How I could let my machine get infected to this extent is disgraceful.
A couple of things:
1) I forgot to turn off SpyBot's memory-resident components before running ComboFix
2) When my machine rebooted, an "Out of system resources" error box popped up
3) During its final stages, ComboFix returned the message "Unable to find the path specified".
Here is the ComboFix log:
ComboFix 07-08-09.3 - "Chris" 2007-08-13 3:53:04.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.644 [GMT -5:00]
Command switches used :: C:\Documents and Settings\Chris\Desktop\CFScript.txt
* Created a new restore point
FILE::
C:\windows\system32\ldcore.dll
C:\WINDOWS\dls0523pmw.exe
C:\WINDOWS\system32\babay.ini2
C:\WINDOWS\system32\babay.bak2
C:\WINDOWS\system32\babay.bak1
C:\WINDOWS\TEMP\win46.tmp.exe
C:\WINDOWS\system32\drvfaf.dll
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\babay.bak1
C:\WINDOWS\system32\babay.bak2
C:\WINDOWS\system32\babay.ini2
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_ZHYZHCUBT
-------\ZHYZHCUBT
((((((((((((((((((((((((( Files Created from 2007-07-13 to 2007-08-13 )))))))))))))))))))))))))))))))
2007-08-12 08:58 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-10 18:39 77,312 --a------ C:\WINDOWS\ua2.dll
2007-08-07 04:34 <DIR> d-------- C:\VundoFix Backups
2007-08-07 03:01 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-08-06 23:09 <DIR> d-------- C:\DOCUME~1\Chris\APPLIC~1\Symantec
2007-08-06 20:50 22,112 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2007-08-06 17:23 <DIR> d-------- C:\Program Files\Norton 360
2007-08-06 17:20 48,776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-08-06 17:20 115,000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-08-06 17:18 <DIR> d-------- C:\Program Files\Symantec
2007-08-06 17:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-08-06 17:16 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-07-26 04:55 <DIR> d-------- C:\DOCUME~1\Chris\APPLIC~1\InstallShield
2007-07-13 20:04 <DIR> d-------- C:\Program Files\iPod
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-12 09:02 --------- d-------- C:\Program Files\Windows NT
2007-08-12 08:45 --------- d-------- C:\Program Files\Logitech
2007-08-06 17:29 806 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-08-06 17:29 8014 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-08-04 20:17 246 --a------ C:\Program Files\Common Files\labum
2007-07-31 04:35 --------- d-------- C:\Program Files\Trillian
2007-07-28 04:06 135 --a------ C:\Program Files\Common Files\prokyb.html
2007-07-17 12:21 186256 --a------ C:\WINDOWS\system32\SymNPPWA.dll
2007-07-14 08:54 252 --a--c--- C:\WINDOWS\PowerReg.dat
2007-07-13 20:03 --------- d-------- C:\Program Files\QuickTime
2007-07-13 20:01 --------- d-------- C:\Program Files\Apple Software Update
2007-07-13 19:59 --------- d-------- C:\DOCUME~1\Chris\APPLIC~1\tunebite
2007-07-10 18:03 --------- d-------- C:\Program Files\Common Files\Intuit
2007-07-03 18:15 --------- d-------- C:\DOCUME~1\Chris\APPLIC~1\EVEMon
2007-06-30 23:18 --------- d-------- C:\Program Files\Common Files\Apple
2007-06-26 03:27 363520 --a--c--- C:\WINDOWS\system32\dllcache\w3svc.dll
2007-06-24 18:21 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-06-17 07:42 --------- d-------- C:\Program Files\MSXML 4.0
2007-06-14 03:25 --------- d-------- C:\Program Files\Setup Files
2007-06-14 03:23 --------- d-------- C:\Program Files\MSI
2007-05-16 10:12 86528 --a--c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 10:12 85504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 10:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 10:12 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 10:12 510976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 10:12 1314816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll
2007-03-18 13:23 53120 --a------ C:\DOCUME~1\Chris\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-02-16 12:21 5080 --a------ C:\DOCUME~1\Chris\APPLIC~1\wklnhst.dat
2004-12-14 18:55 1456640 --a--c--- C:\Program Files\Common Files\Auto Assault Patcher.msi
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3964D8D6-86D0-493A-B460-A805B5401114}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C608D079-5001-48EA-813C-538FA2CE7B4C}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-02-09 17:54 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 04:50 C:\WINDOWS\LOGI_MWX.EXE]
"Launch LGDCore"="C:\Program Files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 15:31]
"Launch LCDMon"="C:\Program Files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 15:14]
"Profiler"="C:\Program Files\Saitek\Software\ProfilerU.exe" [2005-10-18 15:34]
"SaiMfd"="C:\Program Files\Saitek\Software\SaiMfd.exe" [2005-11-03 12:09]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"iTunesHelper"="D:\iTunes\iTunesHelper.exe" [2007-07-10 09:18]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-03-14 22:10]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"Steam"="" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
ckpNotify.dll 2004-04-01 17:48 24668 C:\WINDOWS\system32\ckpNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efefg]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnkhec]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winduj32]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yabab]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AceGain LiveUpdate]
C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"D:\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mnmsrvc"=3 (0x3)
"C-DillaCdaC11BA"=2 (0x2)
"ose"=3 (0x3)
"KodakCCS"=3 (0x3)
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"SR_WatchDog"=2 (0x2)
"SR_Service"=2 (0x2)
R1 SSHDRV65;SSHDRV65;\??\C:\WINDOWS\system32\drivers\SSHDRV65.sys
R1 SSHDRV85;SSHDRV85;\??\C:\WINDOWS\system32\drivers\SSHDRV85.sys
R2 Scap;SecureClient Application Policy Module;C:\WINDOWS\system32\DRIVERS\Scap.sys
R2 SNMP;SNMP Service;C:\WINDOWS\System32\snmp.exe
R2 VPN-1;VPN-1 Module;C:\WINDOWS\system32\drivers\vpn.sys
R3 FW1;SecuRemote Miniport;C:\WINDOWS\system32\DRIVERS\fw.sys
R3 SaiH0255;SaiH0255;C:\WINDOWS\system32\DRIVERS\SaiH0255.sys
R3 SaiMini;SaiMini;C:\WINDOWS\system32\drivers\SaiMini.sys
R3 SaiNtBus;SaiNtBus;C:\WINDOWS\system32\drivers\SaiBus.sys
R3 SRTSP;SRTSP;C:\WINDOWS\system32\Drivers\SRTSP.SYS
R3 tbhsd;Tunebite High-Speed Dubbing;C:\WINDOWS\system32\drivers\tbhsd.sys
S3 bfastfao;bfastfao;\??\C:\DOCUME~1\Chris\LOCALS~1\Temp\bfastfao.sys
S3 GMSIPCI;GMSIPCI;\??\E:\INSTALL\GMSIPCI.SYS
S3 MR97310_VGA_DUAL_CAMERA;Dual-Mode Digital Camera;C:\WINDOWS\system32\DRIVERS\mr97310v.sys
S3 NTACCESS;NTACCESS;\??\E:\NTACCESS.sys
S3 NtApm;NT Apm/Legacy Interface Driver;C:\WINDOWS\system32\DRIVERS\NtApm.sys
S3 OMVA;VPN-1 SecureClient Adapter;C:\WINDOWS\system32\DRIVERS\OMVA.sys
S3 rtl8029;Realtek RTL8029(AS)-based PCI Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\RTL8029.SYS
S3 SaiClass;SaiClass;C:\WINDOWS\system32\drivers\SaiNtBus.sys
S3 SaiNtHid;SaiNtHid;C:\WINDOWS\system32\DRIVERS\SaiNtHid.sys
S3 SNMPTRAP;SNMP Trap Service;C:\WINDOWS\System32\snmptrap.exe
S3 SRTSPL;SRTSPL;C:\WINDOWS\system32\Drivers\SRTSPL.SYS
S4 IISADMIN;IIS Admin;C:\WINDOWS\system32\inetsrv\inetinfo.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b31f5d0-4832-11da-9f31-806d6172696f}]
AutoRun\command- F:\shellexec.exe rom\index.html
*Newly Created Service* - COMHOST
Contents of the 'Scheduled Tasks' folder
2007-08-08 01:25:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-08-07 04:00:01 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job - C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-08-13 04:00:31
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-13 4:03:36 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-13 04:03
C:\ComboFix2.txt ... 2007-08-12 09:09
--- E O F ---
The rapport.txt file is here:
SmitFraudFix v2.211
Scan done at 4:08:08.40, Mon 08/13/2007
Run from C:\Documents and Settings\Chris\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\DirectX Extensions\DXDebugService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Saitek\Software\ProfilerU.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Chris
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Chris\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Chris\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Realtek RTL8169/8110 Family Gigabit Ethernet NIC - SecuRemote Miniport
DNS Server Search Order: 169.254.254.254
Description: Realtek RTL8169/8110 Family Gigabit Ethernet NIC - SecuRemote Miniport
DNS Server Search Order: 172.16.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{5DC39346-BC82-40BC-93BA-65595EE6F01B}: DhcpNameServer=169.254.254.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{94256898-C56F-491A-A734-18CEAC1A7BE7}: DhcpNameServer=172.16.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5DC39346-BC82-40BC-93BA-65595EE6F01B}: DhcpNameServer=169.254.254.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{94256898-C56F-491A-A734-18CEAC1A7BE7}: DhcpNameServer=172.16.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{5DC39346-BC82-40BC-93BA-65595EE6F01B}: DhcpNameServer=169.254.254.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{94256898-C56F-491A-A734-18CEAC1A7BE7}: DhcpNameServer=172.16.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=172.16.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=172.16.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=172.16.0.1
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
The Uninstall list:
3ivx D4 4.5.1 (remove only)
Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.9
Adobe Shockwave Player
AppCore
Apple Mobile Device Support
Apple Software Update
AV
BioWare Premium Module: Neverwinter Nights - Infinite Dungeons
Bonus
Carmageddon TDR2000
CC_ccProxyExt
ccCommon
ccPxyCore
CCScore
Check Point VPN-1 SecureClient NG_AI_R56
CIB
City of Heroes (remove only)
Community Expansion Pack version 1.00
Dawn of War - Dark Crusade
Dawn Of War - Winter Assault
DawnOfWar
DDS Converter 2.1
Dev-C++ 5 beta 9 release (4.9.9.2)
Diablo II
Digital Camera Plus Manager
Doom 3
Dr Watson for Microsoft Windows OneCare Live v0.8.0794.44
Dungeon Keeper 2
Dungeon Siege
Enclave
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
EVEMon
EVE-ONLINE (remove only)
Far Gate
FileZilla (remove only)
Freedom Force
GearDrvs
GhostMouse 2.0
Guild Wars
Half-Life(R) 2
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
Horizons
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 2
Java(TM) SE Runtime Environment 6 Update 1
kgcbase
Kodak EasyShare software
KSU
LEGO Star Wars
LEGO Star Wars II
Lexmark X1100 Series
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Logitech G-series Keyboard Software
Logitech MouseWare 9.79
Messenger Control Plugin for Ad-aware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Office Visio Professional 2003
Microsoft Office XP Professional with FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Windows Journal Viewer
Microsoft Word 2002
Microsoft Works 2004 Setup Launcher
mIRC
MSI Live Update 3
MSN Messenger 7.5
MSXML 4.0 SP2 (KB927978)
netbrdg
Neverwinter Nights
Norton 360
Norton 360
Norton 360
Norton 360 (Symantec Corporation)
Norton 360 Help
Norton Add-on Pack (Symantec Corporation)
Norton AntiSpam
Norton AntiSpam
Norton Confidential Browser Component
Norton Confidential Web Authentification Component
Norton Confidential Web Protection Component
Norton Internet Security Bonus Pack
Notifier
NVIDIA Display Driver
NVIDIA Drivers
OfotoXMI
QuickTime
RealPlayer
Realtek AC'97 Audio
Saitek SST Programming Software
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB939373)
SFR
SHASTA
Shockwave
Sinistar Unleashed patch
Sinistar: Unleashed
SKIN0001
SKINXSDK
SPBBC 32bit
Spybot - Search & Destroy 1.4
Star Wars Empire at War
staticcr
Steam(TM)
SuppSoft
Symantec Real Time Storage Protection Component
Symantec Technical Support Controls
SymNet
System Requirements Lab
TeamSpeak 2 RC2
Temple of Elemental Evil
The Movies(TM) Stunts & Effects
tooltips
Trackless
Trillian
Tunebite 4.0.0.13
Ulead COOL 360 1.0
Ulead Photo Explorer 6.0
Ulead Photo Express 4.0 SE
VPRINTOL
Whiteout
Windows Defender Signatures
Windows Genuine Advantage v1.3.0254.0
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
WinRAR archiver
WinSCP 3.5.6
WIRELESS
World of Warcraft
You can't tell that I'm a gaming addict, can you?
...and the new HijackThis logfile:
Logfile of HijackThis v1.99.1
Scan saved at 4:10:15 AM, on 8/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\DirectX Extensions\DXDebugService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Saitek\Software\ProfilerU.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\notepad.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\system32\notepad.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {C608D079-5001-48EA-813C-538FA2CE7B4C} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\ProfilerU.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) -
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) -
http://dfwnotesmail3/iNotes.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) -
http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) -
http://www.fileplanet.com/fpdlmgr/cabs/ ... 2.1.87.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) -
http://dfwnotesmail3/iNotes6.cab
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) -
http://tw.msi.com.tw/autobios/client/iftwclix.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftup ... 7574100347
O16 - DPF: {820FC8CB-B4C0-4901-9116-5CE9B08C2870} (Avocent Session Viewer) -
https://172.17.5.37/dsview/applets/avct ... -win32.cab
O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} -
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab Class) -
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) -
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = VERIZON.NET,GTE.NET,VERIZON.COM,INS.GTE.COM,GTE.COM
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = VERIZON.NET,GTE.NET,VERIZON.COM,INS.GTE.COM,GTE.COM
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = VERIZON.NET,GTE.NET,VERIZON.COM,INS.GTE.COM,GTE.COM
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ckpNotify - C:\WINDOWS\SYSTEM32\ckpNotify.dll
O20 - Winlogon Notify: efefg - C:\WINDOWS\
O20 - Winlogon Notify: opnkhec - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winduj32 - C:\WINDOWS\
O20 - Winlogon Notify: yabab - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe (file missing)
Thank you once again for doing this.