I have been having strange problems with Internet Explorer. Whenever I click on certain graphic controls on a website such as AOL or Yahoo (like directional arrows to scroll through a slideshow or a vote button to take a survey), multiple blank windows pop up. In some cases, a stream of up to 45 or 50 small blank windows pop up.
I have tried both IE 6 and the latest version of IE 7, and this makes no difference. I also tried a program called IEFix and this didn't work either.
I loaded Mozilla Firefox, and this problem doesn't occur when I go to the exact same web pages. Firefox, however, has too many sites that don't display properly, so I really would like to have IE functioning properly.
Below is an HJT log.
Please help.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:53:41 AM, on 2/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Quick To-Do Pro\qtodopro.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AutoCAD 2004\acad.exe
C:\DOCUME~1\Steve\LOCALS~1\Temp\~e5d141.tmp
C:\Program Files\Common Files\Autodesk Shared\WSCommCntr1.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Adobe\Acrobat 5.0\Acrobat\Acrobat.exe
C:\Program Files\Common Files\Adobe\Web\AOM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061023
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [1&1 EasyLogin] "C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe" HIDE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - Startup: Quick To-Do PRO.lnk = C:\Program Files\Quick To-Do Pro\qtodopro.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/12119/CTSUEng.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/WebIQ/Data...6-6D5536C585C9}
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.29.11/ttinst.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/12119/CTPID.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL ACS - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: gusvc - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Media Center Extender Service (McrdSvc) - Unknown owner - C:\WINDOWS\ehome\mcrdsvc.exe (file missing)
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WANMiniportService - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 8676 bytes
Thanks,
Steve
Full Version: Internet Explorer blank popup windows
Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Link 1
Link 2
Link 3
**Note: It is important that it is saved directly to your desktop**
--------------------------------------------------------------------
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
--------------------------------------------------------------------
Double click on combofix.exe & follow the prompts.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
Link 1
Link 2
Link 3
**Note: It is important that it is saved directly to your desktop**
--------------------------------------------------------------------
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
--------------------------------------------------------------------
Double click on combofix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
OK, here is the Combofix log:
2008-01-30 16:30 . 2008-01-30 16:30 <DIR> d-------- C:\Documents and Settings\Steve\Application Data\Cloudmark
2008-01-30 16:29 . 2008-01-30 16:29 <DIR> d-------- C:\Program Files\Cloudmark
2008-01-30 14:39 . 2008-01-30 14:39 <DIR> d-------- C:\WINDOWS\LastGood
2008-01-18 10:54 . 2008-01-18 10:54 <DIR> d-------- C:\Program Files\Usability Sciences
2008-01-18 10:54 . 2007-09-21 13:24 91,520 --a------ C:\WINDOWS\system32\WebIQEngineSetup.exe
2008-01-12 08:32 . 2008-01-12 08:32 4,128 --a------ C:\INFCACHE.1
2008-01-11 22:53 . 2008-01-11 22:56 216 --a------ C:\WirelessDiagLog.csv
2008-01-11 22:30 . 2008-01-11 22:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-01-11 22:13 . 2005-12-13 16:40 135,168 --a------ C:\WINDOWS\system32\igfxres.dll
2008-01-11 22:00 . 2004-08-10 04:13 73,728 --a--c--- C:\WINDOWS\system32\dllcache\ehresja.dll
2008-01-11 22:00 . 2004-08-10 04:13 69,632 --a--c--- C:\WINDOWS\system32\dllcache\ehresko.dll
2008-01-11 22:00 . 2004-08-10 04:13 69,632 --a--c--- C:\WINDOWS\system32\dllcache\ehresfr.dll
2008-01-11 22:00 . 2004-08-10 04:13 69,632 --a--c--- C:\WINDOWS\system32\dllcache\ehresde.dll
2008-01-11 21:58 . 2004-08-10 06:00 482,304 --a--c--- C:\WINDOWS\system32\dllcache\pintlgnt.ime
2008-01-11 21:57 . 2004-08-10 06:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-01-11 21:56 . 2004-08-10 06:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-01-11 21:55 . 2004-08-10 06:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-01-11 21:51 . 2008-01-17 14:13 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-01-11 21:51 . 2008-01-17 14:13 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-01-11 21:51 . 2008-01-17 14:13 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-01-11 21:51 . 2008-01-17 14:13 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-01-11 21:51 . 2008-01-17 14:13 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-01-11 21:51 . 2008-01-11 21:51 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-01-11 21:45 . 2004-08-10 04:04 102,912 --a--c--- C:\WINDOWS\system32\dllcache\ehsched.exe
2008-01-11 21:44 . 2004-08-10 06:00 363,520 --a--c--- C:\WINDOWS\system32\dllcache\w3svc.dll
2008-01-11 21:44 . 2004-08-10 06:00 61,440 --a--c--- C:\WINDOWS\system32\dllcache\httpod51.dll
2008-01-11 21:44 . 2004-08-10 06:00 46,592 --a--c--- C:\WINDOWS\system32\dllcache\sspifilt.dll
2008-01-11 21:44 . 2004-08-10 06:00 8,192 --a--c--- C:\WINDOWS\system32\dllcache\httpmb51.dll
2008-01-11 21:44 . 2004-08-10 06:00 7,680 --a--c--- C:\WINDOWS\system32\dllcache\inetmgr.exe
2008-01-11 21:39 . 2004-08-04 00:56 152,576 --a------ C:\WINDOWS\system32\irftp.exe
2008-01-11 21:39 . 2004-08-04 00:56 27,136 --a------ C:\WINDOWS\system32\irmon.dll
2008-01-11 21:39 . 2004-08-04 00:56 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2008-01-11 21:29 . 2004-08-10 06:00 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2008-01-11 21:29 . 2004-08-10 06:00 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
2008-01-11 21:29 . 2004-08-10 06:00 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2008-01-11 21:29 . 2004-08-10 06:00 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
2008-01-11 21:29 . 2005-03-30 12:54 10,559 -ra------ C:\WINDOWS\SETB6.tmp
2008-01-11 20:40 . 2004-08-04 05:00 267,776 --a------ C:\WINDOWS\system32\fxssvc.exe
2008-01-11 20:40 . 2004-08-04 05:00 267,776 --a--c--- C:\WINDOWS\system32\dllcache\fxssvc.exe
2008-01-11 20:12 . 2004-08-04 05:00 1,086,058 -ra------ C:\WINDOWS\SET5F.tmp
2008-01-11 20:12 . 2004-08-04 05:00 1,042,903 -ra------ C:\WINDOWS\SET5C.tmp
2008-01-11 20:12 . 2006-03-30 05:03 22,339 -ra------ C:\WINDOWS\SETAA.tmp
2008-01-11 20:12 . 2004-08-04 05:00 13,753 -ra------ C:\WINDOWS\SET6E.tmp
2008-01-11 20:12 . 2005-03-30 12:54 10,559 -ra------ C:\WINDOWS\SETAB.tmp
2008-01-10 22:02 . 2004-08-04 05:00 1,086,058 -ra------ C:\WINDOWS\SET65.tmp
2008-01-10 22:02 . 2004-08-04 05:00 1,042,903 -ra------ C:\WINDOWS\SET62.tmp
2008-01-10 22:02 . 2006-03-30 05:03 22,339 -ra------ C:\WINDOWS\SETAC.tmp
2008-01-10 22:02 . 2004-08-04 05:00 13,753 -ra------ C:\WINDOWS\SET71.tmp
2008-01-10 22:02 . 2005-03-30 12:54 10,559 -ra------ C:\WINDOWS\SETAD.tmp
2008-01-10 18:12 . 1996-10-15 09:53 78,848 --a------ C:\WINDOWS\system32\INLOADER.DLL
2008-01-10 18:11 . 2008-01-10 18:12 <DIR> d-------- C:\WINDOWS\_ISTMP3.DIR
2008-01-10 18:11 . 2008-01-10 18:12 <DIR> d-------- C:\WINDOWS\_ISTMP2.DIR
2008-01-05 21:26 . 2008-01-05 21:26 <DIR> d-------- C:\Documents and Settings\Steve\Application Data\CyberLink
2008-01-05 19:02 . 2008-01-05 19:02 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Intel
2008-01-05 18:47 . 2008-01-12 19:30 376,832 --a------ C:\WINDOWS\system32\AegisI5Installer.exe
2008-01-05 18:47 . 2008-01-12 19:30 21,361 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-01-05 18:47 . 2008-01-12 19:30 21,361 --a------ C:\WINDOWS\AegisP.sys
2008-01-05 18:47 . 2008-01-12 19:30 13,984 --a------ C:\WINDOWS\AegisP.inf
2008-01-05 18:47 . 2008-01-12 19:30 10,640 --a------ C:\WINDOWS\AegisP.cat
2008-01-05 18:46 . 2008-01-05 18:46 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Intel
2008-01-05 18:46 . 2008-01-05 18:46 <DIR> d-------- C:\Documents and Settings\Default User\Application Data\Intel
2008-01-05 18:46 . 2008-01-05 18:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Intel
2008-01-05 18:46 . 2008-01-05 18:46 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2008-01-05 18:46 . 2008-01-05 18:46 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Intel
2008-01-05 18:46 . 2007-08-27 11:12 2,777,088 --a------ C:\WINDOWS\system32\NETw4r32.dll
2008-01-05 18:46 . 2007-09-26 06:01 2,236,032 --a------ C:\WINDOWS\system32\drivers\NETw4x32.sys
2008-01-05 18:46 . 2007-08-27 06:12 745,472 --------- C:\WINDOWS\system32\NETw4c32.dll
2008-01-05 18:45 . 2008-01-05 18:45 <DIR> d-------- C:\Documents and Settings\Steve\Application Data\Intel
2008-01-05 17:31 . 2007-03-16 18:10 86,016 --a------ C:\WINDOWS\system32\preflib.dll
2008-01-05 17:31 . 2007-03-16 18:10 69,632 --a------ C:\WINDOWS\system32\bcmwlpkt.dll
2008-01-05 17:31 . 2007-03-16 18:10 44,032 --a------ C:\WINDOWS\system32\wltrynt.dll
2008-01-05 17:31 . 2007-03-16 18:10 33,664 --a------ C:\WINDOWS\system32\drivers\BCMWLNPF.SYS
2008-01-05 17:30 . 2007-03-16 18:10 3,395,584 --a------ C:\WINDOWS\system32\BCMWLCPL.CPL
2008-01-05 17:30 . 2007-03-16 18:10 2,129,920 --a------ C:\WINDOWS\system32\WLBCGCBPRO731.DLL
2008-01-05 17:30 . 2007-03-16 18:10 1,392,640 --a------ C:\WINDOWS\system32\WLTRAY.EXE
2008-01-05 17:30 . 2007-03-16 18:10 757,760 --a------ C:\WINDOWS\system32\bcm1xsup.dll
2008-01-05 17:18 . 2008-01-05 17:18 <DIR> d-------- C:\Documents and Settings\Steve\Bluetooth Software
2008-01-05 08:06 . 2004-08-04 05:00 1,086,058 -ra------ C:\WINDOWS\SET5E.tmp
2008-01-05 08:06 . 2004-08-04 05:00 1,042,903 -ra------ C:\WINDOWS\SET5B.tmp
2008-01-05 08:06 . 2006-03-30 05:03 22,339 -ra------ C:\WINDOWS\SETA5.tmp
2008-01-05 08:06 . 2004-08-04 05:00 13,753 -ra------ C:\WINDOWS\SET6A.tmp
2008-01-05 08:06 . 2005-03-30 12:54 10,559 -ra------ C:\WINDOWS\SETA6.tmp
2008-01-05 07:32 . 2008-01-05 07:32 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InstallShield
2008-01-05 07:12 . 2004-08-10 06:00 829,440 --a--c--- C:\WINDOWS\system32\dllcache\inetmgr.dll
2008-01-05 07:11 . 2008-01-11 21:48 <DIR> d-------- C:\Inetpub
2008-01-04 13:15 . 2008-01-04 13:15 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\alot
2008-01-04 13:15 . 2008-01-04 13:15 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\alot
2008-01-04 07:20 . 2008-01-04 07:20 2 --a------ C:\WINDOWS\uid.tmp
2008-01-03 16:05 . 2004-08-04 05:00 226,816 --a--c--- C:\WINDOWS\system32\dllcache\npdrmv2.dll
2008-01-03 16:05 . 2004-08-10 06:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
2008-01-03 16:05 . 2004-08-04 05:00 10,240 --a--c--- C:\WINDOWS\system32\dllcache\npwmsdrm.dll
2008-01-03 16:04 . 2004-08-04 05:00 364,544 --a--c--- C:\WINDOWS\system32\dllcache\npdsplay.dll
2008-01-03 16:03 . 2004-08-04 05:00 126,464 --a--c--- C:\WINDOWS\system32\dllcache\wmiapsrv.exe
2008-01-03 14:47 . 2004-08-04 05:00 1,086,058 -ra------ C:\WINDOWS\SET57.tmp
2008-01-03 14:47 . 2004-08-04 05:00 1,042,903 -ra------ C:\WINDOWS\SET54.tmp
2008-01-03 14:47 . 2006-03-30 05:03 22,339 -ra------ C:\WINDOWS\SET9E.tmp
2008-01-03 14:47 . 2004-08-04 05:00 13,753 -ra------ C:\WINDOWS\SET63.tmp
2008-01-03 14:47 . 2005-03-30 12:54 10,559 -ra------ C:\WINDOWS\SET9F.tmp
2008-01-03 14:17 . 2004-08-04 05:00 1,086,058 -ra------ C:\WINDOWS\SETE4.tmp
2008-01-03 14:17 . 2004-08-04 05:00 1,042,903 -ra------ C:\WINDOWS\SETE1.tmp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-03 01:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-01-30 21:29 --------- d-----w C:\Program Files\Common Files\Cloudmark
2008-01-25 04:00 --------- d-----w C:\Program Files\MidiNotate
2008-01-25 03:54 --------- d-----w C:\Program Files\Notation
2008-01-23 01:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-01-13 20:57 --------- d-----w C:\Program Files\Trend Micro
2008-01-09 12:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-09 12:57 --------- d-----w C:\Program Files\RamBooster 2.0
2008-01-09 12:56 --------- d-----w C:\Program Files\MP3Toys
2008-01-09 12:54 --------- d-----w C:\Program Files\Hugoland
2008-01-09 12:53 --------- d-----w C:\Program Files\GemMaster
2008-01-09 12:53 --------- d-----w C:\Program Files\EMusic Download Manager
2008-01-09 12:53 --------- d-----w C:\Program Files\Dell
2008-01-09 03:58 --------- d-----w C:\Program Files\Quick To-Do Pro
2008-01-09 03:49 --------- d-----w C:\Documents and Settings\Steve\Application Data\CoreFTP
2008-01-05 21:23 21,760 ----a-w C:\WINDOWS\Iry76.sys
2007-12-19 14:13 73,216 ----a-w C:\WINDOWS\WinLockDll.dll
2007-12-17 17:27 --------- d-----w C:\Program Files\CoreFTP
2007-12-09 13:05 --------- d-----w C:\Program Files\eFax Messenger Plus 3.2
2006-10-10 02:18 87,776 ----a-w C:\Documents and Settings\Steve\Application Data\GDIPFONTCACHEV1.DAT
2006-05-10 03:51 116,736 ----a-w C:\Program Files\UnitConverter.exe
2006-04-19 14:22 6,253,109 ----a-w C:\Program Files\wmatomp3.exe
2005-12-18 02:00 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2004-06-23 03:17 493 ----a-w C:\Program Files\CueStation 4.lnk
2004-06-19 03:38 784 ----a-w C:\Documents and Settings\Steve\Application Data\mpauth.dat
2004-04-04 01:27 493 ----a-w C:\Program Files\CueStation 4 Folder.lnk
2003-11-01 22:25 379 ----a-w C:\Program Files\Shortcut to Installers.lnk
2005-06-02 03:22 56 --sha-r C:\WINDOWS\system32\DAE28181A6.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"1&1 EasyLogin"="C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe" [2007-08-02 03:50 1313792]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2003-09-01 17:52 376912]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-11 19:39 176201]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 16:41 77824]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 04:04 59392]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2007-03-16 18:10 1392640]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-10 06:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 14:18 995328]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 14:13 1101824]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 09:54 282624]
"Wise-FTP Scheduler"="" []
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 11:48 761947]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 16:30 282624 C:\WINDOWS\stsystra.exe]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-22 22:21 823362]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 16:44 98304]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 16:45 118784]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [ ]
C:\Documents and Settings\Steve\Start Menu\Programs\Startup\
Quick To-Do PRO.lnk - C:\Program Files\Quick To-Do Pro\qtodopro.exe [2003-11-03 00:03:00 1598976]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\1&1]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\1&1\1&1 EasyLogin]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
"UpdReg"=C:\WINDOWS\UpdReg.EXE
"License"=locker.exe
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
"HostManager"=C:\Program Files\Common Files\AOL\1101259852\ee\AOLSoftware.exe
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
R2 SQLWriter;SQLWriter;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 04:29]
R3 NETGEARUHOST;NETGEAR Network USB Host Controller;C:\WINDOWS\system32\DRIVERS\NETGEARUHOST.sys [2006-08-17 15:04]
R3 NETGEARUHUB;NETGEAR Network USB Root Hub;C:\WINDOWS\system32\DRIVERS\NETGEARUHUB.sys [2006-08-17 15:04]
S2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" [2007-02-10 04:29]
S2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-10 06:00]
S3 LLUSBFLT;LLUSBFLT;C:\WINDOWS\system32\drivers\llusbflt.sys [2005-09-21 10:08]
S3 NETGEARUCOMP;NETGEAR Network USB Composite Device;C:\WINDOWS\system32\DRIVERS\NETGEARUCOMP.sys [2006-08-17 15:04]
S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc2.sys [2005-09-21 10:08]
S4 TivoBeacon2;TivoBeacon2;"C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe" [2007-08-06 10:12]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-01-31 12:12:43 C:\WINDOWS\Tasks\AdAware_07072006201516.job"
- C:\Program Files\Workspace Macro Pro 6.0\Workspace Macro Pro.exe
"2008-01-31 00:24:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-01 22:00:00 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-01-31 12:12:42 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-02 22:39:19
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.2180]
-> C:\Program Files\WS_FTP Pro\nsftpch.dll
.
Completion time: 2008-02-02 22:43:59
ComboFix2.txt 2008-01-14 14:24:34
.Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:21, on 2008-02-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Quick To-Do Pro\qtodopro.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AutoCAD 2004\acad.exe
C:\DOCUME~1\Steve\LOCALS~1\Temp\~e5d141.tmp
C:\Program Files\Common Files\Autodesk Shared\WSCommCntr1.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Adobe\Acrobat 5.0\Acrobat\Acrobat.exe
C:\Program Files\Common Files\Adobe\Web\AOM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061023
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [1&1 EasyLogin] "C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe" HIDE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - Startup: Quick To-Do PRO.lnk = C:\Program Files\Quick To-Do Pro\qtodopro.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/12119/CTSUEng.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/WebIQ/Data...6-6D5536C585C9}
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.29.11/ttinst.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/12119/CTPID.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL ACS - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: gusvc - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Media Center Extender Service (McrdSvc) - Unknown owner - C:\WINDOWS\ehome\mcrdsvc.exe (file missing)
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WANMiniportService - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 8751 bytes
2008-02-02 14:45:51 --- E O F ---
And here is the HJT Log....
2008-01-30 16:30 . 2008-01-30 16:30 <DIR> d-------- C:\Documents and Settings\Steve\Application Data\Cloudmark
2008-01-30 16:29 . 2008-01-30 16:29 <DIR> d-------- C:\Program Files\Cloudmark
2008-01-30 14:39 . 2008-01-30 14:39 <DIR> d-------- C:\WINDOWS\LastGood
2008-01-18 10:54 . 2008-01-18 10:54 <DIR> d-------- C:\Program Files\Usability Sciences
2008-01-18 10:54 . 2007-09-21 13:24 91,520 --a------ C:\WINDOWS\system32\WebIQEngineSetup.exe
2008-01-12 08:32 . 2008-01-12 08:32 4,128 --a------ C:\INFCACHE.1
2008-01-11 22:53 . 2008-01-11 22:56 216 --a------ C:\WirelessDiagLog.csv
2008-01-11 22:30 . 2008-01-11 22:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-01-11 22:13 . 2005-12-13 16:40 135,168 --a------ C:\WINDOWS\system32\igfxres.dll
2008-01-11 22:00 . 2004-08-10 04:13 73,728 --a--c--- C:\WINDOWS\system32\dllcache\ehresja.dll
2008-01-11 22:00 . 2004-08-10 04:13 69,632 --a--c--- C:\WINDOWS\system32\dllcache\ehresko.dll
2008-01-11 22:00 . 2004-08-10 04:13 69,632 --a--c--- C:\WINDOWS\system32\dllcache\ehresfr.dll
2008-01-11 22:00 . 2004-08-10 04:13 69,632 --a--c--- C:\WINDOWS\system32\dllcache\ehresde.dll
2008-01-11 21:58 . 2004-08-10 06:00 482,304 --a--c--- C:\WINDOWS\system32\dllcache\pintlgnt.ime
2008-01-11 21:57 . 2004-08-10 06:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-01-11 21:56 . 2004-08-10 06:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-01-11 21:55 . 2004-08-10 06:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-01-11 21:51 . 2008-01-17 14:13 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-01-11 21:51 . 2008-01-17 14:13 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-01-11 21:51 . 2008-01-17 14:13 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-01-11 21:51 . 2008-01-17 14:13 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-01-11 21:51 . 2008-01-17 14:13 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-01-11 21:51 . 2008-01-11 21:51 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-01-11 21:45 . 2004-08-10 04:04 102,912 --a--c--- C:\WINDOWS\system32\dllcache\ehsched.exe
2008-01-11 21:44 . 2004-08-10 06:00 363,520 --a--c--- C:\WINDOWS\system32\dllcache\w3svc.dll
2008-01-11 21:44 . 2004-08-10 06:00 61,440 --a--c--- C:\WINDOWS\system32\dllcache\httpod51.dll
2008-01-11 21:44 . 2004-08-10 06:00 46,592 --a--c--- C:\WINDOWS\system32\dllcache\sspifilt.dll
2008-01-11 21:44 . 2004-08-10 06:00 8,192 --a--c--- C:\WINDOWS\system32\dllcache\httpmb51.dll
2008-01-11 21:44 . 2004-08-10 06:00 7,680 --a--c--- C:\WINDOWS\system32\dllcache\inetmgr.exe
2008-01-11 21:39 . 2004-08-04 00:56 152,576 --a------ C:\WINDOWS\system32\irftp.exe
2008-01-11 21:39 . 2004-08-04 00:56 27,136 --a------ C:\WINDOWS\system32\irmon.dll
2008-01-11 21:39 . 2004-08-04 00:56 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2008-01-11 21:29 . 2004-08-10 06:00 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2008-01-11 21:29 . 2004-08-10 06:00 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
2008-01-11 21:29 . 2004-08-10 06:00 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2008-01-11 21:29 . 2004-08-10 06:00 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
2008-01-11 21:29 . 2005-03-30 12:54 10,559 -ra------ C:\WINDOWS\SETB6.tmp
2008-01-11 20:40 . 2004-08-04 05:00 267,776 --a------ C:\WINDOWS\system32\fxssvc.exe
2008-01-11 20:40 . 2004-08-04 05:00 267,776 --a--c--- C:\WINDOWS\system32\dllcache\fxssvc.exe
2008-01-11 20:12 . 2004-08-04 05:00 1,086,058 -ra------ C:\WINDOWS\SET5F.tmp
2008-01-11 20:12 . 2004-08-04 05:00 1,042,903 -ra------ C:\WINDOWS\SET5C.tmp
2008-01-11 20:12 . 2006-03-30 05:03 22,339 -ra------ C:\WINDOWS\SETAA.tmp
2008-01-11 20:12 . 2004-08-04 05:00 13,753 -ra------ C:\WINDOWS\SET6E.tmp
2008-01-11 20:12 . 2005-03-30 12:54 10,559 -ra------ C:\WINDOWS\SETAB.tmp
2008-01-10 22:02 . 2004-08-04 05:00 1,086,058 -ra------ C:\WINDOWS\SET65.tmp
2008-01-10 22:02 . 2004-08-04 05:00 1,042,903 -ra------ C:\WINDOWS\SET62.tmp
2008-01-10 22:02 . 2006-03-30 05:03 22,339 -ra------ C:\WINDOWS\SETAC.tmp
2008-01-10 22:02 . 2004-08-04 05:00 13,753 -ra------ C:\WINDOWS\SET71.tmp
2008-01-10 22:02 . 2005-03-30 12:54 10,559 -ra------ C:\WINDOWS\SETAD.tmp
2008-01-10 18:12 . 1996-10-15 09:53 78,848 --a------ C:\WINDOWS\system32\INLOADER.DLL
2008-01-10 18:11 . 2008-01-10 18:12 <DIR> d-------- C:\WINDOWS\_ISTMP3.DIR
2008-01-10 18:11 . 2008-01-10 18:12 <DIR> d-------- C:\WINDOWS\_ISTMP2.DIR
2008-01-05 21:26 . 2008-01-05 21:26 <DIR> d-------- C:\Documents and Settings\Steve\Application Data\CyberLink
2008-01-05 19:02 . 2008-01-05 19:02 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Intel
2008-01-05 18:47 . 2008-01-12 19:30 376,832 --a------ C:\WINDOWS\system32\AegisI5Installer.exe
2008-01-05 18:47 . 2008-01-12 19:30 21,361 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-01-05 18:47 . 2008-01-12 19:30 21,361 --a------ C:\WINDOWS\AegisP.sys
2008-01-05 18:47 . 2008-01-12 19:30 13,984 --a------ C:\WINDOWS\AegisP.inf
2008-01-05 18:47 . 2008-01-12 19:30 10,640 --a------ C:\WINDOWS\AegisP.cat
2008-01-05 18:46 . 2008-01-05 18:46 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Intel
2008-01-05 18:46 . 2008-01-05 18:46 <DIR> d-------- C:\Documents and Settings\Default User\Application Data\Intel
2008-01-05 18:46 . 2008-01-05 18:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Intel
2008-01-05 18:46 . 2008-01-05 18:46 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2008-01-05 18:46 . 2008-01-05 18:46 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Intel
2008-01-05 18:46 . 2007-08-27 11:12 2,777,088 --a------ C:\WINDOWS\system32\NETw4r32.dll
2008-01-05 18:46 . 2007-09-26 06:01 2,236,032 --a------ C:\WINDOWS\system32\drivers\NETw4x32.sys
2008-01-05 18:46 . 2007-08-27 06:12 745,472 --------- C:\WINDOWS\system32\NETw4c32.dll
2008-01-05 18:45 . 2008-01-05 18:45 <DIR> d-------- C:\Documents and Settings\Steve\Application Data\Intel
2008-01-05 17:31 . 2007-03-16 18:10 86,016 --a------ C:\WINDOWS\system32\preflib.dll
2008-01-05 17:31 . 2007-03-16 18:10 69,632 --a------ C:\WINDOWS\system32\bcmwlpkt.dll
2008-01-05 17:31 . 2007-03-16 18:10 44,032 --a------ C:\WINDOWS\system32\wltrynt.dll
2008-01-05 17:31 . 2007-03-16 18:10 33,664 --a------ C:\WINDOWS\system32\drivers\BCMWLNPF.SYS
2008-01-05 17:30 . 2007-03-16 18:10 3,395,584 --a------ C:\WINDOWS\system32\BCMWLCPL.CPL
2008-01-05 17:30 . 2007-03-16 18:10 2,129,920 --a------ C:\WINDOWS\system32\WLBCGCBPRO731.DLL
2008-01-05 17:30 . 2007-03-16 18:10 1,392,640 --a------ C:\WINDOWS\system32\WLTRAY.EXE
2008-01-05 17:30 . 2007-03-16 18:10 757,760 --a------ C:\WINDOWS\system32\bcm1xsup.dll
2008-01-05 17:18 . 2008-01-05 17:18 <DIR> d-------- C:\Documents and Settings\Steve\Bluetooth Software
2008-01-05 08:06 . 2004-08-04 05:00 1,086,058 -ra------ C:\WINDOWS\SET5E.tmp
2008-01-05 08:06 . 2004-08-04 05:00 1,042,903 -ra------ C:\WINDOWS\SET5B.tmp
2008-01-05 08:06 . 2006-03-30 05:03 22,339 -ra------ C:\WINDOWS\SETA5.tmp
2008-01-05 08:06 . 2004-08-04 05:00 13,753 -ra------ C:\WINDOWS\SET6A.tmp
2008-01-05 08:06 . 2005-03-30 12:54 10,559 -ra------ C:\WINDOWS\SETA6.tmp
2008-01-05 07:32 . 2008-01-05 07:32 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InstallShield
2008-01-05 07:12 . 2004-08-10 06:00 829,440 --a--c--- C:\WINDOWS\system32\dllcache\inetmgr.dll
2008-01-05 07:11 . 2008-01-11 21:48 <DIR> d-------- C:\Inetpub
2008-01-04 13:15 . 2008-01-04 13:15 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\alot
2008-01-04 13:15 . 2008-01-04 13:15 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\alot
2008-01-04 07:20 . 2008-01-04 07:20 2 --a------ C:\WINDOWS\uid.tmp
2008-01-03 16:05 . 2004-08-04 05:00 226,816 --a--c--- C:\WINDOWS\system32\dllcache\npdrmv2.dll
2008-01-03 16:05 . 2004-08-10 06:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
2008-01-03 16:05 . 2004-08-04 05:00 10,240 --a--c--- C:\WINDOWS\system32\dllcache\npwmsdrm.dll
2008-01-03 16:04 . 2004-08-04 05:00 364,544 --a--c--- C:\WINDOWS\system32\dllcache\npdsplay.dll
2008-01-03 16:03 . 2004-08-04 05:00 126,464 --a--c--- C:\WINDOWS\system32\dllcache\wmiapsrv.exe
2008-01-03 14:47 . 2004-08-04 05:00 1,086,058 -ra------ C:\WINDOWS\SET57.tmp
2008-01-03 14:47 . 2004-08-04 05:00 1,042,903 -ra------ C:\WINDOWS\SET54.tmp
2008-01-03 14:47 . 2006-03-30 05:03 22,339 -ra------ C:\WINDOWS\SET9E.tmp
2008-01-03 14:47 . 2004-08-04 05:00 13,753 -ra------ C:\WINDOWS\SET63.tmp
2008-01-03 14:47 . 2005-03-30 12:54 10,559 -ra------ C:\WINDOWS\SET9F.tmp
2008-01-03 14:17 . 2004-08-04 05:00 1,086,058 -ra------ C:\WINDOWS\SETE4.tmp
2008-01-03 14:17 . 2004-08-04 05:00 1,042,903 -ra------ C:\WINDOWS\SETE1.tmp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-03 01:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-01-30 21:29 --------- d-----w C:\Program Files\Common Files\Cloudmark
2008-01-25 04:00 --------- d-----w C:\Program Files\MidiNotate
2008-01-25 03:54 --------- d-----w C:\Program Files\Notation
2008-01-23 01:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-01-13 20:57 --------- d-----w C:\Program Files\Trend Micro
2008-01-09 12:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-09 12:57 --------- d-----w C:\Program Files\RamBooster 2.0
2008-01-09 12:56 --------- d-----w C:\Program Files\MP3Toys
2008-01-09 12:54 --------- d-----w C:\Program Files\Hugoland
2008-01-09 12:53 --------- d-----w C:\Program Files\GemMaster
2008-01-09 12:53 --------- d-----w C:\Program Files\EMusic Download Manager
2008-01-09 12:53 --------- d-----w C:\Program Files\Dell
2008-01-09 03:58 --------- d-----w C:\Program Files\Quick To-Do Pro
2008-01-09 03:49 --------- d-----w C:\Documents and Settings\Steve\Application Data\CoreFTP
2008-01-05 21:23 21,760 ----a-w C:\WINDOWS\Iry76.sys
2007-12-19 14:13 73,216 ----a-w C:\WINDOWS\WinLockDll.dll
2007-12-17 17:27 --------- d-----w C:\Program Files\CoreFTP
2007-12-09 13:05 --------- d-----w C:\Program Files\eFax Messenger Plus 3.2
2006-10-10 02:18 87,776 ----a-w C:\Documents and Settings\Steve\Application Data\GDIPFONTCACHEV1.DAT
2006-05-10 03:51 116,736 ----a-w C:\Program Files\UnitConverter.exe
2006-04-19 14:22 6,253,109 ----a-w C:\Program Files\wmatomp3.exe
2005-12-18 02:00 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2004-06-23 03:17 493 ----a-w C:\Program Files\CueStation 4.lnk
2004-06-19 03:38 784 ----a-w C:\Documents and Settings\Steve\Application Data\mpauth.dat
2004-04-04 01:27 493 ----a-w C:\Program Files\CueStation 4 Folder.lnk
2003-11-01 22:25 379 ----a-w C:\Program Files\Shortcut to Installers.lnk
2005-06-02 03:22 56 --sha-r C:\WINDOWS\system32\DAE28181A6.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"1&1 EasyLogin"="C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe" [2007-08-02 03:50 1313792]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2003-09-01 17:52 376912]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-11 19:39 176201]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 16:41 77824]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 04:04 59392]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2007-03-16 18:10 1392640]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-10 06:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 14:18 995328]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 14:13 1101824]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 09:54 282624]
"Wise-FTP Scheduler"="" []
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 11:48 761947]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 16:30 282624 C:\WINDOWS\stsystra.exe]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-22 22:21 823362]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 16:44 98304]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 16:45 118784]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [ ]
C:\Documents and Settings\Steve\Start Menu\Programs\Startup\
Quick To-Do PRO.lnk - C:\Program Files\Quick To-Do Pro\qtodopro.exe [2003-11-03 00:03:00 1598976]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\1&1]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\1&1\1&1 EasyLogin]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
"UpdReg"=C:\WINDOWS\UpdReg.EXE
"License"=locker.exe
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
"HostManager"=C:\Program Files\Common Files\AOL\1101259852\ee\AOLSoftware.exe
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
R2 SQLWriter;SQLWriter;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 04:29]
R3 NETGEARUHOST;NETGEAR Network USB Host Controller;C:\WINDOWS\system32\DRIVERS\NETGEARUHOST.sys [2006-08-17 15:04]
R3 NETGEARUHUB;NETGEAR Network USB Root Hub;C:\WINDOWS\system32\DRIVERS\NETGEARUHUB.sys [2006-08-17 15:04]
S2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" [2007-02-10 04:29]
S2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-10 06:00]
S3 LLUSBFLT;LLUSBFLT;C:\WINDOWS\system32\drivers\llusbflt.sys [2005-09-21 10:08]
S3 NETGEARUCOMP;NETGEAR Network USB Composite Device;C:\WINDOWS\system32\DRIVERS\NETGEARUCOMP.sys [2006-08-17 15:04]
S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc2.sys [2005-09-21 10:08]
S4 TivoBeacon2;TivoBeacon2;"C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe" [2007-08-06 10:12]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-01-31 12:12:43 C:\WINDOWS\Tasks\AdAware_07072006201516.job"
- C:\Program Files\Workspace Macro Pro 6.0\Workspace Macro Pro.exe
"2008-01-31 00:24:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-01 22:00:00 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-01-31 12:12:42 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-02 22:39:19
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.2180]
-> C:\Program Files\WS_FTP Pro\nsftpch.dll
.
Completion time: 2008-02-02 22:43:59
ComboFix2.txt 2008-01-14 14:24:34
.Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:21, on 2008-02-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Quick To-Do Pro\qtodopro.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AutoCAD 2004\acad.exe
C:\DOCUME~1\Steve\LOCALS~1\Temp\~e5d141.tmp
C:\Program Files\Common Files\Autodesk Shared\WSCommCntr1.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Adobe\Acrobat 5.0\Acrobat\Acrobat.exe
C:\Program Files\Common Files\Adobe\Web\AOM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061023
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [1&1 EasyLogin] "C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe" HIDE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - Startup: Quick To-Do PRO.lnk = C:\Program Files\Quick To-Do Pro\qtodopro.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/12119/CTSUEng.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/WebIQ/Data...6-6D5536C585C9}
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.29.11/ttinst.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/12119/CTPID.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL ACS - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: gusvc - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Media Center Extender Service (McrdSvc) - Unknown owner - C:\WINDOWS\ehome\mcrdsvc.exe (file missing)
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WANMiniportService - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 8751 bytes
2008-02-02 14:45:51 --- E O F ---
And here is the HJT Log....
Whoops, thought the HJT log posted, but it didn't. Here it is:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:58, on 2008-02-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Quick To-Do Pro\qtodopro.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AutoCAD 2004\acad.exe
C:\DOCUME~1\Steve\LOCALS~1\Temp\~e5d141.tmp
C:\Program Files\Common Files\Autodesk Shared\WSCommCntr1.exe
C:\Program Files\Adobe\Acrobat 5.0\Acrobat\Acrobat.exe
C:\Program Files\Common Files\Adobe\Web\AOM.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061023
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [1&1 EasyLogin] "C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe" HIDE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - Startup: Quick To-Do PRO.lnk = C:\Program Files\Quick To-Do Pro\qtodopro.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/12119/CTSUEng.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/WebIQ/Data...6-6D5536C585C9}
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.29.11/ttinst.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/12119/CTPID.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL ACS - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: gusvc - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Media Center Extender Service (McrdSvc) - Unknown owner - C:\WINDOWS\ehome\mcrdsvc.exe (file missing)
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WANMiniportService - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 8669 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:58, on 2008-02-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Quick To-Do Pro\qtodopro.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AutoCAD 2004\acad.exe
C:\DOCUME~1\Steve\LOCALS~1\Temp\~e5d141.tmp
C:\Program Files\Common Files\Autodesk Shared\WSCommCntr1.exe
C:\Program Files\Adobe\Acrobat 5.0\Acrobat\Acrobat.exe
C:\Program Files\Common Files\Adobe\Web\AOM.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061023
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [1&1 EasyLogin] "C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe" HIDE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - Startup: Quick To-Do PRO.lnk = C:\Program Files\Quick To-Do Pro\qtodopro.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/12119/CTSUEng.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/WebIQ/Data...6-6D5536C585C9}
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.29.11/ttinst.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/12119/CTPID.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL ACS - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: gusvc - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Media Center Extender Service (McrdSvc) - Unknown owner - C:\WINDOWS\ehome\mcrdsvc.exe (file missing)
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WANMiniportService - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 8669 bytes
The first part of hte ComboFix log is missing,. Can you post that portion please.
OK, here it is...
ComboFix 08-02.03.1 - Steve 2008-02-02 22:29:48.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.224 [GMT -5:00]
Running from: C:\Documents and Settings\Steve\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-01-03 to 2008-02-03 )))))))))))))))))))))))))))))))
.
2008-01-30 16:30 . 2008-01-30 16:30 <DIR> d-------- C:\Documents and Settings\Steve\Application Data\Cloudmark
...
ComboFix 08-02.03.1 - Steve 2008-02-02 22:29:48.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.224 [GMT -5:00]
Running from: C:\Documents and Settings\Steve\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-01-03 to 2008-02-03 )))))))))))))))))))))))))))))))
.
2008-01-30 16:30 . 2008-01-30 16:30 <DIR> d-------- C:\Documents and Settings\Steve\Application Data\Cloudmark
...
There is only one file shown runnig that may be affecting your system. We'll try removing that then cleaning temp files and folders.
First:
1. Close any open browsers.
2. Open notepad and copy/paste the text in the quotebox below into it:
Save this as CFScript.txt, in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at "C:\ComboFix.txt"
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Second:
Your HJT Log shows both Trend Micro and AVG providing antivirus protection. You should only have one AV program providing real time protection. Run ning more that one risks slowdowns and possible corruption. PLease keep one and remove the other.
Third:
Please download ATF Cleaner by Atribune.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
First:
1. Close any open browsers.
2. Open notepad and copy/paste the text in the quotebox below into it:
QUOTE
File::
C:\DOCUME~1\Steve\LOCALS~1\Temp\~e5d141.tmp
C:\DOCUME~1\Steve\LOCALS~1\Temp\~e5d141.tmp
Save this as CFScript.txt, in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at "C:\ComboFix.txt"
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Second:
Your HJT Log shows both Trend Micro and AVG providing antivirus protection. You should only have one AV program providing real time protection. Run ning more that one risks slowdowns and possible corruption. PLease keep one and remove the other.
Third:
Please download ATF Cleaner by Atribune.
- Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
- Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
- Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
I did everything you suggested, but it didn't solve the problem.
Basically, I went back to any of the headline page links from AOL.com that had a Flash-based slideshow scroll arrows. When I click on the "Next picture" (forward) arrow, the following error dialog box came up: "Windows can not access the specified device, path, or file. You may not have appropriate permisions to access the item."
Once I click OK, then no less than 50 small, blank windows popup in seconds. I can close them all, but this is obviously a problem.
If you don't have any more solutions, perhaps you might recommend another source that might help.
Thanks,
Steve
Basically, I went back to any of the headline page links from AOL.com that had a Flash-based slideshow scroll arrows. When I click on the "Next picture" (forward) arrow, the following error dialog box came up: "Windows can not access the specified device, path, or file. You may not have appropriate permisions to access the item."
Once I click OK, then no less than 50 small, blank windows popup in seconds. I can close them all, but this is obviously a problem.
If you don't have any more solutions, perhaps you might recommend another source that might help.
Thanks,
Steve
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.