Forum Home
Press F1
Thread ID: 88849	2008-04-08 17:48:00	closure still there!!!!!!!	midge (13599)	Press F1

Post ID	Timestamp	Content	User
658024	2008-04-11 23:52:00	Just in case the is hidden stuff... Ok.We need to download ComboFix.exe. This will give a better view to the files running and also hidden on your computer. Please visit this webpage for download links, and instructions for running ComboFix (www.bleepingcomputer.com) When the tool is finished, it will produce a report for you. Please copy and paste the "C:\ComboFix.txt" along with a new HijackThis log so that we can continue to do any further cleaning that your system may require. Caution: Never run and remove files with Combofix unless supervised by a security analyst. NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.	Pancake (6359)
658025	2008-04-12 02:22:00	And your IT qualifications for giving such drastic advice are..?Don't stress it laura, he just may be... (www.forcenz.com) ;)	Greg (193)
658026	2008-04-16 11:14:00	this is what I got from combofix......WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons the whole thing took about 10seconds???? have I done this right??? and this is the repeat HJT log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:17:26, on 16/04/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe C:\WINDOWS\system32\devldr32.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Netropa\Onscreen Display\OSD.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe D:\LiveUpdate.exe C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\WiFiConnector\NintendoWFCReg.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt.dll O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [diagnostics] "C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe" /icon -l:en O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TrojanScanner] D:\Trojan Remover\Trjscan.exe O4 - HKLM\..\Run: [ avast! ] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [BTCLiveUpdate] "D:\LiveUpdate.exe" /autostart O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\ Yahoo! \Common\yinsthelper.dll O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - h20264.www2.hp.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - www.update.microsoft.com O16 - DPF: {E1E73B44-2D20-47A9-9CA2-B534CEBBF856} (F-Secure Health Check 1.0) - support.f-secure.com O17 - HKLM\System\CCS\Services\Tcpip\..\{04EAEDE1-039A-497A-8642-263E76935EFA}: NameServer = 194.168.4.100 194.168.8.100 O17 - HKLM\System\CS1\Services\Tcpip\..\{04EAEDE1-039A-497A-8642-263E76935EFA}: NameServer = 194.168.4.100 194.168.8.100 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: DisplayLink Service (DisplayLinkService) - DisplayLink Corp. - C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe O23 - Service: SpeedTouch 330 Manager (st330service) - THOMSON Telecom Belgium - (no file) O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 9902 bytes	midge (13599)
658027	2008-04-16 12:03:00	OK FOLKS I messed that up!!!!!!!!!!!!!!!! This is the combofix log now, but after I ran it the pc said it had to shut down as it had encountered a serious problem . . . . ComboFix 08-04-14 . 2 - Ken 2008-04-16 11:34:56 . 2 - NTFSx86 Microsoft Windows XP Professional 5 . 1 . 2600 . 2 . 1252 . 1 . 1033 . 18 . 166 [GMT 1:00] Running from: C:\Documents and Settings\Ken\Desktop\ComboFix . exe . ((((((((((((((((((((((((( Files Created from 2008-03-16 to 2008-04-16 ))))))))))))))))))))))))))))))) . 2008-04-16 10:07 . 2008-03-29 18:45 1,146,232 --a------ C:\WINDOWS\system32\aswBoot . exe 2008-04-16 10:07 . 2004-01-09 09:13 380,928 --a------ C:\WINDOWS\system32\actskin4 . ocx 2008-04-16 10:07 . 2008-03-29 18:23 95,608 --a------ C:\WINDOWS\system32\AvastSS . scr 2008-04-16 10:07 . 2008-03-29 18:35 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2 . sys 2008-04-16 10:07 . 2008-01-17 16:34 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon . sys 2008-04-16 10:07 . 2008-03-29 18:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP . sys 2008-04-16 10:07 . 2008-03-29 18:27 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi . sys 2008-04-16 10:07 . 2008-03-29 18:26 26,944 --a------ C:\WINDOWS\system32\drivers\aavmker4 . sys 2008-04-16 10:07 . 2008-03-29 18:29 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr . sys 2008-04-16 10:07 . 2008-03-29 18:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk . sys 2008-04-14 10:13 . 2008-04-14 10:13 <DIR> d-------- C:\kav 2008-04-11 22:21 . 2008-04-11 22:21 <DIR> d-------- C:\WINDOWS\TSdesktoptoy 2008-04-11 22:21 . 2008-04-11 22:21 171,520 --a------ C:\WINDOWS\system32\cncs32 . dll 2008-04-11 22:21 . 2008-04-11 22:21 18 --a------ C:\WINDOWS\gfact . ini 2008-04-11 16:36 . 2008-04-11 16:36 <DIR> d-------- C:\Program Files\Fox 2008-04-10 23:00 . 2008-04-10 23:00 <DIR> d-------- C:\Documents and Settings\Ken\Application Data\Simply Super Software 2008-04-10 23:00 . 2008-04-10 23:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software 2008-04-10 23:00 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36 . dll 2008-04-10 23:00 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3 . dll 2008-04-10 23:00 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26 . dll 2008-04-10 23:00 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2 . dll 2008-04-10 23:00 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet . dll 2008-04-09 16:53 . 2008-04-09 16:53 <DIR> d-------- C:\Program Files\ Yahoo! 2008-04-09 16:53 . 2008-04-09 16:53 <DIR> d-------- C:\Program Files\CCleaner 2008-04-09 12:32 . 2008-04-09 12:32 <DIR> d-------- C:\Program Files\Trend Micro 2008-04-09 11:40 . 2008-04-09 11:40 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-04-09 11:40 . 2008-04-09 11:40 <DIR> d-------- C:\Documents and Settings\Ken\Application Data\Malwarebytes 2008-04-09 11:40 . 2008-04-09 11:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-04-09 11:38 . 2008-04-09 11:38 <DIR> d-------- C:\Program Files\Common Files\Download Manager 2008-04-07 18:15 . 2008-04-07 18:16 <DIR> d-------- C:\Program Files\iTunes 2008-04-07 18:15 . 2008-04-07 18:15 <DIR> d-------- C:\Program Files\iPod 2008-04-07 17:49 . 2008-04-07 17:49 0 --a------ C:\WINDOWS\nsreg . dat 2008-04-05 12:01 . 2007-09-05 23:22 289,144 --------- C:\WINDOWS\system32\VCCLSID . exe 2008-04-05 12:01 . 2006-04-27 16:49 288,417 --------- C:\WINDOWS\system32\SrchSTS . exe 2008-04-05 12:01 . 2008-03-01 23:12 86,016 --------- C:\WINDOWS\system32\VACFix . exe 2008-04-05 12:01 . 2008-03-05 22:29 82,432 --------- C:\WINDOWS\system32\IEDFix . exe 2008-04-05 12:01 . 2003-06-05 20:13 53,248 --------- C:\WINDOWS\system32\Process . exe 2008-04-05 12:01 . 2004-07-31 17:50 51,200 --------- C:\WINDOWS\system32\dumphive . exe 2008-04-05 12:01 . 2007-10-03 23:36 25,600 --------- C:\WINDOWS\system32\WS2Fix . exe 2008-04-02 22:27 . 2008-04-02 22:27 <DIR> d-------- C:\Program Files\DisplayLink Core Software 2008-04-02 22:27 . 2008-04-02 22:27 <DIR> d-------- C:\Program Files\Acer Monitor 2008-03-30 18:10 . 2008-03-30 18:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WEBREG 2008-03-30 18:03 . 2008-03-30 18:22 <DIR> d-------- C:\Documents and Settings\Ken\Application Data\HP 2008-03-30 17:59 . 2008-03-30 17:59 <DIR> d-------- C:\Program Files\Hewlett-Packard 2008-03-30 17:59 . 2008-03-30 17:59 <DIR> d-------- C:\Program Files\Common Files\HP 2008-03-30 17:59 . 2008-03-30 17:59 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard 2008-03-30 17:59 . 2008-03-30 17:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant 2008-03-30 17:59 . 2008-03-30 18:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP 2008-03-30 17:56 . 2008-03-30 18:10 164,924 --------- C:\WINDOWS\hpoins21 . dat 2008-03-30 17:56 . 2008-02-15 04:41 7,262 --------- C:\WINDOWS\hpomdl21 . dat 2008-03-30 17:46 . 2008-03-30 17:46 <DIR> d-------- C:\WINDOWS\Downloaded Installations 2008-03-30 17:46 . 2008-03-30 17:49 <DIR> d-------- C:\temp\FixEngine 2008-03-30 17:46 . 2008-03-30 17:46 <DIR> d-------- C:\temp 2008-03-30 17:46 . 2008-03-30 18:06 <DIR> d-------- C:\Program Files\Hp 2008-03-30 14:44 . 2008-03-30 14:44 <DIR> d-------- C:\Program Files\Roxio 2008-03-30 14:44 . 2008-03-30 14:44 <DIR> d-------- C:\Program Files\Common Files\SureThing Shared 2008-03-29 11:43 . 2008-03-29 11:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard 2008-03-29 11:43 . 2007-03-08 05:20 49,920 -r------- C:\WINDOWS\system32\drivers\HPZid412 . sys 2008-03-29 11:43 . 2007-03-08 05:20 16,496 -r------- C:\WINDOWS\system32\drivers\HPZipr12 . sys 2008-03-29 11:42 . 2007-05-02 09:56 954,368 -r------- C:\WINDOWS\system32\hpotiop5 . dll 2008-03-29 11:42 . 2007-05-02 10:01 675,840 -r------- C:\WINDOWS\system32\hpowiax5 . dll 2008-03-29 11:42 . 2007-03-08 05:20 364,544 -r------- C:\WINDOWS\system32\hppldcoi . dll 2008-03-29 11:42 . 2007-03-08 05:20 309,760 -r------- C:\WINDOWS\system32\difxapi . dll 2008-03-29 11:42 . 2007-05-02 10:00 303,104 -r------- C:\WINDOWS\system32\hpovst12 . dll 2008-03-29 11:42 . 2007-05-02 11:03 267,864 -r------- C:\WINDOWS\system32\hpzids01 . dll 2008-03-29 11:42 . 2007-03-15 16:32 118,272 --------- C:\WINDOWS\system32\hpz3l5ha . dll 2008-03-29 11:42 . 2007-03-08 05:20 21,568 -r------- C:\WINDOWS\system32\drivers\HPZius12 . sys 2008-03-29 11:42 . 2004-08-03 23:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan . sys 2008-03-29 11:42 . 2004-08-03 23:58 15,104 -----c--- C:\WINDOWS\system32\dllcache\usbscan . sys 2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR . qtx 2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime . qts 2008-03-23 16:40 . 2008-03-25 20:55 <DIR> d-------- C:\Program Files\WinXMedia 2008-03-23 16:39 . 2004-07-03 22:59 524,288 --------- C:\WINDOWS\system32\xvidcore . dll 2008-03-23 16:39 . 2004-07-03 23:08 139,264 --------- C:\WINDOWS\system32\xvidvfw . dll 2008-03-22 17:13 . 2008-03-22 17:13 0 --------- C:\WINDOWS\RA26E1 . tmp 2008-03-20 21:41 . 2008-03-30 14:07 <DIR> d-------- C:\Documents and Settings\Ken\Application Data\CheckPoint 2008-03-20 21:40 . 2008-03-20 21:40 144 --------- C:\WINDOWS\system32\lkfl . dat 2008-03-20 21:40 . 2008-03-30 14:07 96 --------- C:\WINDOWS\system32\pdfl . dat 2008-03-20 21:40 . 2008-03-20 21:40 96 --------- C:\WINDOWS\system32\ibfl . dat 2008-03-20 20:32 . 2001-06-29 20:40 29,696 --------- C:\WINDOWS\system32\flcss . exe 2008-03-20 19:06 . 2008-03-20 19:06 <DIR> d-------- C:\fsaua . data 2008-03-16 06:56 . 2008-03-16 06:56 <DIR> d-------- C:\Program Files\Tibia 2008-03-16 06:56 . 2008-03-16 06:57 <DIR> d-------- C:\Documents and Settings\Ken\Application Data\Tibia . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2008-04-16 08:47 --------- d-----w C:\Documents and Settings\Ken\Application Data\BitTorrent 2008-04-15 20:27 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-04-11 15:36 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-10 21:43 --------- d-----w C:\Documents and Settings\Ken\Application Data\DNA 2008-04-07 17:14 --------- d-----w C:\Program Files\QuickTime 2008-04-05 17:26 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec . DAT 2008-04-04 16:46 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-04-03 21:59 --------- d-----w C:\Program Files\Dobermann 2008-04-03 19:11 --------- d-----w C:\Program Files\Google 2008-03-27 13:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2008-03-24 15:04 --------- d-----w C:\Program Files\DNA 2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k . sys 2008-03-11 18:34 --------- d-----w C:\Program Files\WiFiConnector 2008-03-07 16:02 --------- d-----w C:\Program Files\KONAMI 2008-03-07 13:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\ Spybot - Search & Destroy 2008-03-06 13:04 2,864 ----a-w C:\WINDOWS\system32\winsock . dll 2008-03-03 12:03 --------- d-----w C:\Documents and Settings\Main\Application Data\ATI 2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet . dll 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32 . dll 2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr . dll 2008-02-09 18:47 2,368 ------w C:\WINDOWS\system32\SVKP . sys 2008-01-31 22:11 524,288 ------w C:\WINDOWS\system32\DivXsm . exe 2008-01-31 22:11 3,596,288 ------w C:\WINDOWS\system32\qt-dx331 . dll 2008-01-31 22:10 200,704 ------w C:\WINDOWS\system32\ssldivx . dll 2008-01-31 22:10 1,044,480 ------w C:\WINDOWS\system32\libdivx . dll 2008-01-29 11:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi . dll 2008-01-16 18:14 53,760 ------w C:\WINDOWS\system32\HPZipm12 . dll 2008-01-16 18:14 49,152 ------w C:\WINDOWS\system32\HPZidr12 . dll 2008-01-16 18:14 43,520 ------w C:\WINDOWS\system32\HPZinw12 . dll 2008-01-16 18:14 33,280 ------w C:\WINDOWS\system32\HPZipr12 . dll 2008-01-16 18:14 29,696 ------w C:\WINDOWS\system32\hpzipt12 . dll 2008-01-16 18:14 20,480 ------w C:\WINDOWS\system32\hpzisn12 . dll 2003-10-23 17:52 40,960 ------w C:\Program Files\Uninstall_CDS . exe 2008-01-09 23:55 385,257 --sh--w C:\WINDOWS\system32\ttstv . ini2 . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}] 2007-11-06 01:50 542016 --------- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO . dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs . exe" [2004-10-13 17:24 1694208] "ctfmon . exe"="C:\WINDOWS\system32\ctfmon . exe" [2004-08-04 01:56 15360] "Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect . exe" [2004-12-02 19:23 102400] "CTSyncU . exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU . exe" [2007-07-17 12:03 868352] "BTCLiveUpdate"="D:\LiveUpdate . exe" [2004-03-08 13:50 430080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx . exe" [2004-07-10 22:10 339968] "diagnostics"="C:\Program Files\Thomson\ST330\diagnostics\diagnostics . exe" [2007-11-22 23:08 557149] "SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag . exe" [2007-06-11 08:06 901120] "MULTIMEDIA KEYBOARD"="C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd . exe" [2002-06-19 10:50 180224] "ATICCC"="C:\Program Files\ATI Technologies\ATI . ACE\cli . exe" [2006-01-02 17:41 45056] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2 . exe" [2007-10-14 21:17 49152] "hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon . exe" [2007-08-22 16:31 80896] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper . exe" [2008-03-30 10:36 267048] "TrojanScanner"="D:\Trojan Remover\Trjscan . exe" [2008-04-07 19:51 873040] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor . lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqtra08 . exe [2007-10-14 20:38:52 214360] NkbMonitor . exe . lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor . exe [2007-12-31 13:11:51 118784] Run Nintendo Wi-Fi USB Connector Registration Tool . lnk - C:\Program Files\WiFiConnector\NintendoWFCReg . exe [2008-03-11 19:34:07 1073152] [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr . exe"= "%windir%\\Network Diagnostic\\xpnetdiag . exe"= "C:\\Program Files\\Thomson\\ST330\\service\\st330service . exe"= "C:\\Program Files\\Messenger\\msmsgs . exe"= "C:\\Program Files\\BitTorrent\\bittorrent . exe"= "C:\\WINDOWS\\system32\\drqthhnp . exe"= "C:\\WINDOWS\\system32\\hejlnqli . exe"= "C:\\Program Files\\Bonjour\\mDNSResponder . exe"= "C:\\WINDOWS\\system32\\pnhtupfj . exe"= "C:\\Program Files\\DNA\\btdna . exe"= "D:\\BitTorrent\\bittorrent . exe"= "C:\\Program Files\\WiFiConnector\\NintendoWFCReg . exe"= "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08 . exe"= "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08 . exe"= "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxm08 . exe"= "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hposfx08 . exe"= "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01 . exe"= "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpzwiz01 . exe"= "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpoews01 . exe"= "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpiscnapp . exe"= "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp . exe"= "C:\\Program Files\\iTunes\\iTunes . exe"= "C:\\Westwood\\RA2\\game . exe"= "C:\\kav\\kav7 . 0\\english\\setup . exe"= "C:\\Westwood\\SUN\\GAME . ICD"= R0 si3112r;Silicon Image SiI 3512 SATARaid Controller;C:\WINDOWS\system32\drivers\si3112r . sys [2007-08-29 04:04] R0 SiWinAcc;SiWinAcc;C:\WINDOWS\system32\drivers\SiWi nAcc . sys [2007-08-29 04:04] R1 aswSP; avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP . sys [2008-03-29 18:31] R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\msikbd2k . sys [2001-12-20 09:02] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswF sBlk . sys [2008-03-29 18:35] R2 DisplayLinkService;DisplayLink Service;"C:\Program Files\DisplayLink Core Software\DisplayLinkService . exe" [2007-12-13 10:28] R2 nhksrv;Netropa NHK Server;C:\Program Files\Netropa\Multimedia Keyboard\nhksrv . exe [2001-08-06 06:41] R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP . sys [2008-02-09 19:47] R3 DisplayLinkmirror;DisplayLinkmirror;C:\WINDOWS\sys tem32\DRIVERS\DisplayLinkmirrorport . sys [2007-03-09 12:16] S2 PPSCAN;PPSCAN;C:\WINDOWS\system32\drivers\PPSCAN . s ys [2002-03-29 15:58] S3 ST330;ST330;C:\WINDOWS\system32\drivers\st330 . sys [2007-11-22 22:32] S3 STBUS;STBUS;C:\WINDOWS\system32\drivers\stbus . sys [2007-11-22 22:32] S3 STETH;SpeedTouch Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\steth . sys [2007-11-22 22:32] S3 stppp;Speedtouch PPP Adapter Adapter;C:\WINDOWS\system32\DRIVERS\stppp . sys [2007-11-22 22:58] S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus . sys [2006-10-24 15:10] S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl . sys [2006-10-24 15:11] S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm . sys [2006-10-24 15:11] S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt . sys [2006-10-24 15:12] S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex . sys [2006-10-24 15:12] S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus . sys [2005-12-28 13:46] S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl . sys [2005-12-28 13:47] S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm . sys [2005-12-28 13:47] S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt . sys [2005-12-28 13:48] S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex . sys [2005-12-28 13:49] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder "2008-04-14 17:06:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate . job" - C:\Program Files\Apple Software Update\SoftwareUpdate . exe "2008-04-14 17:55:00 C:\WINDOWS\Tasks\backup . job" - C:\WINDOWS\system32\ntbackup . exeèbackup . ************************************************** ************************ catchme 0 . 3 . 1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www . gmer . net Rootkit scan 2008-04-16 11:36:33 Windows 5 . 1 . 2600 Service Pack 2 NTFS scanning hidden processes . . . scanning hidden autostart entries . . . scanning hidden files . . . scan completed successfully hidden files: 0 ************************************************** ************************ . Completion time: 2008-04-16 11:37:31 ComboFix-quarantined-files . txt 2008-04-16 10:37:20 ComboFix2 . txt 2008-04-16 10:28:51 Pre-Run: 8,652,980,224 bytes free Post-Run: 8,640,933,888 bytes free . 2008-04-11 12:55:13 --- E O F --- AN THIS IS THE REPEAT HJT LOG I RAN AFTER I DID COMBOFIX PROPERLY!!!!! Logfile of Trend Micro HijackThis v2 . 0 . 2 Scan saved at 11:49, on 2008-04-16 Platform: Windows XP SP2 (WinNT 5 . 01 . 2600) MSIE: Internet Explorer v7 . 00 (7 . 00 . 6000 . 16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss . exe C:\WINDOWS\system32\winlogon . exe C:\WINDOWS\system32\services . exe C:\WINDOWS\system32\lsass . exe C:\WINDOWS\system32\svchost . exe C:\Program Files\DisplayLink Core Software\DisplayLinkService . exe C:\WINDOWS\System32\svchost . exe C:\WINDOWS\system32\svchost . exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice . exe C:\Program Files\Alwil Software\Avast4\aswUpdSv . exe C:\Program Files\Alwil Software\Avast4\ashServ . exe C:\WINDOWS\Explorer . EXE C:\Program Files\DisplayLink Core Software\DisplayLinkManager . exe C:\Program Files\DisplayLink Core Software\DisplayLinkUI . exe C:\Program Files\Thomson\ST330\diagnostics\diagnostics . exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag . exe C:\WINDOWS\system32\spoolsv . exe C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd . exe C:\Program Files\HP\HP Software Update\HPWuSchd2 . exe C:\Program Files\iTunes\iTunesHelper . exe C:\WINDOWS\system32\devldr32 . exe C:\Program Files\Messenger\msmsgs . exe C:\WINDOWS\system32\ctfmon . exe C:\Program Files\Creative\MediaSource\Detector\CTDetect . exe C:\Program Files\Netropa\Multimedia Keyboard\nhksrv . exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU . exe C:\Program Files\Netropa\Multimedia Keyboard\TrayMon . exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService . exe C:\Program Files\Netropa\Onscreen Display\OSD . exe D:\LiveUpdate . exe C:\Program Files\Bonjour\mDNSResponder . exe C:\Program Files\Hp\Digital Imaging\bin\hpqtra08 . exe C:\WINDOWS\system32\CTsvcCDA . exe C:\Program Files\Nikon\PictureProject\NkbMonitor . exe C:\Program Files\WiFiConnector\NintendoWFCReg . exe C:\WINDOWS\system32\svchost . exe C:\WINDOWS\System32\svchost . exe C:\WINDOWS\System32\svchost . exe C:\WINDOWS\System32\svchost . exe C:\WINDOWS\Explorer . EXE C:\Program Files\Alwil Software\Avast4\ashMaiSv . exe C:\Program Files\Alwil Software\Avast4\ashWebSv . exe C:\Program Files\iPod\bin\iPodService . exe C:\WINDOWS\System32\svchost . exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08 . exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08 . exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01 . exe C:\WINDOWS\system32\NOTEPAD . EXE C:\Program Files\Mozilla Firefox\firefox . exe C:\Program Files\Trend Micro\HijackThis\HijackThis . exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google . co . uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = . microsoft . com/fwlink/?LinkId=69157" target="_blank">go . microsoft . com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = . microsoft . com/fwlink/?LinkId=54896" target="_blank">go . microsoft . com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = . microsoft . com/fwlink/?LinkId=54896" target="_blank">go . microsoft . com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = . microsoft . com/fwlink/?LinkId=69157" target="_blank">go . microsoft . com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt . dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt . dll O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer . dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5 . 0\Reader\ActiveX\AcroIEHelper . ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1 . 6 . 0_03\bin\ssv . dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO . dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt . dll O4 - HKLM\ . . \Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx . exe O4 - HKLM\ . . \Run: [diagnostics] "C:\Program Files\Thomson\ST330\diagnostics\diagnostics . exe" /icon -l:en O4 - HKLM\ . . \Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag . exe" /icon O4 - HKLM\ . . \Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd . exe O4 - HKLM\ . . \Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI . ACE\cli . exe" runtime -Delay O4 - HKLM\ . . \Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2 . exe O4 - HKLM\ . . \Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon . exe O4 - HKLM\ . . \Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper . exe" O4 - HKLM\ . . \Run: [TrojanScanner] D:\Trojan Remover\Trjscan . exe O4 - HKLM\ . . \Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\ . . \Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs . exe" /background O4 - HKCU\ . . \Run: [ctfmon . exe] C:\WINDOWS\system32\ctfmon . exe O4 - HKCU\ . . \Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect . exe" /R O4 - HKCU\ . . \Run: [CTSyncU . exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU . exe" O4 - HKCU\ . . \Run: [BTCLiveUpdate] "D:\LiveUpdate . exe" /autostart O4 - Global Startup: HP Digital Imaging Monitor . lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08 . exe O4 - Global Startup: NkbMonitor . exe . lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor . exe O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool . lnk = C:\Program Files\WiFiConnector\NintendoWFCReg . exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL . EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1 . 6 . 0_03\bin\ssv . dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1 . 6 . 0_03\bin\ssv . dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR . DLL O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO . dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw . dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw . dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag . exe O9 - Extra 'Tools' menuitem: @xpsp3res . dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag . exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O12 - Plugin for . spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox . dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\ Yahoo! \Common\yinsthelper . dll O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - . www2 . hp . com/ediags/dd/install/HPDriverDiagnosticsxp2k . cab" target="_blank">h20264 . www2 . hp . com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - . update . microsoft . com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site . cab?1195521811593" target="_blank">www . update . microsoft . com O16 - DPF: {E1E73B44-2D20-47A9-9CA2-B534CEBBF856} (F-Secure Health Check 1 . 0) - . f-secure . com/enu/home/onlineservices/fshc/fscax . cab" target="_blank">support . f-secure . com O17 - HKLM\System\CCS\Services\Tcpip\ . . \{04EAEDE1-039A-497A-8642-263E76935EFA}: NameServer = 194 . 168 . 4 . 100 194 . 168 . 8 . 100 O17 - HKLM\System\CS1\Services\Tcpip\ . . \{04EAEDE1-039A-497A-8642-263E76935EFA}: NameServer = 194 . 168 . 4 . 100 194 . 168 . 8 . 100 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice . exe O23 - Service: Apple Mobile Device - Apple, Inc . - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService . exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv . exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ . exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv . exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv . exe O23 - Service: ##Id_String1 . 6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc . - C:\Program Files\Bonjour\mDNSResponder . exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA . exe O23 - Service: DisplayLink Service (DisplayLinkService) - DisplayLink Corp . - C:\Program Files\DisplayLink Core Software\DisplayLinkService . exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd . - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService . exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService . exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT . exe O23 - Service: iPod Service - Apple Inc . - C:\Program Files\iPod\bin\iPodService . exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv . exe O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC . EXE (file missing) O23 - Service: SpeedTouch 330 Manager (st330service) - THOMSON Telecom Belgium - (no file) O23 - Service: stllssvr - MicroVision Development, Inc . - C:\Program Files\Common Files\SureThing Shared\stllssvr . exe -- End of file - 10012 bytes	midge (13599)
658028	2008-04-16 23:37:00	This file is often used for running worms but looks as if it been deleted but its mate is still there and that needs to come out . . Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes . Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT . O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC . EXE (file missing) ============================== Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions . It's IMPORTANT to carry out the instructions in the sequence listed below . 1 . Close any open browsers . 2 . Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix . Open *notepad* and copy/paste the text in the quotebox below into it: Killall:: File:: C:\WINDOWS\gfact . ini Save this as CFScript . txt, in the same location as ComboFix . exe which is on the Desktop . . pandora . be/bluepatchy/miekiemoes/images/CFScript . gif" target="_blank">users . pandora . be Refering to the picture above, drag CFScript . txt into ComboFix . exe When finished, it shall produce a log for you at C:\ComboFix . txt Please copy and paste the ComboFix . txt along with a fresh HijackThis log in your next reply please . *Note: Do not mouseclick combofix's window whilst it's running . That may cause it to stall . Altering this script in any way could damage your compter*	Pancake (6359)
658029	2008-04-17 19:53:00	OK where do I find notepad and how do I copy and paste?? I opened c drive where the notepad log for combofix and hjt are and made a new folder, I can highlight and copy this page but it won`t paste or copy into the new file on c drive.....	midge (13599)
658030	2008-04-17 21:13:00	You go to start / all programs / accessories / notepad You highlight the text Pancake posted then select right mouse copy Then right mouse paste in notepad	Speedy Gonzales (78)
658031	2008-04-23 17:12:00	OK did that and here`s the log . . . ComboFix 08-04-14 . 2 - Ken 2008-04-23 16:50:01 . 3 - NTFSx86 Microsoft Windows XP Professional 5 . 1 . 2600 . 2 . 1252 . 1 . 1033 . 18 . 249 [GMT 1:00] Running from: C:\Documents and Settings\Ken\Desktop\ComboFix . exe Command switches used :: C:\Documents and Settings\Ken\Desktop\CFScript . txt * Created a new restore point FILE :: C:\\WINDOWS\\system32\\drqthhnp . exe C:\\WINDOWS\\system32\\hejlnqli . exe C:\\WINDOWS\\system32\\pnhtupfj . exe C:\WINDOWS\system32\ttstv . ini2 . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\\WINDOWS\\system32\\drqthhnp . exe C:\\WINDOWS\\system32\\hejlnqli . exe C:\\WINDOWS\\system32\\pnhtupfj . exe C:\WINDOWS\system32\ttstv . ini2 . ((((((((((((((((((((((((( Files Created from 2008-03-23 to 2008-04-23 ))))))))))))))))))))))))))))))) . 2008-04-23 14:27 . 2008-04-23 14:30 <DIR> d-------- C:\Program Files\GTA Vice City - Deluxe 2008-04-22 15:03 . 2008-04-22 15:05 <DIR> d-------- C:\Documents and Settings\Ken\Application Data\GetRightToGo 2008-04-21 18:07 . 2008-04-21 18:07 <DIR> d-------- C:\Program Files\Apple Software Update 2008-04-18 10:02 . 2008-04-18 10:02 <DIR> d-------- C:\Program Files\Universal Interactive 2008-04-17 20:00 . 2008-04-17 20:00 <DIR> d-------- C:\VundoFix Backups 2008-04-17 19:49 . 2008-04-17 19:49 <DIR> d-------- C:\pf1 p`cake 2008-04-16 13:38 . 2008-03-29 18:45 1,146,232 --a------ C:\WINDOWS\system32\aswBoot . exe 2008-04-16 13:38 . 2008-03-29 18:23 95,608 --a------ C:\WINDOWS\system32\AvastSS . scr 2008-04-16 13:38 . 2008-03-29 18:35 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2 . sys 2008-04-16 13:38 . 2008-01-17 16:34 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon . sys 2008-04-16 13:38 . 2008-03-29 18:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP . sys 2008-04-16 13:38 . 2008-03-29 18:27 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi . sys 2008-04-16 13:38 . 2008-03-29 18:26 26,944 --a------ C:\WINDOWS\system32\drivers\aavmker4 . sys 2008-04-16 13:38 . 2008-03-29 18:29 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr . sys 2008-04-16 13:38 . 2008-03-29 18:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk . sys 2008-04-16 10:07 . 2004-01-09 09:13 380,928 --a------ C:\WINDOWS\system32\actskin4 . ocx 2008-04-14 10:13 . 2008-04-14 10:13 <DIR> d-------- C:\kav 2008-04-11 22:21 . 2008-04-11 22:21 <DIR> d-------- C:\WINDOWS\TSdesktoptoy 2008-04-11 22:21 . 2008-04-11 22:21 171,520 --a------ C:\WINDOWS\system32\cncs32 . dll 2008-04-11 22:21 . 2008-04-11 22:21 18 --a------ C:\WINDOWS\gfact . ini 2008-04-11 16:36 . 2008-04-11 16:36 <DIR> d-------- C:\Program Files\Fox 2008-04-10 23:00 . 2008-04-10 23:00 <DIR> d-------- C:\Documents and Settings\Ken\Application Data\Simply Super Software 2008-04-10 23:00 . 2008-04-10 23:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software 2008-04-10 23:00 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36 . dll 2008-04-10 23:00 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3 . dll 2008-04-10 23:00 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26 . dll 2008-04-10 23:00 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2 . dll 2008-04-10 23:00 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet . dll 2008-04-09 16:53 . 2008-04-09 16:53 <DIR> d-------- C:\Program Files\ Yahoo! 2008-04-09 16:53 . 2008-04-09 16:53 <DIR> d-------- C:\Program Files\CCleaner 2008-04-09 12:32 . 2008-04-09 12:32 <DIR> d-------- C:\Program Files\Trend Micro 2008-04-09 11:40 . 2008-04-09 11:40 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-04-09 11:40 . 2008-04-09 11:40 <DIR> d-------- C:\Documents and Settings\Ken\Application Data\Malwarebytes 2008-04-09 11:40 . 2008-04-09 11:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-04-09 11:38 . 2008-04-09 11:38 <DIR> d-------- C:\Program Files\Common Files\Download Manager 2008-04-07 18:15 . 2008-04-07 18:16 <DIR> d-------- C:\Program Files\iTunes 2008-04-07 18:15 . 2008-04-07 18:15 <DIR> d-------- C:\Program Files\iPod 2008-04-07 17:49 . 2008-04-07 17:49 0 --a------ C:\WINDOWS\nsreg . dat 2008-04-05 12:01 . 2007-09-05 23:22 289,144 --------- C:\WINDOWS\system32\VCCLSID . exe 2008-04-05 12:01 . 2006-04-27 16:49 288,417 --------- C:\WINDOWS\system32\SrchSTS . exe 2008-04-05 12:01 . 2008-03-01 23:12 86,016 --------- C:\WINDOWS\system32\VACFix . exe 2008-04-05 12:01 . 2008-03-05 22:29 82,432 --------- C:\WINDOWS\system32\IEDFix . exe 2008-04-05 12:01 . 2003-06-05 20:13 53,248 --------- C:\WINDOWS\system32\Process . exe 2008-04-05 12:01 . 2004-07-31 17:50 51,200 --------- C:\WINDOWS\system32\dumphive . exe 2008-04-05 12:01 . 2007-10-03 23:36 25,600 --------- C:\WINDOWS\system32\WS2Fix . exe 2008-04-02 22:27 . 2008-04-02 22:27 <DIR> d-------- C:\Program Files\DisplayLink Core Software 2008-04-02 22:27 . 2008-04-02 22:27 <DIR> d-------- C:\Program Files\Acer Monitor 2008-03-30 18:10 . 2008-03-30 18:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WEBREG 2008-03-30 18:03 . 2008-03-30 18:22 <DIR> d-------- C:\Documents and Settings\Ken\Application Data\HP 2008-03-30 17:59 . 2008-03-30 17:59 <DIR> d-------- C:\Program Files\Hewlett-Packard 2008-03-30 17:59 . 2008-03-30 17:59 <DIR> d-------- C:\Program Files\Common Files\HP 2008-03-30 17:59 . 2008-03-30 17:59 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard 2008-03-30 17:59 . 2008-03-30 17:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant 2008-03-30 17:59 . 2008-03-30 18:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP 2008-03-30 17:56 . 2008-03-30 18:10 164,924 --------- C:\WINDOWS\hpoins21 . dat 2008-03-30 17:56 . 2008-02-15 04:41 7,262 --------- C:\WINDOWS\hpomdl21 . dat 2008-03-30 17:46 . 2008-03-30 17:46 <DIR> d-------- C:\WINDOWS\Downloaded Installations 2008-03-30 17:46 . 2008-03-30 17:49 <DIR> d-------- C:\temp\FixEngine 2008-03-30 17:46 . 2008-03-30 17:46 <DIR> d-------- C:\temp 2008-03-30 17:46 . 2008-03-30 18:06 <DIR> d-------- C:\Program Files\Hp 2008-03-30 14:44 . 2008-03-30 14:44 <DIR> d-------- C:\Program Files\Roxio 2008-03-30 14:44 . 2008-03-30 14:44 <DIR> d-------- C:\Program Files\Common Files\SureThing Shared 2008-03-29 11:43 . 2008-03-29 11:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard 2008-03-29 11:43 . 2007-03-08 05:20 49,920 -r------- C:\WINDOWS\system32\drivers\HPZid412 . sys 2008-03-29 11:43 . 2007-03-08 05:20 16,496 -r------- C:\WINDOWS\system32\drivers\HPZipr12 . sys 2008-03-29 11:42 . 2007-05-02 09:56 954,368 -r------- C:\WINDOWS\system32\hpotiop5 . dll 2008-03-29 11:42 . 2007-05-02 10:01 675,840 -r------- C:\WINDOWS\system32\hpowiax5 . dll 2008-03-29 11:42 . 2007-03-08 05:20 364,544 -r------- C:\WINDOWS\system32\hppldcoi . dll 2008-03-29 11:42 . 2007-03-08 05:20 309,760 -r------- C:\WINDOWS\system32\difxapi . dll 2008-03-29 11:42 . 2007-05-02 10:00 303,104 -r------- C:\WINDOWS\system32\hpovst12 . dll 2008-03-29 11:42 . 2007-05-02 11:03 267,864 -r------- C:\WINDOWS\system32\hpzids01 . dll 2008-03-29 11:42 . 2007-03-15 16:32 118,272 --------- C:\WINDOWS\system32\hpz3l5ha . dll 2008-03-29 11:42 . 2007-03-08 05:20 21,568 -r------- C:\WINDOWS\system32\drivers\HPZius12 . sys 2008-03-29 11:42 . 2004-08-03 23:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan . sys 2008-03-29 11:42 . 2004-08-03 23:58 15,104 -----c--- C:\WINDOWS\system32\dllcache\usbscan . sys 2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR . qtx 2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime . qts 2008-03-23 16:40 . 2008-03-25 20:55 <DIR> d-------- C:\Program Files\WinXMedia 2008-03-23 16:39 . 2004-07-03 22:59 524,288 --------- C:\WINDOWS\system32\xvidcore . dll 2008-03-23 16:39 . 2004-07-03 23:08 139,264 --------- C:\WINDOWS\system32\xvidvfw . dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2008-04-22 19:37 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec . DAT 2008-04-22 19:25 --------- d-----w C:\Documents and Settings\Ken\Application Data\BitTorrent 2008-04-21 19:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2008-04-18 09:05 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-16 13:06 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-04-10 21:43 --------- d-----w C:\Documents and Settings\Ken\Application Data\DNA 2008-04-07 17:14 --------- d-----w C:\Program Files\QuickTime 2008-04-04 16:46 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-04-03 21:59 --------- d-----w C:\Program Files\Dobermann 2008-04-03 19:11 --------- d-----w C:\Program Files\Google 2008-03-30 13:07 --------- d-----w C:\Documents and Settings\Ken\Application Data\CheckPoint 2008-03-24 15:04 --------- d-----w C:\Program Files\DNA 2008-03-16 05:57 --------- d-----w C:\Documents and Settings\Ken\Application Data\Tibia 2008-03-16 05:56 --------- d-----w C:\Program Files\Tibia 2008-03-11 18:34 --------- d-----w C:\Program Files\WiFiConnector 2008-03-07 16:02 --------- d-----w C:\Program Files\KONAMI 2008-03-07 13:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\ Spybot - Search & Destroy 2008-03-03 12:03 --------- d-----w C:\Documents and Settings\Main\Application Data\ATI 2003-10-23 17:52 40,960 ------w C:\Program Files\Uninstall_CDS . exe . ((((((((((((((((((((((((((((( snapshot@2008-04-16_11 . 37 . 10 . 79 ))))))))))))))))))))))))))))))))))))))))) . - 2008-04-16 10:29:55 2,048 --s-a-w C:\WINDOWS\bootstat . dat + 2008-04-23 15:53:01 2,048 --s-a-w C:\WINDOWS\bootstat . dat + 2008-04-21 17:07:49 27,136 ----a-r C:\WINDOWS\Installer\{02DFF6B1-1654-411C-8D7B-FD6052EF016F}\AppleSoftwareUpdateIco . exe + 2008-04-18 09:03:40 3,262 ----a-r C:\WINDOWS\Installer\{A347C572-F7B4-43A3-BD51-FFC99184F70D}\ARPPRODUCTICON . exe - 2008-01-03 18:19:34 581,632 ------w C:\WINDOWS\system32\Macromed\Shockwave 10\Control . dll + 2008-03-14 22:29:22 581,632 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Control . dll + 2008-03-14 22:12:30 1,490,944 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\dirapiX . dll - 2008-01-03 18:20:14 24,576 ------w C:\WINDOWS\system32\Macromed\Shockwave 10\DynaPlayer . dll + 2008-03-14 22:29:58 24,576 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\DynaPlayer . dll + 2008-03-14 22:10:06 606,208 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\iml32X . dll - 2008-01-03 18:18:56 339,968 ------w C:\WINDOWS\system32\Macromed\Shockwave 10\Plugin . dll + 2008-03-14 22:28:48 339,968 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Plugin . dll - 2008-01-03 18:19:06 475,136 ------w C:\WINDOWS\system32\Macromed\Shockwave 10\PluginPing . dll + 2008-03-14 22:28:56 475,136 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\PluginPing . dll - 2008-01-03 18:11:48 180,224 ------w C:\WINDOWS\system32\Macromed\Shockwave 10\Proj . dll + 2008-03-14 22:21:52 180,224 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Proj . dll - 2008-01-03 18:22:06 77,824 ------w C:\WINDOWS\system32\Macromed\Shockwave 10\SwInit . exe + 2008-03-14 22:31:28 77,824 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwInit . exe + 2008-03-15 10:38:08 86,016 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwMenuX . dll - 2008-01-03 18:22:08 98,304 ------w C:\WINDOWS\system32\Macromed\Shockwave 10\SwOnce . dll + 2008-03-14 22:31:28 98,304 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwOnce . dll - 2008-04-16 10:34:18 60,740 ----a-w C:\WINDOWS\system32\perfc009 . dat + 2008-04-23 09:35:45 60,740 ----a-w C:\WINDOWS\system32\perfc009 . dat - 2008-04-16 10:34:18 400,772 ----a-w C:\WINDOWS\system32\perfh009 . dat + 2008-04-23 09:35:45 400,772 ----a-w C:\WINDOWS\system32\perfh009 . dat + 2008-04-23 15:53:15 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_614 . dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}] 2007-11-06 01:50 542016 --------- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO . dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs . exe" [2004-10-13 17:24 1694208] "ctfmon . exe"="C:\WINDOWS\system32\ctfmon . exe" [2004-08-04 01:56 15360] "Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect . exe" [2004-12-02 19:23 102400] "CTSyncU . exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU . exe" [2007-07-17 12:03 868352] "BTCLiveUpdate"="D:\LiveUpdate . exe" [2004-03-08 13:50 430080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx . exe" [2004-07-10 22:10 339968] "diagnostics"="C:\Program Files\Thomson\ST330\diagnostics\diagnostics . exe" [2007-11-22 23:08 557149] "SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag . exe" [2007-06-11 08:06 901120] "MULTIMEDIA KEYBOARD"="C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd . exe" [2002-06-19 10:50 180224] "ATICCC"="C:\Program Files\ATI Technologies\ATI . ACE\cli . exe" [2006-01-02 17:41 45056] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2 . exe" [2007-10-14 21:17 49152] "hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon . exe" [2007-08-22 16:31 80896] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper . exe" [2008-03-30 10:36 267048] "TrojanScanner"="D:\Trojan Remover\Trjscan . exe" [2008-04-07 19:51 873040] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor . lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqtra08 . exe [2007-10-14 20:38:52 214360] NkbMonitor . exe . lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor . exe [2007-12-31 13:11:51 118784] Run Nintendo Wi-Fi USB Connector Registration Tool . lnk - C:\Program Files\WiFiConnector\NintendoWFCReg . exe [2008-03-11 19:34:07 1073152] [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr . exe"= "%windir%\\Network Diagnostic\\xpnetdiag . exe"= "C:\\Program Files\\Thomson\\ST330\\service\\st330service . exe"= "C:\\Program Files\\Messenger\\msmsgs . exe"= "C:\\Program Files\\BitTorrent\\bittorrent . exe"= "C:\\Program Files\\Bonjour\\mDNSResponder . exe"= "C:\\Program Files\\DNA\\btdna . exe"= "D:\\BitTorrent\\bittorrent . exe"= "C:\\Program Files\\WiFiConnector\\NintendoWFCReg . exe"= "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08 . exe"= "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08 . exe"= "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxm08 . exe"= "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hposfx08 . exe"= "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01 . exe"= "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpzwiz01 . exe"= "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpoews01 . exe"= "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpiscnapp . exe"= "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp . exe"= "C:\\Program Files\\iTunes\\iTunes . exe"= "C:\\Westwood\\RA2\\game . exe"= "C:\\kav\\kav7 . 0\\english\\setup . exe"= "C:\\Westwood\\SUN\\GAME . ICD"= "C:\\Westwood\\RA2\\gamemd . exe"= "C:\\Westwood\\RA2\\patchgetmd . dat"= R0 si3112r;Silicon Image SiI 3512 SATARaid Controller;C:\WINDOWS\system32\drivers\si3112r . sys [2007-08-29 04:04] R0 SiWinAcc;SiWinAcc;C:\WINDOWS\system32\drivers\SiWi nAcc . sys [2007-08-29 04:04] R1 aswSP; avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP . sys [2008-03-29 18:31] R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\msikbd2k . sys [2001-12-20 09:02] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswF sBlk . sys [2008-03-29 18:35] R2 DisplayLinkServiceisplayLink Service;"C:\Program Files\DisplayLink Core Software\DisplayLinkService . exe" [2007-12-13 10:28] R2 nhksrv;Netropa NHK Server;C:\Program Files\Netropa\Multimedia Keyboard\nhksrv . exe [2001-08-06 06:41] R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP . sys [2008-02-09 19:47] R3 DisplayLinkmirrorisplayLinkmirror;C:\WINDOWS\syste m32\DRIVERS\DisplayLinkmirrorport . sys [2007-03-09 12:16] S2 PPSCAN;PPSCAN;C:\WINDOWS\system32\drivers\PPSCAN . s ys [2002-03-29 15:58] S3 ST330;ST330;C:\WINDOWS\system32\drivers\st330 . sys [2007-11-22 22:32] S3 STBUS;STBUS;C:\WINDOWS\system32\drivers\stbus . sys [2007-11-22 22:32] S3 STETH;SpeedTouch Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\steth . sys [2007-11-22 22:32] S3 stppp;Speedtouch PPP Adapter Adapter;C:\WINDOWS\system32\DRIVERS\stppp . sys [2007-11-22 22:58] S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus . sys [2006-10-24 15:10] S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl . sys [2006-10-24 15:11] S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm . sys [2006-10-24 15:11] S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt . sys [2006-10-24 15:12] S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex . sys [2006-10-24 15:12] S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus . sys [2005-12-28 13:46] S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl . sys [2005-12-28 13:47] S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm . sys [2005-12-28 13:47] S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt . sys [2005-12-28 13:48] S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex . sys [2005-12-28 13:49] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder "2008-04-21 19:48:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate . job" - C:\Program Files\Apple Software Update\SoftwareUpdate . exe "2008-04-21 17:55:00 C:\WINDOWS\Tasks\backup . job" - C:\WINDOWS\system32\ntbackup . exeŠbackup . ************************************************** ************************ catchme 0 . 3 . 1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www . gmer . net Rootkit scan 2008-04-23 16:53:37 Windows 5 . 1 . 2600 Service Pack 2 NTFS scanning hidden processes . . . scanning hidden autostart entries . . . scanning hidden files . . . scan completed successfully hidden files: 0 ************************************************** ************************ . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice . exe C:\Program Files\Alwil Software\Avast4\aswUpdSv . exe C:\Program Files\Alwil Software\Avast4\ashServ . exe C:\Program Files\DisplayLink Core Software\DisplayLinkManager . exe C:\Program Files\DisplayLink Core Software\DisplayLinkUI . exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService . exe C:\Program Files\Bonjour\mDNSResponder . exe C:\WINDOWS\system32\CTSVCCDA . EXE C:\WINDOWS\system32\devldr32 . exe C:\Program Files\Netropa\Multimedia Keyboard\Traymon . exe C:\Program Files\Netropa\Onscreen Display\osd . exe C:\Program Files\Alwil Software\Avast4\ashMaiSv . exe C:\Program Files\Alwil Software\Avast4\ashWebSv . exe C:\Program Files\iPod\bin\iPodService . exe C:\Program Files\Hp\Digital Imaging\bin\hpqste08 . exe C:\Program Files\Hp\Digital Imaging\bin\hpqbam08 . exe C:\Program Files\Hp\Digital Imaging\bin\hpqgpc01 . exe . ************************************************** ************************ . Completion time: 2008-04-23 16:57:22 - machine was rebooted [Ken] ComboFix-quarantined-files . txt 2008-04-23 15:57:18 ComboFix2 . txt 2008-04-16 10:28:51 Pre-Run: 4,830,552,064 bytes free Post-Run: 4,819,169,280 bytes free . 2008-04-11 12:55:13 --- E O F --- AND THIS IS THE HJT LOG . . . Logfile of Trend Micro HijackThis v2 . 0 . 2 Scan saved at 17:04:08, on 23/04/2008 Platform: Windows XP SP2 (WinNT 5 . 01 . 2600) MSIE: Internet Explorer v7 . 00 (7 . 00 . 6000 . 16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss . exe C:\WINDOWS\system32\winlogon . exe C:\WINDOWS\system32\services . exe C:\WINDOWS\system32\lsass . exe C:\WINDOWS\system32\svchost . exe C:\Program Files\DisplayLink Core Software\DisplayLinkService . exe C:\WINDOWS\System32\svchost . exe C:\WINDOWS\system32\svchost . exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice . exe C:\Program Files\Alwil Software\Avast4\aswUpdSv . exe C:\Program Files\Alwil Software\Avast4\ashServ . exe C:\Program Files\DisplayLink Core Software\DisplayLinkManager . exe C:\Program Files\DisplayLink Core Software\DisplayLinkUI . exe C:\WINDOWS\system32\spoolsv . exe C:\Program Files\Netropa\Multimedia Keyboard\nhksrv . exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService . exe C:\Program Files\Bonjour\mDNSResponder . exe C:\WINDOWS\system32\CTsvcCDA . exe C:\WINDOWS\system32\svchost . exe C:\WINDOWS\System32\svchost . exe C:\WINDOWS\System32\svchost . exe C:\WINDOWS\System32\svchost . exe C:\Program Files\Thomson\ST330\diagnostics\diagnostics . exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag . exe C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd . exe C:\Program Files\HP\HP Software Update\HPWuSchd2 . exe C:\WINDOWS\system32\devldr32 . exe C:\Program Files\iTunes\iTunesHelper . exe C:\Program Files\Messenger\msmsgs . exe C:\Program Files\Netropa\Multimedia Keyboard\TrayMon . exe C:\WINDOWS\system32\ctfmon . exe C:\Program Files\Netropa\Onscreen Display\OSD . exe C:\Program Files\Creative\MediaSource\Detector\CTDetect . exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU . exe D:\LiveUpdate . exe C:\Program Files\Hp\Digital Imaging\bin\hpqtra08 . exe C:\Program Files\Nikon\PictureProject\NkbMonitor . exe C:\Program Files\WiFiConnector\NintendoWFCReg . exe C:\Program Files\Alwil Software\Avast4\ashMaiSv . exe C:\Program Files\Alwil Software\Avast4\ashWebSv . exe C:\Program Files\iPod\bin\iPodService . exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08 . exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08 . exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01 . exe C:\WINDOWS\explorer . exe C:\Program Files\Trend Micro\HijackThis\HijackThis . exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN . com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN . com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt . dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt . dll O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer . dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5 . 0\Reader\ActiveX\AcroIEHelper . ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1 . 6 . 0_03\bin\ssv . dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO . dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt . dll O4 - HKLM\ . . \Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx . exe O4 - HKLM\ . . \Run: [diagnostics] "C:\Program Files\Thomson\ST330\diagnostics\diagnostics . exe" /icon -l:en O4 - HKLM\ . . \Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag . exe" /icon O4 - HKLM\ . . \Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd . exe O4 - HKLM\ . . \Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI . ACE\cli . exe" runtime -Delay O4 - HKLM\ . . \Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2 . exe O4 - HKLM\ . . \Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon . exe O4 - HKLM\ . . \Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper . exe" O4 - HKLM\ . . \Run: [TrojanScanner] D:\Trojan Remover\Trjscan . exe O4 - HKCU\ . . \Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs . exe" /background O4 - HKCU\ . . \Run: [ctfmon . exe] C:\WINDOWS\system32\ctfmon . exe O4 - HKCU\ . . \Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect . exe" /R O4 - HKCU\ . . \Run: [CTSyncU . exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU . exe" O4 - HKCU\ . . \Run: [BTCLiveUpdate] "D:\LiveUpdate . exe" /autostart O4 - Global Startup: HP Digital Imaging Monitor . lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08 . exe O4 - Global Startup: NkbMonitor . exe . lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor . exe O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool . lnk = C:\Program Files\WiFiConnector\NintendoWFCReg . exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL . EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1 . 6 . 0_03\bin\ssv . dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1 . 6 . 0_03\bin\ssv . dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR . DLL O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO . dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw . dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw . dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag . exe O9 - Extra 'Tools' menuitem: @xpsp3res . dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag . exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O12 - Plugin for . spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox . dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\ Yahoo! \Common\yinsthelper . dll O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - . www2 . hp . com/ediags/dd/ . . . osticsxp2k . cab" target="_blank">h20264 . www2 . hp . com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - . update . microsoft . com/wind . . . ?1195521811593" target="_blank">www . update . microsoft . com O16 - DPF: {E1E73B44-2D20-47A9-9CA2-B534CEBBF856} (F-Secure Health Check 1 . 0) - . f-secure . com/enu/home . . . fshc/fscax . cab" target="_blank">support . f-secure . com O17 - HKLM\System\CCS\Services\Tcpip\ . . \{04EAEDE1-039A-497A-8642-263E76935EFA}: NameServer = 194 . 168 . 4 . 100 194 . 168 . 8 . 100 O17 - HKLM\System\CS1\Services\Tcpip\ . . \{04EAEDE1-039A-497A-8642-263E76935EFA}: NameServer = 194 . 168 . 4 . 100 194 . 168 . 8 . 100 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice . exe O23 - Service: Apple Mobile Device - Apple, Inc . - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService . exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv . exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ . exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv . exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv . exe O23 - Service: ##Id_String1 . 6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc . - C:\Program Files\Bonjour\mDNSResponder . exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA . exe O23 - Service: DisplayLink Service (DisplayLinkService) - DisplayLink Corp . - C:\Program Files\DisplayLink Core Software\DisplayLinkService . exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd . - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService . exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService . exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT . exe O23 - Service: iPod Service - Apple Inc . - C:\Program Files\iPod\bin\iPodService . exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv . exe O23 - Service: SpeedTouch 330 Manager (st330service) - THOMSON Telecom Belgium - (no file) O23 - Service: stllssvr - MicroVision Development, Inc . - C:\Program Files\Common Files\SureThing Shared\stllssvr . exe -- End of file - 9714 bytes	midge (13599)
658032	2008-04-23 23:14:00	Ok . Just this lone one to remove . . Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions . It's IMPORTANT to carry out the instructions in the sequence listed below . 1 . Close any open browsers . 2 . Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix . Open *notepad* and copy/paste the text in the quotebox below into it: Killall:: File:: C:\WINDOWS\gfact . ini Save this as CFScript . txt, in the same location as ComboFix . exe which is on the Desktop . . pandora . be/bluepatchy/miekiemoes/images/CFScript . gif" target="_blank">users . pandora . be Refering to the picture above, drag CFScript . txt into ComboFix . exe When finished, it shall produce a log for you at C:\ComboFix . txt Please copy and paste the ComboFix . txt along with a fresh HijackThis log in your next reply please . *Note: Do not mouseclick combofix's window whilst it's running . That may cause it to stall . Altering this script in any way could damage your compter*	Pancake (6359)
658033	2008-04-28 15:47:00	ComboFix 08-04-27 . 3 - Ken 2008-04-28 15:39:01 . 5 - NTFSx86 Microsoft Windows XP Professional 5 . 1 . 2600 . 2 . 1252 . 1 . 1033 . 18 . 225 [GMT 1:00] Running from: D:\ComboFix . exe Command switches used :: C:\Documents and Settings\Ken\Desktop\CFScript . txt * Created a new restore point FILE :: C:\WINDOWS\gfact . ini . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\gfact . ini . ((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-28 ))))))))))))))))))))))))))))))) . 2008-04-25 12:38 . 2002-01-17 11:48 36,864 --a------ C:\WINDOWS\system32\CNMCP45 . EXE 2008-04-23 14:27 . 2008-04-23 14:30 <DIR> d-------- C:\Program Files\GTA Vice City - Deluxe 2008-04-22 15:03 . 2008-04-22 15:05 <DIR> d-------- C:\Documents and Settings\Ken\Application Data\GetRightToGo 2008-04-21 18:07 . 2008-04-21 18:07 <DIR> d-------- C:\Program Files\Apple Software Update 2008-04-18 10:02 . 2008-04-18 10:02 <DIR> d-------- C:\Program Files\Universal Interactive 2008-04-17 20:00 . 2008-04-17 20:00 <DIR> d-------- C:\VundoFix Backups 2008-04-17 19:49 . 2008-04-17 19:49 <DIR> d-------- C:\pf1 p`cake 2008-04-16 09:59 . 2008-04-28 15:21 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\NtUser . da t . LOG 2008-04-14 10:13 . 2008-04-14 10:13 <DIR> d-------- C:\kav 2008-04-11 22:21 . 2008-04-11 22:21 <DIR> d-------- C:\WINDOWS\TSdesktoptoy 2008-04-11 22:21 . 2008-04-11 22:21 171,520 --a------ C:\WINDOWS\system32\cncs32 . dll 2008-04-11 16:36 . 2008-04-11 16:36 <DIR> d-------- C:\Program Files\Fox 2008-04-10 23:00 . 2008-04-10 23:00 <DIR> d-------- C:\Documents and Settings\Ken\Application Data\Simply Super Software 2008-04-10 23:00 . 2008-04-10 23:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software 2008-04-10 23:00 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36 . dll 2008-04-10 23:00 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3 . dll 2008-04-10 23:00 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26 . dll 2008-04-10 23:00 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2 . dll 2008-04-10 23:00 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet . dll 2008-04-09 16:53 . 2008-04-09 16:53 <DIR> d-------- C:\Program Files\ Yahoo! 2008-04-09 16:53 . 2008-04-09 16:53 <DIR> d-------- C:\Program Files\CCleaner 2008-04-09 12:32 . 2008-04-09 12:32 <DIR> d-------- C:\Program Files\Trend Micro 2008-04-09 11:40 . 2008-04-09 11:40 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-04-09 11:40 . 2008-04-09 11:40 <DIR> d-------- C:\Documents and Settings\Ken\Application Data\Malwarebytes 2008-04-09 11:40 . 2008-04-09 11:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-04-09 11:38 . 2008-04-09 11:38 <DIR> d-------- C:\Program Files\Common Files\Download Manager 2008-04-07 18:15 . 2008-04-07 18:16 <DIR> d-------- C:\Program Files\iTunes 2008-04-07 18:15 . 2008-04-07 18:15 <DIR> d-------- C:\Program Files\iPod 2008-04-07 17:49 . 2008-04-07 17:49 0 --a------ C:\WINDOWS\nsreg . dat 2008-04-05 12:01 . 2007-09-05 23:22 289,144 --------- C:\WINDOWS\system32\VCCLSID . exe 2008-04-05 12:01 . 2006-04-27 16:49 288,417 --------- C:\WINDOWS\system32\SrchSTS . exe 2008-04-05 12:01 . 2008-03-01 23:12 86,016 --------- C:\WINDOWS\system32\VACFix . exe 2008-04-05 12:01 . 2008-03-05 22:29 82,432 --------- C:\WINDOWS\system32\IEDFix . exe 2008-04-05 12:01 . 2003-06-05 20:13 53,248 --------- C:\WINDOWS\system32\Process . exe 2008-04-05 12:01 . 2004-07-31 17:50 51,200 --------- C:\WINDOWS\system32\dumphive . exe 2008-04-05 12:01 . 2007-10-03 23:36 25,600 --------- C:\WINDOWS\system32\WS2Fix . exe 2008-04-02 22:27 . 2008-04-02 22:27 <DIR> d-------- C:\Program Files\DisplayLink Core Software 2008-04-02 22:27 . 2008-04-02 22:27 <DIR> d-------- C:\Program Files\Acer Monitor 2008-03-30 18:10 . 2008-03-30 18:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WEBREG 2008-03-30 18:03 . 2008-03-30 18:22 <DIR> d-------- C:\Documents and Settings\Ken\Application Data\HP 2008-03-30 17:59 . 2008-03-30 17:59 <DIR> d-------- C:\Program Files\Hewlett-Packard 2008-03-30 17:59 . 2008-03-30 17:59 <DIR> d-------- C:\Program Files\Common Files\HP 2008-03-30 17:59 . 2008-03-30 17:59 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard 2008-03-30 17:59 . 2008-03-30 17:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant 2008-03-30 17:59 . 2008-03-30 18:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP 2008-03-30 17:56 . 2008-03-30 18:10 164,924 --------- C:\WINDOWS\hpoins21 . dat 2008-03-30 17:56 . 2008-02-15 04:41 7,262 --------- C:\WINDOWS\hpomdl21 . dat 2008-03-30 17:46 . 2008-03-30 17:46 <DIR> d-------- C:\WINDOWS\Downloaded Installations 2008-03-30 17:46 . 2008-03-30 17:49 <DIR> d-------- C:\temp\FixEngine 2008-03-30 17:46 . 2008-03-30 17:46 <DIR> d-------- C:\temp 2008-03-30 17:46 . 2008-03-30 18:06 <DIR> d-------- C:\Program Files\Hp 2008-03-30 14:44 . 2008-03-30 14:44 <DIR> d-------- C:\Program Files\Roxio 2008-03-30 14:44 . 2008-03-30 14:44 <DIR> d-------- C:\Program Files\Common Files\SureThing Shared 2008-03-29 11:43 . 2008-03-29 11:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard 2008-03-29 11:43 . 2007-03-08 05:20 49,920 -r------- C:\WINDOWS\system32\drivers\HPZid412 . sys 2008-03-29 11:43 . 2007-03-08 05:20 16,496 -r------- C:\WINDOWS\system32\drivers\HPZipr12 . sys 2008-03-29 11:42 . 2007-05-02 09:56 954,368 -r------- C:\WINDOWS\system32\hpotiop5 . dll 2008-03-29 11:42 . 2007-05-02 10:01 675,840 -r------- C:\WINDOWS\system32\hpowiax5 . dll 2008-03-29 11:42 . 2007-03-08 05:20 364,544 -r------- C:\WINDOWS\system32\hppldcoi . dll 2008-03-29 11:42 . 2007-03-08 05:20 309,760 -r------- C:\WINDOWS\system32\difxapi . dll 2008-03-29 11:42 . 2007-05-02 10:00 303,104 -r------- C:\WINDOWS\system32\hpovst12 . dll 2008-03-29 11:42 . 2007-05-02 11:03 267,864 -r------- C:\WINDOWS\system32\hpzids01 . dll 2008-03-29 11:42 . 2007-03-15 16:32 118,272 --------- C:\WINDOWS\system32\hpz3l5ha . dll 2008-03-29 11:42 . 2007-03-08 05:20 21,568 -r------- C:\WINDOWS\system32\drivers\HPZius12 . sys 2008-03-29 11:42 . 2004-08-03 23:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan . sys 2008-03-29 11:42 . 2004-08-03 23:58 15,104 -----c--- C:\WINDOWS\system32\dllcache\usbscan . sys 2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR . qtx 2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime . qts 2008-03-28 21:01 . 2008-04-25 12:38 <DIR> d--h----- C:\BJPrinter . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2008-04-28 14:10 --------- d-----w C:\Documents and Settings\Ken\Application Data\BitTorrent 2008-04-22 19:37 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec . DAT 2008-04-21 19:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2008-04-18 09:05 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-16 13:06 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-04-10 21:43 --------- d-----w C:\Documents and Settings\Ken\Application Data\DNA 2008-04-07 17:14 --------- d-----w C:\Program Files\QuickTime 2008-04-04 16:46 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-04-03 21:59 --------- d-----w C:\Program Files\Dobermann 2008-04-03 19:11 --------- d-----w C:\Program Files\Google 2008-03-30 13:07 --------- d-----w C:\Documents and Settings\Ken\Application Data\CheckPoint 2008-03-25 19:55 --------- d-----w C:\Program Files\WinXMedia 2008-03-24 15:04 --------- d-----w C:\Program Files\DNA 2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k . sys 2008-03-16 05:57 --------- d-----w C:\Documents and Settings\Ken\Application Data\Tibia 2008-03-16 05:56 --------- d-----w C:\Program Files\Tibia 2008-03-11 18:34 --------- d-----w C:\Program Files\WiFiConnector 2008-03-07 16:02 --------- d-----w C:\Program Files\KONAMI 2008-03-07 13:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\ Spybot - Search & Destroy 2008-03-06 13:04 2,864 ----a-w C:\WINDOWS\system32\winsock . dll 2008-03-03 12:03 --------- d-----w C:\Documents and Settings\Main\Application Data\ATI 2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet . dll 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32 . dll 2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr . dll 2008-02-09 18:47 2,368 ------w C:\WINDOWS\system32\SVKP . sys 2008-01-31 22:11 524,288 ------w C:\WINDOWS\system32\DivXsm . exe 2008-01-31 22:11 3,596,288 ------w C:\WINDOWS\system32\qt-dx331 . dll 2008-01-31 22:10 200,704 ------w C:\WINDOWS\system32\ssldivx . dll 2008-01-31 22:10 1,044,480 ------w C:\WINDOWS\system32\libdivx . dll 2008-01-29 11:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi . dll 2003-10-23 17:52 40,960 ------w C:\Program Files\Uninstall_CDS . exe . ((((((((((((((((((((((((((((( snapshot_2008-04-28_15 . 23 . 40 . 53 ))))))))))))))))))))))))))))))))))))))))) . - 2008-04-28 08:07:05 2,048 --s-a-w C:\WINDOWS\bootstat . dat + 2008-04-28 14:41:49 2,048 --s-a-w C:\WINDOWS\bootstat . dat - 2008-04-28 08:11:39 60,740 ----a-w C:\WINDOWS\system32\perfc009 . dat + 2008-04-28 14:29:43 60,740 ----a-w C:\WINDOWS\system32\perfc009 . dat - 2008-04-28 08:11:39 400,772 ----a-w C:\WINDOWS\system32\perfh009 . dat + 2008-04-28 14:29:43 400,772 ----a-w C:\WINDOWS\system32\perfh009 . dat - 2008-04-28 08:07:19 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_610 . dat + 2008-04-28 14:42:04 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_610 . dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}] 2007-11-06 01:50 542016 --------- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO . dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs . exe" [2004-10-13 17:24 1694208] "ctfmon . exe"="C:\WINDOWS\system32\ctfmon . exe" [2004-08-04 01:56 15360] "Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect . exe" [2004-12-02 19:23 102400] "CTSyncU . exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU . exe" [2007-07-17 12:03 868352] "BTCLiveUpdate"="D:\LiveUpdate . exe" [2004-03-08 13:50 430080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx . exe" [2004-07-10 22:10 339968] "diagnostics"="C:\Program Files\Thomson\ST330\diagnostics\diagnostics . exe" [2007-11-22 23:08 557149] "SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag . exe" [2007-06-11 08:06 901120] "MULTIMEDIA KEYBOARD"="C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd . exe" [2002-06-19 10:50 180224] "ATICCC"="C:\Program Files\ATI Technologies\ATI . ACE\cli . exe" [2006-01-02 17:41 45056] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2 . exe" [2007-10-14 21:17 49152] "hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon . exe" [2007-08-22 16:31 80896] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper . exe" [2008-03-30 10:36 267048] "TrojanScanner"="D:\Trojan Remover\Trjscan . exe" [2008-04-07 19:51 873040] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor . lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqtra08 . exe [2007-10-14 20:38:52 214360] NkbMonitor . exe . lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor . exe [2007-12-31 13:11:51 118784] Run Nintendo Wi-Fi USB Connector Registration Tool . lnk - C:\Program Files\WiFiConnector\NintendoWFCReg . exe [2008-03-11 19:34:07 1073152] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"= ctwdm32 . dll "msacm . ac3filter"= ac3filter . acm [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr . exe"= "%windir%\\Network Diagnostic\\xpnetdiag . exe"= "C:\\Program Files\\Thomson\\ST330\\service\\st330service . exe"= "C:\\Program Files\\Messenger\\msmsgs . exe"= "C:\\Program Files\\BitTorrent\\bittorrent . exe"= "C:\\Program Files\\Bonjour\\mDNSResponder . exe"= "C:\\Program Files\\DNA\\btdna . exe"= "D:\\BitTorrent\\bittorrent . exe"= "C:\\Program Files\\WiFiConnector\\NintendoWFCReg . exe"= "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08 . exe"= "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08 . exe"= "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxm08 . exe"= "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hposfx08 . exe"= "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01 . exe"= "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpzwiz01 . exe"= "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpoews01 . exe"= "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpiscnapp . exe"= "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp . exe"= "C:\\Program Files\\iTunes\\iTunes . exe"= "C:\\Westwood\\RA2\\game . exe"= "C:\\kav\\kav7 . 0\\english\\setup . exe"= "C:\\Westwood\\SUN\\GAME . ICD"= "C:\\Westwood\\RA2\\gamemd . exe"= "C:\\Westwood\\RA2\\patchgetmd . dat"= R0 si3112r;Silicon Image SiI 3512 SATARaid Controller;C:\WINDOWS\system32\drivers\si3112r . sys [2007-08-29 04:04] R0 SiWinAcc;SiWinAcc;C:\WINDOWS\system32\drivers\SiWi nAcc . sys [2007-08-29 04:04] R1 aswSP; avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP . sys [2008-03-29 18:31] R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\msikbd2k . sys [2001-12-20 09:02] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswF sBlk . sys [2008-03-29 18:35] R2 DisplayLinkService;DisplayLink Service;"C:\Program Files\DisplayLink Core Software\DisplayLinkService . exe" [2007-12-13 10:28] R2 nhksrv;Netropa NHK Server;C:\Program Files\Netropa\Multimedia Keyboard\nhksrv . exe [2001-08-06 06:41] R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP . sys [2008-02-09 19:47] R3 DisplayLinkmirror;DisplayLinkmirror;C:\WINDOWS\sys tem32\DRIVERS\DisplayLinkmirrorport . sys [2007-03-09 12:16] S2 PPSCAN;PPSCAN;C:\WINDOWS\system32\drivers\PPSCAN . s ys [2002-03-29 15:58] S3 ST330;ST330;C:\WINDOWS\system32\drivers\st330 . sys [2007-11-22 22:32] S3 STBUS;STBUS;C:\WINDOWS\system32\drivers\stbus . sys [2007-11-22 22:32] S3 STETH;SpeedTouch Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\steth . sys [2007-11-22 22:32] S3 stppp;Speedtouch PPP Adapter Adapter;C:\WINDOWS\system32\DRIVERS\stppp . sys [2007-11-22 22:58] S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus . sys [2006-10-24 15:10] S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl . sys [2006-10-24 15:11] S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm . sys [2006-10-24 15:11] S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt . sys [2006-10-24 15:12] S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex . sys [2006-10-24 15:12] S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus . sys [2005-12-28 13:46] S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl . sys [2005-12-28 13:47] S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm . sys [2005-12-28 13:47] S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt . sys [2005-12-28 13:48] S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex . sys [2005-12-28 13:49] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder "2008-04-21 19:48:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate . job" - C:\Program Files\Apple Software Update\SoftwareUpdate . exe "2008-04-25 17:55:00 C:\WINDOWS\Tasks\backup . job" - C:\WINDOWS\system32\ntbackup . exeŠbackup . ************************************************** ************************ catchme 0 . 3 . 1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www . gmer . net Rootkit scan 2008-04-28 15:42:23 Windows 5 . 1 . 2600 Service Pack 2 NTFS scanning hidden processes . . . scanning hidden autostart entries . . . scanning hidden files . . . scan completed successfully hidden files: 0 ************************************************** ************************ . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice . exe C:\Program Files\Alwil Software\Avast4\aswUpdSv . exe C:\Program Files\Alwil Software\Avast4\ashServ . exe C:\Program Files\DisplayLink Core Software\DisplayLinkManager . exe C:\Program Files\DisplayLink Core Software\DisplayLinkUI . exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService . exe C:\Program Files\Bonjour\mDNSResponder . exe C:\WINDOWS\system32\CTSVCCDA . EXE C:\WINDOWS\system32\devldr32 . exe C:\Program Files\Netropa\Multimedia Keyboard\Traymon . exe C:\Program Files\Netropa\Onscreen Display\osd . exe C:\Program Files\Alwil Software\Avast4\ashMaiSv . exe C:\Program Files\Alwil Software\Avast4\ashWebSv . exe C:\Program Files\iPod\bin\iPodService . exe C:\Program Files\Hp\Digital Imaging\bin\hpqste08 . exe C:\Program Files\Hp\Digital Imaging\bin\hpqbam08 . exe C:\Program Files\Hp\Digital Imaging\bin\hpqgpc01 . exe . ************************************************** ************************ . Completion time: 2008-04-28 15:46:14 - machine was rebooted [Ken] ComboFix-quarantined-files . txt 2008-04-28 14:46:10 ComboFix2 . txt 2008-04-28 14:24:01 ComboFix3 . txt 2008-04-16 10:28:51 Pre-Run: 4,514,295,808 bytes free Post-Run: 4,501,929,984 bytes free 257 --- E O F --- 2008-04-11 12:55:13 and here`s the HJT log Logfile of Trend Micro HijackThis v2 . 0 . 2 Scan saved at 15:51, on 2008-04-28 Platform: Windows XP SP2 (WinNT 5 . 01 . 2600) MSIE: Internet Explorer v7 . 00 (7 . 00 . 6000 . 16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss . exe C:\WINDOWS\system32\winlogon . exe C:\WINDOWS\system32\services . exe C:\WINDOWS\system32\savedump . exe C:\WINDOWS\system32\lsass . exe C:\WINDOWS\system32\svchost . exe C:\Program Files\DisplayLink Core Software\DisplayLinkService . exe C:\WINDOWS\System32\svchost . exe C:\WINDOWS\system32\svchost . exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice . exe C:\Program Files\Alwil Software\Avast4\aswUpdSv . exe C:\Program Files\Alwil Software\Avast4\ashServ . exe C:\WINDOWS\system32\spoolsv . exe C:\Program Files\Netropa\Multimedia Keyboard\nhksrv . exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService . exe C:\Program Files\Bonjour\mDNSResponder . exe C:\WINDOWS\system32\CTsvcCDA . exe C:\WINDOWS\system32\svchost . exe C:\WINDOWS\System32\svchost . exe C:\WINDOWS\System32\svchost . exe C:\WINDOWS\System32\svchost . exe C:\WINDOWS\Explorer . EXE C:\Program Files\DisplayLink Core Software\DisplayLinkManager . exe C:\Program Files\DisplayLink Core Software\DisplayLinkUI . exe C:\Program Files\Thomson\ST330\diagnostics\diagnostics . exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag . exe C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd . exe C:\Program Files\HP\HP Software Update\HPWuSchd2 . exe C:\WINDOWS\system32\devldr32 . exe C:\Program Files\iTunes\iTunesHelper . exe C:\Program Files\Netropa\Multimedia Keyboard\TrayMon . exe C:\Program Files\Netropa\Onscreen Display\OSD . exe C:\Program Files\Messenger\msmsgs . exe C:\WINDOWS\system32\ctfmon . exe C:\Program Files\Creative\MediaSource\Detector\CTDetect . exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU . exe D:\LiveUpdate . exe C:\Program Files\Hp\Digital Imaging\bin\hpqtra08 . exe C:\Program Files\Nikon\PictureProject\NkbMonitor . exe C:\Program Files\WiFiConnector\NintendoWFCReg . exe C:\WINDOWS\system32\wuauclt . exe C:\Program Files\Alwil Software\Avast4\ashMaiSv . exe C:\Program Files\Alwil Software\Avast4\ashWebSv . exe C:\Program Files\iPod\bin\iPodService . exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08 . exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08 . exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01 . exe C:\Program Files\Mozilla Firefox\firefox . exe C:\WINDOWS\Explorer . EXE C:\Program Files\Trend Micro\HijackThis\HijackThis . exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google . co . uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = . microsoft . com/fwlink/?LinkId=69157" target="_blank">go . microsoft . com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = . microsoft . com/fwlink/?LinkId=54896" target="_blank">go . microsoft . com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = . microsoft . com/fwlink/?LinkId=54896" target="_blank">go . microsoft . com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = . microsoft . com/fwlink/?LinkId=69157" target="_blank">go . microsoft . com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt . dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt . dll O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer . dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5 . 0\Reader\ActiveX\AcroIEHelper . ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1 . 6 . 0_03\bin\ssv . dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO . dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt . dll O4 - HKLM\ . . \Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx . exe O4 - HKLM\ . . \Run: [diagnostics] "C:\Program Files\Thomson\ST330\diagnostics\diagnostics . exe" /icon -l:en O4 - HKLM\ . . \Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag . exe" /icon O4 - HKLM\ . . \Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd . exe O4 - HKLM\ . . \Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI . ACE\cli . exe" runtime -Delay O4 - HKLM\ . . \Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2 . exe O4 - HKLM\ . . \Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon . exe O4 - HKLM\ . . \Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper . exe" O4 - HKLM\ . . \Run: [TrojanScanner] D:\Trojan Remover\Trjscan . exe O4 - HKCU\ . . \Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs . exe" /background O4 - HKCU\ . . \Run: [ctfmon . exe] C:\WINDOWS\system32\ctfmon . exe O4 - HKCU\ . . \Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect . exe" /R O4 - HKCU\ . . \Run: [CTSyncU . exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU . exe" O4 - HKCU\ . . \Run: [BTCLiveUpdate] "D:\LiveUpdate . exe" /autostart O4 - Global Startup: HP Digital Imaging Monitor . lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08 . exe O4 - Global Startup: NkbMonitor . exe . lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor . exe O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool . lnk = C:\Program Files\WiFiConnector\NintendoWFCReg . exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL . EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1 . 6 . 0_03\bin\ssv . dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1 . 6 . 0_03\bin\ssv . dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR . DLL O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO . dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw . dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw . dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag . exe O9 - Extra 'Tools' menuitem: @xpsp3res . dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag . exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O12 - Plugin for . spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox . dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\ Yahoo! \Common\yinsthelper . dll O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - . www2 . hp . com/ediags/dd/install/HPDriverDiagnosticsxp2k . cab" target="_blank">h20264 . www2 . hp . com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - . update . microsoft . com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site . cab?1195521811593" target="_blank">www . update . microsoft . com O16 - DPF: {E1E73B44-2D20-47A9-9CA2-B534CEBBF856} (F-Secure Health Check 1 . 0) - . f-secure . com/enu/home/onlineservices/fshc/fscax . cab" target="_blank">support . f-secure . com O17 - HKLM\System\CCS\Services\Tcpip\ . . \{04EAEDE1-039A-497A-8642-263E76935EFA}: NameServer = 194 . 168 . 4 . 100 194 . 168 . 8 . 100 O17 - HKLM\System\CS1\Services\Tcpip\ . . \{04EAEDE1-039A-497A-8642-263E76935EFA}: NameServer = 194 . 168 . 4 . 100 194 . 168 . 8 . 100 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice . exe O23 - Service: Apple Mobile Device - Apple, Inc . - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService . exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv . exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ . exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv . exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv . exe O23 - Service: ##Id_String1 . 6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc . - C:\Program Files\Bonjour\mDNSResponder . exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA . exe O23 - Service: DisplayLink Service (DisplayLinkService) - DisplayLink Corp . - C:\Program Files\DisplayLink Core Software\DisplayLinkService . exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd . - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService . exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService . exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT . exe O23 - Service: iPod Service - Apple Inc . - C:\Program Files\iPod\bin\iPodService . exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv . exe O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC . EXE (file missing) O23 - Service: SpeedTouch 330 Manager (st330service) - THOMSON Telecom Belgium - (no file) O23 - Service: stllssvr - MicroVision Development, Inc . - C:\Program Files\Common Files\SureThing Shared\stllssvr . exe -- End of file - 9940 bytes	midge (13599)
1 2 3