ComboFix 09-04-01.01 - Owner 2009-04-01 16:36:20.2 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1013.500 [GMT -7:00]
Running from: L:\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated)
FW: Kaspersky Internet Security *disabled*
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\alayapej.ini
c:\windows\system32\dekoyemu.dll
c:\windows\system32\demohajo.dll
c:\windows\system32\pisefire.dll.tmp
c:\windows\system32\TDSSwbubjbne.dat
c:\windows\system32\TDSSxwprtuur.dat
c:\windows\system32\wupudihi.dll.tmp
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_TDSSSERV.SYS
-------\Service_NPF
((((((((((((((((((((((((( Files Created from 2009-03-01 to 2009-04-01 )))))))))))))))))))))))))))))))
.
2009-04-01 09:30 . 2009-04-01 09:30 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-01 09:30 . 2009-04-01 09:30 <DIR> d-------- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-04-01 09:30 . 2009-04-01 09:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-01 09:30 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-01 09:30 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-31 17:56 . 2009-04-01 09:12 <DIR> d-------- c:\program files\Trojan Remover
2009-03-31 17:18 . 2009-04-01 09:08 <DIR> d-------- c:\program files\ESET
2009-03-31 17:02 . 2009-03-31 17:02 2,713 ---hs---- c:\windows\system32\disolada.exe
2009-03-31 16:49 . 2009-03-31 16:49 <DIR> d-------- C:\VundoFix Backups
2009-03-31 16:49 . 2009-03-31 16:49 0 --a------ C:\LOG18.tmp
2009-03-31 02:01 . 2009-03-31 02:01 2,507 ---hs---- c:\windows\system32\kuhihihu.exe
2009-03-30 19:15 . 2009-03-30 19:15 <DIR> d-------- c:\program files\MSSOAP
2009-03-30 19:11 . 2009-03-30 19:12 164 --a------ c:\windows\install.dat
2009-03-30 18:18 . 2009-03-30 18:18 <DIR> d-------- c:\program files\CCleaner
2009-03-30 18:17 . 2009-03-30 18:17 0 --a------ C:\LOG19.tmp
2009-03-30 14:01 . 2009-03-30 14:01 2,507 ---hs---- c:\windows\system32\penitoro.exe
2009-03-29 22:50 . 2009-03-29 22:50 2,507 ---hs---- c:\windows\system32\gifeleho.exe
2009-03-28 14:06 . 2009-03-28 14:06 <DIR> d-------- c:\program files\SimPE
2009-03-28 13:57 . 2009-03-28 14:06 <DIR> d-------- c:\documents and settings\Owner\Application Data\MilkShape 3D 1.x.x
2009-03-28 13:54 . 2009-03-28 13:57 <DIR> d-------- c:\program files\MilkShape 3D 1.8.4
2009-03-28 13:28 . 2009-03-28 13:28 <DIR> d-------- c:\program files\Singular Inversions
2009-03-27 23:21 . 2009-03-09 15:27 4,178,264 --a------ c:\windows\system32\D3DX9_41.dll
2009-03-27 23:21 . 2009-03-09 15:27 1,846,632 --a------ c:\windows\system32\D3DCompiler_41.dll
2009-03-27 23:21 . 2009-03-16 14:18 517,448 --a------ c:\windows\system32\XAudio2_4.dll
2009-03-27 23:21 . 2009-03-09 15:27 453,456 --a------ c:\windows\system32\d3dx10_41.dll
2009-03-27 23:21 . 2009-03-16 14:18 235,352 --a------ c:\windows\system32\xactengine3_4.dll
2009-03-27 23:21 . 2009-03-16 14:18 69,448 --a------ c:\windows\system32\XAPOFX1_3.dll
2009-03-27 23:21 . 2009-03-16 14:18 22,360 --a------ c:\windows\system32\X3DAudio1_6.dll
2009-03-26 21:18 . 2009-03-26 21:18 <DIR> d-------- c:\program files\Bethesda Softworks
2009-03-18 18:01 . 2009-03-18 18:01 <DIR> d-------- c:\program files\The Game Creators
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-01 23:45 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-04-01 23:44 --------- d-----w c:\documents and settings\Owner\Application Data\WTablet
2009-04-01 23:42 --------- d-----w c:\documents and settings\LocalService\Application Data\WTablet
2009-04-01 23:41 7,114,272 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-01 23:41 6,316 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-01 23:41 56,660 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-01 23:41 1,531,936 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-01 00:59 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-01 00:58 --------- d-----w c:\documents and settings\Owner\Application Data\uTorrent
2009-03-31 23:54 --------- d-----w c:\documents and settings\Owner\Application Data\U3
2009-03-31 09:59 --------- d-----w c:\program files\FlashGet
2009-03-31 01:32 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-28 05:55 --------- d-----w c:\program files\Pcsx2
2009-03-23 20:30 1,624 ----a-w c:\documents and settings\Owner\Application Data\wklnhst.dat
2009-03-19 01:01 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-07 20:07 --------- d-----w c:\program files\Gravity
2009-03-07 19:59 --------- d-----w c:\documents and settings\All Users\Application Data\Outspark
2009-03-07 19:14 65,536 ----a-w c:\windows\IFinst27.exe
2009-03-06 19:24 --------- d-----w c:\program files\Soulseek-Test
2009-03-05 04:05 --------- d-----w c:\program files\World of Warcraft
2009-03-01 23:49 --------- d-----w c:\program files\EA GAMES
2009-03-01 02:27 --------- d-----w c:\documents and settings\Owner\Application Data\CyberLink
2009-02-28 00:35 --------- d-----w c:\documents and settings\Owner\Application Data\Canon
2009-02-19 03:25 --------- d-----w c:\documents and settings\Owner\Application Data\DAEMON Tools Lite
2009-02-19 03:19 --------- d-----w c:\documents and settings\Owner\Application Data\DAEMON Tools Pro
2009-02-19 03:19 --------- d-----w c:\documents and settings\Owner\Application Data\DAEMON Tools
2009-02-19 03:18 --------- d-----w c:\program files\DAEMON Tools Lite
2009-02-19 03:18 --------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-02-15 23:38 --------- d-----w c:\program files\AIM6
2009-02-15 23:36 --------- d-----w c:\program files\Viewpoint
2009-02-15 23:36 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-02-15 23:35 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2009-02-15 23:35 --------- d-----w c:\documents and settings\All Users\Application Data\acccore
2009-02-10 09:25 --------- d-----w c:\program files\QuickTime
2009-02-10 09:23 --------- d-----w c:\program files\Apple Software Update
2009-02-07 00:12 --------- d-----w c:\documents and settings\Owner\Application Data\Ventrilo
2009-02-06 08:17 --------- d-----w c:\program files\Java
2009-02-05 19:59 33,808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-02-05 06:46 --------- d-----w c:\program files\Common Files\SupportSoft
2009-02-05 03:05 --------- d-----w c:\program files\Lightside - Legend Ragnarok
2009-02-04 01:12 89,601 ----a-w c:\windows\system32\drivers\klick.dat
2009-02-04 01:12 101,287 ----a-w c:\windows\system32\drivers\klin.dat
2008-11-05 04:42 19,355 ----a-w c:\documents and settings\Owner\Application Data\gyriwyruje.pif
2008-11-05 04:42 18,446 ----a-w c:\documents and settings\All Users\Application Data\yzicyt.dat
2008-11-05 04:42 15,883 ----a-w c:\documents and settings\All Users\Application Data\ycareqira.com
2008-11-05 04:42 15,738 ----a-w c:\documents and settings\All Users\Application Data\enesepe.bat
2008-11-05 04:42 15,109 ----a-w c:\program files\Common Files\yxupisev.bin
2008-11-05 04:42 14,801 ----a-w c:\documents and settings\All Users\Application Data\nerajomu.vbs
2008-11-05 04:42 13,243 ----a-w c:\program files\Common Files\uron._dl
2008-11-05 04:42 10,833 ----a-w c:\program files\Common Files\yripyfoky._dl
2008-11-05 04:42 10,626 ----a-w c:\documents and settings\Owner\Application Data\kezuli.pif
2004-09-09 05:59 157,696 ----a-w c:\documents and settings\Owner\unrar.dll
2007-05-30 21:11 88 --sh--r c:\windows\system32\4A338E9104.sys
2008-04-06 04:15 56 --sh--r c:\windows\system32\C64ADB6EE6.sys
2008-12-30 09:07 4,704 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-11-18 00:05 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008111720081118\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-03-06 3558136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]
"IntelAudioStudio"="c:\program files\Intel Audio Studio\IntelAudioStudio.exe" [2005-07-20 7090176]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-25 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-25 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-25 114688]
"tgcmd"="c:\program files\Support.com\bin\tgcmd.exe" [2007-03-07 1773568]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-08-15 271672]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX3000"="c:\windows\vVX3000.exe" [2007-04-10 709992]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-12-22 67752]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-02-05 206088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-06 136600]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-06 180269]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-01-20 217088]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-04 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Belkin F5D8053 N Wireless USB Adapter Utility.lnk - c:\program files\Belkin\F5D8053\Belkinwcui.exe [2007-05-18 1716224]
MA111 Configuration Utility.lnk - c:\program files\NETGEAR\MA111 Configuration Utility\wlancfg4.exe [2008-07-31 1156608]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.JPGL"= jpgl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Documents and Settings\\Owner\\legendro_installer\\utorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\KRU\\NexusTK\\NexusTK.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Adobe\\Photoshop Elements 5.0\\AdobePhotoshopElementsMediaServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\WINDOWS\\system32\\Pen_Tablet.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 98304]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2008-06-12 1373480]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2009-02-15 24652]
R3 kbdcap;kbdcap;c:\windows\system32\drivers\KbdCap.sys [2006-08-13 109440]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
S3 DCamUSBNW800;CIF USB Camera (2110);c:\windows\system32\drivers\pcam800.sys [2006-02-24 210792]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2007-03-13 476416]
S3 XDva011;XDva011;\??\c:\windows\system32\XDva011.sys --> c:\windows\system32\XDva011.sys [?]
S3 XDva090;XDva090;\??\c:\windows\system32\XDva090.sys --> c:\windows\system32\XDva090.sys [?]
S3 XDva098;XDva098;\??\c:\windows\system32\XDva098.sys --> c:\windows\system32\XDva098.sys [?]
S3 XDva190;XDva190;\??\c:\windows\system32\XDva190.sys --> c:\windows\system32\XDva190.sys [?]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{baa4f592-cd12-11dc-927e-00173fc473dc}]
\Shell\AutoRun\command - L:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{baa4f595-cd12-11dc-927e-00173fc473dc}]
\Shell\AutoRun\command - setupSNK.exe
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Aim6 - (no file)
HKLM-Run-SigmatelSysTrayApp - sttray.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
mStart Page = hxxp://www.google.com
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyServer = actsvr.comcastonline.com:8100
uInternet Settings,ProxyOverride = cdn
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\tla80zxo.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npitunes.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-04-01 16:45:30
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\ehome\ehRecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\system32\PSIService.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\WTablet\Pen_TabletUser.exe
c:\windows\system32\wscntfy.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-04-01 16:49:46 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2009-04-01 23:49:42
ComboFix2.txt 2007-09-03 00:31:04
Pre-Run: 23,586,254,848 bytes free
Post-Run: 23,797,985,280 bytes free
263 --- E O F --- 2009-03-14 10:02:52
Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:50:24 PM, on 4/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Belkin\F5D8053\Belkinwcui.exe
C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg4.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = actsvr.comcastonline.com:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = cdn
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [ehTray] "C:\WINDOWS\ehome\ehtray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\WINDOWS\system32\NeroCheck.exe"
O4 - HKLM\..\Run: [SunKistEM] "C:\Program Files\Digital Media Reader\shwiconem.exe"
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT
O4 - HKLM\..\Run: [Recguard] "%WINDIR%\SMINST\RECGUARD.EXE"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IgfxTray] "C:\WINDOWS\system32\igfxtray.exe"
O4 - HKLM\..\Run: [HotKeysCmds] "C:\WINDOWS\system32\hkcmd.exe"
O4 - HKLM\..\Run: [Persistence] "C:\WINDOWS\system32\igfxpers.exe"
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] "C:\WINDOWS\vVX3000.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Belkin F5D8053 N Wireless USB Adapter Utility.lnk = C:\Program Files\Belkin\F5D8053\Belkinwcui.exe
O4 - Global Startup: MA111 Configuration Utility.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 9818 bytes
Show Posts
http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'
\' /> Thank you again for helping me out! I was stuck and I'm glad I had your help 
\' /> Heres my hijackthis log: