTHelper"=CTHELPER.EXE
"SSC_UserPrompt"=C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"ViewMgr"=C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
"RemoteCenter"=
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
R2 SVKP;SVKP;\??\C:\WINDOWS\system32\SVKP.sys
R3 Ausbflt;Ausbflt;C:\WINDOWS\system32\Drivers\Ausbflt.sys
R3 kbdcap;kbdcap;C:\WINDOWS\system32\drivers\kbdcap.sys
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
S2 MsUpdate6;szjquequxajw;C:\WINDOWS\System32\msupd6.exe
S3 A4S2600;A4S2600;C:\WINDOWS\system32\drivers\A4S2600.sys
S3 COH_Mon;COH_Mon;\??\C:\WINDOWS\system32\Drivers\COH_Mon.sys
S3 IKStealthPlug;IK Multimedia StealthPlug Low-Level Driver;C:\WINDOWS\system32\Drivers\IKStealthPlugLL.sys
S3 iMSPCLOj;iMSPCLOj;\??\C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\iMSPCLOj.sys
S3 kqgthjvq;kqgthjvq;C:\WINDOWS\system32\drivers\kqgthjvq.sys
S3 L6DP;L6DP;C:\WINDOWS\system32\Drivers\l6dp.sys
S3 PPJoyBus;Parallel Port Joystick Bus device driver;C:\WINDOWS\system32\drivers\PPJoyBus.sys
S3 PPortJoystick;Parallel Port Joystick device driver;C:\WINDOWS\system32\drivers\PPortJoy.sys
S3 samhid;samhid;C:\WINDOWS\system32\drivers\samhid.sys
S3 StMp3Rec;Player Recovery Device Control Driver;C:\WINDOWS\system32\Drivers\StMp3Rec.sys
S3 STV673;STV0673 Camera;C:\WINDOWS\system32\drivers\STV673.sys
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys
S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem;C:\WINDOWS\system32\DRIVERS\usb8023.sys
S3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys
S3 XDva006;XDva006;\??\C:\WINDOWS\system32\XDva006.sys
S3 xozykxlp;xozykxlp;C:\WINDOWS\system32\drivers\xozykxlp.sys
S4 lkbdhlpr;Logitech Keyboard Class Helper Driver;C:\WINDOWS\system32\Drivers\lkbdhlpr.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-12-11 01:00:12 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Michael Cozine.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.2180]
-> C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\awgkgeqwUTER.dll
.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-11 00:28:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-12-11 0:38:04 - machine was rebooted
.
--- E O F ---
sgtmike44
2007-12-11, 07:19
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:51:49 AM, on 12/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
G:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\SEC\MagicTune3.6_Client_pivot\GammaTray.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HiJackThis\skanneri.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
O2 - BHO: IEByteRange - {009506E8-8CAD-4CA9-81D4-D815E7E4330A} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: FlashFetcher - {16E8A050-74CE-43D5-8DC0-BADD7347B2DD} - (no file)
O2 - BHO: (no name) - {2EED42F2-649D-4056-99F6-8A2872E80B54} - (no file)
O2 - BHO: (no name) - {34D685B1-D2CC-9374-F7DE-779C1591D5EB} - (no file)
O2 - BHO: (no name) - {4472244A-6F82-4C97-B5E9-1D1CB9224A5E} - (no file)
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: EarthLink ScamBlocker V2 - {66252F33-BE30-4188-9199-63F2AC8BA137} - C:\Program Files\EarthLink TotalAccess\EScamBlk.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {8F2C9688-129E-4994-AD8D-E29825E6032C} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: (no name) - {B7B10C76-2114-0B7A-A22F-1623BC70D3EE} - (no file)
O2 - BHO: (no name) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - (no file)
O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SansaDispatch] G:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~2\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKCU\..\RunOnce: [] C:\Program Files\Mozilla Firefox\firefox.exe http://www.symantec.com/techsupp/servlet/ProductMessages?module=2007&error=0&language=en&product=SymNRT&version=2008.0.1.19&build=Symantec&a=00000082.00000007.0000000f&b=00000082.00000016.00000023&c=00000082.00000020.0000004c&d=00000082.00000021.0000004d&e=00000082.00000096.000001d8
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: MagicTune3.6.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - ?p=ZNfox000
O8 - Extra context menu item: Download all with Free Download Manager - file://F:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://F:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://F:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: FlashFetcher - {07174FC7-B4C1-4643-9C03-B4D2148EB057} - C:\WINDOWS\system32\SHDOCVW.dll
O9 - Extra 'Tools' menuitem: FlashFetcher - {07174FC7-B4C1-4643-9C03-B4D2148EB057} - C:\WINDOWS\system32\SHDOCVW.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Michael Cozine\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {4EC99A0B-E57C-4FBE-B9C4-8428424FBF88} (McciUtilsSpecialFolder Class) - http://supportcenter.verizon.net/euserv/jsp/VOLAWeb.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159064994889
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148231912109
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.15.40/ttinst.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includes/MotivePreQual.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: szjquequxajw (MsUpdate6) - Unknown owner - C:\WINDOWS\System32\msupd6.exe (file missing)
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Digital Home 8\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe
O24 - Desktop Component 0: (no name) - http://www.lego.com/bionicle/images/extras/screensavers/img100x65ss_nuhvok.gif
O24 - Desktop Component 1: (no name) - http://www.sonic-gif.com/images/img-sz/sonic/ani/3d/sonic-wow.gif
O24 - Desktop Component 2: (no name) - http://www.lego.com/upload/contentTemplating/LEGOFactory-Content-Winners/images/2057/pic5595CF5A-4737-4A59-B501-7423420D123B.jpg

--
End of file - 13050 bytes

Note: I ran Spybot again earlier today and it detected Virtumonde again. Could ComboFix have removed it? I also noted that Windows Explorer hangs for a few seconds.


Thank you for continued assistance,

Mike
Mr_JAk3
2007-12-11, 20:58
Hi, not clean yet...

Open notepad and copy/paste the text in the quotebox below into it:


File::
C:\WINDOWS\system32\vykuyjtk.ini
C:\WINDOWS\system32\pjnftbso.ini
C:\WINDOWS\system32\cylkeotx.ini
C:\WINDOWS\system32\ojfevgad.ini
C:\WINDOWS\system32\vjtiwfjh.ini
C:\WINDOWS\system32\huicpmrp.ini
C:\Program Files\swin32.dll
C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\awgkgeqwUTER.dll
C:\WINDOWS\System32\msupd6.exe
C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\iMSPCLOj.sys
C:\WINDOWS\system32\drivers\kqgthjvq.sys
C:\WINDOWS\system32\drivers\xozykxlp.sys

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{009506E8-8CAD-4CA9-81D4-D815E7E4330A}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2EED42F2-649D-4056-99F6-8A2872E80B54}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34D685B1-D2CC-9374-F7DE-779C1591D5EB}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4472244A-6F82-4C97-B5E9-1D1CB9224A5E}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8F2C9688-129E-4994-AD8D-E29825E6032C}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B7B10C76-2114-0B7A-A22F-1623BC70D3EE}]

Driver::
MsUpdate6
iMSPCLOj
kqgthjvq
xozykxlp






Save this as "CFScript"

http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
sgtmike44
2007-12-12, 07:11
ComboFix 07-12-09.1 - Michael Cozine 2007-12-12 0:11:55.2 - NTFSx86
Running from: C:\Documents and Settings\Michael Cozine\Desktop\ComboFix\ComboFix.exe
Command switches used :: C:\Documents and Settings\Michael Cozine\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\awgkgeqwUTER.dll
C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\iMSPCLOj.sys
C:\Program Files\swin32.dll
C:\WINDOWS\system32\cylkeotx.ini
C:\WINDOWS\system32\drivers\kqgthjvq.sys
C:\WINDOWS\system32\drivers\xozykxlp.sys
C:\WINDOWS\system32\huicpmrp.ini
C:\WINDOWS\System32\msupd6.exe
C:\WINDOWS\system32\ojfevgad.ini
C:\WINDOWS\system32\pjnftbso.ini
C:\WINDOWS\system32\vjtiwfjh.ini
C:\WINDOWS\system32\vykuyjtk.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\swin32.dll
C:\WINDOWS\system32\cylkeotx.ini
C:\WINDOWS\system32\huicpmrp.ini
C:\WINDOWS\system32\ojfevgad.ini
C:\WINDOWS\system32\pjnftbso.ini
C:\WINDOWS\system32\vjtiwfjh.ini
C:\WINDOWS\system32\vykuyjtk.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_KQGTHJVQ
-------\LEGACY_MSUPDATE6
-------\LEGACY_XOZYKXLP
-------\iMSPCLOj
-------\kqgthjvq
-------\MsUpdate6
-------\xozykxlp


((((((((((((((((((((((((( Files Created from 2007-11-12 to 2007-12-12 )))))))))))))))))))))))))))))))
.

2007-12-12 00:00 . 2007-12-12 00:00 <DIR> d-------- C:\Documents and Settings\Michael Cozine\Application Data\DivX
2007-12-11 23:55 . 2007-12-11 23:55 <DIR> d----c--- C:\divx
2007-12-11 23:48 . 2007-12-04 13:38 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-12-11 23:48 . 2007-12-04 13:38 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-12-11 17:34 . 2007-12-11 17:34 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-12-11 17:34 . 2007-12-11 17:34 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-12-11 02:25 . 2007-12-11 02:32 <DIR> d-------- C:\Program Files\HT MPEG Encoder 7.0 Shareware
2007-12-09 22:22 . 2003-12-11 11:15 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll
2007-12-09 22:22 . 2003-12-11 11:15 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll
2007-12-09 22:22 . 2003-12-11 11:15 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll
2007-12-09 22:22 . 2003-12-11 11:15 44,544 -ra------ C:\WINDOWS\system32\MSXML4a.dll
2007-12-09 22:21 . 2007-12-09 22:24 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-12-09 22:20 . 2007-12-09 22:21 <DIR> d-------- C:\Program Files\HP
2007-12-09 22:17 . 2007-12-09 22:26 72,850 --a------ C:\WINDOWS\hpdj5700.his
2007-12-09 22:17 . 2007-12-09 22:26 7,262 --a------ C:\WINDOWS\hpdj5700.ini
2007-12-09 22:16 . 2007-12-09 22:16 1,531 --a------ C:\WINDOWS\hpbvspst.his
2007-12-09 22:16 . 2007-12-09 22:16 414 --a------ C:\WINDOWS\hpbvspst.ini
2007-12-09 21:47 . 2007-12-09 21:47 <DIR> d--h-c--- C:\BJPrinter
2007-12-09 21:39 . 2007-12-09 21:39 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2007-12-09 21:39 . 2005-03-08 18:17 90,112 --a------ C:\WINDOWS\system32\CNMCP47.exe
2007-12-09 20:40 . 2005-03-08 18:17 90,112 --a------ C:\WINDOWS\system32\cnm1CE.tmp
2007-12-09 20:23 . 2002-06-12 11:48 73,728 -ra------ C:\WINDOWS\system32\cnm171.tmp
2007-12-09 19:51 . 2002-06-12 11:48 73,728 -ra------ C:\WINDOWS\system32\cnm84.tmp
2007-12-09 19:47 . 2002-06-12 11:48 73,728 -ra------ C:\WINDOWS\system32\cnm5D.tmp
2007-12-09 18:03 . 2002-06-12 11:48 73,728 -ra------ C:\WINDOWS\system32\cnm2F.tmp
2007-12-09 17:54 . 2002-06-17 00:00 87,552 --a------ C:\WINDOWS\system32\CNMLM47.DLL
2007-12-09 17:54 . 2002-06-17 00:00 5,632 --a------ C:\WINDOWS\system32\CNMVS47.DLL
2007-12-09 13:18 . 2007-12-09 13:18 <DIR> d-------- C:\WINDOWS\ERUNT
2007-12-07 12:11 . 2007-12-09 16:04 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-06 08:43 . 2007-12-06 08:43 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-06 08:43 . 2007-12-06 08:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-04 13:38 . 2007-12-04 13:38 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-12-04 13:38 . 2007-12-04 13:38 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-12-04 13:38 . 2007-12-04 13:38 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2007-12-04 13:35 . 2007-12-04 13:35 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-04 13:35 . 2007-12-04 13:35 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-03 15:13 . 2007-12-12 00:23 31,056 --a------ C:\WINDOWS\system32\BMXStateBkp-{00000000-00000000-0000000A-00001102-00000004-20021102}.rfx
2007-12-03 15:13 . 2007-12-12 00:23 31,056 --a------ C:\WINDOWS\system32\BMXState-{00000000-00000000-0000000A-00001102-00000004-20021102}.rfx
2007-12-03 15:13 . 2007-12-12 00:23 1,080 --a------ C:\WINDOWS\system32\settingsbkup.sfm
2007-12-03 15:13 . 2007-12-12 00:23 1,080 --a------ C:\WINDOWS\system32\settings.sfm
2007-12-03 15:13 . 2007-12-12 00:23 384 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000000-00000000-0000000A-00001102-00000004-20021102}.dat
2007-12-03 15:13 . 2007-12-12 00:23 384 --a------ C:\WINDOWS\system32\DVCState-{00000000-00000000-0000000A-00001102-00000004-20021102}.dat
2007-12-03 13:43 . 2007-12-12 00:23 30,528 --a------ C:\WINDOWS\system32\BMXCtrlState-{00000000-00000000-0000000A-00001102-00000004-20021102}.rfx
2007-12-03 13:43 . 2007-12-12 00:23 30,528 --a------ C:\WINDOWS\system32\BMXBkpCtrlState-{00000000-00000000-0000000A-00001102-00000004-20021102}.rfx
2007-12-03 13:41 . 2003-12-25 22:53 43,517 --a------ C:\WINDOWS\system32\e10kxwdm.ini
2007-12-03 13:28 . 2007-12-07 09:09 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-03 13:28 . 2007-12-03 13:28 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-03 12:00 . 2007-12-03 13:52 1,073,307,648 --a------ C:\WINDOWS\MEMORY.DMP
2007-12-03 11:36 . 2001-08-23 07:00 113,222 --a--c--- C:\WINDOWS\system32\dllcache\zoneclim.dll
2007-12-03 11:36 . 2001-08-23 07:00 41,029 --a--c--- C:\WINDOWS\system32\dllcache\zcorem.dll
2007-12-03 11:36 . 2001-08-23 07:00 36,937 --a--c--- C:\WINDOWS\system32\dllcache\zclientm.exe
2007-12-03 11:36 . 2001-08-23 07:00 29,760 --a--c--- C:\WINDOWS\system32\dllcache\znetm.dll
2007-12-03 11:36 . 2001-08-23 07:00 13,894 --a--c--- C:\WINDOWS\system32\dllcache\zonelibm.dll
2007-12-03 11:36 . 2001-08-23 07:00 4,677 --a--c--- C:\WINDOWS\system32\dllcache\zeeverm.dll
2007-12-03 11:35 . 2004-08-03 23:56 363,520 --a--c--- C:\WINDOWS\system32\dllcache\w3svc.dll
2007-12-03 11:35 . 2004-08-03 23:56 76,800 --a--c--- C:\WINDOWS\system32\dllcache\wam51.dll
2007-12-03 11:35 . 2001-08-23 07:00 73,728 --a--c--- C:\WINDOWS\system32\dllcache\w3ext.dll
2007-12-03 11:35 . 2004-08-03 23:56 53,248 --a--c--- C:\WINDOWS\system32\dllcache\wamreg51.dll
2007-12-03 11:35 . 2001-08-23 07:00 48,256 --a--c--- C:\WINDOWS\system32\dllcache\w32.dll
2007-12-03 11:35 . 2001-08-23 07:00 41,600 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.dll
2007-12-03 11:35 . 2001-08-23 07:00 31,232 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.sys
2007-12-03 11:35 . 2001-08-23 07:00 9,216 --a--c--- C:\WINDOWS\system32\dllcache\wamps51.dll
2007-12-03 11:35 . 2001-08-23 07:00 5,632 --a--c--- C:\WINDOWS\system32\dllcache\w3svapi.dll
2007-12-03 11:35 . 2001-08-23 07:00 4,608 --a--c--- C:\WINDOWS\system32\dllcache\w3ctrs51.dll
2007-12-03 11:33 . 2001-08-23 07:00 753,236 --a--c--- C:\WINDOWS\system32\dllcache\rvseres.dll
2007-12-03 11:32 . 2001-08-23 07:00 111,104 --a--c--- C:\WINDOWS\system32\dllcache\mtstocom.exe
2007-12-03 11:32 . 2001-08-23 07:00 53,248 --a--c--- C:\WINDOWS\system32\dllcache\nextlink.dll
2007-12-03 11:32 . 2004-08-03 23:56 44,544 --a--c--- C:\WINDOWS\system32\dllcache\nsepm.dll
2007-12-03 11:32 . 2001-08-17 22:36 38,912 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_ntfsdrv.dll
2007-12-03 11:30 . 2001-08-23 07:00 10,096,640 --a--c--- C:\WINDOWS\system32\dllcache\hwxcht.dll
2007-12-03 11:29 . 2004-08-03 23:56 562,176 --a--c--- C:\WINDOWS\system32\dllcache\fxsst.dll
2007-12-03 11:28 . 2001-08-23 07:00 1,817,687 --a--c--- C:\WINDOWS\system32\dllcache\bckgres.dll
2007-12-03 11:27 . 2004-08-03 23:56 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll
2007-12-03 11:26 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll
2007-12-03 11:18 . 2007-12-03 11:18 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2007-12-03 11:17 . 2007-12-03 11:17 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2007-12-03 11:17 . 2007-12-03 11:17 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2007-12-03 11:17 . 2007-12-03 11:17 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2007-12-03 11:17 . 2007-12-03 11:17 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2007-12-03 11:17 . 2007-12-03 11:17 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2007-12-03 10:50 . 2004-08-03 22:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2007-12-03 10:42 . 2001-08-23 07:00 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-12-03 10:42 . 2001-08-23 07:00 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
2007-12-03 10:42 . 2001-08-23 07:00 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-12-03 10:42 . 2001-08-23 07:00 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
2007-12-03 00:13 . 2007-12-03 00:14 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-12-03 00:05 . 2007-12-03 00:09 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-11-30 23:57 . 2007-11-30 23:57 317,616 --a------ C:\WINDOWS\system32\drivers\srtspl.sys
2007-11-30 23:57 . 2007-11-30 23:57 279,088 --a------ C:\WINDOWS\system32\drivers\srtsp.sys
2007-11-30 23:57 . 2007-11-30 23:57 43,696 --a------ C:\WINDOWS\system32\drivers\srtspx.sys
2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\WINDOWS\system32\drivers\srtspx.cat
2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\WINDOWS\system32\drivers\srtspl.cat
2007-11-30 23:57 . 2007-11-30 23:57 10,545 --a------ C:\WINDOWS\system32\drivers\srtsp.cat
2007-11-30 23:57 . 2007-11-30 23:57 1,430 --a------ C:\WINDOWS\system32\drivers\srtspl.inf
2007-11-30 23:57 . 2007-11-30 23:57 1,421 --a------ C:\WINDOWS\system32\drivers\srtspx.inf
2007-11-30 23:57 . 2007-11-30 23:57 1,415 --a------ C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-30 02:24 . 2007-03-24 11:50 1,765 --a--c--- C:\Adobe Reader Speed Launch.lnk
2007-11-30 00:51 . 2007-11-30 00:51 <DIR> d-------- C:\Program Files\AviSynth 2.5
2007-11-30 00:51 . 2004-02-22 10:11 719,872 --a------ C:\WINDOWS\system32\devil.dll
2007-11-30 00:51 . 2006-10-07 17:43 502,784 --a------ C:\WINDOWS\x2.64.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-12 05:05 --------- d-----w C:\Documents and Settings\Michael Cozine\Application Data\U3
2007-12-12 05:00 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-12 04:48 --------- d-----w C:\Program Files\DivX
2007-12-11 07:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-09 05:27 --------- d-----w C:\Program Files\Incomplete
2007-12-08 21:18 --------- d-----w C:\Program Files\LimeWire
2007-12-08 21:15 --------- d-----w C:\Program Files\CinemaForge
2007-12-04 18:38 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-12-03 18:29 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-29 18:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-11-27 07:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-23 06:20 --------- d-----w C:\Program Files\Lavasoft
2007-11-21 05:40 --------- d-----w C:\Program Files\PMStitch20
2007-11-20 05:50 --------- d-----w C:\Documents and Settings\Michael Cozine\Application Data\Symantec
2007-11-19 16:53 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-19 02:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-11-18 20:45 --------- d-----w C:\Program Files\Common Files\AOL
2007-11-10 05:58 --------- d-----w C:\Program Files\Viewpoint
2007-11-10 05:01 --------- d-----w C:\Program Files\ACW
2007-11-10 02:38 --------- d-----w C:\Program Files\Microsoft Picture It! PhotoPub
2007-11-09 18:41 --------- d-----w C:\Program Files\Bonjour
2007-11-09 18:18 --------- d-----w C:\Program Files\Giant
2007-11-08 18:09 --------- d-----w C:\Program Files\Common Files\ATI
2007-11-08 18:09 --------- d-----w C:\Program Files\ATI Multimedia
2007-11-08 18:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI MMC
2007-11-02 16:58 --------- d-----w C:\Documents and Settings\LocalService\Application Data\EarthLink Toolbar
2007-11-02 16:57 --------- d-----w C:\Program Files\Common Files\Viewpoint
2007-10-25 18:29 1,558,280 ----a-w C:\WINDOWS\screengenie.scr
2007-10-24 02:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-10-22 01:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2007-10-21 22:41 --------- d-----w C:\Program Files\GameSpy Arcade
2007-10-17 20:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-10-14 22:08 --------- d-----w C:\Program Files\Total Video Player
2007-10-13 23:08 --------- d-----w C:\Documents and Settings\Karen\Application Data\Symantec
2007-10-13 23:02 --------- d-----w C:\Documents and Settings\Michael Cozine\Application Data\Media Player Classic
2007-10-13 16:48 --------- d-----w C:\Documents and Settings\Michael Cozine\Application Data\ArcSoft
2007-10-13 16:11 --------- d-----w C:\Program Files\Common Files\ArcSoft
2007-10-13 13:43 --------- d-----w C:\Documents and Settings\Michael Cozine\Application Data\Microsoft Game Studios
2007-10-13 13:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Games
2007-03-15 21:27 4 ----a-w C:\Documents and Settings\All Users\Application Data\8CD6F142.DAT
2003-11-18 17:37 241,664 -c--a-w C:\Program Files\npmusicn.dll
2003-01-20 23:13 344 -c--a-w C:\Program Files\MIB2ROM.TXT
2007-06-11 02:20 64 -csha-r C:\WINDOWS\624CEA234027101A.bin
2007-01-30 00:04 104 --sha-r C:\WINDOWS\system32\9A0455F5B6.sys
2007-03-09 07:12 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
2006-05-03 09:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2007-01-30 00:04 3,350 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-02-21 10:47 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((( snapshot@2007-12-11_ 0.34.41.07 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-05-31 12:44:56 740,442 ----a-w C:\WINDOWS\system32\divx.dll
+ 2007-12-04 18:36:14 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
+ 2007-12-04 18:36:14 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
+ 2007-12-04 18:36:14 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
+ 2007-12-04 18:36:14 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
- 2007-04-23 06:02:36 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll
+ 2007-12-04 18:36:22 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
+ 2007-12-04 18:36:16 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
+ 2007-12-04 18:36:16 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
+ 2007-12-04 18:36:16 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
+ 2007-12-04 18:36:16 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
+ 2007-12-04 18:36:16 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
+ 2007-12-04 18:36:16 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
+ 2007-12-04 18:36:22 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
- 2006-04-28 23:57:54 452,264 ----a-w C:\WINDOWS\system32\Px.dll
+ 2007-12-04 18:38:08 551,672 ------w C:\WINDOWS\system32\Px.dll
- 2006-04-28 23:57:56 87,720 ----a-w C:\WINDOWS\system32\PxAFS.DLL
+ 2007-12-04 18:38:08 129,784 ------w C:\WINDOWS\system32\PxAFS.DLL
+ 2007-12-04 18:38:08 66,296 ------w C:\WINDOWS\system32\pxcpya64.exe
- 2006-05-30 06:01:00 472,744 ----a-w C:\WINDOWS\system32\pxdrv.dll
+ 2007-12-04 18:38:08 518,904 ------w C:\WINDOWS\system32\pxdrv.dll
- 2004-09-23 06:03:00 57,344 ----a-w C:\WINDOWS\system32\pxhpinst.exe
+ 2007-12-04 18:38:10 72,440 ------w C:\WINDOWS\system32\pxhpinst.exe
+ 2007-12-04 18:38:08 64,760 ------w C:\WINDOWS\system32\pxinsa64.exe
- 2006-04-28 23:57:58 181,928 ----a-w C:\WINDOWS\system32\PxMas.dll
+ 2007-12-04 18:38:10 187,128 ------w C:\WINDOWS\system32\PxMas.dll
- 2006-04-28 23:58:00 1,279,656 ----a-w C:\WINDOWS\system32\PxSFS.DLL
+ 2007-12-04 18:38:08 1,628,920 ------w C:\WINDOWS\system32\PxSFS.DLL
- 2006-04-28 23:58:04 345,768 ----a-w C:\WINDOWS\system32\PxWave.dll
+ 2007-12-04 18:38:10 379,640 ------w C:\WINDOWS\system32\PxWave.dll
- 2006-06-15 06:00:00 38,568 ----a-w C:\WINDOWS\system32\VXBLOCK.dll
+ 2007-12-04 18:38:08 88,824 ----a-w C:\WINDOWS\system32\vxblock.dll
+ 2007-12-12 05:30:39 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_da4.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-24 22:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2007-11-20 01:21 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 22:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 22:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"@"="C:\Program Files\Mozilla Firefox\firefox.exe" [2007-12-01 22:57]
sgtmike44
2007-12-12, 07:12
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 10:43]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2006-06-13 05:20]
"SansaDispatch"="G:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe" [2007-05-02 18:00]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-25 00:07]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-24 23:53]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~2\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 09:46]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-18 12:55]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2007-08-23 15:35]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-07-04 18:51:20]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
Color Calibration.lnk - C:\Program Files\SEC\MagicTune3.6_Client_pivot\GammaTray.exe [2006-06-12 16:15:38]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-09-25 18:29:32]
MagicTune3.6.lnk - C:\Program Files\SEC\MagicTune3.6_Client_pivot\MagicTuneTray.exe [2006-06-12 16:15:55]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NaturalColorLoad.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NaturalColorLoad.lnk
backup=C:\WINDOWS\pss\NaturalColorLoad.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Sonic CinePlayer Quick Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sonic CinePlayer Quick Launch.lnk
backup=C:\WINDOWS\pss\Sonic CinePlayer Quick Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Online Support Center.lnk]
backup=C:\WINDOWS\pss\Verizon Online Support Center.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Michael Cozine^Start Menu^Programs^Startup^GTVEpg.lnk.disabled]
path=C:\Documents and Settings\Michael Cozine\Start Menu\Programs\Startup\GTVEpg.lnk.disabled
backup=C:\WINDOWS\pss\GTVEpg.lnk.disabledStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Michael Cozine^Start Menu^Programs^Startup^GTVRec.lnk.disabled]
path=C:\Documents and Settings\Michael Cozine\Start Menu\Programs\Startup\GTVRec.lnk.disabled
backup=C:\WINDOWS\pss\GTVRec.lnk.disabledStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mikey^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Mikey\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mikey^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
path=C:\Documents and Settings\Mikey\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
backup=C:\WINDOWS\pss\RollerCoaster Tycoon 3 Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-09-25 09:12 90112 --a------ C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
2003-06-18 00:00 45056 --------- C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E6TaskPanel]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1134611018\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2002-05-15 05:20 114688 --a------ C:\WINDOWS\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
1998-05-07 18:04 52736 --a--c--- c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2002-05-15 05:29 155648 --a------ C:\WINDOWS\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
2001-08-18 07:00 44032 --a--c--- C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-09-26 13:42 267064 --a------ C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
c:\Program Files\Microsoft Works\WkDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 09:50 155648 --a------ C:\WINDOWS\System32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton SystemWorks]
C:\Program Files\Norton SystemWorks\cfgwiz.exe /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteCenter]
2003-10-08 16:35 139264 --a--c--- C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2006-06-13 22:58 167936 --a------ C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBDrvDet]
C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\srmclean]
2001-07-24 23:34 36864 --a------ C:\Cpqs\Scom\srmclean.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-03-04 03:36 36975 --a--c--- C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfSideKick 2]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 00:00 90112 --a------ C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VFC Drive Monitoring Agent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WCOLOREAL]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]
CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WT GameChannel]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XeroxScannerDaemon]
2001-08-17 22:37 27648 --a------ C:\Program Files\Xerox\NWWia\XrxFTPLt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service"=2 (0x2)
"LightScribeService"=2 (0x2)
"iPod Service"=3 (0x3)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Jet Detection"=C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
"Microsoft Works Update Detection"=c:\Program Files\Microsoft Works\WkDetect.exe
"ao2nRRK6S"=cnbax2.exe
"RemoteCenter"=C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
"RemoteControl"=
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
"ATI DeviceDetect"=C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
"Creative MediaSource Go"="C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" /SCB
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"ATI Launchpad"="C:\Program Files\ATI Multimedia\main\LaunchPd.exe"
"ATI Scheduler"=C:\Program Files\ATI Multimedia\main\ATISched.EXE
"AlcoholAutomount"="G:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
"Aim6"=
"<NO NAME>"=
"ATI Remote Control"="C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE
"zBrowser Launcher"=C:\PROGRA~1\Logitech\iTouch\iTouch.exe
"Motive SmartBridge"=C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
"CTHelper"=CTHELPER.EXE
"SSC_UserPrompt"=C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"ViewMgr"=C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
"RemoteCenter"=
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2007-12-11 01:00:12 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Michael Cozine.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.2180]
-> C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\awgkgeqwUTER.dll
.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-12 00:29:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-12-12 0:36:52 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-11 00:38
.
--- E O F ---
sgtmike44
2007-12-12, 07:13
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:09:17 AM, on 12/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
G:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\SEC\MagicTune3.6_Client_pivot\GammaTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: FlashFetcher - {16E8A050-74CE-43D5-8DC0-BADD7347B2DD} - (no file)
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: EarthLink ScamBlocker V2 - {66252F33-BE30-4188-9199-63F2AC8BA137} - C:\Program Files\EarthLink TotalAccess\EScamBlk.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: (no name) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - (no file)
O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SansaDispatch] G:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~2\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKCU\..\RunOnce: [] C:\Program Files\Mozilla Firefox\firefox.exe http://www.symantec.com/techsupp/servlet/ProductMessages?module=2007&error=0&language=en&product=SymNRT&version=2008.0.1.19&build=Symantec&a=00000082.00000007.0000000f&b=00000082.00000016.00000023&c=00000082.00000020.0000004c&d=00000082.00000021.0000004d&e=00000082.00000096.000001d8
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: MagicTune3.6.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - ?p=ZNfox000
O8 - Extra context menu item: Download all with Free Download Manager - file://F:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://F:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://F:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: FlashFetcher - {07174FC7-B4C1-4643-9C03-B4D2148EB057} - C:\WINDOWS\system32\SHDOCVW.dll
O9 - Extra 'Tools' menuitem: FlashFetcher - {07174FC7-B4C1-4643-9C03-B4D2148EB057} - C:\WINDOWS\system32\SHDOCVW.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Michael Cozine\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {4EC99A0B-E57C-4FBE-B9C4-8428424FBF88} (McciUtilsSpecialFolder Class) - http://supportcenter.verizon.net/euserv/jsp/VOLAWeb.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159064994889
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148231912109
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.15.40/ttinst.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includes/MotivePreQual.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Digital Home 8\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe
O24 - Desktop Component 0: (no name) - http://www.lego.com/bionicle/images/extras/screensavers/img100x65ss_nuhvok.gif
O24 - Desktop Component 1: (no name) - http://www.sonic-gif.com/images/img-sz/sonic/ani/3d/sonic-wow.gif
O24 - Desktop Component 2: (no name) - http://www.lego.com/upload/contentTemplating/LEGOFactory-Content-Winners/images/2057/pic5595CF5A-4737-4A59-B501-7423420D123B.jpg

--
End of file - 12538 bytes
Mr_JAk3
2007-12-12, 20:24
Hi again :)

Looking better...

You should print these instructions or save these to a text file. Follow these instructions carefully.

Download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.
Do NOT run yet.


Run HijackThis, click Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press Fix checked. If something isn't there, please continue with the next entry in the list. Fix the O6 entry too if you haven't locked Internet Explorer settings on purpose.

O2 - BHO: FlashFetcher - {16E8A050-74CE-43D5-8DC0-BADD7347B2DD} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: (no name) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - (no file)
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - ?p=ZNfox000
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole...rcadeRdxIE.cab

Run ATF Cleaner Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.


Download Dr.Web CureIt to the desktop -> ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Restart your computer to the safe mode:
Restart your computer
Start tapping the F8 key when the computer restarts.
When the start menu opens, choose Safe mode
Press Enter. The computer then begins to start in Safe mode.
Run a scan with Dr.Web CureIt Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, you should now mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.

When the scan has finished, look if you can click next icon next to the files found http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif
If so, click it and then click the next icon right below and select Move incurable
After the scan, in the menu, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot the computer in Normal Mode,
Post the Cure-it report and a fresh HijackThis log
sgtmike44
2007-12-13, 19:45
Here are the results of the Dr. Web Scan:

inst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\AIMSUD338;Probably BACKDOOR.Trojan;Incurable.Moved.;
setup.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\ietoolbar_suite_4.0.39.3;Probably BACKDOOR.Trojan;Incurable.Moved.;
inst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4024;Probably BACKDOOR.Trojan;Incurable.Moved.;
setup.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131;Probably BACKDOOR.Trojan;Incurable.Moved.;
setup.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.41.2;Probably BACKDOOR.Trojan;Incurable.Moved.;
setup.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.1.3;Probably BACKDOOR.Trojan;Incurable.Moved.;
rctsilverrct2trainer_v40.exe;C:\Documents and Settings\Karen\My Documents\do not open\Hacking Tools;Tool.GameCrack;Incurable.Moved.;
38730.7888257639;C:\Documents and Settings\Michael Cozine\Application Data\GlarySoft\Registry Repair\Backups;Probably MACRO.SCRIPT.IRC.WORM.Virus;Incurable.Moved.;
Process.exe;C:\Documents and Settings\Michael Cozine\Desktop\SDFix\SDFix\apps;Tool.Prockill;Incurable.Moved.;
KillWind.exe;C:\hp\bin;Tool.ProcessKill;Incurable.Moved.;
Terminator.exe;C:\hp\bin;Trojan.KillApp.30208;Deleted.;
A0004331.exe;C:\System Volume Information\_restore{CD45504F-D983-486E-9C46-F5C3E4ADCBD7}\RP1;Trojan.DownLoader.31817;Deleted.;
A0007079.dll;C:\System Volume Information\_restore{CD45504F-D983-486E-9C46-F5C3E4ADCBD7}\RP2;Trojan.Virtumod.211;Incurable.Moved.;
A0007080.dll;C:\System Volume Information\_restore{CD45504F-D983-486E-9C46-F5C3E4ADCBD7}\RP2;Trojan.Virtumod.211;Incurable.Moved.;
A0007082.dll;C:\System Volume Information\_restore{CD45504F-D983-486E-9C46-F5C3E4ADCBD7}\RP2;Trojan.Virtumod.211;Incurable.Moved.;
A0024262.exe;C:\System Volume Information\_restore{CD45504F-D983-486E-9C46-F5C3E4ADCBD7}\RP22;Tool.GameCrack;Incurable.Moved.;
A0032688.exe;C:\System Volume Information\_restore{CD45504F-D983-486E-9C46-F5C3E4ADCBD7}\RP46;Trojan.KillApp.30208;Deleted.;
A0011331.reg;C:\System Volume Information\_restore{CD45504F-D983-486E-9C46-F5C3E4ADCBD7}\RP7;Trojan.StartPage.1505;Deleted.;
fseihnof.exe;C:\WINDOWS\system32;Trojan.Proxy.146;Deleted.;
A0022269.exe;G:\System Volume Information\_restore{CD45504F-D983-486E-9C46-F5C3E4ADCBD7}\RP22;Trojan.MulDrop.5074;Deleted.;
A0022282.exe;G:\System Volume Information\_restore{CD45504F-D983-486E-9C46-F5C3E4ADCBD7}\RP22;Trojan.MulDrop.5074;Deleted.;
A0022284.exe;G:\System Volume Information\_restore{CD45504F-D983-486E-9C46-F5C3E4ADCBD7}\RP22;Trojan.MulDrop.5074;Deleted.;
A0022285.exe;G:\System Volume Information\_restore{CD45504F-D983-486E-9C46-F5C3E4ADCBD7}\RP22;Trojan.MulDrop.5074;Deleted.;

And the latest HJT scan:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:35:47 AM, on 12/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
G:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\SEC\MagicTune3.6_Client_pivot\GammaTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTW10.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTW10.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: EarthLink ScamBlocker V2 - {66252F33-BE30-4188-9199-63F2AC8BA137} - C:\Program Files\EarthLink TotalAccess\EScamBlk.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SansaDispatch] G:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~2\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKCU\..\RunOnce: [] C:\Program Files\Mozilla Firefox\firefox.exe http://www.symantec.com/techsupp/servlet/ProductMessages?module=2007&error=0&language=en&product=SymNRT&version=2008.0.1.19&build=Symantec&a=00000082.00000007.0000000f&b=00000082.00000016.00000023&c=00000082.00000020.0000004c&d=00000082.00000021.0000004d&e=00000082.00000096.000001d8
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: MagicTune3.6.lnk = ?
O8 - Extra context menu item: &Search - ?p=ZNfox000
O9 - Extra button: FlashFetcher - {07174FC7-B4C1-4643-9C03-B4D2148EB057} - C:\WINDOWS\system32\SHDOCVW.dll
O9 - Extra 'Tools' menuitem: FlashFetcher - {07174FC7-B4C1-4643-9C03-B4D2148EB057} - C:\WINDOWS\system32\SHDOCVW.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Michael Cozine\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {4EC99A0B-E57C-4FBE-B9C4-8428424FBF88} (McciUtilsSpecialFolder Class) - http://supportcenter.verizon.net/euserv/jsp/VOLAWeb.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159064994889
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148231912109
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.15.40/ttinst.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includes/MotivePreQual.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Digital Home 8\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe
O24 - Desktop Component 0: (no name) - http://www.lego.com/bionicle/images/extras/screensavers/img100x65ss_nuhvok.gif
O24 - Desktop Component 1: (no name) - http://www.sonic-gif.com/images/img-sz/sonic/ani/3d/sonic-wow.gif
O24 - Desktop Component 2: (no name) - http://www.lego.com/upload/contentTemplating/LEGOFactory-Content-Winners/images/2057/pic5595CF5A-4737-4A59-B501-7423420D123B.jpg

--
End of file - 11678 bytes

PC took a long time to restart following the latest steps, but it is working better now. However, I keep getting an Error message that the disk cannot be found for the LuCallback Proxy.
Mr_JAk3
2007-12-15, 12:28
Hi again, it is looking clean now :)

You should now visit Windows Update (http://windowsupdate.microsoft.com) and get your system updated

You can remove the tools we used.

Then the "LuCallback Proxy" error. This is related to your Norton antivirus. Would be best to try if a repair installation or a complete uninstall/reinstall helps (make sure that your pc is in offline mode when performing this)

Then you should update your Java to the latest version (6u3) Start
Control Panel
Add/Remove Programs
Delete the old Java,
J2SE Runtime Environment 5.0 Update 6

Download the latest version of Java Runtime Environment (JRE) 6u3 (http://java.sun.com/javase/downloads/index.jsp).
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications."
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement."
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Install it


=============

Now that you seem to be clean, please follow these simple steps in order to keep your computer clean and secure:
Clear your system restore (http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx)
This will clear the system restore folders from possible malware that was left behind during the cleaning process.

Use ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1)
Download and install ATF Cleaner. Clean your temporary files & folders with it regularly.

Use Ad-Aware (http://www.bleepingcomputer.com/forums/?showtutorial=48)
Download and install Ad-Aware. Update it and scan your computer regularly with it.

Use AVG Anti-Spyware (http://www.ewido.net/en/)
Download and install AVG Anti-Spyware. Update it and scan your computer regularly with it.

Use Spybot S&D (http://www.bleepingcomputer.com/forums/?showtutorial=43)
Download and install Spybot S&D. Update it and scan your computer regularly with it.

Install SpywareBlaster (http://www.bleepingcomputer.com/tutorials/tutorial49.html)
SpywareBlaster will prevent spyware from being installed.

Install MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm)
This prevents your computer from connecting to harmful sites.

Use Firefox browser (http://www.mozilla.org)
Firefox is faster and more secure browser than Internet Explorer.

Keep your systen up-to-date (http://windowsupdate.microsoft.com)
Visit Windows Update regularly. How to enable Automatic Updates? (http://www.bleepingcomputer.com/tutorials/tutorial35.html)

Keep your antivirus (http://forum.malwareremoval.com/viewtopic.php?p=53#53) and firewall (http://forum.malwareremoval.com/viewtopic.php?p=56#56) up-to-date
Scan your computer regularly with you antivirus software.

Read this article by TonyKlein (http://forums.spybot.info/showthread.php?t=279)
So how did I get infected in the first place?

Stand Up and Be Counted ! (http://www.malwarecomplaints.info/index.php)
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.


Stay clean and be safe ;)
tashi
2007-12-27, 05:26
Thank you Mr_JAk3.