MSN acting up - PC Help Forum - Free Computer Help, Windows, Hardware, Software and more!

gummy-ness · #1 04-08-2008

I recently obtained a virus through msn, however Norton appears to have resolved the problem, but despite that my msn has been lagging and crashing often since then.
Can someone please check my hijackthis to make sure nothing is there?

Thank you

ih8bills · #2 04-08-2008

Hi... Welcome to PCHF.

Forum Rules require that HJT logs must be analyzed by experienced Security Team Analysts. This is for your protection... and to give you our best service.

Our Security Team is always very busy-- and as we live all over the Earth...
Time-Zones are also an important factor.

Your patience is greatly appreciated.

Thank You

Pancake · #3 04-09-2008

I will have a look but I dont think its a malware problem..

Please download SDFix from here and save it to your desktop
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.
Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Please copy and paste that log in your next reply.
=================================

Ok.We need to download ComboFix.exe. This will give a better view to the files running and also hidden on your computer.
Please visit this webpage for download links, and instructions for running ComboFix

When the tool is finished, it will produce a report for you. Please copy and paste the "C:\ComboFix.txt" along with a new HijackThis log so that we can continue to do any further cleaning that your system may require.
Caution: Never run and remove files with Combofix unless supervised by a security analyst.
NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.

gummy-ness · #4 04-09-2008

Thank you for checking my logs over though

Its really much appreciated

SDFix: Version 1.168
Run by user on Wed 04/09/2008 at 11:30 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: H:\SDFix

Checking Services :

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

Checking Files :

No Trojan Files Found

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1351.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-09 23:39:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\s ptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="H:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:db,f1,0d,30,61,2a,5a,a7,0d,45,b5,da,d1 ,f6,08,6b,bd,0c,db,92,46,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\s ptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:4d,82,93,00,b7,8a,18,83,35,bd,13,48,8d ,f6,3c,25,88,48,22,7d,e6,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:8f,ab,5f,a6,6c,59,a7,8a,58,5b,0b,05,a7 ,73,e0,f7,d5,4a,9e,dc,cc,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg]
"s1"=dword:eb3c0aa4
"s2"=dword:6d45fb63
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:4d,82,93,00,b7,8a,18,83,35,bd,13,48,8d ,f6,3c,25,88,48,22,7d,e6,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:8f,ab,5f,a6,6c,59,a7,8a,58,5b,0b,05,a7 ,73,e0,f7,d5,4a,9e,dc,cc,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\s ptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:4d,82,93,00,b7,8a,18,83,35,bd,13,48,8d ,f6,3c,25,88,48,22,7d,e6,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:8f,ab,5f,a6,6c,59,a7,8a,58,5b,0b,05,a7 ,73,e0,f7,d5,4a,9e,dc,cc,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1489

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"H:\\Program Files\\LimeWire\\LimeWire.exe"="H:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"H:\\Program Files\\Bonjour\\mDNSResponder.exe"="H:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjou r"
"H:\\Documents and Settings\\user\\Desktop\\Skype.exe"="H:\\Documents and Settings\\user\\Desktop\\Skype.exe:*:Enabled:Skype "
"H:\\Program Files\\iTunes\\iTunes.exe"="H:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]

Remaining Files :

File Backups: - H:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 5 Jun 2006 210 ..SH. --- H:\BOOT.BAK
Mon 28 Jan 2008 1,404,240 A.SHR --- H:\PROGRA~1\SPYBOT~1\SDUPDATE.EXE
Mon 28 Jan 2008 5,146,448 A.SHR --- H:\PROGRA~1\SPYBOT~1\SPYBOTSD.EXE
Mon 28 Jan 2008 2,097,488 A.SHR --- H:\PROGRA~1\SPYBOT~1\TEATIMER.EXE
Mon 29 Jan 2007 5 A.SH. --- H:\WINDOWS\SYSTEM32\BEFBDC~1.DLL
Thu 3 May 2007 5 A.SH. --- H:\WINDOWS\SYSTEM32\BEFBDC~2.DLL
Wed 3 May 2006 163,328 ..SHR --- H:\WINDOWS\SYSTEM32\FLVDX.DLL
Wed 21 Feb 2007 31,232 ..SHR --- H:\WINDOWS\SYSTEM32\MSFDX.DLL
Mon 5 Jun 2006 1,024 ...H. --- H:\WINDOWS\SYSTEM32\NTIBUN4.DLL
Mon 17 Dec 2007 27,648 ..SH. --- H:\WINDOWS\SYSTEM32\SMAB0.DLL
Tue 5 Feb 2008 151,040 ..SH. --- H:\WINDOWS\SYSTEM32\VISTAU~1.DLL
Sat 2 Sep 2006 4,348 A.SH. --- H:\DOCUME~1\ALLUSE~1\DRM\DRMV1.BAK
Mon 14 Mar 2005 299,008 A..H. --- H:\PROGRA~1\CANON\MPNAVI~1.0\MAINT.EXE
Mon 28 Feb 2005 61,440 A..H. --- H:\PROGRA~1\CANON\MPNAVI~1.0\UINSTRSC.DLL
Thu 15 Feb 2007 308,832 A..H. --- H:\PROGRA~1\CANON\MPNAVI~2.0\MAINT.EXE
Mon 19 Dec 2005 61,440 A..H. --- H:\PROGRA~1\CANON\MPNAVI~2.0\UINSTRSC.DLL
Sun 26 Jun 2005 616,448 ..SHR --- H:\PROGRA~1\ERIGHT~1\SUPER\CYGWIN1.DLL
Wed 22 Jun 2005 45,568 ..SHR --- H:\PROGRA~1\ERIGHT~1\SUPER\CYGZ.DLL
Mon 25 Feb 2008 72,704 ..SHR --- H:\PROGRA~1\ERIGHT~1\SUPER\SETUP.EXE
Sun 16 Mar 2008 0 A.SH. --- H:\DOCUME~1\ALLUSE~1\DRM\CACHE\INDIV01.TMP
Sat 23 Feb 2008 28,672 ...H. --- H:\DOCUME~1\USER\MYDOCU~1\ORGANI~1\~WRL3414.TMP
Fri 18 Jan 2008 400 A..H. --- H:\PROGRA~1\COMMON~1\SYMANT~1\COH\COH32LU.REG
Fri 18 Jan 2008 403 A..H. --- H:\PROGRA~1\COMMON~1\SYMANT~1\COH\COHDLU.REG
Tue 4 Jun 2002 84,992 ...HR --- H:\PROGRA~1\ERIGHT~1\SUPER\MENCODER\14_43260.DLL
Tue 4 Jun 2002 44,032 ...HR --- H:\PROGRA~1\ERIGHT~1\SUPER\MENCODER\28_83260.DLL
Tue 10 Dec 2002 73,766 ...HR --- H:\PROGRA~1\ERIGHT~1\SUPER\MENCODER\ATRC3260.DLL
Tue 10 Dec 2002 65,575 ...HR --- H:\PROGRA~1\ERIGHT~1\SUPER\MENCODER\COOK3260.DLL
Mon 10 Jun 2002 36,864 ...HR --- H:\PROGRA~1\ERIGHT~1\SUPER\MENCODER\DDNT3260.DLL
Tue 4 Jun 2002 20,480 ...HR --- H:\PROGRA~1\ERIGHT~1\SUPER\MENCODER\DNET3260.DLL
Tue 10 Dec 2002 102,437 ...HR --- H:\PROGRA~1\ERIGHT~1\SUPER\MENCODER\DRV13260.DLL
Tue 10 Dec 2002 176,165 ...HR --- H:\PROGRA~1\ERIGHT~1\SUPER\MENCODER\DRV23260.DLL
Tue 10 Dec 2002 208,935 ...HR --- H:\PROGRA~1\ERIGHT~1\SUPER\MENCODER\DRV33260.DLL
Tue 10 Dec 2002 217,127 ...HR --- H:\PROGRA~1\ERIGHT~1\SUPER\MENCODER\DRV43260.DLL
Mon 10 Jun 2002 40,448 ...HR --- H:\PROGRA~1\ERIGHT~1\SUPER\MENCODER\DSPR3260.DLL
Sun 4 Nov 2001 225,280 ...HR --- H:\PROGRA~1\ERIGHT~1\SUPER\MENCODER\IVVIDEO.DLL
Wed 11 Apr 2001 225,280 ...HR --- H:\PROGRA~1\ERIGHT~1\SUPER\MENCODER\QTMLCL~1.DLL
Fri 20 Feb 2004 232,960 ...HR --- H:\PROGRA~1\ERIGHT~1\SUPER\MENCODER\RAAC.DLL
Mon 10 Jun 2002 525,824 ...HR --- H:\PROGRA~1\ERIGHT~1\SUPER\MENCODER\RNCO3260.DLL
Tue 10 Dec 2002 245,805 ...HR --- H:\PROGRA~1\ERIGHT~1\SUPER\MENCODER\RNLT3260.DLL
Tue 10 Dec 2002 45,093 ...HR --- H:\PROGRA~1\ERIGHT~1\SUPER\MENCODER\RV103260.DLL
Tue 10 Dec 2002 98,341 ...HR --- H:\PROGRA~1\ERIGHT~1\SUPER\MENCODER\RV203260.DLL
Tue 10 Dec 2002 94,247 ...HR --- H:\PROGRA~1\ERIGHT~1\SUPER\MENCODER\RV303260.DLL
Tue 10 Dec 2002 90,151 ...HR --- H:\PROGRA~1\ERIGHT~1\SUPER\MENCODER\RV403260.DLL
Tue 10 Dec 2002 102,439 ...HR --- H:\PROGRA~1\ERIGHT~1\SUPER\MENCODER\SIPR3260.DLL
Mon 10 Jun 2002 49,152 ...HR --- H:\PROGRA~1\ERIGHT~1\SUPER\MENCODER\TOKR3260.DLL
Thu 7 Dec 2006 3,096,576 A..H. --- H:\DOCUME~1\USER\APPLIC~1\U3\TEMP\LAUNCH~1.EXE

Finished!

COMBOFIX
ComboFix 08-04-08.10 - user 2008-04-09 23:55:09.7 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.534 [GMT 8:00]
Running from: H:\Documents and Settings\user\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-03-09 to 2008-04-09 )))))))))))))))))))))))))))))))
.

2008-04-09 23:17 . 2008-04-09 23:17 <DIR> d-------- H:\WINDOWS\ERUNT
2008-04-09 20:22 . 2008-04-09 23:45 <DIR> d-------- H:\SDFix
2008-04-06 18:21 . 2008-04-06 18:17 691,545 --a------ H:\WINDOWS\unins000.exe
2008-04-06 18:21 . 2008-04-06 18:21 2,549 --a------ H:\WINDOWS\unins000.dat
2008-04-04 22:52 . 2005-03-10 22:22 126,976 -ra------ H:\WINDOWS\system32\Prounstl.exe
2008-04-04 22:52 . 2005-02-25 17:03 36,864 -ra------ H:\WINDOWS\system32\e100bmsg.dll
2008-04-04 22:52 . 2005-03-10 00:26 23,040 -ra------ H:\WINDOWS\system32\IntelNic.dll
2008-04-04 22:52 . 2004-12-18 14:29 5,110 -ra------ H:\WINDOWS\system32\e100b325.din
2008-03-25 17:26 . 2008-03-25 17:26 <DIR> d-------- H:\Program Files\AviSynth 2.5
2008-03-24 23:00 . 2008-04-07 22:20 <DIR> d-------- H:\Program Files\GetRight
2008-03-23 19:24 . 2008-03-24 10:47 <DIR> d-------- H:\Program Files\Windows Live
2008-03-23 19:24 . 2008-03-29 20:08 <DIR> d-------- H:\Program Files\Messenger Plus! Live
2008-03-21 21:57 . 2008-03-21 21:57 <DIR> d-------- H:\Program Files\Rainlendar2
2008-03-19 22:41 . 2007-12-03 02:13 888,832 --a------ H:\WINDOWS\system32\securenet.dll
2008-03-18 23:59 . 2006-09-12 19:46 227,328 -r-hs---- H:\WINDOWS\system32\ac3DX.ax
2008-03-18 23:59 . 2008-02-05 03:26 151,040 ---hs---- H:\WINDOWS\system32\VistaUltm.dll
2008-03-18 23:59 . 2006-01-13 07:23 123,904 -r-hs---- H:\WINDOWS\system32\AVCDX.ax
2008-03-18 23:59 . 2003-11-21 07:00 54,784 -r-hs---- H:\WINDOWS\system32\RLAPEDec.ax
2008-03-18 23:59 . 2004-04-27 07:00 37,888 -r-hs---- H:\WINDOWS\system32\RLMPCDec.ax
2008-03-18 23:59 . 2007-02-21 19:47 31,232 -r-hs---- H:\WINDOWS\system32\msfDX.dll
2008-03-18 23:59 . 2007-12-17 21:43 27,648 ---hs---- H:\WINDOWS\system32\Smab0.dll
2008-03-18 23:59 . 2008-02-06 01:04 9,884 ---h----- H:\WINDOWS\super.chm
2008-03-17 21:39 . 2008-03-17 21:39 <DIR> d-------- H:\Program Files\CCleaner
2008-03-17 21:32 . 2008-03-17 21:32 <DIR> d-------- H:\Program Files\Winamp
2008-03-16 18:00 . 2008-03-17 21:42 <DIR> d-------- H:\WINDOWS\system32\LogFiles
2008-03-16 14:38 . 2008-03-28 20:58 <DIR> d-------- H:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-15 23:07 . 2008-03-21 19:23 <DIR> d-------- H:\WINDOWS2
2008-03-15 20:58 . 2008-03-15 20:58 <DIR> d-------- H:\Program Files\SigmaTel
2008-03-15 19:30 . 2008-03-15 19:30 <DIR> d-------- H:\Program Files\Common Files\NewTech Infosystems
2008-03-15 16:40 . 2008-03-15 16:40 <DIR> d-------- H:\Program Files\MSXML 4.0
2008-03-15 15:35 . 2008-03-15 16:01 <DIR> d--hsc--- H:\Program Files\Common Files\WindowsLiveInstaller
2008-03-15 15:06 . 2008-03-15 15:06 <DIR> d-------- H:\Program Files\iPrimus
2008-03-11 23:48 . 2006-06-20 14:42 423,936 --a------ H:\WINDOWS\system32\SETBC.tmp
2008-03-11 23:48 . 2006-06-20 14:42 423,936 --a------ H:\WINDOWS\system32\SET3E5.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-04-09 15:53 --------- d-----w H:\Documents and Settings\All Users\Application Data\Symantec
2008-04-09 15:38 --------- d-----w H:\Program Files\Common Files\Symantec Shared
2008-04-09 11:13 --------- d-----w H:\Documents and Settings\user\Application Data\Skype
2008-04-07 17:10 --------- d-----w H:\Program Files\SUPERAntiSpyware
2008-04-06 10:28 --------- d-----w H:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-06 10:22 --------- d-----w H:\Program Files\Spybot - Search & Destroy
2008-04-05 12:48 --------- d-----w H:\Program Files\Java
2008-04-05 09:52 --------- d-----w H:\Documents and Settings\user\Application Data\Azureus
2008-04-05 09:15 --------- d-----w H:\Program Files\LimeWire
2008-03-29 12:08 --------- d-----w H:\Program Files\MSN Messenger
2008-03-24 15:08 --------- d-----w H:\Program Files\Azureus
2008-03-24 15:08 --------- d-----w H:\Documents and Settings\user\Application Data\GetRight
2008-03-21 10:16 --------- d-----w H:\Documents and Settings\All Users\Application Data\Open Networks
2008-03-16 07:02 --------- d-----w H:\Program Files\Opera
2008-03-15 13:08 --------- d-----w H:\Program Files\Intel
2008-03-15 12:59 --------- d--h--w H:\Program Files\InstallShield Installation Information
2008-03-15 12:59 --------- d-----w H:\Program Files\Intel Audio Studio
2008-03-15 12:31 --------- d-----w H:\Program Files\Common Files\LightScribe
2008-03-15 12:26 --------- d-----w H:\Program Files\CyberLink DVD Solution
2008-03-15 12:01 21 ----a-w H:\Program Files\Common Files\appop.log
2008-03-15 11:42 --------- d-----w H:\Program Files\Jasc Software Inc
2008-03-15 08:34 --------- d-----w H:\Program Files\Symantec
2008-03-15 08:33 --------- d-----w H:\Program Files\Norton Internet Security
2008-03-09 15:31 --------- d-----w H:\Documents and Settings\user\Application Data\Winamp
2008-03-07 16:47 --------- d-----w H:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-06 12:32 706 ----a-w H:\WINDOWS\system32\drivers\COH_Mon.inf
2008-03-06 12:32 23,904 ----a-w H:\WINDOWS\system32\drivers\COH_Mon.sys
2008-03-06 12:32 10,537 ----a-w H:\WINDOWS\system32\drivers\coh_mon.cat
2008-03-05 13:18 --------- d-----w H:\Program Files\FLV Player
2008-03-04 09:57 --------- d-----w H:\Program Files\iTunes
2008-03-04 09:57 --------- d-----w H:\Program Files\iPod
2008-02-26 10:35 --------- d-----w H:\Documents and Settings\user\Application Data\Canon
2008-02-17 06:35 --------- d-----w H:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com
2008-02-17 06:27 --------- d-----w H:\Program Files\Common Files\Wise Installation Wizard
2008-02-15 15:27 --------- d-----w H:\Program Files\Real Alternative
2008-02-15 15:25 --------- d-----w H:\Documents and Settings\user\Application Data\Media Player Classic
2008-02-15 15:09 --------- d-----w H:\Program Files\Combined Community Codec Pack
2008-02-15 14:50 --------- d-----w H:\Program Files\DivX
2008-02-13 16:21 --------- d-----w H:\Documents and Settings\user\Application Data\DivX
2006-11-26 10:26 81,920 ----a-w H:\Documents and Settings\user\Application Data\ezpinst.exe
2006-11-26 10:26 47,360 ----a-w H:\Documents and Settings\user\Application Data\pcouffin.sys
2004-10-01 07:00 40,960 ----a-w H:\Program Files\Uninstall_CDS.exe
2007-01-29 06:45 5 --sha-w H:\WINDOWS\system32\befbdc0_d.dll
2007-05-03 08:50 5 --sha-w H:\WINDOWS\system32\befbdc0_s.dll
2006-05-03 10:06 163,328 --sh--r H:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47 31,232 --sh--r H:\WINDOWS\system32\msfDX.dll
2007-12-17 13:43 27,648 --sh--w H:\WINDOWS\system32\Smab0.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-25 11:51 316784 --a------ H:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-01-31 13:18 116088 --a------ H:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "H:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll" [2007-08-25 11:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= H:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-25 11:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Vi rtualExpanderFile.1]
@={E4000AC4-5E5F-4956-807A-C5854405D64F}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="H:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00 15360]
"WallpaperChanger"="H:\Documents and Settings\user\My Documents\WallpaperMasterV2.16\Wallpaper.exe" [2005-11-08 12:13 321536]
"Rainlendar2"="H:\Program Files\Rainlendar2\Rainlendar2.exe" [2007-01-01 21:31 986112]
"SpybotSD TeaTimer"="H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NeroFilterCheck"="H:\WINDOWS\system32\NeroCheck.e xe" [2001-07-09 11:50 155648]
"SigmatelSysTrayApp"="sttray.exe" []
"IntelAudioStudio"="H:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" [2006-04-19 17:40 9125888]
"InCD"="H:\Program Files\Ahead\InCD\InCD.exe" [2005-07-08 22:25 1397760]
"MSPY2002"="H:\WINDOWS\system32\IME\PINTLGNT\ImScI nst.exe" [2004-08-04 20:00 59392]
"PHIME2002ASync"="H:\WINDOWS\system32\IME\TINTLGNT \TINTSETP.exe" [2004-08-04 20:00 455168]
"PHIME2002A"="H:\WINDOWS\system32\IME\TINTLGNT\TIN TSETP.exe" [2004-08-04 20:00 455168]
"Adobe Reader Speed Launcher"="H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51 39792]
"SunJavaUpdateSched"="H:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"ccApp"="H:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-25 17:47 51048]
"osCheck"="H:\Program Files\Norton Internet Security\osCheck.exe" [2008-02-06 22:49 718704]
"CanonSolutionMenu"="H:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-04-04 00:00 644696]
"SSBkgdUpdate"="H:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 08:03 210472]
"iTunesHelper"="H:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 12:10 267048]
"!AVG Anti-Spyware"="H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-08-08 23:00 6731312]

H:\Documents and Settings\user\Start Menu\Programs\Startup\
VirtualExpander.lnk - H:\WINDOWS\system32\VirtualExpander\VirtualExpande r.exe [2008-03-05 16:21:48 474808]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= H:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
H:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 H:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"H:\\Program Files\\LimeWire\\LimeWire.exe"=
"H:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"H:\\Documents and Settings\\user\\Desktop\\Skype.exe"=
"H:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*

isabled:@xpsp2res.dll,-22009

R2 LiveUpdate Notice;LiveUpdate Notice;"H:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R2 OsaFsLoc;OsaFsLoc;H:\WINDOWS\system32\drivers\OsaF sLoc.sys [2005-03-28 16:34]
R2 osaio;osaio;H:\WINDOWS\system32\drivers\osaio.sys [2005-03-04 19:07]
R3 SymIMMP;SymIMMP;H:\WINDOWS\system32\DRIVERS\SymIM. sys [2007-08-10 08:27]
S3 COH_Mon;COH_Mon;H:\WINDOWS\system32\Drivers\COH_Mo n.sys [2008-03-06 20:32]
S3 exdisk;Express Disk Service;H:\WINDOWS\system32\DRIVERS\exdisk.sys [2004-08-03 14:08]
S3 HPx9G+;HPx9G+ Device USB Driver;H:\WINDOWS\system32\Drivers\HPx9G+.sys [2003-08-20 15:00]
S3 SymIM;Symantec Network Security Intermediate Filter Service;H:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-10 08:27]
S3 VMHybrid;VMHybrid service;H:\WINDOWS\system32\DRIVERS\VMHybrid.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\FindMyU3.Exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{362a8918-6758-11dc-b8ed-00e0a66641e1}]
\Shell\AutoRun\command - D:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{5bf74850-2dcd-11dc-9464-00e0a66641e1}]
\shell\Setup\command - J:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{72ecd276-c707-11dc-ba5b-001676242c59}]
\shell\Setup\command - C:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{72ecd277-c707-11dc-ba5b-001676242c59}]
\shell\Setup\command - C:\setup.exe

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-02-13 06:02:02 H:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- H:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-04 13:42:33 H:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - user.job"
- H:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
.
************************************************** ************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-09 23:57:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-04-09 23:57:48
ComboFix-quarantined-files.txt 2008-04-09 15:57:41
ComboFix2.txt 2008-03-06 15:48:02
ComboFix3.txt 2008-03-06 15:44:45
ComboFix4.txt 2007-10-20 06:42:48
Pre-Run: 116,541,509,632 bytes free
Post-Run: 116,525,441,024 bytes free
.
2007-10-10 12:31:05 --- E O F ---

HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:00:02 AM, on 4/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Ahead\InCD\InCDsrv.exe
H:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
H:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
H:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
H:\Program Files\Bonjour\mDNSResponder.exe
H:\Program Files\Executive Software\Diskeeper\DkService.exe
H:\Program Files\Common Files\LightScribe\LSSrvc.exe
H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\notepad.exe
H:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
H:\Program Files\Ahead\InCD\InCD.exe
H:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
H:\Program Files\iTunes\iTunesHelper.exe
H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Documents and Settings\user\My Documents\WallpaperMasterV2.16\Wallpaper.exe
H:\Program Files\Rainlendar2\Rainlendar2.exe
H:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
H:\WINDOWS\system32\VirtualExpander\VirtualExpande r.exe
H:\Program Files\iPod\bin\iPodService.exe
H:\Program Files\Opera\Opera.exe
H:\WINDOWS\explorer.exe
H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
H:\Documents and Settings\user\My Documents\Downloaded ****\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Blackle - Energy Saving Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Internet Service Provider, Broadband, Home Phone, VoIP - Primus Telecom
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = proxy.iprimus.com.au:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.IPrimus.com.au;10.*;172.16.*;172.17.*;172.18.*;1 72.19.*;172.20.*;172.21.*;172.22.*;172.23.*;172.24 .*;172.25.*;172.26.*;172.27.*;172.28.*;172.29.*;17 2.30.*;172.31.*;192.168.*;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - H:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - H:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - H:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - H:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "H:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [InCD] "H:\Program Files\Ahead\InCD\InCD.exe"
O4 - HKLM\..\Run: [MSPY2002] "H:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe " /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "H:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE " /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "H:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE " /IMEName
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "H:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "H:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] H:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "H:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WallpaperChanger] H:\Documents and Settings\user\My Documents\WallpaperMasterV2.16\Wallpaper.exe
O4 - HKCU\..\Run: [Rainlendar2] H:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: VirtualExpander.lnk = H:\WINDOWS\system32\VirtualExpander\VirtualExpande r.exe
O8 - Extra context menu item: Download with GetRight - H:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://H:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://H:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://H:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://H:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Open with GetRight Browser - H:\Program Files\GetRight\GRdownload.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: H:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {0E4BB76A-EE4D-4AB1-BF9D-2DD0E70732C1} - http://update.mediaroz.com/MRClient/...Installer2.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - H:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02...s/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/.../GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1203086049390
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://hypomania-world.spaces.live.c...d/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.co...p/PhtPkMSN.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by120fd.bay120.hotmail.msn.co...x/HMAtchmt.ocx
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O20 - Winlogon Notify: !SASWinLogon - H:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - H:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - H:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - H:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - H:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - H:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - H:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - H:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 11843 bytes

Pancake · #5 04-09-2008

I have had a look as as I thought there is no malware so your problem comes from somewhere else.

gummy-ness · #6 04-10-2008

Awesome

Thanks for checking it over