0

Hi,

Lately I've been having problems accessing certain sites in IE and Firefox. I do have better luck (with some sites) using NetScape (AOL). From looking through these forums, it sounds like spyware is the likely culprit, so I've attached a HiJackThis log.

Any help, much appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:51:38, on 23/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\PROGRA~1\COMMON~1\aol\ACS\AOLacsd.exe
E:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
E:\WINDOWS\system32\inetsrv\inetinfo.exe
E:\Program Files\Kontiki\KService.exe
E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\wanmpsvc.exe
E:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
E:\Program Files\Real\RealPlayer\RealPlay.exe
E:\Program Files\Common Files\AOL\1176761340\ee\AOLSoftware.exe
F:\iTunesHelper.exe
E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
E:\Program Files\Fisher-Price\DACS\MiniApp\DACSMiniApp.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\Kontiki\KHost.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\AOL 9.0\aoltray.exe
E:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
E:\Program Files\Picaboo\Picaboo\PicabooMain.exe
E:\WINDOWS\System32\alg.exe
e:\program files\common files\aol\1176761340\ee\aolsoftware.exe
E:\WINDOWS\system32\wbem\wmiapsrv.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\Program Files\AOL 9.0\waol.exe
E:\Program Files\AOL 9.0\shellmon.exe
E:\Program Files\Common Files\AOL\aoltpspd.exe
E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
E:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe
E:\Program Files\Mozilla Firefox\firefox.exe
F:\Backup\Files\Progs\SpywareRemoval\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [vptray] E:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [RealTray] E:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AOLDialer] E:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] E:\Program Files\Common Files\AOL\1176761340\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [iTunesHelper] "F:\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DACSMiniApp] E:\Program Files\Fisher-Price\DACS\MiniApp\DACSMiniApp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [4oD] "E:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [MSConfig] E:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Teoa] "E:\WINDOWS\SSTEM~1\logonui.exe" -vt yazb
O4 - HKCU\..\Run: [SUPERAntiSpyware] E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [kdx] E:\Program Files\Kontiki\KHost.exe -all
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Picaboo.lnk = E:\Program Files\Picaboo\Picaboo\PicabooMain.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = E:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176660019031
O17 - HKLM\System\CCS\Services\Tcpip\..\{442E6D78-A9EE-46FE-91AB-4A5C4A2647C5}: NameServer = 205.188.146.145
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - E:\PROGRA~1\COMMON~1\aol\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DefWatch - Symantec Corporation - E:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - E:\Program Files\Kontiki\KService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - E:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - E:\WINDOWS\wanmpsvc.exe

--
End of file - 6975 bytes

3
Contributors
18
Replies
19
Views
9 Years
Discussion Span
Last Post by gerbil
0

WELL MY SUGGESTION IS TO GET RID OF SUPERantispyware AND DOWNLOAD Spybot Search & Destroy. AND DO A SCAN WITH THAT.
ALSO DO U KNOW WHAT THIS IS ??

O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe

0

REMOVE THIS A.S.A.P!!!!! AND THEN RESTART YOUR COMPUTER AND LET ME KNOW WHAT HAPPENS

O4 - HKCU\..\Run: [Teoa] "E:\WINDOWS\SSTEM~1\logonui.exe" -vt yazb

0

Legit... stops ppl using cheats in Punkbuster online games.
O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe

0

I already had Spybot and ran this (as well as AdAware, AVG and SuperAntiSpyware) several times. It seems that eventually this has solved the problem and I can now access the sites I was previously having problems with.

I have since removed the following though as advised:

O4 - HKCU\..\Run: [Teoa] "E:\WINDOWS\SSTEM~1\logonui.exe" -vt yazb

Thanks for the help guys!

0

Delete the file..:
E:\WINDOWS\SSTEM~1\logonui.exe
-fixing the entry as advised above only removes the registry key which starts the process, you then delete the file if it is bad, as this one is.
Glad you are up and running again.

0

Delete the file..:
E:\WINDOWS\SSTEM~1\logonui.exe
-fixing the entry as advised above only removes the registry key which starts the process, you then delete the file if it is bad, as this one is.
Glad you are up and running again.

Are you sure that file is bad? My E: drive is in fact my startup drive. I've read that logonui.exe is used to show the logon screen when windows starts up.

0

well im gonna let gerbil do a follow up on that.... but if you have ccleaner run that and run the registry tool in the ccleaner also and let me know how that works out for you and if you dont have ccleaner there is a link in my signature to download it

0

Hi again... logonui.exe normally resides in system32. There should be no such directory E:\WINDOWS\SSTEM~1 [it is a corruption of some sort, malware?] - and that abbreviation is wrong for system32, it refers to some directory [or file!!] named sstem+whatever. So check in your system32 for logonui.exe; if it exists happily delete the E:\WINDOWS\SSTEM~1\logonui.exe

0

Hi again... logonui.exe normally resides in system32. There should be no such directory E:\WINDOWS\SSTEM~1 [it is a corruption of some sort, malware?] - and that abbreviation is wrong for system32, it refers to some directory [or file!!] named sstem+whatever. So check in your system32 for logonui.exe; if it exists happily delete the E:\WINDOWS\SSTEM~1\logonui.exe

Hi,

I do have a logonui.exe in my E:\Windows\System32 directory. I've found out the SSTEM~1 directory is actually a second directory in E:\Windows named 'system' (I seem to have 2 'system' directories somehow)? In the 2nd system directory is another folder named system (so far we're at E:\Windows\system\system) and in there is 1 file named 'ctxad-555.0000'. Would I be correct in thinking I should be deleting this 2nd E:\windows\system directory?

I also have a file named 'LOGONUI.EXE-0AF22957.pf' in the E:\Windows\Prefetch directory?

Thanks.

0

There is something very "fake" about that second "system" directory.... Windows would not allow it as a name if another exists, the 8.3 abbreviation SSTEM~1 is wrong, and could not exist either because system has 8 characters or less. Perhaps somehow some characters are hidden. Anyway, it is time to clear out outerinfo.
==Download this file to your desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs reboot to restore the desktop.
..and post a fresh Hijackthis log also, please.
[the prefetch entry for logonui.exe is fine]

0

ComboFix log:

ComboFix 08-01-29.2 - Steve 2008-01-29 1:02:01.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.532 [GMT 0:00]
Running from: E:\Documents and Settings\Steve\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

E:\Documents and Settings\Steve\Application Data\inst.exe
E:\Documents and Settings\Steve\My Documents\SCURIT~1
E:\WINDOWS\sstem~1
E:\WINDOWS\sstem~1\s?stem\
E:\WINDOWS\system32\Cache

.
((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-29 )))))))))))))))))))))))))))))))
.

2008-01-28 23:15 . 2008-01-28 23:15 <DIR> d-------- E:\WINDOWS\nview
2008-01-28 23:15 . 2007-09-17 02:10 356,352 --a------ E:\WINDOWS\system32\NVUNINST.EXE
2008-01-28 23:15 . 2007-09-17 01:07 356,352 --a------ E:\WINDOWS\system32\nvudisp.exe
2008-01-28 23:15 . 2007-09-27 15:57 135,089 --a------ E:\WINDOWS\system32\nvapps.xml
2008-01-28 23:15 . 2007-09-17 01:07 17,525 --a------ E:\WINDOWS\system32\nvdisp.nvu
2008-01-28 22:28 . 2008-01-28 22:28 <DIR> d-------- E:\Documents and Settings\Steve\Application Data\Microsoft Games
2008-01-22 23:18 . 2008-01-22 23:18 <DIR> d-------- E:\Documents and Settings\Steve\Application Data\Grisoft
2008-01-22 23:18 . 2008-01-22 23:18 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-22 23:18 . 2007-05-30 12:10 10,872 --a------ E:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-20 22:10 . 2008-01-20 22:16 <DIR> d-------- E:\Documents and Settings\Steve\Application Data\Uniblue
2008-01-20 22:09 . 2008-01-20 22:09 <DIR> d-------- E:\Program Files\Uniblue
2008-01-19 21:28 . 2008-01-19 21:28 <DIR> d-------- E:\Program Files\Kontiki
2008-01-19 21:28 . 2008-01-19 21:28 <DIR> d-------- E:\Program Files\Channel4
2008-01-19 21:28 . 2008-01-29 01:05 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\Kontiki
2008-01-19 21:28 . 2008-01-19 21:28 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\Channel4
2008-01-19 00:15 . 2008-01-19 00:15 136 --a------ E:\WINDOWS\wininit.ini
2008-01-04 23:10 . 2008-01-04 23:10 <DIR> d-------- E:\Documents and Settings\Steve\Application Data\vlc
2008-01-04 21:36 . 2008-01-18 22:59 <DIR> d-------- E:\Documents and Settings\Steve\Application Data\dvdcss
2008-01-04 21:35 . 2008-01-04 21:35 <DIR> d-------- E:\Program Files\VideoLAN
2007-12-31 10:50 . 2007-12-31 10:50 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\NVIDIA
2007-12-31 10:42 . 2007-10-12 15:14 3,734,536 --a------ E:\WINDOWS\system32\d3dx9_36.dll
2007-12-31 10:42 . 2007-10-12 15:14 1,374,232 --a------ E:\WINDOWS\system32\D3DCompiler_36.dll
2007-12-31 10:42 . 2007-10-02 09:56 444,776 --a------ E:\WINDOWS\system32\d3dx10_36.dll
2007-12-31 10:42 . 2007-10-22 03:39 267,272 --a------ E:\WINDOWS\system32\xactengine2_10.dll
2007-12-31 10:42 . 2007-07-20 00:57 267,112 --a------ E:\WINDOWS\system32\xactengine2_9.dll
2007-12-31 10:41 . 2007-12-31 10:42 <DIR> d--h----- E:\WINDOWS\msdownld.tmp
2007-12-30 23:38 . 2007-12-30 23:38 <DIR> d-------- E:\Documents and Settings\Steve\Application Data\InstallShield Installation Information
2007-12-30 23:22 . 2007-12-30 23:22 <DIR> d-------- E:\WINDOWS\system32\AGEIA
2007-12-30 23:22 . 2007-12-30 23:22 <DIR> d-------- E:\Program Files\AGEIA Technologies
2007-12-30 22:11 . 2007-12-30 22:11 300 --a------ E:\WINDOWS\game.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-28 22:27 --------- d--h--w E:\Program Files\InstallShield Installation Information
2008-01-23 19:48 --------- d-----w E:\Program Files\SUPERAntiSpyware
2008-01-22 22:26 --------- d-----w E:\Program Files\Google
2008-01-20 19:19 --------- d-----w E:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-20 19:18 9,344 ----a-w E:\WINDOWS\system32\drivers\NSDriver.sys
2008-01-20 19:18 8,320 ----a-w E:\WINDOWS\system32\drivers\AWRTRD.sys
2008-01-20 19:18 12,632 ----a-w E:\WINDOWS\system32\lsdelete.exe
2008-01-15 23:19 --------- d-----w E:\Program Files\Common Files\aol
2007-12-30 23:21 --------- d-----w E:\Program Files\Common Files\Wise Installation Wizard
2007-12-26 12:44 --------- d-----w E:\Documents and Settings\Steve\Application Data\Fisher-Price
2007-12-26 12:41 --------- d-----w E:\Program Files\Fisher-Price
2007-12-26 12:37 --------- d-----w E:\Documents and Settings\All Users\Application Data\Fisher-Price
2007-12-25 17:13 107,888 ----a-w E:\WINDOWS\system32\CmdLineExt.dll
2007-12-25 17:13 --------- d--h--r E:\Documents and Settings\Steve\Application Data\SecuROM
2007-12-25 17:10 --------- d-----w E:\Program Files\GameSpy
2007-12-25 15:59 669,184 ----a-w E:\WINDOWS\system32\pbsvc.exe
2007-12-25 15:59 66,872 ----a-w E:\WINDOWS\system32\PnkBstrA.exe
2007-12-25 15:59 22,328 ----a-w E:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-25 15:59 22,328 ----a-w E:\Documents and Settings\Steve\Application Data\PnkBstrK.sys
2007-12-25 15:59 103,736 ----a-w E:\WINDOWS\system32\PnkBstrB.exe
2007-12-07 15:30 103,776 ----a-w E:\WINDOWS\system32\AOLDial.dll
2007-12-05 01:41 1,089,536 ----a-w E:\WINDOWS\system32\nvcuda.dll
2007-11-30 21:51 --------- d-----w E:\Documents and Settings\Steve\Application Data\MSNInstaller
2007-11-07 09:26 721,920 ----a-w E:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,287,680 ----a-w E:\WINDOWS\system32\quartz.dll
2007-05-19 21:07 47,360 ----a-w E:\Documents and Settings\Steve\Application Data\pcouffin.sys
2007-07-01 14:17 6,369 --sh--w E:\WINDOWS\system32\rqtwa.bak1
2007-07-07 18:23 1,857,405 --sh--w E:\WINDOWS\system32\rqtwa.bak2
2007-07-07 23:49 1,856,211 --sh--w E:\WINDOWS\system32\rqtwa.ini2
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="E:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:07 15360]
"kdx"="E:\Program Files\Kontiki\KHost.exe" [2007-04-23 11:23 1032640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="E:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [2002-07-30 10:35 77824]
"RealTray"="E:\Program Files\Real\RealPlayer\RealPlay.exe" [2007-04-15 19:20 26112]
"NeroFilterCheck"="E:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"AOLDialer"="E:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2007-12-07 15:30 71008]
"QuickTime Task"="E:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41 282624]
"HostManager"="E:\Program Files\Common Files\AOL\1176761340\ee\AOLSoftware.exe" [2006-11-17 13:21 50736]
"iTunesHelper"="F:\iTunesHelper.exe" [2007-05-26 11:45 257088]
"SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"Adobe Reader Speed Launcher"="E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"DACSMiniApp"="E:\Program Files\Fisher-Price\DACS\MiniApp\DACSMiniApp.exe" [2007-07-24 12:20 197888]
"4oD"="E:\Program Files\Kontiki\KHost.exe" [2007-04-23 11:23 1032640]
"NvCplDaemon"="E:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07 8491008]
"nwiz"="nwiz.exe" [2007-09-17 01:07 1626112 E:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="E:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 01:07 81920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="E:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:07 15360]

E:\Documents and Settings\Steve\Start Menu\Programs\Startup\
Adobe Gamma.lnk - E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50 113664]
Picaboo.lnk - E:\Program Files\Picaboo\Picaboo\PicabooMain.exe [2007-06-22 14:49:16 577536]

E:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AOL 9.0 Tray Icon.lnk - E:\Program Files\AOL 9.0\aoltray.exe [2007-04-16 21:53:12 156784]
Smart Wizard Wireless Settings.lnk - E:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe [2007-04-15 17:59:03 1044577]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= E:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

S3 MsDtsServer;SQL Server Integration Services;"E:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe" [2005-10-14 02:45]

*Newly Created Service* - PCANDIS5
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2008-01-28 06:53:00 E:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- E:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-20 22:10:05 E:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- E:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-01-20 22:10:03 E:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- E:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-29 01:05:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msftesql]
"ImagePath"="\"E:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: E:\WINDOWS\system32\winlogon.exe
-> E:\WINDOWS\system32\NavLogon.dll
.
Completion time: 2008-01-29 1:05:57
ComboFix-quarantined-files.txt 2008-01-29 01:05:49
.
2008-01-24 00:07:41 --- E O F ---


New HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:10:18, on 29/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
E:\WINDOWS\system32\spoolsv.exe
E:\PROGRA~1\COMMON~1\aol\ACS\AOLacsd.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
E:\WINDOWS\system32\inetsrv\inetinfo.exe
E:\Program Files\Kontiki\KService.exe
E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\wanmpsvc.exe
E:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
E:\Program Files\Real\RealPlayer\RealPlay.exe
E:\Program Files\Common Files\AOL\1176761340\ee\AOLSoftware.exe
F:\iTunesHelper.exe
E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
E:\Program Files\Fisher-Price\DACS\MiniApp\DACSMiniApp.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\AOL 9.0\aoltray.exe
E:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
E:\Program Files\iPod\bin\iPodService.exe
e:\program files\common files\aol\1176761340\ee\aolsoftware.exe
E:\WINDOWS\system32\wbem\wmiapsrv.exe
e:\program files\common files\aol\1176761340\ee\anotify.exe
E:\WINDOWS\explorer.exe
E:\WINDOWS\system32\notepad.exe
E:\Program Files\Mozilla Firefox\firefox.exe
F:\Backup\Files\Progs\SpywareRemoval\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [vptray] E:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [RealTray] E:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AOLDialer] E:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] E:\Program Files\Common Files\AOL\1176761340\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [iTunesHelper] "F:\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DACSMiniApp] E:\Program Files\Fisher-Price\DACS\MiniApp\DACSMiniApp.exe
O4 - HKLM\..\Run: [4oD] "E:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kdx] E:\Program Files\Kontiki\KHost.exe -all
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Picaboo.lnk = E:\Program Files\Picaboo\Picaboo\PicabooMain.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = E:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176660019031
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - E:\PROGRA~1\COMMON~1\aol\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DefWatch - Symantec Corporation - E:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - E:\Program Files\Kontiki\KService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - E:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - E:\WINDOWS\wanmpsvc.exe

--
End of file - 6049 bytes

0

go to start/run and type in msconfig and make sure that ALL of your services are enabled and all of your startup services are enabled and then run a scan for spyware and viruses. I would also like to suggest that you switch to a different virus program beacause norton is a major resource hog.... i would switch to Kaspersky or Nod32. and i also use CCleaner which you can download from the link under my post, it has a registry cleaner and it cleans all the temporary files and such. and then you should post a new HiJackThis log

0

the reason i am telling you to enable ALL startup and services is because i had a problem in the past where the spyware was like hiding there and thats why i was still detecting spyware on my computer and that was what i had to do to get rid of it. after that we will take things off of startup that are not necessary so you will have a faster start time

0

==Please copy the text between the lines to a notepad [format/wordwrap unchecked] and save as CFScript.txt to where you saved Combofix -that is, to a folder or your desktop.
__________________________________________________________
File::
E:\WINDOWS\system32\rqtwa.bak1
E:\WINDOWS\system32\rqtwa.bak2
E:\WINDOWS\system32\rqtwa.ini2

_________________________________________________________

Good. Now drag CFScript.txt onto Combofix [drag the icon if on your desktop, or the filename if in a folder]. Combofix will start, let it run, if your firewall prompts then allow all; post the log.

0

OK done that gerbil. Here's the ComboFix log:

ComboFix 08-01-29.2 - Steve 2008-01-29 21:19:03.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.468 [GMT 0:00]
Running from: E:\Documents and Settings\Steve\Desktop\ComboFix.exe
Command switches used :: E:\Documents and Settings\Steve\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
E:\WINDOWS\system32\rqtwa.bak1
E:\WINDOWS\system32\rqtwa.bak2
E:\WINDOWS\system32\rqtwa.ini2
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

E:\WINDOWS\system32\rqtwa.bak1
E:\WINDOWS\system32\rqtwa.bak2
E:\WINDOWS\system32\rqtwa.ini2

.
((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-29 )))))))))))))))))))))))))))))))
.

2008-01-28 23:15 . 2008-01-28 23:15 <DIR> d-------- E:\WINDOWS\nview
2008-01-28 23:15 . 2007-09-17 02:10 356,352 --a------ E:\WINDOWS\system32\NVUNINST.EXE
2008-01-28 23:15 . 2007-09-17 01:07 356,352 --a------ E:\WINDOWS\system32\nvudisp.exe
2008-01-28 23:15 . 2008-01-29 09:15 138,893 --a------ E:\WINDOWS\system32\nvapps.xml
2008-01-28 23:15 . 2007-09-17 01:07 17,525 --a------ E:\WINDOWS\system32\nvdisp.nvu
2008-01-28 22:28 . 2008-01-28 22:28 <DIR> d-------- E:\Documents and Settings\Steve\Application Data\Microsoft Games
2008-01-22 23:18 . 2008-01-22 23:18 <DIR> d-------- E:\Documents and Settings\Steve\Application Data\Grisoft
2008-01-22 23:18 . 2008-01-22 23:18 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-22 23:18 . 2007-05-30 12:10 10,872 --a------ E:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-20 22:10 . 2008-01-20 22:16 <DIR> d-------- E:\Documents and Settings\Steve\Application Data\Uniblue
2008-01-20 22:09 . 2008-01-20 22:09 <DIR> d-------- E:\Program Files\Uniblue
2008-01-19 21:28 . 2008-01-19 21:28 <DIR> d-------- E:\Program Files\Kontiki
2008-01-19 21:28 . 2008-01-19 21:28 <DIR> d-------- E:\Program Files\Channel4
2008-01-19 21:28 . 2008-01-29 21:21 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\Kontiki
2008-01-19 21:28 . 2008-01-19 21:28 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\Channel4
2008-01-19 00:15 . 2008-01-19 00:15 136 --a------ E:\WINDOWS\wininit.ini
2008-01-04 23:10 . 2008-01-04 23:10 <DIR> d-------- E:\Documents and Settings\Steve\Application Data\vlc
2008-01-04 21:36 . 2008-01-18 22:59 <DIR> d-------- E:\Documents and Settings\Steve\Application Data\dvdcss
2008-01-04 21:35 . 2008-01-04 21:35 <DIR> d-------- E:\Program Files\VideoLAN
2007-12-31 10:50 . 2007-12-31 10:50 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\NVIDIA
2007-12-31 10:42 . 2007-10-12 15:14 3,734,536 --a------ E:\WINDOWS\system32\d3dx9_36.dll
2007-12-31 10:42 . 2007-10-12 15:14 1,374,232 --a------ E:\WINDOWS\system32\D3DCompiler_36.dll
2007-12-31 10:42 . 2007-10-02 09:56 444,776 --a------ E:\WINDOWS\system32\d3dx10_36.dll
2007-12-31 10:42 . 2007-10-22 03:39 267,272 --a------ E:\WINDOWS\system32\xactengine2_10.dll
2007-12-31 10:42 . 2007-07-20 00:57 267,112 --a------ E:\WINDOWS\system32\xactengine2_9.dll
2007-12-31 10:41 . 2007-12-31 10:42 <DIR> d--h----- E:\WINDOWS\msdownld.tmp
2007-12-30 23:38 . 2007-12-30 23:38 <DIR> d-------- E:\Documents and Settings\Steve\Application Data\InstallShield Installation Information
2007-12-30 23:22 . 2007-12-30 23:22 <DIR> d-------- E:\WINDOWS\system32\AGEIA
2007-12-30 23:22 . 2007-12-30 23:22 <DIR> d-------- E:\Program Files\AGEIA Technologies
2007-12-30 22:11 . 2007-12-30 22:11 300 --a------ E:\WINDOWS\game.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-28 22:27 --------- d--h--w E:\Program Files\InstallShield Installation Information
2008-01-23 19:48 --------- d-----w E:\Program Files\SUPERAntiSpyware
2008-01-22 22:26 --------- d-----w E:\Program Files\Google
2008-01-20 19:19 --------- d-----w E:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-20 19:18 9,344 ----a-w E:\WINDOWS\system32\drivers\NSDriver.sys
2008-01-20 19:18 8,320 ----a-w E:\WINDOWS\system32\drivers\AWRTRD.sys
2008-01-20 19:18 12,632 ----a-w E:\WINDOWS\system32\lsdelete.exe
2008-01-15 23:19 --------- d-----w E:\Program Files\Common Files\aol
2007-12-30 23:21 --------- d-----w E:\Program Files\Common Files\Wise Installation Wizard
2007-12-26 12:44 --------- d-----w E:\Documents and Settings\Steve\Application Data\Fisher-Price
2007-12-26 12:41 --------- d-----w E:\Program Files\Fisher-Price
2007-12-26 12:37 --------- d-----w E:\Documents and Settings\All Users\Application Data\Fisher-Price
2007-12-25 17:13 107,888 ----a-w E:\WINDOWS\system32\CmdLineExt.dll
2007-12-25 17:13 --------- d--h--r E:\Documents and Settings\Steve\Application Data\SecuROM
2007-12-25 17:10 --------- d-----w E:\Program Files\GameSpy
2007-12-25 15:59 669,184 ----a-w E:\WINDOWS\system32\pbsvc.exe
2007-12-25 15:59 66,872 ----a-w E:\WINDOWS\system32\PnkBstrA.exe
2007-12-25 15:59 22,328 ----a-w E:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-25 15:59 22,328 ----a-w E:\Documents and Settings\Steve\Application Data\PnkBstrK.sys
2007-12-25 15:59 103,736 ----a-w E:\WINDOWS\system32\PnkBstrB.exe
2007-12-07 15:30 103,776 ----a-w E:\WINDOWS\system32\AOLDial.dll
2007-12-05 01:41 1,089,536 ----a-w E:\WINDOWS\system32\nvcuda.dll
2007-11-30 21:51 --------- d-----w E:\Documents and Settings\Steve\Application Data\MSNInstaller
2007-11-07 09:26 721,920 ----a-w E:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,287,680 ----a-w E:\WINDOWS\system32\quartz.dll
2007-05-19 21:07 47,360 ----a-w E:\Documents and Settings\Steve\Application Data\pcouffin.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="E:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:07 15360]
"kdx"="E:\Program Files\Kontiki\KHost.exe" [2007-04-23 11:23 1032640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="E:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [2002-07-30 10:35 77824]
"RealTray"="E:\Program Files\Real\RealPlayer\RealPlay.exe" [2007-04-15 19:20 26112]
"NeroFilterCheck"="E:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"AOLDialer"="E:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2007-12-07 15:30 71008]
"QuickTime Task"="E:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41 282624]
"HostManager"="E:\Program Files\Common Files\AOL\1176761340\ee\AOLSoftware.exe" [2006-11-17 13:21 50736]
"iTunesHelper"="F:\iTunesHelper.exe" [2007-05-26 11:45 257088]
"SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"Adobe Reader Speed Launcher"="E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"DACSMiniApp"="E:\Program Files\Fisher-Price\DACS\MiniApp\DACSMiniApp.exe" [2007-07-24 12:20 197888]
"4oD"="E:\Program Files\Kontiki\KHost.exe" [2007-04-23 11:23 1032640]
"NvCplDaemon"="E:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07 8491008]
"nwiz"="nwiz.exe" [2007-09-17 01:07 1626112 E:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="E:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 01:07 81920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="E:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:07 15360]

E:\Documents and Settings\Steve\Start Menu\Programs\Startup\
Adobe Gamma.lnk - E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50 113664]
Picaboo.lnk - E:\Program Files\Picaboo\Picaboo\PicabooMain.exe [2007-06-22 14:49:16 577536]

E:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AOL 9.0 Tray Icon.lnk - E:\Program Files\AOL 9.0\aoltray.exe [2007-04-16 21:53:12 156784]
Smart Wizard Wireless Settings.lnk - E:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe [2007-04-15 17:59:03 1044577]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= E:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);E:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 01:07]
S3 MsDtsServer;SQL Server Integration Services;"E:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe" [2005-10-14 02:45]
S3 ReportServer;SQL Server Reporting Services (MSSQLSERVER);"E:\Program Files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe" [2005-10-14 02:44]
S3 SQLWriter;SQL Server VSS Writer;"E:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2005-10-14 02:53]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"E:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" [2005-09-23 06:01]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-28 06:53:00 E:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- E:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-20 22:10:05 E:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- E:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-01-20 22:10:03 E:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- E:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-29 21:21:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msftesql]
"ImagePath"="\"E:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: E:\WINDOWS\system32\winlogon.exe
-> E:\WINDOWS\system32\NavLogon.dll
.
Completion time: 2008-01-29 21:22:15
ComboFix-quarantined-files.txt 2008-01-29 21:22:13
ComboFix2.txt 2008-01-29 01:05:58
.
2008-01-24 00:07:41 --- E O F ---

0

That looks fine to me. Getting back to the original problem, steve, how is your internet access now with all your browsers?

0

All appears to be working as it should. Hopefully it will stay like that awhile.

Thanks for all your help gerbil. Much appreciated.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.