Jump to content

Quadzer

Members
  • Posts

    6
  • Joined

  • Last visited

Reputation

0 Neutral
  1. That missing file entry was my fault. I'v got a file onhand that someone gave me a while back that I keep around. It does contain a virus. Not really sure why I hang on to it. I removed the entry in the Log file befor I posted it. Sorry about that. Once again thanks for the GREAT SERVICE.
  2. Well so far so good, Looks like that might have it fixed. I install Malwarebytes and did a scan. And even my desktop search works again. Once again Thanks for taking the time to work through this problem. Malwarebytes Malwarebytes' Anti-Malware 1.33 Database version: 1736 Windows 5.1.2600 Service Pack 3 2/7/2009 8:04:33 AM mbam-log-2009-02-07 (08-04-26).txt Scan type: Full Scan (C:\|D:\|E:\|) Objects scanned: 182601 Time elapsed: 38 minute(s), 19 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ComboFix ComboFix 09-02-06.02 - Dave 2009-02-07 7:15:28.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1618 [GMT -5:00] Running from: c:\documents and settings\Dave\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Dave\Desktop\cfscript.txt AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) * Created a new restore point FILE :: d:\programs\Glider\lrpdyhqpam.sys . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_LRPDYHQPAM -------\Service_lrpdyhqpam ((((((((((((((((((((((((( Files Created from 2009-01-07 to 2009-02-07 ))))))))))))))))))))))))))))))) . 2009-02-03 19:12 . 2009-02-03 19:12 <DIR> d-------- c:\documents and settings\LocalService\Application Data\Acronis 2009-02-03 19:07 . 2009-02-03 19:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Acronis 2009-02-03 19:07 . 2009-02-03 19:07 441,760 --a------ c:\windows\system32\drivers\timntr.sys 2009-02-03 19:07 . 2009-02-03 19:07 368,480 --a------ c:\windows\system32\drivers\tdrpman.sys 2009-02-03 19:07 . 2009-02-03 19:07 132,224 --a------ c:\windows\system32\drivers\snapman.sys 2009-02-03 19:07 . 2009-02-03 19:07 44,384 --a------ c:\windows\system32\drivers\tifsfilt.sys 2009-02-03 18:16 . 2009-02-03 18:16 <DIR> d-------- c:\program files\Trend Micro 2009-02-03 18:14 . 2009-02-03 18:14 <DIR> d-------- c:\documents and settings\Dave\Application Data\Thinstall 2009-02-03 16:44 . 2009-02-03 16:44 <DIR> d-------- c:\program files\Spybot - Search & Destroy 2009-02-03 16:44 . 2009-02-03 16:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-01-25 13:43 . 2009-02-02 19:47 <DIR> d--h----- C:\_gsdata_ 2009-01-25 11:51 . 2009-01-25 11:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\GoodSync 2009-01-25 11:48 . 2009-01-25 11:48 <DIR> d-------- c:\program files\Siber Systems 2009-01-25 11:48 . 2009-02-02 19:43 <DIR> d-------- c:\documents and settings\Dave\Application Data\GoodSync 2009-01-25 10:53 . 2009-01-25 11:01 <DIR> d-------- c:\program files\Cobian Backup 9 2009-01-25 10:42 . 2009-01-25 10:42 <DIR> d-------- c:\program files\Comodo 2009-01-25 10:42 . 2009-01-25 10:42 <DIR> d-------- c:\documents and settings\Dave\Application Data\Comodo 2009-01-25 10:36 . 2009-01-25 10:39 <DIR> d-------- c:\documents and settings\Dave\Application Data\FileBoss 2009-01-24 22:34 . 2006-12-21 15:18 497,496 --a------ c:\windows\system32\XceedZip.dll 2009-01-23 22:43 . 2009-01-23 22:45 <DIR> d-------- c:\program files\MSECACHE 2009-01-23 21:10 . 2009-01-24 08:28 <DIR> d-------- c:\documents and settings\Dave\Application Data\Softland 2009-01-23 21:10 . 2009-01-23 21:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Softland 2009-01-19 18:28 . 2009-01-19 18:32 <DIR> d-------- c:\documents and settings\Dave\Application Data\U3 2009-01-17 18:25 . 2009-01-17 18:25 <DIR> d-------- c:\program files\Microsoft Silverlight 2009-01-15 10:45 . 2009-01-15 10:45 <DIR> d-------- c:\documents and settings\Dave\Sun . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-07 12:12 --------- d-----w c:\documents and settings\Dave\Application Data\uTorrent 2009-02-07 12:11 --------- d-----w c:\documents and settings\Dave\Application Data\Free Download Manager 2009-02-07 12:08 --------- d-----w c:\program files\Mozilla Firefox 3 Beta 5 2009-02-07 03:01 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft 2009-02-06 22:37 3,888 ----a-w c:\windows\system32\drivers\NTHANDLE.SYS 2009-02-03 15:11 --------- d-----w c:\documents and settings\Dave\Application Data\AdobeUM 2009-01-29 01:30 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-25 02:00 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-01-07 00:20 --------- d-----w c:\program files\Avira 2009-01-07 00:20 --------- d-----w c:\documents and settings\All Users\Application Data\Avira 2009-01-07 00:12 --------- d-----w c:\documents and settings\All Users\Application Data\Avg8 2009-01-06 02:00 --------- d-----w c:\program files\ZD Soft 2009-01-05 02:31 --------- d-----w c:\documents and settings\Dave\Application Data\PDM 2008-12-31 05:33 --------- d-----w c:\program files\PowerDataRecovery 2008-12-29 22:30 --------- d-----w c:\program files\Common Files\AVSMedia 2008-12-29 22:30 --------- d-----w c:\program files\AVS4YOU 2008-12-24 03:15 --------- d-----w c:\documents and settings\All Users\Application Data\AVSVideoBurner 2008-12-24 01:10 --------- d-----w c:\documents and settings\Dave\Application Data\AVS4YOU 2008-12-14 13:24 --------- d-----w c:\documents and settings\Dave\Application Data\yoclient 2008-12-13 03:10 --------- d-----w c:\program files\Common Files\Research In Motion 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-10-01 22:02 256 ----a-w c:\documents and settings\Dave\pool.bin 2008-01-04 03:44 22,328 ----a-w c:\documents and settings\Dave\Application Data\PnkBstrK.sys 2007-06-16 12:33 47,360 ------w c:\documents and settings\Dave\Application Data\pcouffin.sys 2008-03-27 12:15 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2008-03-27 12:15 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll 2008-03-27 12:15 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll 2008-03-27 12:15 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll 2008-03-27 12:15 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll 2007-10-07 01:33 88 --sh--r c:\windows\system32\F1B2D9D325.sys 2007-02-21 10:47 31,232 --sha-r c:\windows\system32\msfDX.dll 2008-03-16 12:30 216,064 --sha-r c:\windows\system32\nbDX.dll 2008-08-22 21:46 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082220080823\index.dat . ((((((((((((((((((((((((((((( snapshot@2009-02-03_17.54.36.71 ))))))))))))))))))))))))))))))))))))))))) . + 2005-10-21 01:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE - 2008-08-22 21:46:27 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat + 2009-02-06 23:57:36 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat - 2008-08-22 21:46:27 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2009-02-06 23:57:36 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2008-08-22 21:46:27 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2009-02-06 23:57:36 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2009-01-06 01:59:07 267,008 ----a-w c:\windows\system32\FNTCACHE.DAT + 2009-02-06 22:09:40 267,008 ----a-w c:\windows\system32\FNTCACHE.DAT + 2009-02-07 12:18:04 16,384 ----atw c:\windows\temp\Perflib_Perfdata_1dc.dat + 2009-02-07 12:18:03 16,384 ----atw c:\windows\temp\Perflib_Perfdata_284.dat + 2009-02-07 12:18:39 16,384 ----atw c:\windows\temp\Perflib_Perfdata_300.dat + 2008-07-29 13:05:06 161,784 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll + 2008-07-29 08:54:08 225,280 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll + 2008-07-29 13:05:08 572,928 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll + 2008-07-29 13:05:08 655,872 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll + 2008-07-29 08:54:12 312,832 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcm90d.dll + 2008-07-29 13:05:08 875,520 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcp90d.dll + 2008-07-29 13:05:08 1,180,672 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcr90d.dll + 2008-07-29 13:05:12 5,937,144 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfc90d.dll + 2008-07-29 13:05:12 5,982,720 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfc90ud.dll + 2008-07-29 11:07:42 80,896 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfcm90d.dll + 2008-07-29 11:07:42 80,896 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfcm90ud.dll + 2008-07-29 13:05:08 3,768,312 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll + 2008-07-29 13:05:10 3,783,672 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll + 2008-07-29 11:07:42 59,904 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll + 2008-07-29 11:07:42 59,904 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll + 2008-07-29 13:05:06 38,912 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll + 2008-07-29 13:05:06 39,936 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll + 2008-07-29 13:05:08 66,560 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll + 2008-07-29 13:05:08 56,832 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll + 2008-07-29 13:05:06 65,024 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll + 2008-07-29 13:05:08 65,024 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll + 2008-07-29 13:05:06 66,048 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll + 2008-07-29 13:05:08 64,512 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll + 2008-07-29 13:05:08 46,592 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll + 2008-07-29 13:05:08 46,080 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll + 2008-07-29 13:05:08 62,976 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-13 8425472] "WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2007-04-19 271936] "EPSON Stylus Photo R300 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE" [2003-06-04 99840] "InkSaver"="c:\program files\InkSaver\InkSaver.exe" [2003-10-20 458752] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-13 81920] "DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-11-22 221184] "Profiler"="c:\program files\Saitek\Software\Profiler.exe" [2004-08-19 159744] "SaiSmart"="c:\program files\Saitek\Software\SaiSmart.exe" [2004-08-19 98304] "SaiMfd"="c:\program files\Saitek\Software\SaiMfd.exe" [2004-08-19 135168] "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "PowerStrip"="c:\program files\powerstrip\pstrip.exe" [2008-09-17 737408] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "nwiz"="nwiz.exe" [2007-04-13 c:\windows\system32\nwiz.exe] "SkyTel"="SkyTel.EXE" [2006-05-17 c:\windows\SkyTel.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-11-15 c:\windows\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-13 c:\windows\system32\narrator.exe] c:\documents and settings\Dave\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microtek Scanner Finder.lnk - c:\program files\Microtek\ScanWizard 5\ScannerFinder.exe [2007-06-07 339968] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.MJPG"= Pvmjpg21.dll "VIDC.PIM1"= pclepim1.dll "VIDC.I420"= i420vfw.dll "VIDC.ZDSV"= scrvid.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "d:\\Programs\\UTorrent\\utorrent.exe"= "c:\\Windows\\system32\\sessmgr.exe"= "c:\\Program Files\\ScanSoft\\OmniForm Premium 5.0\\EReg\\NAVBrowser.exe"= "c:\\Program Files\\Mozilla Firefox 3 Beta 5\\firefox.exe"= "c:\\Program Files\\Roxio\\Media Manager 9\\MediaManager9.exe"= "c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "d:\\Games\\World of Warcraft\\BackgroundDownloader.exe"= "d:\\Programs\\UltraVnc\\vncviewer.exe"= "d:\\Programs\\UltraVnc\\winvnc.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "25687:TCP"= 25687:TCP:Utorrent "26587:UDP"= 26587:UDP:Utorrent "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\drivers\Si3531.sys [2007-08-02 210224] R2 PStrip;PStrip;c:\windows\system32\drivers\pstrip.sys [2007-07-14 27992] R3 SaiH8000;SaiH8000;c:\windows\system32\drivers\SaiH8000.sys [2008-06-23 56576] R3 scrcap;scrcap;c:\windows\system32\drivers\scrcap.sys [2006-12-27 9006] S3 DVC150B;Dazzle DVC 150B;c:\windows\system32\drivers\dvc150b.sys [2008-08-04 30976] S3 NCBULK;NetChip USB client driver;c:\windows\system32\drivers\NcBulk.SYS [2007-08-25 53189] S3 RioDrv;Rio600 driver;c:\windows\system32\drivers\riodrv.sys [2001-08-17 12032] . . ------- Supplementary Scan ------- . IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Open with &ZipScan - c:\progra~1\ZIPSCA~1\zs_ie.htm LSP: %SYSTEMROOT%\system32\nvLsp.dll DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab FF - ProfilePath - c:\documents and settings\Dave\Application Data\Mozilla\Firefox\Profiles\6zumk00h.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll FF - plugin: c:\documents and settings\Dave\Local Settings\Application Data\Google\Update\1.2.131.11\npGoogleOneClick5.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-07 07:18:39 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(1120) c:\windows\system32\nvLsp.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe c:\windows\system32\rundll32.exe c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe c:\program files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe c:\program files\NVIDIA Corporation\nTune\nTuneService.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\PnkBstrA.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe c:\program files\Windows Live\Messenger\usnsvc.exe . ************************************************************************** . Completion time: 2009-02-07 7:20:24 - machine was rebooted ComboFix-quarantined-files.txt 2009-02-07 12:20:13 ComboFix2.txt 2009-02-06 00:37:30 ComboFix3.txt 2009-02-04 20:44:45 ComboFix4.txt 2009-02-03 22:55:30 Pre-Run: 15,675,080,704 bytes free Post-Run: 15,666,438,144 bytes free 242 --- E O F --- 2009-01-15 08:01:48
  3. Ok done all that, still can't run Malwarebytes. But I"m sure it will work one day. Thanks for all the help, you all sure know a lot about this stuff. Smitfraudfix SmitFraudFix v2.392 Scan done at 17:01:32.73, Fri 02/06/2009 Run from C:\Documents and Settings\Dave\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode
  4. "What is in this folder and what is it for? d:\programs\Glider\ it is loading a file at boot time named: lrpdyhqpam.sys " I have no ideal what this file is. Glider was a bot program for World of warcraft, this has been long deleted. I done a drive search and did not find any such file or directory BTW I had to download a different file search cause I'v found out that my windows search does not work now. I click search and get nothing. I done what you said, to the letter and still can't install ( get run time errors ) or run Malwarebytes (get run time errors). I uninstalled the old Malwarebytes ( got run time errors while uninstalling, but it seams to uninstall ok ) Downloaded a new fresh copy of Malwarebytes and still can't install it, without getting "run time errors" Can't post MBAM cause I can't get it to run still. Hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:03:20 PM, on 2/5/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Windows\Explorer.EXE C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE C:\Windows\system32\RUNDLL32.EXE C:\Windows\RTHDCPL.EXE C:\Program Files\Saitek\Software\SaiSmart.exe C:\Program Files\Saitek\Software\SaiMfd.exe C:\program files\powerstrip\pstrip.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe C:\Windows\system32\nvsvc32.exe C:\Windows\system32\PnkBstrA.exe C:\Windows\system32\svchost.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300" O4 - HKLM\..\Run: [inkSaver] C:\Program Files\InkSaver\InkSaver.exe hide O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe O4 - HKLM\..\Run: [saiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe O4 - HKLM\..\Run: [saiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open with &ZipScan - C:\PROGRA~1\ZIPSCA~1\zs_ie.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O15 - Trusted Zone: http://asia.msi.com.tw O15 - Trusted Zone: http://global.msi.com.tw O15 - Trusted Zone: http://www.msi.com.tw O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file:///E:/HDTV%20Calibration%20Wizard/components/hidinputmonitorx.ocx O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file:///E:/HDTV%20Calibration%20Wizard/components/A9.ocx O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - file:///E:/HDTV%20Calibration%20Wizard/components/wmvhdrating.ocx O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O24 - Desktop Component 0: (no name) - (no file) -- End of file - 9051 bytes
  5. Ok thanks so much for the help. Here is my two log files ComboFix ComboFix 09-02-04.01 - Dave 2009-02-04 15:42:17.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1626 [GMT -5:00] Running from: c:\documents and settings\Dave\Desktop\ComboFix.exe AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2009-01-04 to 2009-02-04 ))))))))))))))))))))))))))))))) . 2009-02-03 19:12 . 2009-02-03 19:12 <DIR> d-------- c:\documents and settings\LocalService\Application Data\Acronis 2009-02-03 19:07 . 2009-02-03 19:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Acronis 2009-02-03 19:07 . 2009-02-03 19:07 441,760 --a------ c:\windows\system32\drivers\timntr.sys 2009-02-03 19:07 . 2009-02-03 19:07 368,480 --a------ c:\windows\system32\drivers\tdrpman.sys 2009-02-03 19:07 . 2009-02-03 19:07 132,224 --a------ c:\windows\system32\drivers\snapman.sys 2009-02-03 19:07 . 2009-02-03 19:07 44,384 --a------ c:\windows\system32\drivers\tifsfilt.sys 2009-02-03 18:57 . 2009-02-03 19:05 <DIR> d-------- c:\program files\Runtime Software 2009-02-03 18:16 . 2009-02-03 18:16 <DIR> d-------- c:\program files\Trend Micro 2009-02-03 18:14 . 2009-02-03 18:14 <DIR> d-------- c:\documents and settings\Dave\Application Data\Thinstall 2009-02-03 18:00 . 2009-02-03 18:00 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-02-03 18:00 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-03 18:00 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-03 16:44 . 2009-02-03 16:44 <DIR> d-------- c:\program files\Spybot - Search & Destroy 2009-02-03 16:44 . 2009-02-03 16:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-01-30 21:19 . 2009-01-30 21:35 <DIR> d-------- c:\program files\HD Tune Pro 2009-01-25 13:43 . 2009-02-02 19:47 <DIR> d--h----- C:\_gsdata_ 2009-01-25 11:51 . 2009-01-25 11:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\GoodSync 2009-01-25 11:48 . 2009-01-25 11:48 <DIR> d-------- c:\program files\Siber Systems 2009-01-25 11:48 . 2009-02-02 19:43 <DIR> d-------- c:\documents and settings\Dave\Application Data\GoodSync 2009-01-25 10:53 . 2009-01-25 11:01 <DIR> d-------- c:\program files\Cobian Backup 9 2009-01-25 10:42 . 2009-01-25 10:42 <DIR> d-------- c:\program files\Comodo 2009-01-25 10:42 . 2009-01-25 10:42 <DIR> d-------- c:\documents and settings\Dave\Application Data\Comodo 2009-01-25 10:36 . 2009-01-25 10:39 <DIR> d-------- c:\documents and settings\Dave\Application Data\FileBoss 2009-01-24 22:34 . 2006-12-21 15:18 497,496 --a------ c:\windows\system32\XceedZip.dll 2009-01-24 14:25 . 2009-01-24 14:29 <DIR> d-------- c:\program files\VS Revo Group 2009-01-24 08:28 . 2009-01-24 08:28 <DIR> d-------- c:\program files\Softland 2009-01-23 22:43 . 2009-01-23 22:45 <DIR> d-------- c:\program files\MSECACHE 2009-01-23 21:10 . 2009-01-24 08:28 <DIR> d-------- c:\documents and settings\Dave\Application Data\Softland 2009-01-23 21:10 . 2009-01-23 21:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Softland 2009-01-19 18:28 . 2009-01-19 18:32 <DIR> d-------- c:\documents and settings\Dave\Application Data\U3 2009-01-17 18:25 . 2009-01-17 18:25 <DIR> d-------- c:\program files\Microsoft Silverlight 2009-01-15 10:45 . 2009-01-15 10:45 <DIR> d-------- c:\documents and settings\Dave\Sun 2009-01-06 19:20 . 2009-01-06 19:20 <DIR> d-------- c:\program files\Avira 2009-01-06 19:20 . 2009-01-06 19:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira 2009-01-06 19:12 . 2009-01-06 19:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8 2009-01-06 16:57 . 2009-01-14 16:04 32,298 --a------ c:\windows\diagerr.xml 2009-01-06 16:57 . 2009-01-14 16:04 1,905 --a------ c:\windows\diagwrn.xml 2009-01-05 20:01 . 2009-01-05 21:00 <DIR> d-------- c:\program files\ZD Soft 2009-01-04 21:31 . 2009-01-04 21:31 <DIR> d-------- c:\documents and settings\Dave\Application Data\PDM . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-04 20:33 --------- d-----w c:\program files\Mozilla Firefox 3 Beta 5 2009-02-04 00:08 --------- d-----w c:\documents and settings\Dave\Application Data\uTorrent 2009-02-04 00:08 --------- d-----w c:\documents and settings\Dave\Application Data\Free Download Manager 2009-02-03 15:11 --------- d-----w c:\documents and settings\Dave\Application Data\AdobeUM 2009-01-29 01:30 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-25 02:00 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-01-24 19:42 --------- d-----w c:\program files\PSP Pandora Deluxe 2008-12-31 17:32 3,888 ----a-w c:\windows\system32\drivers\NTHANDLE.SYS 2008-12-31 05:33 --------- d-----w c:\program files\PowerDataRecovery 2008-12-31 02:08 --------- d-----w c:\program files\Paraben Corporation 2008-12-29 22:30 --------- d-----w c:\program files\Common Files\AVSMedia 2008-12-29 22:30 --------- d-----w c:\program files\AVS4YOU 2008-12-24 03:15 --------- d-----w c:\documents and settings\All Users\Application Data\AVSVideoBurner 2008-12-24 01:10 --------- d-----w c:\documents and settings\Dave\Application Data\AVS4YOU 2008-12-14 13:24 --------- d-----w c:\documents and settings\Dave\Application Data\yoclient 2008-12-13 03:10 --------- d-----w c:\program files\Common Files\Research In Motion 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-10-01 22:02 256 ----a-w c:\documents and settings\Dave\pool.bin 2008-09-01 01:38 12,288 ----a-w c:\program files\PSP Pandora Deluxe;msipl.bin 2008-01-04 03:44 22,328 ----a-w c:\documents and settings\Dave\Application Data\PnkBstrK.sys 2007-06-16 12:33 47,360 ------w c:\documents and settings\Dave\Application Data\pcouffin.sys 2008-03-27 12:15 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2008-03-27 12:15 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll 2008-03-27 12:15 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll 2008-03-27 12:15 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll 2008-03-27 12:15 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll 2007-10-07 01:33 88 --sh--r c:\windows\system32\F1B2D9D325.sys 2006-05-03 09:06 163,328 --sha-r c:\windows\system32\flvDX.dll 2007-02-21 10:47 31,232 --sha-r c:\windows\system32\msfDX.dll 2008-03-16 12:30 216,064 --sha-r c:\windows\system32\nbDX.dll 2008-08-22 21:46 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082220080823\index.dat . ((((((((((((((((((((((((((((( snapshot@2009-02-03_17.54.36.71 ))))))))))))))))))))))))))))))))))))))))) . + 2009-02-04 20:38:54 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_4b4.dat + 2009-02-04 20:38:54 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_60c.dat + 2009-02-04 20:39:29 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_658.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-13 8425472] "WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2007-04-19 271936] "EPSON Stylus Photo R300 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE" [2003-06-04 99840] "InkSaver"="c:\program files\InkSaver\InkSaver.exe" [2003-10-20 458752] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-13 81920] "DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-11-22 221184] "Profiler"="c:\program files\Saitek\Software\Profiler.exe" [2004-08-19 159744] "SaiSmart"="c:\program files\Saitek\Software\SaiSmart.exe" [2004-08-19 98304] "SaiMfd"="c:\program files\Saitek\Software\SaiMfd.exe" [2004-08-19 135168] "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "PowerStrip"="c:\program files\powerstrip\pstrip.exe" [2008-09-17 737408] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "nwiz"="nwiz.exe" [2007-04-13 c:\windows\system32\nwiz.exe] "SkyTel"="SkyTel.EXE" [2006-05-17 c:\windows\SkyTel.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-11-15 c:\windows\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-13 c:\windows\system32\narrator.exe] c:\documents and settings\Dave\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microtek Scanner Finder.lnk - c:\program files\Microtek\ScanWizard 5\ScannerFinder.exe [2007-06-07 339968] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=adfyck.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.MJPG"= Pvmjpg21.dll "VIDC.PIM1"= pclepim1.dll "VIDC.I420"= i420vfw.dll "VIDC.ZDSV"= scrvid.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "d:\\Programs\\UTorrent\\utorrent.exe"= "c:\\Windows\\system32\\sessmgr.exe"= "c:\\Program Files\\ScanSoft\\OmniForm Premium 5.0\\EReg\\NAVBrowser.exe"= "c:\\Program Files\\Mozilla Firefox 3 Beta 5\\firefox.exe"= "c:\\Program Files\\Roxio\\Media Manager 9\\MediaManager9.exe"= "c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "d:\\Games\\World of Warcraft\\BackgroundDownloader.exe"= "d:\\Programs\\UltraVnc\\vncviewer.exe"= "d:\\Programs\\UltraVnc\\winvnc.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "25687:TCP"= 25687:TCP:Utorrent "26587:UDP"= 26587:UDP:Utorrent "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\drivers\Si3531.sys [2007-08-02 210224] R2 PStrip;PStrip;c:\windows\system32\drivers\pstrip.sys [2007-07-14 27992] R3 SaiH8000;SaiH8000;c:\windows\system32\drivers\SaiH8000.sys [2008-06-23 56576] R3 scrcap;scrcap;c:\windows\system32\drivers\scrcap.sys [2006-12-27 9006] S3 DVC150B;Dazzle DVC 150B;c:\windows\system32\drivers\dvc150b.sys [2008-08-04 30976] S3 lrpdyhqpam;lrpdyhqpam;\??\d:\programs\Glider\lrpdyhqpam.sys --> d:\programs\Glider\lrpdyhqpam.sys [?] S3 NCBULK;NetChip USB client driver;c:\windows\system32\drivers\NcBulk.SYS [2007-08-25 53189] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-01-25 42000] S3 RioDrv;Rio600 driver;c:\windows\system32\drivers\riodrv.sys [2001-08-17 12032] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] \Shell\AutoRun\command - H:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41cf7030-7f5e-11dd-bd50-0019db6da6c3}] \Shell\AutoRun\command - h:\.\Start.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5620ad34-f3a6-11dc-bcff-0019db6da6c3}] \Shell\AutoRun\command - H:\Autorun.exe /run \Shell\Shell00\Command - H:\Autorun.exe /run \Shell\Shell01\Command - H:\Autorun.exe /action \Shell\Shell02\Command - H:\Autorun.exe /uninstall [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{96091f8f-149c-11dc-a4d7-8e74698d9dfb}] \Shell\AutoRun\command - h:\.\Start.exe . . ------- Supplementary Scan ------- . IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Open with &ZipScan - c:\progra~1\ZIPSCA~1\zs_ie.htm LSP: %SYSTEMROOT%\system32\nvLsp.dll Trusted Zone: com.tw\asia.msi Trusted Zone: com.tw\global.msi Trusted Zone: com.tw\www.msi Trusted Zone: turbotax.com DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab FF - ProfilePath - c:\documents and settings\Dave\Application Data\Mozilla\Firefox\Profiles\6zumk00h.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll FF - plugin: c:\documents and settings\Dave\Local Settings\Application Data\Google\Update\1.2.131.11\npGoogleOneClick5.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-04 15:43:33 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-602162358-1425521274-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{22424396-6B09-EB64-AADE-45E6E5B45C9B}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "jacpcnghpjbifdkfnklc"=hex:6a,61,62,6b,6e,6c,6e,64,6e,63,67,66,69,68,6a,63,69, 61,68,6a,00,04 "iaeoacjjmbfleiakdf"=hex:6a,61,62,6b,6e,6c,6e,64,6e,63,67,66,69,68,6a,63,69,61, 68,6a,00,04 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\system32\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,f1,69,17,d5,2f, 6b,4d,64,c8,28,51,af,b0,29,a3,98,e7,d7,77,14,2a,6a,70,2e,e2,63,26,f1,3f,c8,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\system32\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,1c,4c,1b,49,c5, e3,4e,42,71,3b,04,66,8b,46,0d,96,16,1d,50,06,f9,25,75,00,6a,9c,d6,61,af,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\system32\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,01,61,45,31,d5, 70,bc,a6,25,da,ec,7e,55,20,c9,26,19,6e,be,ef,79,0c,b4,a5,ff,7c,85,e0,43,d4,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\system32\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,dc,3a,b2,c7,e2, 1b,c2,cc,3e,1e,9e,e0,57,5a,93,61,0b,30,ba,8d,92,be,a8,ac,86,8c,21,01,be,91,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\system32\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,dd,cb,45,14,6d, 87,a1,59,cd,44,cd,b9,a6,33,6c,cd,d7,2b,27,aa,a7,67,52,2c,f5,1d,4d,73,a8,13,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\system32\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,a9,40,1e,8c,f7, 92,f9,7f,b0,18,ed,a7,3f,8d,37,a4,6b,b9,28,9a,cd,1e,b9,3d,df,20,58,62,78,6b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\system32\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,b7,da,fe,23,66, cf,dc,82,31,77,e1,ba,b1,f8,68,02,d3,6a,99,dc,10,60,c8,10,fb,a7,78,e6,12,2f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\system32\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,d9,bb,82,ed,50, de,c3,37,83,6c,56,8b,a0,85,96,ab,3b,50,a3,db,21,89,8e,b9,01,3a,48,fc,e8,04,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\system32\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,47,30,cf,ba,ec, 25,8b,1d,51,fa,6e,91,28,9e,14,cc,47,c8,62,97,ce,90,e2,28,f6,0f,4e,58,98,5b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\system32\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,54,3a,b6,9f,8a, 66,53,ba,b1,cd,45,5a,a8,c4,f8,b9,2d,4d,83,0e,b6,13,03,60,3d,ce,ea,26,2d,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\system32\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,a0,77,67,6f,e3, d9,12,81,e3,0e,66,d5,eb,bc,2f,6b,3b,19,38,9e,a6,82,01,06,2a,b7,cc,b5,b9,7f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\system32\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:05,73,21,dd,54,d8,4a,c5,63,71,ef,7a,1d, 73,2d,ef,fa,ea,66,7f,d4,3b,6b,70,d5,c9,d6,01,96,5a,b5,a6,6c,43,2d,1e,aa,22,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(1132) c:\windows\system32\nvLsp.dll . Completion time: 2009-02-04 15:44:44 ComboFix-quarantined-files.txt 2009-02-04 20:44:20 ComboFix2.txt 2009-02-03 22:55:30 Pre-Run: 15,119,130,624 bytes free Post-Run: 15,133,630,464 bytes free 278 --- E O F --- 2009-01-15 08:01:48 HijackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:47:25 PM, on 2/4/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE C:\Program Files\InkSaver\InkSaver.exe C:\Windows\system32\RUNDLL32.EXE C:\Windows\RTHDCPL.EXE C:\Program Files\Saitek\Software\SaiSmart.exe C:\Program Files\Saitek\Software\SaiMfd.exe C:\program files\powerstrip\pstrip.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe C:\Windows\system32\nvsvc32.exe C:\Windows\system32\PnkBstrA.exe C:\Windows\system32\svchost.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Windows\system32\wscntfy.exe C:\Windows\explorer.exe C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300" O4 - HKLM\..\Run: [inkSaver] C:\Program Files\InkSaver\InkSaver.exe hide O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe O4 - HKLM\..\Run: [saiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe O4 - HKLM\..\Run: [saiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open with &ZipScan - C:\PROGRA~1\ZIPSCA~1\zs_ie.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O15 - Trusted Zone: http://asia.msi.com.tw O15 - Trusted Zone: http://global.msi.com.tw O15 - Trusted Zone: http://www.msi.com.tw O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file:///E:/HDTV%20Calibration%20Wizard/components/hidinputmonitorx.ocx O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file:///E:/HDTV%20Calibration%20Wizard/components/A9.ocx O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - file:///E:/HDTV%20Calibration%20Wizard/components/wmvhdrating.ocx O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O20 - AppInit_DLLs: adfyck.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Dave/LOCALS~1/Temp/msohtml1/03/clip_image002.jpg -- End of file - 9413 bytes
  6. Can't run Malwarebytes to post it's log but here is Hijackthis.log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:21:24 PM, on 2/3/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Windows\Explorer.EXE C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE C:\Program Files\InkSaver\InkSaver.exe C:\Windows\system32\RUNDLL32.EXE C:\Windows\RTHDCPL.EXE C:\Program Files\Saitek\Software\Profiler.exe C:\Program Files\Saitek\Software\SaiSmart.exe C:\Program Files\Saitek\Software\SaiMfd.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\program files\powerstrip\pstrip.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe C:\Windows\system32\nvsvc32.exe C:\Windows\system32\PnkBstrA.exe C:\Windows\system32\svchost.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300" O4 - HKLM\..\Run: [inkSaver] C:\Program Files\InkSaver\InkSaver.exe hide O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe O4 - HKLM\..\Run: [saiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe O4 - HKLM\..\Run: [saiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open with &ZipScan - C:\PROGRA~1\ZIPSCA~1\zs_ie.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O15 - Trusted Zone: http://asia.msi.com.tw O15 - Trusted Zone: http://global.msi.com.tw O15 - Trusted Zone: http://www.msi.com.tw O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file:///E:/HDTV%20Calibration%20Wizard/components/hidinputmonitorx.ocx O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file:///E:/HDTV%20Calibration%20Wizard/components/A9.ocx O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - file:///E:/HDTV%20Calibration%20Wizard/components/wmvhdrating.ocx O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O20 - AppInit_DLLs: adfyck.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Dave/LOCALS~1/Temp/msohtml1/03/clip_image002.jpg -- End of file - 9616 bytes
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.