My hijackthislog, Will somebody help me please?

Logfile of HijackThis v1.99.1
Scan saved at 8:53:26 AM, on 11/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\proper.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\proper.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Skyblueads browser optmizer - {7DB476DD-EA1E-4c91-880F-DCD1888740A1} - C:\WINDOWS\system32\cpmrotate.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {D27987B8-7244-4DE0-AE10-39B826B492F1} - C:\WINDOWS\system32\bronto.dll
O2 - BHO: XBTBPos00 Class - {E552EEFC-DE97-45D4-BA1A-F534A1B4A579} - C:\PROGRA~1\MORPHE~1\MORPHE~1.DLL (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Trend Micro AntiVirus 2007] C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe -1 --delay 15
O4 - HKLM\..\Run: [adstart] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\cpmrotate.dll" DllVerify
O4 - HKLM\..\Run: [Undefined] C:\WINDOWS\system32\winter.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [XPRepairPro2007] C:\Program Files\XP Repair Pro 2007\XPRepairPro.exe /r
O4 - HKCU\..\Run: [Undefined] C:\WINDOWS\system32\winter.exe
O4 - Startup: infos.exe
O4 - Global Startup: autos.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {18CD2FD8-81CE-44C3-99E1-0822E1C7116C} (EARTPatch8X Class) - http://files.ea.com/downloads/rtpatch/v4/EARTP8X.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {528C14CD-CF9E-489C-A365-5999F17B69B9} (LightSurfUploadCtl Class) - http://pictures.sprintpcs.com/activex/LightSurfUploadControl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145327963434
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Trend Micro AntiVirus Protection Service (tavsvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe

 

i can't access control panle or an of it's programs. properties of my computer. taskmanager. i have found ways to temporary get access to some of them through editing the registry from other online advise. but as soon as i restart the computer every thing is junk again. this my first time posting a hijackthis log. i am computer savy, but this is over my head.

 

Welcome to WindowsBBS redmonkey5000

From what I've seen of this infection so far, none of our tools are working effectively against it, so I need to collect some samples to test with and come up with something that will work. First, I need to identify which files to get, and need for you to run another tool.

Note: You must be logged onto an account with administrator privileges to complete the following.​

Download Deckard's System Scanner (dss.exe) to your desktop.

• Close all applications and windows.
• Double click on dss.exe to run it and follow the prompts.
• When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post the contents of main.txt only for now.

 

Deckard's System Scanner v20071014.68
Run by Owner on 2006-11-01 20:21:54
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
6: 2006-11-02 01:22:01 UTC - RP6 - Deckard's System Scanner Restore Point
5: 2006-11-01 05:28:43 UTC - RP5 - System Checkpoint
4: 2006-10-31 05:23:29 UTC - RP4 - Removed XP Repair Pro 2007.
3: 2006-10-31 05:16:47 UTC - RP3 - Installed XP Repair Pro 2007.
2: 2007-10-31 00:56:19 UTC - RP2 - ComboFix created restore point


-- First Restore Point --
1: 2007-10-31 00:54:56 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2006-11-01 20:23:23
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\proper.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
C:\Program Files\Trend Micro\AntiVirus 2007\components\TmProxy.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\6MDFEIDV\dss[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {D27987B8-7244-4DE0-AE10-39B826B492F1} - C:\WINDOWS\system32\bronto.dll (file missing)
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Trend Micro AntiVirus 2007] C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe -1 --delay 15
O4 - HKLM\..\Run: [Undefined] C:\WINDOWS\system32\winter.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Undefined] C:\WINDOWS\system32\winter.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: infos.exe
O4 - Global Startup: autos.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\TmLsp.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} () - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {18CD2FD8-81CE-44C3-99E1-0822E1C7116C} (EARTPatch8X Class) - http://files.ea.com/downloads/rtpatch/v4/EARTP8X.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {528C14CD-CF9E-489C-A365-5999F17B69B9} (LightSurfUploadCtl Class) - http://pictures.sprintpcs.com/activex/LightSurfUploadControl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} () - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Trend Micro AntiVirus Protection Service (tavsvc) - Unknown owner - C:\Program Files\Trend Micro\Antivirus
O23 - Service: Trend Micro Proxy Service (tmproxy) - Unknown owner - C:\Program Files\Trend Micro\Antivirus


--
End of file - 7788 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 SunkFilt (Alcor Micro Corp Reader) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt>

S3 BRGSp50 (BRGSp50 NDIS Protocol Driver) - c:\windows\system32\drivers\brgsp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 catchme - c:\docume~1\owner\locals~1\temp\catchme.sys (file missing)
S3 ZD1211BU(ZyDAS) (ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS)) - c:\windows\system32\drivers\zd1211bu.sys <Not Verified; ZyDAS Technology Corporation; ZD1211B 802.11 b+g USB LAN Adapter>
S3 ZDPSp50 (ZDPSp50 NDIS Protocol Driver) - c:\windows\system32\drivers\zdpsp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 tavsvc (Trend Micro AntiVirus Protection Service) - c:\program files\trend micro\antivirus 2007\tavsvc.exe
R2 tmproxy (Trend Micro Proxy Service) - c:\program files\trend micro\antivirus 2007\components\tmproxy.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2006-10-01 and 2006-11-01 -----------------------------

2007-10-30 23:31:34 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-10-30 23:31:34 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2007-10-30 23:31:34 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-10-30 23:31:34 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-10-30 23:31:34 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-10-30 22:34:59 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2007-10-30 19:58:01 351526 --a------ C:\WINDOWS\WBDDA34I.DLL <Not Verified; Wilson WindowWare, Inc.; WIL DLL>
2007-10-30 19:11:22 2818 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-29 09:24:13 6144 --a------ C:\WINDOWS\system32\skuns.dat
2007-10-28 00:21:38 0 d-------- C:\WINDOWS\system32\cache329
2007-10-28 00:18:31 0 d-------- C:\WINDOWS\cdmxtras
2007-10-28 00:16:55 10 --a------ C:\WINDOWS\smdat32m.sys
2007-10-28 00:16:25 0 d-------- C:\Program Files\Kazaa
2007-10-23 09:30:46 0 d-------- C:\Documents and Settings\Owner\Application Data\Adssite Advanced Toolbar
2007-10-05 20:05:30 0 d-------- C:\Program Files\EA SPORTS
2007-09-25 10:30:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Mozilla
2007-09-17 13:23:00 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-09-17 13:23:00 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-09-17 13:22:58 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-09-17 13:22:58 739840 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-09-13 14:00:23 0 d-------- C:\WINDOWS\SxsCaPendDel
2007-09-12 08:20:16 40313 --a------ C:\WINDOWS\system32\cpmrot-uninst.exe
2007-09-12 08:20:11 194 --a------ C:\Documents and Settings\Owner\Application Data\internaldb9169.dat
2007-09-12 08:20:11 382 --a------ C:\Documents and Settings\Owner\Application Data\internaldb5724.dat
2007-09-12 08:20:10 18432 --a------ C:\Documents and Settings\Owner\Application Data\internaldb6500.dat
2007-09-03 16:12:23 0 dr-h----- C:\Documents and Settings\Owner\Recent
2007-08-20 19:26:52 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-08-20 19:26:52 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-08-16 09:08:59 192584 --a------ C:\WINDOWS\system32\lwinpmdt.exe
2007-08-15 17:33:14 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-08-15 17:30:26 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-07-31 23:26:46 14397 --a------ C:\logfile
2007-07-21 23:24:05 0 d-------- C:\WINDOWS\system32\BWKDLogs
2007-07-21 23:21:58 0 d-------- C:\Program Files\Kodak
2007-07-21 23:17:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Kodak
2007-07-20 08:16:28 61440 --a------ C:\WINDOWS\system32\cpmrotate.dll
2007-07-12 08:35:09 0 d-------- C:\Documents and Settings\Owner\Application Data\OpenOffice.org2
2007-07-12 08:31:57 0 d-------- C:\Program Files\OpenOffice.org 2.2
2007-06-22 10:45:05 0 d-------- C:\Program Files\Common Files\Adobe
2007-05-28 11:13:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-05-28 10:26:03 0 d-------- C:\Documents and Settings\Owner\Application Data\Yapta
2007-05-19 10:51:30 0 d-------- C:\Documents and Settings\Owner\Incomplete
2007-05-19 10:47:47 0 d-------- C:\Documents and Settings\Owner\Application Data\LimeWire
2007-05-17 16:01:01 0 d-------- C:\Documents and Settings\Owner\Application Data\DivX
2007-05-15 01:55:47 0 d-------- C:\Documents and Settings\Owner\Application Data\acccore
2007-05-14 23:44:24 0 d-------- C:\Documents and Settings\Owner\Application Data\Ahead
2007-05-09 05:31:32 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-06 16:57:48 0 d-------- C:\WINDOWS\system32\drivers\AU_Backup
2007-05-06 16:53:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-04-28 20:59:36 0 d-------- C:\Documents and Settings\Owner\Application Data\ICQ Toolbar
2007-04-28 20:52:49 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla
2007-04-14 20:36:15 341584 --a------ C:\WINDOWS\system32\uninstall.exe
2007-04-14 20:30:27 479232 --a------ C:\WINDOWS\system32\MusicCitydll2.dll
2007-04-13 03:21:14 271360 --a------ C:\WINDOWS\system32\mscoree.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>
2007-04-12 09:10:02 7340032 --a------ C:\Documents and Settings\Owner\ntuser.dat
2007-03-21 19:42:27 0 d-------- C:\Inetpub
2007-03-17 18:35:34 0 d-------- C:\Program Files\Datel
2007-03-17 18:35:16 0 d-------- C:\Documents and Settings\Owner\Application Data\Datel
2007-03-17 11:01:36 0 d-------- C:\Documents and Settings\Owner\Application Data\Datel(2)
2007-03-16 21:45:20 17151 --a------ C:\WINDOWS\system32\ZDPNDIS5.SYS <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2007-03-16 21:45:20 81920 --a------ C:\WINDOWS\system32\ZDPN50.DLL <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2007-03-16 21:45:20 17664 --a------ C:\WINDOWS\system32\drivers\ZDPSp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2007-03-16 21:45:20 330240 --a------ C:\WINDOWS\system32\drivers\ZD1211BU.sys <Not Verified; ZyDAS Technology Corporation; ZD1211B 802.11 b+g USB LAN Adapter>
2007-03-16 21:45:20 20608 --a------ C:\WINDOWS\system32\drivers\BRGSp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2007-03-16 21:45:19 24576 --a------ C:\WINDOWS\system32\ZyDelReg.exe <Not Verified; ; ZyDelReg Application>
2007-03-16 21:45:19 31744 --a------ C:\WINDOWS\system32\drivers\ZDPSp50a64.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2007-03-16 21:45:19 29184 --a------ C:\WINDOWS\system32\drivers\BRGSp50a64.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2007-03-16 21:45:18 15872 --a------ C:\WINDOWS\system32\InsDrvZD64.DLL <Not Verified; ; InsDrvZD Dynamic Link Library>
2007-03-16 21:45:18 28672 --a------ C:\WINDOWS\system32\InsDrvZD.dll <Not Verified; ; InsDrvZD Dynamic Link Library>
2007-03-16 21:44:45 0 d-------- C:\Program Files\Apache Group
2007-03-01 18:38:54 0 d-------- C:\Documents and Settings\Owner\Contacts
2007-03-01 18:38:25 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-02-26 01:57:31 0 d-------- C:\Documents and Settings\LocalService\Application Data\Help
2007-02-15 14:18:41 0 d-------- C:\Documents and Settings\All Users\Desktop
2007-02-03 17:36:35 0 d-------- C:\Documents and Settings\Owner\Shared
2007-01-21 22:33:21 0 d--h----- C:\Documents and Settings\Owner\Application Data\Move Networks
2007-01-14 19:43:12 266 --a----c- C:\WINDOWS\Deny
2007-01-14 19:43:12 123 --a----c- C:\WINDOWS\78A7B3F7
2007-01-14 19:43:12 24 --a----c- C:\WINDOWS\64
2007-01-14 19:43:12 27 --a----c- C:\WINDOWS\42163
2007-01-14 19:43:12 53 --a----c- C:\WINDOWS\276CBAD8F1A1DD24EA67B430E3D1E9BB7
2007-01-14 19:43:12 23 --a----c- C:\WINDOWS\2
2007-01-14 19:43:12 111 --a----c- C:\WINDOWS\1
2007-01-14 19:43:12 476 --a----c- C:\WINDOWS\0
2007-01-10 19:38:41 0 d-------- C:\Documents and Settings\Application Data\Application Data
2007-01-10 19:38:41 0 d-------- C:\Documents and Settings\Application Data\Application Data\Microsoft
2007-01-10 19:38:40 0 d-------- C:\Documents and Settings\Application Data\Microsoft
2007-01-10 19:38:40 0 d-------- C:\Application Data
2007-01-03 14:08:27 0 d--h----- C:\WINDOWS\PIF
2007-01-03 14:08:04 248064 --a------ C:\WINDOWS\UNINST16.EXE <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>
2007-01-03 14:08:04 26768 --a------ C:\WINDOWS\system\CTL3D.DLL <Not Verified; Microsoft Corporation; 3D Windows Control>
2006-12-29 09:48:11 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2006-12-26 11:16:42 0 d-------- C:\WINDOWS\system32\LogFiles
2006-12-26 11:16:42 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2006-12-18 16:23:28 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2006-12-18 16:22:36 0 d-------- C:\Program Files\AIM6
2006-12-14 16:38:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2006-12-03 05:16:34 35464 --a----c- C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2006-11-29 20:45:03 0 d-------- C:\Temp
2006-11-23 15:46:55 0 d-------- C:\Documents and Settings\Owner\.housecall6.6
2006-11-21 13:39:40 0 d--h----- C:\WINDOWS\msdownld.tmp
2006-11-21 13:37:07 0 d-------- C:\WINDOWS\network diagnostic
2006-11-18 22:39:48 0 d-------- C:\Program Files\MySpace
2006-11-01 15:10:26 0 d-------- C:\info
2006-11-01 12:04:00 0 d-------- C:\Program Files\Free Window Registry Repair
2006-11-01 11:56:51 0 d-------- C:\Documents and Settings\Owner\Application Data\Uniblue
2006-11-01 11:16:24 5632 --a------ C:\WINDOWS\system32\winter.exe
2006-11-01 11:16:24 5632 --a------ C:\WINDOWS\system32\proper.exe
2006-10-30 23:56:32 0 d-------- C:\Documents and Settings\Owner\Application Data\Smart PC Solutions


-- Find3M Report ---------------------------------------------------------------

2007-10-28 00:18:30 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-27 19:18:22 0 d-a------ C:\Program Files\Common Files
2007-10-27 19:18:22 0 d-------- C:\Program Files\Ahead
2007-10-27 19:16:20 0 d-------- C:\Program Files\DivX
2007-07-19 21:25:09 0 d-------- C:\Program Files\Google
2007-07-19 09:23:17 0 d-------- C:\Documents and Settings\Owner\Application Data\Google
2007-07-16 18:31:24 581 --a----c- C:\WINDOWS\eReg.dat
2007-07-08 12:23:25 0 d-------- C:\Program Files\Trend Micro
2007-07-07 17:38:23 0 d-------- C:\Program Files\Messenger
2007-07-03 13:43:18 0 d-------- C:\Program Files\Microsoft Digital Image 2006
2007-07-03 13:43:12 0 d-------- C:\Program Files\FaxTools
2007-07-03 12:35:32 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-07-02 15:57:47 0 d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer
2007-06-14 00:22:26 0 d-------- C:\Program Files\Logitech
2007-05-28 11:15:12 0 d-------- C:\Program Files\Java
2007-04-19 22:47:35 0 d-------- C:\Program Files\Camfrog
2007-03-01 18:38:42 0 d-------- C:\Program Files\MSN Messenger
2007-02-15 14:09:28 0 d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM
2007-01-03 14:08:38 18 --a------ C:\AUTOEXEC.BAT
2006-12-21 02:52:58 0 d-------- C:\Program Files\Common Files\Real
2006-12-21 02:52:20 0 d-------- C:\Documents and Settings\Owner\Application Data\Real
2006-12-20 21:09:06 0 d-------- C:\Program Files\Common Files\AOL
2006-12-12 23:43:11 0 d-------- C:\Documents and Settings\Owner\Application Data\Camfrog
2006-11-21 13:39:45 0 d-------- C:\Program Files\Yahoo!
2006-10-29 08:41:30 0 d-------- C:\Program Files\AOD
2006-08-24 23:33:45 47 --a----c- C:\Documents and Settings\Owner\Application Data\internaldb41.dat
2006-08-24 17:36:02 299 --a----c- C:\Documents and Settings\Owner\Application Data\internaldb1942.dat
2006-08-24 17:36:02 23 --a----c- C:\Documents and Settings\Owner\Application Data\inifile41.ini
2006-08-24 17:34:00 9216 --a------ C:\Documents and Settings\Owner\Application Data\internaldb8467.dat
2006-08-24 17:34:00 0 --a----c- C:\Documents and Settings\Owner\Application Data\internaldb6334.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D27987B8-7244-4DE0-AE10-39B826B492F1}]
C:\WINDOWS\system32\bronto.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSKDetectorExe "= "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [08/12/2005 06:16 PM]
"LVCOMSX "= "C:\WINDOWS\system32\LVCOMSX.EXE" [05/27/2005 10:18 AM]
"LogitechVideoRepair "= "C:\Program Files\Logitech\Video\ISStart.exe" [06/08/2005 03:24 PM]
"LogitechVideoTray "= "C:\Program Files\Logitech\Video\LogiTray.exe" [06/08/2005 03:14 PM]
"Trend Micro AntiVirus 2007 "= "C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe" [07/05/2007 08:09 PM]
"Undefined "= "C:\WINDOWS\system32\winter.exe" [10/29/2007 09:24 AM]
"NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [09/18/2005 10:32 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 02:00 PM]
"LogitechSoftwareUpdate "= "C:\Program Files\Logitech\Video\ManifestEngine.exe" [06/08/2005 02:44 PM]
"WMPNSCFG "= "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 09:05 PM]
"Undefined "= "C:\WINDOWS\system32\winter.exe" [10/29/2007 09:24 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM "=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
infos.exe [10/29/2007 9:24:13 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
autos.exe [10/29/2007 9:24:13 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle "=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme "=C:\WINDOWS\Resources\Themes\Royale.theme
"DisableTaskMgr "=1 (0x1)
"DisableRegistryTools "=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr "=0 (0x0)
"DisableRegistryTools "=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoControlPanel "=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoControlPanel "=1 (0x1)
"NoWindowsUpdate "=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderOptions "=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
zHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
HDAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McafWelcome]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McRegWiz]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
%WINDIR%\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
%WINDIR%\Creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
C:\Program Files\Digital Media Reader\shwiconem.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MskService "=2 (0x2)
"MpfService "=2 (0x2)
"mcupdmgr.exe "=3 (0x3)
"McTskshd.exe "=2 (0x2)
"McShield "=2 (0x2)
"McDetect.exe "=2 (0x2)
"AOL TopSpeedMonitor "=2 (0x2)
"AOL ACS "=2 (0x2)




-- End of Deckard's System Scanner: finished at 2006-11-01 20:26:33 ------------

 

You ran dss.exe from a temporary folder instead of your desktop. Please re-download Deckard's System Scanner and save it to your desktop. We may need it later.

You did not have HijackThis properly installed either. Please download the HijackThis Installer from here, then run a scan and save the log. Post the contents of that log here.

Download ComboFix by sUBs from here, saving the file to your desktop.

• Close all open programs and windows
• Double click combofix.exe and follow the prompts.
• When finished, it will open a log for you. Post that log, the SmitfraudFix log at C:\rapport.txt and a new HijackThis log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

 

thank you very much for your attention. i just want to let you know that i am going to reformat my computer. i have everything i need in an external hard drive. thank you so much and i am appreciative knowing that if i need further help i can come and ask. i got the message about not putting hijack this in a temporary file so next i'll know.

 

Thanks for the update!

 

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
C:\Program Files\Memeo\AutoSync\MemeoAutoSync.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe "
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe "
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe "
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe "
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Memeo AutoBackup Launcher.lnk = ?
O4 - Startup: Memeo AutoSync Launcher.lnk = C:\Program Files\Memeo\AutoSync\MemeoLauncher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe

 

i just posted my latest hijackthis file after a reformat and extreme rebuild. can somebody let me know how to better protect my computer. all my problems seem to have gone away. i got attacked the last time when for no reason i brought down my antivirus and firewall. so i am pretty comp lit and this doesn't happen often. but any precautions will help. thank you

 

Read this.