Antivirus trigger is now the threat or what?

BullGuard Antivirus Forum > Virus Removal > Removal Help > Antivirus trigger is now the threat or what?

Forum Quick Jump

[ << Previous Thread | Next Thread >> ]

thegascomp
New Member

Date Joined Sep 2007
Total Posts : 16

Posted 11-21-2008 11:22 (GMT +1)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:07, on 2008-11-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CbEvtSvc.exe
c:\program files\dvrmstoolbox\dvrmsfilewatcherservice.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WebMediaViewer\hpmon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\WebMediaViewer\qttaskm.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe
C:\WINDOWS\System32\rs32net.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\VirTrigger\VirTrigger.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\CF7830.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WebMediaViewer\qttask.exe
C:\WINDOWS\VFIND.exe
C:\WINDOWS\VFIND.exe
C:\WINDOWS\system32\wuauclt.exe
C:\ComboFix\Attrib.cfexe
C:\Documents and Settings\ThaGas\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://windiwsfsearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://windiwsfsearch.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://windiwsfsearch.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://windiwsfsearch.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://windiwsfsearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://windiwsfsearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://windiwsfsearch.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://windiwsfsearch.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://windiwsfsearch.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://windiwsfsearch.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: VirTriggerWarningBHO Class - {0088C75C-6361-4dfb-B2CF-576CACFA3C55} - C:\Program Files\VirTrigger\VirTriggerWarning.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C} - C:\Program Files\WebMediaViewer\hpmun.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Call HoverToCall class - {7E853D72-626A-48EC-A868-BA8D5E23E045} - C:\Program Files\Windows Live\Messenger\HTC.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9c1da696-398f-4265-9404-0e375bf117ee} - C:\WINDOWS\system32\jkkHBRhG.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe"
O4 - HKLM\..\Run: [SmartPatrol] C:\PROGRA~1\AddWeb8\SmartPatrol.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [VirTrigger] "C:\Program Files\VirTrigger\VirTrigger.exe"
O4 - HKLM\..\Policies\Explorer\Run: [QuickTime Task] C:\Program Files\WebMediaViewer\qttask.exe
O4 - HKLM\..\Policies\Explorer\Run: [VMware hptray] C:\Program Files\WebMediaViewer\hpmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Device Detector 2.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: (no name) - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.ietoolexpress.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IExplorer Security - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.ietoolexpress.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://linktrader.cyberspacehq.com
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1195079143781
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.gamehouse.com/games/mjolauncher.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVC Download Control) - http://www.gamehouse.com/games/dvcode/DVCControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab57176.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.gamehouse.com/games/chuzzle/popcaploader.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: jkkhbrhg - jkkHBRhG.dll (file missing)
O20 - Winlogon Notify: mvqiwpxe - mvqiwpxe.dll (file missing)
O22 - SharedTaskScheduler: crimsonness - {e0feeb92-908e-46d2-8a66-88c5295f2629} - C:\WINDOWS\system32\tiltmeo.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CbEvtSvc - Unknown owner - C:\WINDOWS\System32\CbEvtSvc.exe
O23 - Service: DVRMSFileWatcherService - - c:\program files\dvrmstoolbox\dvrmsfilewatcherservice.exe
O23 - Service: FCI (fci) - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ICF (icf) - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 15888 bytes

thegascomp
New Member

Date Joined Sep 2007
Total Posts : 16

Posted 11-22-2008 12:24 (GMT +1)

ComboFix 08-11-21.03 - ThaGas 2008-11-21 18:01:10.11 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1570 [GMT -5:00]
Running from: c:\documents and settings\ThaGas\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-10-21 to 2008-11-21 )))))))))))))))))))))))))))))))
.

2012-02-01 17:45 . 2004-08-04 00:56 380,957 --a------ c:\windows\system32\expsrv.dll
2012-02-01 17:45 . 2004-08-04 00:56 30,749 --a------ c:\windows\system32\vbajet32.dll
2012-02-01 14:37 . 2012-02-01 14:37 232,248 --a------ c:\windows\system32\MSDATLST.OCX
2012-02-01 14:00 . 2012-02-01 14:00 430,080 --a------ c:\windows\system32\MSREPL35.DLL
2012-02-01 14:00 . 2012-02-01 14:00 89,360 --a------ c:\windows\system32\VB5DB.dll
2008-11-21 16:40 . 2008-11-21 17:54 <DIR> d-------- c:\program files\VirTrigger
2008-11-21 16:39 . 2008-11-21 17:15 <DIR> d-------- c:\program files\WebMediaViewer
2008-11-21 09:03 . 2008-11-21 09:03 <DIR> d-------- c:\program files\Olympus
2008-11-21 09:03 . 2003-12-15 19:44 73,728 --a------ c:\windows\system32\VNUSB.dll
2008-11-21 09:03 . 2003-06-13 17:49 73,728 --a------ c:\windows\system32\DW90USB.DLL
2008-11-21 09:03 . 2001-04-09 19:17 39,096 --a------ c:\windows\system32\drivers\DW90USB.SYS
2008-11-21 09:03 . 2003-12-15 18:22 38,448 --a------ c:\windows\system32\drivers\VNUSB.sys
2008-11-20 07:13 . 2008-11-20 07:13 <DIR> d-------- c:\program files\Common Files\Software Update Utility
2008-11-20 07:13 . 2008-11-20 07:13 <DIR> d-------- c:\program files\AIM Toolbar
2008-11-20 07:13 . 2008-11-20 07:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\AIM Toolbar
2008-11-20 07:13 . 2008-11-20 07:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\acccore
2008-11-11 22:20 . 2008-11-11 22:20 <DIR> d-------- c:\program files\RichFX
2008-11-11 22:20 . 2008-11-11 22:20 <DIR> d-------- c:\program files\Common Files\xing shared
2008-11-11 22:04 . 2008-11-11 22:04 <DIR> d-------- c:\documents and settings\All Users\SonicStage
2008-11-11 21:29 . 2008-11-11 21:29 <DIR> d-------- c:\documents and settings\ThaGas\Application Data\InstallShield
2008-11-11 20:36 . 2007-01-13 08:24 770,048 --a------ c:\windows\system32\CDDBUISony.dll
2008-11-11 20:36 . 2007-01-13 08:22 655,360 --a------ c:\windows\system32\CDDBControlSony.dll
2008-11-11 20:36 . 2007-01-13 08:22 589,824 --a------ c:\windows\system32\CddbMusicIDSony.dll
2008-11-11 20:36 . 2007-01-13 08:25 532,480 --a------ c:\windows\system32\CddbPlaylist2Sony.dll
2008-11-11 20:36 . 2001-09-13 02:15 90,112 --------- c:\windows\snymsico.dll
2008-11-11 20:36 . 2007-01-13 08:24 73,728 --a------ c:\windows\system32\CddbLinkSony.dll
2008-11-11 20:36 . 2002-08-08 15:51 38,951 --------- c:\windows\system32\drivers\NETMDUSB.sys
2008-11-11 20:36 . 2005-10-31 10:46 36,679 --------- c:\windows\system32\drivers\NETMD052.sys
2008-11-11 20:36 . 2003-11-10 12:31 36,232 --------- c:\windows\system32\drivers\NETMD033.sys
2008-11-11 20:36 . 2003-04-01 18:55 35,319 --------- c:\windows\system32\drivers\NETMD031.sys
2008-11-11 20:35 . 2008-11-11 20:35 <DIR> d-------- c:\program files\Common Files\Sony Shared
2008-11-11 20:35 . 2008-11-11 22:04 <DIR> d-------- c:\documents and settings\ThaGas\Application Data\Sony Corporation
2008-11-11 20:35 . 2008-11-11 20:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sony Corporation
2008-11-02 16:29 . 2008-11-02 16:29 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2008-11-02 16:29 . 2008-11-02 16:29 <DIR> d-------- c:\program files\Adobe Media Player
2008-11-02 15:35 . 2008-11-02 15:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\PopCap
2008-10-31 11:47 . 2008-10-31 11:47 161,540 --a------ C:\lowdn.exe
2008-10-31 11:47 . 2008-10-31 11:47 108,336 --a------ c:\windows\system32\mswinsck.ocx
2008-10-31 11:47 . 2008-10-31 11:47 77,950 --a------ C:\fukfiukq.exe
2008-10-31 11:47 . 2008-10-31 11:47 26,112 --a------ C:\mxlb.exe
2008-10-31 11:47 . 2008-10-31 11:47 11,264 --a------ C:\eujpt.exe
2008-10-31 11:47 . 2008-10-31 11:47 705 --a------ C:\kbbve.exe
2008-10-31 11:47 . 2008-10-31 11:47 2 --a------ C:\1612910747
2008-10-31 11:46 . 2008-10-31 11:46 <DIR> d-------- c:\program files\MediaChance
2008-10-31 11:30 . 2008-10-31 11:32 <DIR> d-------- c:\program files\DCETools
2008-10-31 11:08 . 2008-10-31 11:08 <DIR> d-------- c:\documents and settings\ThaGas\Application Data\Thinstall
2008-10-31 10:58 . 2008-10-31 10:58 <DIR> d-------- c:\documents and settings\ThaGas\Application Data\HDRsoft
2008-10-28 07:25 . 2008-10-28 07:25 <DIR> d-------- c:\documents and settings\ThaGas\Application Data\Aladdin Systems

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-21 22:40 --------- d-----w c:\program files\SUPERAntiSpyware
2008-11-21 22:16 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-21 14:03 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-21 13:26 --------- d-----w c:\documents and settings\ThaGas\Application Data\FileZilla
2008-11-20 12:13 --------- d-----w c:\program files\AIM6
2008-11-20 12:13 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-11-20 12:12 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
2008-11-12 19:39 --------- d-----w c:\program files\Incomplete
2008-11-12 19:33 --------- d-----w c:\program files\LimeWire
2008-11-12 19:26 --------- d-----w c:\documents and settings\ThaGas\Application Data\LimeWire
2008-11-12 03:20 --------- d-----w c:\program files\Common Files\Real
2008-11-12 01:36 --------- d-----w c:\program files\Sony
2008-11-10 22:14 --------- d-----w c:\documents and settings\ThaGas\Application Data\Corel
2008-11-10 14:32 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-10-27 00:30 --------- d-----w c:\program files\DVD2SVCD
2008-10-22 19:19 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-10-21 20:52 --------- d-----w c:\program files\Common Files\Adobe
2008-10-19 15:45 --------- d-----w c:\documents and settings\ThaGas\Application Data\AdobeUM
2008-10-16 18:08 --------- d-----w c:\program files\Free FLV to AVI Converter
2008-10-16 18:07 --------- d-----w c:\program files\Smallvideosoft
2008-10-16 09:42 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-10-10 01:48 --------- d-----w c:\program files\ALLCapture 3.0 Trial
2008-10-09 16:17 --------- d-----w c:\documents and settings\ThaGas\Application Data\ALLCapture
2008-10-08 14:45 --------- d-----w c:\documents and settings\ThaGas\Application Data\LPC
2008-10-08 14:38 --------- d-----w c:\program files\Link Popularity Check
2008-10-08 08:03 43,872 ------w c:\windows\system32\drivers\pxhelp20.sys
2008-09-29 23:26 73,216 ----a-w c:\windows\ST6UNST.EXE
2008-09-29 23:26 286,720 ------w c:\windows\Setup1.exe
2008-08-11 20:27 3,925 ---ha-w c:\documents and settings\ThaGas\hpothb07.dat
2008-04-14 00:15 92,064 ----a-w c:\documents and settings\ThaGas\mqdmmdm.sys
2008-04-14 00:15 9,232 ----a-w c:\documents and settings\ThaGas\mqdmmdfl.sys
2008-04-14 00:15 79,328 ----a-w c:\documents and settings\ThaGas\mqdmserd.sys
2008-04-14 00:15 66,656 ----a-w c:\documents and settings\ThaGas\mqdmbus.sys
2008-04-14 00:15 6,208 ----a-w c:\documents and settings\ThaGas\mqdmcmnt.sys
2008-04-14 00:15 5,936 ----a-w c:\documents and settings\ThaGas\mqdmwhnt.sys
2008-04-14 00:15 4,048 ----a-w c:\documents and settings\ThaGas\mqdmcr.sys
2008-04-14 00:15 25,600 ----a-w c:\documents and settings\ThaGas\usbsermptxp.sys
2008-04-14 00:15 22,768 ----a-w c:\documents and settings\ThaGas\usbsermpt.sys
2008-02-26 00:04 8,161,280 ----a-w c:\program files\HTML Guardian 7.msi
2007-12-03 17:31 36,868 ----a-w c:\program files\uninst-3DStroke.exe
2007-11-15 19:27 476,752 ----a-w c:\documents and settings\All Users\Application Data\pswi_preloaded.exe
2008-08-14 17:59 88 --sh--r c:\windows\system32\E2E2F7392F.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{03402f96-3dc7-4285-bc50-9e81fefafe43}"= "c:\program files\AIM Toolbar\aimtb.dll" [2008-10-07 1275176]

[HKEY_CLASSES_ROOT\clsid\{03402f96-3dc7-4285-bc50-9e81fefafe43}]
[HKEY_CLASSES_ROOT\AIMTb.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{f8ec99b3-c2ca-4a5f-9505-c049766dc883}]
[HKEY_CLASSES_ROOT\AIMTb.AOLTBSearch]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0088C75C-6361-4dfb-B2CF-576CACFA3C55}]
2008-11-19 10:30 177664 --a------ c:\program files\VirTrigger\VirTriggerWarning.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C}]
2008-11-21 18:14 31421 --a------ c:\program files\WebMediaViewer\hpmun.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b0cda128-b425-4eef-a174-61a11ac5dbf8}]
2008-10-07 14:09 1275176 --a------ c:\program files\AIM Toolbar\aimtb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{61539ecd-cc67-4437-a03c-9aaccbd14326}"= "c:\program files\AIM Toolbar\aimtb.dll" [2008-10-07 1275176]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{61539ECD-CC67-4437-A03C-9AACCBD14326}"= "c:\program files\AIM Toolbar\aimtb.dll" [2008-10-07 1275176]

[HKEY_CLASSES_ROOT\clsid\{61539ecd-cc67-4437-a03c-9aaccbd14326}]
[HKEY_CLASSES_ROOT\AIMTb.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{f8ec99b3-c2ca-4a5f-9505-c049766dc883}]
[HKEY_CLASSES_ROOT\AIMTb.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 1318912]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-17 68856]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 495616]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-02-01 8699904]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-13 3660848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-04-30 843776]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Drag'n'Drop_Autolaunch"="c:\program files\Iomega HotBurn Pro\Autolaunch.exe" [2004-08-10 131072]
"SmartPatrol"="c:\progra~1\AddWeb8\SmartPatrol.exe" [2008-02-05 1171968]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-01-15 37376]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-11 180269]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8491008]
"nwiz"="nwiz.exe" [2007-10-04 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-02-01 8699904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"QuickTime Task"="c:\program files\WebMediaViewer\qttask.exe" [2008-11-21 56363]
"VMware hptray"="c:\program files\WebMediaViewer\hpmon.exe" [2008-11-21 73291]

c:\documents and settings\ThaGas\Start Menu\Programs\Startup\
Adobe Media Player.lnk - c:\program files\Adobe Media Player\Adobe Media Player.exe [2008-11-02 260096]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 217193]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-15 110592]
Device Detector 2.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2008-11-21 114688]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-09 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-09 28672]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll
"VIDC.HFYU"= huffyuv.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

R1 Cinemsup;Cinemsup;\??\c:\windows\system32\drivers\cinemsup.sys [2002-07-19 6656]
R2 DVRMSFileWatcherService;DVRMSFileWatcherService;c:\program files\dvrmstoolbox\dvrmsfilewatcherservice.exe [2008-03-19 20480]
R2 io.sys;IO.DLL Driver;\??\c:\windows\system32\drivers\io.sys [2008-04-05 5152]
R2 UxTuneUp;TuneUp Theme Extension;c:\windows\System32\svchost.exe -k netsvcs [2002-11-01 14336]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2008-01-10 24652]
S1 8b9d3b51;8b9d3b51;c:\windows\system32\drivers\8b9d3b51.sys []
S2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\DRIVERS\EAPPkt.sys []
S3 Aliiumgrpr;Aliiumgrpr; []
S3 mamotou;mamotou;c:\windows\system32\DRIVERS\mamotou.sys [2008-04-13 49377]
S3 p2pgasvc;Peer Networking Group Authentication;c:\windows\System32\svchost.exe -k p2psvc [2002-11-01 14336]
S3 p2pimsvc;Peer Networking Identity Manager;c:\windows\System32\svchost.exe -k p2psvc [2002-11-01 14336]
S3 p2psvc;Peer Networking;c:\windows\System32\svchost.exe -k p2psvc [2002-11-01 14336]
S3 PNRPSvc;Peer Name Resolution Protocol;c:\windows\System32\svchost.exe -k p2psvc [2002-11-01 14336]
S3 Rdpnprox;Rdpnprox; []
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;c:\windows\System32\TuneUpDefragService.exe [2008-04-29 354560]
S3 VNUSB;VN Series Device;c:\windows\system32\DRIVERS\VNUSB.sys [2008-11-21 38448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13668f27-aa4a-11dc-947c-001a92bf0034}]
\Shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{834bd6ab-a66b-11dc-9470-001a92bf0034}]
\Shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d99fba85-c1fe-11dc-9498-001a92bf0034}]
\Shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4358d95-4ada-11dd-8fd6-001a92bf0034}]
\Shell\AutoRun\command - setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder

2008-11-21 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-04-16 08:59]

2008-11-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2008-06-27 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1206111487.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 16:56]

2008-11-21 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2008-11-19 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2008-01-09 03:08]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://windiwsfsearch.com/search?q={searchTerms}
uDefault_Search_URL = hxxp://windiwsfsearch.com
mSearchMigratedDefaultURL = hxxp://windiwsfsearch.com/search?q={searchTerms}
mSearch Bar = hxxp://windiwsfsearch.com/ie6.html
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
mSearchURL = hxxp://windiwsfsearch.com
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.ietoolexpress.com/redirect.php
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\AIM Toolbar\aimtb.dll
IE: {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.ietoolexpress.com/redirect.php -

c:\windows\Downloaded Program Files\InstallerControl.dll - O16 -: CabBuilder
hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
c:\windows\Downloaded Program Files\OSDED4D.OSD

O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

c:\windows\Downloaded Program Files\DVC Download Control.ocx - O16 -: {ABB660B6-6694-407B-950A-EDBA5A159722}
hxxp://www.gamehouse.com/games/dvcode/DVCControl.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-21 18:14:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Windows Defender\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\progra~1\Iomega\System32\AppServices.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PSIService.exe
c:\program files\Photodex\ProShowGold\scsiaccess.exe
c:\windows\system32\tcpsvcs.exe
c:\program files\WebMediaViewer\qttaskm.exe
c:\program files\WebMediaViewer\hpmom.exe
c:\program files\AIM6\aolsoftware.exe
c:\windows\system32\msiexec.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
.
**************************************************************************
.
Completion time: 2008-11-21 18:21:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-21 23:19:58
ComboFix2.txt 2008-11-21 22:36:04
ComboFix3.txt 2008-09-07 08:48:28
ComboFix4.txt 2008-08-31 12:29:52
ComboFix5.txt 2008-11-21 23:00:56

Pre-Run: 52,789,878,784 bytes free
Post-Run: 52,775,190,528 bytes free

280 --- E O F --- 2008-11-21 22:07:43

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 14290

Posted 11-22-2008 5:34 (GMT +1)

Hello

Please download Malwarebytes' Anti-Malware:

http://www.spywarefri.dk/downloads1/mbam-setup.exe

Or here:

http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol;pop&cdlPid=10878968

to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch

Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform full scan, then click Scan.

When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click Remove Selected.

When completed, a log will open in Notepad. Please save it to a convenient location.

Copy and Paste that log into your next reply, along with fresh hijackthis log and new combofix log.

NB: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

A non-profit, volunteer network.

thegascomp
New Member

Date Joined Sep 2007
Total Posts : 16

Posted 11-22-2008 1:58 (GMT +1)

Malwarebytes' Anti-Malware 1.30
Database version: 1306
Windows 5.1.2600 Service Pack 2

11/22/2008 7:45:32 AM
mbam-log-2008-11-22 (07-45-32).txt

Scan type: Full Scan (C:\|)
Objects scanned: 232755
Time elapsed: 58 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 1
Registry Data Items Infected: 7
Folders Infected: 2
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qalkfxor.bpws (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qalkfxor.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.Search) -> Bad: (http://windiwsfsearch.com/ie6.html) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q=%s) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\append.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xlib254.dll (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
C:\kbbve.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\mxlb.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\512686\512686.dll.vir (Trojan.BHO) -> Quarantined and deleted successfully.

thegascomp
New Member

Date Joined Sep 2007
Total Posts : 16

Posted 11-22-2008 1:59 (GMT +1)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:50:35 AM, on 11/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\program files\dvrmstoolbox\dvrmsfilewatcherservice.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WebMediaViewer\qttask.exe
C:\Program Files\WebMediaViewer\hpmon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe
C:\Program Files\WebMediaViewer\qttaskm.exe
C:\Program Files\WebMediaViewer\hpmom.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Documents and Settings\ThaGas\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: VirTriggerWarningBHO Class - {0088C75C-6361-4dfb-B2CF-576CACFA3C55} - C:\Program Files\VirTrigger\VirTriggerWarning.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C} - C:\Program Files\WebMediaViewer\hpmun.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Call HoverToCall class - {7E853D72-626A-48EC-A868-BA8D5E23E045} - C:\Program Files\Windows Live\Messenger\HTC.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe"
O4 - HKLM\..\Run: [SmartPatrol] C:\PROGRA~1\AddWeb8\SmartPatrol.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKLM\..\Policies\Explorer\Run: [QuickTime Task] C:\Program Files\WebMediaViewer\qttask.exe
O4 - HKLM\..\Policies\Explorer\Run: [VMware hptray] C:\Program Files\WebMediaViewer\hpmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Device Detector 2.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.ietoolexpress.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IExplorer Security - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.ietoolexpress.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://linktrader.cyberspacehq.com
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1195079143781
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.gamehouse.com/games/mjolauncher.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVC Download Control) - http://www.gamehouse.com/games/dvcode/DVCControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab57176.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DVRMSFileWatcherService - - c:\program files\dvrmstoolbox\dvrmsfilewatcherservice.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 13024 bytes

thegascomp
New Member

Date Joined Sep 2007
Total Posts : 16

Posted 11-22-2008 1:59 (GMT +1)

ComboFix 08-11-21.03 - ThaGas 2008-11-22 7:51:33.12 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1507 [GMT -5:00]
Running from: c:\documents and settings\ThaGas\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

H:\Autorun.inf
H:\resycled
h:\resycled\boot.com

.
((((((((((((((((((((((((( Files Created from 2008-10-22 to 2008-11-22 )))))))))))))))))))))))))))))))
.

2012-02-01 17:45 . 2004-08-04 00:56 380,957 --a------ c:\windows\system32\expsrv.dll
2012-02-01 17:45 . 2004-08-04 00:56 30,749 --a------ c:\windows\system32\vbajet32.dll
2012-02-01 14:37 . 2012-02-01 14:37 232,248 --a------ c:\windows\system32\MSDATLST.OCX
2012-02-01 14:00 . 2012-02-01 14:00 430,080 --a------ c:\windows\system32\MSREPL35.DLL
2012-02-01 14:00 . 2012-02-01 14:00 89,360 --a------ c:\windows\system32\VB5DB.dll
2008-11-21 16:40 . 2008-11-21 17:54 <DIR> d-------- c:\program files\VirTrigger
2008-11-21 16:39 . 2008-11-21 17:15 <DIR> d-------- c:\program files\WebMediaViewer
2008-11-21 09:03 . 2008-11-21 09:03 <DIR> d-------- c:\program files\Olympus
2008-11-21 09:03 . 2003-12-15 19:44 73,728 --a------ c:\windows\system32\VNUSB.dll
2008-11-21 09:03 . 2003-06-13 17:49 73,728 --a------ c:\windows\system32\DW90USB.DLL
2008-11-21 09:03 . 2001-04-09 19:17 39,096 --a------ c:\windows\system32\drivers\DW90USB.SYS
2008-11-21 09:03 . 2003-12-15 18:22 38,448 --a------ c:\windows\system32\drivers\VNUSB.sys
2008-11-20 07:13 . 2008-11-20 07:13 <DIR> d-------- c:\program files\Common Files\Software Update Utility
2008-11-20 07:13 . 2008-11-20 07:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\acccore
2008-11-11 22:20 . 2008-11-11 22:20 <DIR> d-------- c:\program files\RichFX
2008-11-11 22:20 . 2008-11-11 22:20 <DIR> d-------- c:\program files\Common Files\xing shared
2008-11-11 22:04 . 2008-11-11 22:04 <DIR> d-------- c:\documents and settings\All Users\SonicStage
2008-11-11 21:29 . 2008-11-11 21:29 <DIR> d-------- c:\documents and settings\ThaGas\Application Data\InstallShield
2008-11-11 20:36 . 2007-01-13 08:24 770,048 --a------ c:\windows\system32\CDDBUISony.dll
2008-11-11 20:36 . 2007-01-13 08:22 655,360 --a------ c:\windows\system32\CDDBControlSony.dll
2008-11-11 20:36 . 2007-01-13 08:22 589,824 --a------ c:\windows\system32\CddbMusicIDSony.dll
2008-11-11 20:36 . 2007-01-13 08:25 532,480 --a------ c:\windows\system32\CddbPlaylist2Sony.dll
2008-11-11 20:36 . 2001-09-13 02:15 90,112 --------- c:\windows\snymsico.dll
2008-11-11 20:36 . 2007-01-13 08:24 73,728 --a------ c:\windows\system32\CddbLinkSony.dll
2008-11-11 20:36 . 2002-08-08 15:51 38,951 --------- c:\windows\system32\drivers\NETMDUSB.sys
2008-11-11 20:36 . 2005-10-31 10:46 36,679 --------- c:\windows\system32\drivers\NETMD052.sys
2008-11-11 20:36 . 2003-11-10 12:31 36,232 --------- c:\windows\system32\drivers\NETMD033.sys
2008-11-11 20:36 . 2003-04-01 18:55 35,319 --------- c:\windows\system32\drivers\NETMD031.sys
2008-11-11 20:35 . 2008-11-11 20:35 <DIR> d-------- c:\program files\Common Files\Sony Shared
2008-11-11 20:35 . 2008-11-11 22:04 <DIR> d-------- c:\documents and settings\ThaGas\Application Data\Sony Corporation
2008-11-11 20:35 . 2008-11-11 20:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sony Corporation
2008-11-02 16:29 . 2008-11-02 16:29 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2008-11-02 16:29 . 2008-11-02 16:29 <DIR> d-------- c:\program files\Adobe Media Player
2008-11-02 15:35 . 2008-11-02 15:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\PopCap
2008-10-31 11:47 . 2008-10-31 11:47 161,540 --a------ C:\lowdn.exe
2008-10-31 11:47 . 2008-10-31 11:47 108,336 --a------ c:\windows\system32\mswinsck.ocx
2008-10-31 11:47 . 2008-10-31 11:47 77,950 --a------ C:\fukfiukq.exe
2008-10-31 11:47 . 2008-10-31 11:47 11,264 --a------ C:\eujpt.exe
2008-10-31 11:47 . 2008-10-31 11:47 2 --a------ C:\1612910747
2008-10-31 11:46 . 2008-10-31 11:46 <DIR> d-------- c:\program files\MediaChance
2008-10-31 11:30 . 2008-10-31 11:32 <DIR> d-------- c:\program files\DCETools
2008-10-31 11:08 . 2008-10-31 11:08 <DIR> d-------- c:\documents and settings\ThaGas\Application Data\Thinstall
2008-10-31 10:58 . 2008-10-31 10:58 <DIR> d-------- c:\documents and settings\ThaGas\Application Data\HDRsoft
2008-10-28 07:25 . 2008-10-28 07:25 <DIR> d-------- c:\documents and settings\ThaGas\Application Data\Aladdin Systems

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-22 12:38 --------- d-----w c:\program files\Incomplete
2008-11-22 12:37 --------- d-----w c:\program files\LimeWire
2008-11-22 12:37 --------- d-----w c:\documents and settings\ThaGas\Application Data\LimeWire
2008-11-22 11:43 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-11-22 08:02 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-22 03:05 --------- d-----w c:\program files\SUPERAntiSpyware
2008-11-21 23:45 --------- d-----w c:\program files\Windows Defender
2008-11-21 22:16 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-21 21:53 14,336 ----a-w c:\windows\system32\svchost.exe
2008-11-21 14:03 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-21 13:26 --------- d-----w c:\documents and settings\ThaGas\Application Data\FileZilla
2008-11-20 12:13 --------- d-----w c:\program files\AIM6
2008-11-20 12:13 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-11-20 12:12 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
2008-11-12 22:33 3,922 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-11-12 03:20 --------- d-----w c:\program files\Common Files\Real
2008-11-12 01:36 --------- d-----w c:\program files\Sony
2008-11-10 22:14 --------- d-----w c:\documents and settings\ThaGas\Application Data\Corel
2008-11-10 14:32 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-10-27 00:30 --------- d-----w c:\program files\DVD2SVCD
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 21:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 21:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-22 19:19 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-10-21 20:52 --------- d-----w c:\program files\Common Files\Adobe
2008-10-19 15:45 --------- d-----w c:\documents and settings\ThaGas\Application Data\AdobeUM
2008-10-16 18:08 --------- d-----w c:\program files\Free FLV to AVI Converter
2008-10-16 18:07 --------- d-----w c:\program files\Smallvideosoft
2008-10-10 01:48 --------- d-----w c:\program files\ALLCapture 3.0 Trial
2008-10-09 16:17 --------- d-----w c:\documents and settings\ThaGas\Application Data\ALLCapture
2008-10-08 14:45 --------- d-----w c:\documents and settings\ThaGas\Application Data\LPC
2008-10-08 14:38 --------- d-----w c:\program files\Link Popularity Check
2008-10-08 08:03 43,872 ------w c:\windows\system32\drivers\pxhelp20.sys
2008-10-08 08:03 129,520 ------w c:\windows\system32\pxafs.dll
2008-10-08 08:03 120,568 ------w c:\windows\system32\pxcpyi64.exe
2008-10-08 08:03 118,256 ------w c:\windows\system32\pxinsi64.exe
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-29 23:26 73,216 ----a-w c:\windows\ST6UNST.EXE
2008-09-29 23:26 286,720 ------w c:\windows\Setup1.exe
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-04 16:42 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-30 01:06 1,350,664 ----a-w c:\windows\system32\msxml6.dll
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
2008-08-11 20:27 3,925 ---ha-w c:\documents and settings\ThaGas\hpothb07.dat
2008-04-14 00:15 92,064 ----a-w c:\documents and settings\ThaGas\mqdmmdm.sys
2008-04-14 00:15 9,232 ----a-w c:\documents and settings\ThaGas\mqdmmdfl.sys
2008-04-14 00:15 79,328 ----a-w c:\documents and settings\ThaGas\mqdmserd.sys
2008-04-14 00:15 66,656 ----a-w c:\documents and settings\ThaGas\mqdmbus.sys
2008-04-14 00:15 6,208 ----a-w c:\documents and settings\ThaGas\mqdmcmnt.sys
2008-04-14 00:15 5,936 ----a-w c:\documents and settings\ThaGas\mqdmwhnt.sys
2008-04-14 00:15 4,048 ----a-w c:\documents and settings\ThaGas\mqdmcr.sys
2008-04-14 00:15 25,600 ----a-w c:\documents and settings\ThaGas\usbsermptxp.sys
2008-04-14 00:15 22,768 ----a-w c:\documents and settings\ThaGas\usbsermpt.sys
2008-02-26 00:04 8,161,280 ----a-w c:\program files\HTML Guardian 7.msi
2007-12-03 17:31 36,868 ----a-w c:\program files\uninst-3DStroke.exe
2007-11-15 19:27 476,752 ----a-w c:\documents and settings\All Users\Application Data\pswi_preloaded.exe
2008-08-14 17:59 88 --sh--r c:\windows\system32\E2E2F7392F.sys
.

((((((((((((((((((((((((((((( snapshot@2008-11-21_17.34.26.76 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-05-05 09:41:45 453,120 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-10-24 11:10:42 453,632 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-11-22 08:00:37 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
- 2008-10-16 09:42:56 1,165,584 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-11-22 08:02:02 1,165,584 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
- 2008-10-16 09:42:56 20,240 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-11-22 08:02:02 20,240 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-10-16 09:42:56 159,504 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-11-22 08:02:02 159,504 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
- 2008-10-16 09:42:56 217,864 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
+ 2008-11-22 08:02:02 217,864 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2008-10-16 09:42:56 18,704 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-11-22 08:02:02 18,704 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-10-16 09:42:56 35,088 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-11-22 08:02:02 35,088 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-10-16 09:42:56 845,584 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-11-22 08:02:02 845,584 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
- 2008-10-16 09:42:56 922,384 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-11-22 08:02:02 922,384 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2008-10-16 09:42:56 272,648 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-11-22 08:02:02 272,648 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
- 2008-10-16 09:42:56 888,080 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-11-22 08:02:02 888,080 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-10-16 09:42:56 1,172,240 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-11-22 08:02:02 1,172,240 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-09-11 07:01:51 12,288 ----a-r c:\windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-11-22 08:01:06 12,288 ----a-r c:\windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-09-11 07:01:51 282,624 ----a-r c:\windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\fpicon.exe
+ 2008-11-22 08:01:06 282,624 ----a-r c:\windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\fpicon.exe
- 2008-09-11 07:01:51 135,168 ----a-r c:\windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-11-22 08:01:06 135,168 ----a-r c:\windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-09-11 07:01:51 27,136 ----a-r c:\windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-11-22 08:01:06 27,136 ----a-r c:\windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-09-11 07:01:51 4,096 ----a-r c:\windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-11-22 08:01:06 4,096 ----a-r c:\windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2006-05-05 09:41:45 453,120 -c----w c:\windows\system32\dllcache\mrxsmb.sys
+ 2008-10-24 11:10:42 453,632 -c----w c:\windows\system32\dllcache\mrxsmb.sys
- 2007-06-26 06:08:16 1,104,896 -c----w c:\windows\system32\dllcache\msxml3.dll
+ 2008-09-04 16:42:02 1,106,944 -c----w c:\windows\system32\dllcache\msxml3.dll
- 2007-11-30 11:18:51 17,272 ------w c:\windows\system32\spmsg.dll
+ 2008-07-08 13:02:01 17,272 ------w c:\windows\system32\spmsg.dll
+ 2008-09-30 21:42:08 1,286,152 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2008-09-30 21:45:12 91,656 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0088C75C-6361-4dfb-B2CF-576CACFA3C55}]
2008-11-19 10:30 177664 --a------ c:\program files\VirTrigger\VirTriggerWarning.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C}]
2008-11-22 07:48 31421 --a------ c:\program files\WebMediaViewer\hpmun.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 1318912]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-17 68856]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 495616]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-02-01 8699904]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-13 3660848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-04-30 843776]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Drag'n'Drop_Autolaunch"="c:\program files\Iomega HotBurn Pro\Autolaunch.exe" [2004-08-10 131072]
"SmartPatrol"="c:\progra~1\AddWeb8\SmartPatrol.exe" [2008-02-05 1171968]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-01-15 37376]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-11 180269]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8491008]
"nwiz"="nwiz.exe" [2007-10-04 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-02-01 8699904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"QuickTime Task"="c:\program files\WebMediaViewer\qttask.exe" [2008-11-21 56363]
"VMware hptray"="c:\program files\WebMediaViewer\hpmon.exe" [2008-11-21 73291]

c:\documents and settings\ThaGas\Start Menu\Programs\Startup\
Adobe Media Player.lnk - c:\program files\Adobe Media Player\Adobe Media Player.exe [2008-11-02 260096]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 217193]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-15 110592]
Device Detector 2.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2008-11-21 114688]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-09 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-09 28672]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll
"VIDC.HFYU"= huffyuv.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 Cinemsup;Cinemsup;\??\c:\windows\system32\drivers\cinemsup.sys [2002-07-19 6656]
R2 DVRMSFileWatcherService;DVRMSFileWatcherService;c:\program files\dvrmstoolbox\dvrmsfilewatcherservice.exe [2008-03-19 20480]
R2 io.sys;IO.DLL Driver;\??\c:\windows\system32\drivers\io.sys [2008-04-05 5152]
R2 UxTuneUp;TuneUp Theme Extension;c:\windows\System32\svchost.exe -k netsvcs [2002-11-01 14336]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2008-01-10 24652]
S1 8b9d3b51;8b9d3b51;c:\windows\system32\drivers\8b9d3b51.sys []
S2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\DRIVERS\EAPPkt.sys []
S3 Aliiumgrpr;Aliiumgrpr; []
S3 mamotou;mamotou;c:\windows\system32\DRIVERS\mamotou.sys [2008-04-13 49377]
S3 p2pgasvc;Peer Networking Group Authentication;c:\windows\System32\svchost.exe -k p2psvc [2002-11-01 14336]
S3 p2pimsvc;Peer Networking Identity Manager;c:\windows\System32\svchost.exe -k p2psvc [2002-11-01 14336]
S3 p2psvc;Peer Networking;c:\windows\System32\svchost.exe -k p2psvc [2002-11-01 14336]
S3 PNRPSvc;Peer Name Resolution Protocol;c:\windows\System32\svchost.exe -k p2psvc [2002-11-01 14336]
S3 Rdpnprox;Rdpnprox; []
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;c:\windows\System32\TuneUpDefragService.exe [2008-04-29 354560]
S3 VNUSB;VN Series Device;c:\windows\system32\DRIVERS\VNUSB.sys [2008-11-21 38448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13668f27-aa4a-11dc-947c-001a92bf0034}]
\Shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{834bd6ab-a66b-11dc-9470-001a92bf0034}]
\Shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d99fba85-c1fe-11dc-9498-001a92bf0034}]
\Shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4358d95-4ada-11dd-8fd6-001a92bf0034}]
\Shell\AutoRun\command - setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder

2008-11-22 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-04-16 08:59]

2008-11-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2008-06-27 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1206111487.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 16:56]

2008-11-22 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2008-11-19 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2008-01-09 03:08]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/
mSearch Bar = hxxp://www.google.com/
mSearchMigratedDefaultURL = hxxp://www.google.com/
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
mSearchURL = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.ietoolexpress.com/redirect.php
IE: {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.ietoolexpress.com/redirect.php -

c:\windows\Downloaded Program Files\InstallerControl.dll - O16 -: CabBuilder
hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
c:\windows\Downloaded Program Files\OSDED4D.OSD

O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

c:\windows\Downloaded Program Files\DVC Download Control.ocx - O16 -: {ABB660B6-6694-407B-950A-EDBA5A159722}
hxxp://www.gamehouse.com/games/dvcode/DVCControl.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-22 07:56:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
Completion time: 2008-11-22 7:58:06
ComboFix-quarantined-files.txt 2008-11-22 12:56:48
ComboFix2.txt 2008-11-21 23:21:17
ComboFix3.txt 2008-11-21 22:36:04
ComboFix4.txt 2008-09-07 08:48:28
ComboFix5.txt 2008-11-22 12:51:14

Pre-Run: 52,405,219,328 bytes free
Post-Run: 52,522,192,896 bytes free

310 --- E O F --- 2008-11-22 08:02:04

thegascomp
New Member

Date Joined Sep 2007
Total Posts : 16

Posted 11-22-2008 2:01 (GMT +1)

win32/zlob.ans
win32/zlob.amv
win32/zlob.bah

are still coming back up. im using defender to manage them but on start up theyre still showing up again

thank you

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 14290

Posted 11-23-2008 9:23 (GMT +1)

Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

Copy the entire contents of the Quote Box below to Notepad.
Name the file as CFScript
and Save it on the desktop

QUOTE

Killall::

Snapshot::

File::
C:\lowdn.exe
C:\fukfiukq.exe
C:\eujpt.exe
Folder::

C:\Program Files\Viewpoint

c:\documents and settings\All Users\Application Data\Viewpoint

c:\program files\VirTrigger

c:\program files\WebMediaViewer

Driver::

Aliiumgrpr

Viewpoint Manager Service

8b9d3b51

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0088C75C-6361-4dfb-B2CF-576CACFA3C55}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"QuickTime Task"=-
"VMware hptray"=-

http://i266.photobucket.com/albums/ii277/sUBs_/Combo-Do.gif

Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report.