Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware taking over

Started by Nick3358 , Feb 17 2008 12:43 PM

  • Please log in to reply

#1
Nick3358
Posted 17 February 2008 - 12:43 PM

Nick3358

    New Member

  • Member
  • Pip
  • 2 posts
Please help!
Somehow ive gotten some type of spyware or malware that redirects my google and yahoo search results to a blank page with this address, http://89.149.227.10...81a5c06a2e0b501. Ive also experienced other spyware problems such as pop ups telling me to download drspyware and other programs. I would normally just backtrack on system restore a few weeks to avoid these infections however when I go to my system restore point it wont let me go back more then 2 days. I've searched around the net to find a solution for this and so far no one seems to have solved it. Any suggestions?

Nick


Here is my HijackThis system log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:41:32 PM, on 2/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Ideazon\ZEngine\Zboard.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.ca
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - (no file)
O2 - BHO: (no name) - {4B7D34F6-7897-4827-8FA0-07FE7175C7D9} - C:\WINDOWS\system32\bidisp.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {98828DED-A591-462F-83BA-D2F62A68B8B8} - (no file)
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zboard] C:\Program Files\Ideazon\ZEngine\Zboard.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpyEmergency] "C:\Program Files\NETGATE\Spy Emergency 2007\SpyEmergency.exe"
O4 - HKUS\S-1-5-21-1662507814-99855388-3563380046-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Steph')
O4 - HKUS\S-1-5-21-1662507814-99855388-3563380046-1007\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Steph')
O4 - Global Startup: NetAssistant.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by144fd.bay14...es/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1174443469906
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 9019 bytes
  • 0

Advertisements

#2
Nick3358
Posted 17 February 2008 - 04:29 PM

Nick3358

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Also I ran combofix on my system. here is the log it presented to me as well as a new hijackthis log file... thanks.

ComboFix 08-02-16.2 - Nick 2008-02-17 17:09:31.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.548 [GMT -5:00]
Running from: C:\Documents and Settings\Nick\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\system32\bidisp.dll
C:\WINDOWS\system32\drivers\dmmbquyp.dat
C:\WINDOWS\system32\msiconf.exe

----- BITS: Possible infected sites -----

hxxp://au.download.windowsupdate.cőj
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_ODYFWTRL
-------\odyfwtrl


((((((((((((((((((((((((( Files Created from 2008-01-17 to 2008-02-17 )))))))))))))))))))))))))))))))
.

2008-02-17 14:35 . 2008-02-17 14:35 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-02-17 13:54 . 2008-02-17 13:54 <DIR> d-------- C:\Documents and Settings\Nick\Application Data\Grisoft
2008-02-17 13:54 . 2008-02-17 13:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-17 13:54 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-17 01:00 . 2008-02-17 01:00 <DIR> d-------- C:\Documents and Settings\Wayne\Application Data\True Sword
2008-02-17 00:36 . 2008-02-17 00:36 <DIR> d-------- C:\WINDOWS\system32\backuped
2008-02-17 00:36 . 2008-02-17 01:04 <DIR> d-------- C:\Program Files\True Sword 4
2008-02-15 20:19 . 2008-02-15 20:19 <DIR> d-------- C:\Program Files\Windows Defender
2008-02-15 19:20 . 2008-02-15 19:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NETGATE
2008-02-15 18:49 . 2003-11-19 14:59 512,688 --a------ C:\WINDOWS\system32\XceedCry.dll
2008-02-15 18:49 . 2004-05-11 10:56 423,784 --a------ C:\WINDOWS\system32\XceedBkp.dll
2008-02-15 18:49 . 2004-02-05 21:53 389,120 --a------ C:\WINDOWS\system32\ACTSKN43.OCX
2008-02-15 18:49 . 2004-01-09 11:54 188,416 --a------ C:\WINDOWS\system32\actsplash.ocx
2008-02-15 18:49 . 2004-03-09 00:00 131,856 --a------ C:\WINDOWS\system32\MSADODC.ocx
2008-02-15 18:49 . 2001-03-28 23:02 89,088 --a------ C:\WINDOWS\system32\ProgressBar4.ocx
2008-02-15 18:49 . 1999-01-26 19:36 11,012 --a------ C:\WINDOWS\system32\threadapi.tlb
2008-02-15 18:28 . 2008-02-15 18:45 <DIR> d-------- C:\Program Files\MalwareScanner
2008-02-15 18:28 . 2005-08-27 02:38 1,435,272 --a------ C:\WINDOWS\system32\Flash.ocx
2008-02-15 18:28 . 1998-06-24 01:00 164,144 --a------ C:\WINDOWS\system32\COMCT232.OCX
2008-02-15 18:28 . 1999-05-07 00:00 140,288 --a------ C:\WINDOWS\system32\comdlg32.ocx
2008-02-15 18:28 . 1998-06-24 01:00 115,016 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-02-15 18:28 . 2000-12-06 01:00 109,248 --a------ C:\WINDOWS\system32\MSWINSCK.OCX
2008-02-12 22:14 . 2008-02-14 21:30 <DIR> d-------- C:\Documents and Settings\Nick\Application Data\MP3Rocket
2008-02-11 23:23 . 2008-02-11 23:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-02-11 23:18 . 2008-02-11 23:18 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-02-10 15:43 . 2008-02-12 11:53 <DIR> d-------- C:\Documents and Settings\Nick\Application Data\HLSW
2008-02-08 17:06 . 2008-02-08 17:15 <DIR> d-------- C:\Documents and Settings\Nick\Application Data\iTOrganize
2008-02-08 17:06 . 2008-02-08 17:06 104 --a------ C:\WINDOWS\system32\IOSetp.dbf
2008-02-05 17:09 . 2008-02-12 22:08 <DIR> d-------- C:\Documents and Settings\Nick\My Music
2008-02-04 15:41 . 2008-02-07 22:22 <DIR> d-------- C:\Program Files\Xfire
2008-02-04 15:41 . 2008-02-12 00:18 <DIR> d-------- C:\Documents and Settings\Nick\Application Data\Xfire
2008-02-04 15:30 . 2008-02-04 15:30 <DIR> d-------- C:\Program Files\CCleaner
2008-02-02 15:48 . 2008-02-02 15:48 <DIR> d-------- C:\Program Files\iTunes
2008-02-02 15:48 . 2008-02-02 15:48 <DIR> d-------- C:\Program Files\iPod
2008-02-02 15:48 . 2008-02-16 22:19 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-02 15:48 . 2008-02-02 15:48 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-02 15:47 . 2008-02-02 15:47 <DIR> d-------- C:\Documents and Settings\Mom\Application Data\Apple Computer
2008-01-30 21:02 . 2008-01-30 21:02 54,608 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-01-25 12:39 . 2008-01-25 12:39 <DIR> d-------- C:\MWASPI
2008-01-25 12:39 . 1997-06-11 19:01 30,208 --------- C:\WINDOWS\system32\WNASPI32.DLL
2008-01-25 12:39 . 2000-03-29 17:11 8,096 --------- C:\WINDOWS\system32\drivers\MASPINT.SYS
2008-01-25 12:39 . 1999-10-22 17:58 4,030 --------- C:\WINDOWS\system\WINASPI.DLL
2008-01-25 12:39 . 1997-02-28 03:00 2,486 --------- C:\WINDOWS\system\AS16POST.BIN
2008-01-25 12:39 . 2008-01-25 12:39 291 --a------ C:\WINDOWS\msfsetup.ini
2008-01-25 12:37 . 2008-01-25 12:37 <DIR> d-------- C:\Program Files\PIXELA
2008-01-25 12:36 . 2008-01-25 12:36 <DIR> d-------- C:\Program Files\FinePixViewer
2008-01-25 12:36 . 2003-09-03 16:45 274,432 --a------ C:\WINDOWS\system32\FFTIFF16.dll
2008-01-25 12:36 . 2003-09-06 16:57 159,744 --a------ C:\WINDOWS\system32\FFRAFLIB.DLL
2008-01-25 12:35 . 2008-01-25 12:35 <DIR> d-------- C:\Program Files\REGSHAVE
2008-01-25 12:35 . 2001-11-25 06:11 81,924 --------- C:\WINDOWS\system32\drivers\VC4CB104.SYS
2008-01-25 12:35 . 2002-02-05 11:33 69,632 --------- C:\WINDOWS\system32\FREGSHEX.DLL
2008-01-25 12:35 . 2002-02-27 06:27 65,536 --------- C:\WINDOWS\system32\FINFCHECK.dll
2008-01-25 12:35 . 2002-06-25 10:06 45,056 --------- C:\WINDOWS\system32\FINFCOPY.dll
2008-01-25 12:35 . 2002-02-13 05:00 45,056 --------- C:\WINDOWS\system32\FCLKBTN.DLL
2008-01-24 22:10 . 2006-10-05 20:21 <DIR> d-------- C:\Program Files\Support
2008-01-24 22:10 . 2006-10-05 20:21 <DIR> d-------- C:\Program Files\setupdir
2008-01-24 20:38 . 2008-01-24 20:38 <DIR> d-------- C:\Documents and Settings\Nick\Application Data\Template
2008-01-24 20:38 . 2008-01-31 10:55 194 --a------ C:\Documents and Settings\Nick\Application Data\wklnhst.dat
2008-01-20 15:29 . 2008-01-20 15:29 64,936 --a------ C:\Documents and Settings\Nick\Application Data\GDIPFONTCACHEV1.DAT
2008-01-20 13:24 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-01-20 13:24 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2008-01-20 13:24 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2008-01-20 13:24 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-01-20 13:23 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2008-01-18 23:57 . 2008-01-18 23:57 3,818 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-18 23:19 . 2008-01-18 23:19 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-18 21:07 . 2008-01-18 21:07 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-01-18 21:07 . 2008-01-18 21:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-01-18 19:36 . 2008-02-10 15:39 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-01-18 19:36 . 2008-02-10 15:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-17 22:02 --------- d-----w C:\Program Files\Steam
2008-02-16 00:22 --------- d---a-w C:\Program Files\Common Files\Symantec Shared
2008-02-14 18:34 --------- d-----w C:\Documents and Settings\Wayne\Application Data\Canon
2008-02-13 04:41 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-12 04:18 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-12 03:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-09 00:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-02-02 20:47 --------- d-----w C:\Program Files\QuickTime
2008-02-01 13:19 --------- d---a-w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-27 23:10 --------- d-----w C:\Documents and Settings\Nick\Application Data\Canon
2008-01-25 03:12 --------- d-----w C:\Program Files\Electronic Arts
2008-01-16 12:52 --------- d-----w C:\Program Files\Norton AntiVirus
2008-01-16 12:50 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-01-16 12:50 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-01-16 12:50 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-01-16 12:50 --------- d-----w C:\Program Files\Symantec
2008-01-15 14:54 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2008-01-15 10:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-14 19:44 --------- d-----w C:\Program Files\MSN Messenger
2008-01-13 03:35 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-12 23:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-01-11 18:44 64,936 ----a-w C:\Documents and Settings\Wayne\Application Data\GDIPFONTCACHEV1.DAT
2008-01-02 05:45 --------- d-----w C:\Documents and Settings\Nick\Application Data\Ventrilo
2008-01-02 05:43 --------- d-----w C:\Program Files\Ventrilo
2008-01-02 05:42 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-02 05:03 --------- d-----w C:\Documents and Settings\Steph\Application Data\Spyware Terminator
2007-12-31 23:45 --------- d-----w C:\Documents and Settings\Mom\Application Data\Spyware Terminator
2007-12-31 23:45 --------- d-----w C:\Documents and Settings\Mom\Application Data\Ideazon
2007-12-30 01:28 --------- d-----w C:\Documents and Settings\Wayne\Application Data\Spyware Terminator
2007-12-26 21:49 --------- d-----w C:\Documents and Settings\Wayne\Application Data\Ideazon
2007-12-26 16:27 --------- d-----w C:\Program Files\Transparent
2007-12-26 01:02 --------- d-----w C:\Documents and Settings\Steph\Application Data\Ideazon
2007-12-25 19:48 --------- d-----w C:\Documents and Settings\Nick\Application Data\Ideazon
2007-12-25 19:46 --------- d-----w C:\Program Files\Ideazon
2007-12-25 17:41 --------- d-----w C:\Documents and Settings\Nick\Application Data\Apple Computer
2007-12-25 17:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-25 17:38 --------- d-----w C:\Program Files\Apple Software Update
2007-12-25 17:37 --------- d-----w C:\Program Files\Common Files\Apple
2007-12-25 17:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-12-25 16:05 --------- d-----w C:\Program Files\Kodak
2007-12-25 15:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kodak
2007-12-25 15:32 --------- d-----w C:\Program Files\Common Files\Kodak
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-18 03:35 --------- d-----w C:\Program Files\EZFace
2007-12-17 00:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Transparent
2007-11-29 23:02 196,608 ----a-w C:\WINDOWS\winmap.exe
2007-11-18 03:20 65,712 ----a-w C:\Documents and Settings\Steph\Application Data\GDIPFONTCACHEV1.DAT
2007-08-30 17:23 166 ----a-w C:\Documents and Settings\Wayne\Application Data\wklnhst.dat
2007-06-12 17:27 121,547 ----a-w C:\WINDOWS\Fonts\cm_destroy.zip
2007-05-14 21:24 157 ----a-w C:\Program Files\INSTALL.LOG
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-01-30 23:45 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"SpyEmergency"="C:\Program Files\NETGATE\Spy Emergency 2007\SpyEmergency.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShowWnd"="ShowWnd.exe" [2003-09-19 11:09 36864 C:\WINDOWS\ShowWnd.exe]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-03-11 17:18 135168]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-13 20:10 409600]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 20:51 131072]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 23:43 8466432]
"nwiz"="nwiz.exe" [2007-06-28 23:43 1626112 C:\WINDOWS\system32\nwiz.exe]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 03:50 204800]
"Motive SmartBridge"="C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe" [2004-10-22 14:13 393216]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-07 05:32 50688]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 23:43 81920]
"Zboard"="C:\Program Files\Ideazon\ZEngine\Zboard.exe" [2007-07-25 13:25 57344]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-31 13:15 51048]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-08-24 15:53 714608]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
NetAssistant.lnk - C:\Program Files\NetAssistant\bin\matcli.exe [2007-05-14 16:58:56 217088]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Nick^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Nick\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Nick^Start Menu^Programs^Startup^Xfire.lnk]
path=C:\Documents and Settings\Nick\Start Menu\Programs\Startup\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-09 10:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2005-03-16 19:16 970752 C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
--a------ 2004-05-17 20:30 543232 C:\WINDOWS\zHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 02:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 03:22 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 13:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 15:27 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
--------- 2002-02-04 22:32 53248 C:\Program Files\REGSHAVE\REGSHAVE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-10-31 21:42 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2007-11-29 17:52 1266936 c:\program files\steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 00:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2008-01-31 13:15]
R3 Alpham1;Ideazon Merc USB Human Interface Device;C:\WINDOWS\system32\DRIVERS\Alpham1.sys [2007-07-23 10:56]
R3 Alpham2;Ideazon Merc MM USB Human Interface Device;C:\WINDOWS\system32\DRIVERS\Alpham2.sys [2007-03-20 12:49]
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 11:27]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-01-12 18:32]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 11:27]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-16 20:17:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-25 16:00:53 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.5.30.2.sxt [email protected]
"2008-02-17 22:18:46 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-02-12 01:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Nick.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-17 17:16:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\nvsvc32.exe
.
**************************************************************************
.
Completion time: 2008-02-17 17:21:13 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-17 22:21:09
.
2008-02-13 20:43:14 --- E O F ---


And my new hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:27:31 PM, on 2/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Ideazon\ZEngine\Zboard.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {98828DED-A591-462F-83BA-D2F62A68B8B8} - (no file)
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zboard] C:\Program Files\Ideazon\ZEngine\Zboard.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpyEmergency] "C:\Program Files\NETGATE\Spy Emergency 2007\SpyEmergency.exe"
O4 - Global Startup: NetAssistant.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by144fd.bay14...es/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1174443469906
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 8420 bytes

So far I havent experienced any more of the activity however I do not know if my system is clean. What do you think?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP