Here's the Combo-Fix log
ComboFix 09-04-25.03 - Victor Rocha 04/24/2009 18:22.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1558 [GMT -7:00]
Running from: c:\documents and settings\Victor Rocha\Desktop\Combo-Fix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Updated)
FW: Norton AntiVirus *enabled*
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\jestertb.dll
c:\windows\setup.exe
c:\windows\wiaserviv.log
----- BITS: Possible infected sites -----
hxxp://ROCHASERVER:55000.
((((((((((((((((((((((((( Files Created from 2009-05-25 to 2009-4-25 )))))))))))))))))))))))))))))))
.
2009-04-24 05:12 . 2009-04-06 22:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-24 05:12 . 2009-04-06 22:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-24 05:04 . 2003-07-30 12:00 185344 -c--a-w c:\windows\system32\dllcache\thawbrkr.dll
2009-04-24 05:04 . 2003-07-30 12:00 185344 ----a-w c:\windows\system32\Thawbrkr.dll
2009-04-15 02:28 . 2009-03-09 19:06 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-04-15 02:21 . 2009-03-09 19:06 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-04-15 02:18 . 2009-04-15 02:18 -------- dc-h--w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-15 02:18 . 2009-04-15 02:21 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-04-13 02:36 . 2009-04-13 02:36 -------- d-----w C:\VundoFix Backups
2009-04-11 23:29 . 2009-04-11 23:29 -------- d-----w c:\documents and settings\All Users\Application Data\{E40FD160-D3F8-4151-96D1-7B73567D4FF3}
2009-04-11 22:49 . 2009-04-11 23:01 -------- d-----w c:\documents and settings\Victor Rocha\Application Data\VirtualStore
2009-04-11 02:55 . 2009-04-11 03:30 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-04-11 02:55 . 2009-04-11 03:30 60808 ----a-w c:\windows\system32\S32EVNT1.DLL
2009-04-11 02:55 . 2009-04-11 03:30 124464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-04-11 02:55 . 2009-04-11 03:30 10635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-04-10 05:17 . 2009-04-11 02:18 -------- d-----w C:\Stamps temp
2009-04-08 05:46 . 2009-04-08 05:47 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-25 01:11 . 2009-04-15 04:45 4068 ----a-w C:\aaw7boot.log
2009-04-24 06:00 . 2004-04-01 21:58 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-24 05:12 . 2009-01-23 01:50 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-24 01:48 . 2009-01-19 00:22 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-23 05:18 . 2009-01-19 00:22 -------- d-----w c:\program files\Spyware Doctor
2009-04-21 04:21 . 2009-03-23 03:43 130936 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-04-17 20:58 . 2009-04-17 20:58 -------- d-----w c:\program files\Trend Micro
2009-04-15 02:18 . 2009-04-15 02:18 -------- d-----w c:\program files\Lavasoft
2009-04-14 04:20 . 2009-04-13 02:36 375 ----a-w C:\VundoFix.txt
2009-04-11 23:30 . 2009-04-11 04:07 -------- d-----w c:\program files\Stamps.com Internet Postage
2009-04-11 07:41 . 2004-04-01 20:48 -------- d-----w c:\program files\Sony
2009-04-11 07:40 . 2008-02-22 20:09 -------- d-----w c:\program files\DivX
2009-04-11 07:22 . 2004-04-01 19:51 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-11 07:21 . 2004-04-01 21:49 -------- d-----w c:\program files\Quicken
2009-04-11 07:13 . 2007-10-31 20:34 -------- d-----w c:\program files\Common Files\Adobe
2009-04-11 03:56 . 2009-01-22 06:06 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-11 03:36 . 2009-04-11 02:56 -------- d-----w c:\program files\Norton AntiVirus
2009-04-11 03:30 . 2007-11-03 04:17 -------- d-----w c:\program files\Symantec
2009-04-11 03:23 . 2004-04-01 21:58 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-04-11 02:56 . 2009-04-11 02:56 -------- d-----w c:\program files\Windows Sidebar
2009-04-10 05:20 . 2007-10-31 21:16 -------- d-----w c:\documents and settings\Victor Rocha\Application Data\Stamps.com Internet Postage bu
2009-04-08 05:47 . 2009-04-08 05:46 -------- d-----w c:\program files\iTunes
2009-04-08 05:46 . 2009-04-08 05:46 -------- d-----w c:\program files\iPod
2009-04-08 05:46 . 2008-06-09 03:44 -------- d-----w c:\program files\Common Files\Apple
2009-03-25 23:37 . 2008-02-02 04:48 -------- d-----w c:\program files\Windows Home Server
2009-03-23 03:46 . 2009-03-23 03:43 -------- d-----w c:\program files\Common Files\PC Tools
2009-03-23 03:43 . 2009-03-23 03:43 -------- d-----w c:\documents and settings\All Users\Application Data\PC Tools
2009-03-20 03:35 . 2009-03-20 03:35 -------- d-----w c:\program files\Unity
2009-03-19 23:32 . 2008-01-29 19:01 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-15 23:41 . 2009-03-15 23:41 -------- d-----w c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-15 23:38 . 2009-03-15 23:38 -------- d-----w c:\program files\QuickTime
2009-03-11 05:45 . 2007-09-07 02:53 44776 ----a-w c:\windows\system32\drivers\BackupReader.sys
2009-03-06 06:59 . 2009-03-15 23:35 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-06 06:59 . 2008-06-09 03:44 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-02-22 03:10 . 2009-02-22 03:10 2069272 ----a-w c:\windows\system32\AutoPartNt.exe
2009-02-19 21:03 . 2009-02-19 21:03 579464 ----a-w c:\windows\system32\SymNeti.dll
2009-02-19 21:03 . 2009-02-19 21:03 207240 ----a-w c:\windows\system32\SymRedir.dll
2008-10-25 20:11 . 2008-02-21 04:49 38888 ----a-w c:\documents and settings\Victor Rocha\Application Data\GDIPFONTCACHEV1.DAT
2008-02-24 03:06 . 2004-04-01 02:21 38888 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2007-10-31 22:43 . 2007-10-31 22:43 135 ----a-w c:\documents and settings\Victor Rocha\Local Settings\Application Data\fusioncache.dat
2004-04-01 02:21 . 2007-10-31 20:16 12328 ----a-w c:\documents and settings\Victor Rocha\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-08-23 05:24 . 2008-08-23 05:24 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082220080823\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2004-05-25 4841472]
"sHotKey"="c:\program files\SONY\sHotKey\sHotKey.exe" [2003-08-22 45056]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Maxtor\Schedule2\schedhlp.exe" [2007-04-20 149024]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton AntiVirus\osCheck.exe" [2007-08-25 714608]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HPAiODevice(hp officejet g series) - 1.lnk - c:\program files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe [2002-11-20 151552]
Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2008-8-16 555880]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NDAS Device Management.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NDAS Device Management.lnk
backup=c:\windows\pss\NDAS Device Management.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^OKI LPR Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\OKI LPR Utility.lnk
backup=c:\windows\pss\OKI LPR Utility.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Sony TVTA Manager"=2 (0x2)
"Sony TV Tuner Manager"=3 (0x3)
"Sony TV Tuner Controller"=3 (0x3)
"ndassvc"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"VAIOMediaPlatform-VideoServer-UPnP"=2 (0x2)
"VAIOMediaPlatform-VideoServer-HTTP"=2 (0x2)
"VAIOMediaPlatform-VideoServer-AppServer"=2 (0x2)
"VAIOMediaPlatform-Mobile-Gateway"=3 (0x3)
"VAIOMediaPlatform-IntegratedServer-UPnP"=2 (0x2)
"VAIOMediaPlatform-IntegratedServer-HTTP"=2 (0x2)
"VAIOMediaPlatform-IntegratedServer-AppServer"=2 (0x2)
"VAIO Entertainment UPnP Client Adapter"=3 (0x3)
"VAIO Entertainment TV Device Arbitration Service"=3 (0x3)
"VAIO Entertainment File Import Service"=2 (0x2)
"VAIO Entertainment Aggregation and Control Service"=3 (0x3)
"AcrSch2Svc"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Home Server\\Discovery.exe"=
"c:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"=
"c:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"=
"c:\\Program Files\\CyberLink\\PowerDirector\\PDR.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632]
R3 BackupReader;BackupReader;c:\windows\system32\DRIVERS\BackupReader.sys [2009-03-11 44776]
R3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys [2004-11-01 17536]
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-31 23888]
R3 ndasscsi;NDAS SCSI Miniport Driver;c:\windows\system32\DRIVERS\ndasscsi.sys [2007-06-30 187368]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
R4 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe [2004-03-13 86098]
R4 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;c:\program files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe [2004-03-13 278528]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-03-09 64160]
S0 lfsfilt;Lean File Sharing;c:\windows\System32\DRIVERS\lfsfilt.sys [2007-06-30 254440]
S0 lpx;LPX Protocol;c:\windows\System32\DRIVERS\lpx.sys [2007-06-30 62056]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-04-21 130936]
S0 snapman380;Acronis Snapshots Manager (Build 380);c:\windows\system32\DRIVERS\snman380.sys [2009-02-21 134272]
S0 tdrpman147;Acronis Try&Decide and Restore Points filter (build 147);c:\windows\system32\DRIVERS\tdrpm147.sys [2009-02-21 971232]
S1 ndasfat;NDAS FAT;c:\windows\System32\DRIVERS\ndasfat.sys [2007-06-30 372584]
S2 EarthLinkMonitor;EarthLink Monitor Service;c:\program files\EarthLink TotalAccess\WENGINE\wmonitor.exe [2005-01-26 65604]
S2 esClient;Windows Media Center Client Service;c:\program files\Windows Home Server\esClient.exe [2009-03-11 94056]
S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
S2 WHSConnector;Windows Home Server Connector Service;c:\program files\Windows Home Server\WHSConnector.exe [2009-03-11 335720]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-03-16 101936]
S3 ndasbus;NDAS Bus Driver;c:\windows\system32\DRIVERS\ndasbus.sys [2007-06-30 75880]
.
Contents of the 'Scheduled Tasks' folder
2009-04-15 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:06]
2009-04-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34]
2009-04-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3697121146-1859011895-3176343886-1004.job
- c:\documents and settings\Victor Rocha\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-06 05:40]
2009-04-14 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Victor Rocha.job
- c:\program files\Norton AntiVirus\Navw32.exe [2007-08-27 01:19]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com/uDefault_Search_URL =
hxxp://www.earthlink.net/partner/more/m ... earch.htmluSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) =
hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Victor Rocha\Application Data\Mozilla\Firefox\Profiles\m4sd5ze3.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.com/FF - plugin: c:\documents and settings\Victor Rocha\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-04-24 18:25
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-04-25 18:27
ComboFix-quarantined-files.txt 2009-04-25 01:27
Pre-Run: 200,446,840,832 bytes free
Post-Run: 200,537,903,104 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
231 --- E O F --- 2009-01-14 11:02
Here's the HJT file.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:30:25 PM, on 4/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Windows Home Server\esClient.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Home Server\WHSConnector.exe
C:\Program Files\SONY\sHotKey\sHotKey.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
C:\Program Files\Windows Home Server\WHSTrayApp.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.earthlink.net/partner/more/m ... earch.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EarthLink ScamBlocker V2 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll
O2 - BHO: BrowserHelper Class - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Program Files\Windows Home Server\WHSDeskBands.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll
O3 - Toolbar: Home Server Banner - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [sHotKey] "C:\Program Files\SONY\sHotKey\sHotKey.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: HPAiODevice(hp officejet g series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
O4 - Global Startup: Windows Home Server.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) -
http://supportcenter.rr.com/sdccommon/d ... gctlcm.cabO16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) -
http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cabO16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) -
https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cabO16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) -
https://vrochafamily.homeserver.com/Remote/msrdp.cabO16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) -
http://sdlc-esd.sun.com/ESD40/JSCDL/jre ... 586-jc.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cabO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
--
End of file - 9818 bytes