Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Please help me stop popups and computer freezing


  • Please log in to reply

#1
Toohottohandle

Toohottohandle

    New Member

  • Member
  • Pip
  • 4 posts
Please help me I am having a serious problem with popups and internet browser hijacking and slow computer. Porn pop ups and windows message work off line pops up every few minutes after I removed the network cable. I posted a request for help earlier this month for my other computer but no one help me yet. Now my other computer I use for work and school is having a problem. I only have this last computer to try to get help from the internet. PLEASE HELP ME!!!!!! Here is my Hijack this log file, ComboFix log file, and Adaware log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:49:14 PM, on 3/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
J:\WINDOWS\System32\smss.exe
J:\WINDOWS\system32\csrss.exe
J:\WINDOWS\system32\winlogon.exe
J:\WINDOWS\system32\services.exe
J:\WINDOWS\system32\lsass.exe
J:\WINDOWS\system32\Ati2evxx.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\System32\svchost.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\system32\svchost.exe
J:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
J:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
J:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
J:\WINDOWS\system32\spoolsv.exe
J:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
J:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
J:\Program Files\Bonjour\mDNSResponder.exe
J:\Program Files\Spotmau WinCares 2007\FolderProtectService.exe
J:\Program Files\Spotmau WinCares 2007\FolderProtect.exe
J:\WINDOWS\system32\hasplms.exe
J:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
J:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
J:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
J:\PROGRA~1\NORTON~1\NSR\Agent\VProSvc.exe
J:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
J:\WINDOWS\system32\HPZipm12.exe
J:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
J:\WINDOWS\system32\Ati2evxx.exe
J:\WINDOWS\Explorer.EXE
J:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe
J:\Program Files\Spyware Doctor\svcntaux.exe
J:\Program Files\Spyware Doctor\swdsvc.exe
J:\WINDOWS\SOUNDMAN.EXE
J:\WINDOWS\ALCWZRD.EXE
J:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
J:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
J:\Program Files\ATI Multimedia\main\ATIDtct.EXE
J:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
J:\Program Files\Spyware Doctor\SDTrayApp.exe
J:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
J:\WINDOWS\system32\svchost.exe
J:\Program Files\Common Files\Symantec Shared\ccApp.exe
J:\PROGRA~1\NORTON~1\NSR\Agent\NSRTray.exe
J:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE
J:\WINDOWS\system32\SearchIndexer.exe
J:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
J:\Program Files\Napster\napster.exe
J:\Program Files\HP\HP Software Update\HPWuSchd2.exe
J:\Program Files\Nero\Nero8\InCD\InCD.exe
J:\WINDOWS\system32\fxssvc.exe
J:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
J:\Program Files\ATI Multimedia\main\launchpd.exe
J:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
J:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
J:\Program Files\RapidSolution\Tunebite\Tunebite.exe
J:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
J:\Program Files\Windows Desktop Search\WindowsSearch.exe
J:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
J:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
J:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
J:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
J:\WINDOWS\System32\alg.exe
J:\WINDOWS\system32\wuauclt.exe
J:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
J:\Program Files\Spyware Doctor\update.exe
J:\WINDOWS\system32\SearchProtocolHost.exe
J:\WINDOWS\system32\SearchFilterHost.exe
J:\WINDOWS\system32\wbem\wmiprvse.exe
J:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - J:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - J:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - J:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - j:\program files\google\googletoolbar1.dll
O3 - Toolbar: etlrlws - {FD858878-29E2-4129-831C-06A61C344E15} - (no file)
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [ATIPTA] J:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] J:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "J:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ccApp] "J:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "J:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [NSRKey] J:\PROGRA~1\NORTON~1\NSR\Agent\NSRTray.exe
O4 - HKLM\..\Run: [Norton Save and Restore] "J:\PROGRA~1\NORTON~1\NSR\Agent\NSRTray.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] J:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "J:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] J:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [NapsterShell] J:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [HP Software Update] J:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NBKeyScan] "J:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] J:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] J:\Program Files\Nero\Nero8\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "J:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "J:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "J:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NSWosCheck] J:\Program Files\Norton SystemWorks Premier\osCheck.exe
O4 - HKLM\..\Run: [SDTray] "J:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [Ad-Watch] J:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKCU\..\Run: [ATI Launchpad] "J:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI Remote Control] J:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [swg] J:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Tunebite] J:\Program Files\RapidSolution\Tunebite\Tunebite.exe -tray
O4 - HKCU\..\Run: [AdobeUpdater] J:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-21-1275210071-823518204-839522115-1007\..\RunOnce: [NeroHomeFirstStart] "J:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" (User 'QBDataServiceUser17')
O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = J:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = J:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = J:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = J:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = J:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = J:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Windows Desktop Search.lnk = J:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://J:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: Append to existing PDF - res://J:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://J:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://J:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://J:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://J:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://J:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://J:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://J:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download with Rapget - J:\DOCUME~1\George\MYDOCU~1\RAPIDG~1\RAPGET~1\rapget.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://J:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - J:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - J:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - J:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - J:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - J:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - J:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - J:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - J:\Program Files\Norton SystemWorks Premier\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - J:\Program Files\Norton SystemWorks Premier\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - J:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - J:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - J:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://dsn.us.dell.com
O15 - Trusted Zone: http://login.live.com
O15 - Trusted Zone: http://www.msn.com
O15 - Trusted IP range: 192.168.1.106
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.liv...es/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1182281686531
O17 - HKLM\System\CCS\Services\Tcpip\..\{633F2D65-9FB8-4D99-8B48-0318DC0FC443}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{E4B2B09A-7562-431F-86A1-4AD915E7EF6B}: NameServer = 192.168.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - J:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: J:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O21 - SSODL: altvxvm - {9DEA0CF3-F160-4587-8533-4269D1F75C5C} - (no file)
O21 - SSODL: CDKernel - {2a1e9fcc-4129-4613-9a04-00f1b93ea8be} - J:\WINDOWS\Installer\{2a1e9fcc-4129-4613-9a04-00f1b93ea8be}\CDKernel.dll
O21 - SSODL: zip - {72e09621-55fb-4457-aa1f-072f3d9b54b8} - J:\WINDOWS\Installer\{72e09621-55fb-4457-aa1f-072f3d9b54b8}\zip.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - J:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - J:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - J:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - J:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - J:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - J:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - J:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - J:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - J:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - J:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - J:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FolderProtectService - Unknown owner - J:\Program Files\Spotmau WinCares 2007\FolderProtectService.exe
O23 - Service: GoogleDesktopManager - Google - J:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - J:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - J:\WINDOWS\system32\hasplms.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - J:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - J:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - J:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - J:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - J:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - J:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - J:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton Save and Restore - Symantec Corporation - J:\PROGRA~1\NORTON~1\NSR\Agent\VProSvc.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - J:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - J:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - J:\WINDOWS\system32\HPZipm12.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - - J:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - J:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: QuickBooksDB17 - iAnywhere Solutions, Inc. - J:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - J:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - J:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - J:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - J:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - J:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Unknown owner - J:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - J:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 17781 bytes


ComboFix 08-03-13.4 - George 2008-03-20 12:20:19.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1281 [GMT -4:00]
Running from: J:\Documents and Settings\George\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-02-20 to 2008-03-20 )))))))))))))))))))))))))))))))
.

2008-03-20 02:45 . 2008-03-20 02:45 <DIR> d-------- J:\Program Files\Lavasoft
2008-03-18 06:43 . 2008-03-18 06:43 117,102 --------- J:\WINDOWS\hpoins11.dat.temp
2008-03-18 06:43 . 2006-05-05 17:18 11,634 --------- J:\WINDOWS\hpomdl11.dat.temp
2008-03-18 06:22 . 2008-03-18 06:22 <DIR> d-------- J:\Program Files\Common Files\Sonic Shared
2008-03-18 06:04 . 2006-03-03 21:03 282,680 --a------ J:\WINDOWS\system32\HPZidr12.1
2008-03-18 06:04 . 2006-03-03 21:02 204,800 --a------ J:\WINDOWS\system32\HPZipr12.1
2008-03-18 05:47 . 2008-03-18 06:43 116,458 --a------ J:\WINDOWS\hpoins11.dat
2008-03-18 05:35 . 2006-05-05 17:18 11,634 --------- J:\WINDOWS\hpomdl11.dat
2008-03-18 05:15 . 2007-06-20 14:28 312,928,648 --a------ J:\HP Printer Software Install.exe
2008-03-14 10:24 . 2008-03-18 11:53 <DIR> d-------- J:\Program Files\Spyware Doctor
2008-03-14 10:24 . 2008-03-14 10:24 <DIR> d-------- J:\Documents and Settings\George\Application Data\PC Tools
2008-03-14 10:24 . 2008-03-14 10:35 79,688 --a------ J:\WINDOWS\system32\drivers\iksyssec.sys
2008-03-14 10:24 . 2008-03-14 10:35 62,280 --a------ J:\WINDOWS\system32\drivers\iksysflt.sys
2008-03-14 10:24 . 2008-03-14 10:35 41,288 --a------ J:\WINDOWS\system32\drivers\ikfilesec.sys
2008-03-14 10:24 . 2008-03-14 10:35 29,000 --a------ J:\WINDOWS\system32\drivers\kcom.sys
2008-03-14 03:07 . 2008-03-14 03:07 206 --a------ J:\WINDOWS\system32\MRT.INI
2008-03-09 06:14 . 2005-09-23 07:29 626,688 --a------ J:\WINDOWS\system32\msvcr80.dll
2008-03-07 18:21 . 2008-03-13 23:02 <DIR> d-------- J:\Program Files\XoftSpySE
2008-03-07 18:07 . 2008-03-10 03:47 <DIR> d-------- J:\Program Files\RegCure
2008-03-07 15:33 . 2008-03-07 15:33 <DIR> d-------- J:\Program Files\uTorrent
2008-03-07 15:33 . 2008-03-07 18:41 <DIR> d-------- J:\Documents and Settings\George\Application Data\uTorrent
2008-03-07 15:03 . 2008-03-07 15:03 625,032 --a------ J:\WINDOWS\system32\SymNeti.dll
2008-03-07 15:03 . 2008-03-07 15:03 242,056 --a------ J:\WINDOWS\system32\SymRedir.dll
2008-03-07 14:40 . 2008-03-07 14:40 13,035 --a------ J:\WINDOWS\system32\drivers\SymRedir.cat
2008-03-07 14:40 . 2008-03-07 14:40 1,358 --a------ J:\WINDOWS\system32\drivers\SymRedir.inf
2008-03-07 14:39 . 2008-03-07 14:39 191,536 --a------ J:\WINDOWS\system32\drivers\symtdi.sys
2008-03-07 14:39 . 2008-03-07 14:39 145,968 --a------ J:\WINDOWS\system32\drivers\symfw.sys
2008-03-07 14:39 . 2008-03-07 14:39 39,984 --a------ J:\WINDOWS\system32\drivers\symids.sys
2008-03-07 14:39 . 2008-03-07 14:39 37,936 --a------ J:\WINDOWS\system32\drivers\symndisv.sys
2008-03-07 14:39 . 2008-03-07 14:39 35,120 --a------ J:\WINDOWS\system32\drivers\symndis.sys
2008-03-07 14:39 . 2008-03-07 14:39 27,696 --a------ J:\WINDOWS\system32\drivers\symredrv.sys
2008-03-07 14:39 . 2008-03-07 14:39 12,848 --a------ J:\WINDOWS\system32\drivers\symdns.sys
2008-03-05 03:24 . 2003-03-16 02:15 90,112 --a------ J:\WINDOWS\unvise32.exe
2008-03-05 03:23 . 2008-03-05 03:24 <DIR> d-------- J:\Program Files\Business Plan Forms
2008-03-02 16:51 . 2008-03-02 16:51 <DIR> d-------- J:\Program Files\PixiePack Codec Pack
2008-03-02 16:36 . 2007-12-11 10:52 26,784 --a------ J:\WINDOWS\system32\drivers\tbhsd.sys
2008-03-02 16:34 . 2008-03-02 16:34 <DIR> d-------- J:\Program Files\RapidSolution
2008-03-02 16:34 . 2008-03-02 16:41 <DIR> d-------- J:\Documents and Settings\All Users\Application Data\RapidSolution

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-20 16:19 --------- d---a-w J:\Documents and Settings\All Users\Application Data\TEMP
2008-03-20 06:44 --------- d-----w J:\Program Files\Common Files\Wise Installation Wizard
2008-03-20 05:41 12,632 ----a-w J:\WINDOWS\system32\lsdelete.exe
2008-03-20 05:41 --------- d-----w J:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-20 00:39 --------- d-----w J:\Documents and Settings\George\Application Data\tunebite
2008-03-20 00:24 --------- d-----w J:\Program Files\Common Files\Symantec Shared
2008-03-19 18:04 --------- d-----w J:\Program Files\Napster
2008-03-18 12:13 --------- d-----w J:\Documents and Settings\George\Application Data\Vso
2008-03-18 11:16 --------- d-----w J:\Program Files\Norton SystemWorks Premier
2008-03-18 10:20 --------- d-----w J:\Program Files\Common Files\HP
2008-03-14 23:47 --------- d-----w J:\Documents and Settings\George\Application Data\U3
2008-03-14 07:15 --------- d-----w J:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-02 20:31 --------- d-----w J:\Program Files\Tunebite
2008-02-27 08:01 --------- d-----w J:\Program Files\Windows Live
2008-02-21 23:02 --------- d-----w J:\Documents and Settings\All Users\Application Data\Intuit
2008-02-18 21:00 --------- d-----w J:\Documents and Settings\George\Application Data\Intuit
2008-02-18 20:59 --------- d-----w J:\Program Files\Intuit
2008-02-18 20:58 --------- d-----w J:\Program Files\Common Files\supportsoft
2008-02-18 20:57 --------- d-----w J:\Program Files\Google
2008-02-18 20:49 --------- d-----w J:\Program Files\Common Files\Intuit
2008-02-18 20:48 --------- d-----w J:\Program Files\Common Files\AnswerWorks 4.0
2008-02-18 20:42 --------- d-----w J:\Documents and Settings\All Users\Application Data\COMMON FILES
2008-02-17 00:30 --------- d--h--w J:\Program Files\InstallShield Installation Information
2008-02-17 00:30 --------- d-----w J:\Program Files\Mio Technology
2008-02-15 20:03 --------- d-----w J:\Program Files\CASIO
2008-02-15 00:32 --------- d-----w J:\Program Files\Mortgage Payment Calculator
2008-02-12 16:09 --------- d-----w J:\Program Files\ResumeMaker
2008-02-12 16:01 --------- d-----w J:\Documents and Settings\All Users\Application Data\Individual Software
2008-02-12 03:00 --------- d-----w J:\Documents and Settings\All Users\Application Data\Geek Squad
2008-02-07 10:18 --------- d-----w J:\Program Files\Shareaza
2008-02-02 22:23 --------- d-----w J:\Program Files\iTunes
2008-02-02 22:23 --------- d-----w J:\Program Files\iPod
2008-02-02 22:14 --------- d-----w J:\Program Files\QuickTime
2008-02-01 16:11 586,240 ----a-w J:\WINDOWS\WLXPGSS.SCR
2008-02-01 16:08 --------- d-----w J:\Documents and Settings\All Users\Application Data\Symantec
2008-01-28 23:55 --------- d-----w J:\Program Files\DVDFab Platinum 4
2008-01-27 22:46 --------- d-----w J:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-01-23 23:00 --------- d-----w J:\Program Files\Norton AntiVirus
2008-01-23 21:16 805 ----a-w J:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-01-23 21:16 60,800 ----a-w J:\WINDOWS\system32\S32EVNT1.DLL
2008-01-23 21:16 123,952 ----a-w J:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-01-23 21:16 10,740 ----a-w J:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-01-23 21:16 --------- d-----w J:\Program Files\Symantec
2008-01-20 23:41 --------- d-----w J:\Program Files\Word Search Deluxe
2007-10-22 03:17 47,360 ----a-w J:\Documents and Settings\George\Application Data\pcouffin.sys
2006-02-19 07:28 12,288 ----a-w J:\WINDOWS\Fonts\RandFont.dll
2004-12-20 05:04 13,824 ----a-w J:\Documents and Settings\George\dmg2iso.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\FolderProtect0]
@={D7BC78F3-3624-455C-8C4B-9C77C3BFEE4E}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\FolderProtect1]
@={8A814C29-D3CD-4F9E-9770-DF8704503ACA}

[HKEY_CLASSES_ROOT\CLSID\{D7BC78F3-3624-455C-8C4B-9C77C3BFEE4E}]
2006-12-22 17:30 57344 --a------ J:\Program Files\Spotmau WinCares 2007\FolderProtectShellExtension.dll

[HKEY_CLASSES_ROOT\CLSID\{8A814C29-D3CD-4F9E-9770-DF8704503ACA}]
2006-12-22 17:30 57344 --a------ J:\Program Files\Spotmau WinCares 2007\FolderProtectShellExtension.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI Launchpad"="J:\Program Files\ATI Multimedia\main\launchpd.exe" [2004-06-15 22:22 106571]
"ATI Remote Control"="J:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe" [2004-08-26 23:51 200704]
"swg"="J:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-27 23:50 68856]
"Tunebite"="J:\Program Files\RapidSolution\Tunebite\Tunebite.exe" [2008-02-01 14:10 4998448]
"AdobeUpdater"="J:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 23:06 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 15:10 61952 J:\WINDOWS\system32\Hdaudpropshortcut.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-06-17 19:12 69632 J:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-06-17 18:43 2550272 J:\WINDOWS\ALCWZRD.EXE]
"ATIPTA"="J:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-17 21:10 339968]
"ATI DeviceDetect"="J:\Program Files\ATI Multimedia\main\ATIDtct.EXE" [2004-06-15 22:17 69705]
"GrooveMonitor"="J:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"ccApp"="J:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]
"osCheck"="J:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-06 03:22 26248]
"NSRKey"="J:\PROGRA~1\NORTON~1\NSR\Agent\NSRTray.exe" [2007-03-26 15:45 1582696]
"Norton Save and Restore"="J:\PROGRA~1\NORTON~1\NSR\Agent\NSRTray.exe" [2007-03-26 15:45 1582696]
"EPSON Stylus Photo R220 Series"="J:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.exe" [2005-03-09 04:00 98304]
"Acrobat Assistant 8.0"="J:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-03-29 22:14 624248]
"Adobe_ID0EYTHM"="J:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 16:40 1884160]
"NapsterShell"="J:\Program Files\Napster\napster.exe" [2007-11-08 18:58 323216]
"HP Software Update"="J:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"NBKeyScan"="J:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328]
"NeroFilterCheck"="J:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"InCD"="J:\Program Files\Nero\Nero8\InCD\InCD.exe" [2007-10-15 11:40 1077032]
"SunJavaUpdateSched"="J:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"QuickTime Task"="J:\Program Files\QuickTime\qttask.exe" [2008-01-10 16:27 385024]
"iTunesHelper"="J:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 04:22 267048]
"Google Desktop Search"="J:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-18 16:58 240640]
"NSWosCheck"="J:\Program Files\Norton SystemWorks Premier\osCheck.exe" [2007-12-03 01:41 25472]
"SDTray"="J:\Program Files\Spyware Doctor\SDTrayApp.exe" [2008-03-14 10:39 1058304]
"Ad-Watch"="J:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [2007-06-13 14:18 4177920]

J:\Documents and Settings\George\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - J:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

J:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - J:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]
HP Photosmart Premier Fast Start.lnk - J:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 07:56:20 73728]
QuickBooks Update Agent.lnk - J:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2006-11-29 12:09:20 968224]
Windows Desktop Search.lnk - J:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= J:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"CDKernel"= {2a1e9fcc-4129-4613-9a04-00f1b93ea8be} - J:\WINDOWS\Installer\{2a1e9fcc-4129-4613-9a04-00f1b93ea8be}\CDKernel.dll [2008-03-13 23:36 18514]
"zip"= {72e09621-55fb-4457-aa1f-072f3d9b54b8} - J:\WINDOWS\Installer\{72e09621-55fb-4457-aa1f-072f3d9b54b8}\zip.dll [2008-03-13 23:36 23126]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=J:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"J:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"J:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"J:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"J:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"J:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"J:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"J:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"J:\\Program Files\\iTunes\\iTunes.exe"=
"J:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
"J:\\Program Files\\uTorrent\\uTorrent.exe"=
"J:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"J:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"J:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"J:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"J:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"J:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"J:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"J:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"J:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"J:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"J:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"J:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"J:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"J:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM

R2 aksfridge;aksfridge;J:\WINDOWS\system32\drivers\aksfridge.sys [2007-03-12 20:48]
R2 FolderProtectService;FolderProtectService;J:\Program Files\Spotmau WinCares 2007\FolderProtectService.exe [2006-12-22 17:30]
R2 hasplms;HASP License Manager;J:\WINDOWS\system32\hasplms.exe -run []
R2 Norton Save and Restore;Norton Save and Restore;J:\PROGRA~1\NORTON~1\NSR\Agent\VProSvc.exe [2007-03-26 15:45]
R2 QuickBooksDB17;QuickBooksDB17;J:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe [2006-09-13 11:32]
R3 FolderProtectDriver;FolderProtectDriver;J:\Program Files\Spotmau WinCares 2007\FolderProtectDriver.sys [2006-12-12 16:25]
S2 riode32;riode32;J:\WINDOWS\system32\drivers\riode32.sys []
S3 PVUSB;CESG502 USB Driver;J:\WINDOWS\system32\DRIVERS\CESG502.sys [2002-06-12 23:50]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
J:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-03-08 19:53:01 J:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- J:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-14 07:14:18 J:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- J:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-03-08 01:00:00 J:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - George.job"
- J:\PROGRA~1\NORTON~2\Navw32.exeh/TASK:
"2008-03-10 16:00:00 J:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job"
- J:\Program Files\Norton SystemWorks Premier\OBC.exe
"2008-03-13 21:00:00 J:\WINDOWS\Tasks\RegCure Program Check.job"
- J:\Program Files\RegCure\RegCure.exe
"2008-03-13 07:00:00 J:\WINDOWS\Tasks\RegCure.job"
- J:\Program Files\RegCure\RegCure.exe
"2008-03-13 21:00:00 J:\WINDOWS\Tasks\XoftSpySE 2.job"
- J:\Program Files\XoftSpySE\XoftSpy.exe
"2008-03-11 07:00:00 J:\WINDOWS\Tasks\XoftSpySE.job"
- J:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-20 12:27:11
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: J:\WINDOWS\explorer.exe [6.00.2900.3156]
-> J:\WINDOWS\Installer\{2a1e9fcc-4129-4613-9a04-00f1b93ea8be}\CDKernel.dll
-> J:\WINDOWS\Installer\{72e09621-55fb-4457-aa1f-072f3d9b54b8}\zip.dll
.
Completion time: 2008-03-20 12:30:44
ComboFix-quarantined-files.txt 2008-03-20 16:30:34
ComboFix2.txt 2008-03-18 02:37:10
.
2008-03-14 07:15:43 --- E O F ---


Ad-Aware 2007 Build
Log File Created on: 2008-03-20 07:51:12
Using Definitions File: J:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\core.aawdef
Computer name: MAINCOMPUTER1
Name of user performing scan: SYSTEM

System information
===========================
Number of processors: 2
Processor type: Intel® Pentium® 4 CPU 3.20GHz
Memory Available: 50%
Total Physical Memory: 2145103872 Bytes
Available Physical Memory: 1064988672 Bytes
Total Page File Size: 4133052416 Bytes
Available On Page File: 2642857984 Bytes
Total Virtual Memory: 2147352576 Bytes
Available Virtual Memory: 1896120320 Bytes
OS: Microsoft Windows XP Service Pack 2 (Build 2600)

Ad-Aware 2007 Settings
===========================
Skipping files larger than 1048576 kB
Ignoring infections with lower TAI than: 3


Extended Ad-Aware 2007 Settings
===========================
Unloading known modules during scan
Ignoring spanned files when scanning cab archives
Reanalyzing results after scanning before displaying results
Trying to unload modules prior to removal
Let Windows remove files currently in use at next reboot
Removing quarantined objects after restore
Deactivating Ad-Watch during scans
Writeprotecting system files after repairs
Include info about ignored objects in log file
Including basic settings in log file
Including advanced settings in log file
Including user and computer name in log file
Notify when Definitions File is outdated
Backing up current definitions file before updating
Create and save WebUpdate log file

Databaseinfo
===========================
Version number: 63
Build Number: 0
Build Date and Time: 2008/03/19 07:55:36

Scan Statistics
===========================
Method: Full
Scan tracking cookies.............................: On
Scan ADS filestreams..............................: Off

Item Scanned: 1484842
Infections Detected: 61
Infections Ignored: 0

Scan detailed statistics
===========================
Type Critical Total
Process Scan....: 0 0
Registry Scan...: 2 2
Registry PE Scan: 0 0
Hosts File Scan.: 0 0
File Scan.......: 0 0
Folder Scan.....: 0 0
LSP Scan........: 0 0
ADS Scan........: 0 0
Cookie Scan.....: 54 54
File Hash Scan..: 3 3

Infections Found
===========================
Family Id: 725 Name: Tracking Cookie Category: DataMiner TAI:3
Item Id: 600000457 Value: Browser: Internet Explorer Cookie: J:\Documents and Settings\George\Cookies\index.dat adopt.euroclick.com LO /
Item Id: 600000457 Value: Browser: Internet Explorer Cookie: J:\Documents and Settings\George\Cookies\index.dat adopt.euroclick.com UI /
Item Id: 600000457 Value: Browser: Internet Explorer Cookie: J:\Documents and Settings\George\Cookies\index.dat adopt.euroclick.com NSC_mc-bepqu.fvspdmjdl.dpn-iuuq /
Item Id: 600000457 Value: Browser: Internet Explorer Cookie: J:\Documents and Settings\George\Cookies\index.dat adopt.euroclick.com DMEXP /
Item Id: 600000457 Value: Browser: Internet Explorer Cookie: J:\Documents and Settings\George\Cookies\index.dat adopt.euroclick.com CTCI /
Item Id: 600000457 Value: Browser: Internet Explorer Cookie: J:\Documents and Settings\George\Cookies\index.dat adopt.euroclick.com HS /
Item Id: 600000049 Value: Browser: Internet Explorer Cookie: J:\Documents and Settings\George\Cookies\index.dat tripod.com CookieStatus /
Item Id: 600000049 Value: Browser: Internet Explorer Cookie: J:\Documents and Settings\George\Cookies\index.dat tripod.com LyRatings /
Item Id: 600000661 Value: Browser: Internet Explorer Cookie: J:\Documents and Settings\George\Cookies\index.dat kontera.com cluid /
Item Id: 600000661 Value: Browser: Internet Explorer Cookie: J:\Documents and Settings\George\Cookies\index.dat kontera.com imprs /
Item Id: 600000397 Value: Browser: Internet Explorer Cookie: J:\Documents and Settings\George\Cookies\index.dat traffic.buyservices.com VisitorId /
Item Id: 600000513 Value: Browser: Internet Explorer Cookie: J:\Documents and Settings\George\Cookies\index.dat adbrite.com Apache /
Item Id: 600000513 Value: Browser: Internet Explorer Cookie: J:\Documents and Settings\George\Cookies\index.dat adbrite.com b /
Item Id: 600000555 Value: Browser: Internet Explorer Cookie: J:\Documents and Settings\George\Cookies\index.dat insightexpressai.com IXAIBanners1010 /
Item Id: 600000555 Value: Browser: Internet Explorer Cookie: J:\Documents and Settings\George\Cookies\index.dat insightexpressai.com IXAIBannerCounter29649 /
Item Id: 600000555 Value: Browser: Internet Explorer Cookie: J:\Documents and Settings\George\Cookies\index.dat insightexpressai.com IXAIFirstHit1010 /
Item Id: 600000555 Value: Browser: Internet Explorer Cookie: J:\Documents and Settings\George\Cookies\index.dat insightexpressai.com IXAILastHit1010 /
Item Id: 600000555 Value: Browser: Internet Explorer Cookie: J:\Documents and Settings\George\Cookies\index.dat insightexpressai.com IXAICampaignCounter1010 /
Item Id: 600000555 Value: Browser: Internet Explorer Cookie: J:\Documents and Settings\George\Cookies\index.dat insightexpressai.com IXAIBanners989 /
Item Id: 600000555 Value: Browser: Internet Explorer Cookie: J:\Documents and Settings\George\Cookies\index.dat insightexpressai.com IXAIBannerCounter27889 /
Item Id: 600000555 Value: Browser: Internet Explorer Cookie: J:\Documents and Settings\George\Cookies\index.dat insightexpressai.com IXAIFirstHit989 /
Item Id: 600000555 Value: Browser: Internet Explorer Cookie: J:\Documents and Settings\George\Cookies\index.dat insightexpressai.com IXAILastHit989 /
Item Id: 600000555 Value: Browser: Internet Explorer Cookie: J:\Documents and Settings\George\Cookies\index.dat insightexpressai.com IXAICampaignCounter989 /
Item Id: 600000555 Value: Browser: Internet Explorer Cookie: J:\Documents and Settings\George\Cookies\index.dat insightexpressai.com IXAIBanners920 /
Item Id: 600000555 Value: Browser: Internet Explorer Cookie: J:\Documents and Settings\George\Cookies\index.dat insightexpressai.com IXAIBannerCounter26763 /
Item Id: 600000555 Value: Browser: Internet Explorer Cookie: J:\Documents and Settings\George\Cookies\index.dat insightexpressai.com IXAIFirstHit920 /
Item Id: 600000555 Value: Browser: Internet Explorer Cookie: J:\Documents and Settings\George\Cookies\index.dat insightexpressai.com IXAILastHit920 /
Item Id: 600000555 Value: Browser: Internet Explorer Cookie: J:\Documents and Settings\George\Cookies\index.dat insightexpressai.com IXAICampaignCounter920 /
Item Id: 600000555 Value: Browser: Internet Explorer Cookie: J:\Documents and Settings\George\Cookies\index.dat insightexpressai.com IXAIBanners988 /
Item Id: 600000555 Value: Browser: Internet Explorer Cookie: J:\Documents and Settings\George\Cookies\index.dat insightexpressai.com IXAIBannerCounter28417 /
Item Id: 600000555 Value: Browser: Internet Explorer Cookie: J:\Documents and Settings\George\Cookies\index.dat insightexpressai.com IXAIFirstHit988 /
Item Id: 600000555 Value: Browser: Internet Explorer Cookie: J:\Documents and Settings\George\Cookies\index.dat insightexpressai.com IXAILastHit988 /
Item Id: 600000555 Value: Browser: Internet Explorer Cookie: J:\Documents and Settings\George\Cookies\index.dat insightexpressai.com IXAICampaignCounter988 /
Item Id: 600000447 Value: Browser: Internet Explorer Cookie: J:\Documents and Settings\George\Cookies\index.dat apmebf.com S /
Item Id: 600000102 Value: Browser: Internet Explorer Cookie: J:\Documents and Settings\George\Cookies\index.dat e-2dj6wjk4ehcpehp.stats.esomniture.com s_vi_4x7Cx3Fx7Fx0Ex28x7Cx60x22x0E9x0Ex2Bcx0Ex21x23x0E3x3C5x3Bgx26x0Ex27x3Fx0Ex28
x7Cx60x22x0E4x0Ex2Bcx0Ex21x23x0E0c5x3Bgx26x0Ex3Bx3Ae49x0E2x214x0E9x216x0Ex265x3Bg
x29hx3Fx0Ex28x7Cx60x224x0Ex20x7Ccx7Cc /
Item Id: 600000083 Value: Browser: Internet Explorer Cookie: J:\Documents and Settings\George\Cookies\index.dat www.homes-for-sale-real-estate.com CFID /
Item Id: 600000083 Value: Browser: Internet Explorer Cookie: J:\Documents and Settings\George\Cookies\index.dat www.homes-for-sale-real-estate.com CFTOKEN /
Item Id: 600000083 Value: Browser: Internet Explorer Cookie: J:\Documents and Settings\George\Cookies\index.dat www.homes-for-sale-real-estate.com CFGLOBALS /
Item Id: 600000112 Value: Browser: Internet Explorer Cookie: J:\Documents and Settings\George\Cookies\index.dat live365.com SaneID /
Item Id: 600000415 Value: Browser: Internet Explorer Cookie: J:\Documents and Settings\George\Cookies\index.dat ads.revsci.net rsi_us_1000000 /adserver
Item Id: 600000390 Value: Browser: Internet Explorer Cookie: J:\Documents and Settings\George\Cookies\index.dat www.buy.com prodViewHist /
Item Id: 600000390 Value: Browser: Internet Explorer Cookie: J:\Documents and Settings\George\Cookies\index.dat www.buy.com ShowProdZoom /
Item Id: 600000135 Value: Browser: Internet Explorer Cookie: J:\Documents and Settings\George\Cookies\index.dat findwhat.com uid /
Item Id: 600000578 Value: Browser: Internet Explorer Cookie: J:\Documents and Settings\George\Cookies\index.dat unicast.com VWCUK200 /
Item Id: 600000390 Value: Browser: Internet Explorer Cookie: J:\Documents and Settings\George\Cookies\index.dat www.buyersusarelocation.com CFID /
Item Id: 600000390 Value: Browser: Internet Explorer Cookie: J:\Documents and Settings\George\Cookies\index.dat www.buyersusarelocation.com CFTOKEN /
Item Id: 600000390 Value: Browser: Internet Explorer Cookie: J:\Documents and Settings\George\Cookies\index.dat www.buyersusarelocation.com CFGLOBALS /
Item Id: 600000190 Value: Browser: Internet Explorer Cookie: J:\Documents and Settings\George\Cookies\index.dat www.googleadservices.com Conversion /pagead/conversion/1071990519/
Item Id: 600000159 Value: Browser: Internet Explorer Cookie: J:\Documents and Settings\George\Cookies\index.dat clickbank.net p /
Item Id: 600000187 Value: Browser: Internet Explorer Cookie: J:\Documents and Settings\George\Cookies\index.dat advertising.com ACID /
Item Id: 600000187 Value: Browser: Internet Explorer Cookie: J:\Documents and Settings\George\Cookies\index.dat advertising.com C2 /
Item Id: 600000187 Value: Browser: Internet Explorer Cookie: J:\Documents and Settings\George\Cookies\index.dat advertising.com BASE /
Item Id: 600000187 Value: Browser: Internet Explorer Cookie: J:\Documents and Settings\George\Cookies\index.dat advertising.com ROLL /
Item Id: 600000187 Value: Browser: Internet Explorer Cookie: J:\Documents and Settings\George\Cookies\index.dat advertising.com F1 /
Family Id: 1371 Name: Win32.Trojan.Inject Category: Malware TAI:10
Item Id: 82960 Value: File: D:\FILES MOVED FROM C DRIVE\My Documents\Downloads\Download_office small business 2007_with_the_fastest_BitTorrent_downloader.exe
Family Id: 941 Name: Win32.Trojan.Agent Category: Malware TAI:10
Item Id: 107708 Value: File: E:\CS2\Keygen by SSG\keygen.exe
Item Id: 300031803 Value: Root: HKLM Path: SYSTEM\ControlSet001\Services\wscsvc Value: Start Data: 4
Family Id: 1032 Name: Win32.TrojanDownloader.Small Category: Malware TAI:7
Item Id: 112895 Value: File: J:\Documents and Settings\George\My Documents\Tunebite.Platinum.Edition.v4.1.0.14-TE\tunebite 5 rapidshare\keygen.exe
Item Id: 300021800 Value: Root: HKLM Path: software\microsoft\tracing\fwcfg
Family Id: 9999 Name: MRU Object Category: MRU Object TAI:0
Item Id: 1 Value: MRU Path: J:\Documents and Settings\George\Recent Count: 175
Item Id: 3 Value: MRU Registry Key: S-1-5-21-1275210071-823518204-839522115-1003\Software\Microsoft\Internet Explorer\TypedURLs Count: 2

Items Ignored During Scan
===========================


Listing of running processes
===========================
J:\WINDOWS\SYSTEM32\SMSS.EXE
j:\windows\system32\smss.exe

j:\windows\system32\ntdll.dll

J:\WINDOWS\SYSTEM32\CSRSS.EXE
j:\windows\system32\csrss.exe

j:\windows\system32\ntdll.dll

j:\windows\system32\csrsrv.dll

j:\windows\system32\basesrv.dll

j:\windows\system32\winsrv.dll

j:\windows\system32\gdi32.dll

j:\windows\system32\kernel32.dll

j:\windows\system32\user32.dll

j:\windows\system32\sxs.dll

j:\windows\system32\advapi32.dll

j:\windows\system32\rpcrt4.dll

j:\windows\system32\apphelp.dll

j:\windows\system32\version.dll

j:\program files\spyware doctor\smumhook.dll

j:\windows\system32\oleaut32.dll

j:\windows\system32\msvcrt.dll

j:\windows\system32\ole32.dll

j:\program files\spyware doctor\klg.dat

J:\WINDOWS\SYSTEM32\WINLOGON.EXE
j:\windows\system32\winlogon.exe

j:\windows\system32\ntdll.dll

j:\windows\system32\kernel32.dll

j:\windows\system32\advapi32.dll

j:\windows\system32\rpcrt4.dll

j:\windows\system32\authz.dll

j:\windows\system32\msvcrt.dll

j:\windows\system32\crypt32.dll

j:\windows\system32\user32.dll

j:\windows\system32\gdi32.dll

j:\windows\system32\msasn1.dll

j:\windows\system32\nddeapi.dll

j:\windows\system32\profmap.dll

j:\windows\system32\netapi32.dll

j:\windows\system
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP