Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spybo(t) Won't Start, Files With That Name Crash


  • This topic is locked This topic is locked
18 replies to this topic

#1 richard1777

richard1777

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:40 PM

Posted 30 December 2007 - 02:10 AM

Split from this thread.

I ran the DSS.exe file. It ran through the HijackThis and HijackThis Clone, searched for created files, and while searching modified files it crashed. It did this several times, at the same point.

The error signature reported an offset of 00002120. The error report was given in a file (something like apcompat---.tmp) which I include after main.txt.

The first run generated C:\Deckard\System Scanner\20071229220006\backup\DOCUME~1\Richard\LOCALS~1\temp
which contained 8378 files and 1176 folders, but no main.txt or extras.txt files.

Subsequent attempts at running the DSS.exe generated new folders with names that differed only in the last four digits. The next try generated C:\Deckard\System Scanner\20071229221424\backup\DOCUME~1\Richard\LOCALS~1\temp. Inside \temp were 2 files and 1 folder; the folder, ~ykzayee.tmp, held 28 files, including a main.txt file (though it did not come up on the screen as the program crashed), the data from which is included below. An extra.txt file was also generated, but did not contain any information.

Data from the main.txt file follows:

Deckard's System Scanner v20071014.68
Run by Richard on 2007-12-29 18:05:27
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2007-12-30 02:05:37 UTC - RP2 - Deckard's System Scanner Restore Point
1: 2007-12-28 08:06:45 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 13.56 GiB (less than 15%) free.


-- HijackThis (run as Richard.exe) ---------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-12-29 18:12:23
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sandisk\Sansa Updater\SansaDispatch.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\LS_Duhem\lsdiorw\lsdiorw2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\STRAYK\strayk.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\Richard\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBHO.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {66CD1A33-06A3-40EE-8409-DA0C93269B7A} - __BHODemonDisabled (file missing)
O2 - BHO: (no name) - {68112BA6-28EB-41FE-AD38-EC1CF18AB0B6} - (no file)
O2 - BHO: (no name) - {6DDFC0B6-748F-43FE-B7C5-77F4CA147E23} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {97909F5D-2743-4E8E-AB0D-C34B8AE71E1E} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {B4DDCBA6-0405-4008-8A14-CEFF18BC5D63} - (no file)
O2 - BHO: (no name) - {DBE85D58-AFE3-4BD5-8FC2-1C40A4CE8DFD} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SansaDispatch] "C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [Mp4 Player] "C:\Program Files\Mp4 Player\Mp4Player.exe" hmw
O4 - HKCU\..\Run: [strayk] "C:\Program Files\STRAYK\strayk.exe" -ds
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download Flash with Flash Capture - C:\Program Files\Flash Capture\dl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} (CentraUpdaterAxCtl Class) - http://prod1.centra.com/SiteRoots/main/Ins...raUpdaterAx.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/e/7.../OGAControl.cab
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} (SentinelVE3D Class) - http://download.microsoft.com/download/a/d...tualEarth3D.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/w...ntrol_en_US.cab
O16 - DPF: {0EDE3059-2BF8-49C5-8640-4694550C444E} (IACache Class) - http://www.lotrdvd.com/dvdkey/extended_dvd..._E/lotrfotr.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shock...director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/9/b...heckControl.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} () - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} (IEPlayInterface Class) - http://www.lotrdvd.com/dvdkey/extended_dvd...ds/iaieplay.dll
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc2.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsupp/as...trl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...trl/tgctlsr.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6697AFA6-1CD3-462E-AC0A-363EF8BCD102} (SyScan2 Control) - http://www.evga.com/Support/SyScan/SyScan.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab Class) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} () - http://v4.windowsupdate.microsoft.com/CAB/...8481.8024884259
O16 - DPF: {A8658086-E6AC-4957-BC8E-8D54A7E8A790} (GDIChk Object) - http://www.microsoft.com/security/controls/GDI/0/GDIChk.CAB
O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} (CentraDownloaderCtl Class) - http://asp17.centra.com/SiteRoots/main/Ins...aDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} () - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{7EB37A5A-0FF5-4E61-8144-CC6E52EE5AC3}: NameServer = 68.87.66.196,68.87.64.196
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: ENTERPRISE - C:\WINDOWS\system32\ENTERPRISE.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATM Service (ATMsrvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\ATMsrvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Lsdiorw - Logiciels & Services Duhem, Paris, France - C:\Program Files\LS_Duhem\lsdiorw\lsdiorw2.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe


--
End of file - 18677 bytes

-- File Associations -----------------------------------------------------------

.js - unable to read key
.js - unable to read key
.txt - unable to read key
.txt - unable to read key


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 OMCI - c:\windows\system32\drivers\omci.sys
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys
R1 vcdrom (Virtual CD-ROM Device Driver) - c:\windows\system32\drivers\vcdrom.sys
R2 B2Ether (Basilisk II Ethernet Driver) - c:\windows\system32\drivers\b2ether.sys
R2 cdenable - c:\windows\system32\drivers\cdenable.sys
R2 CDRPDACC (Arrowkey Device Access) - c:\program files\321studios\shared\cdrpdacc.sys
R2 IOPort - c:\windows\system32\ioport.sys
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys
R3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys

S3 bvrp_pci - c:\windows\system32\drivers\bvrp_pci.sys
S3 catchme - c:\docume~1\richard\locals~1\temp\catchme.sys (file missing)
S3 NPF (Netgroup Packet Filter) - c:\windows\system32\drivers\npf.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe"
R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe
R2 Lsdiorw - c:\program files\ls_duhem\lsdiorw\lsdiorw2.exe
R2 UPHClean (User Profile Hive Cleanup) - c:\program files\uphclean\uphclean.exe
R3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe"

S2 StarWindService (StarWind iSCSI Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindservice.exe (file missing)
S3 Imapi Helper - "c:\program files\alex feinman\iso recorder\imapihelper.exe"
S3 merger - "c:\program files\microsoft application compatibility toolkit\application analyzer\merger.exe"
S4 ATMsrvc (ATM Service) - c:\windows\system32\atmsrvc.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-12-26 00:33:28 626 --a------ C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Richard.job


-- Files created between 2007-11-29 and 2007-12-29 -----------------------------

2007-12-29 12:53:30 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2007-12-29 12:53:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\Aladdin Systems
2007-12-29 12:46:52 0 d-------- C:\z
2007-12-29 00:21:25 0 d-------- C:\WINDOWS\ERUNT
2007-12-28 21:53:19 2855 --a------ C:\WINDOWS\system32\command.PIF
2007-12-28 21:53:00 2855 --a------ C:\WINDOWS\command.PIF
2007-12-28 21:52:33 2855 --a------ C:\command.PIF
2007-12-28 16:29:39 765952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-12-28 16:29:38 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-12-28 16:29:38 0 d-------- C:\Program Files\Xvid
2007-12-28 15:32:31 0 d-------- C:\Program Files\Common Files\xing shared
2007-12-27 23:17:06 0 d-------- C:\Documents and Settings\Ulrich\Application Data\Adobe
2007-12-27 23:15:34 0 d-------- C:\Documents and Settings\Ulrich\Application Data\Grisoft
2007-12-27 13:44:40 0 d-------- C:\Program Files\HostsXpert
2007-12-26 01:01:33 0 d-------- C:\Documents and Settings\Default User\Application Data\Apple Computer
2007-12-26 00:11:44 0 d-------- C:\Program Files\Norton Internet Security
2007-12-24 23:00:21 0 d-------- C:\Program Files\Spyware Doctor
2007-12-24 23:00:21 0 d-------- C:\Documents and Settings\Richard\Application Data\PC Tools
2007-12-24 17:27:47 0 d-------- C:\Documents and Settings\Richard\DoctorWeb
2007-12-24 17:14:52 0 d-------- C:\Documents

[in two other main.txt files from 2 other attempts to run DSS.exe, this went on just a little further:

and Settings\Richard\Application Data\Grisoft
2007-12-24 17:14



The Error Report from Apcompat--.tmp follows:




























































































































I'm sorry that this is proving so resistant to analysis. Richard1777

Edited by quietman7, 30 December 2007 - 08:41 AM.


BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,640 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:40 PM

Posted 08 January 2008 - 11:07 AM

  • Download Combofix to your desktop.

  • Doubleclick combofix.exe

  • Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished, and after reboot if it asks for one, combofix will open again to gather the necessary information for the log. This may take a while so please be patient. When done, Combofix will close and a log should open called combofix.txt.

Post the contents of this log in your next reply along with a new hijackthislog.

Please do not post the ComboFix-quarantined-files.txt unless I ask you to.

#3 richard1777

richard1777
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:40 PM

Posted 13 January 2008 - 12:17 AM

Thank you for your reply, Grinler.

I downloaded the combofix.exe and followed your instructions. It ran, deleted several files, and rebooted. On rebooting, it completed its work and generated a log. During that rebooting and log generation activity a window, "Data Execution Prevention--Microsoft Windows came up, and informed me that "To help protect your computer, Windows has closed this program: Indexing Service filter daemon."

I attempted several times to run HijackThis (both as itself and renamed), but with no more success than before. I tested, and a couple of in which I inserted "Spybot" into the name caused their programs to crash. So, the problem that I cannot open Spybot or HijackThis, cannot open files with Spybot, HijackThis, or McAfee in their names, or open web pages with them in the names or in the keywords still seems to apply.

As instructed previously by Quietman7, I ran Deckard's System Scanner which was able to run HijackThis and generate a log (which is also how I got the previous one you reviewed). As before, HijackThis ended prematurely, when scanning the modified files, but I was able to get data from the main.txt file.

So, per your instructions, I am including the contents of the two logs: combofix.txt and main.txt (the HijackThis log) below.

ComboFix 08-01-09.2 - Richard 2008-01-12 19:51:59.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1965 [GMT -8:00]
Running from: C:\Documents and Settings\Richard\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Richard\Application Data\unins000.exe
C:\WINDOWS\Downloaded Program Files\Quarantine
C:\WINDOWS\system32\command.pif
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\Packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\svvwa.ini
C:\WINDOWS\system32\svvwa.ini2
C:\WINDOWS\system32\w95
C:\WINDOWS\system32\w95\MSCDEX.EXE
C:\WINDOWS\system32\WanPacket.dll
C:\WINDOWS\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_IPRIP
-------\LEGACY_NPF
-------\nm
-------\NPF


((((((((((((((((((((((((( Files Created from 2007-12-13 to 2008-01-13 )))))))))))))))))))))))))))))))
.

2007-12-29 22:33 . 2007-12-29 22:35 <DIR> d-------- C:\z
2007-12-29 17:51 . 2007-12-29 17:51 <DIR> d-------- C:\Deckard
2007-12-29 12:53 . 2007-12-29 12:53 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Aladdin Systems
2007-12-29 00:21 . 2007-12-29 00:21 <DIR> d-------- C:\WINDOWS\ERUNT
2007-12-28 21:53 . 2005-05-09 11:50 2,855 --a------ C:\WINDOWS\command.PIF
2007-12-28 21:52 . 2005-05-09 11:50 2,855 --a------ C:\command.PIF
2007-12-28 16:29 . 2007-12-28 16:29 <DIR> d-------- C:\Program Files\Xvid
2007-12-28 16:29 . 2007-06-28 18:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-12-28 16:29 . 2007-06-28 18:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-12-28 16:29 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2007-12-28 15:32 . 2007-12-28 15:32 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-12-27 23:15 . 2007-12-27 23:15 <DIR> d-------- C:\Documents and Settings\Ulrich\Application Data\Grisoft
2007-12-27 13:44 . 2007-12-27 22:25 <DIR> d-------- C:\Program Files\HostsXpert
2007-12-26 18:15 . 2008-01-09 00:58 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-26 18:15 . 2007-12-26 18:15 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-26 01:01 . 2007-12-26 01:01 <DIR> d-------- C:\Documents and Settings\Default User\Application Data\Apple Computer
2007-12-26 00:11 . 2007-12-26 00:45 <DIR> d-------- C:\Program Files\Norton Internet Security
2007-12-24 23:00 . 2007-12-25 14:48 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-12-24 23:00 . 2007-12-24 23:00 <DIR> d-------- C:\Documents and Settings\Richard\Application Data\PC Tools
2007-12-24 23:00 . 2007-12-24 23:29 74,240 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-24 23:00 . 2007-12-24 23:29 56,832 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-24 23:00 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-12-24 23:00 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-12-24 22:59 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-24 17:27 . 2007-12-24 17:27 <DIR> d-------- C:\Documents and Settings\Richard\DoctorWeb
2007-12-24 17:14 . 2007-12-24 17:14 <DIR> d-------- C:\Documents and Settings\Richard\Application Data\Grisoft
2007-12-24 17:14 . 2007-12-24 17:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-24 17:14 . 2007-05-30 04:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-23 02:23 . 2007-12-27 17:36 <DIR> d-------- C:\Program Files\SpyNoMore
2007-12-23 02:23 . 2007-12-23 02:23 1,152 --a------ C:\WINDOWS\system32\windrv.sys
2007-12-22 18:45 . 2007-12-22 18:45 70,671 --a------ C:\WINDOWS\system32\ENTERPRISE.dll
2007-12-22 18:45 . 2007-12-22 18:45 409 --a------ C:\log.udt
2007-12-21 13:33 . 2007-12-21 13:33 <DIR> d-------- C:\Program Files\Alcohol Soft
2007-12-20 09:16 . 2007-12-20 09:16 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-12-18 15:43 . 2007-12-18 15:43 <DIR> d-------- C:\Documents and Settings\Richard\Application Data\Thinstall
2007-12-17 16:24 . 2007-12-17 16:24 <DIR> d-------- C:\Program Files\Acro Software
2007-12-17 16:24 . 2007-07-12 22:33 87,552 --a------ C:\WINDOWS\system32\cpwmon2k.dll
2007-12-17 15:55 . 2007-12-17 15:55 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-12-17 15:13 . 2007-12-19 13:54 <DIR> d-------- C:\Program Files\PowerISO
2007-12-17 13:53 . 2007-12-17 13:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-13 04:01 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-13 03:22 --------- d-----w C:\Program Files\Basilisk II
2008-01-13 00:18 --------- d-----w C:\Documents and Settings\Richard\Application Data\STRAYK
2008-01-12 00:36 --------- d-----w C:\Program Files\.finf
2008-01-09 09:23 --------- d-----w C:\Documents and Settings\Richard\Application Data\Azureus
2008-01-08 19:16 --------- d-----w C:\Program Files\Azureus
2007-12-29 00:35 --------- d-----w C:\Program Files\DivX
2007-12-28 23:32 --------- d-----w C:\Program Files\Common Files\Real
2007-12-28 08:44 14,035,738 ----a-w C:\Program Files\Spybot - Search & Destroy.zip
2007-12-28 07:56 --------- d-----w C:\Program Files\Winamp
2007-12-28 03:29 --------- d-----w C:\Program Files\SpywareBlaster
2007-12-28 01:34 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-27 00:01 586 ----a-w C:\Documents and Settings\All Users\Documents.zip
2007-12-26 19:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-26 08:41 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-26 08:41 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-26 08:41 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-26 08:41 --------- d-----w C:\Program Files\Symantec
2007-12-26 00:26 241,076,579 ----a-w C:\Program Files\Common Files\Symantec Shared -2-3 files in CCPD-LC.zip
2007-12-25 22:37 --------- d-----w C:\Documents and Settings\Richard\Application Data\Symantec
2007-12-23 11:17 762,164 ----a-w C:\Program Files\PCDownloader(malware(Q)).zip
2007-12-23 02:36 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-21 23:44 --------- d-----w C:\Program Files\Konvertor
2007-12-21 23:38 --------- d-----w C:\Program Files\3DO
2007-12-21 23:15 253,061 ----a-w C:\Program Files\pic_view--a small graphic file viewer.zip
2007-12-21 22:50 11,340,209 ----a-w C:\Program Files\Microsoft AntiSpyware.zip
2007-12-20 19:01 --------- d-----w C:\Program Files\iTunes
2007-12-20 18:58 --------- d-----w C:\Program Files\BitComet
2007-12-20 17:45 58,975,827 ----a-w C:\Program Files\Common Files\Adobe1.zip
2007-12-19 21:55 --------- d-----w C:\Program Files\MagicISO
2007-12-18 20:32 --------- d-----w C:\Program Files\Photo-Lux
2007-12-18 20:19 58,975,826 ----a-w C:\Program Files\Common Files\Adobe2.zip
2007-12-18 20:14 --------- d-----w C:\Program Files\DAP
2007-12-18 20:13 --------- d-----w C:\Program Files\DBFrontend
2007-12-18 20:06 --------- d-----w C:\Program Files\Edcom44
2007-12-18 20:02 --------- d-----w C:\Program Files\CaptureEze Pro
2007-12-18 20:01 --------- d-----w C:\Program Files\Black Isle
2007-12-18 19:48 --------- d-----w C:\Program Files\Amerzone
2007-12-17 19:31 20,954,713 ----a-w C:\Program Files\Common Files\Adobe3.zip
2007-12-15 05:02 --------- d-----w C:\Program Files\PDFCreator
2007-12-14 04:40 --------- d-----w C:\Program Files\QuickTime
2007-12-12 23:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-12-02 09:49 --------- d-----w C:\Program Files\kiwi.software.NET
2007-12-02 08:54 --------- d-----w C:\Documents and Settings\Richard\Application Data\ZoomBrowser EX
2007-12-01 07:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-12-01 07:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-12-01 07:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-12-01 07:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-12-01 07:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-12-01 07:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-12-01 07:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-12-01 07:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-12-01 07:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-24 16:11 --------- d-----w C:\Program Files\Realmz
2007-11-24 01:06 --------- d-----w C:\Program Files\ACW
2007-11-23 21:44 --------- d-----w C:\Program Files\Java
2007-11-22 23:37 --------- d-----w C:\Documents and Settings\Richard\Application Data\GetRightToGo
2007-11-21 03:32 --------- d-----w C:\Program Files\Trend Micro
2007-11-20 16:46 --------- d-----w C:\Program Files\Lavasoft
2007-11-20 16:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-20 16:43 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-20 16:28 --------- d-----w C:\Program Files\ZonedOut
2007-11-14 07:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-25 18:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-10-16 20:34 3,035 ----a-w C:\Documents and Settings\Richard\Application Data\unins000.dat
2006-08-10 03:59 1,397,286,497 ----a-w C:\Program Files\NeverwinterNights [in Program Files].zip
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66CD1A33-06A3-40EE-8409-DA0C93269B7A}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mp4 Player"="C:\Program Files\Mp4 Player\Mp4Player.exe" [ ]
"strayk"="C:\Program Files\STRAYK\strayk.exe" [2007-03-08 12:28 532480]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="C:\WINDOWS\system32\Macromed\SHOCKW~1\SWHELP~2.exe" [2007-08-07 16:20 391144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 01:01 110592]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 15:54 57344]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-12 05:58 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-12 05:58 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-12 05:58 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-12 05:58 455168]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 13:49 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 13:46 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 13:50 114688]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-11-16 00:05 127035]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-12 06:04 33280 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-09-17 00:07 1626112 C:\WINDOWS\system32\nwiz.exe]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 13:42 1404928]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30 517768]
"SansaDispatch"="C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe" [2007-05-02 18:00 55368]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-12 06:04 33280 C:\WINDOWS\system32\rundll32.exe]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 10:56 286720]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46 624248]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-06-04 18:05 116328]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-06-25 21:00 771440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-03-20 10:33:50]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ENTERPRISE]
C:\WINDOWS\system32\ENTERPRISE.dll 2007-12-22 18:45 70671 C:\WINDOWS\system32\ENTERPRISE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

R1 vcdrom;Virtual CD-ROM Device Driver;C:\WINDOWS\system32\drivers\VCdRom.sys [2001-12-19 10:45]
R2 B2Ether;Basilisk II Ethernet Driver;C:\WINDOWS\system32\DRIVERS\B2Ether.sys [2001-09-10 21:01]
R2 cdenable;cdenable;C:\WINDOWS\system32\Drivers\cdenable.sys [2001-09-10 21:01]
R2 IOPort;IOPort;C:\WINDOWS\system32\IOPORT.SYS [1998-11-27 17:57]
S3 merger;merger;"C:\Program Files\Microsoft Application Compatibility Toolkit\Application Analyzer\merger.exe" [2005-09-27 10:33]
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe [2004-08-12 06:06]
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe [2004-08-12 06:06]
S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe [2004-08-12 06:06]
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe [2004-08-12 06:06]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-01-08 08:18:18 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Richard.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-12 20:03:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\ENTERPRISE.dll
.
Completion time: 2008-01-12 20:09:14 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-13 04:09:06
.
2008-01-09 08:56:44 --- E O F ---




The HijackThis Log from the Main.txt file generated by DSS.exe:


Deckard's System Scanner v20071014.68
Run by Richard on 2008-01-12 20:29:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
9: 2008-01-13 04:29:49 UTC - RP9 - Deckard's System Scanner Restore Point
8: 2008-01-13 03:51:02 UTC - RP8 - ComboFix created restore point
7: 2008-01-11 14:03:13 UTC - RP7 - System Checkpoint
6: 2008-01-10 12:48:35 UTC - RP6 - System Checkpoint
5: 2008-01-09 08:54:47 UTC - RP5 - Software Distribution Service 3.0


-- First Restore Point --
1: 2007-12-28 08:06:45 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 16.87 GiB (less than 15%) free.


-- HijackThis (run as Richard.exe) ---------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-01-12 20:34:19
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\LS_Duhem\lsdiorw\lsdiorw2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sandisk\Sansa Updater\SansaDispatch.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\STRAYK\strayk.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\Macromed\Shockwave 10\SwHelper_1020023.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\Richard\Desktop\dss.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBHO.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {66CD1A33-06A3-40EE-8409-DA0C93269B7A} - __BHODemonDisabled (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SansaDispatch] "C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [Mp4 Player] "C:\Program Files\Mp4 Player\Mp4Player.exe" hmw
O4 - HKCU\..\Run: [strayk] "C:\Program Files\STRAYK\strayk.exe" -ds
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] "C:\WINDOWS\system32\Macromed\SHOCKW~1\SWHELP~2.EXE" -Update -1020023 -iexplore.exe7.0
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download Flash with Flash Capture - C:\Program Files\Flash Capture\dl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} (CentraUpdaterAxCtl Class) - http://prod1.centra.com/SiteRoots/main/Ins...raUpdaterAx.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/e/7.../OGAControl.cab
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} (SentinelVE3D Class) - http://download.microsoft.com/download/a/d...tualEarth3D.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/w...ntrol_en_US.cab
O16 - DPF: {0EDE3059-2BF8-49C5-8640-4694550C444E} (IACache Class) - http://www.lotrdvd.com/dvdkey/extended_dvd..._E/lotrfotr.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shock...director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/9/b...heckControl.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} () - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} (IEPlayInterface Class) - http://www.lotrdvd.com/dvdkey/extended_dvd...ds/iaieplay.dll
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc2.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsupp/as...trl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...trl/tgctlsr.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6697AFA6-1CD3-462E-AC0A-363EF8BCD102} (SyScan2 Control) - http://www.evga.com/Support/SyScan/SyScan.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab Class) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} () - http://v4.windowsupdate.microsoft.com/CAB/...8481.8024884259
O16 - DPF: {A8658086-E6AC-4957-BC8E-8D54A7E8A790} (GDIChk Object) - http://www.microsoft.com/security/controls/GDI/0/GDIChk.CAB
O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} (CentraDownloaderCtl Class) - http://asp17.centra.com/SiteRoots/main/Ins...aDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} () - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{7EB37A5A-0FF5-4E61-8144-CC6E52EE5AC3}: NameServer = 68.87.66.196,68.87.64.196
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: ENTERPRISE - C:\WINDOWS\system32\ENTERPRISE.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATM Service (ATMsrvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\ATMsrvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Lsdiorw - Logiciels & Services Duhem, Paris, France - C:\Program Files\LS_Duhem\lsdiorw\lsdiorw2.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe


--
End of file - 18110 bytes

-- File Associations -----------------------------------------------------------

.js - unable to read key
.js - unable to read key
.txt - unable to read key
.txt - unable to read key


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R1 vcdrom (Virtual CD-ROM Device Driver) - c:\windows\system32\drivers\vcdrom.sys <Not Verified; Microsoft Corporation; VirtualCdRom>
R2 B2Ether (Basilisk II Ethernet Driver) - c:\windows\system32\drivers\b2ether.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R2 cdenable - c:\windows\system32\drivers\cdenable.sys
R2 CDRPDACC (Arrowkey Device Access) - c:\program files\321studios\shared\cdrpdacc.sys <Not Verified; Arrowkey; CD Device Access>
R2 IOPort - c:\windows\system32\ioport.sys <Not Verified; Erik Salaj; IOPort>
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

S3 bvrp_pci - c:\windows\system32\drivers\bvrp_pci.sys
S3 catchme - c:\docume~1\richard\locals~1\temp\catchme.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
R2 Lsdiorw - c:\program files\ls_duhem\lsdiorw\lsdiorw2.exe <Not Verified; Logiciels & Services Duhem, Paris, France; MacDisk>
R2 UPHClean (User Profile Hive Cleanup) - c:\program files\uphclean\uphclean.exe <Not Verified; Microsoft Corporation; User Profile Hive Cleanup Service>
R3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>

S2 StarWindService (StarWind iSCSI Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindservice.exe (file missing)
S3 Imapi Helper - "c:\program files\alex feinman\iso recorder\imapihelper.exe" <Not Verified; Alex Feinman; ISO Recorder>
S3 merger - "c:\program files\microsoft application compatibility toolkit\application analyzer\merger.exe" <Not Verified; Microsoft Corporation; Microsoft® Application Compatibility Toolkit>
S4 ATMsrvc (ATM Service) - c:\windows\system32\atmsrvc.exe <Not Verified; Adobe Systems Incorporated; Adobe Type Manager>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-01-08 00:18:18 626 --a------ C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Richard.job


-- Files created between 2007-12-12 and 2008-01-12 -----------------------------

2007-12-29 22:33:30 0 d-------- C:\z
2007-12-29 12:53:30 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2007-12-29 12:53:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\Aladdin Systems
2007-12-29 00:21:25 0 d-------- C:\WINDOWS\ERUNT
2007-12-28 21:53:00 2855 --a------ C:\WINDOWS\command.PIF
2007-12-28 21:52:33 2855 --a------ C:\command.PIF
2007-12-28 16:29:39 765952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-12-28 16:29:38 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-12-28 16:29:38 0 d-------- C:\Program Files\Xvid
2007-12-28 15:32:31 0 d-------- C:\Program Files\Common Files\xing shared
2007-12-27 23:17:06 0 d-------- C:\Documents and Settings\Ulrich\Application Data\Adobe
2007-12-27 23:15:34 0 d-------- C:\Documents and Settings\Ulrich\Application Data\Grisoft
2007-12-27 13:44:40 0 d-------- C:\Program Files\HostsXpert
2007-12-26 01:01:33 0 d-------- C:\Documents and Settings\Default User\Application Data\Apple Computer
2007-12-26 00:11:44 0 d-------- C:\Program Files\Norton Internet Security
2007-12-24 23:00:21 0 d-------- C:\Program Files\Spyware Doctor
2007-12-24 23:00:21 0 d-------- C:\Documents and Settings\Richard\Application Data\PC Tools
2007-12-24 17:27:47 0 d-------- C:\Documents and Settings\Richard\DoctorWeb
2007-12-24 17:14:52 0 d-------- C:\Documents and Settings\Richard\Application Data\Grisoft
2007-12-24 17:14:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-23 02:23:59 1152 --a------ C:\WINDOWS\system32\windrv.sys
2007-12-23 02:23:18 0 d-------- C:\Program Files\SpyNoMore
2007-12-22 18:45:46 70671 --a------ C:\WINDOWS\system32\ENTERPRISE.dll
2007-12-21 13:33:34 0 d-------- C:\Program Files\Alcohol Soft
2007-12-20 09:16:43 639224 --a------ C:\WINDOWS\system32\drivers\sp


Thank you very much for your assistance.

Richard1777

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,640 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:40 PM

Posted 15 January 2008 - 10:57 AM

Are these files you downloaded or created?

C:\Documents and Settings\All Users\Documents.zip
C:\Program Files\pic_view--a small graphic file viewer.zip

If not, delete them please.

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

Suspect::[3]
C:\WINDOWS\system32\ENTERPRISE.dll

File::
C:\WINDOWS\command.PIF
C:\command.PIF

DirLook::
C:\Program Files\.finf


Save this as the txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.

#5 richard1777

richard1777
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:40 PM

Posted 15 January 2008 - 07:52 PM

Grinler,

Thank you for your instructions and assistance. The two file you asked about, I think that the pic_view came from somewhere, but I'm really not sure where either of them came from. I had previously found and had doubts about pic_view: the file properties gave the information "small graphics file viewer" which is what I appended to its name, but I do not recall opening the zip file. Then again, perhaps I found this and archived it to in effect quarantine it: I don't really recall. The "documents.zip" file I can't recall ever having seen before. Regardless, I deleted both of these.

I prepared the script you provided and ran it on ComboFix.exe as instructed. At its end it produced a log.txt, and requested that I paste the following file name, "[3]-Submit_2008-01-15@16.03.zip", into the box and click send. I did that, but the Internet Explorer returned an error (something about it failed to find a file, perhaps it was the combofix log, where it expected to find it. Internet Explorer crashed, so I do not know if the above file was sent to you or not. If not, please instruct me how to do so and I will: from your earlier communication, I surmise that you would not want me to append it to this message.

HijackThis again would still not run, so again I ran DSS.exe. It crashed again during its examination of modified files, but it produced a log as main.txt (extra.txt had no data). The ComboFix and HijackThis logs are included below:

------------------
ComboFix Log
------------------
ComboFix 08-01-09.2 - Richard 2008-01-15 16:03:40.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2004 [GMT -8:00]
Running from: C:\Documents and Settings\Richard\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Richard\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\command.PIF
C:\WINDOWS\command.PIF
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\command.PIF
C:\WINDOWS\command.PIF

.
((((((((((((((((((((((((( Files Created from 2007-12-16 to 2008-01-16 )))))))))))))))))))))))))))))))
.

2007-12-29 22:33 . 2008-01-12 20:50 <DIR> d-------- C:\z
2007-12-29 17:51 . 2007-12-29 17:51 <DIR> d-------- C:\Deckard
2007-12-29 12:53 . 2007-12-29 12:53 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Aladdin Systems
2007-12-29 00:21 . 2007-12-29 00:21 <DIR> d-------- C:\WINDOWS\ERUNT
2007-12-28 16:29 . 2007-12-28 16:29 <DIR> d-------- C:\Program Files\Xvid
2007-12-28 16:29 . 2007-06-28 18:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-12-28 16:29 . 2007-06-28 18:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-12-28 16:29 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2007-12-28 15:32 . 2007-12-28 15:32 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-12-27 23:15 . 2007-12-27 23:15 <DIR> d-------- C:\Documents and Settings\Ulrich\Application Data\Grisoft
2007-12-27 13:44 . 2007-12-27 22:25 <DIR> d-------- C:\Program Files\HostsXpert
2007-12-26 18:15 . 2008-01-15 11:07 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-26 18:15 . 2007-12-26 18:15 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-26 01:01 . 2007-12-26 01:01 <DIR> d-------- C:\Documents and Settings\Default User\Application Data\Apple Computer
2007-12-26 00:11 . 2007-12-26 00:45 <DIR> d-------- C:\Program Files\Norton Internet Security
2007-12-24 23:00 . 2007-12-25 14:48 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-12-24 23:00 . 2007-12-24 23:00 <DIR> d-------- C:\Documents and Settings\Richard\Application Data\PC Tools
2007-12-24 23:00 . 2007-12-24 23:29 74,240 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-24 23:00 . 2007-12-24 23:29 56,832 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-24 23:00 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-12-24 23:00 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-12-24 22:59 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-24 17:27 . 2007-12-24 17:27 <DIR> d-------- C:\Documents and Settings\Richard\DoctorWeb
2007-12-24 17:14 . 2007-12-24 17:14 <DIR> d-------- C:\Documents and Settings\Richard\Application Data\Grisoft
2007-12-24 17:14 . 2007-12-24 17:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-24 17:14 . 2007-05-30 04:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-23 02:23 . 2007-12-27 17:36 <DIR> d-------- C:\Program Files\SpyNoMore
2007-12-23 02:23 . 2007-12-23 02:23 1,152 --a------ C:\WINDOWS\system32\windrv.sys
2007-12-22 18:45 . 2007-12-22 18:45 70,671 --a------ C:\WINDOWS\system32\ENTERPRISE.dll
2007-12-22 18:45 . 2007-12-22 18:45 409 --a------ C:\log.udt
2007-12-21 13:33 . 2007-12-21 13:33 <DIR> d-------- C:\Program Files\Alcohol Soft
2007-12-20 09:16 . 2007-12-20 09:16 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-12-18 15:43 . 2007-12-18 15:43 <DIR> d-------- C:\Documents and Settings\Richard\Application Data\Thinstall
2007-12-17 16:24 . 2007-12-17 16:24 <DIR> d-------- C:\Program Files\Acro Software
2007-12-17 16:24 . 2007-07-12 22:33 87,552 --a------ C:\WINDOWS\system32\cpwmon2k.dll
2007-12-17 15:55 . 2007-12-17 15:55 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-12-17 15:13 . 2007-12-19 13:54 <DIR> d-------- C:\Program Files\PowerISO
2007-12-17 13:53 . 2007-12-17 13:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-16 00:00 --------- d-----w C:\Documents and Settings\Richard\Application Data\STRAYK
2008-01-15 19:06 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-14 04:01 --------- d-----w C:\Program Files\Basilisk II
2008-01-12 00:36 --------- d-----w C:\Program Files\.finf
2008-01-09 09:23 --------- d-----w C:\Documents and Settings\Richard\Application Data\Azureus
2008-01-08 19:16 --------- d-----w C:\Program Files\Azureus
2007-12-29 00:35 --------- d-----w C:\Program Files\DivX
2007-12-28 23:32 --------- d-----w C:\Program Files\Common Files\Real
2007-12-28 08:44 14,035,738 ----a-w C:\Program Files\Spybot - Search & Destroy.zip
2007-12-28 07:56 --------- d-----w C:\Program Files\Winamp
2007-12-28 03:29 --------- d-----w C:\Program Files\SpywareBlaster
2007-12-28 01:34 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-26 19:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-26 08:41 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-26 08:41 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-26 08:41 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-26 08:41 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-26 08:41 --------- d-----w C:\Program Files\Symantec
2007-12-26 00:26 241,076,579 ----a-w C:\Program Files\Common Files\Symantec Shared -2-3 files in CCPD-LC.zip
2007-12-25 22:37 --------- d-----w C:\Documents and Settings\Richard\Application Data\Symantec
2007-12-23 11:17 762,164 ----a-w C:\Program Files\PCDownloader(malware(Q)).zip
2007-12-23 02:36 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-21 23:44 --------- d-----w C:\Program Files\Konvertor
2007-12-21 23:38 --------- d-----w C:\Program Files\3DO
2007-12-21 22:50 11,340,209 ----a-w C:\Program Files\Microsoft AntiSpyware.zip
2007-12-20 19:01 --------- d-----w C:\Program Files\iTunes
2007-12-20 18:58 --------- d-----w C:\Program Files\BitComet
2007-12-20 17:45 58,975,827 ----a-w C:\Program Files\Common Files\Adobe1.zip
2007-12-19 21:55 --------- d-----w C:\Program Files\MagicISO
2007-12-18 20:32 --------- d-----w C:\Program Files\Photo-Lux
2007-12-18 20:19 58,975,826 ----a-w C:\Program Files\Common Files\Adobe2.zip
2007-12-18 20:14 --------- d-----w C:\Program Files\DAP
2007-12-18 20:13 --------- d-----w C:\Program Files\DBFrontend
2007-12-18 20:06 --------- d-----w C:\Program Files\Edcom44
2007-12-18 20:02 --------- d-----w C:\Program Files\CaptureEze Pro
2007-12-18 20:01 --------- d-----w C:\Program Files\Black Isle
2007-12-18 19:48 --------- d-----w C:\Program Files\Amerzone
2007-12-17 19:31 20,954,713 ----a-w C:\Program Files\Common Files\Adobe3.zip
2007-12-15 05:02 --------- d-----w C:\Program Files\PDFCreator
2007-12-14 04:40 --------- d-----w C:\Program Files\QuickTime
2007-12-12 23:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-12-04 01:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-12-04 01:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2007-12-02 09:49 --------- d-----w C:\Program Files\kiwi.software.NET
2007-12-02 08:54 --------- d-----w C:\Documents and Settings\Richard\Application Data\ZoomBrowser EX
2007-12-01 07:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-12-01 07:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-12-01 07:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-12-01 07:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-12-01 07:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-12-01 07:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-12-01 07:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-12-01 07:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-12-01 07:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-29 22:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-11-29 22:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-11-29 22:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-11-29 22:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-11-28 21:55 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-11-28 21:53 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-11-28 21:53 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-11-28 21:53 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-11-28 21:53 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-11-28 21:52 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-11-24 16:11 --------- d-----w C:\Program Files\Realmz
2007-11-24 01:06 --------- d-----w C:\Program Files\ACW
2007-11-23 21:44 --------- d-----w C:\Program Files\Java
2007-11-22 23:37 --------- d-----w C:\Documents and Settings\Richard\Application Data\GetRightToGo
2007-11-21 03:32 --------- d-----w C:\Program Files\Trend Micro
2007-11-20 16:46 --------- d-----w C:\Program Files\Lavasoft
2007-11-20 16:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-20 16:43 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-20 16:28 --------- d-----w C:\Program Files\ZonedOut
2007-11-20 06:23 278,528 ----a-w C:\WINDOWS\system32\livesnth.dll
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-31 03:55 625,032 ----a-w C:\WINDOWS\system32\SymNeti.dll
2007-10-31 03:55 242,056 ----a-w C:\WINDOWS\system32\SymRedir.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-28 01:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 18:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-10-24 09:47 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll
2007-10-24 09:47 84,480 ----a-w C:\WINDOWS\system32\mscories.dll
2007-10-24 09:47 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll
2007-10-24 09:47 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll
2007-10-16 20:34 3,035 ----a-w C:\Documents and Settings\Richard\Application Data\unins000.dat
2006-08-10 03:59 1,397,286,497 ----a-w C:\Program Files\NeverwinterNights [in Program Files].zip
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Program Files\.finf ----

2008-01-11 16:38 16 --a------ C:\Program Files\.finf\Basilisk II
2008-01-11 16:36 16 --a------ C:\Program Files\.finf\Xvid
2008-01-11 16:36 16 --a------ C:\Program Files\.finf\Spyware Doctor
2008-01-11 16:36 16 --a------ C:\Program Files\.finf\SpyNoMore
2008-01-11 16:36 16 --a------ C:\Program Files\.finf\Spybot - Search & Destroy.zip
2008-01-11 16:36 16 --a------ C:\Program Files\.finf\PowerISO
2008-01-11 16:36 16 --a------ C:\Program Files\.finf\PCDownloader(malware(Q)).zip
2008-01-11 16:36 16 --a------ C:\Program Files\.finf\Microsoft AntiSpyware.zip
2008-01-11 16:36 16 --a------ C:\Program Files\.finf\HostsXpert
2008-01-11 16:36 16 --a------ C:\Program Files\.finf\Grisoft
2008-01-11 16:36 16 --a------ C:\Program Files\.finf\Acro Software
2007-12-10 15:03 16 --a------ C:\Program Files\.finf\Realmz spell descriptions.pdf
2007-12-04 08:36 16 --a------ C:\Program Files\.finf\kiwi.software.NET
2007-11-24 09:44 16 --a------ C:\Program Files\.finf\ZonedOut
2007-11-24 09:44 16 --a------ C:\Program Files\.finf\Webroot
2007-11-24 09:44 16 --a------ C:\Program Files\.finf\VirtualDub-1.7.6
2007-11-24 09:44 16 --a------ C:\Program Files\.finf\Virtual Earth 3D
2007-11-24 09:44 16 --a------ C:\Program Files\.finf\VideoLAN
2007-11-24 09:44 16 --a------ C:\Program Files\.finf\Trend Micro
2007-11-24 09:44 16 --a------ C:\Program Files\.finf\SystemRequirementsLab
2007-11-24 09:44 16 --a------ C:\Program Files\.finf\STRAYK
2007-11-24 09:44 16 --a------ C:\Program Files\.finf\SpywareBlaster
2007-11-24 09:44 16 --a------ C:\Program Files\.finf\Spybot - Search & Destroy
2007-11-24 09:44 16 --a------ C:\Program Files\.finf\Skyline
2007-11-24 09:44 16 --a------ C:\Program Files\.finf\Sandisk
2007-11-24 09:44 16 --a------ C:\Program Files\.finf\Safer Networking
2007-11-24 09:44 16 --a------ C:\Program Files\.finf\Orbitdownloader
2007-11-24 09:44 16 --a------ C:\Program Files\.finf\ODBC-DAO-RDO
2007-11-24 09:44 16 --a------ C:\Program Files\.finf\MSXML 6.0
2007-11-24 09:44 16 --a------ C:\Program Files\.finf\LizardTech
2007-11-24 09:44 16 --a------ C:\Program Files\.finf\Lavasoft
2007-11-24 09:44 16 --a------ C:\Program Files\.finf\Konvertor
2007-11-24 09:44 16 --a------ C:\Program Files\.finf\IrfanView
2007-11-24 09:44 16 --a------ C:\Program Files\.finf\GustoSoft
2007-11-24 09:44 16 --a------ C:\Program Files\.finf\GeoVid
2007-11-24 09:44 16 --a------ C:\Program Files\.finf\Folder2ISO
2007-11-24 09:44 16 --a------ C:\Program Files\.finf\Eltima Software
2007-11-24 09:44 16 --a------ C:\Program Files\.finf\CaptureEze Pro
2007-11-24 09:44 16 --a------ C:\Program Files\.finf\Avery Wizard 3.0
2007-11-24 09:44 16 --a------ C:\Program Files\.finf\Austria
2007-11-24 09:44 16 --a------ C:\Program Files\.finf\Apple Software Update
2007-11-24 09:44 16 --a------ C:\Program Files\.finf\ACW
2007-06-18 09:59 16 --a------ C:\Program Files\.finf\UPHClean
2007-06-18 09:59 16 --a------ C:\Program Files\.finf\Real Time Markets
2007-06-18 09:59 16 --a------ C:\Program Files\.finf\Centra
2007-05-25 13:50 16 --a------ C:\Program Files\.finf\FontLab
2007-05-15 16:16 16 --a------ C:\Program Files\.finf\Windows Media Connect 2
2007-05-15 16:16 16 --a------ C:\Program Files\.finf\Windows Defender
2007-05-15 16:16 16 --a------ C:\Program Files\.finf\Winamp
2007-05-15 16:16 16 --a------ C:\Program Files\.finf\WebCyberCoach
2007-05-15 16:16 16 --a------ C:\Program Files\.finf\uTorrent
2007-05-15 16:16 16 --a------ C:\Program Files\.finf\TransMac
2007-05-15 16:16 16 --a------ C:\Program Files\.finf\RTM
2007-05-15 16:16 16 --a------ C:\Program Files\.finf\Realmz
2007-05-15 16:16 16 --a------ C:\Program Files\.finf\RADVideo
2007-05-15 16:16 16 --a------ C:\Program Files\.finf\PCDownloader
2007-05-15 16:16 16 --a------ C:\Program Files\.finf\Kronia 1.0.8
2007-05-15 16:16 16 --a------ C:\Program Files\.finf\GSpot
2007-05-15 16:16 16 --a------ C:\Program Files\.finf\Google
2007-05-15 16:16 16 --a------ C:\Program Files\.finf\Genesis
2007-05-15 16:16 16 --a------ C:\Program Files\.finf\Flash Capture
2007-05-15 16:16 16 --a------ C:\Program Files\.finf\Earth Resource Mapping
2007-05-15 16:16 16 --a------ C:\Program Files\.finf\Dell Support
2007-05-15 16:16 16 --a------ C:\Program Files\.finf\Dell
2007-05-15 16:16 16 --a------ C:\Program Files\.finf\DAP
2007-05-15 16:16 16 --a------ C:\Program Files\.finf\CrossFnt
2007-05-15 16:16 16 --a------ C:\Program Files\.finf\CentraOne
2007-05-15 16:16 16 --a------ C:\Program Files\.finf\CDBurnerXP Pro 3
2007-05-15 16:16 16 --a------ C:\Program Files\.finf\Calc98
2007-05-15 16:16 16 --a------ C:\Program Files\.finf\BitLord
2007-05-15 16:16 16 --a------ C:\Program Files\.finf\Bethesda Softworks
2007-05-15 16:16 16 --a------ C:\Program Files\.finf\Autodesk
2007-05-15 16:16 16 --a------ C:\Program Files\.finf\Astonsoft
2007-05-15 16:16 16 --a------ C:\Program Files\.finf\Alex Feinman
2006-07-27 10:47 16 --a------ C:\Program Files\.finf\Adobe Type Manager
2005-06-19 00:26 16 --a------ C:\Program Files\.finf\Windows Resource Kits
2005-06-19 00:26 16 --a------ C:\Program Files\.finf\SNES
2005-06-19 00:26 16 --a------ C:\Program Files\.finf\Sierra On-Line
2005-06-19 00:26 16 --a------ C:\Program Files\.finf\Sierra
2005-06-19 00:26 16 --a------ C:\Program Files\.finf\NeverwinterNights
2005-06-19 00:26 16 --a------ C:\Program Files\.finf\MagicISO
2005-06-19 00:26 16 --a------ C:\Program Files\.finf\InterActual
2005-06-19 00:26 16 --a------ C:\Program Files\.finf\Heros 4
2005-06-19 00:26 16 --a------ C:\Program Files\.finf\GameSpy Arcade
2005-06-19 00:26 16 --a------ C:\Program Files\.finf\ePSXe
2005-06-19 00:26 16 --a------ C:\Program Files\.finf\Dark_Eye
2005-06-19 00:26 16 --a------ C:\Program Files\.finf\D-Tools
2005-06-19 00:26 16 --a------ C:\Program Files\.finf\CRS-MegaDev
2005-06-19 00:26 16 --a------ C:\Program Files\.finf\CPU slowdown
2005-06-19 00:26 16 --a------ C:\Program Files\.finf\CDR-DAO
2005-06-19 00:26 16 --a------ C:\Program Files\.finf\Black Isle
2005-06-19 00:26 16 --a------ C:\Program Files\.finf\BitComet
2005-06-19 00:26 16 --a------ C:\Program Files\.finf\Azureus
2005-06-19 00:26 16 --a------ C:\Program Files\.finf\Amerzone
2005-06-19 00:26 16 --a------ C:\Program Files\.finf\Alcohol Soft
2005-06-19 00:26 16 --a------ C:\Program Files\.finf\3DO
2005-06-19 00:26 16 --a------ C:\Program Files\.finf\321Studios
2005-05-23 00:47 16 --a------ C:\Program Files\.finf\XnView
2005-05-23 00:47 16 --a------ C:\Program Files\.finf\ScummVM
2005-05-21 18:07 16 --a------ C:\Program Files\.finf\Photo-Lux
2005-05-21 00:44 16 --a------ C:\Program Files\.finf\pic_view
2005-05-21 00:44 16 --a------ C:\Program Files\.finf\New Folder
2005-05-21 00:44 16 --a------ C:\Program Files\.finf\hex-mj24
2005-05-17 16:29 16 --a------ C:\Program Files\.finf\macico
2005-05-17 15:35 16 --a------ C:\Program Files\.finf\Warlords3
2005-05-17 15:35 16 --a------ C:\Program Files\.finf\VDMSound
2005-05-17 15:35 16 --a------ C:\Program Files\.finf\IconShop
2005-05-17 15:35 16 --a------ C:\Program Files\.finf\GetRight
2005-05-17 15:35 16 --a------ C:\Program Files\.finf\Edcom44
2005-05-17 15:35 16 --a------ C:\Program Files\.finf\DOSBox
2005-05-11 15:14 16 --a------ C:\Program Files\.finf\Wing Commander III
2005-05-11 15:14 16 --a------ C:\Program Files\.finf\ScreenHunter
2005-05-11 15:14 16 --a------ C:\Program Files\.finf\Cute CD DVD Burner
2005-05-04 18:57 16 --a------ C:\Program Files\.finf\WinRAR
2005-05-04 18:57 16 --a------ C:\Program Files\.finf\Windows Media Connect
2005-05-04 18:57 16 --a------ C:\Program Files\.finf\RobyDosBox
2005-05-04 18:57 16 --a------ C:\Program Files\.finf\HighMAT CD Writing Wizard
2005-05-04 18:57 16 --a------ C:\Program Files\.finf\ePSXeCutor1060
2005-05-04 18:57 16 --a------ C:\Program Files\.finf\DivX
2005-05-04 18:57 16 --a------ C:\Program Files\.finf\DBFrontend
2005-05-04 18:57 16 --a------ C:\Program Files\.finf\coskyoto
2005-05-04 18:57 16 --a------ C:\Program Files\.finf\BitTorrent
2005-05-01 14:48 16 --a------ C:\Program Files\.finf\Real
2005-05-01 14:48 16 --a------ C:\Program Files\.finf\QuickTime
2005-05-01 14:48 16 --a------ C:\Program Files\.finf\iTunes
2005-05-01 14:48 16 --a------ C:\Program Files\.finf\iPod
2005-04-25 10:04 16 --a------ C:\Program Files\.finf\UltimaIV
2005-04-11 22:09 16 --a------ C:\Program Files\.finf\Ishido
2005-04-10 23:03 16 --a------ C:\Program Files\.finf\Basilisk IIv2
2005-04-05 21:45 16 --a------ C:\Program Files\.finf\LS_Duhem
2005-04-04 21:16 16 --a------ C:\Program Files\.finf\xerox
2005-04-04 21:16 16 --a------ C:\Program Files\.finf\WindowsUpdate
2005-04-04 21:16 16 --a------ C:\Program Files\.finf\Windows NT
2005-04-04 21:16 16 --a------ C:\Program Files\.finf\Windows Media Player
2005-04-04 21:16 16 --a------ C:\Program Files\.finf\Uninstall Information
2005-04-04 21:16 16 --a------ C:\Program Files\.finf\SymNetDrv
2005-04-04 21:16 16 --a------ C:\Program Files\.finf\Symantec
2005-04-04 21:16 16 --a------ C:\Program Files\.finf\support.com
2005-04-04 21:16 16 --a------ C:\Program Files\.finf\Support Tools
2005-04-04 21:16 16 --a------ C:\Program Files\.finf\Sonic
2005-04-04 21:16 16 --a------ C:\Program Files\.finf\PDFCreator
2005-04-04 21:16 16 --a------ C:\Program Files\.finf\Outlook Express
2005-04-04 21:16 16 --a------ C:\Program Files\.finf\Online Services
2005-04-04 21:16 16 --a------ C:\Program Files\.finf\OfficeUpdate11
2005-04-04 21:16 16 --a------ C:\Program Files\.finf\Norton Internet Security
2005-04-04 21:16 16 --a------ C:\Program Files\.finf\NetWaiting
2005-04-04 21:16 16 --a------ C:\Program Files\.finf\NetMeeting
2005-04-04 21:16 16 --a------ C:\Program Files\.finf\MSN Gaming Zone
2005-04-04 21:16 16 --a------ C:\Program Files\.finf\MSN
2005-04-04 21:16 16 --a------ C:\Program Files\.finf\Movie Maker
2005-04-04 21:16 16 --a------ C:\Program Files\.finf\Modem Helper
2005-04-04 21:16 16 --a------ C:\Program Files\.finf\Microsoft.NET
2005-04-04 21:16 16 --a------ C:\Program Files\.finf\Microsoft Works
2005-04-04 21:16 16 --a------ C:\Program Files\.finf\Microsoft Visual Studio
2005-04-04 21:16 16 --a------ C:\Program Files\.finf\Microsoft Office
2005-04-04 21:16 16 --a------ C:\Program Files\.finf\microsoft frontpage
2005-04-04 21:16 16 --a------ C:\Program Files\.finf\Microsoft AntiSpyware
2005-04-04 21:16 16 --a------ C:\Program Files\.finf\Microsoft ActiveSync
2005-04-04 21:16 16 --a------ C:\Program Files\.finf\Messenger
2005-04-04 21:16 16 --a------ C:\Program Files\.finf\Java
2005-04-04 21:16 16 --a------ C:\Program Files\.finf\Internet Explorer
2005-04-04 21:16 16 --a------ C:\Program Files\.finf\HFV Explorer
2005-04-04 21:16 16 --a------ C:\Program Files\.finf\Ghostscript
2005-04-04 21:16 16 --a------ C:\Program Files\.finf\DOSBox-0.63
2005-04-04 21:16 16 --a------ C:\Program Files\.finf\Digital Line Detect
2005-04-04 21:16 16 --a------ C:\Program Files\.finf\D-Fend
2005-04-04 21:16 16 --a------ C:\Program Files\.finf\CyberLink
2005-04-04 21:16 16 --a------ C:\Program Files\.finf\CONEXANT
2005-04-04 21:16 16 --a------ C:\Program Files\.finf\ComPlus Applications
2005-04-04 21:16 16 --a------ C:\Program Files\.finf\Common Files
2005-04-04 21:16 16 --a------ C:\Program Files\.finf\Citrix
2005-04-04 21:16 16 --a------ C:\Program Files\.finf\Canon
2005-04-04 21:16 16 --a------ C:\Program Files\.finf\Broadcom
2005-04-04 21:16 16 --a------ C:\Program Files\.finf\Analog Devices
2005-04-04 21:16 16 --a------ C:\Program Files\.finf\Aladdin Systems
2005-04-04 21:16 16 --a------ C:\Program Files\.finf\Adobe


((((((((((((((((((((((((((((( snapshot@2008-01-12_20.08.08.40 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-13 03:51:05 1,409,024 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-16 00:02:28 1,409,024 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-13 03:51:06 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-16 00:02:28 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-13 03:51:06 1,409,024 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-16 00:02:28 1,409,024 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-13 03:51:06 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-16 00:02:28 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-13 03:51:06 21,368,832 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-16 00:02:28 21,368,832 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-13 03:51:06 286,720 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-16 00:02:29 286,720 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-15 19:08:04 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_e70.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66CD1A33-06A3-40EE-8409-DA0C93269B7A}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mp4 Player"="C:\Program Files\Mp4 Player\Mp4Player.exe" [ ]
"strayk"="C:\Program Files\STRAYK\strayk.exe" [2007-03-08 12:28 532480]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 01:01 110592]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 15:54 57344]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-12 05:58 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-12 05:58 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-12 05:58 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-12 05:58 455168]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 13:49 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 13:46 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 13:50 114688]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-11-16 00:05 127035]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-12 06:04 33280 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-09-17 00:07 1626112 C:\WINDOWS\system32\nwiz.exe]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 13:42 1404928]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30 517768]
"SansaDispatch"="C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe" [2007-05-02 18:00 55368]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-12 06:04 33280 C:\WINDOWS\system32\rundll32.exe]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 10:56 286720]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46 624248]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-06-04 18:05 116328]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-06-25 21:00 771440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-03-20 10:33:50]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ENTERPRISE]
C:\WINDOWS\system32\ENTERPRISE.dll 2007-12-22 18:45 70671 C:\WINDOWS\system32\ENTERPRISE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

R1 vcdrom;Virtual CD-ROM Device Driver;C:\WINDOWS\system32\drivers\VCdRom.sys [2001-12-19 10:45]
R2 B2Ether;Basilisk II Ethernet Driver;C:\WINDOWS\system32\DRIVERS\B2Ether.sys [2001-09-10 21:01]
R2 cdenable;cdenable;C:\WINDOWS\system32\Drivers\cdenable.sys [2001-09-10 21:01]
R2 IOPort;IOPort;C:\WINDOWS\system32\IOPORT.SYS [1998-11-27 17:57]
S3 merger;merger;"C:\Program Files\Microsoft Application Compatibility Toolkit\Application Analyzer\merger.exe" [2005-09-27 10:33]
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe [2004-08-12 06:06]
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe [2004-08-12 06:06]
S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe [2004-08-12 06:06]
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe [2004-08-12 06:06]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-01-15 08:33:08 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Richard.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-15 16:11:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\ENTERPRISE.dll
.
Completion time: 2008-01-15 16:13:16
ComboFix-quarantined-files.txt 2008-01-16 00:13:03
ComboFix2.txt 2008-01-13 04:09:15
.
2008-01-09 08:56:44 --- E O F ---


-------------------------
HijackThis log
-------------------------

Deckard's System Scanner v20071014.68
Run by Richard on 2008-01-12 20:42:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
9: 2008-01-13 04:29:49 UTC - RP9 - Deckard's System Scanner Restore Point
8: 2008-01-13 03:51:02 UTC - RP8 - ComboFix created restore point
7: 2008-01-11 14:03:13 UTC - RP7 - System Checkpoint
6: 2008-01-10 12:48:35 UTC - RP6 - System Checkpoint
5: 2008-01-09 08:54:47 UTC - RP5 - Software Distribution Service 3.0


-- First Restore Point --
1: 2007-12-28 08:06:45 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 16.86 GiB (less than 15%) free.


-- HijackThis (run as Richard.exe) ---------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-01-12 20:47:04
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\LS_Duhem\lsdiorw\lsdiorw2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sandisk\Sansa Updater\SansaDispatch.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\STRAYK\strayk.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\Richard\Desktop\dss.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBHO.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {66CD1A33-06A3-40EE-8409-DA0C93269B7A} - __BHODemonDisabled (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SansaDispatch] "C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [Mp4 Player] "C:\Program Files\Mp4 Player\Mp4Player.exe" hmw
O4 - HKCU\..\Run: [strayk] "C:\Program Files\STRAYK\strayk.exe" -ds
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download Flash with Flash Capture - C:\Program Files\Flash Capture\dl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} (CentraUpdaterAxCtl Class) - http://prod1.centra.com/SiteRoots/main/Ins...raUpdaterAx.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/e/7.../OGAControl.cab
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} (SentinelVE3D Class) - http://download.microsoft.com/download/a/d...tualEarth3D.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/w...ntrol_en_US.cab
O16 - DPF: {0EDE3059-2BF8-49C5-8640-4694550C444E} (IACache Class) - http://www.lotrdvd.com/dvdkey/extended_dvd..._E/lotrfotr.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shock...director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/9/b...heckControl.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} () - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} (IEPlayInterface Class) - http://www.lotrdvd.com/dvdkey/extended_dvd...ds/iaieplay.dll
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc2.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsupp/as...trl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...trl/tgctlsr.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6697AFA6-1CD3-462E-AC0A-363EF8BCD102} (SyScan2 Control) - http://www.evga.com/Support/SyScan/SyScan.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab Class) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} () - http://v4.windowsupdate.microsoft.com/CAB/...8481.8024884259
O16 - DPF: {A8658086-E6AC-4957-BC8E-8D54A7E8A790} (GDIChk Object) - http://www.microsoft.com/security/controls/GDI/0/GDIChk.CAB
O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} (CentraDownloaderCtl Class) - http://asp17.centra.com/SiteRoots/main/Ins...aDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} () - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{7EB37A5A-0FF5-4E61-8144-CC6E52EE5AC3}: NameServer = 68.87.66.196,68.87.64.196
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: ENTERPRISE - C:\WINDOWS\system32\ENTERPRISE.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATM Service (ATMsrvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\ATMsrvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Lsdiorw - Logiciels & Services Duhem, Paris, France - C:\Program Files\LS_Duhem\lsdiorw\lsdiorw2.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe


--
End of file - 17916 bytes

-- File Associations -----------------------------------------------------------

.js - unable to read key
.js - unable to read key
.txt - unable to read key
.txt - unable to read key


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R1 vcdrom (Virtual CD-ROM Device Driver) - c:\windows\system32\drivers\vcdrom.sys <Not Verified; Microsoft Corporation; VirtualCdRom>
R2 B2Ether (Basilisk II Ethernet Driver) - c:\windows\system32\drivers\b2ether.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R2 cdenable - c:\windows\system32\drivers\cdenable.sys
R2 CDRPDACC (Arrowkey Device Access) - c:\program files\321studios\shared\cdrpdacc.sys <Not Verified; Arrowkey; CD Device Access>
R2 IOPort - c:\windows\system32\ioport.sys <Not Verified; Erik Salaj; IOPort>
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

S3 bvrp_pci - c:\windows\system32\drivers\bvrp_pci.sys
S3 catchme - c:\docume~1\richard\locals~1\temp\catchme.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
R2 Lsdiorw - c:\program files\ls_duhem\lsdiorw\lsdiorw2.exe <Not Verified; Logiciels & Services Duhem, Paris, France; MacDisk>
R2 UPHClean (User Profile Hive Cleanup) - c:\program files\uphclean\uphclean.exe <Not Verified; Microsoft Corporation; User Profile Hive Cleanup Service>
R3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>

S2 StarWindService (StarWind iSCSI Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindservice.exe (file missing)
S3 Imapi Helper - "c:\program files\alex feinman\iso recorder\imapihelper.exe" <Not Verified; Alex Feinman; ISO Recorder>
S3 merger - "c:\program files\microsoft application compatibility toolkit\application analyzer\merger.exe" <Not Verified; Microsoft Corporation; Microsoft® Application Compatibility Toolkit>
S4 ATMsrvc (ATM Service) - c:\windows\system32\atmsrvc.exe <Not Verified; Adobe Systems Incorporated; Adobe Type Manager>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-01-08 00:18:18 626 --a------ C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Richard.job


-- Files created between 2007-12-12 and 2008-01-12 -----------------------------

2007-12-29 22:33:30 0 d-------- C:\z
2007-12-29 12:53:30 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2007-12-29 12:53:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\Aladdin Systems
2007-12-29 00:21:25 0 d-------- C:\WINDOWS\ERUNT
2007-12-28 21:53:00 2855 --a------ C:\WINDOWS\command.PIF
2007-12-28 21:52:33 2855 --a------ C:\command.PIF
2007-12-28 16:29:39 765952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-12-28 16:29:38 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-12-28 16:29:38 0 d-------- C:\Program Files\Xvid
2007-12-28 15:32:31 0 d-------- C:\Program Files\Common Files\xing shared
2007-12-27 23:17:06 0 d-------- C:\Documents and Settings\Ulrich\Application Data\Adobe
2007-12-27 23:15:34 0 d-------- C:\Documents and Settings\Ulrich\Application Data\Grisoft
2007-12-27 13:44:40 0 d-------- C:\Program Files\HostsXpert
2007-12-26 01:01:33 0 d-------- C:\Documents and Settings\Default User\Application Data\Apple Computer
2007-12-26 00:11:44 0 d-------- C:\Program Files\Norton Internet Security
2007-12-24 23:00:21 0 d-------- C:\Program Files\Spyware Doctor
2007-12-24 23:00:21 0 d-------- C:\Documents and Settings\Richard\Application Data\PC Tools
2007-12-24 17:27:47 0 d-------- C:\Documents and Settings\Richard\DoctorWeb
2007-12-24 17:14:52 0 d-------- C:\Documents and Settings\Richard\Application Data\Grisoft
2007-12-24 17:14:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-23 02:23:59 1152 --a------ C:\WINDOWS\system32\windrv.sys
2007-12-23 02:23:18 0 d-------- C:\Program Files\SpyNoMore
2007-12-22 18:45:46 70671 --a------ C:\WINDOWS\system32\ENTERPRISE.dll
2007-12-21 13:33:34 0 d-------- C:\Program Files\Alcohol Soft
2007-12-20 09:16:43 639224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-12-18 15:43:51 0 d-------- C:\Documents and Settings\Richard\Application Data\Thinstall
2007-12-17 16:24:38 0 d-------- C:\Program Files\Acro Software
2007-12-17 15:55:05 0 d-------- C:\Program Files\Common Files\Macrov


I'm sorry that this is proving to be difficult. I'll wait for your further instructions. Thank you very much for your assistance.
Richard1777

#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,640 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:40 PM

Posted 16 January 2008 - 01:53 PM

Go to:
http://www.bleepingcomputer.com/submit-malware.php
and fill in the required fields and browse to the C:\WINDOWS\system32\ENTERPRISE.dll file. Finally click on the Send File button.

#7 richard1777

richard1777
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:40 PM

Posted 16 January 2008 - 04:26 PM

Grinler,

I have submitted Enterprise.dll.

Thank you. Richard1777

#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,640 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:40 PM

Posted 16 January 2008 - 05:57 PM

Print out these instructions and then close all windows including Internet Explorer.

Reboot your computer into Safe Mode

Then I want you to fix some of those entries. Please do the following:

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:

O20 - Winlogon Notify: ENTERPRISE - C:\WINDOWS\system32\ENTERPRISE.dll

Reboot your computer to go back to normal mode and post a new log.

#9 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,640 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:40 PM

Posted 16 January 2008 - 09:59 PM

Also see if the spybot issues are gone after doing the above fix.

#10 richard1777

richard1777
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:40 PM

Posted 16 January 2008 - 10:07 PM

Grinler,

I rebooted to safe mode, but HijackThis still will not run. I ran DSS.exe, even though it says not to do this in safe mode unless so directed. It automatically ran HijackThis, as it has before, and HijackThis crashed during the examination of modified files, just as it has before.

Because HijackThis runs automatically as part of DSS.exe doing its thing, there is nowhere to click "Fix" or to input the checkmark. This time, DSS's run of HijackThis did not generate a log. I didn't want to run DSS again in safe mode without instruction to do so. So, I do not have a log to post this time.

Richard1777

#11 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,640 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:40 PM

Posted 17 January 2008 - 01:38 PM

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ENTERPRISE]


Save this as the txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.

#12 richard1777

richard1777
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:40 PM

Posted 17 January 2008 - 03:57 PM

Thank you, Grinler.

I ran the script you provided with ComboFix. HijackThis will still not run, so I ran DSS.exe, and got the main.txt log. (It terminated early during the HijackThis search of modified files, as usual.) The two logs are posted below.

--------------------------
ComboFix.txt
--------------------------

ComboFix 08-01-09.2 - Richard 2008-01-17 12:13:46.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1990 [GMT -8:00]
Running from: C:\Documents and Settings\Richard\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Richard\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-12-17 to 2008-01-17 )))))))))))))))))))))))))))))))
.

2007-12-29 22:33 . 2008-01-16 18:46 <DIR> d-------- C:\z
2007-12-29 17:51 . 2007-12-29 17:51 <DIR> d-------- C:\Deckard
2007-12-29 12:53 . 2007-12-29 12:53 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Aladdin Systems
2007-12-29 00:21 . 2007-12-29 00:21 <DIR> d-------- C:\WINDOWS\ERUNT
2007-12-28 16:29 . 2007-12-28 16:29 <DIR> d-------- C:\Program Files\Xvid
2007-12-28 16:29 . 2007-06-28 18:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-12-28 16:29 . 2007-06-28 18:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-12-28 16:29 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2007-12-28 15:32 . 2007-12-28 15:32 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-12-27 23:15 . 2007-12-27 23:15 <DIR> d-------- C:\Documents and Settings\Ulrich\Application Data\Grisoft
2007-12-27 13:44 . 2007-12-27 22:25 <DIR> d-------- C:\Program Files\HostsXpert
2007-12-26 18:15 . 2008-01-16 18:56 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-26 18:15 . 2007-12-26 18:15 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-26 01:01 . 2007-12-26 01:01 <DIR> d-------- C:\Documents and Settings\Default User\Application Data\Apple Computer
2007-12-26 00:11 . 2007-12-26 00:45 <DIR> d-------- C:\Program Files\Norton Internet Security
2007-12-24 23:00 . 2007-12-25 14:48 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-12-24 23:00 . 2007-12-24 23:00 <DIR> d-------- C:\Documents and Settings\Richard\Application Data\PC Tools
2007-12-24 23:00 . 2007-12-24 23:29 74,240 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-24 23:00 . 2007-12-24 23:29 56,832 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-24 23:00 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-12-24 23:00 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-12-24 22:59 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-24 17:27 . 2007-12-24 17:27 <DIR> d-------- C:\Documents and Settings\Richard\DoctorWeb
2007-12-24 17:14 . 2007-12-24 17:14 <DIR> d-------- C:\Documents and Settings\Richard\Application Data\Grisoft
2007-12-24 17:14 . 2007-12-24 17:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-24 17:14 . 2007-05-30 04:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-23 02:23 . 2007-12-27 17:36 <DIR> d-------- C:\Program Files\SpyNoMore
2007-12-23 02:23 . 2007-12-23 02:23 1,152 --a------ C:\WINDOWS\system32\windrv.sys
2007-12-22 18:45 . 2007-12-22 18:45 70,671 --a------ C:\WINDOWS\system32\ENTERPRISE.dll
2007-12-22 18:45 . 2007-12-22 18:45 409 --a------ C:\log.udt
2007-12-21 13:33 . 2007-12-21 13:33 <DIR> d-------- C:\Program Files\Alcohol Soft
2007-12-20 09:16 . 2007-12-20 09:16 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-12-18 15:43 . 2007-12-18 15:43 <DIR> d-------- C:\Documents and Settings\Richard\Application Data\Thinstall
2007-12-17 16:24 . 2007-12-17 16:24 <DIR> d-------- C:\Program Files\Acro Software
2007-12-17 16:24 . 2007-07-12 22:33 87,552 --a------ C:\WINDOWS\system32\cpwmon2k.dll
2007-12-17 15:55 . 2007-12-17 15:55 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-12-17 15:13 . 2007-12-19 13:54 <DIR> d-------- C:\Program Files\PowerISO
2007-12-17 13:53 . 2007-12-17 13:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-17 20:08 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-17 20:06 --------- d-----w C:\Program Files\Basilisk II
2008-01-17 20:05 --------- d-----w C:\Documents and Settings\Richard\Application Data\STRAYK
2008-01-12 00:36 --------- d-----w C:\Program Files\.finf
2008-01-09 09:23 --------- d-----w C:\Documents and Settings\Richard\Application Data\Azureus
2008-01-08 19:16 --------- d-----w C:\Program Files\Azureus
2007-12-29 00:35 --------- d-----w C:\Program Files\DivX
2007-12-28 23:32 --------- d-----w C:\Program Files\Common Files\Real
2007-12-28 08:44 14,035,738 ----a-w C:\Program Files\Spybot - Search & Destroy.zip
2007-12-28 07:56 --------- d-----w C:\Program Files\Winamp
2007-12-28 03:29 --------- d-----w C:\Program Files\SpywareBlaster
2007-12-28 01:34 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-26 19:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-26 08:41 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-26 08:41 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-26 08:41 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-26 08:41 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-26 08:41 --------- d-----w C:\Program Files\Symantec
2007-12-26 00:26 241,076,579 ----a-w C:\Program Files\Common Files\Symantec Shared -2-3 files in CCPD-LC.zip
2007-12-25 22:37 --------- d-----w C:\Documents and Settings\Richard\Application Data\Symantec
2007-12-23 11:17 762,164 ----a-w C:\Program Files\PCDownloader(malware(Q)).zip
2007-12-23 02:36 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-21 23:44 --------- d-----w C:\Program Files\Konvertor
2007-12-21 23:38 --------- d-----w C:\Program Files\3DO
2007-12-21 22:50 11,340,209 ----a-w C:\Program Files\Microsoft AntiSpyware.zip
2007-12-20 19:01 --------- d-----w C:\Program Files\iTunes
2007-12-20 18:58 --------- d-----w C:\Program Files\BitComet
2007-12-20 17:45 58,975,827 ----a-w C:\Program Files\Common Files\Adobe1.zip
2007-12-19 21:55 --------- d-----w C:\Program Files\MagicISO
2007-12-18 20:32 --------- d-----w C:\Program Files\Photo-Lux
2007-12-18 20:19 58,975,826 ----a-w C:\Program Files\Common Files\Adobe2.zip
2007-12-18 20:14 --------- d-----w C:\Program Files\DAP
2007-12-18 20:13 --------- d-----w C:\Program Files\DBFrontend
2007-12-18 20:06 --------- d-----w C:\Program Files\Edcom44
2007-12-18 20:02 --------- d-----w C:\Program Files\CaptureEze Pro
2007-12-18 20:01 --------- d-----w C:\Program Files\Black Isle
2007-12-18 19:48 --------- d-----w C:\Program Files\Amerzone
2007-12-17 19:31 20,954,713 ----a-w C:\Program Files\Common Files\Adobe3.zip
2007-12-15 05:02 --------- d-----w C:\Program Files\PDFCreator
2007-12-14 04:40 --------- d-----w C:\Program Files\QuickTime
2007-12-12 23:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-12-04 01:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-12-04 01:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2007-12-02 09:49 --------- d-----w C:\Program Files\kiwi.software.NET
2007-12-02 08:54 --------- d-----w C:\Documents and Settings\Richard\Application Data\ZoomBrowser EX
2007-12-01 07:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-12-01 07:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-12-01 07:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-12-01 07:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-12-01 07:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-12-01 07:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-12-01 07:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-12-01 07:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-12-01 07:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-29 22:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-11-29 22:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-11-29 22:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-11-29 22:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-11-28 21:55 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-11-28 21:53 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-11-28 21:53 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-11-28 21:53 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-11-28 21:53 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-11-28 21:52 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-11-24 16:11 --------- d-----w C:\Program Files\Realmz
2007-11-24 01:06 --------- d-----w C:\Program Files\ACW
2007-11-23 21:44 --------- d-----w C:\Program Files\Java
2007-11-22 23:37 --------- d-----w C:\Documents and Settings\Richard\Application Data\GetRightToGo
2007-11-21 03:32 --------- d-----w C:\Program Files\Trend Micro
2007-11-20 16:46 --------- d-----w C:\Program Files\Lavasoft
2007-11-20 16:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-20 16:43 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-20 16:28 --------- d-----w C:\Program Files\ZonedOut
2007-11-20 06:23 278,528 ----a-w C:\WINDOWS\system32\livesnth.dll
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-31 03:55 625,032 ----a-w C:\WINDOWS\system32\SymNeti.dll
2007-10-31 03:55 242,056 ----a-w C:\WINDOWS\system32\SymRedir.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-28 01:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 18:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-10-24 09:47 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll
2007-10-24 09:47 84,480 ----a-w C:\WINDOWS\system32\mscories.dll
2007-10-24 09:47 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll
2007-10-24 09:47 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll
2007-10-16 20:34 3,035 ----a-w C:\Documents and Settings\Richard\Application Data\unins000.dat
2006-08-10 03:59 1,397,286,497 ----a-w C:\Program Files\NeverwinterNights [in Program Files].zip
.

((((((((((((((((((((((((((((( snapshot@2008-01-12_20.08.08.40 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-13 03:51:05 1,409,024 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-17 20:12:41 1,409,024 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-13 03:51:06 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-17 20:12:41 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-13 03:51:06 1,409,024 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-17 20:12:41 1,409,024 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-13 03:51:06 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-17 20:12:41 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-13 03:51:06 21,368,832 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-17 20:12:42 21,368,832 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-13 03:51:06 286,720 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-17 20:12:42 286,720 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-17 02:57:09 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_dec.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66CD1A33-06A3-40EE-8409-DA0C93269B7A}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mp4 Player"="C:\Program Files\Mp4 Player\Mp4Player.exe" [ ]
"strayk"="C:\Program Files\STRAYK\strayk.exe" [2007-03-08 12:28 532480]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 01:01 110592]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 15:54 57344]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-12 05:58 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-12 05:58 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-12 05:58 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-12 05:58 455168]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 13:49 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 13:46 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 13:50 114688]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-11-16 00:05 127035]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-12 06:04 33280 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-09-17 00:07 1626112 C:\WINDOWS\system32\nwiz.exe]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 13:42 1404928]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30 517768]
"SansaDispatch"="C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe" [2007-05-02 18:00 55368]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-12 06:04 33280 C:\WINDOWS\system32\rundll32.exe]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 10:56 286720]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46 624248]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-06-04 18:05 116328]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-06-25 21:00 771440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-03-20 10:33:50]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ENTERPRISE]
C:\WINDOWS\system32\ENTERPRISE.dll 2007-12-22 18:45 70671 C:\WINDOWS\system32\ENTERPRISE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

R1 vcdrom;Virtual CD-ROM Device Driver;C:\WINDOWS\system32\drivers\VCdRom.sys [2001-12-19 10:45]
R2 B2Ether;Basilisk II Ethernet Driver;C:\WINDOWS\system32\DRIVERS\B2Ether.sys [2001-09-10 21:01]
R2 cdenable;cdenable;C:\WINDOWS\system32\Drivers\cdenable.sys [2001-09-10 21:01]
R2 IOPort;IOPort;C:\WINDOWS\system32\IOPORT.SYS [1998-11-27 17:57]
S3 merger;merger;"C:\Program Files\Microsoft Application Compatibility Toolkit\Application Analyzer\merger.exe" [2005-09-27 10:33]
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe [2004-08-12 06:06]
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe [2004-08-12 06:06]
S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe [2004-08-12 06:06]
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe [2004-08-12 06:06]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-01-15 08:33:08 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Richard.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-17 12:21:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\ENTERPRISE.dll
.
Completion time: 2008-01-17 12:23:17
ComboFix-quarantined-files.txt 2008-01-17 20:23:11
ComboFix2.txt 2008-01-13 04:09:15
.
2008-01-09 08:56:44 --- E O F ---



----------------------------------
HijackThis (Main.txt; nothing in Extra.txt)
----------------------------------

Deckard's System Scanner v20071014.68
Run by Richard on 2008-01-17 12:27:18
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
16: 2008-01-17 20:27:24 UTC - RP16 - Deckard's System Scanner Restore Point
15: 2008-01-17 20:12:38 UTC - RP15 - ComboFix created restore point
14: 2008-01-17 00:35:27 UTC - RP14 - System Checkpoint
13: 2008-01-16 00:23:52 UTC - RP13 - Deckard's System Scanner Restore Point
12: 2008-01-16 00:02:25 UTC - RP12 - ComboFix created restore point


-- First Restore Point --
1: 2007-12-28 08:06:45 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 16.48 GiB (less than 15%) free.


-- HijackThis (run as Richard.exe) ---------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-01-17 12:31:28
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Sandisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\LS_Duhem\lsdiorw\lsdiorw2.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\STRAYK\strayk.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Richard\Desktop\dss.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBHO.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {66CD1A33-06A3-40EE-8409-DA0C93269B7A} - __BHODemonDisabled (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SansaDispatch] "C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [Mp4 Player] "C:\Program Files\Mp4 Player\Mp4Player.exe" hmw
O4 - HKCU\..\Run: [strayk] "C:\Program Files\STRAYK\strayk.exe" -ds
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download Flash with Flash Capture - C:\Program Files\Flash Capture\dl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} (CentraUpdaterAxCtl Class) - http://prod1.centra.com/SiteRoots/main/Ins...raUpdaterAx.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/e/7.../OGAControl.cab
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} (SentinelVE3D Class) - http://download.microsoft.com/download/a/d...tualEarth3D.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/w...ntrol_en_US.cab
O16 - DPF: {0EDE3059-2BF8-49C5-8640-4694550C444E} (IACache Class) - http://www.lotrdvd.com/dvdkey/extended_dvd..._E/lotrfotr.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shock...director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/9/b...heckControl.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} () - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} (IEPlayInterface Class) - http://www.lotrdvd.com/dvdkey/extended_dvd...ds/iaieplay.dll
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc2.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsupp/as...trl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...trl/tgctlsr.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6697AFA6-1CD3-462E-AC0A-363EF8BCD102} (SyScan2 Control) - http://www.evga.com/Support/SyScan/SyScan.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab Class) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} () - http://v4.windowsupdate.microsoft.com/CAB/...8481.8024884259
O16 - DPF: {A8658086-E6AC-4957-BC8E-8D54A7E8A790} (GDIChk Object) - http://www.microsoft.com/security/controls/GDI/0/GDIChk.CAB
O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} (CentraDownloaderCtl Class) - http://asp17.centra.com/SiteRoots/main/Ins...aDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} () - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{7EB37A5A-0FF5-4E61-8144-CC6E52EE5AC3}: NameServer = 68.87.66.196,68.87.64.196
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: ENTERPRISE - C:\WINDOWS\system32\ENTERPRISE.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATM Service (ATMsrvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\ATMsrvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Lsdiorw - Logiciels & Services Duhem, Paris, France - C:\Program Files\LS_Duhem\lsdiorw\lsdiorw2.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe


--
End of file - 17848 bytes

-- File Associations -----------------------------------------------------------

.js - unable to read key
.js - unable to read key
.txt - unable to read key
.txt - unable to read key


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R1 vcdrom (Virtual CD-ROM Device Driver) - c:\windows\system32\drivers\vcdrom.sys <Not Verified; Microsoft Corporation; VirtualCdRom>
R2 B2Ether (Basilisk II Ethernet Driver) - c:\windows\system32\drivers\b2ether.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R2 cdenable - c:\windows\system32\drivers\cdenable.sys
R2 CDRPDACC (Arrowkey Device Access) - c:\program files\321studios\shared\cdrpdacc.sys <Not Verified; Arrowkey; CD Device Access>
R2 IOPort - c:\windows\system32\ioport.sys <Not Verified; Erik Salaj; IOPort>
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

S3 bvrp_pci - c:\windows\system32\drivers\bvrp_pci.sys
S3 catchme - c:\docume~1\richard\locals~1\temp\catchme.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
R2 Lsdiorw - c:\program files\ls_duhem\lsdiorw\lsdiorw2.exe <Not Verified; Logiciels & Services Duhem, Paris, France; MacDisk>
R2 UPHClean (User Profile Hive Cleanup) - c:\program files\uphclean\uphclean.exe <Not Verified; Microsoft Corporation; User Profile Hive Cleanup Service>
R3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>

S2 StarWindService (StarWind iSCSI Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindservice.exe (file missing)
S3 Imapi Helper - "c:\program files\alex feinman\iso recorder\imapihelper.exe" <Not Verified; Alex Feinman; ISO Recorder>
S3 merger - "c:\program files\microsoft application compatibility toolkit\application analyzer\merger.exe" <Not Verified; Microsoft Corporation; Microsoft® Application Compatibility Toolkit>
S4 ATMsrvc (ATM Service) - c:\windows\system32\atmsrvc.exe <Not Verified; Adobe Systems Incorporated; Adobe Type Manager>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-01-15 00:33:08 626 --a------ C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Richard.job


-- Files created between 2007-12-17 and 2008-01-17 -----------------------------

2007-12-29 22:33:30 0 d-------- C:\z
2007-12-29 12:53:30 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2007-12-29 12:53:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\Aladdin Systems
2007-12-29 00:21:25 0 d-------- C:\WINDOWS\ERUNT
2007-12-28 16:29:39 765952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-12-28 16:29:38 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-12-28 16:29:38 0 d-------- C:\Program Files\Xvid
2007-12-28 15:32:31 0 d-------- C:\Program Files\Common Files\xing shared
2007-12-27 23:17:06 0 d-------- C:\Documents and Settings\Ulrich\Application Data\Adobe
2007-12-27 23:15:34 0 d-------- C:\Documents and Settings\Ulrich\Application Data\Grisoft
2007-12-27 13:44:40 0 d-------- C:\Program Files\HostsXpert
2007-12-26 01:01:33 0 d-------- C:\Documents and Settings\Default User\Application Data\Apple Computer
2007-12-26 00:11:44 0 d-------- C:\Program Files\Norton Internet Security
2007-12-24 23:00:21 0 d-------- C:\Program Files\Spyware Doctor
2007-12-24 23:00:21 0 d-------- C:\Documents and Settings\Richard\Application Data\PC Tools
2007-12-24 17:27:47 0 d-------- C:\Documents and Settings\Richard\DoctorWeb
2007-12-24 17:14:52 0 d-------- C:\Documents and Settings\Richard\Application Data\Grisoft
2007-12-24 17:14:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-23 02:23:59 1152 --a------ C:\WINDOWS\system32\windrv.sys
2007-12-23 02:23:18 0 d-------- C:\Program Files\SpyNoMore
2007-12-22 18:45:46 70671 --a------ C:\WINDOWS\system32\ENTERPRISE.dll
2007-12-21 13:33:34 0 d-------- C:\Program Files\Alcohol Soft
2007-12-20 09:16:43 639224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-12-18 15:43:51 0 d-------- C:\Documents and Settings\Richard\Application Data\Thinstall
2007-12-17 16:24:38 0 d-------- C:\Program Files\Acro Software
2007-12-17 15:55:05 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2007-12-17 15:13:11 0 d-------- C:\Program Files\PowerISO
2007-12-17 13:5


Thank you for your assistance, Grinler.

Richard1777

#13 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,640 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:40 PM

Posted 17 January 2008 - 04:11 PM

Download Killbox.

Extract killbox.zip to your desktop and then double-click on the Killbox.exe icon.

Select the option "Delete on reboot".

In the field labeled "Full Path of File to Delete" copy and paste next:


C:\WINDOWS\system32\ENTERPRISE.dll


Click the button: Single File (!important!)

Then press the button that looks like a red circle with a white X in it.
Killbox will tell you that the listed file will be removed on next reboot and asks if you would like to Reboot now, click YES

Your computer must reboot now.

When done see if you can run those programs.

#14 richard1777

richard1777
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:40 PM

Posted 17 January 2008 - 05:21 PM

Thank you, Grinler.

I downloaded Killbox and ran that as you instructed. HijackThis will now run, and a file with spybot in its name (spybot.doc) was able to launch successfully.

I had noticed that the little icons in the bottom right corner of the screen (notifications?) were not displaying properly, though the programs were running. These include the little speaker for volume, which should show at all times, and the Norton internet security icons. Each time you had me run combofix.exe, they would then display properly, but go back to not displaying once I had a reboot. While the problem with the programs now seems to be fixed, these little icons are still not displaying properly. Is this a problem with some registry lines?

Since HijackThis would run, I ran it, and its log is included below.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:13:38 PM, on 1/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\STRAYK\strayk.exe
C:\Program Files\LS_Duhem\lsdiorw\lsdiorw2.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\z\HijackThis.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {66CD1A33-06A3-40EE-8409-DA0C93269B7A} - (disabled by BHODemon)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SansaDispatch] "C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [Mp4 Player] "C:\Program Files\Mp4 Player\Mp4Player.exe" hmw
O4 - HKCU\..\Run: [strayk] "C:\Program Files\STRAYK\strayk.exe" -ds
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download Flash with Flash Capture - C:\Program Files\Flash Capture\dl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} (CentraUpdaterAxCtl Class) - http://prod1.centra.com/SiteRoots/main/Ins...raUpdaterAx.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/w...ntrol_en_US.cab
O16 - DPF: {0EDE3059-2BF8-49C5-8640-4694550C444E} (IACache Class) - http://www.lotrdvd.com/dvdkey/extended_dvd..._E/lotrfotr.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} (IEPlayInterface Class) - http://www.lotrdvd.com/dvdkey/extended_dvd...ds/iaieplay.dll
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsupp/as...trl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...trl/tgctlsr.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6697AFA6-1CD3-462E-AC0A-363EF8BCD102} (SyScan2 Control) - http://www.evga.com/Support/SyScan/SyScan.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} (CentraDownloaderCtl Class) - http://asp17.centra.com/SiteRoots/main/Ins...aDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7EB37A5A-0FF5-4E61-8144-CC6E52EE5AC3}: NameServer = 68.87.66.196,68.87.64.196
O20 - Winlogon Notify: ENTERPRISE - C:\WINDOWS\system32\ENTERPRISE.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Lsdiorw - Logiciels & Services Duhem, Paris, France - C:\Program Files\LS_Duhem\lsdiorw\lsdiorw2.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 16409 bytes


Thank you for your assistance.
Richard1777

#15 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,640 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:40 PM

Posted 17 January 2008 - 05:29 PM

I am not 100% sure. I want to get another CF log and to clean that enterprise.dll line now that HJT works.

Print out these instructions and then close all windows including Internet Explorer.

Then I want you to fix some of those entries. Please do the following:

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:

O20 - Winlogon Notify: ENTERPRISE - C:\WINDOWS\system32\ENTERPRISE.dll (file missing)

Reboot your computer.

I want you to download combofix again and overwrite the existing version.
  • Download Combofix to your desktop.

  • Doubleclick combofix.exe

  • Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished, and after reboot if it asks for one, combofix will open again to gather the necessary information for the log. This may take a while so please be patient. When done, Combofix will close and a log should open called combofix.txt.

Post the contents of this log in your next reply along with a new hijackthislog.

Please do not post the ComboFix-quarantined-files.txt unless I ask you to.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users