Here are my latest hijackthis and combofix files. This all started on 11-13, should I dlete everything that was created after then?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:00:08 PM, on 11/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\carr\LOCALS~1\Temp\Temporary Directory 1 for HiJackThis.zip\HijackThis.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~2\NSCSRVCE.EX E
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://mail.yahoo.com/?.intl=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://mail.yahoo.com/?.intl=us
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: MSVPS System - {6C7A1C43-D86E-49D4-A66E-8EF0DCFCBB71} - C:\WINDOWS\oprevmqp.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\sw g.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: The bonsws - {7BF35567-E7C5-4646-8F65-41898BEF0637} - C:\WINDOWS\bonsws.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} -
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} -
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) -
http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) -
http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) -
http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (WficaCtl Object) -
http://www.chqair.com/citrix/wfica.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) -
https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) -
https://disneyblast.go.com/v3/setup/...areControl.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -
http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-30.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsu...?1120015905484
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsof...?1120016030609
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) -
http://a.download.toontown.com/sv1.0.27.6/ttinst.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) -
http://www.disney.go.com/games/downl...ameManager.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) -
http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://zone.msn.com/bingame/popcaploader_v10.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C4552302-3050-426C-AABE-03317E1E4421}: NameServer = 192.168.2.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: ddkret - {1C06BD44-A3B0-4EE9-A23C-5E00EC395863} - C:\WINDOWS\ddkret.dll
O21 - SSODL: nopctrl - {A31FB970-B8E7-4E65-9781-069B4D7384E0} - C:\WINDOWS\nopctrl.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
--
End of file - 11655 bytes
COMBOFIX:
ComboFix 07-11-08.1 - carr 2007-11-16 0:25:34.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.412 [GMT -5:00]
Running from: F:\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\carr\Desktop\Error Cleaner.url
C:\Documents and Settings\carr\Desktop\Privacy Protector.url
C:\Documents and Settings\carr\Desktop\Spyware&Malware Protection.url
C:\Documents and Settings\carr\Favorites\Error Cleaner.url
C:\Documents and Settings\carr\Favorites\Privacy Protector.url
C:\Documents and Settings\carr\Favorites\Spyware&Malware Protection.url
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\nm
((((((((((((((((((((((((( Files Created from 2007-10-16 to 2007-11-16 )))))))))))))))))))))))))))))))
.
2007-11-16 00:24 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-15 12:10 289,144 --a------ C:\WINDOWS\SYSTEM32\VCCLSID.exe
2007-11-15 12:10 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe
2007-11-15 12:10 53,248 --a------ C:\WINDOWS\SYSTEM32\Process.exe
2007-11-15 12:10 51,200 --a------ C:\WINDOWS\SYSTEM32\dumphive.exe
2007-11-15 12:10 25,600 --a------ C:\WINDOWS\SYSTEM32\WS2Fix.exe
2007-11-15 03:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2007-11-15 01:54 16,824 --a------ C:\replace.cmd
2007-11-15 01:01 664 --a------ C:\WINDOWS\SYSTEM32\d3d9caps.dat
2007-11-15 00:28 1,416 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2007-11-14 01:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-14 00:59 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-11-14 00:59 <DIR> d-------- C:\Documents and Settings\carr\Application Data\SUPERAntiSpyware.com
2007-11-14 00:56 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-13 10:03 <DIR> d-------- C:\Program Files\MSBuild
2007-11-13 09:19 294,912 --a------ C:\WINDOWS\oprevmqp.dll
2007-11-13 09:19 287,744 --a------ C:\WINDOWS\nopctrl.dll
2007-11-13 09:19 275,456 --a------ C:\WINDOWS\ddkret.dll
2007-11-13 09:19 167,936 --a------ C:\WINDOWS\bonsws.dll
2007-11-13 09:19 112,128 --a------ C:\WINDOWS\sawkip.exe
2007-11-10 09:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-11-09 10:29 <DIR> dr-h----- C:\MSOCache
2007-11-06 18:36 526,443,824 --a------ C:\Program Files\Enterprise.exe
2007-11-05 13:13 <DIR> d-------- C:\WINDOWS\OFFICE 2007 DOUG
2007-11-04 11:02 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-11-03 10:04 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-03 10:03 626,688 --a------ C:\WINDOWS\SYSTEM32\msvcr80.dll
2007-11-03 10:03 2,560 --------- C:\WINDOWS\SYSTEM32\drivers\cdralw2k.sys
2007-11-03 10:03 2,432 --------- C:\WINDOWS\SYSTEM32\drivers\cdr4_xp.sys
2007-11-03 10:02 <DIR> d-------- C:\Program Files\Picasa2
2007-11-03 10:00 <DIR> d-------- C:\WINDOWS\SYSTEM32\runtime
2007-10-27 08:55 80,896 --a------ C:\WINDOWS\SYSTEM32\dllcache\dc210usd.dll
2007-10-27 08:55 80,896 --a------ C:\WINDOWS\SYSTEM32\dc210usd.dll
2007-10-27 08:55 25,600 --a------ C:\WINDOWS\SYSTEM32\dllcache\dc210_32.dll
2007-10-27 08:55 25,600 --a------ C:\WINDOWS\SYSTEM32\dc210_32.dll
2007-10-27 08:55 6,784 --a------ C:\WINDOWS\SYSTEM32\drivers\serscan.sys
2007-10-27 08:55 6,784 --a------ C:\WINDOWS\SYSTEM32\dllcache\serscan.sys
2007-10-25 11:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2007-10-20 11:04 32,592 --a------ C:\WINDOWS\SYSTEM32\msonpmon.dll
2007-10-20 10:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-10-20 10:36 526,428,264 --a------ C:\Program Files\X12-30307.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-11-14 08:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-14 08:32 --------- d-----w C:\Program Files\SpywareBlaster
2007-11-14 06:18 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-14 05:35 --------- d-----w C:\Program Files\CCleaner
2007-11-13 15:04 --------- d-----w C:\Program Files\Microsoft Works
2007-11-13 01:59 43 ----a-w C:\sc.dat
2007-11-06 05:22 --------- d-----w C:\Program Files\PowerPoint Viewer
2007-11-03 15:00 --------- d-----w C:\Program Files\Google
2007-11-02 22:15 --------- d-----w C:\Program Files\Norton Internet Security
2007-11-02 01:58 --------- d-----w C:\Program Files\ShortCut for Windows
2007-10-20 16:19 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-10-20 16:19 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-10-20 16:19 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-10-20 16:19 --------- d-----w C:\Program Files\Symantec
2007-10-01 18:49 98,184 ----a-w C:\WINDOWS\system32\drivers\symfw.sys
2007-10-01 18:49 31,624 ----a-w C:\WINDOWS\system32\drivers\symids.sys
2007-10-01 18:49 28,040 ----a-w C:\WINDOWS\system32\drivers\symndis.sys
2007-10-01 18:49 23,944 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
2007-10-01 18:49 189,320 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
2007-10-01 18:48 12,680 ----a-w C:\WINDOWS\system32\drivers\symdns.sys
2007-09-16 15:51 133,746,915 ----a-w C:\Program Files\GunboundRV_setup.exe
2007-09-16 15:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-16 15:21 --------- d-----w C:\Program Files\NHN USA
2006-10-16 18:02 1,672,336 ----a-w C:\Program Files\install_easyshare.exe
2006-08-06 01:55 42,300,352 ----a-w C:\Program Files\91.31_winxp2kmce_english_whql.exe
2006-08-05 02:41 315,624 ----a-w C:\Program Files\dxwebsetup.exe
2006-06-06 22:39 5,037,072 ----a-w C:\Program Files\spybotsd14.exe
2006-05-31 11:39 41,998 ----a-w C:\Program Files\dxdllreg_x86.cab
2006-05-31 11:39 181,745 ----a-w C:\Program Files\JUN2006_XACT_x64.cab
2006-05-31 11:39 134,631 ----a-w C:\Program Files\JUN2006_XACT_x86.cab
2006-05-31 11:25 82,190 ----a-w C:\Program Files\dxupdate.cab
2006-05-31 11:24 2,248,984 ----a-w C:\Program Files\dsetup32.dll
2006-05-31 11:23 484,632 ----a-w C:\Program Files\DXSETUP.exe
2006-05-31 11:22 74,520 ----a-w C:\Program Files\DSETUP.dll
2006-04-10 00:26 6,715,392 ----a-w C:\Program Files\WindowsDefender.msi
2006-03-31 17:56 917,318 ------w C:\Program Files\Apr2006_MDX1_x86.cab
2006-03-31 17:56 87,989 ------w C:\Program Files\Apr2006_xinput_x64.cab
2006-03-31 17:56 46,898 ------w C:\Program Files\Apr2006_xinput_x86.cab
2006-03-31 17:56 4,163,518 ------w C:\Program Files\Apr2006_MDX1_x86_Archive.cab
2006-03-31 17:56 180,021 ------w C:\Program Files\Apr2006_XACT_x64.cab
2006-03-31 17:56 133,991 ------w C:\Program Files\Apr2006_XACT_x86.cab
2006-03-31 17:56 1,398,718 ------w C:\Program Files\Apr2006_d3dx9_30_x64.cab
2006-03-31 17:56 1,116,109 ------w C:\Program Files\Apr2006_d3dx9_30_x86.cab
2006-02-03 14:00 179,247 ------w C:\Program Files\Feb2006_XACT_x64.cab
2006-02-03 14:00 133,297 ------w C:\Program Files\Feb2006_XACT_x86.cab
2006-02-03 14:00 1,363,684 ------w C:\Program Files\Feb2006_d3dx9_29_x64.cab
2006-02-03 14:00 1,085,608 ------w C:\Program Files\Feb2006_d3dx9_29_x86.cab
2005-12-05 23:31 86,925 ------w C:\Program Files\Oct2005_xinput_x64.cab
2005-12-05 23:31 46,247 ------w C:\Program Files\Oct2005_xinput_x86.cab
2005-12-05 23:31 1,358,864 ------w C:\Program Files\Dec2005_d3dx9_28_x64.cab
2005-12-05 23:31 1,080,344 ------w C:\Program Files\Dec2005_d3dx9_28_x86.cab
2005-11-07 14:31 643,124 ----a-w C:\Program Files\atomic.exe
2005-09-01 16:11 21,121,760 ----a-w C:\Program Files\77.77_winxp2k_english_whql.exe
2005-07-23 00:14 1,351,430 ------w C:\Program Files\Aug2005_d3dx9_27_x64.cab
2005-07-23 00:14 1,078,532 ------w C:\Program Files\Aug2005_d3dx9_27_x86.cab
2005-07-05 02:41 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2005-05-26 19:49 1,336,890 ------w C:\Program Files\Jun2005_d3dx9_26_x64.cab
2005-05-26 19:49 1,065,813 ------w C:\Program Files\Jun2005_d3dx9_26_x86.cab
2005-05-25 23:39 54,360 ----a-w C:\Program Files\STORY1.PWP
2005-03-18 22:40 1,348,242 ------w C:\Program Files\Apr2005_d3dx9_25_x64.cab
2005-03-18 22:40 1,079,850 ------w C:\Program Files\Apr2005_d3dx9_25_x86.cab
2005-02-06 01:03 1,248,387 ------w C:\Program Files\Feb2005_d3dx9_24_x64.cab
2005-02-06 01:03 1,014,113 ------w C:\Program Files\Feb2005_d3dx9_24_x86.cab
2005-02-02 00:20 15,814,200 ----a-w C:\Program Files\jre-1_5_0_01-windows-i586-p.exe
2005-01-31 02:56 35,942,843 ----a-w C:\Program Files\NIS2004.exe
2004-09-27 16:29 976,020 ------w C:\Program Files\BDAXP.cab
2004-09-27 16:29 703,080 ------w C:\Program Files\BDA.cab
2004-09-27 16:29 15,493,481 ------w C:\Program Files\DirectX.cab
2004-09-27 16:29 13,265,040 ------w C:\Program Files\dxnt.cab
2004-09-27 16:29 1,156,363 ------w C:\Program Files\BDANT.cab
1998-08-24 17:09 10,000 ----a-w C:\WINDOWS\INF\unregpn.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6C7A1C43-D86E-49D4-A66E-8EF0DCFCBB71}]
2007-11-13 04:14 294912 --a------ C:\WINDOWS\oprevmqp.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7BF35567-E7C5-4646-8F65-41898BEF0637}"= C:\WINDOWS\bonsws.dll [2007-11-13 04:14 167936]
[HKEY_CLASSES_ROOT\CLSID\{7BF35567-E7C5-4646-8F65-41898BEF0637}]
[HKEY_CLASSES_ROOT\bonsws.ToolBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{36575CE4-4ED3-4380-9C06-A0C0591B7351}]
[HKEY_CLASSES_ROOT\bonsws.ToolBar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray. dll" [2005-12-09 03:52]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-09 03:52]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 21:19]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-10-25 11:31:56]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
"ddkret"= {1C06BD44-A3B0-4EE9-A23C-5E00EC395863} - C:\WINDOWS\ddkret.dll [2007-11-13 04:14 275456]
"nopctrl"= {A31FB970-B8E7-4E65-9781-069B4D7384E0} - C:\WINDOWS\nopctrl.dll [2007-11-13 04:14 287744]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-05-25 14:22 63040 C:\WINDOWS\SYSTEM32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GWMDMMSG]
GWMDMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GWMDMpi]
C:\WINDOWS\GWMDMpi.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
"C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"C:\Program Files\Windows Defender\MSASCui.exe" -hide
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mnmsrvc"=3 (0x3)
"LogMeIn"=2 (0x2)
"LMIMaint"=2 (0x2)
"ERSvc"=2 (0x2)
"6to4"=2 (0x2)
R0 fasttrak;fasttrak;C:\WINDOWS\system32\DRIVERS\fast trak.sys
R0 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.s ys
R2 LMIInfo;LogMeIn Kernel Information Provider;\??\C:\Program Files\LogMeIn\x86\RaInfo.sys
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\WINDOWS\system32\drivers\LMIRfsDrive r.sys
R3 Eacfilt;Eacfilt Miniport;C:\WINDOWS\system32\DRIVERS\eacfilt.sys
R3 IPSECSHM;Nortel IPSECSHM Adapter;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys
R3 lmimirr;lmimirr;C:\WINDOWS\system32\DRIVERS\lmimir r.sys
S2 IPSECEXT;Nortel Extranet Access Protocol;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys
S2 NMSSvc;Intel(R) NMS;C:\WINDOWS\System32\NMSSvc.exe
S3 DSSUSBF
SSUSBF Device;C:\WINDOWS\system32\DRIVERS\DSSUSBF.sys
S3 PciCon;PciCon;\??\E:\PciCon.sys
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2007-11-14 06:21:50 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - carr.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe
"2006-01-31 16:21:20 C:\WINDOWS\Tasks\Norton AntiVirus - Run Norton QuickScan - carr.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\NAVW32.EXE
.
************************************************** ************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-11-16 00:33:14
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
Completion time: 2007-11-16 0:35:32 - machine was rebooted
.
--- E O F ---
Thanks for the help, I hope you can find out what is wrong and what I can do.
PC Help Forum
» Security & Safety
» [Fixed] Hijackthis! Logs
»
[Fixed] Big Virus Problems Help
[Fixed] Big Virus Problems Help
isabled:Microsoft DirectPlay Helper"
