Quadzer
Members-
Posts
6 -
Joined
-
Last visited
Reputation
0 Neutral-
Can't run or install Malwarebytes get run time error
Quadzer replied to Quadzer's topic in Resolved Malware Removal Logs
That missing file entry was my fault. I'v got a file onhand that someone gave me a while back that I keep around. It does contain a virus. Not really sure why I hang on to it. I removed the entry in the Log file befor I posted it. Sorry about that. Once again thanks for the GREAT SERVICE. -
Can't run or install Malwarebytes get run time error
Quadzer replied to Quadzer's topic in Resolved Malware Removal Logs
Well so far so good, Looks like that might have it fixed. I install Malwarebytes and did a scan. And even my desktop search works again. Once again Thanks for taking the time to work through this problem. Malwarebytes Malwarebytes' Anti-Malware 1.33 Database version: 1736 Windows 5.1.2600 Service Pack 3 2/7/2009 8:04:33 AM mbam-log-2009-02-07 (08-04-26).txt Scan type: Full Scan (C:\|D:\|E:\|) Objects scanned: 182601 Time elapsed: 38 minute(s), 19 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ComboFix ComboFix 09-02-06.02 - Dave 2009-02-07 7:15:28.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1618 [GMT -5:00] Running from: c:\documents and settings\Dave\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Dave\Desktop\cfscript.txt AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) * Created a new restore point FILE :: d:\programs\Glider\lrpdyhqpam.sys . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_LRPDYHQPAM -------\Service_lrpdyhqpam ((((((((((((((((((((((((( Files Created from 2009-01-07 to 2009-02-07 ))))))))))))))))))))))))))))))) . 2009-02-03 19:12 . 2009-02-03 19:12 <DIR> d-------- c:\documents and settings\LocalService\Application Data\Acronis 2009-02-03 19:07 . 2009-02-03 19:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Acronis 2009-02-03 19:07 . 2009-02-03 19:07 441,760 --a------ c:\windows\system32\drivers\timntr.sys 2009-02-03 19:07 . 2009-02-03 19:07 368,480 --a------ c:\windows\system32\drivers\tdrpman.sys 2009-02-03 19:07 . 2009-02-03 19:07 132,224 --a------ c:\windows\system32\drivers\snapman.sys 2009-02-03 19:07 . 2009-02-03 19:07 44,384 --a------ c:\windows\system32\drivers\tifsfilt.sys 2009-02-03 18:16 . 2009-02-03 18:16 <DIR> d-------- c:\program files\Trend Micro 2009-02-03 18:14 . 2009-02-03 18:14 <DIR> d-------- c:\documents and settings\Dave\Application Data\Thinstall 2009-02-03 16:44 . 2009-02-03 16:44 <DIR> d-------- c:\program files\Spybot - Search & Destroy 2009-02-03 16:44 . 2009-02-03 16:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-01-25 13:43 . 2009-02-02 19:47 <DIR> d--h----- C:\_gsdata_ 2009-01-25 11:51 . 2009-01-25 11:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\GoodSync 2009-01-25 11:48 . 2009-01-25 11:48 <DIR> d-------- c:\program files\Siber Systems 2009-01-25 11:48 . 2009-02-02 19:43 <DIR> d-------- c:\documents and settings\Dave\Application Data\GoodSync 2009-01-25 10:53 . 2009-01-25 11:01 <DIR> d-------- c:\program files\Cobian Backup 9 2009-01-25 10:42 . 2009-01-25 10:42 <DIR> d-------- c:\program files\Comodo 2009-01-25 10:42 . 2009-01-25 10:42 <DIR> d-------- c:\documents and settings\Dave\Application Data\Comodo 2009-01-25 10:36 . 2009-01-25 10:39 <DIR> d-------- c:\documents and settings\Dave\Application Data\FileBoss 2009-01-24 22:34 . 2006-12-21 15:18 497,496 --a------ c:\windows\system32\XceedZip.dll 2009-01-23 22:43 . 2009-01-23 22:45 <DIR> d-------- c:\program files\MSECACHE 2009-01-23 21:10 . 2009-01-24 08:28 <DIR> d-------- c:\documents and settings\Dave\Application Data\Softland 2009-01-23 21:10 . 2009-01-23 21:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Softland 2009-01-19 18:28 . 2009-01-19 18:32 <DIR> d-------- c:\documents and settings\Dave\Application Data\U3 2009-01-17 18:25 . 2009-01-17 18:25 <DIR> d-------- c:\program files\Microsoft Silverlight 2009-01-15 10:45 . 2009-01-15 10:45 <DIR> d-------- c:\documents and settings\Dave\Sun . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-07 12:12 --------- d-----w c:\documents and settings\Dave\Application Data\uTorrent 2009-02-07 12:11 --------- d-----w c:\documents and settings\Dave\Application Data\Free Download Manager 2009-02-07 12:08 --------- d-----w c:\program files\Mozilla Firefox 3 Beta 5 2009-02-07 03:01 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft 2009-02-06 22:37 3,888 ----a-w c:\windows\system32\drivers\NTHANDLE.SYS 2009-02-03 15:11 --------- d-----w c:\documents and settings\Dave\Application Data\AdobeUM 2009-01-29 01:30 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-25 02:00 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-01-07 00:20 --------- d-----w c:\program files\Avira 2009-01-07 00:20 --------- d-----w c:\documents and settings\All Users\Application Data\Avira 2009-01-07 00:12 --------- d-----w c:\documents and settings\All Users\Application Data\Avg8 2009-01-06 02:00 --------- d-----w c:\program files\ZD Soft 2009-01-05 02:31 --------- d-----w c:\documents and settings\Dave\Application Data\PDM 2008-12-31 05:33 --------- d-----w c:\program files\PowerDataRecovery 2008-12-29 22:30 --------- d-----w c:\program files\Common Files\AVSMedia 2008-12-29 22:30 --------- d-----w c:\program files\AVS4YOU 2008-12-24 03:15 --------- d-----w c:\documents and settings\All Users\Application Data\AVSVideoBurner 2008-12-24 01:10 --------- d-----w c:\documents and settings\Dave\Application Data\AVS4YOU 2008-12-14 13:24 --------- d-----w c:\documents and settings\Dave\Application Data\yoclient 2008-12-13 03:10 --------- d-----w c:\program files\Common Files\Research In Motion 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-10-01 22:02 256 ----a-w c:\documents and settings\Dave\pool.bin 2008-01-04 03:44 22,328 ----a-w c:\documents and settings\Dave\Application Data\PnkBstrK.sys 2007-06-16 12:33 47,360 ------w c:\documents and settings\Dave\Application Data\pcouffin.sys 2008-03-27 12:15 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2008-03-27 12:15 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll 2008-03-27 12:15 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll 2008-03-27 12:15 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll 2008-03-27 12:15 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll 2007-10-07 01:33 88 --sh--r c:\windows\system32\F1B2D9D325.sys 2007-02-21 10:47 31,232 --sha-r c:\windows\system32\msfDX.dll 2008-03-16 12:30 216,064 --sha-r c:\windows\system32\nbDX.dll 2008-08-22 21:46 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082220080823\index.dat . ((((((((((((((((((((((((((((( snapshot@2009-02-03_17.54.36.71 ))))))))))))))))))))))))))))))))))))))))) . + 2005-10-21 01:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE - 2008-08-22 21:46:27 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat + 2009-02-06 23:57:36 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat - 2008-08-22 21:46:27 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2009-02-06 23:57:36 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2008-08-22 21:46:27 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2009-02-06 23:57:36 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2009-01-06 01:59:07 267,008 ----a-w c:\windows\system32\FNTCACHE.DAT + 2009-02-06 22:09:40 267,008 ----a-w c:\windows\system32\FNTCACHE.DAT + 2009-02-07 12:18:04 16,384 ----atw c:\windows\temp\Perflib_Perfdata_1dc.dat + 2009-02-07 12:18:03 16,384 ----atw c:\windows\temp\Perflib_Perfdata_284.dat + 2009-02-07 12:18:39 16,384 ----atw c:\windows\temp\Perflib_Perfdata_300.dat + 2008-07-29 13:05:06 161,784 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll + 2008-07-29 08:54:08 225,280 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll + 2008-07-29 13:05:08 572,928 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll + 2008-07-29 13:05:08 655,872 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll + 2008-07-29 08:54:12 312,832 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcm90d.dll + 2008-07-29 13:05:08 875,520 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcp90d.dll + 2008-07-29 13:05:08 1,180,672 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcr90d.dll + 2008-07-29 13:05:12 5,937,144 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfc90d.dll + 2008-07-29 13:05:12 5,982,720 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfc90ud.dll + 2008-07-29 11:07:42 80,896 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfcm90d.dll + 2008-07-29 11:07:42 80,896 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfcm90ud.dll + 2008-07-29 13:05:08 3,768,312 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll + 2008-07-29 13:05:10 3,783,672 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll + 2008-07-29 11:07:42 59,904 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll + 2008-07-29 11:07:42 59,904 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll + 2008-07-29 13:05:06 38,912 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll + 2008-07-29 13:05:06 39,936 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll + 2008-07-29 13:05:08 66,560 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll + 2008-07-29 13:05:08 56,832 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll + 2008-07-29 13:05:06 65,024 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll + 2008-07-29 13:05:08 65,024 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll + 2008-07-29 13:05:06 66,048 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll + 2008-07-29 13:05:08 64,512 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll + 2008-07-29 13:05:08 46,592 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll + 2008-07-29 13:05:08 46,080 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll + 2008-07-29 13:05:08 62,976 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-13 8425472] "WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2007-04-19 271936] "EPSON Stylus Photo R300 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE" [2003-06-04 99840] "InkSaver"="c:\program files\InkSaver\InkSaver.exe" [2003-10-20 458752] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-13 81920] "DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-11-22 221184] "Profiler"="c:\program files\Saitek\Software\Profiler.exe" [2004-08-19 159744] "SaiSmart"="c:\program files\Saitek\Software\SaiSmart.exe" [2004-08-19 98304] "SaiMfd"="c:\program files\Saitek\Software\SaiMfd.exe" [2004-08-19 135168] "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "PowerStrip"="c:\program files\powerstrip\pstrip.exe" [2008-09-17 737408] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "nwiz"="nwiz.exe" [2007-04-13 c:\windows\system32\nwiz.exe] "SkyTel"="SkyTel.EXE" [2006-05-17 c:\windows\SkyTel.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-11-15 c:\windows\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-13 c:\windows\system32\narrator.exe] c:\documents and settings\Dave\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microtek Scanner Finder.lnk - c:\program files\Microtek\ScanWizard 5\ScannerFinder.exe [2007-06-07 339968] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.MJPG"= Pvmjpg21.dll "VIDC.PIM1"= pclepim1.dll "VIDC.I420"= i420vfw.dll "VIDC.ZDSV"= scrvid.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "d:\\Programs\\UTorrent\\utorrent.exe"= "c:\\Windows\\system32\\sessmgr.exe"= "c:\\Program Files\\ScanSoft\\OmniForm Premium 5.0\\EReg\\NAVBrowser.exe"= "c:\\Program Files\\Mozilla Firefox 3 Beta 5\\firefox.exe"= "c:\\Program Files\\Roxio\\Media Manager 9\\MediaManager9.exe"= "c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "d:\\Games\\World of Warcraft\\BackgroundDownloader.exe"= "d:\\Programs\\UltraVnc\\vncviewer.exe"= "d:\\Programs\\UltraVnc\\winvnc.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "25687:TCP"= 25687:TCP:Utorrent "26587:UDP"= 26587:UDP:Utorrent "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\drivers\Si3531.sys [2007-08-02 210224] R2 PStrip;PStrip;c:\windows\system32\drivers\pstrip.sys [2007-07-14 27992] R3 SaiH8000;SaiH8000;c:\windows\system32\drivers\SaiH8000.sys [2008-06-23 56576] R3 scrcap;scrcap;c:\windows\system32\drivers\scrcap.sys [2006-12-27 9006] S3 DVC150B;Dazzle DVC 150B;c:\windows\system32\drivers\dvc150b.sys [2008-08-04 30976] S3 NCBULK;NetChip USB client driver;c:\windows\system32\drivers\NcBulk.SYS [2007-08-25 53189] S3 RioDrv;Rio600 driver;c:\windows\system32\drivers\riodrv.sys [2001-08-17 12032] . . ------- Supplementary Scan ------- . IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Open with &ZipScan - c:\progra~1\ZIPSCA~1\zs_ie.htm LSP: %SYSTEMROOT%\system32\nvLsp.dll DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab FF - ProfilePath - c:\documents and settings\Dave\Application Data\Mozilla\Firefox\Profiles\6zumk00h.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll FF - plugin: c:\documents and settings\Dave\Local Settings\Application Data\Google\Update\1.2.131.11\npGoogleOneClick5.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-07 07:18:39 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(1120) c:\windows\system32\nvLsp.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe c:\windows\system32\rundll32.exe c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe c:\program files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe c:\program files\NVIDIA Corporation\nTune\nTuneService.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\PnkBstrA.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe c:\program files\Windows Live\Messenger\usnsvc.exe . ************************************************************************** . Completion time: 2009-02-07 7:20:24 - machine was rebooted ComboFix-quarantined-files.txt 2009-02-07 12:20:13 ComboFix2.txt 2009-02-06 00:37:30 ComboFix3.txt 2009-02-04 20:44:45 ComboFix4.txt 2009-02-03 22:55:30 Pre-Run: 15,675,080,704 bytes free Post-Run: 15,666,438,144 bytes free 242 --- E O F --- 2009-01-15 08:01:48 -
Can't run or install Malwarebytes get run time error
Quadzer replied to Quadzer's topic in Resolved Malware Removal Logs
Ok done all that, still can't run Malwarebytes. But I"m sure it will work one day. Thanks for all the help, you all sure know a lot about this stuff. Smitfraudfix SmitFraudFix v2.392 Scan done at 17:01:32.73, Fri 02/06/2009 Run from C:\Documents and Settings\Dave\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode -
Can't run or install Malwarebytes get run time error
Quadzer replied to Quadzer's topic in Resolved Malware Removal Logs
"What is in this folder and what is it for? d:\programs\Glider\ it is loading a file at boot time named: lrpdyhqpam.sys " I have no ideal what this file is. Glider was a bot program for World of warcraft, this has been long deleted. I done a drive search and did not find any such file or directory BTW I had to download a different file search cause I'v found out that my windows search does not work now. I click search and get nothing. I done what you said, to the letter and still can't install ( get run time errors ) or run Malwarebytes (get run time errors). I uninstalled the old Malwarebytes ( got run time errors while uninstalling, but it seams to uninstall ok ) Downloaded a new fresh copy of Malwarebytes and still can't install it, without getting "run time errors" Can't post MBAM cause I can't get it to run still. Hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:03:20 PM, on 2/5/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Windows\Explorer.EXE C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE C:\Windows\system32\RUNDLL32.EXE C:\Windows\RTHDCPL.EXE C:\Program Files\Saitek\Software\SaiSmart.exe C:\Program Files\Saitek\Software\SaiMfd.exe C:\program files\powerstrip\pstrip.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe C:\Windows\system32\nvsvc32.exe C:\Windows\system32\PnkBstrA.exe C:\Windows\system32\svchost.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300" O4 - HKLM\..\Run: [inkSaver] C:\Program Files\InkSaver\InkSaver.exe hide O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe O4 - HKLM\..\Run: [saiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe O4 - HKLM\..\Run: [saiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open with &ZipScan - C:\PROGRA~1\ZIPSCA~1\zs_ie.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O15 - Trusted Zone: http://asia.msi.com.tw O15 - Trusted Zone: http://global.msi.com.tw O15 - Trusted Zone: http://www.msi.com.tw O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file:///E:/HDTV%20Calibration%20Wizard/components/hidinputmonitorx.ocx O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file:///E:/HDTV%20Calibration%20Wizard/components/A9.ocx O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - file:///E:/HDTV%20Calibration%20Wizard/components/wmvhdrating.ocx O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O24 - Desktop Component 0: (no name) - (no file) -- End of file - 9051 bytes -
Can't run or install Malwarebytes get run time error
Quadzer replied to Quadzer's topic in Resolved Malware Removal Logs
Ok thanks so much for the help. Here is my two log files ComboFix ComboFix 09-02-04.01 - Dave 2009-02-04 15:42:17.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1626 [GMT -5:00] Running from: c:\documents and settings\Dave\Desktop\ComboFix.exe AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2009-01-04 to 2009-02-04 ))))))))))))))))))))))))))))))) . 2009-02-03 19:12 . 2009-02-03 19:12 <DIR> d-------- c:\documents and settings\LocalService\Application Data\Acronis 2009-02-03 19:07 . 2009-02-03 19:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Acronis 2009-02-03 19:07 . 2009-02-03 19:07 441,760 --a------ c:\windows\system32\drivers\timntr.sys 2009-02-03 19:07 . 2009-02-03 19:07 368,480 --a------ c:\windows\system32\drivers\tdrpman.sys 2009-02-03 19:07 . 2009-02-03 19:07 132,224 --a------ c:\windows\system32\drivers\snapman.sys 2009-02-03 19:07 . 2009-02-03 19:07 44,384 --a------ c:\windows\system32\drivers\tifsfilt.sys 2009-02-03 18:57 . 2009-02-03 19:05 <DIR> d-------- c:\program files\Runtime Software 2009-02-03 18:16 . 2009-02-03 18:16 <DIR> d-------- c:\program files\Trend Micro 2009-02-03 18:14 . 2009-02-03 18:14 <DIR> d-------- c:\documents and settings\Dave\Application Data\Thinstall 2009-02-03 18:00 . 2009-02-03 18:00 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-02-03 18:00 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-03 18:00 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-03 16:44 . 2009-02-03 16:44 <DIR> d-------- c:\program files\Spybot - Search & Destroy 2009-02-03 16:44 . 2009-02-03 16:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-01-30 21:19 . 2009-01-30 21:35 <DIR> d-------- c:\program files\HD Tune Pro 2009-01-25 13:43 . 2009-02-02 19:47 <DIR> d--h----- C:\_gsdata_ 2009-01-25 11:51 . 2009-01-25 11:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\GoodSync 2009-01-25 11:48 . 2009-01-25 11:48 <DIR> d-------- c:\program files\Siber Systems 2009-01-25 11:48 . 2009-02-02 19:43 <DIR> d-------- c:\documents and settings\Dave\Application Data\GoodSync 2009-01-25 10:53 . 2009-01-25 11:01 <DIR> d-------- c:\program files\Cobian Backup 9 2009-01-25 10:42 . 2009-01-25 10:42 <DIR> d-------- c:\program files\Comodo 2009-01-25 10:42 . 2009-01-25 10:42 <DIR> d-------- c:\documents and settings\Dave\Application Data\Comodo 2009-01-25 10:36 . 2009-01-25 10:39 <DIR> d-------- c:\documents and settings\Dave\Application Data\FileBoss 2009-01-24 22:34 . 2006-12-21 15:18 497,496 --a------ c:\windows\system32\XceedZip.dll 2009-01-24 14:25 . 2009-01-24 14:29 <DIR> d-------- c:\program files\VS Revo Group 2009-01-24 08:28 . 2009-01-24 08:28 <DIR> d-------- c:\program files\Softland 2009-01-23 22:43 . 2009-01-23 22:45 <DIR> d-------- c:\program files\MSECACHE 2009-01-23 21:10 . 2009-01-24 08:28 <DIR> d-------- c:\documents and settings\Dave\Application Data\Softland 2009-01-23 21:10 . 2009-01-23 21:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Softland 2009-01-19 18:28 . 2009-01-19 18:32 <DIR> d-------- c:\documents and settings\Dave\Application Data\U3 2009-01-17 18:25 . 2009-01-17 18:25 <DIR> d-------- c:\program files\Microsoft Silverlight 2009-01-15 10:45 . 2009-01-15 10:45 <DIR> d-------- c:\documents and settings\Dave\Sun 2009-01-06 19:20 . 2009-01-06 19:20 <DIR> d-------- c:\program files\Avira 2009-01-06 19:20 . 2009-01-06 19:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira 2009-01-06 19:12 . 2009-01-06 19:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8 2009-01-06 16:57 . 2009-01-14 16:04 32,298 --a------ c:\windows\diagerr.xml 2009-01-06 16:57 . 2009-01-14 16:04 1,905 --a------ c:\windows\diagwrn.xml 2009-01-05 20:01 . 2009-01-05 21:00 <DIR> d-------- c:\program files\ZD Soft 2009-01-04 21:31 . 2009-01-04 21:31 <DIR> d-------- c:\documents and settings\Dave\Application Data\PDM . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-04 20:33 --------- d-----w c:\program files\Mozilla Firefox 3 Beta 5 2009-02-04 00:08 --------- d-----w c:\documents and settings\Dave\Application Data\uTorrent 2009-02-04 00:08 --------- d-----w c:\documents and settings\Dave\Application Data\Free Download Manager 2009-02-03 15:11 --------- d-----w c:\documents and settings\Dave\Application Data\AdobeUM 2009-01-29 01:30 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-25 02:00 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-01-24 19:42 --------- d-----w c:\program files\PSP Pandora Deluxe 2008-12-31 17:32 3,888 ----a-w c:\windows\system32\drivers\NTHANDLE.SYS 2008-12-31 05:33 --------- d-----w c:\program files\PowerDataRecovery 2008-12-31 02:08 --------- d-----w c:\program files\Paraben Corporation 2008-12-29 22:30 --------- d-----w c:\program files\Common Files\AVSMedia 2008-12-29 22:30 --------- d-----w c:\program files\AVS4YOU 2008-12-24 03:15 --------- d-----w c:\documents and settings\All Users\Application Data\AVSVideoBurner 2008-12-24 01:10 --------- d-----w c:\documents and settings\Dave\Application Data\AVS4YOU 2008-12-14 13:24 --------- d-----w c:\documents and settings\Dave\Application Data\yoclient 2008-12-13 03:10 --------- d-----w c:\program files\Common Files\Research In Motion 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-10-01 22:02 256 ----a-w c:\documents and settings\Dave\pool.bin 2008-09-01 01:38 12,288 ----a-w c:\program files\PSP Pandora Deluxe;msipl.bin 2008-01-04 03:44 22,328 ----a-w c:\documents and settings\Dave\Application Data\PnkBstrK.sys 2007-06-16 12:33 47,360 ------w c:\documents and settings\Dave\Application Data\pcouffin.sys 2008-03-27 12:15 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2008-03-27 12:15 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll 2008-03-27 12:15 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll 2008-03-27 12:15 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll 2008-03-27 12:15 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll 2007-10-07 01:33 88 --sh--r c:\windows\system32\F1B2D9D325.sys 2006-05-03 09:06 163,328 --sha-r c:\windows\system32\flvDX.dll 2007-02-21 10:47 31,232 --sha-r c:\windows\system32\msfDX.dll 2008-03-16 12:30 216,064 --sha-r c:\windows\system32\nbDX.dll 2008-08-22 21:46 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082220080823\index.dat . ((((((((((((((((((((((((((((( snapshot@2009-02-03_17.54.36.71 ))))))))))))))))))))))))))))))))))))))))) . + 2009-02-04 20:38:54 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_4b4.dat + 2009-02-04 20:38:54 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_60c.dat + 2009-02-04 20:39:29 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_658.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-13 8425472] "WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2007-04-19 271936] "EPSON Stylus Photo R300 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE" [2003-06-04 99840] "InkSaver"="c:\program files\InkSaver\InkSaver.exe" [2003-10-20 458752] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-13 81920] "DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-11-22 221184] "Profiler"="c:\program files\Saitek\Software\Profiler.exe" [2004-08-19 159744] "SaiSmart"="c:\program files\Saitek\Software\SaiSmart.exe" [2004-08-19 98304] "SaiMfd"="c:\program files\Saitek\Software\SaiMfd.exe" [2004-08-19 135168] "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "PowerStrip"="c:\program files\powerstrip\pstrip.exe" [2008-09-17 737408] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "nwiz"="nwiz.exe" [2007-04-13 c:\windows\system32\nwiz.exe] "SkyTel"="SkyTel.EXE" [2006-05-17 c:\windows\SkyTel.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-11-15 c:\windows\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-13 c:\windows\system32\narrator.exe] c:\documents and settings\Dave\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microtek Scanner Finder.lnk - c:\program files\Microtek\ScanWizard 5\ScannerFinder.exe [2007-06-07 339968] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=adfyck.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.MJPG"= Pvmjpg21.dll "VIDC.PIM1"= pclepim1.dll "VIDC.I420"= i420vfw.dll "VIDC.ZDSV"= scrvid.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "d:\\Programs\\UTorrent\\utorrent.exe"= "c:\\Windows\\system32\\sessmgr.exe"= "c:\\Program Files\\ScanSoft\\OmniForm Premium 5.0\\EReg\\NAVBrowser.exe"= "c:\\Program Files\\Mozilla Firefox 3 Beta 5\\firefox.exe"= "c:\\Program Files\\Roxio\\Media Manager 9\\MediaManager9.exe"= "c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "d:\\Games\\World of Warcraft\\BackgroundDownloader.exe"= "d:\\Programs\\UltraVnc\\vncviewer.exe"= "d:\\Programs\\UltraVnc\\winvnc.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "25687:TCP"= 25687:TCP:Utorrent "26587:UDP"= 26587:UDP:Utorrent "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\drivers\Si3531.sys [2007-08-02 210224] R2 PStrip;PStrip;c:\windows\system32\drivers\pstrip.sys [2007-07-14 27992] R3 SaiH8000;SaiH8000;c:\windows\system32\drivers\SaiH8000.sys [2008-06-23 56576] R3 scrcap;scrcap;c:\windows\system32\drivers\scrcap.sys [2006-12-27 9006] S3 DVC150B;Dazzle DVC 150B;c:\windows\system32\drivers\dvc150b.sys [2008-08-04 30976] S3 lrpdyhqpam;lrpdyhqpam;\??\d:\programs\Glider\lrpdyhqpam.sys --> d:\programs\Glider\lrpdyhqpam.sys [?] S3 NCBULK;NetChip USB client driver;c:\windows\system32\drivers\NcBulk.SYS [2007-08-25 53189] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-01-25 42000] S3 RioDrv;Rio600 driver;c:\windows\system32\drivers\riodrv.sys [2001-08-17 12032] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] \Shell\AutoRun\command - H:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41cf7030-7f5e-11dd-bd50-0019db6da6c3}] \Shell\AutoRun\command - h:\.\Start.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5620ad34-f3a6-11dc-bcff-0019db6da6c3}] \Shell\AutoRun\command - H:\Autorun.exe /run \Shell\Shell00\Command - H:\Autorun.exe /run \Shell\Shell01\Command - H:\Autorun.exe /action \Shell\Shell02\Command - H:\Autorun.exe /uninstall [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{96091f8f-149c-11dc-a4d7-8e74698d9dfb}] \Shell\AutoRun\command - h:\.\Start.exe . . ------- Supplementary Scan ------- . IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Open with &ZipScan - c:\progra~1\ZIPSCA~1\zs_ie.htm LSP: %SYSTEMROOT%\system32\nvLsp.dll Trusted Zone: com.tw\asia.msi Trusted Zone: com.tw\global.msi Trusted Zone: com.tw\www.msi Trusted Zone: turbotax.com DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab FF - ProfilePath - c:\documents and settings\Dave\Application Data\Mozilla\Firefox\Profiles\6zumk00h.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll FF - plugin: c:\documents and settings\Dave\Local Settings\Application Data\Google\Update\1.2.131.11\npGoogleOneClick5.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-04 15:43:33 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-602162358-1425521274-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{22424396-6B09-EB64-AADE-45E6E5B45C9B}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "jacpcnghpjbifdkfnklc"=hex:6a,61,62,6b,6e,6c,6e,64,6e,63,67,66,69,68,6a,63,69, 61,68,6a,00,04 "iaeoacjjmbfleiakdf"=hex:6a,61,62,6b,6e,6c,6e,64,6e,63,67,66,69,68,6a,63,69,61, 68,6a,00,04 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\system32\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,f1,69,17,d5,2f, 6b,4d,64,c8,28,51,af,b0,29,a3,98,e7,d7,77,14,2a,6a,70,2e,e2,63,26,f1,3f,c8,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\system32\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,1c,4c,1b,49,c5, e3,4e,42,71,3b,04,66,8b,46,0d,96,16,1d,50,06,f9,25,75,00,6a,9c,d6,61,af,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\system32\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,01,61,45,31,d5, 70,bc,a6,25,da,ec,7e,55,20,c9,26,19,6e,be,ef,79,0c,b4,a5,ff,7c,85,e0,43,d4,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\system32\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,dc,3a,b2,c7,e2, 1b,c2,cc,3e,1e,9e,e0,57,5a,93,61,0b,30,ba,8d,92,be,a8,ac,86,8c,21,01,be,91,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\system32\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,dd,cb,45,14,6d, 87,a1,59,cd,44,cd,b9,a6,33,6c,cd,d7,2b,27,aa,a7,67,52,2c,f5,1d,4d,73,a8,13,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\system32\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,a9,40,1e,8c,f7, 92,f9,7f,b0,18,ed,a7,3f,8d,37,a4,6b,b9,28,9a,cd,1e,b9,3d,df,20,58,62,78,6b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\system32\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,b7,da,fe,23,66, cf,dc,82,31,77,e1,ba,b1,f8,68,02,d3,6a,99,dc,10,60,c8,10,fb,a7,78,e6,12,2f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\system32\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,d9,bb,82,ed,50, de,c3,37,83,6c,56,8b,a0,85,96,ab,3b,50,a3,db,21,89,8e,b9,01,3a,48,fc,e8,04,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\system32\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,47,30,cf,ba,ec, 25,8b,1d,51,fa,6e,91,28,9e,14,cc,47,c8,62,97,ce,90,e2,28,f6,0f,4e,58,98,5b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\system32\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,54,3a,b6,9f,8a, 66,53,ba,b1,cd,45,5a,a8,c4,f8,b9,2d,4d,83,0e,b6,13,03,60,3d,ce,ea,26,2d,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\system32\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,a0,77,67,6f,e3, d9,12,81,e3,0e,66,d5,eb,bc,2f,6b,3b,19,38,9e,a6,82,01,06,2a,b7,cc,b5,b9,7f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\system32\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:05,73,21,dd,54,d8,4a,c5,63,71,ef,7a,1d, 73,2d,ef,fa,ea,66,7f,d4,3b,6b,70,d5,c9,d6,01,96,5a,b5,a6,6c,43,2d,1e,aa,22,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(1132) c:\windows\system32\nvLsp.dll . Completion time: 2009-02-04 15:44:44 ComboFix-quarantined-files.txt 2009-02-04 20:44:20 ComboFix2.txt 2009-02-03 22:55:30 Pre-Run: 15,119,130,624 bytes free Post-Run: 15,133,630,464 bytes free 278 --- E O F --- 2009-01-15 08:01:48 HijackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:47:25 PM, on 2/4/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE C:\Program Files\InkSaver\InkSaver.exe C:\Windows\system32\RUNDLL32.EXE C:\Windows\RTHDCPL.EXE C:\Program Files\Saitek\Software\SaiSmart.exe C:\Program Files\Saitek\Software\SaiMfd.exe C:\program files\powerstrip\pstrip.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe C:\Windows\system32\nvsvc32.exe C:\Windows\system32\PnkBstrA.exe C:\Windows\system32\svchost.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Windows\system32\wscntfy.exe C:\Windows\explorer.exe C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300" O4 - HKLM\..\Run: [inkSaver] C:\Program Files\InkSaver\InkSaver.exe hide O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe O4 - HKLM\..\Run: [saiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe O4 - HKLM\..\Run: [saiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open with &ZipScan - C:\PROGRA~1\ZIPSCA~1\zs_ie.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O15 - Trusted Zone: http://asia.msi.com.tw O15 - Trusted Zone: http://global.msi.com.tw O15 - Trusted Zone: http://www.msi.com.tw O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file:///E:/HDTV%20Calibration%20Wizard/components/hidinputmonitorx.ocx O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file:///E:/HDTV%20Calibration%20Wizard/components/A9.ocx O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - file:///E:/HDTV%20Calibration%20Wizard/components/wmvhdrating.ocx O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O20 - AppInit_DLLs: adfyck.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Dave/LOCALS~1/Temp/msohtml1/03/clip_image002.jpg -- End of file - 9413 bytes -
Can't run Malwarebytes to post it's log but here is Hijackthis.log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:21:24 PM, on 2/3/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Windows\Explorer.EXE C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE C:\Program Files\InkSaver\InkSaver.exe C:\Windows\system32\RUNDLL32.EXE C:\Windows\RTHDCPL.EXE C:\Program Files\Saitek\Software\Profiler.exe C:\Program Files\Saitek\Software\SaiSmart.exe C:\Program Files\Saitek\Software\SaiMfd.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\program files\powerstrip\pstrip.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe C:\Windows\system32\nvsvc32.exe C:\Windows\system32\PnkBstrA.exe C:\Windows\system32\svchost.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300" O4 - HKLM\..\Run: [inkSaver] C:\Program Files\InkSaver\InkSaver.exe hide O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe O4 - HKLM\..\Run: [saiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe O4 - HKLM\..\Run: [saiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open with &ZipScan - C:\PROGRA~1\ZIPSCA~1\zs_ie.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O15 - Trusted Zone: http://asia.msi.com.tw O15 - Trusted Zone: http://global.msi.com.tw O15 - Trusted Zone: http://www.msi.com.tw O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file:///E:/HDTV%20Calibration%20Wizard/components/hidinputmonitorx.ocx O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file:///E:/HDTV%20Calibration%20Wizard/components/A9.ocx O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - file:///E:/HDTV%20Calibration%20Wizard/components/wmvhdrating.ocx O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O20 - AppInit_DLLs: adfyck.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Dave/LOCALS~1/Temp/msohtml1/03/clip_image002.jpg -- End of file - 9616 bytes