OK WELL THANKS GUYS IM SURE U HAVE ALOT TO DO
SO I TOOK IT ON MYSELF TO TRY TO CLEAN UP MY MESS
BUT IF U DO GET THE TIME PLEAST TAKE A LOOK AT MY NEW HIJACKTHIS LOG
AND MY NEW COMBO FIX LOG PLEASE LET ME KNOW IF I GOT EVERYTHING
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:33:41 AM, on 1/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://us10.hpwis.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://srch-us10.hpwis.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://srch-us10.hpwis.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://srch-us10.hpwis.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://srch-us10.hpwis.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 72.247.80.29 www22.verizon.com
O1 - Hosts: 199.244.218.42 www.capitalone.com
O1 - Hosts: 66.135.208.101 pages.ebay.com
O1 - Hosts: 205.188.138.25 groups.aol.com
O1 - Hosts: 216.109.118.82 us.rd.yahoo.com
O1 - Hosts: 208.178.227.123 www.paymybill.com
O1 - Hosts: 65.54.150.19 moneycentral.msn.com
O1 - Hosts: 207.46.250.101 go.microsoft.com
O1 - Hosts: 205.188.102.12 www.aol.com
O1 - Hosts: 149.174.32.135 www.compuserve.com
O1 - Hosts: 207.217.125.95 www.earthlink.com
O1 - Hosts: 66.45.29.10 www.broadbandcompass.com
O1 - Hosts: 17.149.156.10 store.apple.com
O1 - Hosts: 217.116.231.72 www.cam4.com
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\ScanSoft\NaturallySpeaking8\Program\ereg.exe" -r "C:\Program Files\ScanSoft\NaturallySpeaking8\Program\ereg.ini"
O4 - HKLM\..\Run: [XFILTER] "C:\Program Files\Filseclab\xfilter\xfilter.exe" -a
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [RestartNeroSetup] "K:\CDS\Nero\Installation\SetupX.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} -
http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: *.acehardware-acenet.com
O15 - Trusted Zone: *.acehardware-aceonline.com
O15 - Trusted Zone: *.acehardware-eaglevision.com
O15 - Trusted Zone: *.acehardware-vendors.com
O15 - Trusted Zone: *.aceservices.com
O15 - Trusted Zone: *.acehardware-acenet.com (HKLM)
O15 - Trusted Zone: *.acehardware-aceonline.com (HKLM)
O15 - Trusted Zone: *.acehardware-eaglevision.com (HKLM)
O15 - Trusted Zone: *.acehardware-vendors.com (HKLM)
O15 - Trusted Zone: *.aceservices.com (HKLM)
O16 - DPF: AceIESecuritySettings -
http://ww2.acehardwa...itySettings.CABO16 - DPF: {24B8CB65-C0D2-11D0-A523-444553540000} (AceExplorer Control) -
http://ww1.acehardwa...xpl/AceExpl.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {41F841C0-AE16-11D5-8817-0050DA6EF5E5} (FarPoint Spread 6.0 (OLEDB)) -
http://ww1.acehardwa...t60/fpspr60.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.micros...b?1175264782406O16 - DPF: {88D8E8B7-A33B-4417-A385-8373484D43ED} (InstallHelper Class) - file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ThereInstallHelper.dll
O16 - DPF: {8B486EF6-6B2A-4A1E-BB0D-236CB2DBB8D2} (There Voice Trainer) - file://c:\Program Files\There\ThereClient\ThereVoiceTrainer.dll
O16 - DPF: {8BF1A503-001F-11D0-A296-00A0246497B9} (ACENET Control) -
http://ww1.acehardwa...ENET/ACECTL.CABO16 - DPF: {AAF421E6-7914-430A-9981-72B31AFF3BF4} (There Launcher) - file://c:\Program Files\There\ThereClient\ThereLauncher.dll
O16 - DPF: {C903C000-9C6E-419D-A0AC-2E760BBA3764} (MCSiMenuCtl Class) -
http://ww1.acehardwa...Si/McsiMenu.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{1666EDA4-ADE6-491B-83E0-DA076FB36449}: NameServer = 69.43.32.27 66.118.64.1
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
--
End of file - 8983 bytes
ComboFix 08-01-14.4 - Administrator 2008-01-15 8:39:11.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.672 [GMT -5:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2007-12-15 to 2008-01-15 )))))))))))))))))))))))))))))))
.
2008-01-14 20:19 . 2008-01-14 21:44 <DIR> d-------- C:\WINDOWS\CAVTemp
2008-01-14 20:13 . 2008-01-14 20:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-14 20:12 . 2008-01-14 20:45 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-14 20:12 . 2008-01-14 20:12 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-14 20:12 . 2008-01-14 20:12 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-01-14 18:31 . 2008-01-14 18:31 <DIR> d-------- C:\VundoFix Backups
2008-01-14 14:32 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-14 09:56 . 2008-01-14 09:56 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-12 22:27 . 2007-07-31 12:50 879,784 --a------ C:\WINDOWS\system32\drivers\vetefile.sys
2008-01-12 22:27 . 2007-07-31 12:50 108,312 --a------ C:\WINDOWS\system32\drivers\veteboot.sys
2008-01-12 22:27 . 2008-01-13 20:38 91,400 --a------ C:\WINDOWS\system32\isafprod.dll
2008-01-12 22:27 . 2008-01-13 20:38 32,264 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
2008-01-12 22:27 . 2008-01-13 20:38 26,376 --a------ C:\WINDOWS\system32\drivers\vet-filt.sys
2008-01-12 22:27 . 2008-01-13 20:38 21,512 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys
2008-01-12 22:27 . 2008-01-13 20:38 21,128 --a------ C:\WINDOWS\system32\drivers\vet-rec.sys
2008-01-12 22:15 . 2008-01-13 20:52 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-01-12 22:14 . 2008-01-12 22:27 <DIR> d-------- C:\Program Files\CA
2008-01-12 22:14 . 2008-01-12 22:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CA
2008-01-12 22:14 . 2007-07-31 12:50 99,592 --a------ C:\WINDOWS\system32\isafeif.dll
2008-01-12 22:14 . 2007-07-31 12:50 79,424 --a------ C:\WINDOWS\system32\vetredir.dll
2008-01-10 21:00 . 2008-01-10 21:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intuit
2008-01-10 20:50 . 2008-01-10 20:50 <DIR> d-------- C:\Program Files\Common Files\AnswerWorks 4.0
2008-01-10 20:42 . 2008-01-10 20:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Intuit
2008-01-10 20:31 . 2008-01-10 20:31 <DIR> d-------- C:\Program Files\TurboTax
2008-01-10 20:29 . 2008-01-10 20:29 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-01-04 09:39 . 2008-01-14 13:47 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2008-01-02 19:09 . 2008-01-02 19:21 150 --a------ C:\Documents and Settings\Administrator\Application Data\wklnhst.dat
2008-01-01 19:55 . 2008-01-01 19:55 <DIR> d-------- C:\Program Files\Groove Games
2008-01-01 19:42 . 2008-01-01 19:42 <DIR> d-------- C:\Program Files\NovaLogic
2008-01-01 03:28 . 2008-01-05 22:21 81,920 --a------ C:\WINDOWS\system32\ps2 .exe
2008-01-01 03:27 . 2008-01-05 12:49 483,328 --a------ C:\WINDOWS\system32\hphmon05 .exe
2008-01-01 03:27 . 2008-01-05 22:21 118,784 --a------ C:\WINDOWS\system32\hkcmd .exe
2008-01-01 03:27 . 2008-01-05 22:21 52,736 --a------ C:\WINDOWS\system\hpsysdrv .exe
2008-01-01 03:27 . 2008-01-06 00:46 182 --a------ C:\WINDOWS\system\hpsysdrv .DAT
2007-12-31 21:42 . 2008-01-13 22:24 <DIR> d-------- C:\WINDOWS\system32\ardCo01
2007-12-31 21:42 . 2007-12-31 21:42 <DIR> d-------- C:\TEMP\cEeer12
2007-12-31 14:23 . 2007-12-31 14:23 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-31 14:23 . 2007-12-31 14:23 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-31 11:59 . 2007-12-31 11:59 <DIR> d-------- C:\Program Files\EA Games
2007-12-31 11:59 . 2007-12-31 11:59 617 --a------ C:\WINDOWS\eReg.dat
2007-12-27 18:06 . 2007-12-27 18:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2007-12-27 18:06 . 2007-12-27 18:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MinigolfAdventures
2007-12-27 18:02 . 2007-12-27 18:37 <DIR> d-------- C:\Program Files\Samurize
2007-12-27 17:57 . 2007-12-27 19:36 <DIR> d-------- C:\Program Files\Chromadrome 2
2007-12-27 17:56 . 2007-12-27 17:56 <DIR> d-------- C:\Program Files\ReflexiveArcade
2007-12-27 17:55 . 2007-12-27 17:55 <DIR> d-------- C:\Program Files\Sierra Online
2007-12-27 17:55 . 2005-08-11 14:29 73,728 --a------ C:\WINDOWS\system32\ISUSPM.cpl
2007-12-27 17:41 . 2007-12-27 17:41 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Logitech
2007-12-27 17:40 . 2007-12-27 17:40 <DIR> d-------- C:\Program Files\Common Files\LogiShared
2007-12-27 17:39 . 2007-12-27 17:39 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-12-27 17:39 . 2007-12-27 17:39 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2007-12-27 17:38 . 2007-12-27 17:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2007-12-27 17:37 . 2007-12-27 17:37 <DIR> d-------- C:\Program Files\Logitech
2007-12-27 17:37 . 2007-12-27 17:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2007-12-27 17:37 . 2007-12-27 17:37 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InstallShield
2007-12-27 17:04 . 2007-12-27 17:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2007-12-27 17:04 . 2007-12-27 17:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2007-12-27 16:59 . 2007-12-27 17:07 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2007-12-27 16:57 . 2007-12-27 16:57 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Ahead
2007-12-27 16:55 . 2007-12-27 16:55 <DIR> d-------- C:\Program Files\Nero
2007-12-27 16:55 . 2007-12-27 16:57 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-12-27 16:55 . 2007-12-27 16:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-12-27 16:49 . 2007-12-31 14:21 <DIR> d-------- C:\MyWorks
2007-12-27 16:49 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-12-27 16:48 . 2007-12-27 16:49 <DIR> d-------- C:\Program Files\CyberLink
2007-12-23 20:23 . 2008-01-02 20:40 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\U3
2007-12-17 15:13 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-12-17 15:13 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-14 03:53 --------- d-----w C:\Program Files\QuickTime
2008-01-11 01:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-06 07:38 --------- d-----w C:\Program Files\TweakDUN
2008-01-06 07:27 --------- d-----w C:\Program Files\Multimedia Card Reader
2008-01-06 07:20 --------- d-----w C:\Program Files\iTunes
2008-01-06 03:16 158,208 ----a-w C:\WINDOWS\pchealth\helpctr\Binaries\MSConfig .exe
2008-01-05 18:07 --------- d-----w C:\Program Files\Easy Internet signup
2008-01-05 17:47 --------- d-----w C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor
2008-01-05 17:45 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-03 00:15 --------- d-----w C:\Program Files\Microsoft Works
2007-12-31 19:14 --------- d-----w C:\Program Files\Apple Software Update
2007-12-31 17:00 12,464 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-12-29 00:30 --------- d-----w C:\Program Files\ArcSoft
2007-12-27 22:54 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-27 22:38 --------- d-----w C:\Program Files\Common Files\Logitech
2007-12-27 21:53 --------- d-----w C:\Program Files\Ahead
2007-12-09 06:58 --------- d-----w C:\Program Files\Common Files\Filseclab
2007-12-09 06:56 --------- d-----w C:\Program Files\Alwil Software
2007-10-22 23:58 1,721,712 ----a-w C:\WINDOWS\system32\InetClnt.dll
.
<pre>
----a-w 53,248 2008-01-06 05:59:27 C:\hp\bin\AUTOTKIT .EXE
----a-w 61,440 2008-01-04 14:24:48 C:\hp\KBD\KBD .EXE
----a-w 335,872 2008-01-06 05:59:28 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx .exe
----a-w 234,760 2008-01-14 01:57:56 C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID .exe
----a-w 181,512 2008-01-14 01:57:53 C:\Program Files\CA\CA Internet Security Suite\cctray\cctray .exe
----a-w 155,648 2008-01-04 14:25:51 C:\Program Files\Common Files\Ahead\Lib\NeroCheck .exe
----a-w 135,214 2008-01-04 14:25:15 C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS .EXE
----a-w 151,597 2008-01-04 14:24:50 C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w 155,648 2008-01-04 14:25:03 C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate .exe
----a-w 110,592 2008-01-04 14:24:49 C:\Program Files\Common Files\Sonic\Update Manager\sgtray .exe
----a-w 56,928 2008-01-04 14:25:40 C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe
----a-w 54,832 2008-01-04 14:25:45 C:\Program Files\CyberLink\PowerDVD\Language\Language .exe
----a-w 901,120 2008-01-06 05:59:26 C:\Program Files\Filseclab\xfilter\xfilter .exe
----a-w 90,112 2008-01-04 14:24:42 C:\Program Files\HP\Digital Imaging\Unload\hpqcmon .exe
----a-w 257,088 2008-01-04 14:25:22 C:\Program Files\iTunes\iTunesHelper .exe
----a-w 24,576 2008-01-04 14:25:12 C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3 .exe
----a-w 139,264 2008-01-04 14:25:01 C:\Program Files\Multimedia Card Reader\shwicon2k .exe
----a-w 282,624 2008-01-14 01:57:06 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2008-01-14 01:53:05 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2008-01-13 04:04:28 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2008-01-13 03:30:23 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2008-01-13 03:17:20 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2008-01-12 15:02:59 C:\Program Files\QuickTime\qttask .exe
----a-w 729,088 2008-01-06 05:59:24 C:\Program Files\ScanSoft\NaturallySpeaking8\Program\ereg .exe
----a-w 720,896 2008-01-04 14:25:25 C:\Program Files\TweakDUN\tweakdun .exe
----a-w 790,528 2008-01-04 14:26:05 C:\Program Files\TweakDUN\TweakMeter .exe
----a-w 50,176 2008-01-14 03:29:04 C:\WINDOWS\eHome\ehtray .exe
----a-w 158,208 2008-01-06 03:16:41 C:\WINDOWS\pchealth\helpctr\Binaries\MSConfig .exe
----a-w 212,992 2008-01-06 10:35:19 C:\WINDOWS\SMINST\RECGUARD .EXE
----a-w 52,736 2008-01-06 03:21:24 C:\WINDOWS\system\hpsysdrv .exe
----a-w 15,360 2008-01-14 18:47:21 C:\WINDOWS\system32\ctfmon .exe
----a-w 118,784 2008-01-06 03:21:24 C:\WINDOWS\system32\hkcmd .exe
----a-w 483,328 2008-01-05 17:49:56 C:\WINDOWS\system32\hphmon05 .exe
----a-w 81,920 2008-01-06 03:21:24 C:\WINDOWS\system32\ps2 .exe
</pre>
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DNS7reminder"="C:\Program Files\ScanSoft\NaturallySpeaking8\Program\ereg.exe" [ ]
"XFILTER"="C:\Program Files\Filseclab\xfilter\xfilter.exe" [ ]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [ ]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-05 03:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2003-04-03 23:35 50176 C:\WINDOWS\ALCXMNTR.EXE]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [ ]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE" [ ]
"LTMSG"="LTMSG.exe" [2003-07-14 20:52 40960 C:\WINDOWS\ltmsg.exe]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [ ]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [ ]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [ ]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [ ]
"RestartNeroSetup"="K:\CDS\Nero\Installation\SetupX.exe" [ ]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"KBD"="C:\HP\KBD\KBD.EXE" [ ]
"CamMonitor"="c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe" [ ]
"AutoTKit"="C:\hp\bin\AUTOTKIT.EXE" [ ]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkjjki]
jkkjjki.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Product Registration.lnk]
path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Product Registration.lnk
backup=C:\WINDOWS\pss\Product Registration.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecordNow!]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TweakDUN]
C:\Program Files\TweakDUN\tweakdun.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TweakMeter]
C:\Program Files\TweakDUN\TweakMeter.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WUSB54GS]
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"navapsvc"=2 (0x2)
"WUSB54GSSVC"=2 (0x2)
"NBService"=3 (0x3)
"MDM"=2 (0x2)
"LightScribeService"=2 (0x2)
"iPod Service"=3 (0x3)
"Ati HotKey Poller"=2 (0x2)
"RichVideo"=2 (0x2)
"NMIndexingService"=3 (0x3)
"Fax"=3 (0x3)
R0 XPacket;Filseclab Packet Filter;C:\WINDOWS\system32\xpacket.sys [2006-12-23 14:01]
R2 CX23880;Conexant 23880 Video Capture;C:\WINDOWS\system32\drivers\cx88vid.sys [2003-10-14 21:44]
R2 CX88ENC;Conexant 2388x MPEG Encoder;C:\WINDOWS\system32\drivers\cx88enc.sys [2003-10-14 21:44]
R2 CX88XBAR;Conexant 2388x Crossbar Dual Input;C:\WINDOWS\system32\drivers\CX88XBARDUAL.sys [2003-10-14 21:44]
R2 CXTUNE;Conexant 2388x Tuner;C:\WINDOWS\system32\drivers\CX88TUNE.sys [2003-10-14 21:44]
S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2003-09-04 09:38]
S3 PPCtlPriv;PPCtlPriv;"C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe" [2008-01-13 20:38]
S3 pwlp;pwlp;C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pwlp.sys []
.
Contents of the 'Scheduled Tasks' folder
"2008-01-13 22:33:58 C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as Administrator at 10 28 PM.job"
- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-01-15 08:42:12
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-15 8:43:41
ComboFix-quarantined-files.txt 2008-01-15 13:43:32
ComboFix2.txt 2008-01-14 22:31:48
Edited by RKC402, 17 January 2008 - 07:51 PM.