Browser Hijacking

Arg!

try this one please:

regedit /e C:\look.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\oqnhgqvw"

ook for look.txt then post the contents.
 
Success!! Finally!! Woohoo!

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\oqnhgqvw]
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
"Description"="Helper for Microsoft ACPI Control Method Battery"
"DisplayName"="Microsoft ACPI Control Method Battery Helper"
"ErrorControl"=dword:00000001
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\oqnhgqvw\Parameters]
"ServiceDll"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,\
00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,6c,00,\
66,00,61,00,6d,00,6c,00,66,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\oqnhgqvw\Enum]
"0"="Root\\LEGACY_OQNHGQVW\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001


Hope that helps!
Thanks again,
Tom
 
ha! Now let's blow it out :)

*Please download KaazaBegone

Create a new folder in your desktop, name it Kazaabegone.

Extract all the files of the zip files to the newly created folder on your desktop.

Navigate to the KazaaBegone folder then double click Kazaabegone.exe and let it remove Kazaa and all of its components.

Note: In case you use Kazaa, we need to remove it because the program itself is infected and if we don't remove it, the infections you have will only return..


*Run OTMoveiT
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\Program Files\Kazaa
    C:\WINDOWS\Downloaded Program Files\WUInst.inf
    C:\WINDOWS\smdat32m.sys
    C:\WINDOWS\SYSTEM32\P2P Networking v124.cpl
    C:\WINDOWS\winhp32.exe
    C:\WINDOWS\SYSTEM32\diceuaaa.exe


  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

*Please download SvcQuery.exe
  • Save it to your desktop.
  • Double click SvcQuery.exe
  • When prompted to enter a service name, enter oqnhgqvw
  • Type "y" to confirm.
  • When done, it shall present a log, please post it on your next reply.

*Click start > run > copy and paste this command please:

"%userprofile%\desktop\combofix.exe" /wow-drv oqnhgqvw /v apwdscfn mntrycpo qchxqoad

Post back with a fresh HijackThis log, svcquery log and the new combofix log along with a description on how your machine is running.
 
"Campbell Bridge" - 07-05-01 16:21:56 Service Pack 2
ComboFix 07-04-22.6V - Running from: "C:\Documents and Settings\Campbell Bridge\Desktop\"
Command switches used :: "/wow-drv oqnhgqvw /v apwdscfn mntrycpo qchxqoad"


((((((((((((((((((((((((( Files Created from 2007-04-01 to 2007-05-01 ))))))))))))))))))))))))))))


2007-04-23 20:48 <DIR> d-------- C:\WINDOWS\SYSTEM32\LogFiles
2007-04-23 18:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-04-23 13:55 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-04-23 12:23 499,712 --a------ C:\WINDOWS\SYSTEM32\msvcp71.dll
2007-04-23 12:23 348,160 --a------ C:\WINDOWS\SYSTEM32\msvcr71.dll
2007-04-23 12:19 21,299,912 --a------ C:\Program Files\avg75free_463a1000.exe
2007-04-23 10:12 <DIR> d-------- C:\Anti-Spyware
2007-04-23 08:56 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2007-04-22 19:19 <DIR> d-------- C:\WINDOWS\Prefetch
2007-04-22 11:51 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-04-21 20:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-04-21 15:51 <DIR> d-------- C:\Program Files\CCleaner
2007-04-21 12:44 <DIR> d-------- C:\16e7a3799cc4ff36826d19da47c626
2007-04-20 14:47 842,672 --a------ C:\Program Files\slsk156c.exe
2007-04-20 14:47 <DIR> d-------- C:\Program Files\Soulseek
2007-04-20 14:15 28,672 --------- C:\WINDOWS\SYSTEM32\verclsid.exe
2007-04-20 14:06 <DIR> d-------- C:\Program Files\iPod
2007-04-20 14:06 <DIR> d-------- C:\DOCUME~1\CAMPBE~1\APPLIC~1\Apple Computer
2007-04-20 14:05 <DIR> d-------- C:\Program Files\iTunes
2007-04-20 14:04 <DIR> d-------- C:\Program Files\QuickTime
2007-04-20 14:03 <DIR> d-------- C:\Program Files\Apple Software Update
2007-04-20 14:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-04-20 14:01 37,860,928 --a------ C:\Program Files\iTunesSetup.exe
2007-04-20 08:23 44,032 --a------ C:\WINDOWS\SYSTEM32\apwdscfn.dll
2007-04-20 08:23 131,584 --a------ C:\WINDOWS\SYSTEM32\mntrycpo.dll
2007-04-20 08:23 100,864 --a------ C:\WINDOWS\SYSTEM32\qchxqoad.dll
2007-04-19 00:26 <DIR> d-------- C:\DOCUME~1\CAMPBE~1\APPLIC~1\AdobeAUM
2007-04-19 00:23 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-04-19 00:10 21,822,168 --a------ C:\Program Files\AdbeRdr80_en_US.exe
2007-04-19 00:05 811,560 --a------ C:\Program Files\GoogleToolbarInstaller_ADBx_en_401019_signed.exe
2007-04-19 00:05 7,050,552 --a------ C:\Program Files\psa30se_en_us.exe
2007-04-18 23:53 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-04-18 23:53 <DIR> d-------- C:\WINDOWS\SYSTEM32\PreInstall
2007-04-18 16:51 95,424 --------- C:\WINDOWS\SYSTEM32\DRIVERS\slnthal.sys
2007-04-18 16:51 9,216 --------- C:\WINDOWS\SYSTEM32\proxycfg.exe
2007-04-18 16:51 73,216 --------- C:\WINDOWS\SYSTEM32\DRIVERS\atintuxx.sys
2007-04-18 16:51 701,440 --------- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys
2007-04-18 16:51 685,056 --------- C:\WINDOWS\SYSTEM32\DRIVERS\hsfcxts2.sys
2007-04-18 16:51 67,584 --------- C:\WINDOWS\SYSTEM32\DRIVERS\sdbus.sys
2007-04-18 16:51 63,663 --------- C:\WINDOWS\SYSTEM32\DRIVERS\ati1rvxx.sys
2007-04-18 16:51 63,488 --------- C:\WINDOWS\SYSTEM32\DRIVERS\atinxsxx.sys
2007-04-18 16:51 6,016 --------- C:\WINDOWS\SYSTEM32\DRIVERS\smbali.sys
2007-04-18 16:51 59,648 --------- C:\WINDOWS\SYSTEM32\DRIVERS\rfcomm.sys
2007-04-18 16:51 59,392 --------- C:\WINDOWS\SYSTEM32\logman.exe
2007-04-18 16:51 57,856 --------- C:\WINDOWS\SYSTEM32\DRIVERS\atinbtxx.sys
2007-04-18 16:51 56,623 --------- C:\WINDOWS\SYSTEM32\DRIVERS\ati1btxx.sys
2007-04-18 16:51 52,224 --------- C:\WINDOWS\SYSTEM32\DRIVERS\atinraxx.sys
2007-04-18 16:51 46,464 --------- C:\WINDOWS\SYSTEM32\DRIVERS\gagp30kx.sys
2007-04-18 16:51 452,736 --------- C:\WINDOWS\SYSTEM32\DRIVERS\mtxparhm.sys
2007-04-18 16:51 44,672 --------- C:\WINDOWS\SYSTEM32\DRIVERS\uagp35.sys
2007-04-18 16:51 404,990 --------- C:\WINDOWS\SYSTEM32\DRIVERS\slntamr.sys
2007-04-18 16:51 4,255 --------- C:\WINDOWS\SYSTEM32\DRIVERS\adv01nt5.dll
2007-04-18 16:51 38,016 --------- C:\WINDOWS\SYSTEM32\DRIVERS\bthmodem.sys
2007-04-18 16:51 36,463 --------- C:\WINDOWS\SYSTEM32\DRIVERS\ati1tuxx.sys
2007-04-18 16:51 36,096 --------- C:\WINDOWS\SYSTEM32\DRIVERS\intelppm.sys
2007-04-18 16:51 35,456 --------- C:\WINDOWS\SYSTEM32\DRIVERS\bthprint.sys
2007-04-18 16:51 34,735 --------- C:\WINDOWS\SYSTEM32\DRIVERS\ati1xsxx.sys
2007-04-18 16:51 327,040 --------- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtaa.sys
2007-04-18 16:51 31,744 --------- C:\WINDOWS\SYSTEM32\DRIVERS\atinxbxx.sys
2007-04-18 16:51 30,671 --------- C:\WINDOWS\SYSTEM32\DRIVERS\ati1raxx.sys
2007-04-18 16:51 30,080 --------- C:\WINDOWS\SYSTEM32\DRIVERS\rndismpx.sys
2007-04-18 16:51 3,967 --------- C:\WINDOWS\SYSTEM32\DRIVERS\adv02nt5.dll
2007-04-18 16:51 3,901 --------- C:\WINDOWS\SYSTEM32\DRIVERS\siint5.dll
2007-04-18 16:51 3,775 --------- C:\WINDOWS\SYSTEM32\DRIVERS\adv11nt5.dll
2007-04-18 16:51 3,711 --------- C:\WINDOWS\SYSTEM32\DRIVERS\adv09nt5.dll
2007-04-18 16:51 3,647 --------- C:\WINDOWS\SYSTEM32\DRIVERS\adv07nt5.dll
2007-04-18 16:51 3,615 --------- C:\WINDOWS\SYSTEM32\DRIVERS\adv05nt5.dll
2007-04-18 16:51 3,135 --------- C:\WINDOWS\SYSTEM32\DRIVERS\adv08nt5.dll
2007-04-18 16:51 29,455 --------- C:\WINDOWS\SYSTEM32\DRIVERS\ati1xbxx.sys
2007-04-18 16:51 29,056 --------- C:\WINDOWS\SYSTEM32\DRIVERS\ip6fw.sys
2007-04-18 16:51 28,672 --------- C:\WINDOWS\SYSTEM32\DRIVERS\atinsnxx.sys
2007-04-18 16:51 274,304 --------- C:\WINDOWS\SYSTEM32\DRIVERS\bthport.sys
2007-04-18 16:51 262,784 --------- C:\WINDOWS\SYSTEM32\DRIVERS\http.sys
2007-04-18 16:51 26,367 --------- C:\WINDOWS\SYSTEM32\DRIVERS\ati1snxx.sys
2007-04-18 16:51 25,600 --------- C:\WINDOWS\SYSTEM32\DRIVERS\hidbth.sys
2007-04-18 16:51 25,471 --------- C:\WINDOWS\SYSTEM32\DRIVERS\atv04nt5.dll
2007-04-18 16:51 220,032 --------- C:\WINDOWS\SYSTEM32\DRIVERS\hsfbs2s2.sys
2007-04-18 16:51 21,343 --------- C:\WINDOWS\SYSTEM32\DRIVERS\ati1ttxx.sys
2007-04-18 16:51 21,183 --------- C:\WINDOWS\SYSTEM32\DRIVERS\atv01nt5.dll
2007-04-18 16:51 180,360 --------- C:\WINDOWS\SYSTEM32\DRIVERS\ntmtlfax.sys
2007-04-18 16:51 18,944 --------- C:\WINDOWS\SYSTEM32\DRIVERS\bthusb.sys
2007-04-18 16:51 17,279 --------- C:\WINDOWS\SYSTEM32\DRIVERS\atv10nt5.dll
2007-04-18 16:51 17,024 --------- C:\WINDOWS\SYSTEM32\DRIVERS\bthenum.sys
2007-04-18 16:51 166,912 --------- C:\WINDOWS\SYSTEM32\DRIVERS\s3gnbm.sys
2007-04-18 16:51 15,488 --------- C:\WINDOWS\SYSTEM32\DRIVERS\mssmbios.sys
2007-04-18 16:51 15,423 --------- C:\WINDOWS\SYSTEM32\DRIVERS\ch7xxnt5.dll
2007-04-18 16:51 15,104 --------- C:\WINDOWS\SYSTEM32\DRIVERS\hidir.sys
2007-04-18 16:51 14,336 --------- C:\WINDOWS\SYSTEM32\DRIVERS\atinpdxx.sys
2007-04-18 16:51 14,143 --------- C:\WINDOWS\SYSTEM32\DRIVERS\atv06nt5.dll
2007-04-18 16:51 13,824 --------- C:\WINDOWS\SYSTEM32\DRIVERS\atinttxx.sys
2007-04-18 16:51 13,824 --------- C:\WINDOWS\SYSTEM32\DRIVERS\atinmdxx.sys
2007-04-18 16:51 13,776 --------- C:\WINDOWS\SYSTEM32\DRIVERS\recagent.sys
2007-04-18 16:51 13,240 --------- C:\WINDOWS\SYSTEM32\DRIVERS\slwdmsup.sys
2007-04-18 16:51 129,535 --------- C:\WINDOWS\SYSTEM32\DRIVERS\slnt7554.sys
2007-04-18 16:51 128,896 --------- C:\WINDOWS\SYSTEM32\DRIVERS\fltmgr.sys
2007-04-18 16:51 126,686 --------- C:\WINDOWS\SYSTEM32\DRIVERS\mtlmnt5.sys
2007-04-18 16:51 12,672 --------- C:\WINDOWS\SYSTEM32\DRIVERS\usb8023x.sys
2007-04-18 16:51 12,672 --------- C:\WINDOWS\SYSTEM32\DRIVERS\mutohpen.sys
2007-04-18 16:51 12,047 --------- C:\WINDOWS\SYSTEM32\DRIVERS\ati1pdxx.sys
2007-04-18 16:51 11,615 --------- C:\WINDOWS\SYSTEM32\DRIVERS\ati1mdxx.sys
2007-04-18 16:51 11,359 --------- C:\WINDOWS\SYSTEM32\DRIVERS\atv02nt5.dll
2007-04-18 16:51 11,136 --------- C:\WINDOWS\SYSTEM32\DRIVERS\sffdisk.sys
2007-04-18 16:51 104,960 --------- C:\WINDOWS\SYSTEM32\DRIVERS\atinrvxx.sys
2007-04-18 16:51 100,992 --------- C:\WINDOWS\SYSTEM32\DRIVERS\bthpan.sys
2007-04-18 16:51 10,240 --------- C:\WINDOWS\SYSTEM32\DRIVERS\sffp_sd.sys
2007-04-18 16:51 1,309,184 --------- C:\WINDOWS\SYSTEM32\DRIVERS\mtlstrm.sys
2007-04-18 16:51 1,041,536 --------- C:\WINDOWS\SYSTEM32\DRIVERS\hsfdpsp2.sys
2007-04-18 16:50 88,064 --------- C:\WINDOWS\SYSTEM32\p2pnetsh.dll
2007-04-18 16:50 870,784 --------- C:\WINDOWS\SYSTEM32\ati3d1ag.dll
2007-04-18 16:50 86,016 --------- C:\WINDOWS\SYSTEM32\p2pgasvc.dll
2007-04-18 16:50 81,920 --------- C:\WINDOWS\SYSTEM32\ieencode.dll
2007-04-18 16:50 81,408 --------- C:\WINDOWS\SYSTEM32\wscsvc.dll
2007-04-18 16:50 8,192 --------- C:\WINDOWS\SYSTEM32\smbinst.exe
2007-04-18 16:50 78,464 --------- C:\WINDOWS\SYSTEM32\DRIVERS\usbvideo.sys
2007-04-18 16:50 75,776 --------- C:\WINDOWS\SYSTEM32\strmfilt.dll
2007-04-18 16:50 73,832 --------- C:\WINDOWS\SYSTEM32\slcoinst.dll
2007-04-18 16:50 73,796 --------- C:\WINDOWS\SYSTEM32\slserv.exe
2007-04-18 16:50 71,680 --------- C:\WINDOWS\SYSTEM32\blastcln.exe
2007-04-18 16:50 7,680 --------- C:\WINDOWS\SYSTEM32\kbdsmsno.dll
2007-04-18 16:50 7,680 --------- C:\WINDOWS\SYSTEM32\kbdsmsfi.dll
2007-04-18 16:50 7,168 --------- C:\WINDOWS\SYSTEM32\kbdukx.dll
2007-04-18 16:50 7,168 --------- C:\WINDOWS\SYSTEM32\kbdno1.dll
2007-04-18 16:50 7,168 --------- C:\WINDOWS\SYSTEM32\kbdfi1.dll
2007-04-18 16:50 60,416 --------- C:\WINDOWS\SYSTEM32\fwcfg.dll
2007-04-18 16:50 6,656 --------- C:\WINDOWS\SYSTEM32\kbdinmal.dll
2007-04-18 16:50 6,656 --------- C:\WINDOWS\SYSTEM32\kbdinben.dll
2007-04-18 16:50 6,144 --------- C:\WINDOWS\SYSTEM32\kbdmlt48.dll
2007-04-18 16:50 6,144 --------- C:\WINDOWS\SYSTEM32\kbdmlt47.dll
2007-04-18 16:50 6,144 --------- C:\WINDOWS\SYSTEM32\kbdinbe1.dll
2007-04-18 16:50 526,848 --------- C:\WINDOWS\SYSTEM32\p2psvc.dll
2007-04-18 16:50 516,768 --------- C:\WINDOWS\SYSTEM32\ativvaxx.dll
2007-04-18 16:50 50,688 --------- C:\WINDOWS\SYSTEM32\btpanui.dll
2007-04-18 16:50 50,176 --------- C:\WINDOWS\SYSTEM32\xmlprovi.dll
2007-04-18 16:50 5,632 --------- C:\WINDOWS\SYSTEM32\kbdmaori.dll
2007-04-18 16:50 49,152 --------- C:\WINDOWS\SYSTEM32\powercfg.exe
2007-04-18 16:50 48,640 --------- C:\WINDOWS\SYSTEM32\pnrpnsp.dll
2007-04-18 16:50 44,032 --------- C:\WINDOWS\SYSTEM32\twext.dll
2007-04-18 16:50 397,056 --------- C:\WINDOWS\SYSTEM32\s3gnb.dll
2007-04-18 16:50 377,984 --------- C:\WINDOWS\SYSTEM32\ati2dvaa.dll
2007-04-18 16:50 32,866 --------- C:\WINDOWS\SYSTEM32\slrundll.exe
2007-04-18 16:50 32,866 --------- C:\WINDOWS\slrundll.exe
2007-04-18 16:50 32,768 --------- C:\WINDOWS\SYSTEM32\ativtmxx.dll
2007-04-18 16:50 32,285 --------- C:\WINDOWS\SYSTEM32\hsfcisp2.dll
2007-04-18 16:50 312,320 --------- C:\WINDOWS\SYSTEM32\p2pgraph.dll
2007-04-18 16:50 30,208 --------- C:\WINDOWS\SYSTEM32\bthserv.dll
2007-04-18 16:50 29,184 --------- C:\WINDOWS\SYSTEM32\sdhcinst.dll
2007-04-18 16:50 286,792 --------- C:\WINDOWS\SYSTEM32\slextspk.dll
2007-04-18 16:50 25,471 --------- C:\WINDOWS\SYSTEM32\DRIVERS\watv10nt.sys
2007-04-18 16:50 24,576 --------- C:\WINDOWS\SYSTEM32\httpapi.dll
2007-04-18 16:50 23,040 --a------ C:\WINDOWS\SYSTEM32\fltmc.exe
2007-04-18 16:50 229,376 --------- C:\WINDOWS\SYSTEM32\ati2cqag.dll
2007-04-18 16:50 22,271 --------- C:\WINDOWS\SYSTEM32\DRIVERS\watv06nt.sys
2007-04-18 16:50 201,728 --------- C:\WINDOWS\SYSTEM32\ati2dvag.dll
2007-04-18 16:50 20,992 --------- C:\WINDOWS\SYSTEM32\bthci.dll
2007-04-18 16:50 2,113,536 --------- C:\WINDOWS\SYSTEM32\dxdiagn.dll
2007-04-18 16:50 193,024 --------- C:\WINDOWS\SYSTEM32\fsquirt.exe
2007-04-18 16:50 188,508 --------- C:\WINDOWS\SYSTEM32\slgen.dll
2007-04-18 16:50 17,408 --------- C:\WINDOWS\SYSTEM32\winshfhc.dll
2007-04-18 16:50 16,896 --a------ C:\WINDOWS\SYSTEM32\fltlib.dll
2007-04-18 16:50 15,872 --------- C:\WINDOWS\SYSTEM32\w3ssl.dll
2007-04-18 16:50 14,336 --------- C:\WINDOWS\SYSTEM32\auditusr.exe
2007-04-18 16:50 13,824 --------- C:\WINDOWS\SYSTEM32\wscntfy.exe
2007-04-18 16:50 13,824 --------- C:\WINDOWS\SYSTEM32\cmsetacl.dll
2007-04-18 16:50 13,568 --------- C:\WINDOWS\SYSTEM32\DRIVERS\wacompen.sys
2007-04-18 16:50 129,536 --------- C:\WINDOWS\SYSTEM32\xmlprov.dll
2007-04-18 16:50 118,784 --------- C:\WINDOWS\SYSTEM32\msdadiag.dll
2007-04-18 16:50 116,224 --------- C:\WINDOWS\SYSTEM32\p2p.dll
2007-04-18 16:50 11,935 --------- C:\WINDOWS\SYSTEM32\DRIVERS\wadv11nt.sys
2007-04-18 16:50 11,871 --------- C:\WINDOWS\SYSTEM32\DRIVERS\wadv09nt.sys
2007-04-18 16:50 11,807 --------- C:\WINDOWS\SYSTEM32\DRIVERS\wadv07nt.sys
2007-04-18 16:50 11,325 --------- C:\WINDOWS\SYSTEM32\DRIVERS\vchnt5.dll
2007-04-18 16:50 11,295 --------- C:\WINDOWS\SYSTEM32\DRIVERS\wadv08nt.sys
2007-04-18 16:50 108,032 --------- C:\WINDOWS\SYSTEM32\wshbth.dll
2007-04-18 16:50 1,888,992 --------- C:\WINDOWS\SYSTEM32\ati3duag.dll
2007-04-18 16:50 1,737,856 --------- C:\WINDOWS\SYSTEM32\mtxparhd.dll
2007-04-18 16:50 1,689,088 --------- C:\WINDOWS\SYSTEM32\d3d9.dll
2007-04-18 16:50 <DIR> d-------- C:\WINDOWS\provisioning
2007-04-18 16:50 <DIR> d-------- C:\WINDOWS\peernet
2007-04-18 16:45 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-04-18 16:37 22,752 --a------ C:\WINDOWS\SYSTEM32\spupdsvc.exe
2007-04-18 16:32 <DIR> d-------- C:\WINDOWS\EHome
2007-04-18 16:00 21,822,168 --a------ C:\AdbeRdr80_en_US.exe
2007-04-17 12:20 75,291 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\bkpcmxp.sys
2007-04-17 12:20 73,728 --a------ C:\WINDOWS\SYSTEM32\install.dll
2007-04-17 12:20 61,440 --a------ C:\WINDOWS\SYSTEM32\w32n50.dll
2007-04-17 12:20 462,848 --a------ C:\WINDOWS\SYSTEM32\monitorbk.exe
2007-04-17 12:20 36,864 --a------ C:\WINDOWS\SYSTEM32\WRLSetup.exe
2007-04-17 12:20 16,068 --a------ C:\WINDOWS\SYSTEM32\pcandis5.sys
2007-04-17 12:20 <DIR> d-------- C:\Program Files\Belkin
2007-04-12 16:19 <DIR> d-------- C:\Temp
2007-04-12 16:14 545,560 --a------ C:\AdbeRdr80_DLM_en_US.exe
2007-04-11 20:10 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-04-10 19:52 <DIR> d-------- C:\Program Files\Norton Security Scan
2007-04-10 17:33 <DIR> d-------- C:\DOCUME~1\CAMPBE~1\APPLIC~1\Google
2007-04-10 17:12 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-04-10 16:45 <DIR> d-------- C:\Program Files\Google
2007-04-09 23:24 <DIR> d-------- C:\WINDOWS\SYSTEM32\SoftwareDistribution
2007-04-09 21:52 <DIR> d-------- C:\Program Files\Yahoo!
2007-04-09 18:18 465,368 --a------ C:\WINDOWS\SYSTEM32\wuapi.dll
2007-04-09 18:18 41,432 --a------ C:\WINDOWS\SYSTEM32\wups.dll
2007-04-09 18:18 194,520 --a------ C:\WINDOWS\SYSTEM32\wuaueng1.dll
2007-04-09 18:18 174,040 --a------ C:\WINDOWS\SYSTEM32\wuweb.dll
2007-04-09 18:18 172,504 --a------ C:\WINDOWS\SYSTEM32\wuauclt1.exe
2007-04-09 18:18 127,448 --a------ C:\WINDOWS\SYSTEM32\wucltui.dll
2007-04-09 18:18 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-04-03 21:43 <DIR> d-------- C:\Program Files\mIRC
2007-04-03 20:46 <DIR> d-------- C:\DOCUME~1\CAMPBE~1\Contacts
2007-04-03 20:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
2007-04-03 20:42 <DIR> d----c--- C:\WINDOWS\SYSTEM32\DRVSTORE
2007-04-03 20:42 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2007-04-03 20:41 <DIR> d-------- C:\Program Files\MSN Messenger
2007-04-03 20:22 18,040,176 --a------ C:\Install_Messenger_nous.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-05-01 16:13 -------- d--h----- C:\Program Files\installshield installation information
2007-04-23 12:20 44288 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\cdr4_xp.sys
2007-04-23 11:03 -------- d-------- C:\Program Files\messenger
2007-04-23 09:20 -------- d-------- C:\Program Files\digital line detect
2007-04-18 16:50 -------- d-------- C:\Program Files\movie maker
2007-04-18 16:45 -------- d-------- C:\Program Files\windows nt
2007-04-18 16:30 -------- d-------- C:\Program Files\dell
2007-04-17 16:27 -------- d-------- C:\Program Files\epson
2007-04-09 18:18 -------- d--h----- C:\Program Files\windowsupdate
2007-03-17 23:43 292864 --a------ C:\WINDOWS\SYSTEM32\winsrv.dll
2007-03-09 01:36 577536 --a------ C:\WINDOWS\SYSTEM32\user32.dll
2007-03-09 01:36 40960 --a------ C:\WINDOWS\SYSTEM32\mf3216.dll
2007-03-09 01:36 281600 --a------ C:\WINDOWS\SYSTEM32\gdi32.dll
2007-03-08 23:47 1843584 --a------ C:\WINDOWS\SYSTEM32\win32k.sys
2007-02-06 06:17 185344 --a------ C:\WINDOWS\SYSTEM32\upnphost.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE NvQTwk,NvCplDaemon initialize"
"Apoint"="C:\\Program Files\\Apoint\\Apoint.exe"
"DVDSentry"="C:\\WINDOWS\\System32\\DSentry.exe"
"WinampAgent"="\"C:\\Program Files\\Winamp3\\winampa.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Logitech Utility"="Logi_MwX.Exe"
"SSBkgdUpdate"="\"C:\\Program Files\\Common Files\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe\" -Embedding -boot"
"WorkFlowTray"="\"C:\\Program Files\\ScanSoft\\OmniPagePro14.0\\WorkFlowTray.exe\""
"Opware14"="\"C:\\Program Files\\ScanSoft\\OmniPagePro14.0\\Opware14.exe\""
"OpScheduler"="\"C:\\Program Files\\ScanSoft\\OmniPagePro14.0\\OpScheduler.exe\""
"RoxioEngineUtility"="\"C:\\Program Files\\Common Files\\Roxio Shared\\System\\EngUtil.exe\""
"RoxioDragToDisc"="\"C:\\Program Files\\Roxio\\Easy CD Creator 6\\DragToDisc\\DrgToDsc.exe\""
"RoxioAudioCentral"="\"C:\\Program Files\\Roxio\\Easy CD Creator 6\\AudioCentral\\RxMon.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton Security Scan.job
C:\WINDOWS\tasks\SpywareBot Scheduled Scan.job
C:\WINDOWS\tasks\Symantec NetDetect.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-01 16:28:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 07-05-01 16:31:20 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 07-05-01 16:31
C:\ComboFix2.txt ... 07-04-23 15:32
C:\ComboFix3.txt ... 07-04-23 13:55
 
Logfile of HijackThis v1.99.1
Scan saved at 4:51:48 PM, on 1/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\ScanSoft\OmniPagePro14.0\WorkFlowTray.exe
C:\Program Files\ScanSoft\OmniPagePro14.0\Opware14.exe
C:\Program Files\ScanSoft\OmniPagePro14.0\OpScheduler.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SYSTEM32\monitorbk.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Anti-Spyware\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [WorkFlowTray] "C:\Program Files\ScanSoft\OmniPagePro14.0\WorkFlowTray.exe"
O4 - HKLM\..\Run: [Opware14] "C:\Program Files\ScanSoft\OmniPagePro14.0\Opware14.exe"
O4 - HKLM\..\Run: [OpScheduler] "C:\Program Files\ScanSoft\OmniPagePro14.0\OpScheduler.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Belkin PCMCIA WLAN Monitor.lnk = C:\WINDOWS\SYSTEM32\monitorbk.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
 
When I try to enter the service name you gave me it says it cannot be found. I'm glad you know what you're doing because computers drive me nuts!
There has been a huge improvement in the running of the machine since we started fixing it. Right from the start it doesn't redirect me any more.
Tom
 
When I try to enter the service name you gave me it says it cannot be found. I'm glad you know what you're doing because computers drive me nuts!
There has been a huge improvement in the running of the machine since we started fixing it. Right from the start it doesn't redirect me any more.
Tom
Click to expand...

Glad to hear that! However, this thing is still a bit stubborn..


You may want to print these instructions here or save them in notepad since you'll work offline.

Reboot into Safe Mode.

To enter Safe Mode..

Click Start > Turn Off Computer > Restart > Tap F8 key just before Windows starts to load, > This will bring up a Menu > Use your keyboard to scroll to Safe Mode> Hit enter.


*Click start > run > copy and paste this command please:

"%userprofile%\desktop\combofix.exe" /v apwdscfn mntrycpo qchxqoad

Reboot to normal mode then post a fresh HijackThis log.
 
Logfile of HijackThis v1.99.1
Scan saved at 1:08:20 PM, on 3/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\ScanSoft\OmniPagePro14.0\WorkFlowTray.exe
C:\Program Files\ScanSoft\OmniPagePro14.0\Opware14.exe
C:\Program Files\ScanSoft\OmniPagePro14.0\OpScheduler.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\WINDOWS\SYSTEM32\monitorbk.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Anti-Spyware\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [WorkFlowTray] "C:\Program Files\ScanSoft\OmniPagePro14.0\WorkFlowTray.exe"
O4 - HKLM\..\Run: [Opware14] "C:\Program Files\ScanSoft\OmniPagePro14.0\Opware14.exe"
O4 - HKLM\..\Run: [OpScheduler] "C:\Program Files\ScanSoft\OmniPagePro14.0\OpScheduler.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Belkin PCMCIA WLAN Monitor.lnk = C:\WINDOWS\SYSTEM32\monitorbk.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Tom
 
Hi,
sorry it took so long to get back. Long weekend here!

"Campbell Bridge" - 07-05-08 17:24:19 Service Pack 2 [SAFE MODE]
ComboFix 07-04-22.6V - Running from: "C:\Documents and Settings\Campbell Bridge\Desktop\"
Command switches used :: "/v apwdscfn mntrycpo qchxqoad"


((((((((((((((((((((((((((((((( Files Created from 2007-04-08 to 2007-05-08 ))))))))))))))))))))))))))))))))))


2007-05-07 14:29 <DIR> d-------- C:\Program Files\QuickTime
2007-05-04 15:09 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-05-04 15:00 <DIR> d-------- C:\Program Files\Common Files\SYMANT~1
2007-05-01 16:40 <DIR> d-------- C:\Program Files\Skype
2007-05-01 16:40 <DIR> d-------- C:\DOCUME~1\CAMPBE~1\APPLIC~1\Skype
2007-04-23 20:48 <DIR> d-------- C:\WINDOWS\SYSTEM32\LogFiles
2007-04-23 18:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-04-23 13:55 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-04-23 12:23 499,712 --a------ C:\WINDOWS\SYSTEM32\msvcp71.dll
2007-04-23 12:23 348,160 --a------ C:\WINDOWS\SYSTEM32\msvcr71.dll
2007-04-23 12:19 21,299,912 --a------ C:\Program Files\avg75free_463a1000.exe
2007-04-23 10:12 <DIR> d-------- C:\Anti-Spyware
2007-04-23 08:56 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2007-04-22 19:19 <DIR> d-------- C:\WINDOWS\Prefetch
2007-04-22 11:51 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-04-21 20:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-04-21 15:51 <DIR> d-------- C:\Program Files\CCleaner
2007-04-21 12:44 <DIR> d-------- C:\16e7a3799cc4ff36826d19da47c626
2007-04-20 14:47 842,672 --a------ C:\Program Files\slsk156c.exe
2007-04-20 14:47 <DIR> d-------- C:\Program Files\Soulseek
2007-04-20 14:15 28,672 --------- C:\WINDOWS\SYSTEM32\verclsid.exe
2007-04-20 14:06 <DIR> d-------- C:\Program Files\iPod
2007-04-20 14:06 <DIR> d-------- C:\DOCUME~1\CAMPBE~1\APPLIC~1\Apple Computer
2007-04-20 14:05 <DIR> d-------- C:\Program Files\iTunes
2007-04-20 14:03 <DIR> d-------- C:\Program Files\Apple Software Update
2007-04-20 14:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-04-20 14:01 37,860,928 --a------ C:\Program Files\iTunesSetup.exe
2007-04-19 00:26 <DIR> d-------- C:\DOCUME~1\CAMPBE~1\APPLIC~1\AdobeAUM
2007-04-19 00:23 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-04-19 00:10 21,822,168 --a------ C:\Program Files\AdbeRdr80_en_US.exe
2007-04-19 00:05 811,560 --a------ C:\Program Files\GoogleToolbarInstaller_ADBx_en_401019_signed.exe
2007-04-19 00:05 7,050,552 --a------ C:\Program Files\psa30se_en_us.exe
2007-04-18 23:53 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-04-18 23:53 <DIR> d-------- C:\WINDOWS\SYSTEM32\PreInstall
2007-04-18 16:51 95,424 --------- C:\WINDOWS\SYSTEM32\DRIVERS\slnthal.sys
2007-04-18 16:51 9,216 --------- C:\WINDOWS\SYSTEM32\proxycfg.exe
2007-04-18 16:51 73,216 --------- C:\WINDOWS\SYSTEM32\DRIVERS\atintuxx.sys
2007-04-18 16:51 701,440 --------- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys
2007-04-18 16:51 685,056 --------- C:\WINDOWS\SYSTEM32\DRIVERS\hsfcxts2.sys
2007-04-18 16:51 67,584 --------- C:\WINDOWS\SYSTEM32\DRIVERS\sdbus.sys
2007-04-18 16:51 63,663 --------- C:\WINDOWS\SYSTEM32\DRIVERS\ati1rvxx.sys
2007-04-18 16:51 63,488 --------- C:\WINDOWS\SYSTEM32\DRIVERS\atinxsxx.sys
2007-04-18 16:51 6,016 --------- C:\WINDOWS\SYSTEM32\DRIVERS\smbali.sys
2007-04-18 16:51 59,648 --------- C:\WINDOWS\SYSTEM32\DRIVERS\rfcomm.sys
2007-04-18 16:51 59,392 --------- C:\WINDOWS\SYSTEM32\logman.exe
2007-04-18 16:51 57,856 --------- C:\WINDOWS\SYSTEM32\DRIVERS\atinbtxx.sys
2007-04-18 16:51 56,623 --------- C:\WINDOWS\SYSTEM32\DRIVERS\ati1btxx.sys
2007-04-18 16:51 52,224 --------- C:\WINDOWS\SYSTEM32\DRIVERS\atinraxx.sys
2007-04-18 16:51 46,464 --------- C:\WINDOWS\SYSTEM32\DRIVERS\gagp30kx.sys
2007-04-18 16:51 452,736 --------- C:\WINDOWS\SYSTEM32\DRIVERS\mtxparhm.sys
2007-04-18 16:51 44,672 --------- C:\WINDOWS\SYSTEM32\DRIVERS\uagp35.sys
2007-04-18 16:51 404,990 --------- C:\WINDOWS\SYSTEM32\DRIVERS\slntamr.sys
2007-04-18 16:51 4,255 --------- C:\WINDOWS\SYSTEM32\DRIVERS\adv01nt5.dll
2007-04-18 16:51 38,016 --------- C:\WINDOWS\SYSTEM32\DRIVERS\bthmodem.sys
2007-04-18 16:51 36,463 --------- C:\WINDOWS\SYSTEM32\DRIVERS\ati1tuxx.sys
2007-04-18 16:51 36,096 --------- C:\WINDOWS\SYSTEM32\DRIVERS\intelppm.sys
2007-04-18 16:51 35,456 --------- C:\WINDOWS\SYSTEM32\DRIVERS\bthprint.sys
2007-04-18 16:51 34,735 --------- C:\WINDOWS\SYSTEM32\DRIVERS\ati1xsxx.sys
2007-04-18 16:51 327,040 --------- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtaa.sys
2007-04-18 16:51 31,744 --------- C:\WINDOWS\SYSTEM32\DRIVERS\atinxbxx.sys
2007-04-18 16:51 30,671 --------- C:\WINDOWS\SYSTEM32\DRIVERS\ati1raxx.sys
2007-04-18 16:51 30,080 --------- C:\WINDOWS\SYSTEM32\DRIVERS\rndismpx.sys
2007-04-18 16:51 3,967 --------- C:\WINDOWS\SYSTEM32\DRIVERS\adv02nt5.dll
2007-04-18 16:51 3,901 --------- C:\WINDOWS\SYSTEM32\DRIVERS\siint5.dll
2007-04-18 16:51 3,775 --------- C:\WINDOWS\SYSTEM32\DRIVERS\adv11nt5.dll
2007-04-18 16:51 3,711 --------- C:\WINDOWS\SYSTEM32\DRIVERS\adv09nt5.dll
2007-04-18 16:51 3,647 --------- C:\WINDOWS\SYSTEM32\DRIVERS\adv07nt5.dll
2007-04-18 16:51 3,615 --------- C:\WINDOWS\SYSTEM32\DRIVERS\adv05nt5.dll
2007-04-18 16:51 3,135 --------- C:\WINDOWS\SYSTEM32\DRIVERS\adv08nt5.dll
2007-04-18 16:51 29,455 --------- C:\WINDOWS\SYSTEM32\DRIVERS\ati1xbxx.sys
2007-04-18 16:51 29,056 --------- C:\WINDOWS\SYSTEM32\DRIVERS\ip6fw.sys
2007-04-18 16:51 28,672 --------- C:\WINDOWS\SYSTEM32\DRIVERS\atinsnxx.sys
2007-04-18 16:51 274,304 --------- C:\WINDOWS\SYSTEM32\DRIVERS\bthport.sys
2007-04-18 16:51 262,784 --------- C:\WINDOWS\SYSTEM32\DRIVERS\http.sys
2007-04-18 16:51 26,367 --------- C:\WINDOWS\SYSTEM32\DRIVERS\ati1snxx.sys
2007-04-18 16:51 25,600 --------- C:\WINDOWS\SYSTEM32\DRIVERS\hidbth.sys
2007-04-18 16:51 25,471 --------- C:\WINDOWS\SYSTEM32\DRIVERS\atv04nt5.dll
2007-04-18 16:51 220,032 --------- C:\WINDOWS\SYSTEM32\DRIVERS\hsfbs2s2.sys
2007-04-18 16:51 21,343 --------- C:\WINDOWS\SYSTEM32\DRIVERS\ati1ttxx.sys
2007-04-18 16:51 21,183 --------- C:\WINDOWS\SYSTEM32\DRIVERS\atv01nt5.dll
2007-04-18 16:51 180,360 --------- C:\WINDOWS\SYSTEM32\DRIVERS\ntmtlfax.sys
2007-04-18 16:51 18,944 --------- C:\WINDOWS\SYSTEM32\DRIVERS\bthusb.sys
2007-04-18 16:51 17,279 --------- C:\WINDOWS\SYSTEM32\DRIVERS\atv10nt5.dll
2007-04-18 16:51 17,024 --------- C:\WINDOWS\SYSTEM32\DRIVERS\bthenum.sys
2007-04-18 16:51 166,912 --------- C:\WINDOWS\SYSTEM32\DRIVERS\s3gnbm.sys
2007-04-18 16:51 15,488 --------- C:\WINDOWS\SYSTEM32\DRIVERS\mssmbios.sys
2007-04-18 16:51 15,423 --------- C:\WINDOWS\SYSTEM32\DRIVERS\ch7xxnt5.dll
2007-04-18 16:51 15,104 --------- C:\WINDOWS\SYSTEM32\DRIVERS\hidir.sys
2007-04-18 16:51 14,336 --------- C:\WINDOWS\SYSTEM32\DRIVERS\atinpdxx.sys
2007-04-18 16:51 14,143 --------- C:\WINDOWS\SYSTEM32\DRIVERS\atv06nt5.dll
2007-04-18 16:51 13,824 --------- C:\WINDOWS\SYSTEM32\DRIVERS\atinttxx.sys
2007-04-18 16:51 13,824 --------- C:\WINDOWS\SYSTEM32\DRIVERS\atinmdxx.sys
2007-04-18 16:51 13,776 --------- C:\WINDOWS\SYSTEM32\DRIVERS\recagent.sys
2007-04-18 16:51 13,240 --------- C:\WINDOWS\SYSTEM32\DRIVERS\slwdmsup.sys
2007-04-18 16:51 129,535 --------- C:\WINDOWS\SYSTEM32\DRIVERS\slnt7554.sys
2007-04-18 16:51 128,896 --------- C:\WINDOWS\SYSTEM32\DRIVERS\fltmgr.sys
2007-04-18 16:51 126,686 --------- C:\WINDOWS\SYSTEM32\DRIVERS\mtlmnt5.sys
2007-04-18 16:51 12,672 --------- C:\WINDOWS\SYSTEM32\DRIVERS\usb8023x.sys
2007-04-18 16:51 12,672 --------- C:\WINDOWS\SYSTEM32\DRIVERS\mutohpen.sys
2007-04-18 16:51 12,047 --------- C:\WINDOWS\SYSTEM32\DRIVERS\ati1pdxx.sys
2007-04-18 16:51 11,615 --------- C:\WINDOWS\SYSTEM32\DRIVERS\ati1mdxx.sys
2007-04-18 16:51 11,359 --------- C:\WINDOWS\SYSTEM32\DRIVERS\atv02nt5.dll
2007-04-18 16:51 11,136 --------- C:\WINDOWS\SYSTEM32\DRIVERS\sffdisk.sys
2007-04-18 16:51 104,960 --------- C:\WINDOWS\SYSTEM32\DRIVERS\atinrvxx.sys
2007-04-18 16:51 100,992 --------- C:\WINDOWS\SYSTEM32\DRIVERS\bthpan.sys
2007-04-18 16:51 10,240 --------- C:\WINDOWS\SYSTEM32\DRIVERS\sffp_sd.sys
2007-04-18 16:51 1,309,184 --------- C:\WINDOWS\SYSTEM32\DRIVERS\mtlstrm.sys
2007-04-18 16:51 1,041,536 --------- C:\WINDOWS\SYSTEM32\DRIVERS\hsfdpsp2.sys
2007-04-18 16:50 88,064 --------- C:\WINDOWS\SYSTEM32\p2pnetsh.dll
2007-04-18 16:50 870,784 --------- C:\WINDOWS\SYSTEM32\ati3d1ag.dll
2007-04-18 16:50 86,016 --------- C:\WINDOWS\SYSTEM32\p2pgasvc.dll
2007-04-18 16:50 81,920 --------- C:\WINDOWS\SYSTEM32\ieencode.dll
2007-04-18 16:50 81,408 --------- C:\WINDOWS\SYSTEM32\wscsvc.dll
2007-04-18 16:50 8,192 --------- C:\WINDOWS\SYSTEM32\smbinst.exe
2007-04-18 16:50 78,464 --------- C:\WINDOWS\SYSTEM32\DRIVERS\usbvideo.sys
2007-04-18 16:50 75,776 --------- C:\WINDOWS\SYSTEM32\strmfilt.dll
2007-04-18 16:50 73,832 --------- C:\WINDOWS\SYSTEM32\slcoinst.dll
2007-04-18 16:50 73,796 --------- C:\WINDOWS\SYSTEM32\slserv.exe
2007-04-18 16:50 71,680 --------- C:\WINDOWS\SYSTEM32\blastcln.exe
2007-04-18 16:50 7,680 --------- C:\WINDOWS\SYSTEM32\kbdsmsno.dll
2007-04-18 16:50 7,680 --------- C:\WINDOWS\SYSTEM32\kbdsmsfi.dll
2007-04-18 16:50 7,168 --------- C:\WINDOWS\SYSTEM32\kbdukx.dll
2007-04-18 16:50 7,168 --------- C:\WINDOWS\SYSTEM32\kbdno1.dll
2007-04-18 16:50 7,168 --------- C:\WINDOWS\SYSTEM32\kbdfi1.dll
2007-04-18 16:50 60,416 --------- C:\WINDOWS\SYSTEM32\fwcfg.dll
2007-04-18 16:50 6,656 --------- C:\WINDOWS\SYSTEM32\kbdinmal.dll
2007-04-18 16:50 6,656 --------- C:\WINDOWS\SYSTEM32\kbdinben.dll
2007-04-18 16:50 6,144 --------- C:\WINDOWS\SYSTEM32\kbdmlt48.dll
2007-04-18 16:50 6,144 --------- C:\WINDOWS\SYSTEM32\kbdmlt47.dll
2007-04-18 16:50 6,144 --------- C:\WINDOWS\SYSTEM32\kbdinbe1.dll
2007-04-18 16:50 526,848 --------- C:\WINDOWS\SYSTEM32\p2psvc.dll
2007-04-18 16:50 516,768 --------- C:\WINDOWS\SYSTEM32\ativvaxx.dll
2007-04-18 16:50 50,688 --------- C:\WINDOWS\SYSTEM32\btpanui.dll
2007-04-18 16:50 50,176 --------- C:\WINDOWS\SYSTEM32\xmlprovi.dll
2007-04-18 16:50 5,632 --------- C:\WINDOWS\SYSTEM32\kbdmaori.dll
2007-04-18 16:50 49,152 --------- C:\WINDOWS\SYSTEM32\powercfg.exe
2007-04-18 16:50 48,640 --------- C:\WINDOWS\SYSTEM32\pnrpnsp.dll
2007-04-18 16:50 44,032 --------- C:\WINDOWS\SYSTEM32\twext.dll
2007-04-18 16:50 397,056 --------- C:\WINDOWS\SYSTEM32\s3gnb.dll
2007-04-18 16:50 377,984 --------- C:\WINDOWS\SYSTEM32\ati2dvaa.dll
2007-04-18 16:50 32,866 --------- C:\WINDOWS\SYSTEM32\slrundll.exe
2007-04-18 16:50 32,866 --------- C:\WINDOWS\slrundll.exe
2007-04-18 16:50 32,768 --------- C:\WINDOWS\SYSTEM32\ativtmxx.dll
2007-04-18 16:50 32,285 --------- C:\WINDOWS\SYSTEM32\hsfcisp2.dll
2007-04-18 16:50 312,320 --------- C:\WINDOWS\SYSTEM32\p2pgraph.dll
2007-04-18 16:50 30,208 --------- C:\WINDOWS\SYSTEM32\bthserv.dll
2007-04-18 16:50 29,184 --------- C:\WINDOWS\SYSTEM32\sdhcinst.dll
2007-04-18 16:50 286,792 --------- C:\WINDOWS\SYSTEM32\slextspk.dll
2007-04-18 16:50 25,471 --------- C:\WINDOWS\SYSTEM32\DRIVERS\watv10nt.sys
2007-04-18 16:50 24,576 --------- C:\WINDOWS\SYSTEM32\httpapi.dll
2007-04-18 16:50 23,040 --a------ C:\WINDOWS\SYSTEM32\fltmc.exe
2007-04-18 16:50 229,376 --------- C:\WINDOWS\SYSTEM32\ati2cqag.dll
2007-04-18 16:50 22,271 --------- C:\WINDOWS\SYSTEM32\DRIVERS\watv06nt.sys
2007-04-18 16:50 201,728 --------- C:\WINDOWS\SYSTEM32\ati2dvag.dll
2007-04-18 16:50 20,992 --------- C:\WINDOWS\SYSTEM32\bthci.dll
2007-04-18 16:50 2,113,536 --------- C:\WINDOWS\SYSTEM32\dxdiagn.dll
2007-04-18 16:50 193,024 --------- C:\WINDOWS\SYSTEM32\fsquirt.exe
2007-04-18 16:50 188,508 --------- C:\WINDOWS\SYSTEM32\slgen.dll
2007-04-18 16:50 17,408 --------- C:\WINDOWS\SYSTEM32\winshfhc.dll
2007-04-18 16:50 16,896 --a------ C:\WINDOWS\SYSTEM32\fltlib.dll
2007-04-18 16:50 15,872 --------- C:\WINDOWS\SYSTEM32\w3ssl.dll
2007-04-18 16:50 14,336 --------- C:\WINDOWS\SYSTEM32\auditusr.exe
2007-04-18 16:50 13,824 --------- C:\WINDOWS\SYSTEM32\wscntfy.exe
2007-04-18 16:50 13,824 --------- C:\WINDOWS\SYSTEM32\cmsetacl.dll
2007-04-18 16:50 13,568 --------- C:\WINDOWS\SYSTEM32\DRIVERS\wacompen.sys
2007-04-18 16:50 129,536 --------- C:\WINDOWS\SYSTEM32\xmlprov.dll
2007-04-18 16:50 118,784 --------- C:\WINDOWS\SYSTEM32\msdadiag.dll
2007-04-18 16:50 116,224 --------- C:\WINDOWS\SYSTEM32\p2p.dll
2007-04-18 16:50 11,935 --------- C:\WINDOWS\SYSTEM32\DRIVERS\wadv11nt.sys
2007-04-18 16:50 11,871 --------- C:\WINDOWS\SYSTEM32\DRIVERS\wadv09nt.sys
2007-04-18 16:50 11,807 --------- C:\WINDOWS\SYSTEM32\DRIVERS\wadv07nt.sys
2007-04-18 16:50 11,325 --------- C:\WINDOWS\SYSTEM32\DRIVERS\vchnt5.dll
2007-04-18 16:50 11,295 --------- C:\WINDOWS\SYSTEM32\DRIVERS\wadv08nt.sys
2007-04-18 16:50 108,032 --------- C:\WINDOWS\SYSTEM32\wshbth.dll
2007-04-18 16:50 1,888,992 --------- C:\WINDOWS\SYSTEM32\ati3duag.dll
2007-04-18 16:50 1,737,856 --------- C:\WINDOWS\SYSTEM32\mtxparhd.dll
2007-04-18 16:50 1,689,088 --------- C:\WINDOWS\SYSTEM32\d3d9.dll
2007-04-18 16:50 <DIR> d-------- C:\WINDOWS\provisioning
2007-04-18 16:50 <DIR> d-------- C:\WINDOWS\peernet
2007-04-18 16:45 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-04-18 16:37 22,752 --a------ C:\WINDOWS\SYSTEM32\spupdsvc.exe
2007-04-18 16:32 <DIR> d-------- C:\WINDOWS\EHome
2007-04-18 16:00 21,822,168 --a------ C:\AdbeRdr80_en_US.exe
2007-04-17 12:20 75,291 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\bkpcmxp.sys
2007-04-17 12:20 73,728 --a------ C:\WINDOWS\SYSTEM32\install.dll
2007-04-17 12:20 61,440 --a------ C:\WINDOWS\SYSTEM32\w32n50.dll
2007-04-17 12:20 462,848 --a------ C:\WINDOWS\SYSTEM32\monitorbk.exe
2007-04-17 12:20 36,864 --a------ C:\WINDOWS\SYSTEM32\WRLSetup.exe
2007-04-17 12:20 16,068 --a------ C:\WINDOWS\SYSTEM32\pcandis5.sys
2007-04-17 12:20 <DIR> d-------- C:\Program Files\Belkin
2007-04-12 16:19 <DIR> d-------- C:\Temp
2007-04-12 16:14 545,560 --a------ C:\AdbeRdr80_DLM_en_US.exe
2007-04-11 20:10 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-04-10 19:52 <DIR> d-------- C:\Program Files\Norton Security Scan
2007-04-10 17:33 <DIR> d-------- C:\DOCUME~1\CAMPBE~1\APPLIC~1\Google
2007-04-10 17:12 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-04-10 16:45 <DIR> d-------- C:\Program Files\Google
2007-04-09 23:24 <DIR> d-------- C:\WINDOWS\SYSTEM32\SoftwareDistribution
2007-04-09 21:52 <DIR> d-------- C:\Program Files\Yahoo!
2007-04-09 18:18 465,368 --a------ C:\WINDOWS\SYSTEM32\wuapi.dll
2007-04-09 18:18 41,432 --a------ C:\WINDOWS\SYSTEM32\wups.dll
2007-04-09 18:18 194,520 --a------ C:\WINDOWS\SYSTEM32\wuaueng1.dll
2007-04-09 18:18 174,040 --a------ C:\WINDOWS\SYSTEM32\wuweb.dll
2007-04-09 18:18 172,504 --a------ C:\WINDOWS\SYSTEM32\wuauclt1.exe
2007-04-09 18:18 127,448 --a------ C:\WINDOWS\SYSTEM32\wucltui.dll
2007-04-09 18:18 <DIR> d-------- C:\WINDOWS\SoftwareDistribution


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-05-07 18:34 -------- d-------- C:\Program Files\mirc
2007-05-01 16:13 -------- d--h----- C:\Program Files\installshield installation information
2007-04-23 12:20 44288 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\cdr4_xp.sys
2007-04-23 11:03 -------- d-------- C:\Program Files\messenger
2007-04-23 09:23 -------- d-------- C:\Program Files\msn messenger
2007-04-23 09:20 -------- d-------- C:\Program Files\digital line detect
2007-04-21 19:49 -------- d-------- C:\Program Files\windows live toolbar
2007-04-18 16:50 -------- d-------- C:\Program Files\movie maker
2007-04-18 16:45 -------- d-------- C:\Program Files\windows nt
2007-04-18 16:30 -------- d-------- C:\Program Files\dell
2007-04-17 16:27 -------- d-------- C:\Program Files\epson
2007-04-09 18:18 -------- d--h----- C:\Program Files\windowsupdate
2007-04-03 20:22 18040176 --a------ C:\Install_Messenger_nous.exe
2007-03-17 23:43 292864 --a------ C:\WINDOWS\SYSTEM32\winsrv.dll
2007-03-09 01:36 577536 --a------ C:\WINDOWS\SYSTEM32\user32.dll
2007-03-09 01:36 40960 --a------ C:\WINDOWS\SYSTEM32\mf3216.dll
2007-03-09 01:36 281600 --a------ C:\WINDOWS\SYSTEM32\gdi32.dll
2007-03-08 23:47 1843584 --a------ C:\WINDOWS\SYSTEM32\win32k.sys


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE NvQTwk,NvCplDaemon initialize"
"Apoint"="C:\\Program Files\\Apoint\\Apoint.exe"
"DVDSentry"="C:\\WINDOWS\\System32\\DSentry.exe"
"WinampAgent"="\"C:\\Program Files\\Winamp3\\winampa.exe\""
"Logitech Utility"="Logi_MwX.Exe"
"SSBkgdUpdate"="\"C:\\Program Files\\Common Files\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe\" -Embedding -boot"
"WorkFlowTray"="\"C:\\Program Files\\ScanSoft\\OmniPagePro14.0\\WorkFlowTray.exe\""
"Opware14"="\"C:\\Program Files\\ScanSoft\\OmniPagePro14.0\\Opware14.exe\""
"OpScheduler"="\"C:\\Program Files\\ScanSoft\\OmniPagePro14.0\\OpScheduler.exe\""
"RoxioEngineUtility"="\"C:\\Program Files\\Common Files\\Roxio Shared\\System\\EngUtil.exe\""
"RoxioDragToDisc"="\"C:\\Program Files\\Roxio\\Easy CD Creator 6\\DragToDisc\\DrgToDsc.exe\""
"RoxioAudioCentral"="\"C:\\Program Files\\Roxio\\Easy CD Creator 6\\AudioCentral\\RxMon.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton Security Scan.job
C:\WINDOWS\tasks\SpywareBot Scheduled Scan.job
C:\WINDOWS\tasks\Symantec NetDetect.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-08 17:27:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 07-05-08 17:27:51
C:\ComboFix-quarantined-files.txt ... 07-05-08 17:27
C:\ComboFix2.txt ... 07-05-02 17:37
C:\ComboFix3.txt ... 07-05-01 16:31
C:\ComboFix4.txt ... 07-05-02 17:59

Tom
 
Much better thanks! It's not the newest machine so it's not too quick by nature, but it's heaps better than it was. Plus I'm not getting my searches redirected any more, which was really annoying! Thanks very much for your help, it is much appreciated. Is there anything else I should do now?
Tom
 
Is there anything else I should do now?
Click to expand...

Yes, read my prevention tips and that's an order!...

Just kidding, but it would help a lot if you take time to read these stuff :D:

Congratulations! Your log looks clean!


This is a good time to clear your existing system restore points and establish a new clean restore point:
  • Go to Start > All Programs > Accessories > System Tools > System Restore
  • Select Create a restore point, and Ok it.
  • Next, go to Start > Run and type in cleanmgr
  • Select the More options tab
  • Choose the option to clean up system restore and OK it.

    This will remove all restore points except the new one you just created.
______________________
Here are some free programs I recommend that could help you improve your pc's security.

Firewall Application - Although Windows Xp comes with a firewall, you should not rely on it because the Windows Firewall can only filter incoming data; outgoing traffic is not controlled, meaning that malware/viruses that are present in your computer can access the internet with no restrictions. There are several other Firewall that can protect you better by filtering incoming and outgoing data. Make sure you get only one of these.

» ZoneAlarm
» Kerio

Install SpyWare Blaster
~You can download it from here
~You can read the tutorial on how to use Spyware Blaster here

Install WinPatrol
~You can download it from here
~You can get some information about how WinPatrol works here

IESpyAds
~You can download it from here
~If you want to know how IEspyads work you can take a look at it here
~Please note that IESpyAds only works with Internet Explorer.

Note: Make sure you update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.

Please check out Tony Klein's article "How did I get infected in the first place?"

Happy safe surfing!
 
Glad we could be of assistance :bigthumb:

Since the problem has been resolved, this topic is now closed and archived. If you need it re-opened please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.
 
You must log in or register to reply here.
Back
Top