First of all, Thank you for the help you are giving. This has been a real pain.
Thanks,
Chuck
Here is the contents of combofix.txt log, followed by the HijackThis log contents:
ComboFix 08-04-09.1 - Chuck 2008-04-09 16:20:18.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.444 [GMT -4:00]
Running from: C:\Documents and Settings\Chuck\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Chuck\Application Data\inst.exe
.
---- Previous Run -------
.
C:\WINDOWS\BM7f8bd2d9.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\BaHNoUvw.ini
C:\WINDOWS\system32\BaHNoUvw.ini2
C:\WINDOWS\system32\GgQXyyay.ini
C:\WINDOWS\system32\GgQXyyay.ini2
C:\WINDOWS\system32\giahdpsy.ini
C:\WINDOWS\system32\kbxiuhnt.ini
C:\WINDOWS\system32\nfefnhtj.ini
C:\WINDOWS\system32\PssssBeg.ini
C:\WINDOWS\system32\PssssBeg.ini2
C:\WINDOWS\system32\uoorfuxj.ini
C:\WINDOWS\system32\vtUmNGwt.dll
.
((((((((((((((((((((((((( Files Created from 2008-03-09 to 2008-04-09 )))))))))))))))))))))))))))))))
.
2008-04-09 16:27 . 2008-04-09 16:27 <DIR> d-------- C:\WINDOWS\LastGood
2008-04-08 23:34 . 2008-04-08 23:34 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-08 17:00 . 2008-04-08 17:00 3,648 --a------ C:\WINDOWS\system32\nuvsfyuf.dll
2008-04-08 16:59 . 2008-04-08 16:59 269,824 --a------ C:\WINDOWS\system32\wvUoNHaB.dll_old
2008-04-07 11:41 . 2008-04-09 15:36 442 --a------ C:\WINDOWS\wininit.ini
2008-04-07 07:29 . 2008-04-07 07:29 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-07 07:29 . 2008-04-07 12:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-07 07:25 . 2008-04-07 07:25 30,760 --a------ C:\WINDOWS\system32\vtpizjjb.exe
2008-04-07 02:35 . 2008-04-08 00:35 <DIR> d-------- C:\VundoFix Backups
2008-04-03 21:35 . 2008-04-03 21:35 <DIR> d-------- C:\Documents and Settings\Chuck\Application Data\Nero8
2008-04-03 07:50 . 2008-04-03 07:54 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-04-02 02:33 . 2008-04-05 21:37 709 --a------ C:\WINDOWS\system32\installerror.dat
2008-03-29 11:16 . 2008-03-29 11:16 <DIR> d-------- C:\pi30nnw1
2008-03-27 20:09 . 2008-03-27 20:09 <DIR> d-------- C:\Program Files\SiSoftware
2008-03-27 18:20 . 2008-03-27 18:20 <DIR> d-------- C:\Program Files\Belarc
2008-03-27 18:20 . 2008-02-27 13:49 3,840 --a------ C:\WINDOWS\system32\drivers\BANTExt.sys
2008-03-25 19:58 . 2008-03-25 19:59 <DIR> d-------- C:\Program Files\WinAVI Video Converter
2008-03-23 22:53 . 2008-03-27 23:32 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-03-23 22:50 . 2008-03-27 23:32 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-03-23 22:50 . 2008-03-23 22:50 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-03-23 22:17 . 2008-03-23 22:17 <DIR> d-------- C:\Program Files\hegames
2008-03-23 22:17 . 2008-03-23 22:19 <DIR> d-------- C:\hegames
2008-03-23 22:17 . 2008-03-23 22:20 534 --a------ C:\WINDOWS\hegames.ini
2008-03-22 09:08 . 2008-03-22 09:08 <DIR> d-------- C:\Program Files\Fisher-Price
2008-03-22 09:08 . 2008-03-22 09:08 <DIR> d-------- C:\Documents and Settings\Chuck\WINDOWS
2008-03-22 09:08 . 1998-06-24 10:43 283,648 --a------ C:\WINDOWS\uninst.exe
2008-03-22 09:08 . 2008-03-22 09:08 60 --a------ C:\WINDOWS\Constrct.ini
2008-03-22 09:04 . 2008-03-22 09:05 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-03-22 08:59 . 2008-03-22 08:59 <DIR> d-------- C:\Documents and Settings\Chuck\Application Data\DAEMON Tools
2008-03-22 08:59 . 2008-03-22 08:59 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-03-21 07:48 . 2008-03-21 07:48 <DIR> d-------- C:\Program Files\Red Kawa
2008-03-14 07:43 . 2008-04-03 07:42 <DIR> d-------- C:\Temp
2008-03-13 07:05 . 2008-03-13 07:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-12 19:56 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-10 21:21 . 2008-03-10 21:21 <DIR> d-------- C:\Documents and Settings\Chuck\Application Data\Hoyle FaceCreator
2008-03-10 21:21 . 2008-03-10 21:26 <DIR> d-------- C:\Documents and Settings\Chuck\Application Data\Hoyle Casino
2008-03-10 21:19 . 2008-03-10 21:19 <DIR> dr-h----- C:\Documents and Settings\Chuck\Application Data\SecuROM
2008-03-10 21:19 . 2008-03-10 21:19 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-03-10 19:58 . 2008-03-10 19:58 <DIR> d-------- C:\Program Files\Encore
2008-03-10 19:30 . 2008-03-10 19:30 <DIR> d-------- C:\Program Files\Nero
2008-03-10 19:13 . 2008-03-10 19:13 <DIR> d-------- C:\Documents and Settings\Chuck\Application Data\MSN6
2008-03-10 19:13 . 2008-03-10 19:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSN6
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-09 20:26 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-04-08 04:31 --------- d-----w C:\Program Files\Steam
2008-04-06 22:47 --------- d-----w C:\Documents and Settings\Chuck\Application Data\Azureus
2008-04-03 11:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-03-28 03:30 --------- d-----w C:\Program Files\GameSpy Arcade
2008-03-12 23:56 --------- d-----w C:\Program Files\Java
2008-03-08 06:35 --------- d-----w C:\Program Files\Google
2008-03-08 05:25 --------- d-----w C:\Program Files\Azureus
2008-03-06 11:59 --------- d-----w C:\Program Files\Windows Defender
2008-03-05 06:18 --------- d-----w C:\Program Files\WinMPG Video Convert
2008-03-04 11:56 --------- d-----w C:\Documents and Settings\Chuck\Application Data\Vso
2008-03-02 14:35 --------- d-----w C:\Program Files\Microsoft Corporation
2008-03-02 07:11 --------- d-----w C:\Program Files\Common Files\Java
2008-03-01 08:01 --------- d-----w C:\Program Files\MSXML 4.0
2008-02-29 15:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\OrbNetworks
2008-02-29 15:17 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-02-29 15:12 --------- d-----w C:\Program Files\Pro Imaging Powertoys
2008-02-29 15:03 --------- d-----w C:\Program Files\Media Center Alarm Clock
2008-02-29 15:03 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-29 15:00 --------- d-----w C:\Program Files\Microsoft
2008-02-29 03:33 --------- d-----w C:\Documents and Settings\Chuck\Application Data\Nero
2008-02-29 02:33 --------- d-----w C:\Documents and Settings\Chuck\Application Data\ICAClient
2008-02-29 02:27 --------- d-----w C:\Program Files\Citrix
2008-02-28 12:41 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-02-28 12:41 47,360 ----a-w C:\Documents and Settings\Chuck\Application Data\pcouffin.sys
2008-02-28 12:41 --------- d-----w C:\Program Files\DVDFab Platinum 4
2008-02-28 12:35 --------- d-----w C:\Program Files\DVD Decrypter
2008-02-27 19:07 --------- d-----w C:\Program Files\Games
2008-02-27 02:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2008-02-26 21:13 --------- d-----w C:\Program Files\TVersity
2008-02-26 21:11 --------- d-----w C:\Program Files\Combined Community Codec Pack
2008-02-26 12:08 --------- d-----w C:\Documents and Settings\Chuck\Application Data\dvdcss
2008-02-26 04:26 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-26 03:40 --------- d-----w C:\Program Files\Orb Networks
2008-02-26 03:34 --------- d-----w C:\Program Files\WinTV
2008-02-26 03:12 --------- d-----w C:\Program Files\Xilisoft
2008-02-26 02:11 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-26 00:56 --------- d-----w C:\Program Files\Common Files\L&H
2008-02-26 00:55 --------- d-----w C:\Program Files\Microsoft Works
2008-02-26 00:52 --------- d-----w C:\Program Files\Microsoft.NET
2008-02-25 23:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-02-25 17:24 --------- d-----w C:\Program Files\nanocosmos
2008-02-25 17:23 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-02-25 17:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-25 17:20 --------- d-----w C:\Program Files\Ulead Systems
2008-02-25 17:19 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-25 17:18 --------- d-----w C:\Program Files\Common Files\IviSDK
2008-02-25 05:05 --------- d-----w C:\Program Files\QuickTime
2008-02-25 04:53 --------- d-----w C:\Program Files\Windows Media Components
2008-02-25 04:40 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-25 04:40 --------- d-----w C:\Program Files\Windows Live
2008-02-25 04:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-25 03:53 --------- d-----w C:\Documents and Settings\Chuck\Application Data\ATI
2008-02-25 03:49 --------- d-----w C:\Program Files\ATI Technologies
2008-02-25 03:17 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-02-25 02:45 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-25 02:44 --------- d-----w C:\Program Files\Symantec
2008-02-25 02:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-25 02:25 --------- d-----w C:\Program Files\microsoft frontpage
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0E813F4B-E175-46AF-9D61-F41D1C293EE9}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{196D3E9C-DED2-4A37-9CE0-6FAEFD096929}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{23231D5E-7A16-491F-8A88-A08E86F70EBB}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6E93279C-E6C1-484A-A5F4-F6438606EAAA}]
C:\WINDOWS\system32\wvUoNHaB.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8EEB996-62AA-4E48-995D-EADDCAC47476}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B17C128E-1099-43C6-9E24-B6B1408B2A0A}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"Orb"="C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe" [2008-02-28 18:15 503808]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 14:39 1289000]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-03-21 04:30 486856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-03-29 00:02 1271032]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingB1000"="command /c del C:\WINDOWS\system32\kgqglvqa.dll_old" [ ]
"SpybotDeletingB2491"="command /c del C:\WINDOWS\system32\jthnfefn.dll_old" [ ]
"SpybotDeletingB6742"="command /c del C:\WINDOWS\system32\yayyXQgG.dll_old" [ ]
"SpybotDeletingD8253"="cmd /c del C:\WINDOWS\system32\kgqglvqa.dll_old" [ ]
"SpybotDeletingD3898"="cmd /c del C:\WINDOWS\system32\jthnfefn.dll_old" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 20:26 52896]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-09-27 21:33 125168]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 09:56 64512]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"RRTray"="C:\Program Files\Microsoft Corporation\MSN Remote Record service\rrtray.exe" [2007-02-16 04:18 65536]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 20:20 866584]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 09:25 1828136]
"BM7f8bd2d9"="C:\WINDOWS\system32\kmlwaivr.dll" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingA6174"="command /c del C:\WINDOWS\system32\jthnfefn.dll_old" [ ]
"SpybotDeletingC3669"="cmd /c del C:\WINDOWS\system32\jthnfefn.dll_old" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 17:38 39264]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AutoStart IR.lnk - C:\Program Files\WinTV\Ir.exe [2008-02-25 21:21:37 110647]
Extender Resource Monitor.lnk - C:\WINDOWS\EHome\RMSysTry.exe [2005-10-20 19:55:40 18432]
Google Calendar Sync.lnk - C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2008-03-20 22:26:50 542192]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUmNGwt]
vtUmNGwt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\TVersity\\Media Server\\TVersity.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"C:\\WINDOWS\\EHome\\ehshell.exe"=
"C:\\Program Files\\Games\\Quake III Arena\\quake3.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\Win32\\RpcDataSrv.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\RpcSandraSrv.exe"=
"C:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"=
"C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"=
"C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"41952:TCP"= 41952:TCP:TVersity
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience
"80:TCP"= 80:TCP:orb_port_80
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 viasraid;viasraid;C:\WINDOWS\system32\drivers\viasraid.sys [2003-10-30 18:22]
R2 RMSvc;Media Center Extender Resource Monitor;C:\WINDOWS\ehome\RMSvc.exe [2005-10-20 19:55]
S3 QWAVE;QWAVE service;C:\WINDOWS\system32\svchost.exe [2004-08-04 01:56]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\SecureDrive_Launcher.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36e2b9b3-f0a2-11dc-aa5a-00502ca7faa8}]
\Shell\AutoRun\command - E:\SecureDrive_Launcher.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-04-09 20:27:29 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-04-09 18:06:18
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\PnkBstrA.exe
c:\program files\microsoft corporation\msn remote record service\remoterecordclient.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\ehome\McrdSvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Orb Networks\Orb\bin\Orb.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\System32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-04-09 18:11:14 - machine was rebooted [Chuck]
ComboFix-quarantined-files.txt 2008-04-09 22:10:59
Pre-Run: 15,581,298,688 bytes free
Post-Run: 15,551,959,040 bytes free
.
2008-04-09 20:27:35 --- E O F ---
Hijackthis.log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:19:25 PM, on 4/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\PnkBstrA.exe
c:\program files\microsoft corporation\msn remote record service\remoterecordclient.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft Corporation\MSN Remote Record service\rrtray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Orb Networks\Orb\bin\Orb.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\WinTV\Ir.exe
C:\WINDOWS\EHome\RMSysTry.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.msnbc.msn.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {23231D5E-7A16-491F-8A88-A08E86F70EBB} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {6E93279C-E6C1-484A-A5F4-F6438606EAAA} - C:\WINDOWS\system32\wvUoNHaB.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RRTray] "C:\Program Files\Microsoft Corporation\MSN Remote Record service\rrtray.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [BM7f8bd2d9] Rundll32.exe "C:\WINDOWS\system32\kmlwaivr.dll",s
O4 - HKLM\..\RunOnce: [SpybotDeletingA6174] command /c del "C:\WINDOWS\system32\jthnfefn.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3669] cmd /c del "C:\WINDOWS\system32\jthnfefn.dll_old"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\EHome\RMSysTry.exe
O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) -
http://graceplace.sp...ad/MsnPUpld.cabO16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) -
http://www.adobe.com...obat/nos/gp.cabO20 - Winlogon Notify: vtUmNGwt - vtUmNGwt.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Record Service (RemoteRecord) - - c:\program files\microsoft corporation\msn remote record service\remoterecordclient.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 9975 bytes
This topic is locked
Sign In
Create Account
