***************************
I wrote this before i saw you responce so i'll post encase you need it but still do what you said
Copied what someone else was advised to do as i have important work due in so would appreciate an urgent reply..
http://www.geekstogo...ck-t196239.htmlPlease download Deckard's System Scanner (DSS) and save it to your Desktop.
* Close all other windows before proceeding.
* Double-click on dss.exe and follow the prompts.
* When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
It didn't open 2 note pads only the main one.
Deckard's System Scanner v20071014.68
Run by l on 2008-04-27 15:32:50
Computer is in Normal Mode.
--------------------------------------------------------------------------------
System Drive C: has 2.2 GiB (less than 15%) free.-- HijackThis (run as l.exe) ---------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:32:58, on 27/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
D:\Documents and Settings\l\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\l.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://go.microsoft....k/?LinkId=74005O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [razer] D:\razerhid.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 9632 bytes
-- Files created between 2008-03-27 and 2008-04-27 -----------------------------
2008-04-27 13:22:26 0 d-------- D:\Documents and Settings\l\Application Data\DivX
2008-04-27 13:22:20 0 d-------- D:\Documents and Settings\l\Application Data\Media Player Classic
2008-04-27 12:19:46 145440 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-27 11:57:23 0 d-------- C:\Program Files\ZoneAlarmSB
2008-04-27 11:56:04 0 d-------- D:\Documents and Settings\All Users\Application Data\MailFrontier
2008-04-27 11:55:51 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-04-27 11:55:40 11264 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft® Windows NT Operating System>
2008-04-27 11:54:30 0 d-------- C:\WINDOWS\system32\ZoneLabs
2008-04-27 11:53:26 0 d-------- C:\WINDOWS\Internet Logs
2008-04-27 11:43:14 0 d-------- C:\Program Files\SpywareBlaster
2008-04-27 11:22:22 0 d-------- C:\Program Files\Trend Micro
2008-04-27 11:03:32 0 --a------ C:\WINDOWS\ORUN32.EXE
2008-04-27 11:03:27 0 --a------ C:\WINDOWS\system32\CMMGR32.EXE
2008-04-27 11:00:29 0 d-------- D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-27 11:00:14 0 d-------- D:\Documents and Settings\l\Application Data\SUPERAntiSpyware.com
2008-04-27 11:00:14 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-27 10:57:04 0 d-------- C:\Program Files\Panda Security
2008-04-27 10:54:39 0 d-------- D:\Documents and Settings\l\Application Data\Malwarebytes
2008-04-27 10:54:36 0 d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-27 10:54:35 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-27 10:54:23 0 d-------- C:\Program Files\Common Files\Download Manager
2008-04-27 10:10:14 0 d-------- D:\Deckard
2008-04-27 10:05:45 0 d-------- D:\Documents and Settings\l\Application Data\Adobe
2008-04-27 10:04:03 0 d-------- D:\Documents and Settings\l\Application Data\Mozilla
2008-04-27 10:01:27 0 d--h----- D:\Documents and Settings\l\Templates
2008-04-27 10:01:27 0 dr------- D:\Documents and Settings\l\Start Menu
2008-04-27 10:01:27 0 dr-h----- D:\Documents and Settings\l\SendTo
2008-04-27 10:01:27 0 dr-h----- D:\Documents and Settings\l\Recent
2008-04-27 10:01:27 0 d--h----- D:\Documents and Settings\l\PrintHood
2008-04-27 10:01:27 1835008 --ah----- D:\Documents and Settings\l\NTUSER.DAT
2008-04-27 10:01:27 0 d--h----- D:\Documents and Settings\l\NetHood
2008-04-27 10:01:27 0 dr------- D:\Documents and Settings\l\My Documents
2008-04-27 10:01:27 0 d--h----- D:\Documents and Settings\l\Local Settings
2008-04-27 10:01:27 0 dr------- D:\Documents and Settings\l\Favorites
2008-04-27 10:01:27 0 dr------- D:\Documents and Settings\l\Desktop
2008-04-27 10:01:27 0 d--hs---- D:\Documents and Settings\l\Cookies
2008-04-27 10:01:27 0 dr-h----- D:\Documents and Settings\l\Application Data
2008-04-27 10:01:27 0 d-------- D:\Documents and Settings\l\Application Data\You've Got Pictures Screensaver
2008-04-27 10:01:27 0 d-------- D:\Documents and Settings\l\Application Data\Symantec
2008-04-27 10:01:27 0 d-------- D:\Documents and Settings\l\Application Data\Real
2008-04-27 10:01:27 0 d-------- D:\Documents and Settings\l\Application Data\Macromedia
2008-04-27 10:01:27 0 d-------- D:\Documents and Settings\l\Application Data\Identities
2008-04-27 08:46:12 0 d-------- D:\Documents and Settings\All Users\Application Data\poryretq
2008-04-26 21:21:38 0 d-------- C:\Program Files\AliveMedia
2008-04-19 00:16:24 0 d-------- D:\Presets
2008-04-18 23:15:29 36868 --a------ C:\Program Files\uninst-Particular.exe
2008-04-18 23:15:17 0 d-------- C:\Program Files\Trapcode
2008-04-14 22:24:19 0 d-------- C:\Program Files\SmartFTP Client 3.0 Setup Files
2008-04-09 19:29:13 0 d--h----- D:\Documents and Settings\Administrator\Templates
2008-04-09 19:29:13 0 dr------- D:\Documents and Settings\Administrator\Start Menu
2008-04-09 19:29:13 0 dr-h----- D:\Documents and Settings\Administrator\SendTo
2008-04-09 19:29:13 0 dr-h----- D:\Documents and Settings\Administrator\Recent
2008-04-09 19:29:13 0 d--h----- D:\Documents and Settings\Administrator\PrintHood
2008-04-09 19:29:13 2097152 --ah----- D:\Documents and Settings\Administrator\NTUSER.DAT
2008-04-09 19:29:13 0 d--h----- D:\Documents and Settings\Administrator\NetHood
2008-04-09 19:29:13 0 dr------- D:\Documents and Settings\Administrator\My Documents
2008-04-09 19:29:13 0 d--h----- D:\Documents and Settings\Administrator\Local Settings
2008-04-09 19:29:13 0 dr------- D:\Documents and Settings\Administrator\Favorites
2008-04-09 19:29:13 0 dr------- D:\Documents and Settings\Administrator\Desktop
2008-04-09 19:29:13 0 d--hs---- D:\Documents and Settings\Administrator\Cookies
2008-04-09 19:29:13 0 dr-h----- D:\Documents and Settings\Administrator\Application Data
2008-04-09 19:29:13 0 d-------- D:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2008-04-09 19:29:13 0 d-------- D:\Documents and Settings\Administrator\Application Data\Symantec
2008-04-09 19:29:13 0 d-------- D:\Documents and Settings\Administrator\Application Data\Real
2008-04-09 19:29:13 0 d---s---- D:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-09 19:29:13 0 d-------- D:\Documents and Settings\Administrator\Application Data\Macromedia
2008-04-09 19:29:13 0 d-------- D:\Documents and Settings\Administrator\Application Data\Identities
2008-04-09 01:07:42 0 d-------- C:\Program Files\Activision
2008-04-09 00:57:08 0 d-------- D:\dls
2008-04-09 00:50:05 0 d--hs---- C:\WINDOWS\ftpcache
2008-04-08 23:20:47 0 d-------- C:\Program Files\PowerISO
2008-03-30 09:07:44 7450112 --a------ C:\WINDOWS\system32\FEC5 Render Engine 8BPC.dll
2008-03-30 09:07:44 6321152 --a------ C:\WINDOWS\system32\FEC5 Render Engine 16BPC.dll
2008-03-30 09:07:43 237568 -ra------ C:\WINDOWS\system32\qtmlClient.dll
2008-03-30 09:07:21 0 d-------- C:\Program Files\Final Effects Complete 5.0
2008-03-30 09:07:14 0 d-------- C:\Program Files\Boris FX, Inc
2008-03-30 03:33:26 0 d-------- C:\Program Files\EA GAMES
2008-03-29 13:58:54 90112 --a------ C:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE>
-- Find3M Report ---------------------------------------------------------------
2008-04-27 10:59:42 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-27 10:57:05 4514 --a----c- C:\WINDOWS\mozver.dat
2008-04-27 10:54:23 0 d-------- C:\Program Files\Common Files
2008-04-27 10:19:23 0 d-------- C:\Program Files\Steam12
2008-04-10 20:28:29 0 d-------- C:\Program Files\DivX
2008-04-10 01:27:07 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-29 12:13:50 0 d-------- C:\Program Files\Windows Media Connect 2
2008-03-23 22:41:13 0 d-------- C:\Program Files\VisualJockey Gold SP1
2008-03-07 21:45:45 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-02-04 23:46:15 131072 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
27/04/2008 11:57 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [27/04/2008 11:57 262144]
[-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [04/08/2004 15:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 15:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 15:00]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [07/01/2005 18:07 C:\WINDOWS\system32\HdAShCut.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [08/06/2005 17:55]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" [04/03/2005 04:36]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [11/05/2005 14:48]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [01/11/2005 12:15]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [04/12/2007 14:00]
"razer"="D:\razerhid.exe" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [10/07/2007 09:18]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/02/2008 00:13]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/12/2007 02:41]
"nwiz"="nwiz.exe" [05/12/2007 02:41 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [05/12/2007 02:41]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [15/03/2008 00:50]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [02/04/2008 21:07]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 15:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 17:24]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [27/02/2007 11:39]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
"disableregistrytools"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 27/02/2007 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
"C:\Program Files\BearShare\BearShare.exe" /pause
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
"C:\Program Files\Octoshape Streaming Services\joe\OctoshapeClient.exe" -inv:bootrun
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
-- End of Deckard's System Scanner: finished at 2008-04-27 15:33:50 ------------
Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
ComboFix 08-04-26.3 - l 2008-04-27 15:37:47.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.591 [GMT 1:00]
Running from: D:\Documents and Settings\l\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\ORUN32.EXE
C:\WINDOWS\system32\CMMGR32.EXE
.
((((((((((((((((((((((((( Files Created from 2008-03-27 to 2008-04-27 )))))))))))))))))))))))))))))))
.
2008-04-27 13:22 . 2008-04-27 13:22 <DIR> d-------- D:\Documents and Settings\l\Application Data\Media Player Classic
2008-04-27 13:22 . 2008-04-27 13:22 <DIR> d-------- D:\Documents and Settings\l\Application Data\DivX
2008-04-27 12:19 . 2008-04-27 15:40 278,560 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-27 12:19 . 2008-04-27 13:12 3,440 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-27 11:57 . 2008-04-27 11:57 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2008-04-27 11:56 . 2008-04-27 11:56 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\MailFrontier
2008-04-27 11:55 . 2008-04-02 21:07 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-04-27 11:55 . 2004-04-27 05:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-04-27 11:55 . 2008-04-27 11:57 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-04-27 11:54 . 2008-04-27 11:54 <DIR> d-------- C:\Program Files\Zone Labs
2008-04-27 11:53 . 2008-04-27 15:28 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-04-27 11:43 . 2008-04-27 11:43 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-04-27 11:22 . 2008-04-27 11:22 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-27 11:00 . 2008-04-27 11:00 <DIR> d-------- D:\Documents and Settings\l\Application Data\SUPERAntiSpyware.com
2008-04-27 11:00 . 2008-04-27 11:00 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-27 11:00 . 2008-04-27 11:58 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-27 10:57 . 2008-04-27 10:57 <DIR> d-------- C:\Program Files\Panda Security
2008-04-27 10:54 . 2008-04-27 10:54 <DIR> d-------- D:\Documents and Settings\l\Application Data\Malwarebytes
2008-04-27 10:54 . 2008-04-27 10:54 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-27 10:54 . 2008-04-27 10:54 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-27 10:54 . 2008-04-27 10:54 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-04-27 10:01 . 2005-11-01 12:09 <DIR> d-------- D:\Documents and Settings\l\Application Data\You've Got Pictures Screensaver
2008-04-27 10:01 . 2005-11-01 12:11 <DIR> d-------- D:\Documents and Settings\l\Application Data\Symantec
2008-04-27 10:01 . 2008-04-27 10:01 <DIR> d-------- D:\Documents and Settings\l
2008-04-27 10:01 . 2008-04-27 15:40 1,024 --ah----- D:\Documents and Settings\l\ntuser.dat.LOG
2008-04-27 08:46 . 2008-04-27 11:15 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\poryretq
2008-04-26 21:21 . 2008-04-26 21:21 <DIR> d-------- C:\Program Files\AliveMedia
2008-04-18 23:15 . 2008-04-18 23:15 <DIR> d-------- C:\Program Files\Trapcode
2008-04-18 23:15 . 2008-04-18 23:15 <DIR> d-------- C:\Presets
2008-04-18 23:15 . 2008-04-19 00:33 36,868 --a------ C:\Program Files\uninst-Particular.exe
2008-04-14 22:24 . 2008-04-14 22:25 <DIR> d-------- C:\Program Files\SmartFTP Client 3.0 Setup Files
2008-04-09 20:29 . 2008-04-09 18:54 10,431,488 --a------ C:\xac(2).msi
2008-04-09 19:29 . 2005-11-01 12:09 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2008-04-09 19:29 . 2005-11-01 12:11 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\Symantec
2008-04-09 19:29 . 2008-04-09 19:29 <DIR> d-------- D:\Documents and Settings\Administrator
2008-04-09 19:29 . 2008-04-27 15:37 1,024 --ah----- D:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-04-09 01:18 . 2008-04-09 01:18 319 --a------ C:\WINDOWS\game.ini
2008-04-09 01:07 . 2008-04-09 01:07 <DIR> d-------- C:\Program Files\Activision
2008-04-09 00:50 . 2008-04-09 00:50 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-04-08 23:20 . 2008-04-08 23:20 <DIR> d-------- C:\Program Files\PowerISO
2008-04-03 00:26 . 2008-04-03 00:26 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-03-30 09:12 . 2008-02-01 01:27 7,450,112 --a------ C:\WINDOWS\system32\FEC5 Render Engine 8BPC.dll.BAK
2008-03-30 09:12 . 2008-02-01 02:14 6,321,152 --a------ C:\WINDOWS\system32\FEC5 Render Engine 16BPC.dll.BAK
2008-03-30 09:12 . 2008-02-05 22:46 189,440 --a------ C:\WINDOWS\system32\Final.effects.complete.5.0_Crk.exe
2008-03-30 09:07 . 2008-03-30 09:07 <DIR> d-------- C:\Program Files\Final Effects Complete 5.0
2008-03-30 09:07 . 2008-03-30 09:07 <DIR> d-------- C:\Program Files\Boris FX, Inc
2008-03-30 09:07 . 2008-03-30 09:13 7,450,112 --a------ C:\WINDOWS\system32\FEC5 Render Engine 8BPC.dll
2008-03-30 09:07 . 2008-03-30 09:13 6,321,152 --a------ C:\WINDOWS\system32\FEC5 Render Engine 16BPC.dll
2008-03-30 09:07 . 2003-06-26 09:04 237,568 -ra------ C:\WINDOWS\system32\qtmlClient.dll
2008-03-30 03:37 . 2008-04-27 03:07 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-03-30 03:37 . 2008-04-27 03:07 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-03-30 03:33 . 2008-03-30 03:33 <DIR> d-------- C:\Program Files\EA GAMES
2008-03-29 13:58 . 2003-03-16 00:15 90,112 --a------ C:\WINDOWS\unvise32.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-27 12:15 --------- d---a-w D:\Documents and Settings\All Users\Application Data\TEMP
2008-04-27 09:59 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-27 09:19 --------- d-----w C:\Program Files\Steam12
2008-04-22 19:19 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-22 19:19 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-04-10 19:28 --------- d-----w C:\Program Files\DivX
2008-04-10 00:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-09 00:20 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-04-02 20:07 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2008-03-29 11:13 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-03-23 21:41 --------- d-----w C:\Program Files\VisualJockey Gold SP1
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-14 06:04 46,652 ----a-w C:\WINDOWS\system32\drivers\scdemu.sys
2008-03-01 17:36 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-02-04 22:46 131,072 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-04-27 11:57 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [2008-04-27 11:57 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-04-27 11:57 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 15:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 15:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 15:00 455168]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 18:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-08 17:55 57344]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 04:36 36975]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 14:48 127118]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-11-01 12:15 180269]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"razer"="D:\razerhid.exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 09:18 270648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-03-15 00:50 233472]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-04-02 21:07 919016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15:00 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\mpegacm.acm
"VIDC.LAGS"= lagarith.dll
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
"msacm.divxa32"= divxa32.acm
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
C:\Program Files\BearShare\BearShare.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-07-10 09:18 270648 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
C:\Program Files\Octoshape Streaming Services\joe\OctoshapeClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\sandra.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\RpcSandraSrv.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\Win32\\RpcDataSrv.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"D:\\movies\\mIRC\\mirc.exe"=
"C:\\Program Files\\Steam12\\steamapps\\shankland1\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Steam12\\steamapps\\dfg\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Steam12\\steamapps\\shankland\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Steam12\\steamapps\\shankland\\day of defeat source\\hl2.exe"=
"C:\\Program Files\\Steam12\\steamapps\\mario_110\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2 Demo\\BF2.exe"=
"C:\\Program Files\\Steam12\\steamapps\\dfg\\source sdk base\\hl2.exe"=
"C:\\Program Files\\Steam12\\steamapps\\mario_110\\source sdk base\\hl2.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R2 Belkin 54g Wireless USB Network Adapter Service;Belkin 54g Wireless USB Network Adapter;C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe [2004-03-29 17:08]
R3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2004-07-16 12:14]
S2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys []
S3 5702b4bh;5702b4bh;D:\DOCUME~1\caroline\LOCALS~1\Temp\9E4Ln3e []
S3 Razerlow;Razer Copperhead Driver;C:\WINDOWS\system32\Drivers\Razerlow.sys [2005-08-12 10:11]
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-04-26 22:53:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-27 14:30:00 C:\WINDOWS\Tasks\Setup my PC.job"
- C:\Apps\SMP\PCSETUP.EXE
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-04-27 15:40:33
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\5702b4bh]
"ImagePath"="\??\D:\DOCUME~1\caroline\LOCALS~1\Temp\9E4Ln3e"
.
Completion time: 2008-04-27 15:42:07
ComboFix-quarantined-files.txt 2008-04-27 14:41:46
Pre-Run: 2,268,905,472 bytes free
Post-Run: 2,232,373,248 bytes free
222 --- E O F --- 2008-04-12 03:44:36
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:43:58, on 27/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://go.microsoft....k/?LinkId=74005O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [razer] D:\razerhid.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 9466 bytes