computer "blinks" off and on occassionally. when surfing images becomes faded and unreadible. i posted here in the security forum, ran hijack log and combo fix..no malware detected. Posted this problem in the Video/Monitor forum but no response from there. i changed out my monitor thinking that was the problem, no luck. could the video card be causing this problem? thanks in advance for your help...
Computer Problems..Help!!
- Thread starter ranger71
- Start date
Respital
Active Member
Hello, please download and post a new log with HiJackThis.
Click here to download HJTsetup.exe
- Save HJTsetup.exe to your desktop.
- Double click on the HJTsetup.exe icon on your desktop.
- By default it will install to C:\Program Files\Hijack This.
- Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
- Put a check by Create a desktop icon then click Next again.
- Continue to follow the rest of the prompts from there.
- At the final dialogue box click Finish and it will launch Hijack This.
- Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
- Click Save to save the log file and then the log will open in notepad.
- Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
- Come back here to this thread and Paste the log in your next reply.
- DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
Please also post the ComboFix log.
EDIT: If you have another video card compatible with your computer i would try that too.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:46:39 PM, on 7/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Webroot\Desktop Firewall\WDF.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Billeo\billeo.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Desktop Firewall\wdfsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/?rd=nux
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Billeo - {465E08E7-F005-4389-980F-1D8764B3486C} - C:\Program Files\Billeo\billeo.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Billeo - {6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} - C:\Program Files\Billeo\billeo.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Webroot Desktop Firewall] "C:\Program Files\Webroot\Desktop Firewall\WDF.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: billeo.lnk = C:\Program Files\Billeo\billeo.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Billeo - {97ED3A9F-CD6F-473A-8FE1-7505C1B844C3} - C:\Program Files\Billeo\billeo.dll (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/controls/cpcScanner.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - http://ax.emsisoft.com/asquared.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Desktop Firewall network service (WDFNet) - Webroot Software, Inc. - C:\Program Files\Webroot\Desktop Firewall\wdfsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 6269 bytes
ComboFix 08-07-27.3 - J Hester 2008-07-31 16:38:28.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.603 [GMT -4:00]
Running from: C:\Documents and Settings\J Hester\Desktop\ComboFix.exe
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\J Hester\Application Data\macromedia\Flash Player\#SharedObjects\GLU9J4JS\interclick.com
C:\Documents and Settings\J Hester\Application Data\macromedia\Flash Player\#SharedObjects\GLU9J4JS\interclick.com\ud.sol
C:\Documents and Settings\J Hester\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\J Hester\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
.
((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-31 )))))))))))))))))))))))))))))))
.
2008-07-29 19:56 . 2008-07-29 19:56 <DIR> d-------- C:\Program Files\Lavasoft
2008-07-29 19:56 . 2008-07-29 19:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-29 17:33 . 2008-07-29 19:47 <DIR> d-------- C:\Program Files\NoAdware5.0
2008-07-29 17:10 . 2008-07-29 17:17 <DIR> d-------- C:\Program Files\BHODemon 2
2008-07-28 14:57 . 2008-07-28 14:58 <DIR> d-------- C:\Program Files\SIW
2008-07-28 08:36 . 2008-07-28 08:36 <DIR> d-------- C:\Webroot
2008-07-27 09:30 . 2008-07-27 09:30 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-27 09:07 . 2008-07-27 09:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-07-26 10:10 . 2008-07-26 10:10 <DIR> d-------- C:\Documents and Settings\J Hester\Application Data\Malwarebytes
2008-07-26 10:10 . 2008-07-26 10:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-26 09:58 . 2008-07-26 09:58 <DIR> d-------- C:\Deckard
2008-07-24 08:11 . 2008-07-24 08:14 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-07-12 13:00 . 2008-07-12 13:01 <DIR> d--h-c--- C:\Documents and Settings\All Users\Application Data\{30921501-2E85-45E1-9DB5-4AF559FDCB53}
2008-07-11 12:51 . 2008-07-11 12:51 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-07-11 12:32 . 2008-07-11 12:54 <DIR> d-------- C:\Program Files\NOS
2008-07-11 12:32 . 2008-07-11 12:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-07-10 15:10 . 2008-07-26 11:29 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-07-08 12:14 . 2008-07-08 12:13 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-07-08 12:13 . 2008-07-08 12:28 <DIR> d-------- C:\Documents and Settings\J Hester\.housecall6.6
2008-07-07 17:02 . 2008-07-07 17:06 <DIR> d-------- C:\Program Files\Security Task Manager
2008-07-07 17:02 . 2008-07-07 17:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-07-07 16:52 . 2008-07-07 16:53 <DIR> d-------- C:\Program Files\EndItAll
2008-07-07 15:38 . 2008-07-07 15:38 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-07-07 08:44 . 2008-07-12 13:02 586 --a------ C:\WINDOWS\TTENET.xml
2008-07-07 08:43 . 2008-07-07 08:43 <DIR> d-------- C:\Program Files\HurricaneSoftware.com
2008-07-04 15:23 . 2008-07-04 15:23 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-07-04 15:23 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-07-04 15:23 . 2008-01-04 20:34 23,920 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-07-04 15:23 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-07-04 15:23 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-07-04 15:22 . 2008-07-20 08:04 <DIR> d-------- C:\Program Files\Webroot
2008-07-04 15:22 . 2008-07-04 15:22 <DIR> d-------- C:\Documents and Settings\J Hester\Application Data\Webroot
2008-07-04 15:22 . 2008-07-20 08:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-07-04 15:22 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-07-04 15:20 . 2008-07-04 15:20 164 --a------ C:\install.dat
2008-07-01 15:25 . 2008-07-01 15:25 <DIR> d-------- C:\Program Files\Comodo
2008-07-01 15:25 . 2008-07-01 15:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BOC426
2008-07-01 15:25 . 2008-03-28 09:17 212,728 --a------ C:\WINDOWS\CMDLIC.DLL
2008-07-01 15:25 . 2008-03-28 09:16 205,560 --a------ C:\WINDOWS\UNBOC.EXE
2008-07-01 15:25 . 2006-02-28 08:00 22,528 --a------ C:\WINDOWS\system32\wsock32.dlb
2008-06-30 16:07 . 2008-06-30 16:07 <DIR> d-------- C:\VundoFix Backups
2008-06-29 12:45 . 2008-06-29 12:45 <DIR> d-------- C:\Program Files\ACW
2008-06-18 17:47 . 2008-06-18 17:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\billeo
2008-06-18 17:44 . 2008-06-18 17:49 <DIR> d-------- C:\Program Files\Billeo
2008-06-18 17:25 . 2008-06-18 17:25 <DIR> d-------- C:\Program Files\Common Files\eSellerate
2008-06-18 17:25 . 2008-06-18 17:25 <DIR> d-------- C:\Program Files\AnswersThatWork
2008-06-18 17:25 . 2007-06-08 13:53 1,753,088 --a------ C:\WINDOWS\system32\ExGrid.dll
2008-06-18 17:25 . 2007-04-03 16:51 614,400 --a------ C:\WINDOWS\system32\ExButton.dll
2008-06-18 17:25 . 2007-06-05 10:20 602,112 --a------ C:\WINDOWS\system32\ExMenu.dll
2008-06-18 17:25 . 2007-06-05 10:19 516,096 --a------ C:\WINDOWS\system32\ExTab.dll
2008-06-18 17:25 . 1998-04-24 00:00 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2008-06-18 17:25 . 2005-10-11 14:40 356,352 --a------ C:\WINDOWS\system32\eSellerateEngine.dll
2008-06-18 17:25 . 2007-04-03 16:51 307,200 --a------ C:\WINDOWS\system32\ExPMenu.dll
2008-06-18 17:25 . 2004-03-09 01:00 124,688 --a------ C:\WINDOWS\system32\MSWinSck.ocx
2008-06-10 15:02 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 15:02 . 2008-06-13 09:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-29 23:56 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-27 13:09 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-27 13:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-26 15:58 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-11 16:50 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-09 21:51 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-06-09 21:48 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-16 15:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-21 06:56 666,624 ----a-w C:\WINDOWS\system32\wininet.dll
1998-12-08 18:53 99,840 ----a-w C:\Program Files\Common Files\IRAABOUT.DLL
1998-12-08 18:53 70,144 ----a-w C:\Program Files\Common Files\IRAMDMTR.DLL
1998-12-08 18:53 48,640 ----a-w C:\Program Files\Common Files\IRALPTTR.DLL
1998-12-08 18:53 31,744 ----a-w C:\Program Files\Common Files\IRAWEBTR.DLL
1998-12-08 18:53 186,368 ----a-w C:\Program Files\Common Files\IRAREG.DLL
1998-12-08 18:53 17,920 ----a-w C:\Program Files\Common Files\IRASRIAL.DLL
.
((((((((((((((((((((((((((((( snapshot@2008-07-27_17.28.27.81 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-28 12:47:55 24,576 ----a-w C:\WINDOWS\Downloaded Program Files\conspawn.exe
+ 2006-10-23 14:37:28 241,664 ----a-w C:\WINDOWS\Downloaded Program Files\cpcScan.dll
+ 2008-07-28 12:47:55 57,344 ----a-w C:\WINDOWS\Downloaded Program Files\meminfo.exe
+ 2008-04-29 15:19:50 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
+ 2008-04-29 15:19:54 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
+ 2008-04-29 15:20:00 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-12 01:26 68856]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-06-09 17:51 1506544]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 14:38 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 16:18 241664]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"Webroot Desktop Firewall"="C:\Program Files\Webroot\Desktop Firewall\WDF.exe" [2007-10-20 13:20 1717592]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
billeo.lnk - C:\Program Files\Billeo\billeo.exe [2007-01-19 15:13:56 1144072]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 23:31:38 241664]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-29 00:06:36 53248]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 08:05:56 65588]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-11-06 17:40:54 815104]
Symantec Fax Starter Edition Port.lnk - C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE [1998-12-23 09:51:54 45568]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-26 08:01 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP
COM(135)
R1 pwipf6;pwipf6;C:\WINDOWS\system32\drivers\pwipf6.sys [2007-10-18 13:41]
R2 WDFNet;Webroot Desktop Firewall network service;C:\Program Files\Webroot\Desktop Firewall\wdfsvc.exe [2007-10-20 13:20]
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 18:31]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);C:\WINDOWS\system32\drivers\sis7012.sys [2003-04-08 10:56]
.
Contents of the 'Scheduled Tasks' folder
2008-07-31 C:\WINDOWS\Tasks\wrSpySweeper_L9201F912676241C788685856843EB35C.job
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-01-04 20:56]
2008-07-31 C:\WINDOWS\Tasks\wrSpySweeper_L9201F912676241C788685856843EB35C.job
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-01-04 20:56]
2008-07-31 C:\WINDOWS\Tasks\wrSpySweeper_L9201F912676241C788685856843EB35C.job
- A:\","C:\","D:\","E:\","F:\","G:\" []
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://cm.my.yahoo.com/?rd=nux
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R0 -: HKLM-Main,Default_Search_URL = hxxp://www.google.com/ie
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
R0 -: HKLM-Search,SearchAssistant = hxxp://www.google.com/ie
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-31 16:42:06
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-07-31 16:43:39
ComboFix-quarantined-files.txt 2008-07-31 20:43:34
thanks for the resonse...no i don't have a spare video card....
Scan saved at 4:46:39 PM, on 7/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Webroot\Desktop Firewall\WDF.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Billeo\billeo.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Desktop Firewall\wdfsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/?rd=nux
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Billeo - {465E08E7-F005-4389-980F-1D8764B3486C} - C:\Program Files\Billeo\billeo.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Billeo - {6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} - C:\Program Files\Billeo\billeo.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Webroot Desktop Firewall] "C:\Program Files\Webroot\Desktop Firewall\WDF.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: billeo.lnk = C:\Program Files\Billeo\billeo.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Billeo - {97ED3A9F-CD6F-473A-8FE1-7505C1B844C3} - C:\Program Files\Billeo\billeo.dll (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/controls/cpcScanner.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - http://ax.emsisoft.com/asquared.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Desktop Firewall network service (WDFNet) - Webroot Software, Inc. - C:\Program Files\Webroot\Desktop Firewall\wdfsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 6269 bytes
ComboFix 08-07-27.3 - J Hester 2008-07-31 16:38:28.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.603 [GMT -4:00]
Running from: C:\Documents and Settings\J Hester\Desktop\ComboFix.exe
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\J Hester\Application Data\macromedia\Flash Player\#SharedObjects\GLU9J4JS\interclick.com
C:\Documents and Settings\J Hester\Application Data\macromedia\Flash Player\#SharedObjects\GLU9J4JS\interclick.com\ud.sol
C:\Documents and Settings\J Hester\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\J Hester\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
.
((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-31 )))))))))))))))))))))))))))))))
.
2008-07-29 19:56 . 2008-07-29 19:56 <DIR> d-------- C:\Program Files\Lavasoft
2008-07-29 19:56 . 2008-07-29 19:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-29 17:33 . 2008-07-29 19:47 <DIR> d-------- C:\Program Files\NoAdware5.0
2008-07-29 17:10 . 2008-07-29 17:17 <DIR> d-------- C:\Program Files\BHODemon 2
2008-07-28 14:57 . 2008-07-28 14:58 <DIR> d-------- C:\Program Files\SIW
2008-07-28 08:36 . 2008-07-28 08:36 <DIR> d-------- C:\Webroot
2008-07-27 09:30 . 2008-07-27 09:30 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-27 09:07 . 2008-07-27 09:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-07-26 10:10 . 2008-07-26 10:10 <DIR> d-------- C:\Documents and Settings\J Hester\Application Data\Malwarebytes
2008-07-26 10:10 . 2008-07-26 10:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-26 09:58 . 2008-07-26 09:58 <DIR> d-------- C:\Deckard
2008-07-24 08:11 . 2008-07-24 08:14 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-07-12 13:00 . 2008-07-12 13:01 <DIR> d--h-c--- C:\Documents and Settings\All Users\Application Data\{30921501-2E85-45E1-9DB5-4AF559FDCB53}
2008-07-11 12:51 . 2008-07-11 12:51 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-07-11 12:32 . 2008-07-11 12:54 <DIR> d-------- C:\Program Files\NOS
2008-07-11 12:32 . 2008-07-11 12:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-07-10 15:10 . 2008-07-26 11:29 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-07-08 12:14 . 2008-07-08 12:13 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-07-08 12:13 . 2008-07-08 12:28 <DIR> d-------- C:\Documents and Settings\J Hester\.housecall6.6
2008-07-07 17:02 . 2008-07-07 17:06 <DIR> d-------- C:\Program Files\Security Task Manager
2008-07-07 17:02 . 2008-07-07 17:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-07-07 16:52 . 2008-07-07 16:53 <DIR> d-------- C:\Program Files\EndItAll
2008-07-07 15:38 . 2008-07-07 15:38 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-07-07 08:44 . 2008-07-12 13:02 586 --a------ C:\WINDOWS\TTENET.xml
2008-07-07 08:43 . 2008-07-07 08:43 <DIR> d-------- C:\Program Files\HurricaneSoftware.com
2008-07-04 15:23 . 2008-07-04 15:23 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-07-04 15:23 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-07-04 15:23 . 2008-01-04 20:34 23,920 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-07-04 15:23 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-07-04 15:23 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-07-04 15:22 . 2008-07-20 08:04 <DIR> d-------- C:\Program Files\Webroot
2008-07-04 15:22 . 2008-07-04 15:22 <DIR> d-------- C:\Documents and Settings\J Hester\Application Data\Webroot
2008-07-04 15:22 . 2008-07-20 08:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-07-04 15:22 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-07-04 15:20 . 2008-07-04 15:20 164 --a------ C:\install.dat
2008-07-01 15:25 . 2008-07-01 15:25 <DIR> d-------- C:\Program Files\Comodo
2008-07-01 15:25 . 2008-07-01 15:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BOC426
2008-07-01 15:25 . 2008-03-28 09:17 212,728 --a------ C:\WINDOWS\CMDLIC.DLL
2008-07-01 15:25 . 2008-03-28 09:16 205,560 --a------ C:\WINDOWS\UNBOC.EXE
2008-07-01 15:25 . 2006-02-28 08:00 22,528 --a------ C:\WINDOWS\system32\wsock32.dlb
2008-06-30 16:07 . 2008-06-30 16:07 <DIR> d-------- C:\VundoFix Backups
2008-06-29 12:45 . 2008-06-29 12:45 <DIR> d-------- C:\Program Files\ACW
2008-06-18 17:47 . 2008-06-18 17:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\billeo
2008-06-18 17:44 . 2008-06-18 17:49 <DIR> d-------- C:\Program Files\Billeo
2008-06-18 17:25 . 2008-06-18 17:25 <DIR> d-------- C:\Program Files\Common Files\eSellerate
2008-06-18 17:25 . 2008-06-18 17:25 <DIR> d-------- C:\Program Files\AnswersThatWork
2008-06-18 17:25 . 2007-06-08 13:53 1,753,088 --a------ C:\WINDOWS\system32\ExGrid.dll
2008-06-18 17:25 . 2007-04-03 16:51 614,400 --a------ C:\WINDOWS\system32\ExButton.dll
2008-06-18 17:25 . 2007-06-05 10:20 602,112 --a------ C:\WINDOWS\system32\ExMenu.dll
2008-06-18 17:25 . 2007-06-05 10:19 516,096 --a------ C:\WINDOWS\system32\ExTab.dll
2008-06-18 17:25 . 1998-04-24 00:00 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2008-06-18 17:25 . 2005-10-11 14:40 356,352 --a------ C:\WINDOWS\system32\eSellerateEngine.dll
2008-06-18 17:25 . 2007-04-03 16:51 307,200 --a------ C:\WINDOWS\system32\ExPMenu.dll
2008-06-18 17:25 . 2004-03-09 01:00 124,688 --a------ C:\WINDOWS\system32\MSWinSck.ocx
2008-06-10 15:02 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 15:02 . 2008-06-13 09:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-29 23:56 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-27 13:09 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-27 13:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-26 15:58 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-11 16:50 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-09 21:51 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-06-09 21:48 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-16 15:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-21 06:56 666,624 ----a-w C:\WINDOWS\system32\wininet.dll
1998-12-08 18:53 99,840 ----a-w C:\Program Files\Common Files\IRAABOUT.DLL
1998-12-08 18:53 70,144 ----a-w C:\Program Files\Common Files\IRAMDMTR.DLL
1998-12-08 18:53 48,640 ----a-w C:\Program Files\Common Files\IRALPTTR.DLL
1998-12-08 18:53 31,744 ----a-w C:\Program Files\Common Files\IRAWEBTR.DLL
1998-12-08 18:53 186,368 ----a-w C:\Program Files\Common Files\IRAREG.DLL
1998-12-08 18:53 17,920 ----a-w C:\Program Files\Common Files\IRASRIAL.DLL
.
((((((((((((((((((((((((((((( snapshot@2008-07-27_17.28.27.81 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-28 12:47:55 24,576 ----a-w C:\WINDOWS\Downloaded Program Files\conspawn.exe
+ 2006-10-23 14:37:28 241,664 ----a-w C:\WINDOWS\Downloaded Program Files\cpcScan.dll
+ 2008-07-28 12:47:55 57,344 ----a-w C:\WINDOWS\Downloaded Program Files\meminfo.exe
+ 2008-04-29 15:19:50 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
+ 2008-04-29 15:19:54 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
+ 2008-04-29 15:20:00 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-12 01:26 68856]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-06-09 17:51 1506544]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 14:38 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 16:18 241664]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"Webroot Desktop Firewall"="C:\Program Files\Webroot\Desktop Firewall\WDF.exe" [2007-10-20 13:20 1717592]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
billeo.lnk - C:\Program Files\Billeo\billeo.exe [2007-01-19 15:13:56 1144072]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 23:31:38 241664]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-29 00:06:36 53248]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 08:05:56 65588]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-11-06 17:40:54 815104]
Symantec Fax Starter Edition Port.lnk - C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE [1998-12-23 09:51:54 45568]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-26 08:01 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP
COM(135)R1 pwipf6;pwipf6;C:\WINDOWS\system32\drivers\pwipf6.sys [2007-10-18 13:41]
R2 WDFNet;Webroot Desktop Firewall network service;C:\Program Files\Webroot\Desktop Firewall\wdfsvc.exe [2007-10-20 13:20]
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 18:31]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);C:\WINDOWS\system32\drivers\sis7012.sys [2003-04-08 10:56]
.
Contents of the 'Scheduled Tasks' folder
2008-07-31 C:\WINDOWS\Tasks\wrSpySweeper_L9201F912676241C788685856843EB35C.job
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-01-04 20:56]
2008-07-31 C:\WINDOWS\Tasks\wrSpySweeper_L9201F912676241C788685856843EB35C.job
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-01-04 20:56]
2008-07-31 C:\WINDOWS\Tasks\wrSpySweeper_L9201F912676241C788685856843EB35C.job
- A:\","C:\","D:\","E:\","F:\","G:\" []
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://cm.my.yahoo.com/?rd=nux
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R0 -: HKLM-Main,Default_Search_URL = hxxp://www.google.com/ie
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
R0 -: HKLM-Search,SearchAssistant = hxxp://www.google.com/ie
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-31 16:42:06
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-07-31 16:43:39
ComboFix-quarantined-files.txt 2008-07-31 20:43:34
thanks for the resonse...no i don't have a spare video card....