pws.ldpinchie wont remove [Archive] - Safer-Networking Forums

View Full Version : pws.ldpinchie wont remove

shish79

2009-04-19, 08:11

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:52:51, on 19/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Thomson\SpeedTouchUSB\Dragdiag.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\master\LOCALS~1\Temp\2735690034.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: C:\WINDOWS\system32\oseknf83kd.dll - {C1AF42A3-04F3-42BD-F634-3604832C897D} - C:\WINDOWS\system32\oseknf83kd.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouchUSB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_ind.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1237211105906
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1235746695859
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1236219437125
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} (Java Plug-in 1.6.0_12) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{88F8FF8B-A560-4630-B72D-92E81D529214}: NameServer = 92.31.242.20 92.31.242.21
O22 - SharedTaskScheduler: kjjhzf893jfijnsfsio3 - {C1AF42A3-04F3-42BD-F634-3604832C897D} - C:\WINDOWS\system32\oseknf83kd.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe

--
End of file - 6483 bytes

i have used combofix to remove this problem but it comes back when i connect to the internet or reboot,
i use avast antivirus and it doesnt pick the problem up, i have used sdfix and still no luck im at a loss.

Blade81

2009-04-20, 17:42

i have used combofix to remove this problem
Do NOT run 'fixes' before helpers have analyzed HJT log (http://forums.spybot.info/showthread.php?t=16806) ;)

Since that can't be made undone, please post contents of ComboFix.txt file.

shish79

2009-04-20, 17:56

ComboFix 09-04-19.04 - master 19/04/2009 10:39.6 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.2047.1778 [GMT 1:00]
Running from: c:\documents and settings\master\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090417-0] *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((( Files Created from 2009-03-19 to 2009-04-19 )))))))))))))))))))))))))))))))
.

2009-04-19 04:52 . 2009-04-19 04:52 -------- d-----w c:\program files\Trend Micro
2009-04-19 04:48 . 2009-04-19 04:49 -------- d-----w c:\program files\ERUNT
2009-04-18 23:48 . 2009-04-18 23:48 -------- d--h--w c:\windows\PIF
2009-04-18 15:58 . 2009-04-18 15:59 -------- d-----w c:\windows\ERUNT
2009-04-18 15:53 . 2009-04-18 23:55 -------- d-----w C:\SDFix
2009-04-18 15:37 . 2008-12-11 07:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys
2009-04-18 15:36 . 2009-03-06 15:45 130424 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-04-18 15:36 . 2008-12-18 11:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys
2009-04-18 15:36 . 2009-04-19 06:08 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-18 15:36 . 2009-04-18 15:39 -------- d-----w c:\program files\Common Files\PC Tools
2009-04-18 15:36 . 2008-12-10 11:36 64392 ----a-w c:\windows\system32\drivers\pctplsg.sys
2009-04-18 15:36 . 2009-04-19 00:12 -------- d-----w c:\program files\Spyware Doctor
2009-04-18 15:36 . 2009-04-18 15:36 -------- d-----w c:\documents and settings\master\Application Data\PC Tools
2009-04-18 15:36 . 2009-04-18 15:36 -------- d-----w c:\documents and settings\All Users\Application Data\PC Tools
2009-04-18 14:54 . 2009-04-18 15:06 127 ----a-w c:\windows\wininit.ini
2009-04-18 13:21 . 2009-04-18 13:21 -------- d-----w c:\program files\Alwil Software
2009-04-18 12:31 . 2009-04-18 12:31 5632 --sha-w c:\windows\system32\Thumbs.db
2009-04-17 21:08 . 2006-02-28 12:00 25088 -c--a-w c:\windows\system32\dllcache\sm59w.dll
2009-04-17 21:07 . 2006-02-28 12:00 57399 -c--a-w c:\windows\system32\dllcache\cplexe.exe
2009-04-17 21:06 . 2009-04-17 21:06 488 ---ha-r c:\windows\system32\logonui.exe.manifest
2009-04-17 21:06 . 2009-04-17 21:06 749 ---ha-r c:\windows\WindowsShell.Manifest
2009-04-17 21:06 . 2009-04-17 21:06 749 ---ha-r c:\windows\system32\wuaucpl.cpl.manifest
2009-04-17 21:06 . 2009-04-17 21:06 749 ---ha-r c:\windows\system32\sapi.cpl.manifest
2009-04-17 21:06 . 2009-04-17 21:06 749 ---ha-r c:\windows\system32\ncpa.cpl.manifest
2009-04-08 11:35 . 2009-04-08 11:35 73728 ----a-w c:\windows\system32\javacpl.cpl
2009-04-07 21:51 . 2009-04-07 21:51 -------- d-----w c:\program files\Ventrilo
2009-04-07 21:51 . 2009-04-07 21:51 262 ----a-w c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2009-04-07 21:51 . 2009-04-07 21:51 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-25 11:44 . 2008-11-13 07:41 252544 ----a-w c:\windows\system32\PROUnstl.exe
2009-03-25 11:44 . 2006-01-12 14:52 1904 ----a-w c:\windows\system32\SetupBD.din
2009-03-25 10:50 . 2009-03-25 10:50 -------- d-----w c:\program files\SystemRequirementsLab
2009-03-22 10:21 . 2009-03-22 10:21 -------- d-----w C:\.jagex_cache_32
2009-03-20 10:31 . 2009-04-18 12:32 116 ----a-w c:\windows\NeroDigital.ini
2009-03-20 10:30 . 2009-03-20 10:31 -------- d-----w c:\documents and settings\master\Local Settings\Application Data\Ahead
2009-03-20 10:28 . 2009-03-20 10:28 -------- d-----w c:\program files\Nero
2009-03-20 10:28 . 2009-03-20 10:28 -------- d-----w c:\program files\Common Files\Ahead
2009-03-20 10:26 . 2009-03-20 10:27 -------- d-----w c:\program files\nero7
2009-03-20 09:45 . 2009-03-24 21:03 -------- d-----w c:\documents and settings\master\Application Data\Camfrog
2009-03-20 09:45 . 2009-03-20 09:45 -------- d-----w c:\program files\Camfrog

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-19 02:33 . 2009-02-04 20:19 -------- d-----w c:\documents and settings\master\Application Data\dvdcss
2009-04-19 00:18 . 2009-03-01 01:05 -------- d-----w c:\program files\Diablo II
2009-04-17 21:06 . 2009-02-03 23:48 22720 ----a-w c:\windows\system32\emptyregdb.dat
2009-04-17 18:29 . 2009-02-25 01:24 34 ----a-w c:\documents and settings\master\jagex_runescape_preferences.dat
2009-04-08 11:35 . 2009-02-25 00:58 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-25 11:44 . 2009-02-15 15:09 -------- d-----w c:\program files\Intel
2009-03-25 09:54 . 2009-03-05 04:44 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-20 10:30 . 2009-03-01 00:14 -------- d-----w c:\documents and settings\master\Application Data\Ahead
2009-03-16 14:02 . 2009-02-04 00:06 13104 ----a-w c:\documents and settings\master\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-15 03:06 . 2009-02-26 03:37 -------- d-----w c:\documents and settings\master\Application Data\Ventrilo
2009-03-08 15:35 . 2009-03-05 18:56 -------- d-----w c:\program files\WinMX
2009-03-05 19:02 . 2009-03-05 19:02 -------- d-----w c:\program files\MXpie Patch
2009-03-05 04:53 . 2009-03-05 04:44 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-04 16:21 . 2009-03-04 16:21 -------- d-----w c:\program files\Hero Editor
2009-03-04 16:21 . 2009-03-04 16:21 286720 ----a-w c:\windows\Setup1.exe
2009-03-04 16:21 . 2009-03-04 16:21 73216 ----a-w c:\windows\ST6UNST.EXE
2009-03-02 18:03 . 2009-02-27 02:51 -------- d-----w c:\program files\Winamp
2009-03-01 01:34 . 2009-03-01 01:15 18455 ----a-w c:\windows\DIIUnin.dat
2009-03-01 01:31 . 2009-03-01 01:31 21840 ----a-w c:\windows\system32\SIntfNT.dll
2009-03-01 01:31 . 2009-03-01 01:31 17212 ----a-w c:\windows\system32\SIntf32.dll
2009-03-01 01:31 . 2009-03-01 01:31 12067 ----a-w c:\windows\system32\SIntf16.dll
2009-03-01 01:15 . 2009-03-01 01:15 94208 ----a-w c:\windows\DIIUnin.exe
2009-03-01 01:15 . 2009-03-01 01:15 2829 ----a-w c:\windows\DIIUnin.pif
2009-03-01 00:15 . 2009-03-01 00:15 -------- d-----w c:\documents and settings\All Users\Application Data\Ahead
2009-02-28 23:50 . 2009-02-04 00:25 -------- d-----w c:\program files\Common Files\AOL
2009-02-27 14:53 . 2009-02-27 14:52 -------- d-----w c:\program files\AOL 9.0 VR
2009-02-27 14:53 . 2009-02-04 00:27 -------- d-----w c:\documents and settings\master\Application Data\AOL
2009-02-27 14:53 . 2009-02-04 00:25 -------- d-----w c:\documents and settings\All Users\Application Data\AOL
2009-02-27 14:52 . 2009-02-04 00:25 -------- d-----w c:\program files\Common Files\aolshare
2009-02-27 14:40 . 2009-02-27 14:40 -------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
2009-02-27 14:40 . 2009-02-04 00:25 -------- d-----w c:\program files\AOL 9.0
2009-02-27 14:31 . 2009-02-04 19:50 -------- d--h--w c:\program files\InstallShield Installation Information
2009-02-27 14:31 . 2009-02-04 19:50 -------- d-----w c:\program files\DriverGuide Toolkit
2009-02-25 04:27 . 2009-02-15 15:05 -------- d-----w c:\program files\Realtek
2009-02-25 02:31 . 2009-02-25 02:31 -------- d-----w c:\program files\HyCam2
2009-02-25 00:57 . 2009-02-25 00:57 -------- d-----w c:\program files\Java
2009-02-25 00:43 . 2009-02-25 00:43 -------- d-----w c:\program files\HP
2009-02-25 00:38 . 2009-02-04 00:26 -------- d-----w c:\program files\AOL Toolbar
2009-02-24 23:02 . 2009-02-24 23:02 -------- d-----w c:\program files\Thomson
2009-02-24 23:01 . 2009-02-24 23:01 -------- d-----w c:\program files\SpeedTouchModemDrivers
2009-02-18 18:31 . 2009-02-25 04:27 5028352 ----a-w c:\windows\system32\drivers\RtkHDAud.sys
2009-02-17 15:50 . 2009-02-25 04:27 17508864 ----a-w c:\windows\RTHDCPL.EXE
2009-02-09 14:34 . 2009-02-25 04:27 35840 ----a-w c:\windows\system32\RtkCoInstXP.dll
2009-02-04 00:36 . 2009-02-03 23:50 76487 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-01-21 15:54 . 2009-02-25 04:27 1206816 ----a-w c:\windows\RtlUpd.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-04-18_16.14.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-25 04:27 . 2005-02-25 03:35 22752 c:\windows\system32\spupdsvc.exe
- 2009-02-25 04:27 . 2004-11-18 10:42 22752 c:\windows\system32\spupdsvc.exe
+ 2009-04-17 21:07 . 2008-03-20 13:41 14640 c:\windows\system32\spmsg.dll
+ 2006-02-28 12:00 . 2005-05-04 13:45 15360 c:\windows\system32\msisip.dll
+ 2006-02-28 12:00 . 2005-05-04 13:45 78848 c:\windows\system32\msiexec.exe
+ 2006-02-28 12:00 . 2005-05-04 13:45 15360 c:\windows\system32\dllcache\msisip.dll
+ 2006-02-28 12:00 . 2005-05-04 13:45 78848 c:\windows\system32\dllcache\msiexec.exe
- 2006-02-28 12:00 . 2006-02-28 12:00 884736 c:\windows\system32\msimsg.dll
+ 2006-02-28 12:00 . 2005-05-04 13:45 884736 c:\windows\system32\msimsg.dll
+ 2006-02-28 12:00 . 2005-05-04 13:45 271360 c:\windows\system32\msihnd.dll
+ 2006-02-28 12:00 . 2005-05-04 13:45 884736 c:\windows\system32\dllcache\msimsg.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 884736 c:\windows\system32\dllcache\msimsg.dll
+ 2006-02-28 12:00 . 2005-05-04 13:45 271360 c:\windows\system32\dllcache\msihnd.dll
- 2009-04-18 15:59 . 2009-04-18 15:59 163840 c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2009-04-18 23:41 . 2009-04-18 23:41 163840 c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2009-04-18 23:41 . 2008-08-07 14:27 163328 c:\windows\ERUNT\SDFIX\ERDNT.EXE
- 2009-04-18 15:59 . 2008-08-07 14:27 163328 c:\windows\ERUNT\SDFIX\ERDNT.EXE
+ 2009-04-19 05:26 . 2009-04-19 05:26 163840 c:\windows\ERDNT\AutoBackup\19-04-2009\Users\00000002\UsrClass.dat
+ 2009-04-19 05:26 . 2005-10-20 11:02 163328 c:\windows\ERDNT\AutoBackup\19-04-2009\ERDNT.EXE
+ 2006-02-28 12:00 . 2005-05-04 13:45 2890240 c:\windows\system32\msi.dll
+ 2008-03-20 17:06 . 2008-03-20 17:06 1480232 c:\windows\system32\LegitCheckControl.dll
+ 2006-02-28 12:00 . 2005-05-04 13:45 2890240 c:\windows\system32\dllcache\msi.dll
- 2009-04-18 15:59 . 2009-04-18 15:59 2306048 c:\windows\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2009-04-18 23:41 . 2009-04-18 23:41 2306048 c:\windows\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2009-04-19 05:26 . 2009-04-19 05:26 2306048 c:\windows\ERDNT\AutoBackup\19-04-2009\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouchUSB\Dragdiag.exe" [2004-01-26 866816]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-11 8429568]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-02-17 17508864]

c:\documents and settings\master\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]
backup=c:\windows\pss\AOL 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]
backup=c:\windows\pss\AOL Companion.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\1235522019\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\AOL 9.0 VR\\waol.exe"=
"c:\\Program Files\\WinMX\\WinMX.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"41382:UDP"= 41382:UDP:GlobalizationJava DownloadedPublish
"19806:UDP"= 19806:UDP:GlobalizationJava ComponentsGlobalization
"34015:TCP"= 34015:TCP:GlobalizationJava ZxInternet
"38420:TCP"= 38420:TCP:GlobalizationJava FilesMobile

R1 aswSP;avast! Self Protection; [x]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 DMman;Boot Trusted;c:\windows\system32\svchost.exe [2006-02-28 14336]
R3 alcan5ln;SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\system32\DRIVERS\alcan5ln.sys [2003-12-08 36256]
R3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
R3 i740;i740;c:\windows\system32\DRIVERS\i740nt5.sys [2001-08-17 58592]
R3 Ptserli;PCTEL Serial Device Driver for INTEL;c:\windows\system32\DRIVERS\ptserli.sys [2001-08-17 128286]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-03-06 130424]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]

.
- - - - ORPHANS REMOVED - - - -

BHO-{C1AF42A3-04F3-42BD-F634-3604832C897D} - c:\windows\system32\oseknf83kd.dll
SharedTaskScheduler-{C1AF42A3-04F3-42BD-F634-3604832C897D} - c:\windows\system32\oseknf83kd.dll

.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-19 10:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\DMman]
"ServiceDll"="c:\windows\system32\ejkxazx.dll"
.
Completion time: 2009-04-19 10:42
ComboFix-quarantined-files.txt 2009-04-19 09:42
ComboFix2.txt 2009-04-19 05:32
ComboFix3.txt 2009-04-19 04:25
ComboFix4.txt 2009-04-18 23:57
ComboFix5.txt 2009-04-19 09:39

Pre-Run: 255,698,915,328 bytes free
Post-Run: 255,687,151,616 bytes free

Current=2 Default=2 Failed=0 LastKnownGood=4 Sets=1,2,3,4
210

Blade81

2009-04-20, 23:29

Hi

Generate an Uninstall List

* Open HijackThis
* Click on Open Misc Tools Section
* Click on Open Uninstall Manager
* Click on Save list
* Save it to your Desktop
* Post it on your next reply.

Blade81

2009-04-26, 19:57

Due to inactivity, this thread will now be closed.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.