PC Problem continuation

**klouie316-** · 2008-12-06, 05:34

So I been busy the last week, but here's what you asked for from this thread
http://forums.spybot.info/showthread.php?t=37017

ComboFix 08-12-02.02 - Kyle Louie 2008-12-03 19:20:33.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.295 [GMT -8:00]
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Kyle Louie\Local Settings\Temporary Internet Files\ijjistarter2FxB.exe
c:\program files\ActivationManager
c:\program files\ActivationManager\ActivationManager.dll
c:\program files\ActivationManager\Uninstall.exe
c:\windows\brastk.exe
c:\windows\karna.dat
c:\windows\system32\brastk.exe
c:\windows\system32\dllcache\beep.sys
c:\windows\system32\drivers\svchost.exe
c:\windows\system32\drivers\TDSSpcuu.sys
c:\windows\system32\karna.dat
c:\windows\system32\TDSScrry.dll
c:\windows\system32\TDSSehyx.log
c:\windows\system32\TDSSktkl.dll
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSocun.dll
c:\windows\system32\TDSSqahc.dll
c:\windows\system32\TDSSqekn.dll
c:\windows\system32\TDSSqrwn.log
c:\windows\system32\TDSSrojf.dll
c:\windows\system32\TDSSwgyh.dat
c:\windows\system32\wini10891.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS
-------\Legacy_OREANS32
-------\Service_oreans32

((((((((((((((((((((((((( Files Created from 2008-11-04 to 2008-12-04 )))))))))))))))))))))))))))))))
.

2008-11-26 13:28 . 2008-11-26 13:28 <DIR> d----c--- C:\rsit
2008-11-26 13:28 . 2008-11-26 13:28 <DIR> d----c--- c:\program files\trend micro
2008-11-21 18:17 . 2008-11-21 18:19 <DIR> d----c--- C:\MBAM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-13 01:17 --------- dc----w c:\program files\Spybot - Search & Destroy
2008-11-13 01:00 --------- dc----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-24 11:10 453,632 -c--a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-14 03:13 78,576 -c--a-w c:\documents and settings\Kyle Louie\Application Data\GDIPFONTCACHEV1.DAT
2007-02-09 00:34 32 -c--a-r c:\documents and settings\All Users\hash.dat
2004-12-01 00:51 75,072 -c--a-w c:\documents and settings\Brandon Louie\Application Data\GDIPFONTCACHEV1.DAT
2004-07-20 00:10 67,648 -c--a-w c:\documents and settings\Gary Louie\Application Data\GDIPFONTCACHEV1.DAT
2004-05-02 21:24 66,632 -c--a-w c:\documents and settings\Cory Louie\Application Data\GDIPFONTCACHEV1.DAT
2004-04-27 07:08 3,662,787 -c--a-w c:\program files\spybotsd12.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-28 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-07-16 4743168]
"ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960]
"ZTgServerSwitch"="c:\program files\support.com\client\bin\tgcmd.exe" [2003-06-23 1409024]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-06 335872]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-04-06 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-06 114688]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 28672]
"AdaptecDirectCD"="c:\program files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2001-09-04 655360]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"VSOCheckTask"="c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 151552]
"VirusScan Online"="c:\program files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 163840]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-02-22 32768]
"iRiver Updater"="\Updater.exe" [2004-07-01 212992]
"OASClnt"="c:\program files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 53248]
"Motive SmartBridge"="c:\progra~1\SBCLIG~1\SMARTB~1\MotiveSB.exe" [2003-12-10 380928]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="D:\iTunesHelper.exe" [2008-07-10 289064]
"nwiz"="nwiz.exe" [2003-07-16 c:\windows\system32\nwiz.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-23 c:\windows\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-02-22 32768]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{35B2861B-2B26-4691-9FF0-09083722C736}"= "c:\progra~1\RADLIN~1\RadExe.dll" [2004-01-30 139264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\progra~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\support.com\\client\\bin\\tgcmd.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"c:\\Documents and Settings\\Brandon Louie\\Local Settings\\Application Data\\Wildtangent\\Cdacache\\D264641C-227B-4DF1-9921-C4DECDB22222\\Golf.exe"=
"c:\\Program Files\\Common Files\\AOL\\1125516882\\ee\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"d:\\Program Files (D)\\Mozilla Firefox\\firefox.exe"=
"d:\\Program Files (D)\\cod\\CoDMP.exe"=
"c:\\Documents and Settings\\Kyle Louie\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"d:\\Program Files (D)\\SopCast\\SopCast.exe"=
"d:\\Program Files (D)\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\wkscal.exe"=
"d:\\Program Files (D)\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files (D)\\americas army\\System\\ArmyOps.exe"=
"d:\\Program Files (D)\\SopCast\\adv\\SopAdver.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"d:\\iTunes.exe"=

R2 SVKP;SVKP;\??\c:\windows\system32\SVKP.sys [2005-07-27 2368]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-01-18 24652]
S2 mrtRate;mrtRate; []
S3 2WIREHPL;2Wire Gateway;c:\windows\system32\DRIVERS\2WireHPL.sys [2004-01-28 42944]
S3 cdiskdun;cdiskdun;\??\c:\docume~1\KYLELO~1\LOCALS~1\Temp\cdiskdun.sys []
.
Contents of the 'Scheduled Tasks' folder

2008-09-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2008-12-04 c:\windows\Tasks\McAfee.com Scan for Viruses - My Computer (SONY-Kyle Louie).job
- c:\progra~1\mcafee.com\vso\mcmnhdlr.exe [2005-07-08 17:18]

2008-12-04 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-01-02 14:20]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-brastk - c:\windows\system32\brastk.exe
HKCU-Run-Aim6 - (no file)
HKLM-Run-hcsystray - d:\program files (d)\shootout\Kuma Games\hcsystray\Kumawar_tray.exe

.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Kyle Louie\Application Data\Mozilla\Firefox\Profiles\default.evb\
FF -: plugin - c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF -: plugin - c:\documents and settings\Kyle Louie\Application Data\Mozilla\Firefox\Profiles\default.evb\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll
FF -: plugin - c:\program files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF -: plugin - c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF -: plugin - c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF -: plugin - d:\mozilla plugins\npitunes.dll
FF -: plugin - d:\program files (d)\Divx\DivX Player\npDivxPlayerPlugin.dll
FF -: plugin - d:\program files (d)\Divx\DivX Web Player\npdivx32.dll
FF -: plugin - d:\program files (d)\Mozilla Firefox\plugins\np32dsw.dll
FF -: plugin - d:\program files (d)\Mozilla Firefox\plugins\npdivx32.dll
FF -: plugin - d:\program files (d)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
FF -: plugin - d:\program files (d)\Mozilla Firefox\plugins\npmozax.dll
FF -: plugin - d:\program files (d)\Mozilla Firefox\plugins\npmusicn.dll
FF -: plugin - d:\program files (d)\Mozilla Firefox\plugins\npnul32.dll
FF -: plugin - d:\program files (d)\Mozilla Firefox\plugins\npqtplugin.dll
FF -: plugin - d:\program files (d)\Mozilla Firefox\plugins\npqtplugin2.dll
FF -: plugin - d:\program files (d)\Mozilla Firefox\plugins\npqtplugin3.dll
FF -: plugin - d:\program files (d)\Mozilla Firefox\plugins\npqtplugin4.dll
FF -: plugin - d:\program files (d)\Mozilla Firefox\plugins\npqtplugin5.dll
FF -: plugin - d:\program files (d)\Mozilla Firefox\plugins\npqtplugin6.dll
FF -: plugin - d:\program files (d)\Mozilla Firefox\plugins\npqtplugin7.dll
FF -: plugin - d:\program files (d)\Mozilla Firefox\plugins\NPTURNMED.dll
FF -: plugin - d:\program files (d)\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - d:\program files (d)\VideoLAN\VLC\npvlc.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-03 19:26:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(732)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\McAfee.com\Agent\Mcdetect.exe
c:\progra~1\McAfee.com\VSO\McShield.exe
c:\progra~1\McAfee.com\Agent\McTskshd.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\ScsiAccess.EXE
c:\progra~1\McAfee.com\VSO\McVSEscn.exe
C:\Updater.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\SBC LightSpeed Self Support Tool\bin\mpbtn.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
.
**************************************************************************
.
Completion time: 2008-12-03 19:36:18 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-04 03:36:14

Pre-Run: 1,715,507,200 bytes free
Post-Run: 2,244,857,856 bytes free

210 --- E O F --- 2008-11-12 07:13:56

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:38:30 PM, on 12/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\program files\support.com\client\bin\tgcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\PnkBstrA.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\WINDOWS\System32\ScsiAccess.EXE
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Updater.exe
C:\PROGRA~1\SBCLIG~1\SMARTB~1\MotiveSB.exe
D:\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SBC LightSpeed Self Support Tool\bin\mpbtn.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.callofduty.com/patch
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\KYLE LOUIE\Application Data\Mozilla\Profiles\default\w757b067.slt\prefs.js)
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCLIG~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC LightSpeed Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...3/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...20/mcgdmgr.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: RadClock - Unknown owner - C:\Program Files\RadLinker\RadClock.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11853 bytes

**katana** · 2008-12-10, 19:44

I apologize for the delay in responding, but as you can probably see the forums are quite busy.
Unfortunately there are far more people needing help than there are helpers.

If you still require help please do the following

Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/par...avwebscan.html

Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

**Note**

To optimize scanning time and produce a more sensible report for review:

Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

**klouie316-** · 2008-12-15, 01:20

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, December 14, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, December 14, 2008 04:46:31
Records in database: 1459757
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 142412
Threat name: 1
Infected objects: 8
Suspicious objects: 0
Duration of the scan: 02:32:13

File name / Threat name / Threats count
C:\Documents and Settings\Kyle Louie\Application Data\Sun\Java\Deployment\cache\6.0\22\10453ed6-7247b3bf Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\Kyle Louie\Application Data\Sun\Java\Deployment\cache\6.0\23\d372ed7-10966453 Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\Kyle Louie\Application Data\Sun\Java\Deployment\cache\6.0\44\232f2a6c-6d0e82c1 Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\Kyle Louie\Application Data\Sun\Java\Deployment\cache\6.0\47\bd7ce2f-24755178 Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\Kyle Louie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-25a5b447.zip Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\Kyle Louie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-4941f397-260204a4.zip Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\Kyle Louie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-6f908b9d.zip Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\Kyle Louie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-5d99c260.zip Infected: Exploit.Java.Gimsh.b 1

The selected area was scanned.

**katana** · 2008-12-15, 09:45

Custom CFScript

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

Code:

File::
C:\Documents and Settings\Kyle Louie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-25a5b447.zip
C:\Documents and Settings\Kyle Louie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-4941f397-260204a4.zip
C:\Documents and Settings\Kyle Louie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-6f908b9d.zip
C:\Documents and Settings\Kyle Louie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-5d99c260.zip
Folder::
C:\Documents and Settings\Kyle Louie\Application Data\Sun\Java\Deployment\cache\6.0\22
C:\Documents and Settings\Kyle Louie\Application Data\Sun\Java\Deployment\cache\6.0\23
C:\Documents and Settings\Kyle Louie\Application Data\Sun\Java\Deployment\cache\6.0\44
C:\Documents and Settings\Kyle Louie\Application Data\Sun\Java\Deployment\cache\6.0\47
Driver::
mrtRate
cdiskdun

Save this as CFScript.txt and place it on your desktop.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

Are there any problems now ?

Thread: PC Problem continuation

Thread Tools

Display

PC Problem continuation

Posting Permissions