Ok - downloaded and ran combofix, and a new hijackthis log...here ya go..(still getting popups by the way)...
Combofix log:
ComboFix 08-01-20.1 - Owner 2008-01-20 23:00:23.1 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\17PHolmes1188.exe
C:\WINDOWS\system32\e9
C:\WINDOWS\system32\e9\farstadcom2.exe
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\p2
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\t8
C:\WINDOWS\system32\vybeg.ini
C:\WINDOWS\system32\vybeg.ini2
C:\WINDOWS\system32\z4
C:\WINDOWS\Fonts\'
C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete
.
((((((((((((((((((((((((( Files Created from 2007-12-21 to 2008-01-21 )))))))))))))))))))))))))))))))
.
2008-01-20 23:09 . 2008-01-20 23:09 <DIR> d-------- C:\temp\tn3
2008-01-20 23:09 . 2008-01-20 23:09 932 --------- C:\WINDOWS\system32\drivers\core.cache.dsk
2008-01-20 22:59 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-17 13:13 . 2008-01-17 13:45 <DIR> d-------- C:\Program Files\a-squared Free
2008-01-17 12:54 . 2008-01-17 12:54 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-17 03:22 . 2007-10-10 18:55 6,065,664 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-01-17 03:22 . 2007-06-30 22:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-01-17 03:22 . 2007-06-30 22:36 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-01-17 03:22 . 2007-10-10 18:55 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-01-17 03:22 . 2007-10-10 18:55 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-01-17 03:22 . 2007-10-10 18:55 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-01-17 03:22 . 2007-10-10 18:55 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-01-17 03:22 . 2007-10-10 18:55 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-01-17 03:22 . 2007-10-10 05:59 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-01-17 01:40 . 2008-01-17 02:16 <DIR> d-------- C:\VundoFix Backups
2008-01-17 00:08 . 2008-01-17 01:20 <DIR> d-------- C:\Program Files\Norton SystemWorks Basic Edition
2008-01-16 02:05 . 2008-01-16 02:05 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-01-16 02:02 . 2008-01-16 02:55 <DIR> d-------- C:\Program Files\Norton Internet Security
2008-01-16 01:58 . 2008-01-17 00:10 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-01-16 01:58 . 2008-01-17 00:10 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-01-16 01:58 . 2008-01-17 00:10 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-01-16 01:58 . 2008-01-17 00:10 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-01-16 00:31 . 2008-01-16 23:51 <DIR> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
2008-01-14 19:19 . 2008-01-14 19:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-01-14 15:06 . 2008-01-16 02:16 155,648 --a------ C:\WINDOWS\system32\igfxtray .exe
2008-01-14 15:06 . 2008-01-16 02:17 126,976 --a------ C:\WINDOWS\system32\hkcmd .exe
2008-01-14 07:58 . 2008-01-14 07:58 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-01-14 07:56 . 2008-01-17 00:58 <DIR> d--hs---- C:\WINDOWS\b3duZXI
2008-01-14 07:56 . 2008-01-17 01:02 39,936 --a------ C:\WINDOWS\mrofinu1000106.exe.tmp
2008-01-14 07:55 . 2008-01-14 07:55 86,016 --a------ C:\WINDOWS\system32\drivers\mrxdavv.sys
2008-01-14 07:54 . 2008-01-16 02:49 <DIR> d-------- C:\WINDOWS\system32\edcA18
2008-01-14 07:54 . 2008-01-14 07:55 <DIR> d-------- C:\temp\Ryuan1
2008-01-14 07:53 . 2008-01-14 15:26 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-14 07:44 . 2008-01-14 07:44 <DIR> d-------- C:\Program Files\E-Zsoft
2008-01-14 07:32 . 2004-05-25 17:06 417,792 --a------ C:\WINDOWS\system32\ac3filter.ax
2008-01-14 07:32 . 2005-02-27 21:48 356,352 --a------ C:\WINDOWS\system32\RealMediaSplitter.ax
2008-01-14 07:32 . 2004-01-10 17:02 258,048 --a------ C:\WINDOWS\system32\GplMpgDec.ax
2008-01-14 07:20 . 2008-01-14 07:21 <DIR> d-------- C:\temp\D--
2008-01-14 07:19 . 2008-01-14 07:19 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\dvdcss
2008-01-14 07:18 . 2005-11-21 00:48 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2008-01-14 07:18 . 2005-11-21 00:48 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2008-01-13 16:44 . 2008-01-20 23:10 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-13 16:44 . 2008-01-13 16:44 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-13 16:43 . 2008-01-16 02:56 <DIR> d-------- C:\Program Files\iTunes
2008-01-13 16:43 . 2008-01-13 16:43 <DIR> d-------- C:\Program Files\iPod
2008-01-13 16:40 . 2008-01-16 02:56 <DIR> d-------- C:\Program Files\QuickTime
2008-01-13 16:38 . 2008-01-13 16:38 <DIR> d-------- C:\Program Files\Apple Software Update
2008-01-13 16:37 . 2008-01-13 16:37 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-01-13 16:37 . 2008-01-13 16:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-01-07 23:16 . 2008-01-07 23:16 <DIR> d-------- C:\Program Files\Microsoft Games
2008-01-06 03:29 . 2008-01-06 03:29 <DIR> d-------- C:\Program Files\Full Tilt Poker.Net
2008-01-05 03:24 . 2008-01-05 03:24 <DIR> d-------- C:\Documents and Settings\Owner\PARTYPokerDir
2007-12-21 04:31 . 2007-12-21 04:31 268 --ah----- C:\sqmdata01.sqm
2007-12-21 04:31 . 2007-12-21 04:31 244 --ah----- C:\sqmnoopt01.sqm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-20 19:31 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-20 19:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-20 10:12 --------- d-----w C:\Program Files\mIRC
2008-01-20 07:21 --------- d-----w C:\Program Files\PokerStars
2008-01-17 05:11 --------- d-----w C:\Program Files\Symantec
2008-01-17 04:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-16 07:13 --------- d-----w C:\Documents and Settings\Owner\Application Data\Symantec
2008-01-15 08:13 --------- d-----w C:\Program Files\Google
2008-01-15 08:13 --------- d-----w C:\Program Files\Easy Internet signup
2008-01-14 23:30 --------- d-----w C:\Documents and Settings\Owner\Application Data\Move Networks
2008-01-14 20:31 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2008-01-13 23:57 --------- d-----w C:\Program Files\Sportsbook Poker
2008-01-06 08:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-03 07:30 --------- d-----w C:\Program Files\sportsbook.com lite
2008-01-01 02:10 --------- d-----w C:\Documents and Settings\Owner\Application Data\U3
2007-12-23 06:23 --------- d-----w C:\Program Files\Absolute Poker
2007-12-01 04:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-12-01 04:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-12-01 04:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-12-01 04:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-12-01 04:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-12-01 04:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-12-01 04:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-12-01 04:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-12-01 04:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-01-29 02:32 288 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2006-06-04 15:20 389,120 ----a-w C:\Documents and Settings\Owner\remote.exe
.
- Code: Select all
<pre>
----a-w 253,952 2008-01-16 07:17:41 C:\hp\drivers\hplsbwatcher\lsburnwatcher .exe
----a-w 50,736 2008-01-16 07:18:57 C:\Program Files\Common Files\AOL\1176546546\ee\AOLSoftware .exe
----a-w 71,216 2008-01-16 07:17:52 C:\Program Files\Common Files\AOL\ACS\AOLDial .exe
----a-w 51,048 2008-01-16 07:18:03 C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w 607,624 2008-01-16 07:18:09 C:\Program Files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SYMCUW .exe
----a-w 2,863,176 2008-01-17 05:10:58 C:\Program Files\Eyeball\Eyeball Chat\EyeballChat .exe
----a-w 2,863,176 2008-01-16 07:58:50 C:\Program Files\Eyeball\Eyeball Chat\EyeballChat .exe
----a-w 2,863,176 2008-01-17 05:12:55 C:\Program Files\Eyeball\Eyeball Chat\EyeballChat .exe
----a-w 2,863,176 2008-01-17 05:14:14 C:\Program Files\Eyeball\Eyeball Chat\EyeballChat .exe
----a-w 2,863,176 2008-01-17 05:15:51 C:\Program Files\Eyeball\Eyeball Chat\EyeballChat .exe
----a-w 2,863,176 2008-01-17 05:17:21 C:\Program Files\Eyeball\Eyeball Chat\EyeballChat .exe
----a-w 68,856 2008-01-14 23:22:08 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w 49,152 2008-01-16 07:17:28 C:\Program Files\Hp\HP Software Update\HPWuSchd2 .exe
----a-w 233,534 2008-01-16 07:17:35 C:\Program Files\HPQ\Default Settings\cpqset .exe
----a-w 290,816 2008-01-16 07:17:33 C:\Program Files\HPQ\Quick Launch Buttons\EabServr .exe
----a-w 267,048 2008-01-16 07:18:00 C:\Program Files\iTunes\iTunesHelper .exe
----a-w 36,972 2008-01-16 07:17:17 C:\Program Files\Java\jre1.5.0\bin\jusched .exe
----a-w 714,608 2008-01-16 07:18:22 C:\Program Files\Norton Internet Security\osCheck .exe
----a-w 286,720 2008-01-16 08:01:38 C:\Program Files\QuickTime\QTTask .exe
----a-w 648,192 2008-01-16 07:51:14 C:\Program Files\QuickTime\QTTask .exe
----a-w 286,720 2008-01-17 05:37:45 C:\Program Files\QuickTime\QTTask .exe
----a-w 286,720 2008-01-17 05:37:46 C:\Program Files\QuickTime\QTTask .exe
----a-w 286,720 2008-01-17 05:37:47 C:\Program Files\QuickTime\QTTask .exe
----a-w 286,720 2008-01-17 05:37:49 C:\Program Files\QuickTime\QTTask .exe
----a-w 286,720 2008-01-17 05:37:52 C:\Program Files\QuickTime\QTTask .exe
----a-w 286,720 2008-01-17 05:37:55 C:\Program Files\QuickTime\QTTask .exe
----a-w 286,720 2008-01-17 05:37:57 C:\Program Files\QuickTime\QTTask .exe
----a-w 286,720 2008-01-17 05:38:00 C:\Program Files\QuickTime\QTTask .exe
----a-w 286,720 2008-01-17 05:38:02 C:\Program Files\QuickTime\QTTask .exe
----a-w 286,720 2008-01-17 05:38:04 C:\Program Files\QuickTime\QTTask .exe
----a-w 26,112 2008-01-14 23:38:02 C:\Program Files\Real\RealPlayer\RealPlay .exe
----a-w 688,218 2008-01-16 07:17:29 C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
----a-w 98,394 2008-01-16 07:17:21 C:\Program Files\Synaptics\SynTP\SynTPLpr .exe
----a-w 4,670,704 2008-01-17 05:43:16 C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
----a-w 4,670,704 2008-01-17 05:43:24 C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
----a-w 4,670,704 2008-01-17 05:43:34 C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
----a-w 4,670,704 2008-01-17 05:43:44 C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
----a-w 4,670,704 2008-01-17 05:43:54 C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
----a-w 4,670,704 2008-01-17 05:44:05 C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
----a-w 224,248 2008-01-16 07:18:31 C:\Program Files\Yahoo!\Search Protection\SearchProtection .exe
----a-w 126,976 2008-01-16 07:17:09 C:\WINDOWS\system32\hkcmd .exe
----a-w 155,648 2008-01-16 07:16:57 C:\WINDOWS\system32\igfxtray .exe
</pre>
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1F3F061D-44FE-44CD-82A4-34C8B71CD340}]
C:\Program Files\MSN Gaming Zone\niqyre4444.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{24D25449-7789-44D1-8403-B0D02CAE6407}]
C:\Program Files\MSN Gaming Zone\niqyre83122.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5e638f80-a2f7-4327-a345-9ffb8660d418}]
C:\WINDOWS\system32\bsupnno.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-24 22:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-01-16 02:04 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9F231D4F-890C-479E-53BE-0F8C5FD09712}]
C:\Program Files\Movie Maker\ryciludy.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4982D40A-C53B-4615-B15B-B5B5E98D167C}
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 22:51 316784]
[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eyeball Chat"="C:\Program Files\Eyeball\Eyeball Chat\EyeballChat .exe" [ ]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1 .exe" [ ]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2008-01-16 02:58 584192]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-01-16 02:58 491008]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-01-16 02:58 462336]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0\bin\jusched.exe" [2008-01-16 02:59 372224]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2008-01-16 02:59 435200]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-16 02:59 1042944]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2008-01-16 02:58 385536]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2008-01-16 02:58 655872]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2008-01-16 02:58 233534]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2008-01-16 02:58 253952]
"hpWirelessAssistant"="C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-01-21 15:40 790528]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2008-01-16 02:58 71216]
"HostManager"="C:\Program Files\Common Files\AOL\1176546546\ee\AOLSoftware.exe" [2008-01-16 02:58 411648]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask .exe" [2008-01-16 03:01 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-16 02:59 692736]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-16 02:58 51048]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2008-01-16 03:03 714608]
"NSWosCheck"="C:\Program Files\Norton SystemWorks Basic Edition\osCheck.exe" [2007-09-18 08:22 25472]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\
0]
Source= C:\Program Files\Movie Maker\vilozowui.html
FriendlyName=
R1 mrxdavv;mrxdavv;C:\WINDOWS\system32\drivers\mrxdavv.sys [2008-01-14 07:55]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2007-08-25 00:07]
R3 NPDriver;Norton UnErase Protection Driver;C:\WINDOWS\system32\Drivers\NPDRIVER.SYS [2006-10-10 08:17]
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 19:27]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2007-05-29 15:55]
S3 SDdriver;SDdriver;C:\WINDOWS\system32\Drivers\sddriver.sys [2005-11-03 21:43]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 19:27]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{21aac494-f436-11db-9b9f-00038a000015}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-01-13 17:36:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-16 07:32:11 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Owner.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
"2008-01-17 05:09:37 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job"
- C:\Program Files\Norton SystemWorks Basic Edition\OBC.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-01-20 23:10:51
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????7?1?1?1??@???? ?,?B?????????????hLC? ??????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-20 23:16:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-21 04:16:28
.
2008-01-17 12:33:18 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:21:34 PM, on 1/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Common Files\AOL\1176546546\ee\AOLSoftware.exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
c:\program files\common files\aol\1176546546\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1176546546\ee\aolsoftware.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ie/def ... earch.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1F3F061D-44FE-44CD-82A4-34C8B71CD340} - C:\Program Files\MSN Gaming Zone\niqyre4444.dll (file missing)
O2 - BHO: (no name) - {24D25449-7789-44D1-8403-B0D02CAE6407} - C:\Program Files\MSN Gaming Zone\niqyre83122.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5e638f80-a2f7-4327-a345-9ffb8660d418} - C:\WINDOWS\system32\bsupnno.dll (file missing)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: 0 - {9F231D4F-890C-479E-53BE-0F8C5FD09712} - C:\Program Files\Movie Maker\ryciludy.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (file missing)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1176546546\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NSWosCheck] "C:\Program Files\Norton SystemWorks Basic Edition\osCheck.exe"
O4 - HKCU\..\Run: [Eyeball Chat] "C:\Program Files\Eyeball\Eyeball Chat\EyeballChat .exe" -min
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1 .EXE" -quiet
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar search -
res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Owner\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Owner\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) -
http://lads.myspace.com/upload/MySpaceUploader.cabO16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) -
https://webdl.symantec.com/activex/symdlmgr.cabO16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -
http://www.sparkpea.net/controls/msnchat45.cabO23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Movie Maker\vilozowui.html
--
End of file - 12335 bytes