Hi Everyone at pcreview!
I was hoping that someone could just go through my hijackthis log and combofix log just to make sure i have got rid of the nasties that were infecting my computer.
Im runing windows xp mc on a acer aspire3690 laptop.
I was having problems with popups and my control panal had disappeared, i came here to see if there was anyone else with the same problem and a fix.
I found a post that seems to be having the same problems so i tried the fix which was to unhide my hidden folders, run ATF Cleaner, run combofix and restart (combofix wasnt able to restart due to it not being able to find the path. Help with this would also be great as i cant turn it off the normal way now).
Everything seems to be working as it should. Control panal is back, the annoying popup ads are gone and the computer is runing much faster.
I would just like someone who knows what they doing to take a look at hijackthis and combofix logs.
Logfile of HijackThis v1.99.1
Scan saved at 12:44:01 PM, on 12/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\explorer.exe
D:\hijackthis_sfx\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AzMixerSel] "C:\Program Files\Realtek\InstallShield\AzMixerSel.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [ntiMUI] "C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe"
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ePower_DMC] "C:\Acer\Empowering Technology\ePower\ePower_DMC.exe"
O4 - HKLM\..\Run: [Acer ePower Management] "C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] "C:\Acer\Empowering Technology\eRecovery\Monitor.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] "C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: TMMonitor.lnk = C:\Program Files\ArcSoft\TotalMedia\TMMonitor.exe
O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O4 - Global Startup: Hawking HWU54DM Wireless Utility.lnk = C:\Program Files\Hawking\Common\Utility.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Program Files\PartyGaming\PartyBingo\RunBingo.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Program Files\PartyGaming\PartyBingo\RunBingo.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\maz\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: evnvteru - evnvteru.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: ssqqnmm - ssqqnmm.dll (file missing)
O20 - Winlogon Notify: vtusqpo - vtusqpo.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe (file missing)
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
----
ComboFix 07-12-07.3 - maz 2007-12-07 12:08:10.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.663 [GMT 0:00]
Running from: C:\Documents and Settings\maz\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data.\zatczghm.dll
C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\maz\Desktop\Find Spyware Remover.lnk
C:\Documents and Settings\maz\Desktop\Free Online Dating.lnk
C:\Documents and Settings\maz\Desktop\Go to Casino.lnk
C:\Documents and Settings\maz\Desktop\Live Safety Center.lnk
C:\Documents and Settings\maz\Desktop\Online Security Guide.lnk
C:\Documents and Settings\maz\Favorites\Online Security Guide.lnk
C:\Program Files\cdmhepin
C:\Program Files\cdmhepin\yhapynwf.dll
C:\Program Files\SecCenter\
C:\Program Files\Ultimate Cleaner
C:\Program Files\utetoxad
C:\Program Files\utetoxad\ituvotgd.dll
C:\Program Files\Vklgeabr
C:\Program Files\Vklgeabr\wbmvtdwp.dll
C:\setup.exe
C:\WINDOWS\avp.exe
C:\WINDOWS\Casino.ico
C:\WINDOWS\Free Online Dating.ico
C:\WINDOWS\Spyware Remover.ico
C:\WINDOWS\system32\ditesckh.ini
C:\WINDOWS\system32\drivers\sfsync02.sys
C:\WINDOWS\system32\evnvteru.dllbox
C:\WINDOWS\system32\hkcsetid.dll
C:\WINDOWS\system32\jkkkhfg.dll
C:\WINDOWS\system32\libpekdj.dll
C:\WINDOWS\system32\mpqss.ini
C:\WINDOWS\system32\mpqss.ini2
C:\WINDOWS\system32\ssqpm.dll
C:\WINDOWS\system32\tcrhmhun.dll
C:\WINDOWS\system32\tuvtrro.dll
C:\WINDOWS\system32\winads32.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_NTMLSVC
-------\LEGACY_NWSAPAGENT
-------\LEGACY_SFSYNC02
-------\NtmlSvc
-------\NwSapAgent
-------\sfsync02
((((((((((((((((((((((((( Files Created from 2007-11-07 to 2007-12-07 )))))))))))))))))))))))))))))))
.
2007-12-07 12:22 . 2007-12-07 12:22 d--hs---- C:\FOUND.009
2007-12-07 11:52 . 2007-12-07 11:52 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-07 11:52 . 2007-12-07 11:52 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-07 10:02 . 2007-12-07 10:02 d-------- C:\Program Files\ewido anti-spyware 4.0
2007-12-06 22:10 . 2007-12-06 22:10 d-------- C:\Documents and Settings\maz\Application Data\Otto
2007-12-06 22:10 . 2007-12-06 22:10 d-------- C:\Documents and Settings\All Users\Application Data\Otto
2007-12-06 22:01 . 2007-12-06 22:01 d-------- C:\Program Files\trailer park tycoon
2007-12-06 18:23 . 2007-12-06 18:23 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-12-06 18:23 . 2007-10-01 16:24 163,640 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-12-06 18:23 . 2007-10-01 16:24 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-12-06 18:23 . 2007-10-01 16:24 21,816 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-12-06 18:23 . 2007-10-01 16:24 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2007-12-06 18:22 . 2007-12-06 18:22 d-------- C:\Program Files\Webroot
2007-12-06 18:22 . 2007-12-06 18:22 d-------- C:\Documents and Settings\maz\Application Data\Webroot
2007-12-06 18:22 . 2007-12-06 18:22 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-12-06 18:22 . 2007-10-01 16:40 1,526,072 --a------ C:\WINDOWS\WRSetup.dll
2007-12-06 17:56 . 2007-12-06 17:56 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2007-12-06 17:55 . 2007-12-06 17:55 d-------- C:\Program Files\Security Task Manager
2007-12-06 16:20 . 2007-12-06 16:20 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-12-06 12:32 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-12-06 12:32 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-12-06 12:32 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-12-06 12:32 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-12-06 12:32 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2007-12-06 12:32 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-12-06 12:32 . 2006-12-08 12:02 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-12-05 22:43 . 2007-12-05 22:43 d-------- C:\Program Files\Activision Value
2007-12-05 18:13 . 2007-12-05 18:13 d-------- C:\Documents and Settings\maz\Application Data\Grisoft
2007-12-05 18:12 . 2007-12-05 18:12 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-05 18:12 . 2007-05-30 12:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-05 18:01 . 2007-12-05 18:01 d--hs---- C:\FOUND.008
2007-12-05 17:42 . 2007-12-05 17:42 d-------- C:\Program Files\SopCast
2007-12-05 16:12 . 2007-12-05 16:12 d-------- C:\Program Files\E404 Helper
2007-12-05 16:11 . 2007-12-07 11:45 10,240 --a------ C:\Program Files\spoolsv.exe
2007-12-05 15:57 . 2007-12-05 15:57 16,384 --------- C:\WINDOWS\system32\gjisfclw
2007-12-05 14:53 . 2007-12-05 14:53 4,096 --a------ C:\WINDOWS\d3dx.dat
2007-12-05 14:51 . 2007-12-05 14:51 d-------- C:\Program Files\SallysSalon_at
2007-12-05 14:51 . 2007-12-05 14:51 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-04 14:18 . 2007-12-04 14:18 d--hs---- C:\FOUND.007
2007-12-04 12:41 . 2007-12-04 12:41 d-------- C:\Downloads
2007-12-04 12:18 . 2007-12-04 12:18 d-------- C:\Program Files\Free Download Manager
2007-12-04 12:18 . 2007-12-04 12:18 d-------- C:\Documents and Settings\maz\Application Data\Free Download Manager
2007-12-04 12:18 . 2007-12-04 12:18 d-------- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2007-12-03 22:06 . 2007-12-03 22:06 d-------- C:\Documents and Settings\maz\Application Data\Pogo Games
2007-12-03 22:01 . 2007-12-03 22:01 d-------- C:\Program Files\Pogo Games
2007-12-03 21:01 . 2007-12-03 21:01 dr-h----- C:\Documents and Settings\maz\Application Data\SecuROM
2007-12-03 19:06 . 2007-12-03 19:06 d-------- C:\Program Files\EA GAMES
2007-12-03 19:04 . 2007-12-03 21:01 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-12-03 19:03 . 2007-12-03 19:03 d-------- C:\Program Files\GameShadow
2007-12-03 19:00 . 2007-12-03 19:00 d-------- C:\Program Files\DAEMON Tools
2007-12-03 18:50 . 2007-12-03 18:50 d--hs---- C:\FOUND.006
2007-12-03 18:38 . 2007-12-03 18:38 d-------- C:\Program Files\Cinema Tycoon Gold
2007-12-03 17:36 . 2007-12-03 17:36 d-------- C:\Documents and Settings\maz\Application Data\Microsoft Games
2007-12-03 17:36 . 2007-12-03 17:36 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Games
2007-12-03 17:10 . 2007-12-03 17:10 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-12-03 11:07 . 2007-12-03 11:07 d-------- C:\Program Files\uTorrent
2007-12-03 11:07 . 2007-12-03 11:07 d-------- C:\Documents and Settings\maz\Application Data\uTorrent
2007-12-01 17:46 . 2007-12-01 17:46 d-------- C:\Program Files\Common Files\xing shared
2007-12-01 17:27 . 2007-12-01 17:27 d-------- C:\Program Files\TVAnts
2007-11-30 07:21 . 2007-11-30 07:21 268 --ah----- C:\sqmdata04.sqm
2007-11-30 07:21 . 2007-11-30 07:21 244 --ah----- C:\sqmnoopt04.sqm
2007-11-30 01:14 . 2007-11-30 01:14 268 --ah----- C:\sqmdata03.sqm
2007-11-30 01:14 . 2007-11-30 01:14 244 --ah----- C:\sqmnoopt03.sqm
2007-11-29 17:49 . 2007-11-29 17:49 d-------- C:\Program Files\Project64 1.6
2007-11-24 23:04 . 2007-11-24 23:04 d-------- C:\Program Files\QuickTime
2007-11-24 23:02 . 2007-11-24 23:02 d-------- C:\Program Files\Apple Software Update
2007-11-24 23:02 . 2007-11-24 23:02 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-11-23 10:08 . 2007-11-23 10:08 d-------- C:\Program Files\Hawking
2007-11-23 10:08 . 2005-05-17 16:24 311,296 --a------ C:\WINDOWS\system32\AegisI5.exe
2007-11-23 10:08 . 2005-08-02 23:00 232,192 --a------ C:\WINDOWS\system32\drivers\rt73.sys
2007-11-23 10:08 . 2005-08-19 22:01 69,632 --a------ C:\WINDOWS\system32\Install7x.dll
2007-11-23 10:08 . 2007-11-23 10:08 20,747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2007-11-23 10:08 . 2005-08-02 00:06 2,048 --a------ C:\WINDOWS\system32\drivers\rt73.bin
2007-11-23 10:08 . 2005-08-19 15:51 138 --a------ C:\WINDOWS\filespec7x
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-05 15:57 16,384 ------w C:\Program Files\SecCenter
2007-12-05 15:57 16,384 ------w C:\Program Files\Pkebqngh
2007-11-06 12:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\MGS
2007-11-01 21:13 --------- d-----w C:\Program Files\Windows Live
2007-11-01 21:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-01 21:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
2007-10-19 11:57 --------- d-----w C:\Program Files\City Interactive
2007-10-17 14:18 --------- d-----w C:\Documents and Settings\maz\Application Data\pokerth
2007-10-16 23:03 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2007-10-16 23:03 262,144 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2007-10-16 22:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-16 22:49 --------- d-----w C:\Program Files\pool
2007-10-13 22:42 1,386,496 ----a-w C:\WINDOWS\system32\msvbvm60.dll
2007-10-13 22:42 --------- d-----w C:\Program Files\Common Files\SWF Studio
2007-10-09 13:07 --------- d-----w C:\Program Files\ArtMoney
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-08-16 16:19]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-11-13 15:48]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-11-17 11:53]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [2007-12-01 01:41]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 12:17]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 12:13]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 12:17]
"BluetoothAuthenticationAgent"="rundll32.exe" [2004-08-10 20:00 C:\WINDOWS\system32\rundll32.exe]
"!ewido"="C:\Program Files\ewido anti-spyware 4.0\ewido.exe" [2007-12-07 10:10]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56]
"LaunchApp"="Alaunch" []
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 14:54 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 C:\WINDOWS\SkyTel.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 15:02]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-19 14:51]
"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 11:15]
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 20:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 20:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 20:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 20:00]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-09-17 15:27]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-10 19:29]
"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-22 12:54]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-07-20 22:15]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 18:00]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 15:50]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-04-27 11:25]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-05-17 10:52]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-05-17 10:53]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 20:16]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-01 17:45]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 09:25]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-10-01 16:40]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]
TMMonitor.lnk - C:\Program Files\ArcSoft\TotalMedia\TMMonitor.exe [2007-08-21 12:30:56]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{FED51DF2-9644-4C58-9104-90244EDD6EEC}"= C:\WINDOWS\system32\vtusqpo.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\evnvteru]
evnvteru.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqqnmm]
ssqqnmm.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtusqpo]
vtusqpo.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau C:\WINDOWS\system32\ssqpm.dll
R0 SSFS0BB9;Spy Sweeper File System Filer Driver: 0BB9;C:\WINDOWS\system32\Drivers\SSFS0BB9.SYS
R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys
R1 OsaFsLoc;OsaFsLoc;\??\C:\WINDOWS\system32\drivers\OsaFsLoc.sys
R2 int15.sys;int15.sys;\??\C:\Acer\Empowering Technology\eRecovery\int15.sys
R2 osaio;osaio;\??\C:\WINDOWS\system32\drivers\osaio.sys
R2 osanbm;osanbm;\??\C:\WINDOWS\system32\drivers\osanbm.sys
R3 DKbFltr;Dritek Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
R3 EMSCR;EMSCR;C:\WINDOWS\system32\DRIVERS\EMS7SK.sys
R3 ESDCR;ESDCR;C:\WINDOWS\system32\DRIVERS\ESD7SK.sys
R3 ESMCR;ESMCR;C:\WINDOWS\system32\DRIVERS\ESM7SK.sys
S3 AF15BDA;AF9015 BDA Filter;C:\WINDOWS\system32\Drivers\AF15BDA.sys
S3 BDA_Capture_225;USB Digital-TV receiver Driver 2.0.1.8;C:\WINDOWS\system32\Drivers\BDA_Capture_225.sys
S3 BDA_Loader_225;USB Digital-TV Receiver Firmware Loader 6.5.8.0;C:\WINDOWS\system32\Drivers\BDA_Loader_225.sys
S3 DCamUSBNW802;PCL-W300 Capture;C:\WINDOWS\system32\DRIVERS\pcam.sys
S3 krdpdre;krdpdre;\??\C:\DOCUME~1\maz\LOCALS~1\Temp\krdpdre.sys
S3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys
.
Contents of the 'Scheduled Tasks' folder
"2007-11-30 20:00:30 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - maz.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/TASK:
"2007-12-06 14:57:14 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-07 12:35:48
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-07 12:38:08
.
--- E O F ---
--------------------------------------------
Should i hide my files again?
Thank you in advance to anyone who is able to help!!
I was hoping that someone could just go through my hijackthis log and combofix log just to make sure i have got rid of the nasties that were infecting my computer.
Im runing windows xp mc on a acer aspire3690 laptop.
I was having problems with popups and my control panal had disappeared, i came here to see if there was anyone else with the same problem and a fix.
I found a post that seems to be having the same problems so i tried the fix which was to unhide my hidden folders, run ATF Cleaner, run combofix and restart (combofix wasnt able to restart due to it not being able to find the path. Help with this would also be great as i cant turn it off the normal way now).
Everything seems to be working as it should. Control panal is back, the annoying popup ads are gone and the computer is runing much faster.
I would just like someone who knows what they doing to take a look at hijackthis and combofix logs.
Logfile of HijackThis v1.99.1
Scan saved at 12:44:01 PM, on 12/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\explorer.exe
D:\hijackthis_sfx\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AzMixerSel] "C:\Program Files\Realtek\InstallShield\AzMixerSel.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [ntiMUI] "C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe"
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ePower_DMC] "C:\Acer\Empowering Technology\ePower\ePower_DMC.exe"
O4 - HKLM\..\Run: [Acer ePower Management] "C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] "C:\Acer\Empowering Technology\eRecovery\Monitor.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] "C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: TMMonitor.lnk = C:\Program Files\ArcSoft\TotalMedia\TMMonitor.exe
O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O4 - Global Startup: Hawking HWU54DM Wireless Utility.lnk = C:\Program Files\Hawking\Common\Utility.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Program Files\PartyGaming\PartyBingo\RunBingo.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Program Files\PartyGaming\PartyBingo\RunBingo.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\maz\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: evnvteru - evnvteru.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: ssqqnmm - ssqqnmm.dll (file missing)
O20 - Winlogon Notify: vtusqpo - vtusqpo.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe (file missing)
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
----
ComboFix 07-12-07.3 - maz 2007-12-07 12:08:10.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.663 [GMT 0:00]
Running from: C:\Documents and Settings\maz\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data.\zatczghm.dll
C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\maz\Desktop\Find Spyware Remover.lnk
C:\Documents and Settings\maz\Desktop\Free Online Dating.lnk
C:\Documents and Settings\maz\Desktop\Go to Casino.lnk
C:\Documents and Settings\maz\Desktop\Live Safety Center.lnk
C:\Documents and Settings\maz\Desktop\Online Security Guide.lnk
C:\Documents and Settings\maz\Favorites\Online Security Guide.lnk
C:\Program Files\cdmhepin
C:\Program Files\cdmhepin\yhapynwf.dll
C:\Program Files\SecCenter\
C:\Program Files\Ultimate Cleaner
C:\Program Files\utetoxad
C:\Program Files\utetoxad\ituvotgd.dll
C:\Program Files\Vklgeabr
C:\Program Files\Vklgeabr\wbmvtdwp.dll
C:\setup.exe
C:\WINDOWS\avp.exe
C:\WINDOWS\Casino.ico
C:\WINDOWS\Free Online Dating.ico
C:\WINDOWS\Spyware Remover.ico
C:\WINDOWS\system32\ditesckh.ini
C:\WINDOWS\system32\drivers\sfsync02.sys
C:\WINDOWS\system32\evnvteru.dllbox
C:\WINDOWS\system32\hkcsetid.dll
C:\WINDOWS\system32\jkkkhfg.dll
C:\WINDOWS\system32\libpekdj.dll
C:\WINDOWS\system32\mpqss.ini
C:\WINDOWS\system32\mpqss.ini2
C:\WINDOWS\system32\ssqpm.dll
C:\WINDOWS\system32\tcrhmhun.dll
C:\WINDOWS\system32\tuvtrro.dll
C:\WINDOWS\system32\winads32.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_NTMLSVC
-------\LEGACY_NWSAPAGENT
-------\LEGACY_SFSYNC02
-------\NtmlSvc
-------\NwSapAgent
-------\sfsync02
((((((((((((((((((((((((( Files Created from 2007-11-07 to 2007-12-07 )))))))))))))))))))))))))))))))
.
2007-12-07 12:22 . 2007-12-07 12:22 d--hs---- C:\FOUND.009
2007-12-07 11:52 . 2007-12-07 11:52 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-07 11:52 . 2007-12-07 11:52 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-07 10:02 . 2007-12-07 10:02 d-------- C:\Program Files\ewido anti-spyware 4.0
2007-12-06 22:10 . 2007-12-06 22:10 d-------- C:\Documents and Settings\maz\Application Data\Otto
2007-12-06 22:10 . 2007-12-06 22:10 d-------- C:\Documents and Settings\All Users\Application Data\Otto
2007-12-06 22:01 . 2007-12-06 22:01 d-------- C:\Program Files\trailer park tycoon
2007-12-06 18:23 . 2007-12-06 18:23 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-12-06 18:23 . 2007-10-01 16:24 163,640 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-12-06 18:23 . 2007-10-01 16:24 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-12-06 18:23 . 2007-10-01 16:24 21,816 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-12-06 18:23 . 2007-10-01 16:24 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2007-12-06 18:22 . 2007-12-06 18:22 d-------- C:\Program Files\Webroot
2007-12-06 18:22 . 2007-12-06 18:22 d-------- C:\Documents and Settings\maz\Application Data\Webroot
2007-12-06 18:22 . 2007-12-06 18:22 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-12-06 18:22 . 2007-10-01 16:40 1,526,072 --a------ C:\WINDOWS\WRSetup.dll
2007-12-06 17:56 . 2007-12-06 17:56 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2007-12-06 17:55 . 2007-12-06 17:55 d-------- C:\Program Files\Security Task Manager
2007-12-06 16:20 . 2007-12-06 16:20 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-12-06 12:32 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-12-06 12:32 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-12-06 12:32 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-12-06 12:32 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-12-06 12:32 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2007-12-06 12:32 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-12-06 12:32 . 2006-12-08 12:02 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-12-05 22:43 . 2007-12-05 22:43 d-------- C:\Program Files\Activision Value
2007-12-05 18:13 . 2007-12-05 18:13 d-------- C:\Documents and Settings\maz\Application Data\Grisoft
2007-12-05 18:12 . 2007-12-05 18:12 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-05 18:12 . 2007-05-30 12:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-05 18:01 . 2007-12-05 18:01 d--hs---- C:\FOUND.008
2007-12-05 17:42 . 2007-12-05 17:42 d-------- C:\Program Files\SopCast
2007-12-05 16:12 . 2007-12-05 16:12 d-------- C:\Program Files\E404 Helper
2007-12-05 16:11 . 2007-12-07 11:45 10,240 --a------ C:\Program Files\spoolsv.exe
2007-12-05 15:57 . 2007-12-05 15:57 16,384 --------- C:\WINDOWS\system32\gjisfclw
2007-12-05 14:53 . 2007-12-05 14:53 4,096 --a------ C:\WINDOWS\d3dx.dat
2007-12-05 14:51 . 2007-12-05 14:51 d-------- C:\Program Files\SallysSalon_at
2007-12-05 14:51 . 2007-12-05 14:51 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-04 14:18 . 2007-12-04 14:18 d--hs---- C:\FOUND.007
2007-12-04 12:41 . 2007-12-04 12:41 d-------- C:\Downloads
2007-12-04 12:18 . 2007-12-04 12:18 d-------- C:\Program Files\Free Download Manager
2007-12-04 12:18 . 2007-12-04 12:18 d-------- C:\Documents and Settings\maz\Application Data\Free Download Manager
2007-12-04 12:18 . 2007-12-04 12:18 d-------- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2007-12-03 22:06 . 2007-12-03 22:06 d-------- C:\Documents and Settings\maz\Application Data\Pogo Games
2007-12-03 22:01 . 2007-12-03 22:01 d-------- C:\Program Files\Pogo Games
2007-12-03 21:01 . 2007-12-03 21:01 dr-h----- C:\Documents and Settings\maz\Application Data\SecuROM
2007-12-03 19:06 . 2007-12-03 19:06 d-------- C:\Program Files\EA GAMES
2007-12-03 19:04 . 2007-12-03 21:01 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-12-03 19:03 . 2007-12-03 19:03 d-------- C:\Program Files\GameShadow
2007-12-03 19:00 . 2007-12-03 19:00 d-------- C:\Program Files\DAEMON Tools
2007-12-03 18:50 . 2007-12-03 18:50 d--hs---- C:\FOUND.006
2007-12-03 18:38 . 2007-12-03 18:38 d-------- C:\Program Files\Cinema Tycoon Gold
2007-12-03 17:36 . 2007-12-03 17:36 d-------- C:\Documents and Settings\maz\Application Data\Microsoft Games
2007-12-03 17:36 . 2007-12-03 17:36 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Games
2007-12-03 17:10 . 2007-12-03 17:10 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-12-03 11:07 . 2007-12-03 11:07 d-------- C:\Program Files\uTorrent
2007-12-03 11:07 . 2007-12-03 11:07 d-------- C:\Documents and Settings\maz\Application Data\uTorrent
2007-12-01 17:46 . 2007-12-01 17:46 d-------- C:\Program Files\Common Files\xing shared
2007-12-01 17:27 . 2007-12-01 17:27 d-------- C:\Program Files\TVAnts
2007-11-30 07:21 . 2007-11-30 07:21 268 --ah----- C:\sqmdata04.sqm
2007-11-30 07:21 . 2007-11-30 07:21 244 --ah----- C:\sqmnoopt04.sqm
2007-11-30 01:14 . 2007-11-30 01:14 268 --ah----- C:\sqmdata03.sqm
2007-11-30 01:14 . 2007-11-30 01:14 244 --ah----- C:\sqmnoopt03.sqm
2007-11-29 17:49 . 2007-11-29 17:49 d-------- C:\Program Files\Project64 1.6
2007-11-24 23:04 . 2007-11-24 23:04 d-------- C:\Program Files\QuickTime
2007-11-24 23:02 . 2007-11-24 23:02 d-------- C:\Program Files\Apple Software Update
2007-11-24 23:02 . 2007-11-24 23:02 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-11-23 10:08 . 2007-11-23 10:08 d-------- C:\Program Files\Hawking
2007-11-23 10:08 . 2005-05-17 16:24 311,296 --a------ C:\WINDOWS\system32\AegisI5.exe
2007-11-23 10:08 . 2005-08-02 23:00 232,192 --a------ C:\WINDOWS\system32\drivers\rt73.sys
2007-11-23 10:08 . 2005-08-19 22:01 69,632 --a------ C:\WINDOWS\system32\Install7x.dll
2007-11-23 10:08 . 2007-11-23 10:08 20,747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2007-11-23 10:08 . 2005-08-02 00:06 2,048 --a------ C:\WINDOWS\system32\drivers\rt73.bin
2007-11-23 10:08 . 2005-08-19 15:51 138 --a------ C:\WINDOWS\filespec7x
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-05 15:57 16,384 ------w C:\Program Files\SecCenter
2007-12-05 15:57 16,384 ------w C:\Program Files\Pkebqngh
2007-11-06 12:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\MGS
2007-11-01 21:13 --------- d-----w C:\Program Files\Windows Live
2007-11-01 21:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-01 21:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
2007-10-19 11:57 --------- d-----w C:\Program Files\City Interactive
2007-10-17 14:18 --------- d-----w C:\Documents and Settings\maz\Application Data\pokerth
2007-10-16 23:03 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2007-10-16 23:03 262,144 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2007-10-16 22:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-16 22:49 --------- d-----w C:\Program Files\pool
2007-10-13 22:42 1,386,496 ----a-w C:\WINDOWS\system32\msvbvm60.dll
2007-10-13 22:42 --------- d-----w C:\Program Files\Common Files\SWF Studio
2007-10-09 13:07 --------- d-----w C:\Program Files\ArtMoney
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-08-16 16:19]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-11-13 15:48]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-11-17 11:53]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [2007-12-01 01:41]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 12:17]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 12:13]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 12:17]
"BluetoothAuthenticationAgent"="rundll32.exe" [2004-08-10 20:00 C:\WINDOWS\system32\rundll32.exe]
"!ewido"="C:\Program Files\ewido anti-spyware 4.0\ewido.exe" [2007-12-07 10:10]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56]
"LaunchApp"="Alaunch" []
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 14:54 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 C:\WINDOWS\SkyTel.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 15:02]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-19 14:51]
"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 11:15]
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 20:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 20:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 20:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 20:00]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-09-17 15:27]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-10 19:29]
"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-22 12:54]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-07-20 22:15]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 18:00]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 15:50]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-04-27 11:25]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-05-17 10:52]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-05-17 10:53]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 20:16]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-01 17:45]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 09:25]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-10-01 16:40]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]
TMMonitor.lnk - C:\Program Files\ArcSoft\TotalMedia\TMMonitor.exe [2007-08-21 12:30:56]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{FED51DF2-9644-4C58-9104-90244EDD6EEC}"= C:\WINDOWS\system32\vtusqpo.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\evnvteru]
evnvteru.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqqnmm]
ssqqnmm.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtusqpo]
vtusqpo.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau C:\WINDOWS\system32\ssqpm.dll
R0 SSFS0BB9;Spy Sweeper File System Filer Driver: 0BB9;C:\WINDOWS\system32\Drivers\SSFS0BB9.SYS
R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys
R1 OsaFsLoc;OsaFsLoc;\??\C:\WINDOWS\system32\drivers\OsaFsLoc.sys
R2 int15.sys;int15.sys;\??\C:\Acer\Empowering Technology\eRecovery\int15.sys
R2 osaio;osaio;\??\C:\WINDOWS\system32\drivers\osaio.sys
R2 osanbm;osanbm;\??\C:\WINDOWS\system32\drivers\osanbm.sys
R3 DKbFltr;Dritek Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
R3 EMSCR;EMSCR;C:\WINDOWS\system32\DRIVERS\EMS7SK.sys
R3 ESDCR;ESDCR;C:\WINDOWS\system32\DRIVERS\ESD7SK.sys
R3 ESMCR;ESMCR;C:\WINDOWS\system32\DRIVERS\ESM7SK.sys
S3 AF15BDA;AF9015 BDA Filter;C:\WINDOWS\system32\Drivers\AF15BDA.sys
S3 BDA_Capture_225;USB Digital-TV receiver Driver 2.0.1.8;C:\WINDOWS\system32\Drivers\BDA_Capture_225.sys
S3 BDA_Loader_225;USB Digital-TV Receiver Firmware Loader 6.5.8.0;C:\WINDOWS\system32\Drivers\BDA_Loader_225.sys
S3 DCamUSBNW802;PCL-W300 Capture;C:\WINDOWS\system32\DRIVERS\pcam.sys
S3 krdpdre;krdpdre;\??\C:\DOCUME~1\maz\LOCALS~1\Temp\krdpdre.sys
S3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys
.
Contents of the 'Scheduled Tasks' folder
"2007-11-30 20:00:30 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - maz.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/TASK:
"2007-12-06 14:57:14 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-07 12:35:48
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-07 12:38:08
.
--- E O F ---
--------------------------------------------
Should i hide my files again?
Thank you in advance to anyone who is able to help!!