I had a few troubles, at least I think, when running Gmer. The scan went fine, and I was able to save a log file. When I followed the directions that included typing "net stop gmer" in the command prompt, I got an error message saying it does not exist. Not sure if this is a direct problem or if it is meant to be like that. Thank you so much for all the help.
CF Log:ComboFix 09-01-31.01 - Jimmy 2009-01-31 18:28:44.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1495 [GMT -5:00]
Running from: c:\documents and settings\Jimmy\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jimmy\Desktop\CFScript.txt
AV: PC-cillin Internet Security - Virus Protection *On-access scanning disabled* (Outdated)
FW: PC-cillin Internet Security - Firewall *disabled*
* Created a new restore point
FILE ::
c:\program files\desktoq.ini
c:\windows\system32\drivers\c45ced07.sys
c:\windows\system32\qryopdtp.dll
c:\windows\system32\rn.tmp
c:\windows\system32\XDva143.sys
c:\windows\system32\XDva186.sys
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Viewpoint
c:\documents and settings\Jimmy\Application Data\cogad
c:\documents and settings\Jimmy\Application Data\Twain
c:\documents and settings\Jimmy\Application Data\uTorrent
c:\documents and settings\Jimmy\Application Data\uTorrent\Assassins.Creed.Full-Rip.Skullptura.torrent
c:\documents and settings\Jimmy\Application Data\uTorrent\resume.dat
c:\documents and settings\Jimmy\Application Data\uTorrent\resume.dat.old
c:\documents and settings\Jimmy\Application Data\uTorrent\settings.dat
c:\documents and settings\Jimmy\Application Data\uTorrent\settings.dat.old
c:\program files\Common Files\owrf
c:\program files\Common Files\owrf\owrfa.lck
c:\program files\Common Files\owrf\owrfd\class-barrel
c:\program files\Common Files\owrf\owrfh
c:\program files\Common Files\owrf\owrfl.lck
c:\program files\Common Files\owrf\owrfm.lck
c:\program files\desktoq.ini
c:\windows\owrf
c:\windows\owrf\owrf.dat
c:\windows\owrf\wu
c:\windows\SmltbXk
c:\windows\SmltbXk\mA5Qvr4.vbs
c:\windows\system32\drivers\c45ced07.sys
c:\windows\system32\qryopdtp.dll
c:\windows\system32\rn.tmp
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_XDVA143
-------\Legacy_XDVA186
-------\Service_XDva143
-------\Service_XDva186
-------\Service_c45ced07
((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-31 )))))))))))))))))))))))))))))))
.
2009-01-30 20:28 . 2009-01-30 20:54 <DIR> d-------- c:\program files\Turbine
2009-01-30 20:28 . 2009-01-30 20:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\Turbine
2009-01-26 18:37 . 2009-01-26 18:37 7,680 --ahs---- C:\Thumbs.db
2009-01-24 14:11 . 2009-01-24 14:11 <DIR> d-------- c:\documents and settings\Jimmy\Application Data\Nexon
2009-01-21 16:06 . 2009-01-21 16:06 <DIR> d-------- C:\CrashReport
2009-01-20 14:15 . 2009-01-20 16:28 <DIR> d-------- c:\documents and settings\Jimmy\Application Data\IDM
2009-01-20 14:15 . 2009-01-28 11:55 <DIR> d-------- c:\documents and settings\Jimmy\Application Data\DMCache
2009-01-20 14:14 . 2009-01-20 14:15 <DIR> d-------- c:\program files\Internet Download Manager
2009-01-20 14:14 . 2009-01-20 14:14 <DIR> d-------- C:\New Folder
2009-01-17 16:50 . 2009-01-17 16:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\PMB Files
2009-01-17 16:49 . 2009-01-17 16:49 <DIR> d-------- c:\program files\Pando Networks
2009-01-04 17:07 . 2008-06-03 01:07 <DIR> d-------- C:\AV Voice Changer Software 6.0 Diamond Edition
2009-01-02 19:02 . 2007-03-12 16:42 3,495,784 --a------ c:\windows\system32\d3dx9_33.dll
2009-01-02 19:01 . 2009-01-02 19:01 <DIR> d-------- c:\windows\Logs
2009-01-01 18:10 . 2009-01-01 18:10 <DIR> d-------- C:\downloads
2009-01-01 18:10 . 2009-01-01 18:10 <DIR> d-------- c:\documents and settings\Jimmy\Application Data\FMZilla
2008-12-24 12:52 . 2008-12-24 12:52 <DIR> d-------- c:\program files\Java
2008-12-24 12:52 . 2008-12-24 12:52 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-17 17:49 . 2008-12-24 12:52 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-16 18:34 . 2007-12-11 09:37 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Roxio
2008-12-16 18:34 . 2007-12-11 09:15 <DIR> d-------- c:\documents and settings\Administrator\Application Data\InstallShield
2008-12-16 18:34 . 2008-12-16 18:34 <DIR> d-------- c:\documents and settings\Administrator
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-31 23:33 --------- d-----w c:\program files\Steam
2009-01-28 16:59 34 ----a-w c:\documents and settings\Jimmy\jagex_runescape_preferences.dat
2009-01-28 00:54 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-28 00:37 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-26 21:23 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-18 01:34 --------- d-----w c:\program files\AV Vcs 6.0 DIAMOND
2009-01-14 21:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 21:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-02 23:20 --------- d-----w c:\documents and settings\Jimmy\Application Data\SystemRequirementsLab
2008-12-30 01:21 --------- d-----w c:\documents and settings\Jimmy\Application Data\gtk-2.0
2008-12-26 01:45 --------- d-----w c:\program files\Apple Software Update
2008-12-19 02:15 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-09 23:41 --------- d-----w c:\program files\Trend Micro
2008-11-02 23:21 2,400,784 ----a-w C:\WLinstaller.exe
2008-11-01 17:04 668,488 ----a-w C:\HC2Setup.exe
2008-10-28 21:31 147,544,835 ----a-w C:\vegas70e_enu.exe
2008-10-07 20:43 61,588 -c--a-w c:\windows\BricoPackUninst.cmd
2008-10-07 20:43 5,417 -c--a-w c:\windows\BricoPackFoldersDelete.cmd
2005-12-03 04:58 1,982,464 ----a-w c:\program files\Vistab2.msstyles
.
------- Sigcheck -------
2007-06-13 05:23 975360 9784e0719124e4a23989aef9e7ca02d6 c:\windows\explorer.exe
2007-06-13 06:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
2008-04-13 19:12 1033728 12896823fb95bfb3dc9b46bcaedc9923 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
2007-06-13 05:23 975360 9784e0719124e4a23989aef9e7ca02d6 c:\windows\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2009-01-30_15.50.14.21 )))))))))))))))))))))))))))))))))))))))))
.
- 2000-08-31 13:00:00 161,792 ----a-w c:\windows\SWREG.exe
+ 2000-08-31 13:00:00 286,720 ----a-w c:\windows\SWREG.exe
- 2009-01-30 01:46:09 79,675 ----a-w c:\windows\system32\nvModes.dat
+ 2009-01-31 01:13:47 79,675 ----a-w c:\windows\system32\nvModes.dat
+ 2009-01-31 23:32:22 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_7b8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Steam"="c:\program files\steam\steam.exe" [2008-12-11 1410296]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-09 851968]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-06 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-06 81920]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-03 1228800]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-05-09 1392640]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"pccguide.exe"="c:\program files\Trend Micro\Internet Security 14\pccguide.exe" [2006-11-21 1807960]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-09 16384]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-10 385024]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-24 136600]
"nwiz"="nwiz.exe" [2007-06-06 c:\windows\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2007-06-06 c:\windows\system32\nvhotkey.dll]
c:\documents and settings\Jimmy\Start Menu\Programs\Startup\
RocketDock.lnk.disabled [2008-10-07 842]
TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-12-11 50688]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\roxiodragtodisc]
--a------ 2006-08-17 10:00 1116920 c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\roxwatchtray]
--a------ 2006-11-05 12:22 221184 c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\SteamApps\\pishockj\\counter-strike source\\hl2.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\pishockj\\source dedicated server\\srcds.exe"=
"c:\\Program Files\\Steam\\SteamApps\\pishockj\\counter-strike\\hl.exe"=
"c:\\Program Files\\Steam\\SteamApps\\pishockj\\zombie panic! source\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\jimmyjhp\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\pishockj\\age of chivalry\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\pishockj\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\pishockj\\insurgency\\hl2.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Steam\\SteamApps\\pishockj\\garrysmod\\hl2.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Turbine\\Turbine Download Manager\\TurbineMessageService.exe"=
"c:\\Program Files\\Turbine\\Turbine Download Manager\\TurbineNetworkService.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"57728:TCP"= 57728:TCP:Pando Media Booster
"57728:UDP"= 57728:UDP:Pando Media Booster
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2007-11-08 280392]
R4 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2007-11-08 36368]
S3 DADriv1;DADriv1;\??\c:\documents and settings\Jimmy\Desktop\MS Hacking\HackPack\DAEngine\DAK32.sys --> c:\documents and settings\Jimmy\Desktop\MS Hacking\HackPack\DAEngine\DAK32.sys [?]
S3 liveturbinemessageservice;Turbine Message Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineMessageService.exe [2009-01-30 255472]
S3 liveturbinenetworkservice;Turbine Network Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineNetworkService.exe [2009-01-30 218608]
S4 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [2007-11-08 345696]
S4 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [2007-11-08 923216]
S4 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [2007-11-08 566872]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2009-01-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Supplementary Scan -------
.
mStart Page =
hxxp://www.comcast.net/mWindow Title = Windows Internet Explorer provided by Comcast
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {EC46BC7F-E5D7-4F5B-A70B-3C2C37C1861C} = 68.87.64.146,68.87.75.194
DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} -
hxxps://actsvr.comcastonline.com/techto ... ntrols.cabFF - ProfilePath - c:\documents and settings\Jimmy\Application Data\Mozilla\Firefox\Profiles\3mkdxskb.default\
FF - prefs.js: browser.search.selectedEngine - Zybez Item Database
FF - prefs.js: browser.startup.homepage -
hxxp://www.zybez.net/FF - component: c:\documents and settings\Jimmy\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-01-31 18:33:42
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(984)
c:\windows\System32\BCMLogon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2009-01-31 18:36:16 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-31 23:36:13
ComboFix2.txt 2009-01-30 20:51:04
ComboFix3.txt 2008-12-23 19:18:54
Pre-Run: 42,288,947,200 bytes free
Post-Run: 42,269,933,568 bytes free
Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4
253 --- E O F --- 2009-01-14 02:28:53
Gmer Log:GMER 1.0.14.14536 -
http://www.gmer.netRootkit scan 2009-01-31 18:49:17
Windows 5.1.2600 Service Pack 2
---- Kernel code sections - GMER 1.0.14 ----
? Combo-Fix.sys The system cannot find the file specified. !
? C:\ComboFix\catchme.sys The system cannot find the path specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS The system cannot find the file specified. !
---- Devices - GMER 1.0.14 ----
AttachedDevice \FileSystem\Ntfs \Ntfs tmpreflt.sys (Pre-Filter For XP/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
Device \FileSystem\Fastfat \Fat B38E6C8A
AttachedDevice \FileSystem\Fastfat \Fat tmpreflt.sys (Pre-Filter For XP/Trend Micro Inc.)
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)
---- Registry - GMER 1.0.14 ----
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSmqct.sys
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSmqct.sys
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSoiqt.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSmtvd.dat
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSShrxx.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSvkql.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSSxfmm.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSlxcp.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsahc.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSkhyf.log
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSSkkai.log
Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 2
Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset004\Services\MRxDAV\EncryptedDirectories@
---- EOF - GMER 1.0.14 ----
HJT Log:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:51:05 PM, on 1/31/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\scanner.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.comcast.net/R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL =
http://www.google.com/ig/dell?hl=en&cli ... bd=0071211O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [dscactivate] "%ProgramFiles%\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: RocketDock.lnk.disabled
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} (SupportSoft External Control) -
https://actsvr.comcastonline.com/techto ... ntrols.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{EC46BC7F-E5D7-4F5B-A70B-3C2C37C1861C}: NameServer = 68.87.64.146,68.87.75.194
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Turbine Message Service - Live (liveturbinemessageservice) - Turbine, Inc. - C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe
O23 - Service: Turbine Network Service - Live (liveturbinenetworkservice) - Turbine, Inc. - C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe
O23 - Service: npkcmsvc - Unknown owner - C:\Nexon\MapleStory\npkcmsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 7861 bytes