edwardbill

Members
  • Content Count

    34
  • Joined

  • Last visited

Everything posted by edwardbill

  1. Hello. I would greatly appreciate any help someone can give to help me rid my system of the Win32:Malware-gen. I have attached a new HiJackThis log. Thanks!
  2. Thank you again for all of your patience and help. This forum is wonderful and volunteers like you are so appreciated. Thanks again and have a great summer. Sincerely, Billy-Boy
  3. But I thought my computer was definitely infected with a Trojan virus? Should I run the Kaspersky Virus Removal Tool and Delete or Quarintine the found infected files? Also, the Kapersky Online Virus Tool found a few things but I guess they are the same as the ones the Kapersky Virus Removal Tool found? Do I need to do a final HijackThis log? Thanks for everything.
  4. What's my next move? Also, I know I have way too many running processes, which also slows down my computer. Do you have any ideas about helping out with this? Also, could I send you the DDS and Attach logs to look at for my laptop when we are done with my desktop? Thanks
  5. Hello. I ended up using the Kaspersky Virus Removal Tool and am including the AVPT.txt results file. I had a message at the end which said; Scan Alert - Detected Trojan-Spy.HTML.Fraud.gen Email message body contains Trojan Program... and cannot be disinfected Theen there were option sto Quarintine, Skip or Delete. I chose Skip all which then ended the scan and I was able to generate the report. I also uninstalled and restrted the computer. It looks as if these results are a little different from the earlier scan of my C drive? It also seems that the External Hard Drive is clean? Thanks again. I hope your weekend was nice. Scan ---- Scanned: 1372082 Detected: 6 Untreated: 6 Start time: 6/27/2009 3:32:46 PM Duration: 1 days 06:11:10 Finish time: 6/28/2009 9:43:56 PM Detected -------- Status Object ------ ------ detected: Trojan program Trojan-Spy.HTML.Fraud.gen (modification) Email message body: BillyK\Local Folders\Inbox\[From:"Bank of America Associate Discount Program" <[email protected]>][subject:Billy Koontz, July 2008 Bank of America Associate Discount Program Savings Update][Time:2008/08/21 20:12:51]/text/html detected: Trojan program Trojan-Spy.HTML.Fraud.gen (modification) Email message body: BillyK\Local Folders\Inbox\[From:"Bank of America Associate Discount Program" <[email protected]>][subject:Bank of America Associate Discount Program Holiday Savings Program][Time:2008/10/22 20:45:47]/text/html detected: Trojan program Trojan-Spy.HTML.Fraud.gen (modification) Email message body: BillyK\Local Folders\Inbox\[From:"Bank of America Associate Discount Program" <[email protected]>][subject:Billy Koontz, October 2008 Bank of America Associate Discount Program Savings Update][Time:2008/11/12 20:48:06]/text/html detected: Trojan program Trojan-Spy.HTML.Fraud.gen (modification) Email message body: BillyK\Local Folders\Inbox\[From:"Bank of America Associate Discount Program" <[email protected]>][subject:Billy, Your Account Has Been Upgraded][Time:2009/01/14 23:14:22]/text/html detected: Trojan program Trojan-Spy.HTML.Fraud.gen (modification) Email message body: BillyK\Local Folders\Inbox\[From:"Bank of America Associate Discount Program" <[email protected]>][subject:Top 10 Editor's Picks on Bank of America Associate Discount Program][Time:2009/03/31 10:20:38]/text/html detected: Trojan program Trojan-Spy.HTML.Fraud.gen (modification) Email message body: BillyK\Local Folders\Inbox\[From:"Bank of America Associate Discount Program" <[email protected]>][subject:Billy Koontz, June 2009 Bank of America Associate Discount Program Update][Time:2009/06/11 17:20:00]/text/html
  6. Thanks for the quick response. Are you telling me that the only infections I have are in my Outlook Express? Are you asking me to delete the files you listed or to just go through the Inbox of the email accounts to delete any suspicious emails? I use TrendMicro Anti-Spam and it has a spam box. Shouldn't that protect me? I'll work on getting the Ext Hard Drive scanned. Thanks again
  7. Hello and thanks for your patience. I was able to get a Kapersky scan which I have attached along with a fresh DDS scan. I think the problem was that Kapersky was also scanning my External Hard Drive and kept freezing up there. I disconected the EHD and ran the scan for the C drive. Please let me know if you think it is important to also scan the EHD. Thanks, Billy-Boy -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0 REPORT Friday, June 26, 2009 Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Program database last update: Friday, June 26, 2009 14:01:17 Records in database: 2390991 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: A:\ C:\ D:\ E:\ F:\ G:\ H:\ I:\ Scan statistics: Files scanned: 96674 Threat name: 3 Infected objects: 2 Suspicious objects: 5 Duration of the scan: 03:58:04 File name / Threat name / Threats count C:\Documents and Settings\Billy\Local Settings\Application Data\Identities\{A7AE0C68-6EBE-4D18-9635-1622F3ACCD9C}\Microsoft\Outlook Express\Inbox.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1 C:\Documents and Settings\Billy\My Documents\Downloaded Files\tightvnc-1.2.9-setup.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h 1 C:\Documents and Settings\Billy\My Documents\Downloaded Files\tightvnc-1.2.9-setup.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b 1 C:\Documents and Settings\Nasrin\Local Settings\Application Data\Identities\{3D2AC033-5D88-4026-80F4-B6996657C702}\Microsoft\Outlook Express\Sent Items.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1 C:\RECYCLER\S-1-5-21-484763869-1177238915-682003330-1005\Dc15.bak Suspicious: Trojan-Spy.HTML.Fraud.gen 1 C:\RECYCLER\S-1-5-21-484763869-1177238915-682003330-1005\Dc23.bak Suspicious: Trojan-Spy.HTML.Fraud.gen 1 C:\RECYCLER\S-1-5-21-484763869-1177238915-682003330-1005\Dc6.bak Suspicious: Trojan-Spy.HTML.Fraud.gen 1 The selected area was scanned. DDS Log DDS (Ver_09-05-14.01) - NTFSx86 Run by Billy at 12:32:57.03 on Fri 06/26/2009 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14 ============== Pseudo HJT Report =============== uStart Page = hxxp://www.aol.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/keyword/%s BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar3.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [Microsoft Works Update Detection] c:\program files\microsoft works\WkDetect.exe uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe mRun: [POINTER] c:\program files\microsoft hardware\mouse\point32.exe mRun: [uMonit] c:\windows\system32\umonit.exe mRun: [WD Button Manager] WDBtnMgr.exe mRun: [WINDVDPatch] CTHELPER.EXE mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe mRun: [PCSuiteTrayApplication] c:\program files\nokia\nokia pc suite 6\LaunchApplication.exe -startup mRun: [Promon.exe] Promon.exe mRun: [DellTouch] c:\windows\MMKeybd.exe mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [OE] "c:\program files\trend micro\anti-spam for oe\TMAS_OEMon.exe" mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "j:\my music\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [userFaultCheck] %systemroot%\system32\dumprep 0 -u dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t dRun: [Nokia.PCSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog uPolicies-explorer: <NO NAME> = uPolicies-explorer: NoViewOnDrive = 0 (0x0) IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\windows\system32\msjava.dll IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll Trusted Zone: aol.com\free Trusted Zone: rr.com\www DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su-newocx/ocx/15012/CTSUEng.cab DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160572156171 DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://www.winkflash.com/photo/loaders/ImageUploader4.cab DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} - hxxp://www.adoramapix.com/components/ImageUploader3.cab DPF: {C68F9105-04FD-4B48-B6CC-2A076F711C35} - file://d:\memdisc\album_a\view\plugin\HPODPCFC.CAB DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} - hxxp://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/cpucheck_1_0_0_4.cab DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} - hxxp://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/Entriq_3_4_0_15_Silent.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} - hxxp://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/NBCUniversal_1_0_0_3.cab DPF: {E7D2588A-7FB5-47DC-8830-832605661009} - hxxps://rr.esecurecare.net/rnt/rnl/java/RntX.cab DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} - hxxp://www.imagestation.com/common/classes/SonyISUpload.cab?v=1,0,0,38 DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su-newocx/ocx/15012/CTPID.cab Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll ================= FIREFOX =================== FF - ProfilePath - ============= SERVICES / DRIVERS =============== =============== Created Last 30 ================ 2009-06-13 09:11 <DIR> --d----- C:\TV on the Radio - Dear Science, (2008) 2009-06-13 09:09 <DIR> --d--r-- C:\Billy Files on Main Computer (Gimp) 2009-06-11 08:46 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll 2009-06-11 08:46 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll 2009-06-07 13:27 <DIR> --d----- C:\Black Eyed Peas - [Deluxe Edition] E.N.D [Cov+CD] [bubanee] 2009-06-07 13:27 10,113,024 a------- C:\The Black Eyed Peas - Boom Boom Pow.MP3 2009-06-07 00:10 <DIR> --d----- C:\Phoenix - Wolfgang Amadeus Phoenix [mp3-160-2009] ==================== Find3M ==================== 2009-06-25 07:38 0 a------- c:\windows\system32\drivers\lvuvc.hs 2009-06-25 07:38 0 a------- c:\windows\system32\drivers\logiflt.iad 2009-05-28 17:19 15,688 a------- c:\windows\system32\lsdelete.exe 2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll 2009-05-13 01:15 915,456 a------- c:\windows\system32\wininet.dll 2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll 2009-05-01 14:30 3,366,912 a------- c:\windows\system32\GPhotos.scr 2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys 2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll 2007-12-04 13:19 60,104 ac------ c:\docume~1\billy\applic~1\GDIPFONTCACHEV1.DAT 2007-03-31 20:22 47,360 ac------ c:\docume~1\billy\applic~1\pcouffin.sys 2007-03-31 20:22 87,608 a------- c:\docume~1\billy\applic~1\ezpinst.exe 2003-12-19 20:36 40,960 a------- c:\program files\Uninstall_CDS.exe 2008-06-24 00:03 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008062420080625\index.dat 2008-12-10 16:00 32,768 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat ============= FINISH: 12:35:04.37 ===============
  8. Hi. I uninstalled the Java's you listed and Adobe Reader, ran ATF cleaner but am having real problems getting Kapersky to do an entire scan after having tried it for the past 4 days. It reaches a file (different ones on different scans) and freezes. There were 3 infected objects, 5 Threat names and 5 suspiscious objects found before it froze. I have also sometimes gotten a message about a Java error when I retry the Kapersky scan. Is there something I am doing wrong or do you have an other suggestions? On a side note, I also followed your instructions for my laptop, which is on my home netwrk and it found an infected object. I was going to ask if you wouldn't mind looking at that DDS scan after we fix the current problem on my desktop? Thanks. Here is a new DDS scan in case that may help. DDS (Ver_09-05-14.01) - NTFSx86 Run by Billy at 15:52:03.81 on Mon 06/22/2009 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14 ============== Pseudo HJT Report =============== uStart Page = hxxp://www.aol.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/keyword/%s BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar3.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [Microsoft Works Update Detection] c:\program files\microsoft works\WkDetect.exe uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe mRun: [POINTER] c:\program files\microsoft hardware\mouse\point32.exe mRun: [uMonit] c:\windows\system32\umonit.exe mRun: [WD Button Manager] WDBtnMgr.exe mRun: [WINDVDPatch] CTHELPER.EXE mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe mRun: [PCSuiteTrayApplication] c:\program files\nokia\nokia pc suite 6\LaunchApplication.exe -startup mRun: [Promon.exe] Promon.exe mRun: [DellTouch] c:\windows\MMKeybd.exe mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [OE] "c:\program files\trend micro\anti-spam for oe\TMAS_OEMon.exe" mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "j:\my music\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [userFaultCheck] %systemroot%\system32\dumprep 0 -u dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t dRun: [Nokia.PCSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog uPolicies-explorer: <NO NAME> = uPolicies-explorer: NoViewOnDrive = 0 (0x0) IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\windows\system32\msjava.dll IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll Trusted Zone: aol.com\free Trusted Zone: rr.com\www DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su-newocx/ocx/15012/CTSUEng.cab DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160572156171 DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://www.winkflash.com/photo/loaders/ImageUploader4.cab DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} - hxxp://www.adoramapix.com/components/ImageUploader3.cab DPF: {C68F9105-04FD-4B48-B6CC-2A076F711C35} - file://d:\memdisc\album_a\view\plugin\HPODPCFC.CAB DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} - hxxp://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/cpucheck_1_0_0_4.cab DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} - hxxp://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/Entriq_3_4_0_15_Silent.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} - hxxp://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/NBCUniversal_1_0_0_3.cab DPF: {E7D2588A-7FB5-47DC-8830-832605661009} - hxxps://rr.esecurecare.net/rnt/rnl/java/RntX.cab DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} - hxxp://www.imagestation.com/common/classes/SonyISUpload.cab?v=1,0,0,38 DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su-newocx/ocx/15012/CTPID.cab Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll ================= FIREFOX =================== FF - ProfilePath - ============= SERVICES / DRIVERS =============== =============== Created Last 30 ================ 2009-06-13 09:11 <DIR> --d----- C:\TV on the Radio - Dear Science, (2008) 2009-06-13 09:09 <DIR> --d--r-- C:\Billy Files on Main Computer (Gimp) 2009-06-11 08:46 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll 2009-06-11 08:46 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll 2009-06-07 13:27 <DIR> --d----- C:\Black Eyed Peas - [Deluxe Edition] E.N.D [Cov+CD] [bubanee] 2009-06-07 13:27 10,113,024 a------- C:\The Black Eyed Peas - Boom Boom Pow.MP3 2009-06-07 00:10 <DIR> --d----- C:\Phoenix - Wolfgang Amadeus Phoenix [mp3-160-2009] 2009-05-23 17:34 <DIR> --d----- c:\docume~1\billy\applic~1\CameraWindowDC 2009-05-23 17:34 <DIR> --d----- c:\docume~1\billy\applic~1\CANON INC ==================== Find3M ==================== 2009-06-21 11:11 0 a------- c:\windows\system32\drivers\lvuvc.hs 2009-06-21 11:11 0 a------- c:\windows\system32\drivers\logiflt.iad 2009-05-28 17:19 15,688 a------- c:\windows\system32\lsdelete.exe 2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll 2009-05-13 01:15 915,456 a------- c:\windows\system32\wininet.dll 2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll 2009-05-01 14:30 3,366,912 a------- c:\windows\system32\GPhotos.scr 2009-04-23 17:17 64,160 a------- c:\windows\system32\drivers\Lbd.sys 2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys 2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll 2007-12-04 13:19 60,104 ac------ c:\docume~1\billy\applic~1\GDIPFONTCACHEV1.DAT 2007-03-31 20:22 47,360 ac------ c:\docume~1\billy\applic~1\pcouffin.sys 2007-03-31 20:22 87,608 a------- c:\docume~1\billy\applic~1\ezpinst.exe 2003-12-19 20:36 40,960 a------- c:\program files\Uninstall_CDS.exe 2008-06-24 00:03 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008062420080625\index.dat 2008-12-10 16:00 32,768 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat ============= FINISH: 16:00:51.93 ===============
  9. Hello Blade81. Thanks for your help. Here are the log files you requested. DDS is pasted and the Attach file is attached in Zip format, as instructed by the DDS program. I hope this helps and look forward to your next move for me. Sincerely, Billy-boy DDS (Ver_09-05-14.01) - NTFSx86 Run by Billy at 13:54:19.48 on Thu 06/18/2009 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.136 [GMT -4:00] AV: avast! antivirus 4.8.1335 [VPS 090617-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\WINDOWS\Nhksrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\WINDOWS\System32\DVDRAMSV.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\system32\NMSSvc.exe C:\Program Files\Tall Emu\Online Armor\oacat.exe C:\Program Files\Dantz\Retrospect\retrorun.exe C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\WINDOWS\System32\umonit.exe C:\WINDOWS\system32\WDBtnMgr.exe C:\WINDOWS\system32\CTHELPER.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\WINDOWS\system32\Promon.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\WINDOWS\MMKeybd.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Netropa\OSD.exe C:\Program Files\Trend Micro\Anti-Spam For OE\TMAS_OEMon.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe J:\My Music\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\WINDOWS\system32\RAMASST.exe C:\Program Files\PC Connectivity Solution\NclBTHandler.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Billy\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.aol.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/keyword/%s BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar3.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [Microsoft Works Update Detection] c:\program files\microsoft works\WkDetect.exe uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe mRun: [POINTER] c:\program files\microsoft hardware\mouse\point32.exe mRun: [uMonit] c:\windows\system32\umonit.exe mRun: [WD Button Manager] WDBtnMgr.exe mRun: [WINDVDPatch] CTHELPER.EXE mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe mRun: [PCSuiteTrayApplication] c:\program files\nokia\nokia pc suite 6\LaunchApplication.exe -startup mRun: [Promon.exe] Promon.exe mRun: [DellTouch] c:\windows\MMKeybd.exe mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [OE] "c:\program files\trend micro\anti-spam for oe\TMAS_OEMon.exe" mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "j:\my music\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t dRun: [Nokia.PCSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe uPolicies-explorer: <NO NAME> = uPolicies-explorer: NoViewOnDrive = 0 (0x0) IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll Trusted Zone: aol.com\free Trusted Zone: rr.com\www DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su-newocx/ocx/15012/CTSUEng.cab DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160572156171 DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://www.winkflash.com/photo/loaders/ImageUploader4.cab DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} - hxxp://www.adoramapix.com/components/ImageUploader3.cab DPF: {C68F9105-04FD-4B48-B6CC-2A076F711C35} - file://d:\memdisc\album_a\view\plugin\HPODPCFC.CAB DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} - hxxp://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/cpucheck_1_0_0_4.cab DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} - hxxp://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/Entriq_3_4_0_15_Silent.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} - hxxp://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/NBCUniversal_1_0_0_3.cab DPF: {E7D2588A-7FB5-47DC-8830-832605661009} - hxxps://rr.esecurecare.net/rnt/rnl/java/RntX.cab DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} - hxxp://www.imagestation.com/common/classes/SonyISUpload.cab?v=1,0,0,38 DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su-newocx/ocx/15012/CTPID.cab Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\billy\applic~1\mozilla\firefox\profiles\a39yc0bg.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 9090 FF - prefs.js: network.proxy.type - 1 FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll FF - plugin: j:\my music\mozilla plugins\npitunes.dll ============= SERVICES / DRIVERS =============== R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\BsStor.sys [2004-4-15 9344] R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-1-22 64160] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-4-2 114768] R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2008-12-1 178376] R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2008-12-1 30920] R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2008-12-1 28872] R2 agentcd;DriverAgent Class Driver;c:\windows\system32\AgentCD.sys [2008-9-13 196096] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-2 20560] R2 BCMNTIO;BCMNTIO;c:\progra~1\checkit\diagno~1\BCMNTIO.sys [2004-12-13 3744] R2 MAPMEM;MAPMEM;c:\progra~1\checkit\diagno~1\MAPMEM.sys [2004-12-13 3904] R3 fixustor;fixustor;c:\windows\system32\drivers\fixustor.sys [2004-4-9 6016] R3 Msikbd2k;DellTouch;c:\windows\system32\drivers\Msikbd2k.sys [2008-9-13 6942] S2 Mojave;Dazzle Mojave Device;c:\windows\system32\drivers\Mojave.sys [2008-9-13 120352] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-2-8 138112] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-2-8 8320] S3 PID_0920;Labtec WebCam(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [2006-5-14 163328] S3 vsdatant;vsdatant;\??\c:\windows\system32\vsdatant.sys --> c:\windows\system32\vsdatant.sys [?] =============== Created Last 30 ================ 2009-06-13 09:11 <DIR> --d----- C:\TV on the Radio - Dear Science, (2008) 2009-06-13 09:09 <DIR> --d--r-- C:\Billy Files on Main Computer (Gimp) 2009-06-11 08:46 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll 2009-06-11 08:46 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll 2009-06-07 13:27 <DIR> --d----- C:\Black Eyed Peas - [Deluxe Edition] E.N.D [Cov+CD] [bubanee] 2009-06-07 13:27 10,113,024 a------- C:\The Black Eyed Peas - Boom Boom Pow.MP3 2009-06-07 00:10 <DIR> --d----- C:\Phoenix - Wolfgang Amadeus Phoenix [mp3-160-2009] 2009-05-23 17:34 <DIR> --d----- c:\docume~1\billy\applic~1\CameraWindowDC 2009-05-23 17:34 <DIR> --d----- c:\docume~1\billy\applic~1\CANON INC ==================== Find3M ==================== 2009-06-18 08:13 0 a------- c:\windows\system32\drivers\lvuvc.hs 2009-06-18 08:13 0 a------- c:\windows\system32\drivers\logiflt.iad 2009-05-28 17:19 15,688 a------- c:\windows\system32\lsdelete.exe 2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll 2009-05-13 01:15 915,456 a------- c:\windows\system32\wininet.dll 2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll 2009-05-01 14:30 3,366,912 a------- c:\windows\system32\GPhotos.scr 2009-04-23 17:17 64,160 a------- c:\windows\system32\drivers\Lbd.sys 2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys 2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll 2007-12-04 13:19 60,104 ac------ c:\docume~1\billy\applic~1\GDIPFONTCACHEV1.DAT 2007-03-31 20:22 47,360 ac------ c:\docume~1\billy\applic~1\pcouffin.sys 2007-03-31 20:22 87,608 a------- c:\docume~1\billy\applic~1\ezpinst.exe 2003-12-19 20:36 40,960 a------- c:\program files\Uninstall_CDS.exe 2008-06-24 00:03 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008062420080625\index.dat 2008-12-10 16:00 32,768 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat ============= FINISH: 13:58:13.67 =============== Attach.zip
  10. Yes, the HijackThis log and AdAware log are from the same system. Thansk for taking a look at them and for hopefully being able to help me. I think my computer is actually running even slower now than when I first posted this.
  11. Thanks for your help. I actually thought I did as you instructed me earlier in posting to the HijackThis Fiorum a HijackThis log with my AdAware log as an attachement but maybe I did somethign wrong. Please let me know if there's anythign else I can do. Thanks again, Billy-boy
  12. Thanks. Here are the HijackThis and AdAware logs. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:15:37 PM, on 6/9/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Nhksrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\WINDOWS\System32\DVDRAMSV.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Tall Emu\Online Armor\oacat.exe C:\Program Files\Dantz\Retrospect\retrorun.exe C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\WINDOWS\System32\umonit.exe C:\WINDOWS\system32\WDBtnMgr.exe C:\WINDOWS\system32\CTHELPER.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\WINDOWS\system32\Promon.exe C:\WINDOWS\system32\NMSSvc.exe C:\WINDOWS\MMKeybd.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Trend Micro\Anti-Spam For OE\TMAS_OEMon.exe C:\Program Files\Netropa\OSD.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Java\jre6\bin\jusched.exe J:\My Music\iTunesHelper.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\WINDOWS\system32\RAMASST.exe C:\Program Files\PC Connectivity Solution\NclBTHandler.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe O4 - HKLM\..\Run: [uMonit] C:\WINDOWS\System32\umonit.exe O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [Promon.exe] Promon.exe O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [OE] "C:\Program Files\Trend Micro\Anti-Spam For OE\TMAS_OEMon.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "J:\My Music\iTunesHelper.exe" O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su-newocx/ocx/15012/CTSUEng.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1160572156171 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.winkflash.com/photo/loaders/ImageUploader4.cab O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.adoramapix.com/components/ImageUploader3.cab O16 - DPF: {C68F9105-04FD-4B48-B6CC-2A076F711C35} (HpodPCFileCtrl2 Class) - file://D:\MEMDISC\ALBUM_A\VIEW\PLUGIN\HPODPCFC.CAB O16 - DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} (CentrinoCheck Control) - http://entriq.vo.llnwd.net/o1/NBCUniversal...eck_1_0_0_4.cab O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} - http://entriq.vo.llnwd.net/o1/NBCUniversal...0_15_Silent.cab O16 - DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} - http://entriq.vo.llnwd.net/o1/NBCUniversal...sal_1_0_0_3.cab O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://rr.esecurecare.net/rnt/rnl/java/RntX.cab O16 - DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} (AxRUploadControl Object) - http://www.imagestation.com/common/classes....cab?v=1,0,0,38 O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su-newocx/ocx/15012/CTPID.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oacat.exe O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: TwonkyVision MediaServer (TwonkyVision_Media_Server) - TwonkyVision GmbH - C:\Program Files\Twonkyvision\TwonkyMedia.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 14159 bytes AdAware Log Logfile created: 6/9/2009 10:15:4 Lavasoft Ad-Aware version: 8.0.5 Extended engine version: 8.1 User performing scan: Billy *********************** Definitions database information *********************** Lavasoft definition file: 148.48 Extended engine definition file: 8.1 ******************************** Scan results: ********************************* Scan profile name: Full Scan (ID: full) Objects scanned: 206683 Objects detected: 14 Type Detected ========================== Processes.......: 0 Registry entries: 0 Hostfile entries: 0 Files...........: 1 Folders.........: 0 LSPs............: 0 Cookies.........: 13 Browser hijacks.: 0 MRU objects.....: 0 Removed items: Description: *adserv* Family Name: Cookies Clean status: Success Item ID: 408921 Family ID: 0 Description: *insightexpressai* Family Name: Cookies Clean status: Success Item ID: 409259 Family ID: 0 Description: *tacoda* Family Name: Cookies Clean status: Success Item ID: 409123 Family ID: 0 Description: *ad.yieldmanager* Family Name: Cookies Clean status: Success Item ID: 409172 Family ID: 0 Description: *.bridgetrack* Family Name: Cookies Clean status: Success Item ID: 409095 Family ID: 0 Description: *advertis* Family Name: Cookies Clean status: Success Item ID: 408918 Family ID: 0 Description: *advertising* Family Name: Cookies Clean status: Success Item ID: 409017 Family ID: 0 Description: *atdmt* Family Name: Cookies Clean status: Success Item ID: 408910 Family ID: 0 Description: *doubleclick* Family Name: Cookies Clean status: Success Item ID: 408875 Family ID: 0 Description: *adbureau* Family Name: Cookies Clean status: Success Item ID: 409027 Family ID: 0 Description: *webtrends* Family Name: Cookies Clean status: Success Item ID: 599640 Family ID: 0 Description: *2o7* Family Name: Cookies Clean status: Success Item ID: 408943 Family ID: 0 Description: *specificclick* Family Name: Cookies Clean status: Success Item ID: 408807 Family ID: 0 Quarantined items: Description: C:\WINDOWS\CouponPrinter.ocx Family Name: Win32.Adware.BHO Clean status: Success Item ID: 766344 Family ID: 61 Scan and cleaning complete: Finished correctly after 16906 seconds *********************************** Settings *********************************** Scan profile: ID: full, enabled:1, value: Full Scan ID: scancriticalareas, enabled:1, value: true ID: scanrunningapps, enabled:1, value: true ID: scanregistry, enabled:1, value: true ID: scanlsp, enabled:1, value: true ID: scanads, enabled:1, value: true ID: scanhostsfile, enabled:1, value: true ID: scanmru, enabled:1, value: true ID: scanbrowserhijacks, enabled:1, value: true ID: scantrackingcookies, enabled:1, value: true ID: closebrowsers, enabled:1, value: false ID: folderstoscan, enabled:1, value: C:\,J:\ ID: scanrootkits, enabled:1, value: true ID: usespywareheuristics, enabled:1, value: true ID: extendedengine, enabled:0, value: true ID: useheuristics, enabled:0, value: true ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict ID: filescanningoptions, enabled:1 ID: archives, enabled:1, value: true ID: onlyexecutables, enabled:1, value: false ID: skiplargerthan, enabled:1, value: 20480 Scan global: ID: global, enabled:1 ID: addtocontextmenu, enabled:1, value: true ID: playsoundoninfection, enabled:1, value: false ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav Scheduled scan settings: <Empty> Update settings: ID: updates, enabled:1 ID: launchthreatworksafterscan, enabled:1, value: normal, domain: normal,off,silently ID: displaystatus, enabled:1, value: false ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall ID: autodetectproxy, enabled:1, value: false ID: useautoconfigscript, enabled:1, value: false ID: autoconfigurl, enabled:0, value: ID: useproxy, enabled:1, value: false ID: proxyserver, enabled:0, value: ID: softwareupdates, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall ID: schedules, enabled:1, value: true ID: updatedaily, enabled:1, value: Daily ID: time, enabled:1, value: Thu Jan 22 17:17:00 2009 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updateweekly, enabled:1, value: Weekly ID: time, enabled:1, value: Thu Jan 22 17:17:00 2009 ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: true ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: true ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false Appearance settings: ID: appearance, enabled:1 ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource ID: showtrayicon, enabled:1, value: true ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language Realtime protection settings: ID: realtime, enabled:1 ID: processprotection, enabled:1, value: true ID: registryprotection, enabled:0, value: false ID: networkprotection, enabled:0, value: false ID: loadatstartup, enabled:1, value: true ID: usespywareheuristics, enabled:0, value: true ID: extendedengine, enabled:0, value: false ID: useheuristics, enabled:0, value: false ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict ID: infomessages, enabled:1, value: display, domain: display,dontnotify,onlyimportant ****************************** System information ****************************** Computer name: GIMP Processor name: Intel® Pentium® 4 CPU 2.40GHz Processor identifier: x86 Family 15 Model 2 Stepping 4 Raw info: processorarchitecture 0, processortype 586, processorlevel 15, processor revision 516, number of processors 1 Physical memory available: 121430016 bytes Physical memory total: 535609344 bytes Virtual memory available: 1933856768 bytes Virtual memory total: 2147352576 bytes Memory load: 77% Microsoft Windows XP Professional Service Pack 3 (build 2600) Windows startup mode: Running processes: PID: 436 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY PID: 492 name: \??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY PID: 516 name: \??\C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY PID: 560 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY PID: 576 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY PID: 736 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 784 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY PID: 852 name: C:\Program Files\Windows Defender\MsMpEng.exe owner: SYSTEM domain: NT AUTHORITY PID: 892 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 928 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 1088 name: C:\WINDOWS\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY PID: 1140 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 1204 name: C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe owner: SYSTEM domain: NT AUTHORITY PID: 1288 name: C:\Program Files\Alwil Software\Avast4\ashServ.exe owner: SYSTEM domain: NT AUTHORITY PID: 1544 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY PID: 168 name: C:\WINDOWS\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 196 name: C:\WINDOWS\Nhksrv.exe owner: SYSTEM domain: NT AUTHORITY PID: 212 name: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe owner: SYSTEM domain: NT AUTHORITY PID: 228 name: C:\Program Files\Bonjour\mDNSResponder.exe owner: SYSTEM domain: NT AUTHORITY PID: 252 name: C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe owner: SYSTEM domain: NT AUTHORITY PID: 328 name: C:\WINDOWS\System32\CTsvcCDA.EXE owner: SYSTEM domain: NT AUTHORITY PID: 372 name: C:\WINDOWS\System32\DVDRAMSV.exe owner: SYSTEM domain: NT AUTHORITY PID: 484 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 596 name: C:\Program Files\Java\jre6\bin\jqs.exe owner: SYSTEM domain: NT AUTHORITY PID: 828 name: C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe owner: SYSTEM domain: NT AUTHORITY PID: 1156 name: C:\Program Files\Tall Emu\Online Armor\oacat.exe owner: SYSTEM domain: NT AUTHORITY PID: 1124 name: C:\Program Files\Dantz\Retrospect\retrorun.exe owner: SYSTEM domain: NT AUTHORITY PID: 1724 name: C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe owner: SYSTEM domain: NT AUTHORITY PID: 1780 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 1820 name: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe owner: SYSTEM domain: NT AUTHORITY PID: 2040 name: C:\Program Files\Viewpoint\Common\ViewpointService.exe owner: SYSTEM domain: NT AUTHORITY PID: 2064 name: C:\WINDOWS\System32\MsPMSPSv.exe owner: SYSTEM domain: NT AUTHORITY PID: 2084 name: C:\Program Files\Canon\CAL\CALMAIN.exe owner: SYSTEM domain: NT AUTHORITY PID: 2136 name: C:\Program Files\Windows Media Player\WMPNetwk.exe owner: NETWORK SERVICE domain: NT AUTHORITY PID: 2300 name: C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe owner: SYSTEM domain: NT AUTHORITY PID: 2324 name: C:\Program Files\Alwil Software\Avast4\ashWebSv.exe owner: SYSTEM domain: NT AUTHORITY PID: 2584 name: C:\WINDOWS\System32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY PID: 2716 name: C:\WINDOWS\System32\alg.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 2848 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY PID: 3204 name: C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe owner: SYSTEM domain: NT AUTHORITY PID: 2640 name: C:\WINDOWS\Explorer.EXE owner: Billy domain: GIMP PID: 4076 name: C:\Program Files\Microsoft Hardware\Mouse\point32.exe owner: Billy domain: GIMP PID: 1852 name: C:\WINDOWS\System32\umonit.exe owner: Billy domain: GIMP PID: 3472 name: C:\WINDOWS\system32\WDBtnMgr.exe owner: Billy domain: GIMP PID: 316 name: C:\WINDOWS\system32\CTHELPER.EXE owner: Billy domain: GIMP PID: 352 name: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe owner: Billy domain: GIMP PID: 388 name: C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe owner: Billy domain: GIMP PID: 1584 name: C:\WINDOWS\system32\Promon.exe owner: Billy domain: GIMP PID: 1152 name: C:\WINDOWS\system32\NMSSvc.exe owner: SYSTEM domain: NT AUTHORITY PID: 1212 name: C:\WINDOWS\MMKeybd.exe owner: Billy domain: GIMP PID: 2540 name: C:\Program Files\PC Connectivity Solution\ServiceLayer.exe owner: SYSTEM domain: NT AUTHORITY PID: 976 name: C:\Program Files\Common Files\Real\Update_OB\realsched.exe owner: Billy domain: GIMP PID: 2200 name: C:\Program Files\Trend Micro\Anti-Spam For OE\TMAS_OEMon.exe owner: Billy domain: GIMP PID: 1148 name: C:\Program Files\Netropa\OSD.exe owner: Billy domain: GIMP PID: 2728 name: C:\Program Files\Logitech\QuickCam\Quickcam.exe owner: Billy domain: GIMP PID: 1728 name: C:\Program Files\Java\jre6\bin\jusched.exe owner: Billy domain: GIMP PID: 264 name: J:\My Music\iTunesHelper.exe owner: Billy domain: GIMP PID: 2696 name: C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe owner: Billy domain: GIMP PID: 1792 name: C:\WINDOWS\system32\ctfmon.exe owner: Billy domain: GIMP PID: 3172 name: C:\Program Files\Messenger\msmsgs.exe owner: Billy domain: GIMP PID: 1324 name: C:\Program Files\Windows Media Player\WMPNSCFG.exe owner: Billy domain: GIMP PID: 3592 name: C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe owner: Billy domain: GIMP PID: 2008 name: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe owner: Billy domain: GIMP PID: 3792 name: C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe owner: Billy domain: GIMP PID: 3656 name: C:\WINDOWS\system32\RAMASST.exe owner: Billy domain: GIMP PID: 4056 name: C:\Program Files\PC Connectivity Solution\NclBTHandler.exe owner: Billy domain: GIMP PID: 3484 name: C:\Program Files\iPod\bin\iPodService.exe owner: SYSTEM domain: NT AUTHORITY PID: 1836 name: C:\Program Files\Internet Explorer\IEXPLORE.EXE owner: Billy domain: GIMP PID: 2548 name: C:\Program Files\Internet Explorer\IEXPLORE.EXE owner: Billy domain: GIMP PID: 2176 name: C:\Program Files\Internet Explorer\IEXPLORE.EXE owner: Billy domain: GIMP PID: 5360 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Billy domain: GIMP PID: 5484 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY PID: 5828 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: Billy domain: GIMP Startup items: Name: DWQueuedReporting imagepath: "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t Name: Nokia.PCSync imagepath: C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1} imagepath: Browseui preloader Name: {8C7461EF-2B13-11d2-BE35-3078302C2030} imagepath: Component Categories cache daemon Name: PostBootReminder imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9} Name: CDBurn imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9} Name: WebCheck imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED} Name: SysTray imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153} Name: WPDShServiceObj imagepath: {AAA288BA-9A4C-45B0-95D7-94D524869DB5} Name: POINTER imagepath: C:\Program Files\Microsoft Hardware\Mouse\point32.exe Name: UMonit imagepath: C:\WINDOWS\System32\umonit.exe Name: WD Button Manager imagepath: WDBtnMgr.exe Name: WINDVDPatch imagepath: CTHELPER.EXE Name: avast! imagepath: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe Name: PCSuiteTrayApplication imagepath: C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup Name: Promon.exe imagepath: Promon.exe Name: DellTouch imagepath: C:\WINDOWS\MMKeybd.exe Name: AppleSyncNotifier imagepath: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe Name: TkBellExe imagepath: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot Name: OE imagepath: "C:\Program Files\Trend Micro\Anti-Spam For OE\TMAS_OEMon.exe" Name: LogitechQuickCamRibbon imagepath: "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide Name: KernelFaultCheck imagepath: %systemroot%\system32\dumprep 0 -k Name: Ad-Watch imagepath: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe Name: Adobe Reader Speed Launcher imagepath: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" Name: SunJavaUpdateSched imagepath: "C:\Program Files\Java\jre6\bin\jusched.exe" Name: QuickTime Task imagepath: "C:\Program Files\QuickTime\qttask.exe" -atboottime Name: iTunesHelper imagepath: "J:\My Music\iTunesHelper.exe" Name: UserFaultCheck imagepath: %systemroot%\system32\dumprep 0 -u Name: location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk imagepath: C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe Name: imagepath: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini Name: location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk imagepath: C:\WINDOWS\system32\RAMASST.exe Name: imagepath: C:\Documents and Settings\Billy\Start Menu\Programs\Startup\desktop.ini Bootexecute items: Name: imagepath: autocheck autochk * Name: imagepath: lsdelete Running services: Name: ALG displayname: Application Layer Gateway Service Name: Apple Mobile Device displayname: Apple Mobile Device Name: aswUpdSv displayname: avast! iAVS4 Control Service Name: AudioSrv displayname: Windows Audio Name: avast! Antivirus displayname: avast! Antivirus Name: avast! Mail Scanner displayname: avast! Mail Scanner Name: avast! Web Scanner displayname: avast! Web Scanner Name: Bonjour Service displayname: Bonjour Service Name: Browser displayname: Computer Browser Name: btwdins displayname: Bluetooth Service Name: CCALib8 displayname: Canon Camera Access Library 8 Name: Creative Service for CDROM Access displayname: Creative Service for CDROM Access Name: CryptSvc displayname: Cryptographic Services Name: DcomLaunch displayname: DCOM Server Process Launcher Name: Dhcp displayname: DHCP Client Name: Dnscache displayname: DNS Client Name: DVD-RAM_Service displayname: DVD-RAM_Service Name: ERSvc displayname: Error Reporting Service Name: Eventlog displayname: Event Log Name: EventSystem displayname: COM+ Event System Name: FastUserSwitchingCompatibility displayname: Fast User Switching Compatibility Name: helpsvc displayname: Help and Support Name: HTTPFilter displayname: HTTP SSL Name: iPod Service displayname: iPod Service Name: JavaQuickStarterService displayname: Java Quick Starter Name: lanmanserver displayname: Server Name: lanmanworkstation displayname: Workstation Name: Lavasoft Ad-Aware Service displayname: Lavasoft Ad-Aware Service Name: LmHosts displayname: TCP/IP NetBIOS Helper Name: LVPrcSrv displayname: Process Monitor Name: Netman displayname: Network Connections Name: Nhksrv displayname: Netropa NHK Server Name: Nla displayname: Network Location Awareness (NLA) Name: NMSSvc displayname: Intel® NMS Name: OAcat displayname: Online Armor Helper Service Name: PlugPlay displayname: Plug and Play Name: PolicyAgent displayname: IPSEC Services Name: ProtectedStorage displayname: Protected Storage Name: RasMan displayname: Remote Access Connection Manager Name: RetroLauncher displayname: Retrospect Launcher Name: RetroWDSvc displayname: Retrospect WD Service Name: RpcSs displayname: Remote Procedure Call (RPC) Name: SamSs displayname: Security Accounts Manager Name: Schedule displayname: Task Scheduler Name: seclogon displayname: Secondary Logon Name: SENS displayname: System Event Notification Name: ServiceLayer displayname: ServiceLayer Name: SharedAccess displayname: Windows Firewall/Internet Connection Sharing (ICS) Name: ShellHWDetection displayname: Shell Hardware Detection Name: Spooler displayname: Print Spooler Name: srservice displayname: System Restore Service Name: SSDPSRV displayname: SSDP Discovery Service Name: stisvc displayname: Windows Image Acquisition (WIA) Name: Symantec Core LC displayname: Symantec Core LC Name: TapiSrv displayname: Telephony Name: TermService displayname: Terminal Services Name: Themes displayname: Themes Name: TrkWks displayname: Distributed Link Tracking Client Name: upnphost displayname: Universal Plug and Play Device Host Name: Viewpoint Manager Service displayname: Viewpoint Manager Service Name: W32Time displayname: Windows Time Name: WebClient displayname: WebClient Name: WinDefend displayname: Windows Defender Name: winmgmt displayname: Windows Management Instrumentation Name: WMDM PMSP Service displayname: WMDM PMSP Service Name: WMPNetworkSvc displayname: Windows Media Player Network Sharing Service Name: wscsvc displayname: Security Center Name: wuauserv displayname: Automatic Updates Name: WudfSvc displayname: Windows Driver Foundation - User-mode Driver Framework Name: WZCSVC displayname: Wireless Zero Configuration
  13. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:15:37 PM, on 6/9/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Nhksrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\WINDOWS\System32\DVDRAMSV.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Tall Emu\Online Armor\oacat.exe C:\Program Files\Dantz\Retrospect\retrorun.exe C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\WINDOWS\System32\umonit.exe C:\WINDOWS\system32\WDBtnMgr.exe C:\WINDOWS\system32\CTHELPER.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\WINDOWS\system32\Promon.exe C:\WINDOWS\system32\NMSSvc.exe C:\WINDOWS\MMKeybd.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Trend Micro\Anti-Spam For OE\TMAS_OEMon.exe C:\Program Files\Netropa\OSD.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Java\jre6\bin\jusched.exe J:\My Music\iTunesHelper.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\WINDOWS\system32\RAMASST.exe C:\Program Files\PC Connectivity Solution\NclBTHandler.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe O4 - HKLM\..\Run: [uMonit] C:\WINDOWS\System32\umonit.exe O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [Promon.exe] Promon.exe O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [OE] "C:\Program Files\Trend Micro\Anti-Spam For OE\TMAS_OEMon.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "J:\My Music\iTunesHelper.exe" O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su-newocx/ocx/15012/CTSUEng.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1160572156171 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.winkflash.com/photo/loaders/ImageUploader4.cab O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.adoramapix.com/components/ImageUploader3.cab O16 - DPF: {C68F9105-04FD-4B48-B6CC-2A076F711C35} (HpodPCFileCtrl2 Class) - file://D:\MEMDISC\ALBUM_A\VIEW\PLUGIN\HPODPCFC.CAB O16 - DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} (CentrinoCheck Control) - http://entriq.vo.llnwd.net/o1/NBCUniversal...eck_1_0_0_4.cab O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} - http://entriq.vo.llnwd.net/o1/NBCUniversal...0_15_Silent.cab O16 - DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} - http://entriq.vo.llnwd.net/o1/NBCUniversal...sal_1_0_0_3.cab O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://rr.esecurecare.net/rnt/rnl/java/RntX.cab O16 - DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} (AxRUploadControl Object) - http://www.imagestation.com/common/classes....cab?v=1,0,0,38 O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su-newocx/ocx/15012/CTPID.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oacat.exe O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: TwonkyVision MediaServer (TwonkyVision_Media_Server) - TwonkyVision GmbH - C:\Program Files\Twonkyvision\TwonkyMedia.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 14159 by Scan_2009_06_09_10_13_45.log
  14. Hello. Is there anybody out there to help me? I'm running XP (SP3) and can give any other info needed to help me. Thank you in advance. Sincerely, Billy-boy
  15. Hello again. I just wanted to give you an update on my computer. Things aren't working 100% smoothly. I installed the Online Armor Firewall but I now am havign a few other problems which I think are related to the new instalation. On start up, I received this message; Microsoft Visual C++ Runtime Library Runtime Error! Program: C:\Program Files\ Trend Micro\ AntiSpam For OE\ TMAS_OE.exe I'm also having problems with FireFox which doesn't conect to the internet and I get this message; Proxy server refused connection Also, I use my Playstation 3 as a media server and now the PS3 doesn't find my computer. I went back into Windows Media Player and made sure everyhtign was correctly set up nad it was. Any ideas? I also receive pop-up questions from Online Armor about Viewpoint Service, which I'm not even sure what that program does. I also receive a few pop-ups abotu Trend Micro Anti-spam and soem relatign to OE. If I don't allow these, I'm unable to connect to the internet using OE. Like I mentioned earlier, FireFox doesn' twork even after I OK these pop-ups. Sorry to be coming back at you with more problems but I appreciate your help. Sincerely, Billy-boy
  16. Awesome! Thank you so much for your help. You people who volunteer to help are real life savers. Thanks and I hope you have a nice Christmas. I know you Fins celebrate that ;-) Isn't Finland wher ethe legend of Santa Clause came from? Thanks again, Billy-boy
  17. Thank you so much. I do still have a few questions; I thought I did have a firewall, the one that came with Windows. Do I need an additinal or different one? Should I not be using Internet Explorer and instead use FireFox? What about the Running Processes? Did you see any unwanted or unneeded ones? What about the Tea Timer settings we changed and the Rest TeaTimer program? With SpyBot S&D, are those pop-up Allow or Disallow boxes helpful or necessary? I currently use Avast as my Anti-Virus program. Is that a good one or do you recommend something else? I also have a problem with Outlok Express. I am runnign TrendMicro Anti-Spam but when I switch between email Identities, I am unableot to read or wrtite the email text. Any ideas? Should my low Virtual Memory problem be resolved too? Thanks again and I also appreciate you taking time to answer my questions.
  18. I'm in the process of doing your first step, turning off system restore. I checked the "turn off system restore box and clicked apply. Two identical (what I think are Java script) Application Error message popped up which state "General Exception - Name: jReport java.lang.NullpointerException: null pData There is an OK and Details box. What do I do?
  19. Oops, I didn' tsee where you were from Finland. Sorry. Of course you don't celebrate Thanksgiving. Well, I hope you had a nice weekend. I am able to access the internet. Did those deletions get rid of everything? I thought there were four infected files according to Kaspersky? Thanks
  20. Good morning Blade81. The Kaspersky scan is complete and here are the results of the scan: -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Monday, December 1, 2008 Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Saturday, November 29, 2008 20:22:01 Records in database: 1428083 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: A:\ C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ Scan statistics: Files scanned: 129071 Threat name: 4 Infected objects: 4 Suspicious objects: 0 Duration of the scan: 37:44:07 File name / Threat name / Threats count C:\Documents and Settings\Billy\Desktop\tightvnc-1.2.9-setup.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h 1 C:\Documents and Settings\Billy\Desktop\tightvnc-1.2.9-setup.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b 1 C:\Documents and Settings\Billy\My Documents\Downloaded Files\AVAide-Video-Converter.exe Infected: Trojan-Downloader.Win32.Injecter.aqx 1 C:\Documents and Settings\Billy\My Documents\Downloaded Files\AVAide-Video-Converter.exe Infected: Trojan.Win32.Zapchast.os 1 The selected area was scanned. ...and here is the fresh HjT log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:54:51 AM, on 12/1/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18241) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Nhksrv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\WINDOWS\System32\DVDRAMSV.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\NMSSvc.exe C:\Program Files\Dantz\Retrospect\retrorun.exe C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Twonkyvision\TwonkyMedia.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\WINDOWS\System32\umonit.exe C:\WINDOWS\system32\WDBtnMgr.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Trend Micro\Anti-Spam For OE\TMAS_OEMon.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\WINDOWS\system32\Promon.exe C:\WINDOWS\MMKeybd.exe C:\Program Files\Netropa\OSD.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\PC Connectivity Solution\NclBTHandler.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\WINDOWS\system32\RAMASST.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\iPod\bin\iPodService.exe J:\My Music\iTunesHelper.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe O4 - HKLM\..\Run: [uMonit] C:\WINDOWS\System32\umonit.exe O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [OE] "C:\Program Files\Trend Micro\Anti-Spam For OE\TMAS_OEMon.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [Promon.exe] Promon.exe O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "J:\My Music\iTunesHelper.exe" O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su-newocx/ocx/15012/CTSUEng.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1160572156171 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.winkflash.com/photo/loaders/ImageUploader4.cab O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.adoramapix.com/components/ImageUploader3.cab O16 - DPF: {C68F9105-04FD-4B48-B6CC-2A076F711C35} (HpodPCFileCtrl2 Class) - file://D:\MEMDISC\ALBUM_A\VIEW\PLUGIN\HPODPCFC.CAB O16 - DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} (CentrinoCheck Control) - http://entriq.vo.llnwd.net/o1/NBCUniversal...eck_1_0_0_4.cab O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} - http://entriq.vo.llnwd.net/o1/NBCUniversal...0_15_Silent.cab O16 - DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} - http://entriq.vo.llnwd.net/o1/NBCUniversal...sal_1_0_0_3.cab O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://rr.esecurecare.net/rnt/rnl/java/RntX.cab O16 - DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} (AxRUploadControl Object) - http://www.imagestation.com/common/classes....cab?v=1,0,0,38 O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su-newocx/ocx/15012/CTPID.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: TwonkyVision MediaServer (TwonkyVision_Media_Server) - TwonkyVision GmbH - C:\Program Files\Twonkyvision\TwonkyMedia.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 14016 bytes Thanks for your patience and help with all of this. I do hope we can fix everything and get my computer running safe again. I also hope you had a nice Thanksgiving. Sincerely, Billy-boy
  21. I forgot to mention that I disabled my Avast anti virus as instructed by the Kaspersky scan. I hope that was OK? Hello and thank you again. I'm sorry about the Spybot S&D TeaTimer not being disabled. I really thought that I did as you instructed in the begining but I guess I did something wrong. By the way, was having to do all of my internet work on my laptop and then transfer files (hjt, combofix, Adobe 9.0, etc) between my infected desktop via my network because of the virus has rendered my desktop unable to access the internet. Initially, I thought I wasn't going to be able to run the Kapersky scan because I was previously unable to access the internet, however that seems to be remidied but I'm still waiting on the Kaspersky scan to complete. It's very slow (only 6% complete so far) but has found 4 infected objects. I have included the new ComboFix log and will get the Kaspersky log whenever it finishes. Please let me know if there's other info I can give you while the Kaspersky scan is running? When I ran ComboFix, it said there was a newer version. I selected OK to update but due to my lack of internet access at the time, the update was unsuccessful. ComboFix still ran and I hope it's alright that I used the older version. Here's the new ComboFix log: Thanks again, Billy-boy ComboFix 08-11-28.03 - Billy 2008-11-29 13:31:03.6 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.126 [GMT -5:00] Running from: c:\documents and settings\Billy\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Billy\Desktop\CFScript.txt * Created a new restore point FILE :: c:\windows\f49f4d98.dat c:\windows\f49f4daa.dat . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\f49f4d98.dat c:\windows\f49f4daa.dat . ((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-29 ))))))))))))))))))))))))))))))) . 2008-11-29 13:08 . 2008-11-29 13:08 <DIR> d-------- c:\program files\Common Files\Adobe AIR 2008-11-22 12:30 . 2008-11-22 12:30 7,508,624 --a------ C:\Firefox Setup 3.0.4.exe 2008-11-12 12:27 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2008-11-12 12:23 . 2008-09-04 12:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll 2008-11-12 10:53 . 2008-11-16 11:33 <DIR> d-------- c:\windows\system32\367770 2008-11-03 12:40 . 2008-11-14 11:33 <DIR> d-------- c:\documents and settings\Nasrin\Application Data\ZoomBrowser EX 2008-11-03 10:47 . 2008-11-04 12:03 <DIR> d-------- c:\documents and settings\Nasrin\Application Data\OpenOffice.org2 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-29 18:37 --------- d-----w c:\documents and settings\Billy\Application Data\Skype 2008-11-29 18:05 --------- d-----w c:\program files\Common Files\Adobe 2008-11-29 17:43 0 ----a-w c:\windows\system32\drivers\lvuvc.hs 2008-11-29 17:43 0 ----a-w c:\windows\system32\drivers\logiflt.iad 2008-11-19 14:44 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2008-11-19 14:44 --------- d-----w c:\program files\SpywareBlaster 2008-11-17 20:26 --------- d-----w c:\documents and settings\Billy\Application Data\ZoomBrowser EX 2008-11-17 20:21 --------- d-----w c:\documents and settings\All Users\Application Data\ZoomBrowser 2008-11-09 00:12 --------- d-----w c:\program files\Spybot - Search & Destroy 2008-10-27 23:22 --------- d-----w c:\documents and settings\Billy\Application Data\OpenOffice.org2 2008-10-25 22:50 --------- d-----w c:\documents and settings\Nasrin\Application Data\Skype 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-23 12:12 --------- d-----w c:\program files\Microsoft Silverlight 2008-10-20 02:45 --------- d-----w c:\program files\PC Connectivity Solution 2008-10-15 21:06 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-10-15 21:05 --------- d-----w c:\program files\iPod 2008-10-15 13:34 --------- d-----w c:\program files\XP Codec Pack 2008-10-12 14:24 --------- d-----w c:\documents and settings\Billy\Application Data\Canon 2008-10-06 16:49 --------- d-----w c:\program files\Creative 2008-10-06 16:43 --------- d-----w c:\program files\Yahoo! 2008-10-05 03:53 --------- d-----w c:\program files\AVAide 2008-10-01 15:26 --------- d-----w c:\program files\BSplayer Pro 2008-09-10 10:08 133,227,519 ----a-w C:\OOo_2.4.1_Win32Intel_install_wJRE_en-US.exe 2007-12-04 17:19 60,104 -c--a-w c:\documents and settings\Billy\Application Data\GDIPFONTCACHEV1.DAT 2007-04-01 00:22 87,608 ----a-w c:\documents and settings\Billy\Application Data\ezpinst.exe 2007-04-01 00:22 47,360 -c--a-w c:\documents and settings\Billy\Application Data\pcouffin.sys 2003-12-20 00:36 40,960 ----a-w c:\program files\Uninstall_CDS.exe 2001-08-29 08:46 294,979 -c--a-w c:\documents and settings\PIP\PISETUP.EXE 2001-03-20 04:12 44,544 -c--a-w c:\documents and settings\PIP\DSETUP.DLL 2001-03-20 04:12 1,772,544 -c--a-w c:\documents and settings\PIP\DSETUP32.DLL 2000-07-27 18:49 1,526,275 -c--a-w c:\documents and settings\PIP\INSTMSIW.EXE 2000-07-27 18:49 1,513,987 -c--a-w c:\documents and settings\PIP\INSTMSIA.EXE 2008-06-24 04:03 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008062420080625\index.dat . ((((((((((((((((((((((((((((( [email protected]_15.49.43.71 ))))))))))))))))))))))))))))))))))))))))) . + 2007-12-12 20:06:42 295,606 ----a-r c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe + 2008-11-29 17:43:59 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_500.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2006-10-13 20058152] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-11-24 94208] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "POINTER"="c:\program files\Microsoft Hardware\Mouse\point32.exe" [2002-04-11 176128] "UMonit"="c:\windows\System32\umonit.exe" [2003-04-21 49152] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-12 29744] "OE"="c:\program files\Trend Micro\Anti-Spam For OE\TMAS_OEMon.exe" [2007-12-25 176201] "PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328] "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184] "DellTouch"="c:\windows\MMKeybd.exe" [2001-09-05 163840] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-18 185896] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "iTunesHelper"="j:\my music\iTunesHelper.exe" [2008-10-01 289576] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "WD Button Manager"="WDBtnMgr.exe" [2007-02-01 c:\windows\system32\WDBtnMgr.exe] "WINDVDPatch"="CTHELPER.EXE" [2002-07-02 c:\windows\system32\CTHELPER.EXE] "Promon.exe"="Promon.exe" [2001-07-19 c:\windows\system32\PROMon.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896] "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-09-27 443968] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-12-06 113664] Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-07-07 577597] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-01-12 67128] Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2001-08-07 24633] RAMASST.lnk - c:\windows\system32\RAMASST.exe [2004-04-15 155648] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoViewOnDrive"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.ctmp3"= c:\windows\System32\ctmp3.acm [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\Twonkyvision\\TwonkyMedia.exe"= "c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"= "c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"= "c:\\WINDOWS\\network diagnostic\\xpnetdiag.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "j:\\My Music\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\BsStor.sys [2004-04-15 9344] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-02 78416] R2 agentcd;DriverAgent Class Driver;\??\c:\windows\System32\AgentCD.sys [2008-09-13 196096] R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-02 20560] R2 BCMNTIO;BCMNTIO;\??\c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-12-13 3744] R2 MAPMEM;MAPMEM;\??\c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-12-13 3904] R2 Nhksrv;Netropa NHK Server;c:\windows\Nhksrv.exe [2008-09-13 28672] R2 TwonkyVision_Media_Server;TwonkyVision MediaServer;c:\program files\Twonkyvision\TwonkyMedia.exe -serviceversion [] R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-01-13 24652] R3 fixustor;fixustor;c:\windows\system32\drivers\fixustor.sys [2004-04-09 6016] R3 LVRS;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs.sys [2008-01-12 627864] R3 Msikbd2k;DellTouch;c:\windows\system32\DRIVERS\msikbd2k.sys [2008-09-13 6942] S2 Mojave;Dazzle Mojave Device;c:\windows\system32\DRIVERS\Mojave.sys [2008-09-13 120352] S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;"c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-09-01 29744] S3 PID_0920;Labtec WebCam(PID_0920);c:\windows\system32\DRIVERS\LV532AV.SYS [2006-05-14 163328] S4 hpt3xx;hpt3xx; [] . Contents of the 'Scheduled Tasks' folder 2008-11-26 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2008-11-29 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20] 2008-11-28 c:\windows\Tasks\User_Feed_Synchronization-{FA9CA42B-34DB-4CDB-8F4B-FB24CD460873}.job - c:\windows\system32\msfeedssync.exe [2008-08-22 02:05] . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-29 13:37:17 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-11-29 13:42:06 ComboFix-quarantined-files.txt 2008-11-29 18:41:47 Pre-Run: 32,538,738,688 bytes free Post-Run: 32,528,773,120 bytes free 161 --- E O F --- 2008-11-27 15:02:37
  22. Hello and thank you again. I'm sorry about the Spybot S&D TeaTimer not being disabled. I really thought that I did as you instructed in the begining but I guess I did something wrong. By the way, was having to do all of my internet work on my laptop and then transfer files (hjt, combofix, Adobe 9.0, etc) between my infected desktop via my network because of the virus has rendered my desktop unable to access the internet. Initially, I thought I wasn't going to be able to run the Kapersky scan because I was previously unable to access the internet, however that seems to be remidied but I'm still waiting on the Kaspersky scan to complete. It's very slow (only 6% complete so far) but has found 4 infected objects. I have included the new ComboFix log and will get the Kaspersky log whenever it finishes. Please let me know if there's other info I can give you while the Kaspersky scan is running? When I ran ComboFix, it said there was a newer version. I selected OK to update but due to my lack of internet access at the time, the update was unsuccessful. ComboFix still ran and I hope it's alright that I used the older version. Here's the new ComboFix log: Thanks again, Billy-boy ComboFix 08-11-28.03 - Billy 2008-11-29 13:31:03.6 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.126 [GMT -5:00] Running from: c:\documents and settings\Billy\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Billy\Desktop\CFScript.txt * Created a new restore point FILE :: c:\windows\f49f4d98.dat c:\windows\f49f4daa.dat . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\f49f4d98.dat c:\windows\f49f4daa.dat . ((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-29 ))))))))))))))))))))))))))))))) . 2008-11-29 13:08 . 2008-11-29 13:08 <DIR> d-------- c:\program files\Common Files\Adobe AIR 2008-11-22 12:30 . 2008-11-22 12:30 7,508,624 --a------ C:\Firefox Setup 3.0.4.exe 2008-11-12 12:27 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2008-11-12 12:23 . 2008-09-04 12:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll 2008-11-12 10:53 . 2008-11-16 11:33 <DIR> d-------- c:\windows\system32\367770 2008-11-03 12:40 . 2008-11-14 11:33 <DIR> d-------- c:\documents and settings\Nasrin\Application Data\ZoomBrowser EX 2008-11-03 10:47 . 2008-11-04 12:03 <DIR> d-------- c:\documents and settings\Nasrin\Application Data\OpenOffice.org2 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-29 18:37 --------- d-----w c:\documents and settings\Billy\Application Data\Skype 2008-11-29 18:05 --------- d-----w c:\program files\Common Files\Adobe 2008-11-29 17:43 0 ----a-w c:\windows\system32\drivers\lvuvc.hs 2008-11-29 17:43 0 ----a-w c:\windows\system32\drivers\logiflt.iad 2008-11-19 14:44 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2008-11-19 14:44 --------- d-----w c:\program files\SpywareBlaster 2008-11-17 20:26 --------- d-----w c:\documents and settings\Billy\Application Data\ZoomBrowser EX 2008-11-17 20:21 --------- d-----w c:\documents and settings\All Users\Application Data\ZoomBrowser 2008-11-09 00:12 --------- d-----w c:\program files\Spybot - Search & Destroy 2008-10-27 23:22 --------- d-----w c:\documents and settings\Billy\Application Data\OpenOffice.org2 2008-10-25 22:50 --------- d-----w c:\documents and settings\Nasrin\Application Data\Skype 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-23 12:12 --------- d-----w c:\program files\Microsoft Silverlight 2008-10-20 02:45 --------- d-----w c:\program files\PC Connectivity Solution 2008-10-15 21:06 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-10-15 21:05 --------- d-----w c:\program files\iPod 2008-10-15 13:34 --------- d-----w c:\program files\XP Codec Pack 2008-10-12 14:24 --------- d-----w c:\documents and settings\Billy\Application Data\Canon 2008-10-06 16:49 --------- d-----w c:\program files\Creative 2008-10-06 16:43 --------- d-----w c:\program files\Yahoo! 2008-10-05 03:53 --------- d-----w c:\program files\AVAide 2008-10-01 15:26 --------- d-----w c:\program files\BSplayer Pro 2008-09-10 10:08 133,227,519 ----a-w C:\OOo_2.4.1_Win32Intel_install_wJRE_en-US.exe 2007-12-04 17:19 60,104 -c--a-w c:\documents and settings\Billy\Application Data\GDIPFONTCACHEV1.DAT 2007-04-01 00:22 87,608 ----a-w c:\documents and settings\Billy\Application Data\ezpinst.exe 2007-04-01 00:22 47,360 -c--a-w c:\documents and settings\Billy\Application Data\pcouffin.sys 2003-12-20 00:36 40,960 ----a-w c:\program files\Uninstall_CDS.exe 2001-08-29 08:46 294,979 -c--a-w c:\documents and settings\PIP\PISETUP.EXE 2001-03-20 04:12 44,544 -c--a-w c:\documents and settings\PIP\DSETUP.DLL 2001-03-20 04:12 1,772,544 -c--a-w c:\documents and settings\PIP\DSETUP32.DLL 2000-07-27 18:49 1,526,275 -c--a-w c:\documents and settings\PIP\INSTMSIW.EXE 2000-07-27 18:49 1,513,987 -c--a-w c:\documents and settings\PIP\INSTMSIA.EXE 2008-06-24 04:03 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008062420080625\index.dat . ((((((((((((((((((((((((((((( [email protected]_15.49.43.71 ))))))))))))))))))))))))))))))))))))))))) . + 2007-12-12 20:06:42 295,606 ----a-r c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe + 2008-11-29 17:43:59 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_500.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2006-10-13 20058152] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-11-24 94208] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "POINTER"="c:\program files\Microsoft Hardware\Mouse\point32.exe" [2002-04-11 176128] "UMonit"="c:\windows\System32\umonit.exe" [2003-04-21 49152] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-12 29744] "OE"="c:\program files\Trend Micro\Anti-Spam For OE\TMAS_OEMon.exe" [2007-12-25 176201] "PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328] "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184] "DellTouch"="c:\windows\MMKeybd.exe" [2001-09-05 163840] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-18 185896] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "iTunesHelper"="j:\my music\iTunesHelper.exe" [2008-10-01 289576] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "WD Button Manager"="WDBtnMgr.exe" [2007-02-01 c:\windows\system32\WDBtnMgr.exe] "WINDVDPatch"="CTHELPER.EXE" [2002-07-02 c:\windows\system32\CTHELPER.EXE] "Promon.exe"="Promon.exe" [2001-07-19 c:\windows\system32\PROMon.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896] "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-09-27 443968] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-12-06 113664] Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-07-07 577597] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-01-12 67128] Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2001-08-07 24633] RAMASST.lnk - c:\windows\system32\RAMASST.exe [2004-04-15 155648] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoViewOnDrive"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.ctmp3"= c:\windows\System32\ctmp3.acm [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\Twonkyvision\\TwonkyMedia.exe"= "c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"= "c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"= "c:\\WINDOWS\\network diagnostic\\xpnetdiag.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "j:\\My Music\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\BsStor.sys [2004-04-15 9344] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-02 78416] R2 agentcd;DriverAgent Class Driver;\??\c:\windows\System32\AgentCD.sys [2008-09-13 196096] R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-02 20560] R2 BCMNTIO;BCMNTIO;\??\c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-12-13 3744] R2 MAPMEM;MAPMEM;\??\c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-12-13 3904] R2 Nhksrv;Netropa NHK Server;c:\windows\Nhksrv.exe [2008-09-13 28672] R2 TwonkyVision_Media_Server;TwonkyVision MediaServer;c:\program files\Twonkyvision\TwonkyMedia.exe -serviceversion [] R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-01-13 24652] R3 fixustor;fixustor;c:\windows\system32\drivers\fixustor.sys [2004-04-09 6016] R3 LVRS;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs.sys [2008-01-12 627864] R3 Msikbd2k;DellTouch;c:\windows\system32\DRIVERS\msikbd2k.sys [2008-09-13 6942] S2 Mojave;Dazzle Mojave Device;c:\windows\system32\DRIVERS\Mojave.sys [2008-09-13 120352] S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;"c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-09-01 29744] S3 PID_0920;Labtec WebCam(PID_0920);c:\windows\system32\DRIVERS\LV532AV.SYS [2006-05-14 163328] S4 hpt3xx;hpt3xx; [] . Contents of the 'Scheduled Tasks' folder 2008-11-26 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2008-11-29 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20] 2008-11-28 c:\windows\Tasks\User_Feed_Synchronization-{FA9CA42B-34DB-4CDB-8F4B-FB24CD460873}.job - c:\windows\system32\msfeedssync.exe [2008-08-22 02:05] . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-29 13:37:17 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-11-29 13:42:06 ComboFix-quarantined-files.txt 2008-11-29 18:41:47 Pre-Run: 32,538,738,688 bytes free Post-Run: 32,528,773,120 bytes free 161 --- E O F --- 2008-11-27 15:02:37
  23. Hello. Here's a fresh HjackThis log. Also, after I ran the ComboFix scan, I was prompted with a Spybot S&D System Start Up User entry swg on C:\Program Flies\Google\Google ToobarNotififier.exe. As you're analyzign my situation, I was also wondering if I had any unwanted or unneeded Running Processes. Another point I didn't mention earlier was that recently, I have been gettign pop up messages on my bottom tool bar statign that my Virtual Memory is low. Does that factor into this? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:27:21 PM, on 11/28/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18241) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Nhksrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\WINDOWS\System32\DVDRAMSV.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Dantz\Retrospect\retrorun.exe C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Twonkyvision\TwonkyMedia.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\WINDOWS\System32\umonit.exe C:\WINDOWS\system32\WDBtnMgr.exe C:\WINDOWS\system32\CTHELPER.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Trend Micro\Anti-Spam For OE\TMAS_OEMon.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\WINDOWS\system32\Promon.exe C:\WINDOWS\MMKeybd.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe J:\My Music\iTunesHelper.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\system32\NMSSvc.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Netropa\OSD.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\WINDOWS\system32\RAMASST.exe C:\Program Files\PC Connectivity Solution\NclBTHandler.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9090 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local> O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe O4 - HKLM\..\Run: [uMonit] C:\WINDOWS\System32\umonit.exe O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [OE] "C:\Program Files\Trend Micro\Anti-Spam For OE\TMAS_OEMon.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [Promon.exe] Promon.exe O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [iTunesHelper] "J:\My Music\iTunesHelper.exe" O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su-newocx/ocx/15012/CTSUEng.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1160572156171 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.winkflash.com/photo/loaders/ImageUploader4.cab O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.adoramapix.com/components/ImageUploader3.cab O16 - DPF: {C68F9105-04FD-4B48-B6CC-2A076F711C35} (HpodPCFileCtrl2 Class) - file://D:\MEMDISC\ALBUM_A\VIEW\PLUGIN\HPODPCFC.CAB O16 - DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} (CentrinoCheck Control) - http://entriq.vo.llnwd.net/o1/NBCUniversal...eck_1_0_0_4.cab O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} - http://entriq.vo.llnwd.net/o1/NBCUniversal...0_15_Silent.cab O16 - DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} - http://entriq.vo.llnwd.net/o1/NBCUniversal...sal_1_0_0_3.cab O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://rr.esecurecare.net/rnt/rnl/java/RntX.cab O16 - DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} (AxRUploadControl Object) - http://www.imagestation.com/common/classes....cab?v=1,0,0,38 O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su-newocx/ocx/15012/CTPID.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: TwonkyVision MediaServer (TwonkyVision_Media_Server) - TwonkyVision GmbH - C:\Program Files\Twonkyvision\TwonkyMedia.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 14610 bytes Thanks
  24. Hello Blade81. Thank you so much for your help. I did everything you advised although I did forget to disable my anti virus and anti malware programs. There were no error messages and ComboFix was able to provide a report. Hopefully this will help however if I need to rerun ComboFix again (disabling my anti virus/malware), that's no problem. Thanks again and I hoep this report enables you to continue to help me. Sincerely, Billy-boy ComboFix 08-11-27.07 - Billy 2008-11-28 15:26:22.5 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.116 [GMT -5:00] Running from: C:\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\TinyProxy c:\windows\fmark2.dat c:\windows\system32\nonxsmhp.ini c:\windows\system32\qpcvrteg.ini c:\windows\tmark2.dat . ((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-28 ))))))))))))))))))))))))))))))) . 2008-11-22 12:30 . 2008-11-22 12:30 7,508,624 --a------ C:\Firefox Setup 3.0.4.exe 2008-11-12 12:27 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2008-11-12 12:23 . 2008-09-04 12:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll 2008-11-12 10:56 . 2008-11-12 11:06 1,346 ---h----- c:\windows\f49f4d98.dat 2008-11-12 10:53 . 2008-11-16 11:33 <DIR> d-------- c:\windows\system32\367770 2008-11-12 10:53 . 2008-11-12 11:06 1 ---h----- c:\windows\f49f4daa.dat 2008-11-03 12:40 . 2008-11-14 11:33 <DIR> d-------- c:\documents and settings\Nasrin\Application Data\ZoomBrowser EX 2008-11-03 10:47 . 2008-11-04 12:03 <DIR> d-------- c:\documents and settings\Nasrin\Application Data\OpenOffice.org2 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-28 20:40 --------- d-----w c:\documents and settings\Billy\Application Data\Skype 2008-11-28 20:33 0 ----a-w c:\windows\system32\drivers\lvuvc.hs 2008-11-28 20:33 0 ----a-w c:\windows\system32\drivers\logiflt.iad 2008-11-19 14:44 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2008-11-19 14:44 --------- d-----w c:\program files\SpywareBlaster 2008-11-17 20:26 --------- d-----w c:\documents and settings\Billy\Application Data\ZoomBrowser EX 2008-11-17 20:21 --------- d-----w c:\documents and settings\All Users\Application Data\ZoomBrowser 2008-11-15 02:41 --------- d-----w c:\program files\Common Files\Adobe 2008-11-09 00:12 --------- d-----w c:\program files\Spybot - Search & Destroy 2008-10-27 23:22 --------- d-----w c:\documents and settings\Billy\Application Data\OpenOffice.org2 2008-10-25 22:50 --------- d-----w c:\documents and settings\Nasrin\Application Data\Skype 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-23 12:12 --------- d-----w c:\program files\Microsoft Silverlight 2008-10-20 02:45 --------- d-----w c:\program files\PC Connectivity Solution 2008-10-15 21:06 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-10-15 21:05 --------- d-----w c:\program files\iPod 2008-10-15 13:34 --------- d-----w c:\program files\XP Codec Pack 2008-10-12 14:24 --------- d-----w c:\documents and settings\Billy\Application Data\Canon 2008-10-06 16:49 --------- d-----w c:\program files\Creative 2008-10-06 16:43 --------- d-----w c:\program files\Yahoo! 2008-10-05 03:53 --------- d-----w c:\program files\AVAide 2008-10-01 15:26 --------- d-----w c:\program files\BSplayer Pro 2008-09-10 10:08 133,227,519 ----a-w C:\OOo_2.4.1_Win32Intel_install_wJRE_en-US.exe 2007-12-04 17:19 60,104 -c--a-w c:\documents and settings\Billy\Application Data\GDIPFONTCACHEV1.DAT 2007-04-01 00:22 87,608 ----a-w c:\documents and settings\Billy\Application Data\ezpinst.exe 2007-04-01 00:22 47,360 -c--a-w c:\documents and settings\Billy\Application Data\pcouffin.sys 2003-12-20 00:36 40,960 ----a-w c:\program files\Uninstall_CDS.exe 2001-08-29 08:46 294,979 -c--a-w c:\documents and settings\PIP\PISETUP.EXE 2001-03-20 04:12 44,544 -c--a-w c:\documents and settings\PIP\DSETUP.DLL 2001-03-20 04:12 1,772,544 -c--a-w c:\documents and settings\PIP\DSETUP32.DLL 2000-07-27 18:49 1,526,275 -c--a-w c:\documents and settings\PIP\INSTMSIW.EXE 2000-07-27 18:49 1,513,987 -c--a-w c:\documents and settings\PIP\INSTMSIA.EXE 2008-06-24 04:03 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008062420080625\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2006-10-13 20058152] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-11-24 94208] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X] "POINTER"="c:\program files\Microsoft Hardware\Mouse\point32.exe" [2002-04-11 176128] "UMonit"="c:\windows\System32\umonit.exe" [2003-04-21 49152] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-12 29744] "OE"="c:\program files\Trend Micro\Anti-Spam For OE\TMAS_OEMon.exe" [2007-12-25 176201] "PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328] "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184] "DellTouch"="c:\windows\MMKeybd.exe" [2001-09-05 163840] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-18 185896] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "iTunesHelper"="j:\my music\iTunesHelper.exe" [2008-10-01 289576] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "WD Button Manager"="WDBtnMgr.exe" [2007-02-01 c:\windows\system32\WDBtnMgr.exe] "WINDVDPatch"="CTHELPER.EXE" [2002-07-02 c:\windows\system32\CTHELPER.EXE] "Promon.exe"="Promon.exe" [2001-07-19 c:\windows\system32\PROMon.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896] "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-09-27 443968] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-12-06 113664] Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-07-07 577597] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-01-12 67128] Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2001-08-07 24633] RAMASST.lnk - c:\windows\system32\RAMASST.exe [2004-04-15 155648] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoViewOnDrive"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.ctmp3"= c:\windows\System32\ctmp3.acm [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\Twonkyvision\\TwonkyMedia.exe"= "c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"= "c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"= "c:\\WINDOWS\\network diagnostic\\xpnetdiag.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "j:\\My Music\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\BsStor.sys [2004-04-15 9344] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-02 78416] R2 agentcd;DriverAgent Class Driver;\??\c:\windows\System32\AgentCD.sys [2008-09-13 196096] R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-02 20560] R2 BCMNTIO;BCMNTIO;\??\c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-12-13 3744] R2 MAPMEM;MAPMEM;\??\c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-12-13 3904] R3 fixustor;fixustor;c:\windows\system32\drivers\fixustor.sys [2004-04-09 6016] R3 LVRS;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs.sys [2008-01-12 627864] R3 Msikbd2k;DellTouch;c:\windows\system32\DRIVERS\msikbd2k.sys [2008-09-13 6942] S2 Mojave;Dazzle Mojave Device;c:\windows\system32\DRIVERS\Mojave.sys [2008-09-13 120352] S3 PID_0920;Labtec WebCam(PID_0920);c:\windows\system32\DRIVERS\LV532AV.SYS [2006-05-14 163328] S4 hpt3xx;hpt3xx; [] *Newly Created Service* - NMSCFG . Contents of the 'Scheduled Tasks' folder 2008-11-26 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2008-11-28 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20] 2008-11-27 c:\windows\Tasks\User_Feed_Synchronization-{FA9CA42B-34DB-4CDB-8F4B-FB24CD460873}.job - c:\windows\system32\msfeedssync.exe [2008-08-22 02:05] . - - - - ORPHANS REMOVED - - - - HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe HKCU-Run-Microsoft Works Update Detection - c:\program files\Microsoft Works\WkDetect.exe HKCU-Run-PowerBar - (no file) . ------- Supplementary Scan ------- . FireFox -: Profile - c:\documents and settings\Billy\Application Data\Mozilla\Firefox\Profiles\a39yc0bg.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll FF -: plugin - c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll FF -: plugin - j:\my music\Mozilla Plugins\npitunes.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-28 15:36:15 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\program files\Windows Defender\MsMpEng.exe c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\windows\Nhksrv.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\windows\system32\CTSVCCDA.EXE c:\windows\system32\DVDRAMSV.exe c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe c:\program files\Dantz\Retrospect\retrorun.exe c:\progra~1\Dantz\RETROS~1\wdsvc.exe c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe c:\program files\Twonkyvision\TwonkyMedia.exe c:\program files\Viewpoint\Common\ViewpointService.exe c:\windows\system32\MsPMSPSv.exe c:\program files\Canon\CAL\CALMAIN.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe c:\windows\system32\NMSSvc.Exe c:\program files\Netropa\OSD.exe c:\program files\PC Connectivity Solution\ServiceLayer.exe c:\program files\iPod\bin\iPodService.exe c:\program files\PC Connectivity Solution\NclBTHandler.exe c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe . ************************************************************************** . Completion time: 2008-11-28 15:51:06 - machine was rebooted ComboFix-quarantined-files.txt 2008-11-28 20:50:57 Pre-Run: 28,838,035,456 bytes free Post-Run: 28,797,886,464 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn 212 --- E O F --- 2008-11-27 15:02:37
  25. Hello. I am running Windows XP, Avast, Ad-Aware 2008, Windows Defender, Spy Bot S&D and use Internet Explorer 8. After receiving a corupt file via FaceBook, my computer became infected. I attempted to clean using all of my tools and thought I had "Moved To Chest"using Avast. Now I am unable to access the internet but cna still use Outlook Express for email. Another strange caveat is that other users on the same computer can access the internet, so it must be isolated to my userprofile which is also the administrator. I have attached a Hijackthis log. Thank you for any help you can provide. Sincerely, Billy-boy hijackthis.log