Got rid of Braviax, now have Brastk.exe

[Blender]

Before I forget -- we should restore those support.com files DrWeb removed.
Program was installed by the PC manufacturer & is OK.

Look in here:
C:\documents & settings\Denice\DoctorWeb\quarantaine

For:

sdcmon.dll

Copy that file to these folders:
C:\Program Files\Support.com\backup\sd
C:\Program Files\Support.com\bin

tgupdate.exe

Copy that file to these folders:
C:\Program Files\Support.com\backup\tg
C:\Program Files\Support.com\bin

No immediate need for reboot.
Let me know if that went OK.

 

[Fatboy_97]

Man -- I would love to know what the heck you hit. :spider:

You and me both!

 

[Fatboy_97]

Here's the Combofix log:

ComboFix 08-11-18.04 - Dennis 2008-11-18 23:13:25.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.657 [GMT -8:00]
Running from: c:\documents and settings\Dennis\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Dennis\Desktop\cfscript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\DinerDash.1.0.0.80 . . . . failed to delete
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67 . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ALERTERRASAUTOATICLR_OPTIMIZATION_V2.0.50727_32
-------\Legacy_ALERTERRPCSS
-------\Legacy_APPMGMTCISVC
-------\Legacy_APPMGMTCISVCFASTUSERSWITCHINGCOMPATIBILITY
-------\Legacy_APPMGMTFASTUSERSWITCHINGCOMPATIBILITY
-------\Legacy_APPMGMTFASTUSERSWITCHINGCOMPATIBILITYTRKWKSIMAPISERVICE
-------\Legacy_APPMGMTFASTUSERSWITCHINGCOMPATIBILITYTRKWKSIMAPISERVICEMESSENGERRSVP
-------\Legacy_APPMGMTFASTUSERSWITCHINGCOMPATIBILITYTRKWKSIMAPISERVICENETMAN
-------\Legacy_APPMGMTFASTUSERSWITCHINGCOMPATIBILITYTRKWKSIMAPISERVICE_PMSP_SERVICE
-------\Legacy_ASPNET_STATELMHOSTS
-------\Legacy_ATICLR_OPTIMIZATION_V2.0.50727_32
-------\Legacy_ATICLR_OPTIMIZATION_V2.0.50727_32APPMGMTFASTUSERSWITCHINGCOMPATIBILITYTRKWKSIMAPISERVICE
-------\Legacy_AUDIOSRVRDSESSMGR
-------\Legacy_BITSDCOMLAUNCH
-------\Legacy_BROWSERASPNET_STATELMHOSTS
-------\Legacy_BROWSERWUAUSERV
-------\Legacy_BROWSERWUAUSERVALG
-------\Legacy_BROWSERWUAUSERVW32TIMESPOOLERNVSVC
-------\Legacy_CLIPSRVSSDPSRVEVENTSYSTEMWUAUSERVEVENTLOGIMAPISERVICEGUSVC
-------\Legacy_CLR_OPTIMIZATION_V2.0.50727_32RASMAN
-------\Legacy_COMSYSAPPFASTUSERSWITCHINGCOMPATIBILITY
-------\Legacy_COMSYSAPPFASTUSERSWITCHINGCOMPATIBILITYWMPNETWORKSVCWEBCLIENT
-------\Legacy_DHCPNETMAN
-------\Legacy_DMADMINEVENTLOG
-------\Legacy_DNSCACHEGUSVC
-------\Legacy_EVENTSYSTEMGUSVC
-------\Legacy_EVENTSYSTEMGUSVCWMPNETWORKSVC
-------\Legacy_GUSVCSTISVC
-------\Legacy_HIDSERVASPNET_STATE
-------\Legacy_LMHOSTSNTLMSSP
-------\Legacy_MESSENGERRSVP
-------\Legacy_MSDTCWZCSVC
-------\Legacy_MSDTCWZCSVCAPPMGMTCISVCFASTUSERSWITCHINGCOMPATIBILITY
-------\Legacy_MSDTCWZCSVCAPPMGMTCISVCFASTUSERSWITCHINGCOMPATIBILITY_SMART
-------\Legacy_MSISERVERTRKWKSALG
-------\Legacy_NETDDECLR_OPTIMIZATION_V2.0.50727_32
-------\Legacy_NETDDEDSDMGUSVCSTISVC
-------\Legacy_NETDDEDSDM_SMART
-------\Legacy_NETMANSAMSS
-------\Legacy_NETMANWMPNETWORKSVCNTMSSVC
-------\Legacy_NLASENS
-------\Legacy_NVSVCHKMSVC
-------\Legacy_NVSVCREMOTEACCESS
-------\Legacy_NVSVCREMOTEACCESSDHCPNETMAN
-------\Legacy_POLICYAGENTWEBCLIENT
-------\Legacy_POLICYAGENTWEBCLIENTWMIAPSRV
-------\Legacy_RASAUTOATICLR_OPTIMIZATION_V2.0.50727_32
-------\Legacy_REMOTEACCESSNTLMSSP
-------\Legacy_REMOTEACCESSPOLICYAGENTWEBCLIENT
-------\Legacy_RPCLOCATORREMOTEACCESSNTLMSSP
-------\Legacy_SCARDSVRTHEMES
-------\Legacy_SECLOGONALG
-------\Legacy_SHAREDACCESSWMPNETWORKSVCNTMSSVC
-------\Legacy_SHELLHWDETECTIONIDRIVERT
-------\Legacy_SHELLHWDETECTIONIDRIVERTPLUGPLAY
-------\Legacy_SHELLHWDETECTIONIDRIVERTPLUGPLAYNVSVCREMOTEACCESS
-------\Legacy_SHELLHWDETECTIONIDRIVERTPLUGPLAYRPCLOCATORREMOTEACCESSNTLMSSP
-------\Legacy_SHELLHWDETECTION_SERVICE_FOR_CDROM_ACCESS
-------\Legacy_SPOOLERAUDIOSRVRDSESSMGR
-------\Legacy_SPOOLERAUDIOSRVRDSESSMGRTRKWKSALGSSDPSRVEVENTSYSTEMWUAUSERVEVENTLOGIMAPISERVICEGUSVC
-------\Legacy_SPOOLERNVSVC
-------\Legacy_SPOOLER_SMART
-------\Legacy_SSDPSRVEVENTSYSTEM
-------\Legacy_SSDPSRVEVENTSYSTEMWUAUSERVEVENTLOGIMAPISERVICEGUSVC
-------\Legacy_SWPRVSHAREDACCESS
-------\Legacy_SYSMONLOGAPPMGMTCISVCFASTUSERSWITCHINGCOMPATIBILITY
-------\Legacy_TRKWKSALG
-------\Legacy_TRKWKSALGSSDPSRVEVENTSYSTEMWUAUSERVEVENTLOGIMAPISERVICEGUSVC
-------\Legacy_TRKWKSIMAPISERVICE
-------\Legacy_TRKWKSLANMANSERVER
-------\Legacy_TRKWKSNETMANSAMSS
-------\Legacy_UPSAUDIOSRVRDSESSMGR
-------\Legacy_W32TIMESPOOLERNVSVC
-------\Legacy_WINMGMTWMDMPMSNASPNET_STATELMHOSTS
-------\Legacy_WMDMPMSNASPNET_STATELMHOSTS
-------\Legacy_WMIAPSRVAPPMGMTCISVCFASTUSERSWITCHINGCOMPATIBILITY
-------\Legacy_WMIAPSRVREMOTEACCESSNTLMSSP
-------\Legacy_WMPNETWORKSVCNTMSSVC
-------\Legacy_WMPNETWORKSVCNTMSSVCTERMSERVICE
-------\Legacy_WMPNETWORKSVCWEBCLIENT
-------\Legacy_WMPNETWORKSVCWEBCLIENTDHCP
-------\Legacy_WSCSVCDHCP
-------\Legacy_WUAUSERVDHCP
-------\Legacy_WUAUSERVEVENTLOG
-------\Legacy_WUAUSERVEVENTLOGIMAPISERVICE
-------\Legacy_WUAUSERVEVENTLOGIMAPISERVICEGUSVC
-------\Service_AlerterRasAutoAticlr_optimization_v2.0.50727_32
-------\Service_AlerterRpcSs
-------\Service_AppMgmtCiSvc
-------\Service_AppMgmtCiSvcFastUserSwitchingCompatibility
-------\Service_AppMgmtFastUserSwitchingCompatibility
-------\Service_AppMgmtFastUserSwitchingCompatibilityTrkWksImapiService
-------\Service_AppMgmtFastUserSwitchingCompatibilityTrkWksImapiService PMSP Service
-------\Service_AppMgmtFastUserSwitchingCompatibilityTrkWksImapiServiceMessengerRSVP
-------\Service_AppMgmtFastUserSwitchingCompatibilityTrkWksImapiServiceNetman
-------\Service_aspnet_stateLmHosts
-------\Service_Aticlr_optimization_v2.0.50727_32
-------\Service_Aticlr_optimization_v2.0.50727_32AppMgmtFastUserSwitchingCompatibilityTrkWksImapiService
-------\Service_AudioSrvRDSessMgr
-------\Service_BITSDcomLaunch
-------\Service_Browseraspnet_stateLmHosts
-------\Service_Browserwuauserv
-------\Service_BrowserwuauservALG
-------\Service_BrowserwuauservW32TimeSpoolerNVSvc
-------\Service_ClipSrvSSDPSRVEventSystemwuauservEventlogImapiServicegusvc
-------\Service_clr_optimization_v2.0.50727_32RasMan
-------\Service_COMSysAppFastUserSwitchingCompatibility
-------\Service_COMSysAppFastUserSwitchingCompatibilityWMPNetworkSvcWebClient
-------\Service_DhcpNetman
-------\Service_dmadminEventlog
-------\Service_Dnscachegusvc
-------\Service_EventSystemgusvc
-------\Service_EventSystemgusvcWMPNetworkSvc
-------\Service_gusvcstisvc
-------\Service_HidServaspnet_state
-------\Service_LmHostsNtLmSsp
-------\Service_MessengerRSVP
-------\Service_MSDTCWZCSVC
-------\Service_MSDTCWZCSVCAppMgmtCiSvcFastUserSwitchingCompatibility
-------\Service_MSDTCWZCSVCAppMgmtCiSvcFastUserSwitchingCompatibility Smart
-------\Service_MSIServerTrkWksALG
-------\Service_NetDDEclr_optimization_v2.0.50727_32
-------\Service_NetDDEdsdm Smart
-------\Service_NetDDEdsdmgusvcstisvc
-------\Service_NetmanSamSs
-------\Service_NetmanWMPNetworkSvcNtmsSvc
-------\Service_NlaSENS
-------\Service_NVSvchkmsvc
-------\Service_NVSvcRemoteAccess
-------\Service_NVSvcRemoteAccessDhcpNetman
-------\Service_PolicyAgentWebClient
-------\Service_PolicyAgentWebClientWmiApSrv
-------\Service_RasAutoAticlr_optimization_v2.0.50727_32
-------\Service_RemoteAccessNtLmSsp
-------\Service_RemoteAccessPolicyAgentWebClient
-------\Service_RpcLocatorRemoteAccessNtLmSsp
-------\Service_SCardSvrThemes
-------\Service_seclogonALG
-------\Service_SharedAccessWMPNetworkSvcNtmsSvc
-------\Service_ShellHWDetection Service for CDROM Access
-------\Service_ShellHWDetectionIDriverT
-------\Service_ShellHWDetectionIDriverTPlugPlay
-------\Service_ShellHWDetectionIDriverTPlugPlayNVSvcRemoteAccess
-------\Service_ShellHWDetectionIDriverTPlugPlayRpcLocatorRemoteAccessNtLmSsp
-------\Service_Spooler Smart
-------\Service_SpoolerAudioSrvRDSessMgr
-------\Service_SpoolerAudioSrvRDSessMgrTrkWksALGSSDPSRVEventSystemwuauservEventlogImapiServicegusvc
-------\Service_SpoolerNVSvc
-------\Service_SSDPSRVEventSystem
-------\Service_SSDPSRVEventSystemwuauservEventlogImapiServicegusvc
-------\Service_SwPrvSharedAccess
-------\Service_SysmonLogAppMgmtCiSvcFastUserSwitchingCompatibility
-------\Service_TrkWksALG
-------\Service_TrkWksALGSSDPSRVEventSystemwuauservEventlogImapiServicegusvc
-------\Service_TrkWksImapiService
-------\Service_TrkWkslanmanserver
-------\Service_TrkWksNetmanSamSs
-------\Service_UPSAudioSrvRDSessMgr
-------\Service_W32TimeSpoolerNVSvc
-------\Service_winmgmtWmdmPmSNaspnet_stateLmHosts
-------\Service_WmdmPmSNaspnet_stateLmHosts
-------\Service_WmiApSrvAppMgmtCiSvcFastUserSwitchingCompatibility
-------\Service_WmiApSrvRemoteAccessNtLmSsp
-------\Service_WMPNetworkSvcNtmsSvc
-------\Service_WMPNetworkSvcNtmsSvcTermService
-------\Service_WMPNetworkSvcWebClient
-------\Service_WMPNetworkSvcWebClientDhcp
-------\Service_wscsvcDhcp
-------\Service_wuauservDhcp
-------\Service_wuauservEventlog
-------\Service_wuauservEventlogImapiService
-------\Service_wuauservEventlogImapiServicegusvc


((((((((((((((((((((((((( Files Created from 2008-10-19 to 2008-11-19 )))))))))))))))))))))))))))))))
.

2008-11-14 15:14 . 2008-11-14 15:14 250 --a------ c:\windows\gmer.ini
2008-11-10 20:00 . 2008-11-10 21:22 <DIR> d-------- c:\documents and settings\Dennis\DoctorWeb
2008-11-08 17:57 . 2008-11-08 17:57 801,610 --a------ C:\QDATA02.IDX
2008-11-08 16:12 . 2008-11-08 16:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\NVIDIA
2008-11-08 13:39 . 2002-12-04 20:01 820,864 -ra------ c:\windows\system32\drivers\nvmcp.sys
2008-11-08 13:39 . 2002-12-04 20:01 241,664 -ra------ c:\windows\system32\drivers\nvapu.sys
2008-11-08 13:39 . 2002-12-04 20:01 62,336 -ra------ c:\windows\system32\drivers\nvarm.sys
2008-11-08 13:39 . 2002-12-04 20:01 44,032 -ra------ c:\windows\system32\OpenAL32.dll
2008-11-08 13:39 . 2002-12-04 20:01 44,032 -ra------ c:\windows\system32\nvopenal.dll
2008-11-08 13:39 . 2002-12-04 20:01 30,720 -ra------ c:\windows\system32\nvasio.dll
2008-11-08 13:39 . 2002-12-04 20:01 13,056 -ra------ c:\windows\system32\drivers\nvax.sys
2008-11-08 13:39 . 2002-12-04 20:01 5,120 -ra------ c:\windows\system32\ALut.dll
2008-11-08 13:39 . 2002-12-04 20:01 4,096 -ra------ c:\windows\system32\nvack.dll
2008-11-08 13:37 . 2002-08-29 02:01 134,272 --a------ c:\windows\system32\drivers\portcls.sys
2008-11-08 13:37 . 2002-08-29 02:01 134,272 --a--c--- c:\windows\system32\dllcache\portcls.sys
2008-11-08 13:37 . 2002-08-29 01:32 57,856 --a------ c:\windows\system32\drivers\drmk.sys
2008-11-08 13:37 . 2002-08-29 01:32 57,856 --a--c--- c:\windows\system32\dllcache\drmk.sys
2008-11-08 13:37 . 2001-08-17 22:37 22,016 --a------ c:\windows\system32\wdmaud.drv
2008-11-08 13:02 . 2002-10-03 23:23 80,896 -ra------ c:\windows\system32\drivers\NVENET.sys
2008-11-08 13:02 . 2002-10-03 23:23 1,024 -ra------ c:\windows\system32\drivers\jedih2rx.bin
2008-11-08 13:02 . 2002-10-03 23:23 122 -ra------ c:\windows\system32\drivers\ramsed.bin
2008-11-08 13:02 . 2002-10-03 23:23 42 -ra------ c:\windows\system32\drivers\jedireg.pat
2008-11-08 12:55 . 2008-11-08 12:55 3,813 --a------ c:\windows\Ascd_tmp.ini
2008-11-08 12:23 . 2008-11-08 13:04 <DIR> d-------- c:\windows\LastGood.Tmp
2008-11-08 09:59 . 2008-11-08 09:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\nView_Profiles
2008-11-08 09:35 . 2006-10-22 12:22 208,896 --a------ c:\windows\system32\nvudisp.exe
2008-11-08 09:35 . 2008-11-18 23:19 88,566 --a------ c:\windows\system32\nvapps.xml
2008-11-08 09:35 . 2006-10-22 12:22 17,056 --a------ c:\windows\system32\nvdisp.nvu
2008-11-08 09:33 . 2006-10-22 15:06 208,896 --a------ c:\windows\system32\NVUNINST.EXE
2008-11-06 14:28 . 2008-11-06 14:28 <DIR> d-------- c:\documents and settings\Administrator\WINDOWS
2008-11-06 14:28 . 2008-11-06 14:28 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Leadertech
2008-11-04 20:56 . 2008-11-04 21:12 3,484 --a------ c:\windows\system32\PerfStringBackup.TMP
2008-11-04 20:38 . 2002-08-29 04:00 13,463,552 --a--c--- c:\windows\system32\dllcache\hwxjpn.dll
2008-11-04 20:37 . 2001-08-17 22:36 2,134,528 --a--c--- c:\windows\system32\dllcache\EXCH_smtpsnap.dll
2008-11-04 20:36 . 2008-11-04 20:36 23,392 --a------ c:\windows\system32\nscompat.tlb
2008-11-04 20:36 . 2008-11-04 20:36 16,832 --a------ c:\windows\system32\amcompat.tlb
2008-11-04 20:34 . 2002-08-29 04:00 106,562 --a--c--- c:\windows\system32\dllcache\srchctls.dll
2008-11-04 20:34 . 2008-11-04 20:34 749 -rah----- c:\windows\WindowsShell.Manifest
2008-11-04 20:34 . 2008-11-04 20:34 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest
2008-11-04 20:34 . 2008-11-04 20:34 749 -rah----- c:\windows\system32\sapi.cpl.manifest
2008-11-04 20:34 . 2008-11-04 20:34 749 -rah----- c:\windows\system32\ncpa.cpl.manifest
2008-11-04 20:34 . 2008-11-04 20:34 488 -rah----- c:\windows\system32\logonui.exe.manifest
2008-11-04 20:31 . 2002-08-29 04:00 1,267,712 --a--c--- c:\windows\system32\dllcache\cimwin32.dll
2008-11-04 20:26 . 2001-08-17 13:59 50,048 --a------ c:\windows\system32\drivers\DMusic.sys
2008-11-04 20:26 . 2002-08-29 01:32 5,888 --a------ c:\windows\system32\drivers\splitter.sys
2008-11-04 20:11 . 2002-08-29 04:00 24,661 --a------ c:\windows\system32\spxcoins.dll
2008-11-04 20:11 . 2002-08-29 04:00 24,661 --a--c--- c:\windows\system32\dllcache\spxcoins.dll
2008-11-04 20:11 . 2002-08-29 04:00 13,312 --a------ c:\windows\system32\irclass.dll
2008-11-04 20:11 . 2002-08-29 04:00 13,312 --a--c--- c:\windows\system32\dllcache\irclass.dll
2008-11-04 20:10 . 2002-08-29 04:00 1,086,182 -ra------ c:\windows\SET60.tmp
2008-11-04 20:10 . 2002-08-29 04:00 13,608 -ra------ c:\windows\SET75.tmp
2008-11-04 12:36 . 2002-08-29 01:27 56,576 --a------ c:\windows\system32\drivers\redbook.sys
2008-11-04 12:32 . 2002-08-29 03:46 38,024 --a------ c:\windows\system32\drivers\termdd.sys
2008-11-04 12:31 . 2002-08-29 04:00 696,320 --a--c--- c:\windows\system32\dllcache\sapi.dll
2008-11-04 12:31 . 2002-08-29 04:00 147,456 --a--c--- c:\windows\system32\dllcache\sapi.cpl
2008-11-04 12:31 . 2002-08-29 04:00 132,096 --a------ c:\windows\system\WINSPOOL.DRV
2008-11-04 12:31 . 2002-08-29 03:41 71,168 --a------ c:\windows\system32\storprop.dll
2008-11-04 12:31 . 2002-08-29 04:00 22,016 --a--c--- c:\windows\system32\dllcache\agt0408.dll
2008-11-04 12:31 . 2002-08-29 04:00 19,968 --a--c--- c:\windows\system32\dllcache\agt040e.dll
2008-11-04 12:31 . 2002-08-29 04:00 19,456 --a--c--- c:\windows\system32\dllcache\agt041f.dll
2008-11-04 12:31 . 2002-08-29 04:00 19,456 --a--c--- c:\windows\system32\dllcache\agt0419.dll
2008-11-04 12:31 . 2002-08-29 04:00 19,456 --a--c--- c:\windows\system32\dllcache\agt0415.dll
2008-11-04 12:31 . 2002-08-29 04:00 19,456 --a--c--- c:\windows\system32\dllcache\agt0405.dll
2008-11-04 12:31 . 2002-08-29 04:00 10,496 --a------ c:\windows\system32\drivers\irenum.sys
2008-11-04 12:31 . 2002-08-29 04:00 10,496 --a--c--- c:\windows\system32\dllcache\irenum.sys
2008-10-29 19:10 . 2008-10-29 19:10 20,992 --ahs---- c:\windows\system32\accwizh.dll
2008-10-28 19:41 . 2008-10-28 19:41 <DIR> d-------- c:\program files\ERUNT
2008-10-24 21:34 . 2008-10-24 21:34 <DIR> d-------- C:\New Folder
2008-10-24 21:28 . 2008-10-24 21:28 <DIR> d-------- C:\backups
2008-10-20 17:17 . 2008-10-20 17:17 <DIR> d-------- c:\documents and settings\Guest\Application Data\MX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-09 18:39 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-09 18:02 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-09 18:02 --------- d-----w c:\program files\ThreatFire
2008-11-08 18:49 --------- d-----w c:\documents and settings\Dennis\Application Data\MSN6
2008-11-06 23:04 --------- d-----w c:\program files\MSN Messenger
2008-11-03 02:35 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-10-25 03:59 --------- d-----w c:\program files\Trend Micro
2008-10-19 17:37 --------- d-----w c:\program files\EA GAMES
2008-10-05 09:38 --------- d-----w c:\program files\Microsoft Silverlight
2008-09-30 04:45 --------- d-----w c:\program files\Palm
2008-09-30 04:44 --------- d-----w c:\program files\Common Files\Skyscape
2008-09-25 03:28 134,992 ----a-w C:\QDATA02OFXLOG.DAT
2008-09-19 21:20 --------- d-----w c:\program files\Lavasoft
2008-09-19 21:20 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-09-14 20:42 92,672 ----a-w c:\documents and settings\Administrator\KillBox.exe
2006-11-24 21:28 807,624 ----a-w c:\program files\DF_BHD_Pinger_5_0_BHD_TS_v1_5_0_5_-_Creator_Dstructr.zip
2006-07-11 23:00 5,632 --sha-w c:\program files\Thumbs.db
2005-02-10 07:01 79,068,001 ----a-w c:\program files\Blackopsv1.0.zip
2004-03-15 21:29 299,624 ----a-w c:\program files\dxwebsetup.exe
2003-10-16 00:07 2,245 ----a-w c:\program files\_FILES.PFF
2003-10-14 22:49 84 ----a-w c:\program files\UPDATE.WIZ
2003-10-13 22:31 403 ----a-w c:\program files\STARTUP.HTM
2003-10-06 20:29 4,244 ----a-w c:\program files\Gameerr.bin
2003-10-02 17:18 95,377 ----a-w c:\program files\dfvgame.LWF
2003-09-26 22:21 74,534 ----a-w c:\program files\MogSlm04.3di
2003-09-25 23:44 51,529 ----a-w c:\program files\Gametext.bin
2003-09-25 23:04 353,399 ----a-w c:\program files\FAH6b.3di
2003-09-25 23:03 399,366 ----a-w c:\program files\FAH6a.3di
2003-09-25 22:51 644,422 ----a-w c:\program files\fblkhawk.3di
2003-09-25 22:50 668,018 ----a-w c:\program files\fblkhawf.3di
2003-09-25 22:42 649,693 ----a-w c:\program files\fblkhawd.3di
2003-09-24 22:07 116,841 ----a-w c:\program files\ammo.def
2003-09-23 23:55 81,705 ----a-w c:\program files\weapon.def
2003-09-18 21:27 30,647 ----a-w c:\program files\menutxt.bin
2003-09-17 01:29 29,731 ----a-w c:\program files\EMOTE13.bad
2003-09-16 21:46 8,286 ----a-w c:\program files\DELTA01.ADM
2003-09-16 18:04 1,194,796 ----a-w c:\program files\RE_Bsmt.3di
2003-09-16 16:56 49,566 ----a-w c:\program files\MogSlm01.3di
2003-09-15 20:37 73,497 ----a-w c:\program files\dfvmenus.mnu
2003-07-10 21:35 10,538 ----a-w c:\program files\airexp2.ptl
2003-07-10 21:35 1,614 ----a-w c:\program files\bcasings.ptl
2003-07-10 21:35 1,573 ----a-w c:\program files\casings.ptl
2003-07-08 20:47 18,629 ----a-w c:\program files\bird1.pcx
2003-05-30 21:38 4,553 ----a-w c:\program files\ADP_11B.til
2003-05-30 21:38 4,553 ----a-w c:\program files\ADP_11A.til
2003-05-30 21:38 25,647 ----a-w c:\program files\ADP_11B.bms
2003-05-30 21:38 25,647 ----a-w c:\program files\ADP_11A.bms
2003-05-20 21:11 9,173 ----a-w c:\program files\KYLE.WAC
2003-05-07 17:28 225,045 ----a-w c:\program files\Btn_ign.tga
2003-04-17 23:47 185,371 ----a-w c:\program files\FHum50N.3di
2003-04-17 23:32 190,602 ----a-w c:\program files\FHum50X.3di
2003-04-17 23:18 167,321 ----a-w c:\program files\FHum50P.3di
2003-04-17 23:04 167,156 ----a-w c:\program files\FHum50.3di
2003-04-14 23:16 28,805 ----a-w c:\program files\FBK_03a.bms
2003-04-14 23:16 28,793 ----a-w c:\program files\FBK_03b.bms
2003-04-14 23:16 1,540 ----a-w c:\program files\FBK_03b.til
2003-04-14 23:16 1,540 ----a-w c:\program files\FBK_03a.til
2003-04-10 21:58 1,486,671 ----a-w c:\program files\BHD_ups2.tga
2003-04-09 20:47 64,693 ----a-w c:\program files\SPBHD_14.bms
2003-04-09 20:47 2,233 ----a-w c:\program files\SPBHD_14.til
2003-04-04 22:49 242,110 ----a-w c:\program files\Btn_gmdm.tga
2003-04-04 22:33 254,761 ----a-w c:\program files\Btn_zila.tga
2003-04-04 22:27 102,727 ----a-w c:\program files\Btn_lnk2.tga
2003-04-04 22:23 59,374 ----a-w c:\program files\Btn_ext2.tga
2003-03-26 18:43 28,122 ----a-w c:\program files\SDK_01b.bms
2003-03-26 18:43 10,401 ----a-w c:\program files\SDK_01b.til
2003-03-26 18:41 5,140 ----a-w c:\program files\ADK_02b.til
2003-03-26 18:41 30,835 ----a-w c:\program files\ADK_02b.bms
2003-03-26 18:40 30,101 ----a-w c:\program files\ADK_01b.bms
2003-03-26 18:40 10,429 ----a-w c:\program files\ADK_01b.til
2003-03-25 23:32 32,592 ----a-w c:\program files\CTFK_02b.bms
2003-03-25 23:32 10,455 ----a-w c:\program files\CTFK_02b.til
2003-03-25 23:28 30,106 ----a-w c:\program files\ADK_01a.bms
2003-03-25 23:28 10,429 ----a-w c:\program files\ADK_01a.til
2003-03-25 22:21 13,774 ----a-w c:\program files\dfvdbgov.mnu
2003-03-25 18:52 73,378 ----a-w c:\program files\MogBlk07.3DI
2003-03-25 18:16 31,569 ----a-w c:\program files\SDM_01b.bms
2003-03-25 18:15 31,551 ----a-w c:\program files\SDM_01a.bms
2003-03-25 18:09 6,396 ----a-w c:\program files\DMM_01h.til
2003-03-25 18:09 39,417 ----a-w c:\program files\DMM_01h.bms
2003-03-25 18:03 6,396 ----a-w c:\program files\CTFK_03a.til
2003-03-25 18:03 41,222 ----a-w c:\program files\CTFK_03a.bms
2003-03-25 17:59 6,396 ----a-w c:\program files\CTFK_03b.til
2003-03-25 17:59 41,225 ----a-w c:\program files\CTFK_03b.bms
2003-03-24 22:44 6,569 ----a-w c:\program files\zboard.key
2003-03-24 21:13 31,939 ----a-w c:\program files\SDM_02b.bms
2003-03-24 21:01 20,403 ----a-w c:\program files\SDP_01B.bms
2003-03-24 20:52 19,433 ----a-w c:\program files\SDM_01f.bms
2003-03-24 18:54 55,788 ----a-w c:\program files\CTFM_05B.bms
2003-03-24 18:50 55,998 ----a-w c:\program files\CTFM_05A.bms
2003-03-21 23:15 44,500 ----a-w c:\program files\SPBHD_13.bms
2003-03-21 23:15 10,567 ----a-w c:\program files\SPBHD_13.til
2003-03-21 17:18 31,450 ----a-w c:\program files\TKHM_02b.bms
2003-03-21 17:16 31,424 ----a-w c:\program files\TKHM_02a.bms
2003-03-21 17:15 31,537 ----a-w c:\program files\TDMM_02b.bms
2003-03-21 17:13 31,527 ----a-w c:\program files\TDMM_02a.bms
2003-03-21 17:12 3,025 ----a-w c:\program files\SDM_02b.til
2003-03-21 17:10 31,921 ----a-w c:\program files\SDM_02a.bms
2003-03-21 17:10 3,025 ----a-w c:\program files\SDM_02a.til
2003-03-21 17:09 31,625 ----a-w c:\program files\FBM_02b.bms
.

((((((((((((((((((((((((((((( snapshot@2008-11-09_10.03.26.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\11-10-2008\ERDNT.EXE
+ 2008-11-11 03:55:42 7,118,848 ----a-w c:\windows\ERDNT\11-10-2008\Users\00000001\ntuser.dat
+ 2008-11-11 03:55:42 184,320 ----a-w c:\windows\ERDNT\11-10-2008\Users\00000002\UsrClass.dat
+ 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\11-17-2008\ERDNT.EXE
+ 2008-11-18 02:20:50 7,118,848 ----a-w c:\windows\ERDNT\11-17-2008\Users\00000001\ntuser.dat
+ 2008-11-18 02:20:50 184,320 ----a-w c:\windows\ERDNT\11-17-2008\Users\00000002\UsrClass.dat
+ 2008-11-14 23:14:13 884,736 ----a-w c:\windows\gmer.dll
+ 2008-04-18 05:13:02 811,008 ----a-w c:\windows\gmer.exe
- 2008-11-09 17:44:14 233,472 ----a-w c:\windows\system32\config\systemprofile\ntuser.dat
+ 2008-11-19 07:13:17 233,472 ----a-w c:\windows\system32\config\systemprofile\ntuser.dat
+ 2008-11-14 23:14:13 85,969 ----a-w c:\windows\system32\drivers\gmer.sys
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 401491]
"ctfmon.exe"="c:\windows\System32\ctfmon.exe" [2002-08-29 13312]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-18 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneTouch Monitor"="c:\progra~1\VISION~1\ONETOU~2.EXE" [2001-10-16 86016]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2006-10-22 86016]
"nForce Tray Options"="sstray.exe" [2002-11-12 c:\windows\system32\sstray.exe]
"nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-08-12 45056]
DataViz Inc Messenger.lnk - c:\program files\Common Files\DataViz\DvzIncMsgr.exe [2007-12-25 28672]
HOTSYNCSHORTCUTNAME.lnk - c:\program files\Palm\Hotsync.exe [2004-06-09 471040]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= c:\windows\system32\ctmp3.acm
"MSACM.CEGSM"= mobilev.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\Dennis\\Local Settings\\Application Data\\Abacast\\Abaclient.exe"=
"c:\\Documents and Settings\\Dennis\\Local Settings\\Application Data\\Abacast\\Abaclient2.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCPxpsp2res.dll,-22015
"1701:UDP"= 1701:UDPxpsp2res.dll,-22016
"500:UDP"= 500:UDPxpsp2res.dll,-22017

R0 Si3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\System32\DRIVERS\si3112r.sys [2003-05-08 102400]
S2 wscsvc Service for CDROM Access;Security Center wscsvc Service for CDROM Access;ð%€|x
srv []
.
Contents of the 'Scheduled Tasks' folder

2008-11-19 c:\windows\Tasks\User_Feed_Synchronization-{41111FB6-E87B-4712-9635-90034B0CC9F3}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 18:36]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-18 23:18:55
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\wscsvc Service for CDROM Access]
"ImagePath"="ð%€|x\01\09 srv"
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\CTSVCCDA.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\WgaTray.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-11-18 23:28:01 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-19 07:27:56
ComboFix2.txt 2008-11-11 03:48:42
ComboFix3.txt 2008-11-09 18:04:04

Pre-Run: 59,305,562,112 bytes free
Post-Run: 59,285,487,616 bytes free

464 --- E O F --- 2008-09-27 04:11:43

 

[Fatboy_97]

And the new HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:29:28 PM, on 11/18/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WgaTray.exe
C:\PROGRA~1\VISION~1\ONETOU~2.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - http://zone.msn.com/bingame/pppp/default/PiratePoppers.1.0.0.39.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://myspace.oberon-media.com/gam...cd/online/Diner_Dash_3/en/ddfotg.1.0.0.37.cab
O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} (AstoundLauncher Control) - http://zone.msn.com/bingame/jobo/default/AstoundLauncher.cab#version=1,0,0,10
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://myspace.oberon-media.com/gam...5/online/diner_dash/en/DinerDash.1.0.0.80.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Security Center wscsvc Service for CDROM Access (wscsvc Service for CDROM Access) - Unknown owner - C:\WINDOWS\

--
End of file - 7574 bytes

 

[Fatboy_97]

Restoring of the support.com files seemed to go well. Let's keep our fingers crossed.

 

[Blender]

Going well indeed.
That was I think 83 rogue services we nuked.
I don't wanna jinx it but I think we're on the road to recovery

I missed a service.

Click start> run> type cmd and hit enter.
Copy the following line:

sc delete "wscsvc Service for CDROM Access"

Right click in the open cmd window & hit "paste"
Hit enter.
Should get success message.
Exit the cmd window & reboot.

Make an ERUNT backup when done.

Post fresh hijackthis log please.

How is the system running now?

Let's do an online scan too please.
This one don't fix -- only reports.
Whatever it finds we'll deal with.

If you already have used Kaspersky online scanner, please uninstall it via add/remove programs because this is a new version I need you to download.

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.

• The program will install and then begin downloading the latest definition files.
• After the files have been downloaded on the left side of the page in the Scan section select My Computer
• This will start the program and scan your system.
• The scan will take a while, so be patient and let it run.
• Once the scan is complete, click on View scan report
• Now, click on the Save Report as button.
• Save the file to your desktop.
• Copy and paste that information in your next post.

Graphics tutorial available here if needed:

http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif

Logs I need:
New HJT log
KAV log
report on how system is performing.

Thanks

 

[Fatboy_97]

Sorry about the delay. :red:
In response to your questions the system seems to be running fine; just takes forever to load. The Window is starting up screen stays on for at least one and a half minutes. It also takes that long or longer to load Add or Remove Programs in control panel. And when trying to access the Windows Firewall in control panel I get the message "Due to an unidentified problem, Windows cannot display Windows Firewall Settings".

The delay in posting has to do with me following your directions; I did the cmd CD access thing; worked great. I made an Erunt backup OK. I also made an HJT log. Then I started the Kapersky scan and it was going just fine till I moved the cursor to the wrong window while surfing & shut it off.

Anyway I'll start again now. Here's the HJT log for a start; I'll post the KAW log when it finishes.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:00:49 AM, on 11/21/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\VISION~1\ONETOU~2.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - http://zone.msn.com/bingame/pppp/default/PiratePoppers.1.0.0.39.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://myspace.oberon-media.com/gam...cd/online/Diner_Dash_3/en/ddfotg.1.0.0.37.cab
O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} (AstoundLauncher Control) - http://zone.msn.com/bingame/jobo/default/AstoundLauncher.cab#version=1,0,0,10
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://myspace.oberon-media.com/gam...5/online/diner_dash/en/DinerDash.1.0.0.80.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 6955 bytes

 

[Fatboy_97]

I hope this is the KAW scan:

KASPERSKY ONLINE SCANNER 7 REPORT
Friday, November 21, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 1 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, November 21, 2008 12:18:28
Records in database: 1399297


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
A:\
C:\

Scan statistics
Files scanned 93279
Threat name 8
Infected objects 17
Suspicious objects 0
Duration of the scan 02:08:39

File name Threat name Threats count
C:\Documents and Settings\Dennis\DoctorWeb\Quarantine\107cd1bb-1e50329c Infected: Trojan-Downloader.Java.OpenConnection.ao 1

C:\Documents and Settings\Dennis\DoctorWeb\Quarantine\107cd1bb-1e50329c Infected: Trojan.Java.ClassLoader.au 1

C:\Documents and Settings\Dennis\DoctorWeb\Quarantine\107cd1bb-1e50329c Infected: Trojan-Downloader.Java.Agent.a 1

C:\Program Files\downloads\radmin22\RADMIN22.EXE Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.22 3

C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\109.exe.vir Infected: Trojan.Win32.Obfuscated.gx 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\312.exe.vir Infected: Trojan.Win32.Obfuscated.gx 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\453.exe.vir Infected: Trojan.Win32.Obfuscated.gx 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\703.exe.vir Infected: Trojan.Win32.Obfuscated.gx 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\734.exe.vir Infected: Trojan.Win32.Obfuscated.gx 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\765.exe.vir Infected: Trojan.Win32.Obfuscated.gx 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\921.exe.vir Infected: Trojan.Win32.Obfuscated.gx 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\953.exe.vir Infected: Trojan.Win32.Obfuscated.gx 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_Windi26_.sys.zip Infected: Trojan-Downloader.Win32.Mutant.aim 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\_brastk_.exe.zip Infected: Trojan-Downloader.Win32.Agent.amoo 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\~.exe.vir Infected: Trojan-Downloader.Win32.Obfuscated.dro 1

The selected area was scanned.

 

[Blender]

Thanks for the logs.
That was indeed the KAV log.

Looks like everything it detected is contained in quarantine.
We'll clean those up last. They are not a threat to you at the moment.
Only one file I question..

C:\Program Files\downloads\radmin22\RADMIN22.EXE

If you downloaded it on purpose -- fine. It is legit but can be used maliciously if not careful. (like any remote access app)
If you have no idea why it is there then you can delete the "radmin22" folder.

I think we can try installing ServicePack 2.
This should also restore firewall & security center and so on.
If that all goes well .. see about getting your antivirus re-installed.
We've made it this far -- I hate to see you get nabbed now!

Don't re-enable TeaTimer yet tho.

Post new Hijackthis log when done please.
Let me know how it is running.
Check that the windows firewall is running. SP2 access is a bit different.
Open control panel> d. click firewall icon> green = on.
Let me know if it is still slow on starting, etc.

Thanks

 

[Fatboy_97]

Deleted radmin22 file OK and installed SP2 up to the point of restarting. Now it seems the computer is not continuing to load & locking on a screen that shows a graphic for my motherboard; Asus A7N8X. At the bottom of the screen it says:
Press [Tab] to show POST screen; press [Alt]+[F2] to enter AWDFlash utility

This screen started to show up when the other problems showed up, but usually just comes on for awhile, then proceeds to the next screen & continues to load. It froze on this screen today before I loaded SP2, but I was able to just hit the "small" restart button on the front of the pc & it continued to load. As of right now I can't get past this screen.

 

[Fatboy_97]

So this morning I turn on the "big" computer & it loads to the mobo? screen & then right to the next screen and locks again. This is the screen that shows the main processor, memory testing, and access to the BIOS by pressing DEL. It also shows something new:

Trend ChipAwayVirus(R) On Guard Ver 1.65

What the heck is going on now? :sad:

 

[Fatboy_97]

Well got it fired up; found out about the ChipAwayVirus(R) thing being a really old BIOS protection thing; still don't know what the ASUS splash page is all about? At any rate I got SpyBot SD reinstalled & ran it. It found 4 entries:3 Cassova trojans & 1 Right Media browser & removed them. I also started up the Windows Firewall, but did not turn on automatic updates. Here's a new HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19:40 AM, on 11/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\VISION~1\ONETOU~2.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - http://zone.msn.com/bingame/pppp/default/PiratePoppers.1.0.0.39.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://myspace.oberon-media.com/gam...cd/online/Diner_Dash_3/en/ddfotg.1.0.0.37.cab
O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} (AstoundLauncher Control) - http://zone.msn.com/bingame/jobo/default/AstoundLauncher.cab#version=1,0,0,10
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://myspace.oberon-media.com/gam...5/online/diner_dash/en/DinerDash.1.0.0.80.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 7011 bytes

I'll continue to surf & do some reboots then post again with results. Thanks again for your time & patience.

 

[Blender]

Hi,

I can't see SP2 doing anything with the BIOS... odd.

You have an ASUS motherboard which explains the splash screen you are seeing.
Sounds like the settings in bios were changed a bit to show the mobo splash screen & the old AV protection. (its just BIOS protection btw)
Both these can be toggled on/off within the bios setup utility.
You can also toggle off the show POST info.
Be real careful what you change in BIOS when in there. Can screw up alot. :
Make darn sure you write down any changes you make so you can go back & undo changes if you mess it up.

Let's get an antivirus installed before you get hit again.

Avast or Avira sound like good choices to me if you want free.

Avast:
http://www.avast.com/eng/avast_4_home.html

Avira:
http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html

Install one of the above> update it> register it> run system scan & let it fix what it wants.

Let me know how system is after this.
Post new Hijackthis log too please.

Thanks

 

[Fatboy_97]

Installed the avast! scanner. System seems to be working well. Here's the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:47:37 PM, on 11/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\VISION~1\ONETOU~2.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Hardware\Mouse\POINT32.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - http://zone.msn.com/bingame/pppp/default/PiratePoppers.1.0.0.39.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://myspace.oberon-media.com/gam...cd/online/Diner_Dash_3/en/ddfotg.1.0.0.37.cab
O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} (AstoundLauncher Control) - http://zone.msn.com/bingame/jobo/default/AstoundLauncher.cab#version=1,0,0,10
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://myspace.oberon-media.com/gam...5/online/diner_dash/en/DinerDash.1.0.0.80.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 7828 bytes

 

[Blender]

Good to hear things are working well.

Start Hijackthis
Run system scan only & check ths following: (none are bad -- just housecleaning leftovers)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)

If you no longer have Spyware Doctor you can fix this one too:
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll


Close all open windows except Hijackthis & hit "fix checked" then OK.

Exit HIjackthis & reboot.

Go ahead with the remaining windows updates except SP3 for now. (choose "custom" to get past the SP3 prompt)
IE7 and the other critical updates should be fine to go get. Likely several visits/reboots before you get them all.

Post new HJT log & let me know if its still running good.

Thanks

 

[Fatboy_97]

Ok, did all the HJT checklist things; seemed to go well. As you pointed out it took quite a while to get all the Windows updates including IE7, but not SP3. All seems to be running quite well! Thanks so much for all your help!

Here's the latest HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:50:21 PM, on 11/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\VISION~1\ONETOU~2.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Hardware\Mouse\POINT32.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - http://zone.msn.com/bingame/pppp/default/PiratePoppers.1.0.0.39.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://myspace.oberon-media.com/gam...cd/online/Diner_Dash_3/en/ddfotg.1.0.0.37.cab
O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} (AstoundLauncher Control) - http://zone.msn.com/bingame/jobo/default/AstoundLauncher.cab#version=1,0,0,10
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://myspace.oberon-media.com/gam...5/online/diner_dash/en/DinerDash.1.0.0.80.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 7464 bytes

 

[Blender]

Good to hear it is going well

Wanna try SP3? I think its safe to try it.
Make a restore point> reboot then try SP3. (SP3 will make its own restore point but I want our own first lol)
When I installed it -- windows had to repair something in Office & my MSN.
Was Ok after that.

You should also update your Acrobat reader as well. (uninstall old version first)
Some people have trouble with Java 6 update 10.
I sggest installing the Java update & if it is working OK then uninstall Java 6 update 7.
If Jave screws up -- then uninstall update 10 & leave 7.

Java install:
http://www.java.com/getjava/
Acrobat:
http://www.adobe.com/products/acrobat/readstep2.html

If you don't want toolbars offered by these products -- uncheck em before install.

Let me know how updates go & how SP3 went.

 

[Fatboy_97]

SP3, Java, & Adobe installs went well; haven't tested the Java to know if it's gonna work well or not, but did save the old version just in case. The only problem (and it's a minor one) is that the mouse settings seem to need to be refreshed every time I log on. Some buttons don't funtion like they're supposed to. Still workin' on that. Other than that it seems to be working very well, thank you.

 

[Blender]

Hi,

Good to hear things went well.
May want to check manufacturer of the mouse to check for driver/software updates.

Let me know in a couple days if everything is still OK & we'll clean up our battle tools. :bigthumb:

 

[tashi]

How is it going Fatboy_97.