Combofix log
ComboFix 08-02.05.3 - ptaylor 2008-02-10 9:52:34.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.449 [GMT -5:00]
Running from: C:\Documents and Settings\ptaylor\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-01-10 to 2008-02-10 )))))))))))))))))))))))))))))))
.
2008-02-09 22:33 . 2008-02-10 09:28 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-09 22:33 . 2008-02-09 22:33 <DIR> d-------- C:\Documents and Settings\ptaylor\Application Data\SUPERAntiSpyware.com
2008-02-09 22:33 . 2008-02-09 22:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-09 21:08 . 2004-08-04 02:56 388,608 --a------ C:\kmd.exe
2008-02-09 21:07 . 2008-02-09 21:07 <DIR> d-------- C:\SuperAntiSpyware
2008-02-09 20:56 . 2008-02-09 21:08 <DIR> d-------- C:\OuterInfoUnInstall
2008-02-09 18:40 . 2008-02-09 18:41 <DIR> d-------- C:\HiJackThis
2008-02-09 18:21 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\SYSTEM32\VCCLSID.exe
2008-02-09 18:21 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe
2008-02-09 18:21 . 2008-02-08 23:55 85,504 --a------ C:\WINDOWS\SYSTEM32\VACFix.exe
2008-02-09 18:21 . 2008-02-08 10:37 82,432 --a------ C:\WINDOWS\SYSTEM32\IEDFix.exe
2008-02-09 18:21 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\SYSTEM32\Process.exe
2008-02-09 18:21 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\SYSTEM32\WS2Fix.exe
2008-02-09 18:09 . 2008-02-09 18:09 <DIR> d-------- C:\Program Files\CCleaner
2008-02-09 18:01 . 2008-02-09 18:21 3,672 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2008-02-09 14:40 . 2008-02-09 18:58 <DIR> d-------- C:\VundoFix Backups
2008-02-08 20:35 . 2008-02-09 16:19 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-02-08 14:16 . 2008-02-08 14:16 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-08 14:16 . 2008-02-08 14:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-08 14:14 . 2008-02-09 22:32 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-08 11:12 . 2008-02-08 20:21 869 --a------ C:\WINDOWS\wininit.ini
2008-02-07 15:34 . 2004-10-07 13:39 89,088 --a------ C:\WINDOWS\SYSTEM32\atl71.dll
2008-02-07 13:47 . 2008-02-07 13:47 <DIR> d-------- C:\Program Files\Drmupgds
2008-02-07 13:40 . 2008-02-07 13:40 <DIR> d-------- C:\WINDOWS\SYSTEM32\zap7
2008-02-07 13:40 . 2008-02-07 13:58 <DIR> d-------- C:\WINDOWS\SYSTEM32\mvc3
2008-02-07 13:40 . 2008-02-07 13:40 <DIR> d-------- C:\WINDOWS\SYSTEM32\kop9
2008-02-07 13:40 . 2008-02-07 13:40 <DIR> d-------- C:\WINDOWS\SYSTEM32\aec1
2008-02-07 13:40 . 2008-02-07 13:40 513,024 --a------ C:\Temp\chtOna0119.exe
2008-02-07 13:39 . 2008-02-07 13:39 <DIR> d-------- C:\WINDOWS\SYSTEM32\nGpxx01
2008-02-07 13:39 . 2008-02-07 13:40 <DIR> d-------- C:\Temp\isgTi19
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-09 23:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-08 14:52 --------- d-----w C:\Program Files\Spybot - Search & Destroy
HiJackThis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:23, on 2/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\rdpclip.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\system32\LMSXXD.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.2:80
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [LMSXXD] LMSXXD.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user')
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Gravity Monitor.lnk = C:\Program Files\EVware\Gravity CRM\Monitor\GravityMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI05E6~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI05E6~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://companyweb
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfr..._instmodule.exe
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} (NSHelp Class) - http://sbs2003/Conne...uter/nshelp.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = FloridaIndustrialScaleCo.local
O17 - HKLM\Software\..\Telephony: DomainName = FloridaIndustrialScaleCo.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = FloridaIndustrialScaleCo.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = FloridaIndustrialScaleCo.local
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: crmhost - Unknown owner - c:\program files\evware\gravity crm\host\gravityhost.exe (file missing)
O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
--
End of file - 7040 bytes
Thanks again for taking the time to look at this. Ptay.