| Here is the ComboFix Log report:
ComboFix 08-06-20.4 - yelias12 2008-06-30 10:55:12.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.378 [GMT 10:00]
Running from: C:\Documents and Settings\yelias12\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\BM0f52ab3a.xml
C:\WINDOWS\mainms.vpi
C:\WINDOWS\megavid.cdt
C:\WINDOWS\muotr.so
C:\WINDOWS\portsv.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bsm.dll
C:\WINDOWS\system32\ffcaaaff.dll
C:\WINDOWS\system32\hljwugsf.bin
C:\WINDOWS\system32\khbbnauj.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca
----- BITS: Possible infected sites -----
hxxp://10.12.2.19
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MSSECURITY1.209.4
-------\Legacy_PlugPlayRPC
-------\Service_PlugPlayRPC
((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-30 )))))))))))))))))))))))))))))))
.
2008-06-29 16:41 . 2008-06-29 16:41 <DIR> d-------- C:\Program Files\Yahoo!
2008-06-29 16:41 . 2008-06-29 16:41 <DIR> d-------- C:\Program Files\CCleaner
2008-06-29 16:40 . 2008-06-29 16:40 <DIR> d-------- C:\Program Files\filehippo.com
2008-06-27 13:27 . 2008-06-27 13:27 <DIR> d-------- C:\Documents and Settings\yelias12\Application Data\Samsung
2008-06-27 13:19 . 2008-06-27 13:19 <DIR> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2008-06-27 13:19 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
2008-06-27 13:19 . 2005-12-22 12:24 137,884 --a------ C:\WINDOWS\system32\drivers\sscdmdm.sys
2008-06-27 13:19 . 2005-12-22 12:24 80,272 --a------ C:\WINDOWS\system32\drivers\sscdbus.sys
2008-06-27 13:19 . 2005-12-22 12:24 11,877 --a------ C:\WINDOWS\system32\drivers\sscdcmnt.sys
2008-06-27 13:19 . 2005-12-22 12:24 11,877 --a------ C:\WINDOWS\system32\drivers\sscdcm.sys
2008-06-27 13:19 . 2005-12-22 12:24 11,188 --a------ C:\WINDOWS\system32\drivers\sscdwhnt.sys
2008-06-27 13:19 . 2005-12-22 12:24 11,188 --a------ C:\WINDOWS\system32\drivers\sscdwh.sys
2008-06-27 13:19 . 2005-12-22 12:24 10,864 --a------ C:\WINDOWS\system32\drivers\sscdmdfl.sys
2008-06-27 13:19 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2008-06-27 13:19 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-06-27 13:18 . 2008-06-27 13:18 <DIR> d-------- C:\Program Files\Samsung
2008-06-26 17:48 . 2008-06-26 17:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-26 17:47 . 2008-06-26 17:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-06-26 14:48 . 2008-06-26 14:48 25,992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe
2008-06-26 11:26 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-06-26 11:26 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-06-26 11:26 . 2008-04-14 00:15 10,368 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-06-26 11:26 . 2008-04-14 00:15 10,368 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-06-25 22:39 . 2008-06-25 22:39 <DIR> d-------- C:\Program Files\thriXXX
2008-06-25 20:38 . 2008-06-29 15:48 <DIR> d-------- C:\WINDOWS\system32\7238
2008-06-25 20:14 . 2008-06-25 20:14 <DIR> d-------- C:\Documents and Settings\yelias12\Application Data\GRETECH
2008-06-25 20:14 . 2008-06-25 20:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GRETECH
2008-06-25 20:12 . 2008-06-25 20:12 <DIR> d-------- C:\Program Files\GRETECH
2008-06-25 19:59 . 2008-06-27 13:24 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-25 19:59 . 2008-06-27 13:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-25 16:54 . 2008-06-25 16:54 <DIR> d-------- C:\Documents and Settings\yelias12\Application Data\Malwarebytes
2008-06-25 16:54 . 2008-06-25 16:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-25 16:36 . 2008-06-25 16:36 <DIR> d-------- C:\VundoFix Backups
2008-06-25 16:30 . 2008-06-25 16:30 113,169 --------- C:\WINDOWS\system32\8231fb55df18ae44c4cc99d846c4c139.TMP
2008-06-25 16:30 . 2008-06-25 16:30 113,169 --------- C:\WINDOWS\system32\[u]0[/u]f26634258daef1fb106127a60dccc47.TMP
2008-06-25 12:35 . 2008-06-25 12:35 <DIR> d-------- C:\Program Files\Alwil Software
2008-06-25 10:41 . 2008-06-25 10:41 112,128 --a------ C:\WINDOWS\system32\qxytfati.exe
2008-06-25 10:38 . 2008-06-25 10:38 66,952 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-06-25 10:35 . 2008-06-25 10:36 <DIR> d-------- C:\Program Files\Safari
2008-06-25 10:21 . 2008-06-25 10:21 113,169 --------- C:\WINDOWS\system32\c847ffaecc4b63d817e3b51aa633bab5.TMP
2008-06-25 10:21 . 2008-06-25 10:21 113,169 --------- C:\WINDOWS\system32\5de78138d555ea6abf4f0110e669c861.TMP
2008-06-25 10:13 . 2008-06-25 10:12 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-06-25 10:11 . 2008-06-25 10:14 <DIR> d-------- C:\Documents and Settings\yelias12\.housecall6.6
2008-06-24 22:18 . 2008-06-24 22:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-06-24 22:15 . 2008-06-24 22:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-06-24 22:01 . 2008-06-24 22:01 <DIR> d-------- C:\Documents and Settings\yelias12\Application Data\TuneUp Software
2008-06-24 22:01 . 2008-06-24 22:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-06-24 22:01 . 2008-06-24 22:01 307,968 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-06-24 22:01 . 2008-02-27 13:15 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-06-24 22:00 . 2008-06-24 22:01 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-06-24 18:24 . 2008-06-24 18:40 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-06-24 12:32 . 2008-06-26 16:44 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-06-24 11:31 . 2008-06-24 11:31 <DIR> d-------- C:\Documents and Settings\yelias12\Application Data\Ace
2008-06-24 11:30 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-06-24 10:53 . 2005-08-03 16:00 232,192 -ra------ C:\WINDOWS\system32\drivers\rt73.sys
2008-06-23 21:22 . 2008-06-23 21:22 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-23 21:04 . 2008-06-24 19:55 <DIR> d-------- C:\Documents and Settings\yelias12\Application Data\AVGTOOLBAR
2008-06-23 19:11 . 2008-06-23 19:11 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVGTOOLBAR
2008-06-23 18:08 . 2008-06-23 20:57 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Orbit
2008-06-23 18:07 . 2008-06-23 18:07 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Nero
2008-06-23 17:47 . 2008-06-23 17:47 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Orbit
2008-06-23 17:41 . 2008-06-23 17:41 <DIR> d-------- C:\temp\itmp4
2008-06-23 17:40 . 2008-06-23 17:40 <DIR> d-------- C:\Program Files\Red Kawa
2008-06-23 17:40 . 2008-06-23 21:05 <DIR> d-------- C:\Program Files\AviSynth 2.5
2008-06-23 17:40 . 2008-06-23 17:46 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\GrabPro
2008-06-23 17:40 . 2008-06-23 17:40 106,496 --a------ C:\Documents and Settings\All Users\Application Data\ngzqfsjs.dll
2008-06-23 13:07 . 2008-06-23 13:07 <DIR> d-------- C:\Program Files\HP
2008-06-23 13:06 . 2004-03-11 14:14 16,062 --------- C:\WINDOWS\hpiins01.dat
2008-06-23 13:06 . 2004-02-12 14:20 0 --------- C:\WINDOWS\hpimdl01.dat
2008-06-22 21:15 . 2008-05-06 16:01 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2008-06-22 21:15 . 2008-05-06 16:01 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2008-06-21 23:45 . 2008-06-21 23:45 <DIR> d-------- C:\temp\nvidia
2008-06-21 23:45 . 2008-06-23 17:41 <DIR> d-------- C:\temp
2008-06-21 22:16 . 2008-06-21 22:16 <DIR> d-------- C:\WINDOWS\Sun
2008-06-21 22:15 . 2008-06-21 22:15 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-21 20:37 . 2008-06-21 20:37 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-06-21 19:37 . 2008-06-24 11:00 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-06-21 16:19 . 2008-04-14 05:42 1,306,624 --a------ C:\WINDOWS\system32\msxml6.dll
2008-06-21 16:19 . 2008-04-14 05:42 1,306,624 -----c--- C:\WINDOWS\system32\dllcache\msxml6.dll
2008-06-21 16:19 . 2008-04-14 05:40 102,912 -----c--- C:\WINDOWS\system32\dllcache\dpcdll.dll
2008-06-21 16:19 . 2008-04-13 22:57 79,872 --a------ C:\WINDOWS\system32\msxml6r.dll
2008-06-21 16:19 . 2008-04-13 22:57 79,872 -----c--- C:\WINDOWS\system32\dllcache\msxml6r.dll
2008-06-21 16:17 . 2008-06-21 16:17 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-06-21 16:17 . 2008-06-21 16:17 <DIR> d-------- C:\WINDOWS\system32\en
2008-06-21 16:17 . 2008-06-21 16:17 <DIR> d-------- C:\WINDOWS\system32\bits
2008-06-21 16:17 . 2008-06-21 16:17 <DIR> d-------- C:\WINDOWS\l2schemas
2008-06-21 16:17 . 2008-04-14 05:42 712,704 --a------ C:\WINDOWS\system32\windowscodecs.dll
2008-06-21 16:17 . 2008-04-14 05:42 346,112 --a------ C:\WINDOWS\system32\windowscodecsext.dll
2008-06-21 16:17 . 2008-04-14 05:42 276,992 --a------ C:\WINDOWS\system32\wmphoto.dll
2008-06-21 16:17 . 2008-04-14 05:42 69,120 --a------ C:\WINDOWS\system32\wlanapi.dll
2008-06-21 16:17 . 2008-04-14 05:42 32,866 --------- C:\WINDOWS\slrundll.exe
2008-06-21 16:17 . 2008-04-14 05:42 28,672 --a------ C:\WINDOWS\system32\vidcap.ax
2008-06-21 16:11 . 2008-06-21 16:19 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-06-21 16:04 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\[u]0[/u]03113_.tmp
2008-06-21 15:23 . 2008-06-21 15:23 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-06-21 15:23 . 2008-06-21 15:23 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2008-06-21 15:01 . 2008-06-21 15:01 2,645 --a------ C:\WINDOWS\system32\NMMediaServer.cfg
2008-06-20 22:06 . 2008-06-26 21:04 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-06-20 21:52 . 2008-06-20 21:52 <DIR> d-------- C:\Program Files\NeroInstall.bak
2008-06-20 21:50 . 2008-06-20 21:50 <DIR> d-------- C:\Documents and Settings\yelias12\Application Data\Nero
2008-06-20 21:08 . 2008-06-26 20:02 <DIR> d-------- C:\Program Files\Orbitdownloader
2008-06-20 21:08 . 2008-06-24 11:30 <DIR> d-------- C:\downloads
2008-06-20 21:08 . 2008-06-30 10:57 <DIR> d-------- C:\Documents and Settings\yelias12\Application Data\Orbit
2008-06-20 21:08 . 2008-06-20 21:12 <DIR> d-------- C:\Documents and Settings\yelias12\Application Data\GrabPro
2008-06-20 20:33 . 2008-06-20 20:33 0 --a------ C:\WINDOWS\Irremote.ini
2008-06-20 20:07 . 2006-11-13 14:45 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-06-20 20:07 . 2006-12-13 17:52 20,992 --a------ C:\WINDOWS\system32\drivers\motmodem.sys
2008-06-20 19:12 . 2008-06-27 19:51 <DIR> d-------- C:\Documents and Settings\yelias12\Application Data\LimeWire
2008-06-20 19:06 . 2008-06-20 19:06 <DIR> d-------- C:\Program Files\Avanquest update
2008-06-20 19:05 . 2008-06-20 19:06 <DIR> d-------- C:\Program Files\Motorola Phone Tools
2008-06-20 19:05 . 2008-06-20 19:05 <DIR> d-------- C:\Program Files\Common Files\Motorola Shared
2008-06-20 19:05 . 2008-06-20 19:05 <DIR> d-------- C:\Documents and Settings\yelias12\Application Data\InstallShield
2008-06-20 19:05 . 2008-06-21 15:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-06-19 16:54 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-06-19 16:33 . 2008-06-19 16:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-06-18 10:21 . 2008-06-18 10:21 <DIR> d-------- C:\WINDOWS\system32\DRM
2008-06-18 09:58 . 2008-06-20 21:45 <DIR> d-------- C:\Program Files\Nero
2008-06-18 09:58 . 2008-06-20 21:48 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-06-18 09:58 . 2008-06-20 21:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-06-17 21:48 . 2008-06-17 21:49 <DIR> d-------- C:\Program Files\LimeWire
2008-06-17 21:11 . 2008-06-17 21:11 <DIR> d-------- C:\Documents and Settings\yelias12\Application Data\InterVideo
2008-06-17 19:19 . 2008-06-17 19:19 <DIR> d-------- C:\Program Files\iPod
2008-06-17 19:18 . 2008-06-17 19:19 <DIR> d-------- C:\Program Files\iTunes
2008-06-17 19:18 . 2008-06-17 19:18 <DIR> d-------- C:\Program Files\Bonjour
2008-06-17 19:17 . 2008-06-17 19:18 <DIR> d-------- C:\Program Files\QuickTime
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-30 00:59 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-06-27 03:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-25 00:33 --------- d-----w C:\Program Files\Apple Software Update
2008-06-24 12:00 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-17 09:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-17 08:20 --------- d-----w C:\Program Files\Microsoft Works
2008-05-13 01:53 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-04-13 19:42 69,120 ----a-w C:\WINDOWS\notepad.exe
2008-04-13 19:42 50,688 ----a-w C:\WINDOWS\twain_32.dll
2008-04-13 19:42 283,648 ----a-w C:\WINDOWS\winhlp32.exe
2008-04-13 19:42 146,432 ----a-w C:\WINDOWS\regedit.exe
2008-04-13 19:42 10,752 ----a-w C:\WINDOWS\hh.exe
2008-04-13 19:42 1,033,728 ----a-w C:\WINDOWS\explorer.exe
2008-04-13 19:41 451,072 ----a-w C:\WINDOWS\AppPatch\aclayers.dll
2008-04-13 19:41 39,424 ----a-w C:\WINDOWS\AppPatch\acadproc.dll
2008-04-13 19:41 245,248 ----a-w C:\WINDOWS\AppPatch\acspecfc.dll
2008-04-13 19:41 141,312 ----a-w C:\WINDOWS\AppPatch\aclua.dll
2008-04-13 19:41 116,224 ----a-w C:\WINDOWS\AppPatch\acxtrnal.dll
2008-04-13 19:41 1,852,928 ----a-w C:\WINDOWS\AppPatch\acgenral.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{C55BBCD6-41AD-48AD-9953-3609C48EACC7}"= "C:\Program Files\Orbitdownloader\GrabPro.dll" [2008-06-10 10:47 457848]
[HKEY_CLASSES_ROOT\clsid\{c55bbcd6-41ad-48ad-9953-3609c48eacc7}]
[HKEY_CLASSES_ROOT\GrabPro.FindBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{8091D09E-B01D-4D32-AC66-BBF8916BB1CF}]
[HKEY_CLASSES_ROOT\GrabPro.FindBar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{C55BBCD6-41AD-48AD-9953-3609C48EACC7}"= C:\Program Files\Orbitdownloader\GrabPro.dll [2008-06-10 10:47 457848]
[HKEY_CLASSES_ROOT\clsid\{c55bbcd6-41ad-48ad-9953-3609c48eacc7}]
[HKEY_CLASSES_ROOT\GrabPro.FindBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{8091D09E-B01D-4D32-AC66-BBF8916BB1CF}]
[HKEY_CLASSES_ROOT\GrabPro.FindBar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-29 23:32 65536]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2008-02-28 17:07 132392]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:42 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2006-02-28 22:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 22:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 22:00 455168]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2004-03-23 23:40 196608]
"PSQLLauncher"="C:\Program Files\Protector Suite QL\launcher.exe" [2006-05-05 16:36 30208]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 11:37 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 10:41 602182]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-16 13:25 7340032]
"nwiz"="nwiz.exe" [2005-12-16 13:25 1519616 C:\WINDOWS\system32\nwiz.exe]
"NVRotateSysTray"="C:\WINDOWS\system32\nvsysrot.dll" [2005-12-16 13:25 49152]
"00THotkey"="C:\WINDOWS\system32\[u]0[/u]0THotkey.exe" [2005-02-28 23:43 245760]
"000StTHK"="000StTHK.exe" [2001-06-23 03:28 24576 C:\WINDOWS\system32\[u]0[/u]00StTHK.exe]
"TFncKy"="TFncKy.exe" []
"TMESRV.EXE"="C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE" [2005-12-14 11:00 126976]
"TMERzCtl.EXE"="C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE" [2005-12-20 13:39 86016]
"TMESBS.EXE"="C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE" [2003-08-01 13:56 86016]
"DpUtil"="C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe" [2005-06-28 19:11 155648]
"ThpSrv"="thpsrv" []
"TFNF5"="TFNF5.exe" [2005-12-26 09:56 581632 C:\WINDOWS\system32\TFNF5.exe]
"TAudEffect"="C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe" [2005-10-05 11:33 344144]
"TPSMain"="TPSMain.exe" [2005-12-15 13:28 315392 C:\WINDOWS\system32\TPSMain.exe]
"TPSODDCtl"="TPSODDCtl.exe" [2005-12-15 13:28 110592 C:\WINDOWS\system32\TPSODDCtl.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 05:29 88203 C:\WINDOWS\agrsmmsg.exe]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 15:13 122880]
"TosHKCW.exe"="C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2005-05-17 10:42 49152]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 11:38 52840]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-12-21 04:29 125632]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-09 00:18 57344]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 11:13 267048]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 05:42 15360]
C:\Documents and Settings\IT\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [9/9/2005 12:12:44 AM 113664]
C:\Documents and Settings\yelias12\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [9/9/2005 12:12:44 AM 113664]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Orbit.lnk - C:\Program Files\Orbitdownloader\orbitdm.exe [6/20/2008 9:08:54 PM 1690824]
PC Health.lnk - C:\Program Files\TOSHIBA\TOSHIBA Management Console\TOSHealthLocalS.vbs [12/7/2006 2:55:18 PM 3531]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [12/7/2006 12:34:24 PM 155648]
SMART Board Tools.lnk - C:\Program Files\SMART Board Software\SMARTBoardTools.exe [9/18/2006 3:53:26 AM 3395584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"ngzqfsjs"= {8290f165-137b-486d-89f1-94c7cb225aa5} - C:\Documents and Settings\All Users\Application Data\ngzqfsjs.dll [2008-06-23 17:40 106496]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
psqlpwd.dll 2006-05-05 16:48 40448 C:\WINDOWS\system32\psqlpwd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Nero\\Nero8\\Nero MediaHome\\NeroMediaHome.exe"=
"C:\\Program Files\\Nero\\Nero8\\Nero MediaHome\\NMMediaServer.exe"=
"C:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\english\\setup.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2334:TCP"= 2334:TCP:RSA Exception
"2967:TCP"= 2967:TCP:10.18.2.8/255.255.255.255:Enabled:SAV2967
"2967:UDP"= 2967:UDP:10.18.2.8/255.255.255.255:Enabled:SAV2967
"38293:TCP"= 38293:TCP:10.18.2.8/255.255.255.255:Enabled:SAV38293
"38293:UDP"= 38293:UDP:10.18.2.8/255.255.255.255:Enabled:SAV38293
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\WINDOWS\system32\DRIVERS\thpdrv.sys [2004-12-27 22:31]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\WINDOWS\system32\DRIVERS\Thpevm.SYS [2004-11-13 11:24]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 09:20]
R1 TMEI3E;TMEI3E;C:\WINDOWS\system32\Drivers\TMEI3E.SYS [2004-06-16 10:08]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 09:16]
R2 FdRedir;FdRedir;C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [2006-05-05 17:00]
R2 FileDisk2;FileDisk Protector Kernel Driver;C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys [2006-05-05 16:59]
R2 smihlp;SMI helper driver;C:\Program Files\Protector Suite QL\smihlp.sys [2006-05-05 16:33]
R2 Tmesbs;Tmesbs32;"C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe" /Service []
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-14 05:42]
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2005-06-10 14:26]
R3 TEchoCan;Toshiba Audio Effect;C:\WINDOWS\system32\DRIVERS\TEchoCan.sys [2005-12-26 16:59]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-06-24 22:01]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
"2008-06-30 01:00:06 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
"2008-06-25 00:33:27 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-06-30 10:59:37 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\nview.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSVCS.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\SMART Board Software\SMARTBoardService.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Apoint2K\ApntEx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\TME3\TMEEJME.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\SMART Board Software\Aware.exe
C:\Program Files\SMART Board Software\Marker.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-06-30 11:03:47 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-30 01:03:40
Pre-Run: 5,890,551,808 bytes free
Post-Run: 5,936,889,856 bytes free
368
| 
|