Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How To Get Rid Of Mdmcls32.exe


  • Please log in to reply
3 replies to this topic

#1 Znix

Znix

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 11 February 2008 - 10:37 PM

hi this file has been giving me a lot of trouble, i got it when i installed CA security suite 2007. i uninstalled CA but this file does not delete. it stops me from playing all online games, like war craft, star craft, counter strike etc. it freezes the games midway. weird thing tho, is that it doesn't stop games that are not online. i can play things like call of duty offline no problem. well i'll be glad if you can help me.

HIJACKTHIS

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:36:46 PM, on 11/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Bentley Shared\IEG\IEGLCS\IEGLicSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svcprs32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\SVCHOST.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Documents and Settings\Owner.YOUR-07A09DE0EE\Desktop\HijackThis.exe
C:\WINDOWS\system32\mdmcls32.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\system32\regsvr32.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CallingIDIE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SVCHOST] C:\WINDOWS\MDM.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [5c61653c] rundll32.exe "C:\WINDOWS\system32\ikwwpkfy.dll",b
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [SBRegRebootCleaner] C:\Program Files\Sunbelt Software\CounterSpy\SBRC.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {43F25BA2-C4AB-4327-924C-1ED6AF4A6BA1} (activePhone Control) - https://www.mywebcalls.com/activePhone.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{41874D0B-08D9-4BD3-9543-C7E01879DDEC}: NameServer = 192.168.15.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Bentley License Client (IEGLicSrv) - Bentley Systems Inc. - C:\Program Files\Common Files\Bentley Shared\IEG\IEGLCS\IEGLicSrv.exe
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: HIPS Event Manager (UmxAgent) - Unknown owner - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe (file missing)
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - Unknown owner - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe (file missing)
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - Unknown owner - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe (file missing)
O23 - Service: HIPS Policy Manager (UmxPol) - Unknown owner - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe (file missing)
O23 - Service: WinSock Svchost Manager (WinSvchostManager) - Unknown owner - C:\WINDOWS\system32\svcprs32.exe

--
End of file - 9832 bytes

Edited by Znix, 12 February 2008 - 04:53 PM.


BC AdBot (Login to Remove)

 


#2 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,021 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:21 AM

Posted 18 February 2008 - 11:00 AM

Hi Znix,

That file does appear to be associated with CA products, but there is not very much good information to be found about it. We will see if we can get to the bottom of what is going on with that, but you do also have a Vundo infection present that we need to clean up first.

Before we begin, you should put HijackThis into its own folder so that the backups it makes when items are fixed are secure. Create a folder on your desktop and drag HijackThis.exe into it and run it from there from now on.

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
And I may be obliged to defend
Every love every ending
Or maybe there's no obligations now,
Maybe I've a reason to believe
We all will be received
In Graceland--Paul Simon

#3 Znix

Znix
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 18 February 2008 - 06:54 PM

ok, thanks for your response... Following is my new hijackthis and ComboFix..and sorry i forgot to install the recovery console thing. if its of severe importance let me know, or we can continue.

Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:50:43 PM, on 18/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Bentley Shared\IEG\IEGLCS\IEGLicSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svcprs32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\system32\mdmcls32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner.YOUR-07A09DE0EE\Desktop\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CallingIDIE.dll
O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CallingIDIE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SBRegRebootCleaner] C:\Program Files\Sunbelt Software\CounterSpy\SBRC.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {43F25BA2-C4AB-4327-924C-1ED6AF4A6BA1} (activePhone Control) - https://www.mywebcalls.com/activePhone.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{41874D0B-08D9-4BD3-9543-C7E01879DDEC}: NameServer = 192.168.15.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: hggedaa - hggedaa.dll (file missing)
O20 - Winlogon Notify: rqrqrqo - rqrqrqo.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Bentley License Client (IEGLicSrv) - Bentley Systems Inc. - C:\Program Files\Common Files\Bentley Shared\IEG\IEGLCS\IEGLicSrv.exe
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: HIPS Event Manager (UmxAgent) - Unknown owner - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe (file missing)
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - Unknown owner - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe (file missing)
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - Unknown owner - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe (file missing)
O23 - Service: HIPS Policy Manager (UmxPol) - Unknown owner - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WinSock Svchost Manager (WinSvchostManager) - Unknown owner - C:\WINDOWS\system32\svcprs32.exe

--
End of file - 10914 bytes

ComboFix
ComboFix 08-02-18.1 - Owner 2008-02-18 18:22:27.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.397 [GMT -5:00]
Running from: C:\Documents and Settings\Owner.YOUR-07A09DE0EE\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\cgedvupp.dll
C:\WINDOWS\system32\iifcdde.dll
C:\WINDOWS\system32\ikwwpkfy.dll
C:\WINDOWS\system32\vulckaow.dll
C:\WINDOWS\system32\wkgjiyuw.dll
C:\WINDOWS\system32\xcjppacm.dll
C:\Autorun.inf
C:\check_LSA7.txt
C:\Documents and Settings\Owner.YOUR-07A09DE0EE\Application Data\macromedia\Flash Player\#SharedObjects\7X5EC93X\iforex.com
C:\Documents and Settings\Owner.YOUR-07A09DE0EE\Application Data\macromedia\Flash Player\#SharedObjects\7X5EC93X\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\Owner.YOUR-07A09DE0EE\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\Owner.YOUR-07A09DE0EE\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Program Files\SecCenter
C:\Program Files\SecCenter\scprot4.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\g.exe
C:\WINDOWS\svchost.ini
C:\WINDOWS\system32\abeeg.bak1
C:\WINDOWS\system32\abeeg.bak2
C:\WINDOWS\system32\abeeg.ini
C:\WINDOWS\system32\abeeg.ini2
C:\WINDOWS\system32\abeeg.tmp
C:\WINDOWS\system32\abeeg.tmp2
C:\WINDOWS\system32\abnsonge.dll
C:\WINDOWS\system32\adbxvgbf.dll
C:\WINDOWS\system32\adeeg.bak1
C:\WINDOWS\system32\adeeg.bak2
C:\WINDOWS\system32\adeeg.ini
C:\WINDOWS\system32\adeeg.ini2
C:\WINDOWS\system32\adeeg.tmp2
C:\WINDOWS\system32\atbgoxqw.dll
C:\WINDOWS\system32\awvvu.dll
C:\WINDOWS\system32\bflngbjw.ini
C:\WINDOWS\system32\bsdaovae.dll
C:\WINDOWS\system32\bujlqrmg.dll
C:\WINDOWS\system32\bwinwiyu.dll
C:\WINDOWS\system32\cawbaeks.ini
C:\WINDOWS\system32\cddwjqla.dll
C:\WINDOWS\system32\cgedvupp.dll
C:\WINDOWS\system32\cjdqfeuv.dll
C:\WINDOWS\system32\cobbfsvw.ini
C:\WINDOWS\system32\cpulhjuy.dll
C:\WINDOWS\system32\ddvwmtll.ini
C:\WINDOWS\system32\dhoekajq.dll
C:\WINDOWS\system32\din.ip
C:\WINDOWS\system32\dmatgcsp.ini
C:\WINDOWS\system32\dmojpvgl.dll
C:\WINDOWS\system32\drivers\cell_bg.gif
C:\WINDOWS\system32\drivers\cell_footer.gif
C:\WINDOWS\system32\drivers\cell_header_block.gif
C:\WINDOWS\system32\drivers\cell_header_remove.gif
C:\WINDOWS\system32\drivers\cell_header_scan.gif
C:\WINDOWS\system32\drivers\download_btn.jpg
C:\WINDOWS\system32\drivers\download_now_btn.gif
C:\WINDOWS\system32\drivers\sfsync02.sys
C:\WINDOWS\system32\drsaokff.dll
C:\WINDOWS\system32\drxewjsi.dll
C:\WINDOWS\system32\dsarilnw.ini
C:\WINDOWS\system32\dwvualqr.dll
C:\WINDOWS\system32\dxjjqpvm.dll
C:\WINDOWS\system32\egjquajb.dll
C:\WINDOWS\system32\eglcrthp.ini
C:\WINDOWS\system32\eqdhscfe.dll
C:\WINDOWS\system32\ertyjoqj.dll
C:\WINDOWS\system32\ertyjoqj.dllbox
C:\WINDOWS\system32\eyqntuwl.ini
C:\WINDOWS\system32\fbgvxbda.ini
C:\WINDOWS\system32\ffkoasrd.ini
C:\WINDOWS\system32\frlnbsbg.dll
C:\WINDOWS\system32\gbsbnlrf.ini
C:\WINDOWS\system32\geeba.dll
C:\WINDOWS\system32\geeda.dll
C:\WINDOWS\system32\gkgslyov.ini
C:\WINDOWS\system32\gltseugo.dll
C:\WINDOWS\system32\gmpohixp.ini
C:\WINDOWS\system32\gmtyouls.dll
C:\WINDOWS\system32\gxhsbmbx.dll
C:\WINDOWS\system32\hhkmp.bak1
C:\WINDOWS\system32\hhkmp.ini
C:\WINDOWS\system32\hhkmp.ini2
C:\WINDOWS\system32\hhkmp.tmp
C:\WINDOWS\system32\hmbyosof.dll
C:\WINDOWS\system32\hnvvrjwq.dll
C:\WINDOWS\system32\ifxjxrps.ini
C:\WINDOWS\system32\iifcdde.dll
C:\WINDOWS\system32\ikwwpkfy.dll
C:\WINDOWS\system32\inpetfwx.dll
C:\WINDOWS\system32\isjwexrd.ini
C:\WINDOWS\system32\jbhxwljy.dll
C:\WINDOWS\system32\jbmhheil.dll
C:\WINDOWS\system32\jtkujdud.dll
C:\WINDOWS\system32\jtlnyhmy.ini
C:\WINDOWS\system32\kambzeaw.dll
C:\WINDOWS\system32\kambzeaw.dllbox
C:\WINDOWS\system32\kkeqbjpq.dll
C:\WINDOWS\system32\liehhmbj.ini
C:\WINDOWS\system32\lkcd0p7.dll
C:\WINDOWS\system32\lvgwwvae.dll
C:\WINDOWS\system32\mahphljs.dll
C:\WINDOWS\system32\mbtvlbsw.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mhtwegrs.ini
C:\WINDOWS\system32\mjewbkbf.dll
C:\WINDOWS\system32\mkghj.dll
C:\WINDOWS\system32\mtnbrtbn.dll
C:\WINDOWS\system32\nbtrbntm.ini
C:\WINDOWS\system32\nerhhymb.dll
C:\WINDOWS\system32\nhkogler.ini
C:\WINDOWS\system32\nmglitpd.dll
C:\WINDOWS\system32\nvguxlao.dll
C:\WINDOWS\system32\oacuygam.dll
C:\WINDOWS\system32\oalxugvn.ini
C:\WINDOWS\system32\oguestlg.ini
C:\WINDOWS\system32\pfwbyklg.dll
C:\WINDOWS\system32\pmkhh.dll
C:\WINDOWS\system32\ppvujmqa.dll
C:\WINDOWS\system32\prsgrc.dll
C:\WINDOWS\system32\pscgtamd.dll
C:\WINDOWS\system32\pxihopmg.dll
C:\WINDOWS\system32\qcaxcile.dll
C:\WINDOWS\system32\qdtrykox.dll
C:\WINDOWS\system32\qjakeohd.ini
C:\WINDOWS\system32\qpjbqekk.ini
C:\WINDOWS\system32\qqntdoei.dll
C:\WINDOWS\system32\qttss.tmp
C:\WINDOWS\system32\qttss.tmp2
C:\WINDOWS\system32\qwtcptvm.ini
C:\WINDOWS\system32\rbijogts.dll
C:\WINDOWS\system32\relgokhn.dll
C:\WINDOWS\system32\revnykng.dll
C:\WINDOWS\system32\rgjhtvhr.dll
C:\WINDOWS\system32\rglybuwc.dll
C:\WINDOWS\system32\rhvthjgr.ini
C:\WINDOWS\system32\robofxqm.dll
C:\WINDOWS\system32\sjlhpham.ini
C:\WINDOWS\system32\sjygwexs.ini
C:\WINDOWS\system32\stfv.bin
C:\WINDOWS\system32\sxewgyjs.dll
C:\WINDOWS\system32\tbeecsga.dll
C:\WINDOWS\system32\tppwijba.ini
C:\WINDOWS\system32\txkpcawa.dll
C:\WINDOWS\system32\uvvwa.bak1
C:\WINDOWS\system32\uvvwa.ini
C:\WINDOWS\system32\vbmivswv.dll
C:\WINDOWS\system32\vfhciaxv.dll
C:\WINDOWS\system32\vfkgvtco.dll
C:\WINDOWS\system32\voylsgkg.dll
C:\WINDOWS\system32\vulckaow.dll
C:\WINDOWS\system32\vxaichfv.ini
C:\WINDOWS\system32\weqcrkgn.dll
C:\WINDOWS\system32\wjbgnlfb.dll
C:\WINDOWS\system32\wkgjiyuw.dll
C:\WINDOWS\system32\wlfkkbbt.dll
C:\WINDOWS\system32\woakcluv.ini
C:\WINDOWS\system32\wvsfbboc.dll
C:\WINDOWS\system32\xcjppacm.dll
C:\WINDOWS\system32\xkbcmcgb.dll
C:\WINDOWS\system32\xnqnfrfi.ini
C:\WINDOWS\system32\xnxkiaeu.dll
C:\WINDOWS\system32\xxnjsktf.ini
C:\WINDOWS\system32\yfkpwwki.ini
C:\WINDOWS\system32\yjlwxhbj.ini
C:\WINDOWS\system32\ymhynltj.dll
C:\WINDOWS\system32\yoouvuce.dll
C:\WINDOWS\system32\ypmmjixy.dll
C:\WINDOWS\system32\yujhlupc.ini
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NPF
-------\LEGACY_SFSYNC02
-------\sfsync02


((((((((((((((((((((((((( Files Created from 2008-01-18 to 2008-02-18 )))))))))))))))))))))))))))))))
.

2008-02-18 18:08 . 2008-02-18 18:09 <DIR> d-------- C:\Documents and Settings\Owner.YOUR-07A09DE0EE\Contacts
2008-02-18 02:21 . 2008-02-18 02:21 268 --ah----- C:\sqmdata18.sqm
2008-02-18 02:21 . 2008-02-18 02:21 244 --ah----- C:\sqmnoopt18.sqm
2008-02-17 14:05 . 2008-02-17 14:05 <DIR> d-------- C:\Documents and Settings\Farhana\Application Data\MailFrontier
2008-02-16 15:57 . 2008-02-16 15:57 <DIR> d-------- C:\Documents and Settings\Amana\Application Data\MailFrontier
2008-02-15 13:39 . 2008-02-15 13:39 <DIR> d-------- C:\Documents and Settings\Alisha\Application Data\MailFrontier
2008-02-15 11:48 . 2008-02-15 11:49 <DIR> d-------- C:\Program Files\DivX
2008-02-15 10:15 . 2008-02-15 10:15 <DIR> d-------- C:\Program Files\Zone Labs
2008-02-15 10:15 . 2008-02-15 13:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-02-15 10:15 . 2007-11-14 16:05 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-02-14 08:05 . 2008-02-14 18:03 172,522 --a------ C:\WINDOWS\system32\abeeg.bakt
2008-02-13 17:04 . 2008-02-13 20:51 <DIR> d-------- C:\Program Files\The All-Seeing Eye
2008-02-13 17:01 . 2008-02-13 17:01 268 --ah----- C:\sqmdata17.sqm
2008-02-13 17:01 . 2008-02-13 17:01 244 --ah----- C:\sqmnoopt17.sqm
2008-02-13 12:40 . 2008-02-13 12:40 6,516 --ahs---- C:\WINDOWS\system32\ilnmp.tmp
2008-02-12 21:11 . 2008-02-12 22:30 24,416 --ahs---- C:\WINDOWS\system32\cdeeg.tmp
2008-02-12 16:59 . 2008-02-12 16:59 1,212,416 --a------ C:\WINDOWS\system32\mdmcls32.exe
2008-02-12 16:37 . 2008-02-12 16:37 <DIR> d-------- C:\Program Files\MagicDisc
2008-02-12 16:37 . 2008-02-11 23:36 92,544 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys
2008-02-11 22:28 . 2008-02-11 22:42 6,773,987 --a------ C:\WINDOWS\system32\SBSP.dat
2008-02-11 22:28 . 2008-02-11 22:42 19,072 --a------ C:\WINDOWS\system32\SBFC.dat
2008-02-11 22:28 . 2008-02-11 22:39 374 --a------ C:\WINDOWS\system32\SBRC.dat
2008-02-11 22:22 . 2008-02-11 22:22 <DIR> d-------- C:\Documents and Settings\Owner.YOUR-07A09DE0EE\Application Data\Sunbelt Software
2008-02-09 13:20 . 2008-02-14 18:55 45 --a------ C:\TEST.XML
2008-02-09 12:23 . 2008-02-09 12:24 <DIR> d-------- C:\Program Files\MagicISO
2008-02-09 09:58 . 2008-02-09 09:58 <DIR> d-------- C:\WINDOWS\nview
2008-02-09 09:58 . 2008-02-09 09:58 <DIR> d-------- C:\NVIDIA
2008-02-09 09:58 . 2008-02-16 13:13 163,353 --a------ C:\WINDOWS\system32\nvapps.xml
2008-02-09 09:58 . 2007-12-05 01:41 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-02-09 09:08 . 2008-02-09 09:08 664 --a------ C:\WINDOWS\system32\d3d9caps.tmp
2008-02-08 23:09 . 2008-02-08 23:09 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-02-08 23:02 . 2008-02-08 23:02 <DIR> d-------- C:\dell
2008-02-06 20:43 . 2008-02-17 08:16 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-06 20:43 . 2008-02-06 20:43 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-05 15:39 . 2008-02-05 15:39 130,832 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-02-04 22:38 . 2008-02-13 17:08 <DIR> d-------- C:\Program Files\Activision
2008-02-04 22:37 . 2008-02-12 19:42 533 --a------ C:\WINDOWS\Tcsofla.INI
2008-02-04 20:26 . 2008-02-04 20:26 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2008-02-04 18:00 . 2008-02-04 18:00 <DIR> d-------- C:\Program Files\AnswerWorks 4.0
2008-02-04 17:56 . 2008-02-04 18:01 <DIR> d-------- C:\Program Files\AutoCAD 2007
2008-02-04 17:56 . 2008-02-04 18:06 <DIR> d-------- C:\Documents and Settings\Owner.YOUR-07A09DE0EE\Application Data\Autodesk
2008-02-04 17:56 . 2008-02-04 18:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2008-02-04 17:53 . 2008-02-04 18:01 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-02-04 17:53 . 2008-02-04 17:53 <DIR> d-------- C:\Program Files\Autodesk
2008-02-03 22:22 . 2008-02-03 22:22 268 --ah----- C:\sqmdata02.sqm
2008-02-03 22:22 . 2008-02-03 22:22 244 --ah----- C:\sqmnoopt02.sqm
2008-02-02 12:58 . 2008-02-02 12:58 <DIR> d-------- C:\Program Files\uTorrent
2008-02-01 21:25 . 2008-02-10 12:28 <DIR> d-------- C:\Program Files\BYOND
2008-02-01 21:20 . 2007-07-31 12:50 99,592 --a------ C:\WINDOWS\system32\isafeif.dll
2008-02-01 21:20 . 2007-07-31 12:50 79,424 --a------ C:\WINDOWS\system32\vetredir.dll
2008-02-01 18:23 . 2008-02-11 21:46 108,336 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k0
2008-02-01 18:23 . 2008-02-11 21:46 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k7
2008-02-01 18:23 . 2008-02-11 21:46 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k6
2008-02-01 18:23 . 2008-02-11 21:46 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k5
2008-02-01 18:23 . 2008-02-11 21:46 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k4
2008-02-01 18:23 . 2008-02-11 21:46 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k3
2008-02-01 18:23 . 2008-02-11 21:46 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k2
2008-02-01 18:23 . 2008-02-11 21:46 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k1
2008-02-01 17:01 . 2008-02-01 17:01 <DIR> d-------- C:\Documents and Settings\Owner.YOUR-07A09DE0EE\Application Data\PrevxCSI
2008-02-01 17:01 . 2008-02-01 17:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-02-01 16:59 . 2008-02-01 16:59 1,212,416 --a------ C:\WINDOWS\system32\dada.exe
2008-02-01 16:54 . 2008-02-01 17:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-02-01 16:00 . 2008-02-15 10:25 <DIR> d-------- C:\Documents and Settings\Owner.YOUR-07A09DE0EE\Application Data\MailFrontier
2008-02-01 15:55 . 2008-02-18 18:45 6,313,248 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-01 15:55 . 2008-02-18 18:41 85,604 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-01 15:55 . 2008-02-01 17:47 23,584 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-02-01 15:55 . 2008-02-01 17:47 3,260 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-02-01 15:50 . 2008-02-15 21:35 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2008-02-01 12:23 . 2008-02-15 10:23 4,212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2008-02-01 12:22 . 2008-02-18 18:42 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-01-31 19:58 . 2002-08-07 15:10 112 --a------ C:\WINDOWS\BEMAS.INI
2008-01-31 19:57 . 2006-06-09 03:23 14,053 --a------ C:\WINDOWS\STFOUND.ini
2008-01-31 19:57 . 2004-12-09 17:10 8,214 --a------ C:\WINDOWS\SProRC20060.ini
2008-01-31 19:57 . 2001-08-01 13:06 6,888 --a------ C:\WINDOWS\Etc.ini
2008-01-31 19:56 . 2006-03-15 16:50 2,348 --a------ C:\WINDOWS\STAAD Pro Language 2006.ini
2008-01-31 19:53 . 2008-01-31 19:58 14,845 --a------ C:\WINDOWS\Staad_etc.ini
2008-01-31 19:53 . 2008-02-10 20:09 14,236 --a------ C:\WINDOWS\staadpro20060.ini
2008-01-31 19:30 . 2008-01-31 19:30 <DIR> d-------- C:\Program Files\Common Files\Bentley Shared
2008-01-31 19:30 . 2008-01-31 19:58 1,286,144 --a------ C:\WINDOWS\system32\NGWinSys.dll
2008-01-31 19:30 . 2008-01-31 19:58 708,608 --a------ C:\WINDOWS\system32\Resecure60.dll
2008-01-31 19:30 . 2008-01-31 19:58 458,752 --a------ C:\WINDOWS\system32\LiveUpdate.dll
2008-01-31 19:30 . 2008-01-31 19:58 6,536 --a------ C:\WINDOWS\system32\WinGPDrv.dat
2008-01-31 19:30 . 2008-01-31 19:58 6,530 --a------ C:\WINDOWS\system32\NGWinDrv.dat
2008-01-31 19:30 . 2008-01-31 19:30 1,025 --a------ C:\WINDOWS\system32\lqvylp4.tgz
2008-01-31 19:29 . 2008-01-31 19:29 <DIR> d-------- C:\Program Files\VectorDraw
2008-01-31 19:28 . 2002-07-14 19:42 6,135,873 --a------ C:\WINDOWS\system32\craxdrt9.dll
2008-01-31 19:28 . 2002-07-15 23:54 462,848 --a------ C:\WINDOWS\system32\DFORMD.DLL
2008-01-31 19:28 . 2002-07-15 23:52 454,656 --a------ C:\WINDOWS\system32\DFORRT.DLL
2008-01-31 19:28 . 1995-10-04 11:30 395,776 --a------ C:\WINDOWS\system32\MSFRT40.DLL
2008-01-31 19:27 . 2008-01-31 19:58 <DIR> d-------- C:\SPro2006
2008-01-31 19:27 . 2003-11-02 07:26 1,344,816 --a------ C:\WINDOWS\system32\SBE6_32.DLL
2008-01-31 19:27 . 2003-11-02 06:43 550,576 --a------ C:\WINDOWS\system32\SB6ENT.OCX
2008-01-31 19:27 . 2002-12-09 13:57 330,794 --a------ C:\WINDOWS\system32\SBE6_000.HLP
2008-01-31 19:27 . 2002-07-10 07:14 6,575 --a------ C:\WINDOWS\system32\SBE6_000.CNT
2008-01-30 18:34 . 2008-01-30 18:34 <DIR> d-------- C:\Program Files\LimeWire
2008-01-30 17:59 . 2008-01-30 17:59 <DIR> d-------- C:\Program Files\ESET
2008-01-30 17:57 . 2008-01-30 17:57 <DIR> d-------- C:\Documents and Settings\Owner.YOUR-07A09DE0EE\Application Data\ESET
2008-01-30 17:54 . 2008-01-30 17:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-01-27 22:01 . 2008-01-27 22:11 <DIR> d-------- C:\Documents and Settings\Owner.YOUR-07A09DE0EE\Application Data\UseNeXT
2008-01-27 12:43 . 2008-02-18 12:03 <DIR> d-------- C:\Documents and Settings\Alisha\Application Data\CallingID

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-17 17:08 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-02-17 04:02 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-02-17 00:55 --------- d-----w C:\Documents and Settings\Owner.YOUR-07A09DE0EE\Application Data\LimeWire
2008-02-16 23:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-12 21:59 22,328 ----a-w C:\Documents and Settings\Owner.YOUR-07A09DE0EE\Application Data\PnkBstrK.sys
2008-02-12 02:54 --------- d-----w C:\Program Files\CA
2008-02-09 19:30 359,040 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2008-02-05 01:25 --------- d-----w C:\Program Files\BitComet
2008-02-03 02:46 --------- d--h--w C:\Documents and Settings\Owner.YOUR-07A09DE0EE\Application Data\ijjigame
2008-02-03 02:46 --------- d-----w C:\Program Files\Warcraft III
2008-02-01 22:54 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-01 22:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-01 17:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-01 01:47 --------- d-----w C:\Program Files\dizgxstm
2008-01-31 02:11 --------- d-----w C:\Program Files\WC3Banlist
2008-01-27 01:15 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-27 01:15 --------- d-----w C:\Program Files\MSN Messenger
2008-01-27 00:58 --------- d-----w C:\Program Files\NCSoft
2008-01-23 02:38 --------- d-----w C:\Program Files\Real
2008-01-23 02:38 --------- d-----w C:\Program Files\Common Files\Real
2008-01-17 03:47 --------- d--h--w C:\Documents and Settings\Owner.YOUR-07A09DE0EE\Application Data\yahoo!
2008-01-17 03:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-01-16 02:27 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-16 02:25 --------- d-----w C:\Program Files\Yahoo!
2008-01-14 01:53 --------- d-----w C:\Documents and Settings\Amana\Application Data\PC Suite
2008-01-14 00:14 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\PC Suite
2008-01-09 23:49 --------- d-----w C:\Documents and Settings\Owner.YOUR-07A09DE0EE\Application Data\Eltima Software
2008-01-06 01:01 --------- d-----w C:\Documents and Settings\Owner.YOUR-07A09DE0EE\Application Data\PC Suite
2008-01-05 23:01 --------- d-----w C:\Documents and Settings\Alisha\Application Data\PC Suite
2008-01-05 22:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-01-05 22:28 --------- d-----w C:\Program Files\DIFX
2008-01-05 22:27 --------- d-----w C:\Program Files\Nokia
2008-01-05 22:27 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-01-05 22:27 --------- d-----w C:\Program Files\Common Files\Nokia
2008-01-05 22:26 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-01-05 22:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-01-03 02:26 --------- d-----w C:\Documents and Settings\Owner.YOUR-07A09DE0EE\Application Data\Canon
2007-12-20 04:10 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-19 00:41 --------- d--h--r C:\Documents and Settings\Amana\Application Data\yahoo!
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-09-13 02:36 0 ----a-w C:\Documents and Settings\Owner.YOUR-07A09DE0EE\urlbase.bin
2007-09-13 02:36 0 ----a-w C:\Documents and Settings\Owner.YOUR-07A09DE0EE\ignoredomainsbase.bin
2007-09-13 01:44 0 ----a-w C:\Documents and Settings\Alisha\urlbase.bin
2007-09-13 01:44 0 ----a-w C:\Documents and Settings\Alisha\ignoredomainsbase.bin
2006-12-08 13:08 2,149 ----a-w C:\Program Files\Deployment.xml
2007-07-29 03:45 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

------- Sigcheck -------

"C:\WINDOWS\system32\drivers\tcpip.sys"
----a-w 359,936 2005-05-26 02:07:12 C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
----a-w 360,576 2006-04-20 19:18:35 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
----a-w 360,832 2007-10-30 16:53:32 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
-c----w 359,808 2005-05-26 02:04:02 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
-c----w 359,808 2007-08-08 20:00:05 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
----a-w 360,064 2007-10-30 17:20:55 C:\WINDOWS\SoftwareDistribution\Download\146ae5e7b51a37f45e0e5cf03d0d5e3c\sp2gdr\tcpip.sys
-c--a-w 360,064 2008-02-17 04:02:45 C:\WINDOWS\system32\dllcache\tcpip.sys
----a-w 360,064 2008-02-17 04:02:45 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-08-06 22:20 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 16:14 147456]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 13:31 1372160]
"Power2GoExpress"="" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2005-11-09 23:14 15473664 C:\WINDOWS\RTHDCPL.exe]
"readericon"="C:\Program Files\Digital Media Reader\readericon45G.exe" [2005-12-09 21:44 139264]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 22:56 64512]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 19:19 77312 C:\WINDOWS\arpwrmsg.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-11-02 12:02 98304]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"SBRegRebootCleaner"="C:\Program Files\Sunbelt Software\CounterSpy\SBRC.exe" [ ]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 09:01 437160]

C:\Documents and Settings\Amana\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

C:\Documents and Settings\Owner.YOUR-07A09DE0EE\Start Menu\Programs\Startup\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2008-02-12 16:37:20 546816]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}"= C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\CIDLinkAdvisor.dll [2007-10-15 21:40 1373624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggedaa]
hggedaa.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
UmxWnp.Dll 2007-05-18 14:30 79368 C:\WINDOWS\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrqrqo]
rqrqrqo.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GetRight - Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GetRight - Tray Icon.lnk
backup=C:\WINDOWS\pss\GetRight - Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Program Neighborhood Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Program Neighborhood Agent.lnk
backup=C:\WINDOWS\pss\Program Neighborhood Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner.YOUR-07A09DE0EE^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Owner.YOUR-07A09DE0EE\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
--a------ 2004-12-08 20:57 550912 C:\WINDOWS\zHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDrive]
C:\WINDOWS\system32\drvvuk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dizgxstm]
C:\Program Files\dizgxstm\jwfuzqfg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvHighMem]
C:\WINDOWS\cfgmng32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hobkzcte]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\hobkzcte.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayNC Launcher]
C:\Program Files\NCSoft\Launcher\NCLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
--a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedUpMyPC]
C:\Program Files\LIUtilities\SpeedUpMyPC\SpeedUpMyPC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SRS Audio Sandbox]
C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2006-10-18 20:05 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yhsrizez]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\yhsrizez.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrA"=2 (0x2)
"CA_LIC_CLNT"=3 (0x3)
"CaCCProvSP"=3 (0x3)

R2 IEGLicSrv;Bentley License Client;"C:\Program Files\Common Files\Bentley Shared\IEG\IEGLCS\IEGLicSrv.exe" [2006-07-14 07:44]
R2 WinSvchostManager;WinSock Svchost Manager;C:\WINDOWS\system32\svcprs32.exe [2007-07-29 10:49]
S0 KmxStart;KmxStart;C:\WINDOWS\system32\DRIVERS\kmxstart.sys []
S1 KmxAgent;KmxAgent;C:\WINDOWS\system32\DRIVERS\kmxagent.sys []
S1 KmxFile;KmxFile;C:\WINDOWS\system32\DRIVERS\KmxFile.sys []
S1 KmxFw;KmxFw;C:\WINDOWS\system32\DRIVERS\kmxfw.sys []
S2 KmxCF;KmxCF;C:\WINDOWS\system32\DRIVERS\KmxCF.sys []
S2 KmxSbx;KmxSbx;C:\WINDOWS\system32\DRIVERS\KmxSbx.sys []
S2 LogWatch;Event Log Watch;"C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe" []
S2 UmxAgent;HIPS Event Manager;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe" []
S2 UmxCfg;HIPS Configuration Interpreter;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe" []
S2 UmxPol;HIPS Policy Manager;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe" []
S3 BTNetFilter;Bluetooth Network Filter;C:\WINDOWS\system32\drivers\BTNetFilter.sys [2004-12-16 16:32]
S3 KmxCfg;KmxCfg;C:\WINDOWS\system32\DRIVERS\kmxcfg.sys []
S3 XDva022;XDva022;C:\WINDOWS\system32\XDva022.sys []
S3 XDva062;XDva062;C:\WINDOWS\system32\XDva062.sys []
S4 CA_LIC_CLNT;CA License Client;"C:\Program Files\CA\SharedComponents\CA_LIC\\lic98rmt.exe" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0afb531c-5e12-11dc-97b9-0016ecdd5b0e}]
\Shell\AutoRun\command - RavMon.exe
\Shell\explore\Command - RavMon.exe -e
\Shell\open\Command - RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{170e89bf-7513-11db-8d15-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c0b4182-b96d-11dc-9891-806d6172696f}]
\Shell\AutoRun\command - K:\RavMon.exe
\Shell\explore\Command - K:\RavMon.exe -e
\Shell\open\Command - K:\RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6bfb4254-1d65-11d7-96d1-0016ecdd5b0e}]
\Shell\AutoRun\command - K:\RavMon.exe
\Shell\explore\Command - K:\RavMon.exe -e
\Shell\open\Command - K:\RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{998dea65-7505-11db-bd0d-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

.
Contents of the 'Scheduled Tasks' folder
"2008-02-01 22:46:13 C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as aa at 5 46 PM.job"
- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-18 18:44:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs = ????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\mdmcls32.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\system32\mdmcls32.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
.
**************************************************************************
.
Completion time: 2008-02-18 18:48:38 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-18 23:48:26
.
2008-02-13 08:39:43 --- E O F ---

Hope you guys can help me out.

#4 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,021 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:21 AM

Posted 24 February 2008 - 01:18 AM

My apologies for the long delay.

You have some serious malware still present and some unusual entries. Before we proceed please do install the Recovery Console. There are times when removing the type of malware that you have leads to disaster, so having the RC installed will help recover from that if it's needed. You should also backup any important data just in case as it may also come to a point where a reformat is the easiest solution.

Once the RC is installed, post back and let me know and post me a fresh HijackThis log.

Also do the following:

Open HijackThis.

If you still have the New Users Quickstart screen enabled, click Open Misc Tools Section.
If you just have the regular opening screen, click the Config... button then the Misc Tools button.

Now click the Open Uninstall Manager button, then the Save List button. Save the list somewhere convenient like My Documents and then the list will open in Notepad. Copy and Paste that list into your next reply to this post.

Please download Flash_Disinfector by sUBs and save it to your desktop:

* Double-click Flash_Disinfector.exe to run it.
* Follow any prompts that may appear.
* The tool may ask you to insert your flash drive, or other removable drives. Please do so and allow the tool to clean it up as well.
* Wait until the program has finished scanning, then please exit the program and reboot.
And I may be obliged to defend
Every love every ending
Or maybe there's no obligations now,
Maybe I've a reason to believe
We all will be received
In Graceland--Paul Simon




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users