Ken, ComboFix and Hijack This logs follow, as requested.
The computer is still unstable: it's better since I got rid of Spyware Terminator, but it does close down again every now and then and when I just tried to cut-and-paste the logs here, Word opened but wouldn't respond--I had to reboot before I could get it to work.
I've had someone check it out to make sure that the hardware is all in good order, and they've said there's no obvious problem. It was clean enough inside, and not overheating; drivers all seem up to date and working well. Is there anything else you can suggest, assuming that ComboFix doesn't reveal anything nasty?
Thanks
Jane
ComboFix 08-08-19.06 - Jane 2008-08-22 8:21:27.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2120 [GMT 1:00]
Running from: F:\Documents and Settings\Jane\My Documents\My Downloads\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
F:\Documents and Settings\Jane\Cookies\jane@specificclick[2].txt
F:\WINDOWS\Downloaded Program Files\ODCTOOLS
F:\WINDOWS\Downloaded Program Files\setup.inf
F:\WINDOWS\system32\REGOBJ.DLL
.
((((((((((((((((((((((((( Files Created from 2008-07-22 to 2008-08-22 )))))))))))))))))))))))))))))))
.
2008-08-22 07:42 . 2008-08-22 07:42 <DIR> d-------- F:\WINDOWS\LastGood
2008-08-16 10:25 . 2008-05-01 15:33 331,776 -----c--- F:\WINDOWS\system32\dllcache\msadce.dll
2008-08-16 09:52 . 2008-08-16 09:52 <DIR> d-------- F:\Program Files\Malwarebytes' Anti-Malware
2008-08-16 09:52 . 2008-08-16 09:52 <DIR> d-------- F:\Documents and Settings\Jane\Application Data\Malwarebytes
2008-08-16 09:52 . 2008-08-16 09:52 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-16 09:52 . 2008-07-30 20:07 38,472 --a------ F:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-16 09:52 . 2008-07-30 20:07 17,144 --a------ F:\WINDOWS\system32\drivers\mbam.sys
2008-08-15 18:20 . 2008-08-19 11:18 1,374 --a------ F:\WINDOWS\imsins.BAK
2008-08-15 18:09 . 2008-04-11 20:04 691,712 -----c--- F:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-15 17:35 . 2008-08-15 17:35 <DIR> d-------- F:\Program Files\Java
2008-08-15 17:35 . 2008-06-10 02:32 73,728 --a------ F:\WINDOWS\system32\javacpl.cpl
2008-08-03 15:47 . 2008-08-03 15:47 <DIR> d-------- F:\Program Files\Trend Micro
2008-08-03 15:38 . 2008-08-03 15:38 <DIR> d-------- F:\Program Files\CCleaner
2008-08-03 11:07 . 2008-08-03 11:07 <DIR> d-------- F:\Program Files\CONEXANT
2008-08-03 11:07 . 2006-11-08 09:00 989,696 -ra------ F:\WINDOWS\system32\drivers\HSF_DPV.sys
2008-08-03 11:07 . 2006-11-08 08:59 730,112 -ra------ F:\WINDOWS\system32\drivers\HSF_CNXT.sys
2008-08-03 11:07 . 2006-11-08 08:59 257,408 -ra------ F:\WINDOWS\system32\drivers\HSFHWBS2.sys
2008-08-03 11:07 . 2006-11-07 02:54 172,032 -ra------ F:\WINDOWS\system32\Uci32114.dll
2008-08-03 11:07 . 2006-11-08 11:10 144,201 -ra------ F:\WINDOWS\system32\drivers\HSFProf.cty
2008-08-02 21:20 . 2008-08-02 21:20 <DIR> d-------- F:\Program Files\Lavasoft
2008-08-02 21:20 . 2008-08-03 10:58 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-02 19:46 . 2008-08-03 10:58 <DIR> d-------- F:\Program Files\SpywareBlaster
2008-08-01 10:50 . 2008-08-03 11:00 <DIR> d-------- F:\Program Files\NetWaiting
2008-07-25 15:59 . 2008-07-26 17:52 10,304 --a------ F:\WINDOWS\MSOPrefs.232
2008-07-25 15:59 . 2008-07-26 17:52 4,544 --a------ F:\WINDOWS\MSOClip.232
2008-07-25 12:13 . 2008-08-03 14:07 <DIR> d-------- F:\Program Files\Spybot - Search & Destroy
2008-07-25 12:13 . 2008-08-15 17:03 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-19 17:19 --------- d-----w F:\Program Files\Microsoft Silverlight
2008-08-03 10:02 --------- d-----w F:\Program Files\Scanner Wedge
2008-08-03 10:02 --------- d-----w F:\Program Files\Coupon Printer
2008-08-03 10:00 --------- d--h--w F:\Program Files\InstallShield Installation Information
2008-07-28 20:33 --------- d-----w F:\Documents and Settings\Jane\Application Data\Canon
2008-07-18 21:10 94,920 ----a-w F:\WINDOWS\system32\cdm.dll
2008-07-18 21:10 53,448 ----a-w F:\WINDOWS\system32\wuauclt.exe
2008-07-18 21:10 45,768 ----a-w F:\WINDOWS\system32\wups2.dll
2008-07-18 21:10 36,552 ----a-w F:\WINDOWS\system32\wups.dll
2008-07-18 21:09 563,912 ----a-w F:\WINDOWS\system32\wuapi.dll
2008-07-18 21:09 325,832 ----a-w F:\WINDOWS\system32\wucltui.dll
2008-07-18 21:09 205,000 ----a-w F:\WINDOWS\system32\wuweb.dll
2008-07-18 21:09 1,811,656 ----a-w F:\WINDOWS\system32\wuaueng.dll
2008-07-18 21:07 270,880 ----a-w F:\WINDOWS\system32\mucltui.dll
2008-07-18 21:07 210,976 ----a-w F:\WINDOWS\system32\muweb.dll
2008-07-07 20:26 253,952 ----a-w F:\WINDOWS\system32\es.dll
2008-06-25 13:31 --------- d-----w F:\Program Files\Common Files\Adobe
2008-06-24 16:43 74,240 ----a-w F:\WINDOWS\system32\mscms.dll
2008-06-23 16:57 826,368 ----a-w F:\WINDOWS\system32\wininet.dll
2008-06-20 17:46 245,248 ----a-w F:\WINDOWS\system32\mswsock.dll
2008-06-20 17:46 245,248 ----a-w F:\WINDOWS\system32\mswsock(2)(2)(2).dll
2008-06-20 17:46 147,968 ----a-w F:\WINDOWS\system32\dnsapi(2)(2)(2).dll
.
------- Sigcheck -------
2004-08-04 13:00 14336 8f078ae4ed187aaabc0a305146de6716 F:\WINDOWS\$NtServicePackUninstall$\svchost.exe
2004-08-04 13:00 14336 8f078ae4ed187aaabc0a305146de6716 F:\WINDOWS\SDold\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\svchost.exe
2004-08-04 13:00 14336 8f078ae4ed187aaabc0a305146de6716 F:\WINDOWS\SDold\Download\fd0264849c01086f3c6b505dc02dbd44\backup\svchost.exe
2008-04-14 01:12 14336 27c6d03bcdb8cfeb96b716f3d8be3e18 F:\WINDOWS\ServicePackFiles\i386\svchost.exe
2008-04-14 01:12 14336 27c6d03bcdb8cfeb96b716f3d8be3e18 F:\WINDOWS\system32\svchost.exe
2004-08-04 13:00 577024 c72661f8552ace7c5c85e16a3cf505c4 F:\WINDOWS\$NtServicePackUninstall$\user32.dll
2004-08-04 13:00 577024 c72661f8552ace7c5c85e16a3cf505c4 F:\WINDOWS\SDold\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\user32.dll
2004-08-04 13:00 577024 c72661f8552ace7c5c85e16a3cf505c4 F:\WINDOWS\SDold\Download\fd0264849c01086f3c6b505dc02dbd44\backup\user32.dll
2008-04-14 01:12 578560 b26b135ff1b9f60c9388b4a7d16f600b F:\WINDOWS\ServicePackFiles\i386\user32.dll
2008-04-14 01:12 578560 b26b135ff1b9f60c9388b4a7d16f600b F:\WINDOWS\system32\user32.dll
2004-08-04 13:00 82944 2ed0b7f12a60f90092081c50fa0ec2b2 F:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
2004-08-04 13:00 82944 2ed0b7f12a60f90092081c50fa0ec2b2 F:\WINDOWS\SDold\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\ws2_32.dll
2004-08-04 13:00 82944 2ed0b7f12a60f90092081c50fa0ec2b2 F:\WINDOWS\SDold\Download\fd0264849c01086f3c6b505dc02dbd44\backup\ws2_32.dll
2008-04-14 01:12 82432 2ccc474eb85ceaa3e1fa1726580a3e5a F:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
2008-04-14 01:12 82432 2ccc474eb85ceaa3e1fa1726580a3e5a F:\WINDOWS\system32\ws2_32.dll
2008-06-20 12:59 361600 ad978a1b783b5719720cff204b666c8e F:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2004-08-04 13:00 359040 9f4b36614a0fc234525ba224957de55c F:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2008-04-13 20:20 361344 93ea8d04ec73a85db02eb8805988f733 F:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
2004-08-04 13:00 359040 9f4b36614a0fc234525ba224957de55c F:\WINDOWS\SDold\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\tcpip.sys
2004-08-04 13:00 359040 9f4b36614a0fc234525ba224957de55c F:\WINDOWS\SDold\Download\fd0264849c01086f3c6b505dc02dbd44\backup\tcpip.sys
2008-04-13 20:20 361344 93ea8d04ec73a85db02eb8805988f733 F:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d F:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d F:\WINDOWS\system32\drivers\tcpip.sys
2004-08-04 13:00 502272 01c3346c241652f43aed8e2149881bfe F:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2004-08-04 13:00 502272 01c3346c241652f43aed8e2149881bfe F:\WINDOWS\SDold\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\winlogon.exe
2004-08-04 13:00 502272 01c3346c241652f43aed8e2149881bfe F:\WINDOWS\SDold\Download\fd0264849c01086f3c6b505dc02dbd44\backup\winlogon.exe
2008-04-14 01:12 507904 ed0ef0a136dec83df69f04118870003e F:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2008-04-14 01:12 507904 ed0ef0a136dec83df69f04118870003e F:\WINDOWS\system32\winlogon.exe
2004-08-04 13:00 182912 558635d3af1c7546d26067d5d9b6959e F:\WINDOWS\$NtServicePackUninstall$\ndis.sys
2004-08-04 13:00 182912 558635d3af1c7546d26067d5d9b6959e F:\WINDOWS\SDold\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\ndis.sys
2004-08-04 13:00 182912 558635d3af1c7546d26067d5d9b6959e F:\WINDOWS\SDold\Download\fd0264849c01086f3c6b505dc02dbd44\backup\ndis.sys
2008-04-13 20:20 182656 1df7f42665c94b825322fae71721130d F:\WINDOWS\ServicePackFiles\i386\ndis.sys
2008-04-13 20:20 182656 1df7f42665c94b825322fae71721130d F:\WINDOWS\system32\drivers\ndis.sys
2004-08-04 13:00 29056 4448006b6bc60e6c027932cfc38d6855 F:\WINDOWS\$NtServicePackUninstall$\ip6fw.sys
2004-08-04 13:00 29056 4448006b6bc60e6c027932cfc38d6855 F:\WINDOWS\SDold\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\ip6fw.sys
2004-08-04 13:00 29056 4448006b6bc60e6c027932cfc38d6855 F:\WINDOWS\SDold\Download\fd0264849c01086f3c6b505dc02dbd44\backup\ip6fw.sys
2008-04-13 19:53 36608 3bb22519a194418d5fec05d800a19ad0 F:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
2008-04-13 19:53 36608 3bb22519a194418d5fec05d800a19ad0 F:\WINDOWS\system32\drivers\ip6fw.sys
2004-08-04 13:00 2015232 fb142b7007ca2eea76966c6c5cc12150 F:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe
2004-08-03 22:59 2056832 947fb1d86d14afcffdb54bf837ec25d0 F:\WINDOWS\SDold\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\ntkrnlpa.exe
2004-08-03 22:59 2056832 947fb1d86d14afcffdb54bf837ec25d0 F:\WINDOWS\SDold\Download\fd0264849c01086f3c6b505dc02dbd44\backup\ntkrnlpa.exe
2008-04-13 19:31 2065792 109f8e3e3c82e337bb71b6bc9b895d61 F:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
2008-04-13 19:31 2023936 7f653a89f6e89e3ae0d49830eece35d4 F:\WINDOWS\system32\ntkrnlpa.exe
2004-08-04 13:00 2148352 626309040459c3915997ef98ec1c8d40 F:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe
2004-08-03 23:20 2180992 ce218bc7088681faa06633e218596ca7 F:\WINDOWS\SDold\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\ntoskrnl.exe
2004-08-03 23:20 2180992 ce218bc7088681faa06633e218596ca7 F:\WINDOWS\SDold\Download\fd0264849c01086f3c6b505dc02dbd44\backup\ntoskrnl.exe
2008-04-13 20:27 2188928 0c89243c7c3ee199b96fcc16990e0679 F:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
2008-04-13 20:24 2145280 40f8880122a030a7e9e1fedea833b33d F:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 01:12 1033728 12896823fb95bfb3dc9b46bcaedc9923 F:\WINDOWS\explorer.exe
2004-08-04 13:00 1032192 a0732187050030ae399b241436565e64 F:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-04 13:00 1032192 a0732187050030ae399b241436565e64 F:\WINDOWS\SDold\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\explorer.exe
2004-08-04 13:00 1032192 a0732187050030ae399b241436565e64 F:\WINDOWS\SDold\Download\fd0264849c01086f3c6b505dc02dbd44\backup\explorer.exe
2008-04-14 01:12 1033728 12896823fb95bfb3dc9b46bcaedc9923 F:\WINDOWS\ServicePackFiles\i386\explorer.exe
2004-08-04 13:00 108032 c6ce6eec82f187615d1002bb3bb50ed4 F:\WINDOWS\$NtServicePackUninstall$\services.exe
2004-08-04 13:00 108032 c6ce6eec82f187615d1002bb3bb50ed4 F:\WINDOWS\SDold\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\services.exe
2004-08-04 13:00 108032 c6ce6eec82f187615d1002bb3bb50ed4 F:\WINDOWS\SDold\Download\fd0264849c01086f3c6b505dc02dbd44\backup\services.exe
2008-04-14 01:12 108544 0e776ed5f7cc9f94299e70461b7b8185 F:\WINDOWS\ServicePackFiles\i386\services.exe
2008-04-14 01:12 108544 0e776ed5f7cc9f94299e70461b7b8185 F:\WINDOWS\system32\services.exe
2004-08-04 13:00 13312 84885f9b82f4d55c6146ebf6065d75d2 F:\WINDOWS\$NtServicePackUninstall$\lsass.exe
2004-08-04 13:00 13312 84885f9b82f4d55c6146ebf6065d75d2 F:\WINDOWS\SDold\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\lsass.exe
2004-08-04 13:00 13312 84885f9b82f4d55c6146ebf6065d75d2 F:\WINDOWS\SDold\Download\fd0264849c01086f3c6b505dc02dbd44\backup\lsass.exe
2008-04-14 01:12 13312 bf2466b3e18e970d8a976fb95fc1ca85 F:\WINDOWS\ServicePackFiles\i386\lsass.exe
2008-04-14 01:12 13312 bf2466b3e18e970d8a976fb95fc1ca85 F:\WINDOWS\system32\lsass.exe
2004-08-04 13:00 15360 24232996a38c0b0cf151c2140ae29fc8 F:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
2004-08-04 13:00 15360 24232996a38c0b0cf151c2140ae29fc8 F:\WINDOWS\SDold\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\ctfmon.exe
2004-08-04 13:00 15360 24232996a38c0b0cf151c2140ae29fc8 F:\WINDOWS\SDold\Download\fd0264849c01086f3c6b505dc02dbd44\backup\ctfmon.exe
2008-04-14 01:12 15360 5f1d5f88303d4a4dbc8e5f97ba967cc3 F:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2008-04-14 01:12 15360 5f1d5f88303d4a4dbc8e5f97ba967cc3 F:\WINDOWS\system32\ctfmon.exe
2004-08-04 13:00 57856 7435b108b935e42ea92ca94f59c8e717 F:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
2004-08-04 13:00 57856 7435b108b935e42ea92ca94f59c8e717 F:\WINDOWS\SDold\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\spoolsv.exe
2004-08-04 13:00 57856 7435b108b935e42ea92ca94f59c8e717 F:\WINDOWS\SDold\Download\fd0264849c01086f3c6b505dc02dbd44\backup\spoolsv.exe
2008-04-14 01:12 57856 d8e14a61acc1d4a6cd0d38aebac7fa3b F:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
2008-04-14 01:12 57856 d8e14a61acc1d4a6cd0d38aebac7fa3b F:\WINDOWS\system32\spoolsv.exe
2004-08-04 13:00 24576 39b1ffb03c2296323832acbae50d2aff F:\WINDOWS\$NtServicePackUninstall$\userinit.exe
2004-08-04 13:00 24576 39b1ffb03c2296323832acbae50d2aff F:\WINDOWS\SDold\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\userinit.exe
2004-08-04 13:00 24576 39b1ffb03c2296323832acbae50d2aff F:\WINDOWS\SDold\Download\fd0264849c01086f3c6b505dc02dbd44\backup\userinit.exe
2008-04-14 01:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 F:\WINDOWS\ServicePackFiles\i386\userinit.exe
2008-04-14 01:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 F:\WINDOWS\system32\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="F:\WINDOWS\system32\ctfmon.exe" [2008-04-14 01:12 15360]
"MSMSGS"="F:\Program Files\Messenger\msmsgs.exe" [2008-04-14 01:12 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USRpdA"="F:\WINDOWS\SYSTEM32\USRmlnkA.exe" [2004-08-04 13:00 77891]
"igfxtray"="F:\WINDOWS\system32\igfxtray.exe" [2005-08-24 12:50 94208]
"igfxhkcmd"="F:\WINDOWS\system32\hkcmd.exe" [2005-08-24 12:47 77824]
"igfxpers"="F:\WINDOWS\system32\igfxpers.exe" [2005-08-24 12:51 114688]
"Omnipage"="F:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 11:38 49152]
"Samsung Common SM"="F:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" [2005-07-03 08:20 372736]
"NeroFilterCheck"="F:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"InCD"="F:\Program Files\Ahead\InCD\InCD.exe" [2005-05-13 16:11 1397760]
"avast!"="F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 15:38 78008]
"HPDJ Taskbar Utility"="F:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-07 17:45 196608]
"SSBkgdUpdate"="F:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 16:00 155648]
"Adobe Reader Speed Launcher"="F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SunJavaUpdateSched"="F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 61952 F:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 13:36 14854144 F:\WINDOWS\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="F:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 01:12 15360]
F:\Documents and Settings\Jane\Start Menu\Programs\Startup\
Dragon NaturallySpeaking.lnk - F:\Program Files\ScanSoft\NaturallySpeaking8\Program\natspeak.exe [2005-04-04 08:37:50 1994752]
F:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Device Detector 3.lnk - F:\Program Files\Olympus\DeviceDetector\DevDtct2.exe [2008-05-06 17:05:22 114688]
Directrec Configuration Tool.lnk - F:\Program Files\Olympus\DSSPlayerPro\DirectrecConfig.exe [2008-05-06 17:05:20 122880]
Microsoft Office.lnk - F:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 09:15:54 65588]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"F:\\WINDOWS\\system32\\fxsclnt.exe"=
R1 aswSP;avast! Self Protection;F:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 15:35]
R2 aswFsBlk;aswFsBlk;F:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 15:37]
S3 USRpdA;U.S. Robotics 56K PCI Faxmodem Driver;F:\WINDOWS\system32\DRIVERS\USRpdA.sys [2001-08-17 14:28]
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page =
hxxp://www.google.co.uk/O9 -: {A7C6D697-2B0C-4BAE-B203-E10EA815DFC1} - F:\Program Files\FreshDevices\FreshDownload\fd.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-08-22 08:23:00
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-08-22 8:24:25
ComboFix-quarantined-files.txt 2008-08-22 07:24:19
Pre-Run: 59,174,428,672 bytes free
Post-Run: 59,225,620,480 bytes free
210 --- E O F --- 2008-08-20 18:27:08
____________________________________
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:27:43, on 22/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Ahead\InCD\InCDsrv.exe
F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
F:\Program Files\Alwil Software\Avast4\ashServ.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Olympus\DeviceDetector\DM1Service.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\hkcmd.exe
F:\WINDOWS\system32\igfxpers.exe
F:\WINDOWS\RTHDCPL.EXE
F:\Program Files\ScanSoft\OmniPageSE\opware32.exe
F:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
F:\Program Files\Ahead\InCD\InCD.exe
F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
F:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Messenger\msmsgs.exe
F:\PROGRA~1\ScanSoft\NATURA~1\Program\natspeak.exe
F:\WINDOWS\explorer.exe
F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.co.uk/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - F:\PROGRA~1\FRESHD~1\FRESHD~1\FDCatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - F:\PROGRA~1\FRESHD~1\FRESHD~1\fdiebar.dll
O4 - HKLM\..\Run: [USRpdA] F:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [igfxtray] F:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] F:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] F:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Omnipage] F:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [Samsung Common SM] "F:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] F:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [avast!] F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] F:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] F:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dragon NaturallySpeaking.lnk = F:\Program Files\ScanSoft\NaturallySpeaking8\Program\natspeak.exe
O4 - Global Startup: Device Detector 3.lnk = F:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Directrec Configuration Tool.lnk = F:\Program Files\Olympus\DSSPlayerPro\DirectrecConfig.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: FreshDownload - {A7C6D697-2B0C-4BAE-B203-E10EA815DFC1} - F:\Program Files\FreshDevices\FreshDownload\fd.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) -
https://support.microsoft.com/OAS/ActiveX/MSDcode.cabO16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) -
http://h20264.www2.hp.com/ediags/dd/ins ... csxp2k.cabO16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) -
http://catalog.update.microsoft.com/v7/ ... 0330356531O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupda ... 0092568248O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/microso ... 0095313154O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) -
https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/f ... wflash.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{AE4CAD89-825D-4131-ABA7-158C8978CA0E}: NameServer = 194.168.4.100 194.168.8.100
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DM1Service - OLYMPUS IMAGING CORP. - F:\Program Files\Olympus\DeviceDetector\DM1Service.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - F:\Program Files\Ahead\InCD\InCDsrv.exe
--
End of file - 7757 bytes