Hi - I am brand spanking new to this forum. I would love some assistance please.

I have been fiddling around with Quicktime and I keep getting error 10061, which so far I believe has to do with Streaming Transport (??)

I tried UDP Port ID 554
and then I tried HTTP Port ID 80

Neither worked for me. I saw an older post from 01-26-2007 between George Hallam & mjc (moderator). It pertained to the same error number (maybe>?)

But I was hoping I could be advised on the Quicktime problem. I also want to run HijackThis and have someone tell me what to delete cause I'm sure I've got issues.

Any and all assistance will be greatly appreciated. Jennifer.

Hey, Welcome to http://pcguide.com/ubb/pcgubb.gif Forum. Hijackthis can be downloaded from http://www.merijn.org/programs.php. What are you trying to do when you get the error?

Awaj: thank you for the warm greeting and the reply.:)

The error comes any time Quicktime is to be used to open a streaming video on the web. Eg: when I go to any website that uses Quicktime instead of Flash, I run into the Quicktime error # 10061. And I get a large Q in the box where the video should play.

The reason I mentioned Hijack This twofold: I was reading an old thread on this site regarding this error number, and the person who replied asked him to run Hijack this, I guess to diagnose something to do with the error.

Secondly, about a year ago I ran Hijack This and a security pro from Dell Forum assisted me in debugging my PC. And I think it is high time to redo that.

If you can help with either of these issues, most pressingly how to correctly set the Streaming Transport Port ID (see my first post), I'd be very pleased.

Thank You, Jennifer.

Ok...that was something we ended up fixing in the chatroom...and I can't remember exactly what all we did, maybe George can remember.

It also can't hurt to throw a log onto the site as well.

have you read this (http://forum.dreamhosters.com/multimedia/13230-10061-Connection-falied.htm)?

What browser are you using? have you tried a different one?

Thanks to all. Yesterday I had "Win32.Trojan.Agent" found by Ad-Aware. among other things.

Could one of you please assist me with this post - my system is so bogged. Everything Hangs miserably, IE7 sucks right now, and it takes forever to reboot.

Thanks. Jen.

hope i did it right:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 3:42:51 PM, on 14/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TELUS\TELUS eProtect\Fws.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\TELUS\eProtect Advisor\TEPA.exe
C:\Program Files\TELUS\TELUS eProtect\Rps.exe
C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe
C:\Program Files\TELUS\TELUS Wireless Connection Manager\McciTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\TELUS\eProtect Advisor\TEPAComHandler.exe
C:\Program Files\TELUS\TELUS eProtect\rpsupdaterR.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\Jennifer\Desktop\HiJackThis_v2.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\TELUS\TELUS eProtect\pkR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TEPA.exe] "C:\Program Files\TELUS\eProtect Advisor\TEPA.exe" /AUTORUN
O4 - HKLM\..\Run: [TELUS eProtect] "C:\Program Files\TELUS\TELUS eProtect\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\TELUS\TELUS eProtect\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [TELUS_McciTrayApp] C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe
O4 - HKLM\..\Run: [TelusWCC_McciTrayApp] C:\Program Files\TELUS\TELUS Wireless Connection Manager\McciTrayApp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - [url]http://favorites.live.com/quickadd.aspx[/url]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - [url]https://support.microsoft.com/OAS/ActiveX/MSDcode.cab[/url]
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - [url]http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab[/url]
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - [url]https://www.microsoft.com/resources/virtuallabs/ActiveX/VMRCActiveXClient1.cab[/url]
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - [url]http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab[/url]
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - [url]http://threats.freedom.net/viruscenter/onlineviruscheck/cabs/cssweb.cab[/url]
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - [url]http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4986/mcfscan.cab[/url]
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: TELUS eProtect Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\TELUS\TELUS eProtect\rpsupdaterR.exe
O23 - Service: TELUS eProtect Firewall (RP_FWS) - TELUS - C:\Program Files\TELUS\TELUS eProtect\Fws.exe

--
End of file - 9641 bytes

Please do the following:


Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your Desktop (it needs to be run from the Desktop). Double click combofix.exe & follow the prompts.
When finished, it will produce a log for you.


Note:

Do not mouseclick Combofix's window while it is running. That may cause the program to stall...

Then:


Re-boot the system
Post the Combofix Log
Post a new HJT log
Tell us how the system is running.

Thank you, still having some freezing up/delay on IE7. I'll keep you posted. I'll send another post in 24 to 48 hrs to give you a full report.

Here's part one of combofix log:

ComboFix 08-01-15.4 - Jennifer 2008-01-14 23:11:32.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.122 [GMT -8:00]
Running from: C:\Documents and Settings\Jennifer\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\RECYCLER\RBD.tmp
C:\setup.exe
C:\WINDOWS\Downloaded Program Files\ODCTOOLS

.
((((((((((((((((((((((((( Files Created from 2007-12-15 to 2008-01-15 )))))))))))))))))))))))))))))))
.

2008-01-14 23:09 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-12 21:45 . 2008-01-12 21:45 <DIR> d-------- C:\ppmaterecord
2008-01-12 21:45 . 2008-01-13 18:59 <DIR> d-------- C:\Documents and Settings\Jennifer\Application Data\ppStream
2008-01-12 21:45 . 2008-01-13 19:35 553 --a------ C:\WINDOWS\psnetwork.ini
2008-01-12 21:45 . 2008-01-13 19:06 34 --a------ C:\WINDOWS\Powerplayer.ini
2008-01-12 21:43 . 2008-01-12 21:43 <DIR> d-------- C:\Program Files\Common Files\Synacast
2008-01-12 21:43 . 2008-01-12 21:43 <DIR> d-------- C:\Documents and Settings\Jennifer\Application Data\PPMate
2008-01-12 21:42 . 2008-01-12 21:46 <DIR> d-------- C:\Program Files\PPMate
2008-01-12 13:43 . 2008-01-13 17:26 <DIR> d-------- C:\Program Files\SopCast
2008-01-08 20:44 . 2008-01-08 20:44 20 --a------ C:\WINDOWS\ÿÿ
2008-01-07 20:11 . 2008-01-07 20:11 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-01-07 14:57 . 2007-03-06 13:24 55,296 --a------ C:\WINDOWS\system32\drivers\rp_skt32.sys
2008-01-07 14:56 . 2008-01-07 14:56 <DIR> d-------- C:\Program Files\Common Files\Authentium
2008-01-07 14:56 . 2007-04-19 11:36 48,384 --a------ C:\WINDOWS\system32\drivers\rp_pkt32.sys
2008-01-07 14:55 . 2008-01-07 14:55 <DIR> d-------- C:\Program Files\Raxco
2008-01-07 14:55 . 2008-01-07 17:57 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-01-07 14:55 . 2008-01-07 14:55 <DIR> d-------- C:\Program Files\CA
2008-01-07 14:55 . 2008-01-07 14:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Raxco
2008-01-07 14:23 . 2008-01-07 14:23 <DIR> d-------- C:\Documents and Settings\Jennifer\Application Data\InstallShield
2008-01-04 13:59 . 2008-01-04 13:59 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-01-04 13:59 . 2008-01-04 13:59 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-01-04 13:58 . 2008-01-04 13:58 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 13:58 . 2008-01-04 13:58 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-01-04 13:58 . 2008-01-04 13:58 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-01-04 13:56 . 2008-01-04 13:56 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-01-04 13:56 . 2008-01-04 13:56 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-31 13:40 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-31 13:39 . 2007-12-31 13:40 <DIR> d-------- C:\Program Files\Java
2007-12-31 13:38 . 2007-12-31 13:38 <DIR> d-------- C:\Program Files\Common Files\Java
2007-12-21 22:18 . 2007-12-21 22:18 0 --ah-c--- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_C oinstaller_Critical.Wdf
2007-12-21 22:18 . 2007-12-21 22:18 0 --ah-c--- C:\WINDOWS\system32\drivers\Msft_Kernel_zumbus_010 05.Wdf
2007-12-21 22:12 . 2007-12-21 22:48 <DIR> d-------- C:\Program Files\Zune

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-01-12 01:57 --------- d-----w C:\Program Files\DivX
2008-01-09 04:49 --------- d-----w C:\Program Files\Windows Live
2008-01-09 04:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-09 03:20 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-01-09 03:15 --------- d-----w C:\Program Files\MONyog
2008-01-09 02:58 --------- d-----w C:\Program Files\SQLyog Enterprise Trial
2008-01-09 02:58 --------- d-----w C:\Program Files\No-IP
2008-01-09 02:57 --------- d-----w C:\Program Files\Common Files\Real
2008-01-09 01:42 5,018 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-01-08 21:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Motive
2008-01-08 21:26 --------- d-----w C:\Program Files\Common Files\Motive
2008-01-08 21:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-08 20:31 --------- d-----w C:\Program Files\TELUS eCare
2008-01-08 20:31 --------- d-----w C:\Program Files\TELUS
2008-01-08 20:31 --------- d-----w C:\Documents and Settings\Jennifer\Application Data\Motive
2008-01-07 22:58 --------- d-----w C:\Documents and Settings\Jennifer\Application Data\TELUS
2008-01-07 22:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\TELUS
2008-01-07 22:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-01-03 00:27 --------- d-----w C:\Program Files\QuickTime
2007-12-24 05:24 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-22 00:23 --------- d-----w C:\Documents and Settings\Jennifer\Application Data\Image Zone Express
2007-12-15 00:57 --------- d-----w C:\Program Files\ffdshow
2007-12-11 07:17 --------- d-----w C:\Program Files\Common Files\Apple
2007-12-11 04:42 --------- d-----w C:\Documents and Settings\Jennifer\Application Data\Apple Computer
2007-12-11 04:19 --------- d-----w C:\Program Files\Apple Software Update
2007-12-11 04:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-12-11 04:07 --------- d-----w C:\Program Files\Digital Locker Assistant
2007-12-07 06:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-07 04:55 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-12-07 04:54 --------- d-----w C:\Program Files\Windows Live Favorites
2007-12-07 04:50 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-06 06:02 --------- d-----w C:\Program Files\Common Files\HP
2007-12-04 00:34 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2007-11-29 20:52 60,273 ----a-w C:\WINDOWS\system32\pthreadGC2.dll
2007-11-28 01:16 --------- d-----w C:\Documents and Settings\Jennifer\Application Data\HP
2007-11-28 00:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2007-11-28 00:54 --------- d-----w C:\Program Files\HP
2007-11-28 00:50 --------- d-----w C:\Program Files\Hewlett-Packard
2007-11-28 00:48 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2007-11-27 06:47 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-11-27 05:38 --------- d-----w C:\Program Files\Windows Installer Clean Up
2007-11-27 05:35 --------- d-----w C:\Program Files\MSECACHE
2007-11-24 22:32 --------- d-----w C:\Documents and Settings\Jennifer\Application Data\Corel
2007-11-19 04:12 --------- d-----w C:\Program Files\Common Files\Merge Modules

2007-11-16 05:51 80,288 ----a-w C:\WINDOWS\system32\ZuneIpTransport.dll
2007-11-16 05:51 72,608 ----a-w C:\WINDOWS\system32\ZuneUsbTransport.dll
2007-11-16 05:51 59,296 ----a-w C:\WINDOWS\system32\ZuneBusEnum.exe
2007-11-16 05:51 45,472 ----a-w C:\WINDOWS\system32\ZuneUsbConnection.dll
2007-11-16 05:51 245,664 ----a-w C:\WINDOWS\system32\ZuneWlanCfgSvc.exe
2007-11-16 05:51 155,552 ----a-w C:\WINDOWS\system32\ZuneMTPZ.dll
2007-11-16 05:38 40,832 ----a-w C:\WINDOWS\system32\drivers\zumbus.sys
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 16:53 360,832 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-28 01:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-22 11:39 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll
2007-10-22 11:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll
2007-10-18 21:09 1,419,232 ----a-w C:\WINDOWS\system32\WdfCoInstaller01005.dll
2007-10-18 19:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-04-07 02:25 80,498 -c--a-w C:\Program Files\MPQE_1.2.rar
2007-04-07 01:58 2,945,816 ----a-w C:\Program Files\dotnetfx3setup.exe
2007-04-07 00:55 1,328,470 ----a-w C:\Program Files\aditional debug bins.rar
2007-04-07 00:37 1,151,043 ----a-w C:\Program Files\MONyog016.exe
2007-04-07 00:33 18,722,304 -c--a-w C:\Program Files\mysql-essential-5.0.37-win32.msi
2007-04-07 00:31 41,259,836 ----a-w C:\Program Files\mysql-5.0.37-winx64.zip
2007-04-07 00:28 42,727,293 ----a-w C:\Program Files\mysql-noinstall-5.0.37-winx64.zip
2007-04-07 00:20 1,291,995 ----a-w C:\Program Files\aditional bins.rar
2007-04-07 00:16 20,449,280 -c--a-w C:\Program Files\mysql-essential-5.0.37-winx64.msi
2007-04-06 22:12 3,272,170 ----a-w C:\Program Files\WoW-1[1].12.0-to-1.12.1-enUS.exe
2007-04-06 22:04 1,430,016 -c--a-w C:\Program Files\Rev243.msi
2007-04-06 21:52 4,196,864 ----a-w C:\Program Files\MaNGOS_server.msi
2007-03-21 07:00 8,176,824 ----a-w C:\Program Files\BearShareV6.exe
2006-11-08 19:16 247 -c--a-w C:\Program Files\setuplog.txt
2006-09-19 17:33 518 ----a-w C:\Program Files\Shortcut to Internet Explorer.lnk
2006-09-14 22:56 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2006-09-19 17:32 88 --sh--r C:\WINDOWS\system32\A0A5558CFF.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\1T ortoiseSVN]
@={30351346-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\2T ortoiseSVN]
@={30351347-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\3T ortoiseSVN]
@={30351348-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\4T ortoiseSVN]
@={3035134B-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\5T ortoiseSVN]
@={3035134C-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\6T ortoiseSVN]
@={3035134D-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\7T ortoiseSVN]
@={3035134E-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 10:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 10:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 10:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 10:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 10:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 10:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 10:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:00 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 16:42 1404928]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 07:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 07:44 81920]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 16:05 1117184]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 08:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 08:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 08:36 114688]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-21 10:44 1836544]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 10:09 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-04 02:00 143360]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2007-11-15 21:51 166304]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 10:56 286720]
"TEPA.exe"="C:\Program Files\TELUS\eProtect Advisor\TEPA.exe" [2007-05-14 09:10 2061816]
"TELUS eProtect"="C:\Program Files\TELUS\TELUS eProtect\Rps.exe" [2007-09-13 16:22 310000]
"-FreedomNeedsReboot"="C:\Program Files\TELUS\TELUS eProtect\ZkRunOnceR.exe" [2007-09-13 16:22 13552]
"TELUS_McciTrayApp"="C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe" [2007-10-07 22:16 1462272]
"TelusWCC_McciTrayApp"="C:\Program Files\TELUS\TELUS Wireless Connection Manager\McciTrayApp.exe" [2006-03-10 10:01 543232]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

R2 McciCMService;McciCMService;"C:\Program Files\Common Files\Motive\McciCMService.exe" [2007-12-13 09:11]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2007-11-15 21:38]
R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2007-11-15 21:51]
R3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2007-09-07 12:07]
S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2007-09-07 12:07]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 Radialpoint Security Services;TELUS eProtect;C:\WINDOWS\system32\dllhost.exe [2004-08-04 02:00]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2007-11-15 21:51]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2008-01-13 01:17:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-15 06:57:02 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-01-08 21:10:00 C:\WINDOWS\Tasks\Disk Cleanup.job"
- C:\WINDOWS\system32\cleanmgr.exe
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2008-01-14 23:18:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-01-14 23:20:12
ComboFix-quarantined-files.txt 2008-01-15 07:19:41
.
2008-01-09 11:08:12 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:45:55 PM, on 14/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TELUS\TELUS eProtect\Fws.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\TELUS\eProtect Advisor\TEPA.exe
C:\Program Files\TELUS\TELUS eProtect\Rps.exe
C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe
C:\Program Files\TELUS\TELUS Wireless Connection Manager\McciTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\TELUS\eProtect Advisor\TEPAComHandler.exe
C:\Program Files\TELUS\TELUS eProtect\rpsupdaterR.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\Jennifer\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\TELUS\TELUS eProtect\pkR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TEPA.exe] "C:\Program Files\TELUS\eProtect Advisor\TEPA.exe" /AUTORUN
O4 - HKLM\..\Run: [TELUS eProtect] "C:\Program Files\TELUS\TELUS eProtect\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\TELUS\TELUS eProtect\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [TELUS_McciTrayApp] C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe
O4 - HKLM\..\Run: [TelusWCC_McciTrayApp] C:\Program Files\TELUS\TELUS Wireless Connection Manager\McciTrayApp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - [url]http://favorites.live.com/quickadd.aspx[/url]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - [url]https://support.microsoft.com/OAS/ActiveX/MSDcode.cab[/url]
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - [url]http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab[/url]
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - [url]https://www.microsoft.com/resources/virtuallabs/ActiveX/VMRCActiveXClient1.cab[/url]
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - [url]http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab[/url]
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - [url]http://threats.freedom.net/viruscenter/onlineviruscheck/cabs/cssweb.cab[/url]
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - [url]http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4986/mcfscan.cab[/url]
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: TELUS eProtect Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\TELUS\TELUS eProtect\rpsupdaterR.exe
O23 - Service: TELUS eProtect Firewall (RP_FWS) - TELUS - C:\Program Files\TELUS\TELUS eProtect\Fws.exe

--
End of file - 9596 bytes


Thank you very much for your time.

So far so good: things appear to be improved. Thank you, I'll keep you informed.

I download content w/ divx. After it autosaves, I bring it over into WMP 11, copy it into a .wmv file, and w/ Windows Media sharing enabled to my X360, if watch the content on my TV through a shared connection with my 2-Wire Gateway Modem.

Since running the Combofix, I opened WMP11, and it told me that Media Sharing had been disabled.

We've been having horrible screen/machine freezes on the X360, and the odd games that did play had lines, corrupted graphics.

I have not re-opened the WM sharing. Now the X360 is working. Could these problems be related. (we did disconnect the ethernet cord and still the X360 was bunked - but that was before running the Combofix, and reconnecting).

If you have any suggestions, or advise, or even a recommendation of where I can learn more about the likelyhood of the X360 & my PC sharing/problems being connected, I'd be jubilant and overjoyed.

Thanks a Million - you've been phenomenal.

Download AVG Anti-Spyware from HERE (http://www.ewido.net/en/download/)
Install AVG Anti-Spyware
Double-click the icon on Desktop to launch AVG Anti-Spyware
You will need to update AVG Anti-Spyware to the latest definition files.
On the top of the main screen click Shield and then [active] to change it to inactive
On the top of the main screen click Update and then Start Update.
Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".


Close ALL open Windows / Programs / Folders. Run AVG Anti-Spyware with it's updated definitions: (...it's important that all windows must be closed)

* Click Scanner and then the Scan tab
* Click Complete System Scan to begin scanning.

Once the scan is complete do the following:
* If you have any infections you will prompted, then select "Apply all actions"
* Once finished, click the Save report button, then click Save Report As and save it to your Desktop. (make sure to remember where you saved that file, this is important).

Close AVG Anti-Spyware and Reboot.

Post the logs and let me know how things seem to be running...

classicsoftware:

please advise (newbie) do i close sys tray programs, including Telus eProtect security, b4 running AVG scan?

Do you think this will fix my slow (or frozen) web pages? The first one or 2 load ok, but then.... Anyway, I'll run the scan, just am scared to turn off security. LOL>)

You should not have to turn off any security

hey: here's my log. Should I have AVG active & protecting my PC, or shutdown? And if I use AVG, do I turn of Telus's Anti-Virus (eProtect was by freedom??, they just updated it and I think it's worse).
Thank you - I mean it. I think you've done it. What browser do you recommend? (and have you given any thought to my Xbox question - the kids are bugging? I know, I'm pretty demanding - but I've been in the slow cold dark for so long)

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:48:56 PM 15/01/2008

+ Scan result:



:mozilla.145:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.147:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.160:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.400:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.44:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.45:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.46:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.47:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.230:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.231:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.232:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.417:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.372:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.373:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.374:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.375:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.378:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.133:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.381:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.382:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.383:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.384:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.385:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.386:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.387:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.216:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.356:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.357:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.132:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.180:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.181:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.328:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.329:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.207:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.217:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.222:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.176:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.20:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.21:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.22:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.23:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.287:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.352:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.353:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.43:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.249:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.250:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.267:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.268:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.269:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.270:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.271:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.272:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.273:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.274:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.265:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Questionmarket : Cleaned.

:mozilla.266:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.435:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Real : Cleaned.
:mozilla.395:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.209:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.79:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.81:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.82:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.83:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.84:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.71:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.72:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.73:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.74:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.75:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.76:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.77:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.210:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.211:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.212:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.369:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.370:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.371:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.264:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.28:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.57:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.58:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.59:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.60:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.61:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\khh3sg5i.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\My Download Files\PopularScreensaversSetup2.1.50.8.exe/mwsSetup.CommonCodebase.exe -> Trojan.Isbar.s : Cleaned.


::Report end

I would only have one anti-virus running at a time, AVG is the better of the two or so I understand. I use Opera (http://www.opera.com/), but Mozilla Firefox (http://www.mozilla.com/en-US/firefox/) is also safer and has a bit more functionality. Either one is better then Internet Explorer. but wait until the pronounce your computer clean, don't install things unless other people on this site say to before the problem is fixed.

* Click here (http://support.f-secure.com/enu/home/ols3.shtml) to use the F-Secure Online Scanner
It's explained there with images how to allow the ActiveX to start the scan, so read that first.
Then click the F-Secure Online Scanner Next Generation Beta link.
Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
Click the Full System Scan button.
It will start to download scanner components and databases. This can take a while.
The main scan will start.
Once the scan finished scanning, click the Automatic cleaning (recommended) button
It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
The cleaning can take a while, so please be patient.
Then click the Show report button and copy and paste what's present under results in your next reply.


* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found: http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif
If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.


* Click here (http://support.f-secure.com/enu/home/ols.shtml) to use the F-Secure Online Scanner
Then click the Start Scanning button below.
You should get a notification (bar on top) to install the activeX. Click on it and select to install the ActiveX.
Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
In case you are having problems with installing the ActiveX/starting the scan, please read here (http://support.f-secure.com/enu/home/ols-faq.shtml).
Click the Full System Scan button.
It will start to download scanner components and databases. This can take a while.
The main scan will start.
Once the scan finished scanning, click the Automatic cleaning (recommended) button
It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
The cleaning can take a while, so please be patient.
Then click the Show report button and copy and paste what's present under results in your next reply.

Thanks Classicsoftware & Awaj. I'll start the processes you've recommended, and then reply w/ the post.

gotta go to school, will start Dr. Web & continue w/ process later. F-Secure found 3 viruses. :(

Scanning Report
Tuesday, January 15, 2008 20:26:28 - 09:03:28
Computer name: DG0SPPB1
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\


--------------------------------------------------------------------------------

Result: 3 malware found
W32/Lineage.ATYX (virus)
C:\PROGRAM FILES\TELUS\TELUS EPROTECT\RESOURCES\ZK_EN_US\ZKU_RSRC.DLL (Submitted)
W32/Malware.ABBJ (virus)
C:\PROGRAM FILES\PPMATE\PPMATE.EXE (Submitted)
W32/Malware.ABML (virus)
C:\PROGRAM FILES\PPMATE\PPAMNET.EXE (Submitted)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 44190
System: 0
Not scanned: 6
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
None: 3
Submitted: 3
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{4C6754 3F-ADE3-4974-9AB1-393A765CAB3F}.BIN
C:\DOCUMENTS AND SETTINGS\JENNIFER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\GOOGLE DESKTOP\573C3184A321\DBDAM
C:\DOCUMENTS AND SETTINGS\JENNIFER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\GOOGLE DESKTOP\573C3184A321\HP

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure Libra: 2.4.2, 2008-01-15
F-Secure AVP: 7.0.171, 2008-01-15
F-Secure Orion: 1.2.37, 2008-01-16
F-Secure Blacklight: 1.0.64
F-Secure Pegasus: 1.19.0, 2008-00-14
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use Advanced heuristics

--------------------------------------------------------------------------------

Classicsoftware: Here's the Dr.Web log. I did as you said: it couldn't cure, so it quarantined them to the file you said. Now I will run another F-Secure Online Scanner, per your instructions. Could you also advise me how to properly remove the PPMate program (I don't know how to do a full removal). Thank you - your assistance is gracious at the least (tell me how to donate to your cause - it will be just a small pittance as I am on a tight budget - but you and your people have been fantastic, we are indebted to you for protecting our assets, and so I would like to send a Money Order on the 23rd).

InstallHelper.exe;C:\Program Files\Common Files\Motive;Probably DLOADER.Trojan;Incurable.Moved.;
SktInstall.exe;C:\Program Files\InstallShield Installation Information\{045FE8EA-F79B-4629-B680-D8E52EFCD189};Probably BACKDOOR.Trojan;Incurable.Moved.;
neotvsession.dll;C:\Program Files\PPMate;Probably DLOADER.Trojan;Incurable.Moved.;
ppmate.dll;C:\Program Files\PPMate;Adware.Dudu.origin;Incurable.Moved.;
A0074957.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP493;Probably BACKDOOR.Trojan;Incurable.Moved.;
A0078038.bat;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP504;Probably BATCH.Virus;Incurable.Moved.;

Scanning Report
Wednesday, January 16, 2008 19:03:29 - 22:10:12
Computer name: DG0SPPB1
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\


--------------------------------------------------------------------------------

Result: 3 malware found
W32/Lineage.ATYX (virus)
C:\PROGRAM FILES\TELUS\TELUS EPROTECT\RESOURCES\ZK_EN_US\ZKU_RSRC.DLL (Submitted)
W32/Malware.ABBJ (virus)
C:\PROGRAM FILES\PPMATE\PPMATE.EXE (Submitted)
W32/Malware.ABML (virus)
C:\PROGRAM FILES\PPMATE\PPAMNET.EXE (Submitted)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 45664
System: 0
Not scanned: 3
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
None: 3
Submitted: 3
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure Libra: 2.4.2, 2008-01-16
F-Secure AVP: 7.0.171, 2008-01-17
F-Secure Orion: 1.2.37, 2008-01-17
F-Secure Blacklight: 1.0.64
F-Secure Pegasus: 1.19.0, 2008-00-14
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use Advanced heuristics

--------------------------------------------------------------------------------

How is your system running? Can you play quicktime movies?

quicktime is BUNK. dreaded Q question mark, or "10061:C...ion Failed" errors. I have played with the settings front to back and tried opening ports too, no luck. It seems to be enable in my "manage add-ons"; could Active X controls be involved? It used to work, some time ago........

Browser still dreadfully tempermental. Very slow, up to 5 minutes per page to load. (when trying to load your website, weird addresses in bottom progress bar like "http://promote.pair.com/click.pl" and the mouse doesn't work at all during the 1-5 minute freeze. The entire web pages load right away, but cannot do anything during that time. Programs having hard time opening and closing after web page problems. The first one or 2 pages load, and then it is brutal.

I need to get PPMate off my system. It is a Virus Laden P2P TV player from China. Will deleting it from Control Panel suffice to wipe it from my system?

Right after that post, I had a complete crash - hand pointer freeze, then hourglass freeze, no access to Ctrl Alt Del, and then the entire screen went completely light blue. After waiting for 5 min., I had to hold down the On button to completely shut down????

Whenever you use P2P software, you open your system to attack. If you can get the data off, I would suggest a re-format and a reinstall of Windows. That's your best bet. If you want to continue with the fix, let me know...

I deleted PPMate. There are some improvements over prior to all the help you gave me. Thank you.

I would like to continue, but I'm running a Dell Dimension 1100 with no write drives. There are only photos, drawings and some personal letters that I would like to keep. Is there a way to compress them and store them on the email server.

Ideas? Please advise. Thanks, Jen.

You zip them and then e-mail them to yourself. Please check them on another PC before you go on.

If you want to remove all P2P programs and then post a fresh Comboxfix log, you can try that.

Hi. I'm going to do the ComboFix as you recommended. I'll post either tonight or in the am.

I keep getting this Not Responding window: UiPopUp Hidden ...End Now...
What is that?

I was wondering if there is anything on HiJackThis that we could remove?

What about CC Cleaner? Would that help, and if so, could you give me instructions (I had someone help me with that about a year ago after a Hijack This log).

I really appreciate your time on this. Thanks.

ComboFix 08-01-15.4 - Jennifer 2008-01-20 0:39:56.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.160 [GMT -8:00]
Running from: C:\Documents and Settings\Jennifer\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2007-12-20 to 2008-01-20 )))))))))))))))))))))))))))))))
.

2008-01-17 23:15 . 2008-01-17 23:15 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-17 23:15 . 2008-01-17 23:15 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-16 13:53 . 2008-01-16 13:53 <DIR> d-------- C:\Documents and Settings\Jennifer\DoctorWeb
2008-01-15 20:18 . 2008-01-15 20:18 <DIR> d-------- C:\fsaua.data
2008-01-15 13:05 . 2008-01-15 13:05 <DIR> d-------- C:\Documents and Settings\Jennifer\Application Data\Grisoft
2008-01-15 13:04 . 2008-01-15 13:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-15 13:04 . 2007-05-30 04:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-14 23:09 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-12 21:45 . 2008-01-12 21:45 <DIR> d-------- C:\ppmaterecord
2008-01-12 21:45 . 2008-01-13 18:59 <DIR> d-------- C:\Documents and Settings\Jennifer\Application Data\ppStream
2008-01-12 21:45 . 2008-01-13 19:35 553 --a------ C:\WINDOWS\psnetwork.ini
2008-01-12 21:45 . 2008-01-13 19:06 34 --a------ C:\WINDOWS\Powerplayer.ini
2008-01-12 21:43 . 2008-01-12 21:43 <DIR> d-------- C:\Program Files\Common Files\Synacast
2008-01-12 21:43 . 2008-01-12 21:43 <DIR> d-------- C:\Documents and Settings\Jennifer\Application Data\PPMate
2008-01-12 13:43 . 2008-01-13 17:26 <DIR> d-------- C:\Program Files\SopCast
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-01-08 20:44 . 2008-01-08 20:44 20 --a------ C:\WINDOWS\ÿÿ
2008-01-07 20:11 . 2008-01-20 00:15 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-01-07 14:57 . 2007-03-06 13:24 55,296 --a------ C:\WINDOWS\system32\drivers\rp_skt32.sys
2008-01-07 14:56 . 2008-01-07 14:56 <DIR> d-------- C:\Program Files\Common Files\Authentium
2008-01-07 14:56 . 2007-04-19 11:36 48,384 --a------ C:\WINDOWS\system32\drivers\rp_pkt32.sys
2008-01-07 14:55 . 2008-01-07 14:55 <DIR> d-------- C:\Program Files\Raxco
2008-01-07 14:55 . 2008-01-07 17:57 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-01-07 14:55 . 2008-01-07 14:55 <DIR> d-------- C:\Program Files\CA
2008-01-07 14:55 . 2008-01-07 14:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Raxco
2008-01-07 14:23 . 2008-01-07 14:23 <DIR> d-------- C:\Documents and Settings\Jennifer\Application Data\InstallShield
2008-01-04 13:59 . 2008-01-04 13:59 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-01-04 13:59 . 2008-01-04 13:59 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-01-04 13:58 . 2008-01-04 13:58 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 13:58 . 2008-01-04 13:58 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-01-04 13:58 . 2008-01-04 13:58 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-01-04 13:56 . 2008-01-04 13:56 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-01-04 13:56 . 2008-01-04 13:56 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-31 13:40 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-31 13:39 . 2007-12-31 13:40 <DIR> d-------- C:\Program Files\Java
2007-12-31 13:38 . 2007-12-31 13:38 <DIR> d-------- C:\Program Files\Common Files\Java
2007-12-21 22:18 . 2007-12-21 22:18 0 --ah-c--- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_C oinstaller_Critical.Wdf
2007-12-21 22:18 . 2007-12-21 22:18 0 --ah-c--- C:\WINDOWS\system32\drivers\Msft_Kernel_zumbus_010 05.Wdf
2007-12-21 22:12 . 2007-12-21 22:48 <DIR> d-------- C:\Program Files\Zune

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-01-20 08:02 5,018 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-01-18 05:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-18 02:34 --------- d-----w C:\Program Files\QuickTime
2008-01-16 23:57 --------- d-----w C:\Program Files\Common Files\Motive
2008-01-12 01:57 --------- d-----w C:\Program Files\DivX
2008-01-09 04:49 --------- d-----w C:\Program Files\Windows Live
2008-01-09 04:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-09 03:20 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-01-09 03:15 --------- d-----w C:\Program Files\MONyog
2008-01-09 02:58 --------- d-----w C:\Program Files\SQLyog Enterprise Trial
2008-01-09 02:58 --------- d-----w C:\Program Files\No-IP
2008-01-09 02:57 --------- d-----w C:\Program Files\Common Files\Real
2008-01-08 21:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Motive
2008-01-08 20:31 --------- d-----w C:\Program Files\TELUS eCare
2008-01-08 20:31 --------- d-----w C:\Program Files\TELUS
2008-01-08 20:31 --------- d-----w C:\Documents and Settings\Jennifer\Application Data\Motive
2008-01-07 22:58 --------- d-----w C:\Documents and Settings\Jennifer\Application Data\TELUS
2008-01-07 22:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\TELUS
2008-01-07 22:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-12-24 05:24 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-22 00:23 --------- d-----w C:\Documents and Settings\Jennifer\Application Data\Image Zone Express
2007-12-15 00:57 --------- d-----w C:\Program Files\ffdshow
2007-12-11 07:17 --------- d-----w C:\Program Files\Common Files\Apple
2007-12-11 04:42 --------- d-----w C:\Documents and Settings\Jennifer\Application Data\Apple Computer
2007-12-11 04:19 --------- d-----w C:\Program Files\Apple Software Update
2007-12-11 04:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-12-11 04:07 --------- d-----w C:\Program Files\Digital Locker Assistant
2007-12-07 06:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-07 04:55 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-12-07 04:54 --------- d-----w C:\Program Files\Windows Live Favorites
2007-12-07 04:50 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-06 06:02 --------- d-----w C:\Program Files\Common Files\HP
2007-12-04 00:34 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2007-11-29 20:52 60,273 ----a-w C:\WINDOWS\system32\pthreadGC2.dll
2007-11-28 01:16 --------- d-----w C:\Documents and Settings\Jennifer\Application Data\HP
2007-11-28 00:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2007-11-28 00:54 --------- d-----w C:\Program Files\HP
2007-11-28 00:50 --------- d-----w C:\Program Files\Hewlett-Packard
2007-11-28 00:48 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2007-11-27 06:47 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-11-27 05:38 --------- d-----w C:\Program Files\Windows Installer Clean Up
2007-11-27 05:35 --------- d-----w C:\Program Files\MSECACHE
2007-11-24 22:32 --------- d-----w C:\Documents and Settings\Jennifer\Application Data\Corel
2007-11-16 05:51 80,288 ----a-w C:\WINDOWS\system32\ZuneIpTransport.dll
2007-11-16 05:51 72,608 ----a-w C:\WINDOWS\system32\ZuneUsbTransport.dll
2007-11-16 05:51 59,296 ----a-w C:\WINDOWS\system32\ZuneBusEnum.exe
2007-11-16 05:51 45,472 ----a-w C:\WINDOWS\system32\ZuneUsbConnection.dll
2007-11-16 05:51 245,664 ----a-w C:\WINDOWS\system32\ZuneWlanCfgSvc.exe
2007-11-16 05:51 155,552 ----a-w C:\WINDOWS\system32\ZuneMTPZ.dll
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 16:53 360,832 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-28 01:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-22 11:39 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll
2007-10-22 11:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll
2007-04-07 02:25 80,498 -c--a-w C:\Program Files\MPQE_1.2.rar
2007-04-07 01:58 2,945,816 ----a-w C:\Program Files\dotnetfx3setup.exe
2007-04-07 00:55 1,328,470 ----a-w C:\Program Files\aditional debug bins.rar
2007-04-07 00:37 1,151,043 ----a-w C:\Program Files\MONyog016.exe
2007-04-07 00:33 18,722,304 -c--a-w C:\Program Files\mysql-essential-5.0.37-win32.msi
2007-04-07 00:31 41,259,836 ----a-w C:\Program Files\mysql-5.0.37-winx64.zip
2007-04-07 00:28 42,727,293 ----a-w C:\Program Files\mysql-noinstall-5.0.37-winx64.zip
2007-04-07 00:20 1,291,995 ----a-w C:\Program Files\aditional bins.rar
2007-04-07 00:16 20,449,280 -c--a-w C:\Program Files\mysql-essential-5.0.37-winx64.msi
2007-04-06 22:12 3,272,170 ----a-w C:\Program Files\WoW-1[1].12.0-to-1.12.1-enUS.exe
2007-04-06 22:04 1,430,016 -c--a-w C:\Program Files\Rev243.msi
2007-04-06 21:52 4,196,864 ----a-w C:\Program Files\MaNGOS_server.msi
2007-03-21 07:00 8,176,824 ----a-w C:\Program Files\BearShareV6.exe
2006-11-08 19:16 247 -c--a-w C:\Program Files\setuplog.txt
2006-09-19 17:33 518 ----a-w C:\Program Files\Shortcut to Internet Explorer.lnk
2006-09-14 22:56 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2006-09-19 17:32 88 --sh--r C:\WINDOWS\system32\A0A5558CFF.sys

((((((((((((((((((((((((((((( snapshot@2008-01-14_23.19.11.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-08-29 00:26:56 290,816 ----a-w C:\WINDOWS\Downloaded Program Files\auc_lib.dll
+ 2007-08-29 00:26:56 500,120 ----a-w C:\WINDOWS\Downloaded Program Files\daas_s.dll
+ 2007-08-29 00:28:14 286,720 ----a-w C:\WINDOWS\Downloaded Program Files\fscax.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\1T ortoiseSVN]
@={30351346-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\2T ortoiseSVN]
@={30351347-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\3T ortoiseSVN]
@={30351348-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\4T ortoiseSVN]
@={3035134B-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\5T ortoiseSVN]
@={3035134C-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\6T ortoiseSVN]
@={3035134D-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\7T ortoiseSVN]
@={3035134E-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 10:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 10:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 10:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 10:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 10:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 10:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 10:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 16:42 1404928]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 07:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 07:44 81920]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 16:05 1117184]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 08:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 08:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 08:36 114688]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-21 10:44 1836544]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 10:09 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-04 02:00 143360]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2007-11-15 21:51 166304]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"TEPA.exe"="C:\Program Files\TELUS\eProtect Advisor\TEPA.exe" [2007-05-14 09:10 2061816]
"TELUS eProtect"="C:\Program Files\TELUS\TELUS eProtect\Rps.exe" [2007-09-13 16:22 310000]
"-FreedomNeedsReboot"="C:\Program Files\TELUS\TELUS eProtect\ZkRunOnceR.exe" [2007-09-13 16:22 13552]
"TELUS_McciTrayApp"="C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe" [2007-10-07 22:16 1462272]
"TelusWCC_McciTrayApp"="C:\Program Files\TELUS\TELUS Wireless Connection Manager\McciTrayApp.exe" [2006-03-10 10:01 543232]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 01:25 6731312]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

R2 McciCMService;McciCMService;"C:\Program Files\Common Files\Motive\McciCMService.exe" [2007-12-13 09:11]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2007-11-15 21:38]
R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2007-11-15 21:51]
R3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2007-09-07 12:07]
S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2007-09-07 12:07]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 Radialpoint Security Services;TELUS eProtect;C:\WINDOWS\system32\dllhost.exe [2004-08-04 02:00]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2007-11-15 21:51]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.
Contents of the 'Scheduled Tasks' folder
"2008-01-20 01:17:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-20 07:57:12 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-01-08 21:10:00 C:\WINDOWS\Tasks\Disk Cleanup.job"
- C:\WINDOWS\system32\cleanmgr.exe
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-20 00:47:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-01-20 0:49:10
ComboFix-quarantined-files.txt 2008-01-20 08:48:37
ComboFix2.txt 2008-01-15 07:20:13
.
2008-01-09 11:08:12 --- E O F ---

Open Notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\psnetwork.ini
C:\WINDOWS\Powerplayer.ini
C:\WINDOWS\ÿÿ

Folder::
C:\ppmaterecord
C:\Documents and Settings\Jennifer\Application Data\ppStream
C:\Program Files\Common Files\Synacast
C:\Documents and Settings\Jennifer\Application Data\PPMate
C:\Program Files\SopCast


Save this as CFScript.txt


http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

Referring to the picture above, drag CFScript.txt into ComboFix.exe

Post the log in your next response... We'll see if this clears most of it out...

ComboFix 08-01-15.4 - Jennifer 2008-01-23 17:51:28.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.182 [GMT -8:00]
Running from: C:\Documents and Settings\Jennifer\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jennifer\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\WINDOWS\ÿÿ
C:\WINDOWS\Powerplayer.ini
C:\WINDOWS\psnetwork.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Jennifer\Application Data\ppStream
C:\Documents and Settings\Jennifer\Application Data\ppStream\settings.ini
C:\Documents and Settings\Jennifer\Application Data\ppStream\update.exe
C:\Documents and Settings\Jennifer\Application Data\ppStream\update.ini
C:\Program Files\Common Files\Synacast
C:\Program Files\Common Files\Synacast\SynaLive\Cache\Ad\AdConfig.Ini
C:\Program Files\Common Files\Synacast\SynaLive\Cache\Ad\AdList1.Xml
C:\Program Files\Common Files\Synacast\SynaLive\Cache\Ad\AdList6.Xml
C:\Program Files\Common Files\Synacast\SynaLive\common.dll
C:\Program Files\Common Files\Synacast\SynaLive\PP\eroc.dll
C:\Program Files\Common Files\Synacast\SynaLive\PP\GAL.dll
C:\Program Files\Common Files\Synacast\SynaLive\PP\KOM.dll
C:\Program Files\Common Files\Synacast\SynaLive\PP\mir.dll
C:\Program Files\Common Files\Synacast\SynaLive\PP\MUL.DLL
C:\Program Files\Common Files\Synacast\SynaLive\PP\ten.dll
C:\Program Files\Common Files\Synacast\SynaLive\SynacastEWA.ocx
C:\WINDOWS\ÿÿ
C:\WINDOWS\Powerplayer.ini
C:\WINDOWS\psnetwork.ini

.
((((((((((((((((((((((((( Files Created from 2007-12-24 to 2008-01-24 )))))))))))))))))))))))))))))))
.

2008-01-22 22:53 . 2008-01-22 22:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-01-22 22:08 . 2008-01-23 16:22 <DIR> d-------- C:\Documents and Settings\Jennifer\Application Data\Azureus
2008-01-22 22:06 . 2008-01-23 17:06 <DIR> d-------- C:\Program Files\Azureus
2008-01-20 17:53 . 2008-01-20 17:53 <DIR> d-------- C:\Documents and Settings\Jennifer\Application Data\vlc
2008-01-17 23:15 . 2008-01-17 23:15 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-17 23:15 . 2008-01-17 23:15 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-16 13:53 . 2008-01-16 13:53 <DIR> d-------- C:\Documents and Settings\Jennifer\DoctorWeb
2008-01-15 20:18 . 2008-01-15 20:18 <DIR> d-------- C:\fsaua.data
2008-01-15 13:05 . 2008-01-15 13:05 <DIR> d-------- C:\Documents and Settings\Jennifer\Application Data\Grisoft
2008-01-15 13:04 . 2008-01-15 13:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-15 13:04 . 2007-05-30 04:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-14 23:09 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-01-07 20:11 . 2008-01-20 00:15 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-01-07 14:57 . 2007-03-06 13:24 55,296 --a------ C:\WINDOWS\system32\drivers\rp_skt32.sys
2008-01-07 14:56 . 2008-01-07 14:56 <DIR> d-------- C:\Program Files\Common Files\Authentium
2008-01-07 14:56 . 2007-04-19 11:36 48,384 --a------ C:\WINDOWS\system32\drivers\rp_pkt32.sys
2008-01-07 14:55 . 2008-01-07 14:55 <DIR> d-------- C:\Program Files\Raxco
2008-01-07 14:55 . 2008-01-07 17:57 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-01-07 14:55 . 2008-01-07 14:55 <DIR> d-------- C:\Program Files\CA
2008-01-07 14:55 . 2008-01-07 14:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Raxco
2008-01-07 14:23 . 2008-01-07 14:23 <DIR> d-------- C:\Documents and Settings\Jennifer\Application Data\InstallShield
2008-01-04 13:59 . 2008-01-04 13:59 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-01-04 13:59 . 2008-01-04 13:59 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-01-04 13:58 . 2008-01-04 13:58 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 13:58 . 2008-01-04 13:58 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-01-04 13:58 . 2008-01-04 13:58 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-01-04 13:56 . 2008-01-04 13:56 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-01-04 13:56 . 2008-01-04 13:56 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-31 13:40 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-31 13:39 . 2007-12-31 13:40 <DIR> d-------- C:\Program Files\Java
2007-12-31 13:38 . 2007-12-31 13:38 <DIR> d-------- C:\Program Files\Common Files\Java

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-01-24 01:06 --------- d-----w C:\Program Files\BitTorrent
2008-01-23 05:43 --------- d-----w C:\Documents and Settings\Jennifer\Application Data\BitTorrent
2008-01-20 08:02 5,018 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-01-18 05:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-18 02:34 --------- d-----w C:\Program Files\QuickTime
2008-01-16 23:57 --------- d-----w C:\Program Files\Common Files\Motive
2008-01-12 01:57 --------- d-----w C:\Program Files\DivX
2008-01-09 04:49 --------- d-----w C:\Program Files\Windows Live
2008-01-09 04:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-09 03:20 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-01-09 03:15 --------- d-----w C:\Program Files\MONyog
2008-01-09 02:58 --------- d-----w C:\Program Files\SQLyog Enterprise Trial
2008-01-09 02:58 --------- d-----w C:\Program Files\No-IP
2008-01-09 02:57 --------- d-----w C:\Program Files\Common Files\Real
2008-01-08 21:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Motive
2008-01-08 20:31 --------- d-----w C:\Program Files\TELUS eCare
2008-01-08 20:31 --------- d-----w C:\Program Files\TELUS
2008-01-08 20:31 --------- d-----w C:\Documents and Settings\Jennifer\Application Data\Motive
2008-01-07 22:58 --------- d-----w C:\Documents and Settings\Jennifer\Application Data\TELUS
2008-01-07 22:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\TELUS
2008-01-07 22:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-12-24 05:24 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-22 06:48 --------- d-----w C:\Program Files\Zune
2007-12-22 06:18 0 -c-ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_C oinstaller_Critical.Wdf
2007-12-22 06:18 0 -c-ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_zumbus_010 05.Wdf

2007-12-22 00:23 --------- d-----w C:\Documents and Settings\Jennifer\Application Data\Image Zone Express
2007-12-15 00:57 --------- d-----w C:\Program Files\ffdshow
2007-12-11 07:17 --------- d-----w C:\Program Files\Common Files\Apple
2007-12-11 04:42 --------- d-----w C:\Documents and Settings\Jennifer\Application Data\Apple Computer
2007-12-11 04:19 --------- d-----w C:\Program Files\Apple Software Update
2007-12-11 04:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-12-11 04:07 --------- d-----w C:\Program Files\Digital Locker Assistant
2007-12-07 06:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-07 04:55 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-12-07 04:54 --------- d-----w C:\Program Files\Windows Live Favorites
2007-12-07 04:50 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-06 06:02 --------- d-----w C:\Program Files\Common Files\HP
2007-12-04 00:34 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2007-11-29 20:52 60,273 ----a-w C:\WINDOWS\system32\pthreadGC2.dll
2007-11-28 01:16 --------- d-----w C:\Documents and Settings\Jennifer\Application Data\HP
2007-11-28 00:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2007-11-28 00:54 --------- d-----w C:\Program Files\HP
2007-11-28 00:50 --------- d-----w C:\Program Files\Hewlett-Packard
2007-11-28 00:48 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2007-11-27 06:47 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-11-27 05:38 --------- d-----w C:\Program Files\Windows Installer Clean Up
2007-11-27 05:35 --------- d-----w C:\Program Files\MSECACHE
2007-11-24 22:32 --------- d-----w C:\Documents and Settings\Jennifer\Application Data\Corel
2007-11-16 05:51 80,288 ----a-w C:\WINDOWS\system32\ZuneIpTransport.dll
2007-11-16 05:51 72,608 ----a-w C:\WINDOWS\system32\ZuneUsbTransport.dll
2007-11-16 05:51 59,296 ----a-w C:\WINDOWS\system32\ZuneBusEnum.exe
2007-11-16 05:51 45,472 ----a-w C:\WINDOWS\system32\ZuneUsbConnection.dll
2007-11-16 05:51 245,664 ----a-w C:\WINDOWS\system32\ZuneWlanCfgSvc.exe
2007-11-16 05:51 155,552 ----a-w C:\WINDOWS\system32\ZuneMTPZ.dll
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 16:53 360,832 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-28 01:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-04-07 02:25 80,498 -c--a-w C:\Program Files\MPQE_1.2.rar
2007-04-07 01:58 2,945,816 ----a-w C:\Program Files\dotnetfx3setup.exe
2007-04-07 00:55 1,328,470 ----a-w C:\Program Files\aditional debug bins.rar
2007-04-07 00:37 1,151,043 ----a-w C:\Program Files\MONyog016.exe
2007-04-07 00:33 18,722,304 -c--a-w C:\Program Files\mysql-essential-5.0.37-win32.msi
2007-04-07 00:31 41,259,836 ----a-w C:\Program Files\mysql-5.0.37-winx64.zip
2007-04-07 00:28 42,727,293 ----a-w C:\Program Files\mysql-noinstall-5.0.37-winx64.zip
2007-04-07 00:20 1,291,995 ----a-w C:\Program Files\aditional bins.rar
2007-04-07 00:16 20,449,280 -c--a-w C:\Program Files\mysql-essential-5.0.37-winx64.msi
2007-04-06 22:12 3,272,170 ----a-w C:\Program Files\WoW-1[1].12.0-to-1.12.1-enUS.exe
2007-04-06 22:04 1,430,016 -c--a-w C:\Program Files\Rev243.msi
2007-04-06 21:52 4,196,864 ----a-w C:\Program Files\MaNGOS_server.msi
2007-03-21 07:00 8,176,824 ----a-w C:\Program Files\BearShareV6.exe
2006-11-08 19:16 247 -c--a-w C:\Program Files\setuplog.txt
2006-09-19 17:33 518 ----a-w C:\Program Files\Shortcut to Internet Explorer.lnk
2006-09-14 22:56 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2006-09-19 17:32 88 --sh--r C:\WINDOWS\system32\A0A5558CFF.sys
.

((((((((((((((((((((((((((((( snapshot@2008-01-14_23.19.11.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-08-29 00:26:56 290,816 ----a-w C:\WINDOWS\Downloaded Program Files\auc_lib.dll
+ 2007-08-29 00:26:56 500,120 ----a-w C:\WINDOWS\Downloaded Program Files\daas_s.dll
+ 2007-08-29 00:28:14 286,720 ----a-w C:\WINDOWS\Downloaded Program Files\fscax.dll
- 2008-01-15 07:10:54 262,144 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-24 01:50:31 262,144 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-15 07:10:54 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-24 01:50:31 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-15 07:10:57 6,811,648 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-24 01:50:33 6,844,416 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-15 07:10:57 249,856 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-24 01:50:33 249,856 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-15 07:10:57 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-24 01:50:34 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-15 07:10:57 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-24 01:50:34 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
.

*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\1T ortoiseSVN]
@={30351346-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\2T ortoiseSVN]
@={30351347-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\3T ortoiseSVN]
@={30351348-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\4T ortoiseSVN]
@={3035134B-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\5T ortoiseSVN]
@={3035134C-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\6T ortoiseSVN]
@={3035134D-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\7T ortoiseSVN]
@={3035134E-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 10:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 10:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 10:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 10:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 10:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 10:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 10:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:00 15360]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 16:42 1404928]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 07:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 07:44 81920]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 16:05 1117184]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 08:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 08:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 08:36 114688]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-21 10:44 1836544]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 10:09 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-04 02:00 143360]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2007-11-15 21:51 166304]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"TEPA.exe"="C:\Program Files\TELUS\eProtect Advisor\TEPA.exe" [2007-05-14 09:10 2061816]
"TELUS eProtect"="C:\Program Files\TELUS\TELUS eProtect\Rps.exe" [2007-09-13 16:22 310000]
"-FreedomNeedsReboot"="C:\Program Files\TELUS\TELUS eProtect\ZkRunOnceR.exe" [2007-09-13 16:22 13552]
"TELUS_McciTrayApp"="C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe" [2007-10-07 22:16 1462272]
"TelusWCC_McciTrayApp"="C:\Program Files\TELUS\TELUS Wireless Connection Manager\McciTrayApp.exe" [2006-03-10 10:01 543232]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 01:25 6731312]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

R2 McciCMService;McciCMService;"C:\Program Files\Common Files\Motive\McciCMService.exe" [2007-12-13 09:11]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2007-11-15 21:38]
R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2007-11-15 21:51]
R3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2007-09-07 12:07]
S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2007-09-07 12:07]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 Radialpoint Security Services;TELUS eProtect;C:\WINDOWS\system32\dllhost.exe [2004-08-04 02:00]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2007-11-15 21:51]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.
Contents of the 'Scheduled Tasks' folder
"2008-01-20 01:17:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-24 01:57:04 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-01-08 21:10:00 C:\WINDOWS\Tasks\Disk Cleanup.job"
- C:\WINDOWS\system32\cleanmgr.exe
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2008-01-23 17:59:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-01-23 18:00:47
ComboFix-quarantined-files.txt 2008-01-24 02:00:15
ComboFix2.txt 2008-01-20 08:49:11
ComboFix3.txt 2008-01-15 07:20:13
.
2008-01-09 11:08:12 --- E O F ---

First, you keep installing new torrent software on this PC. If you don't stop opening the door to this dreck it will never go away.

1) Remove all torrent and file sharing software.
2) Tell me how the system is running.
3) Post a fresh HJT log for me to look at..

They now know for real this time no downloads. I will transmit per your request, and when I do (in a very short while) my PC will be totally fresh.

Thanks again. TTFN