Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde Infection?popups And .dll Infection


  • Please log in to reply
10 replies to this topic

#1 plato12

plato12

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 09 June 2008 - 11:30 AM

I clicked on an .exe I shouldn't have and now WinPatrol pops up with .dlls from system32 folder for addition of these IE helpers. My homepage wants to change to slobstyle.com and other times I can't get online because of a rundll32 in processes. I have run Adaware, AVG, Spybot, Vundofx,Virtumondebegone , and others with no luck. I have deleted registry keys but they reappear after a refresh of regedit.
Deckard's System Scanner v20071014.68
Run by Daddio on 2008-06-09 10:51:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-06-09 15:51:33 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Daddio.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:52:59 AM, on 6/9/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\AntiSpyware Enterprise\VsTskMgr.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Advanced Registry Doctor\RegManServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\AntiSpyware Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UpdaterUI.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Documents and Settings\Daddio\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Daddio.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {D828A7EC-6CEF-4887-9328-0DC7ED0C5D57} - C:\WINDOWS\System32\awtrRLFW.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\AntiSpyware Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [BM97d2fd1b] Rundll32.exe "C:\WINDOWS\System32\wsqakdsm.dll",s
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: Cab1 - http://video.uviewit.com/cgi-bin/uViewIt-Web.cab
O16 - DPF: {50BD5CDA-4BA8-4048-8FAA-763F222E41D8} - ms-its:mhtml:file://c:\\nores.mht!http://adxrnet.net/code/chm/xpre.chm::/xpreload.ocx
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\AntiSpyware Enterprise\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Program Files\Advanced Registry Doctor\RegManServ.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 6073 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080609-095045-514 O4 - HKLM\..\Run: [BM97d2fd1b] Rundll32.exe "C:\WINDOWS\System32\wsqakdsm.dll",s
backup-20080609-095045-742 O24 - Desktop Component 0: (no name) - http://www.slobstyle.com/stuff/halle_berry_boobs.jpg

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 DVDVRRdr_xp - c:\windows\system32\drivers\dvdvrrdr_xp.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R1 mfetdik (McAfee Inc.) - c:\windows\system32\drivers\mfetdik.sys <Not Verified; McAfee, Inc.; McAfee, Inc.>
R1 PCLEPCI - c:\windows\system32\drivers\pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 cvintdrv - c:\windows\system32\drivers\cvintdrv.sys
R2 ElbyCDIO (ElbyCDIO Driver) - c:\windows\system32\drivers\elbycdio.sys <Not Verified; Elaborate Bytes AG; CDRTools>
R3 AnyDVD - c:\windows\system32\drivers\anydvd.sys <Not Verified; SlySoft, Inc.; AnyDVD>
R3 ElbyCDFL - c:\windows\system32\drivers\elbycdfl.sys <Not Verified; SlySoft, Inc.; CloneCD>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 tbhsd (Tunebite High-Speed Dubbing) - c:\windows\system32\drivers\tbhsd.sys <Not Verified; RapidSolution Software AG; Tunebite High-Speed Dubbing>

S1 InCDPass - c:\windows\system32\drivers\incdpass.sys (file missing)
S1 InCDRm (InCD Reader) - c:\windows\system32\drivers\incdrm.sys (file missing)
S2 ousbehci (NEC PCI to USB Enhanced Host Controller) - c:\windows\system32\drivers\ousbehci.sys <Not Verified; OrangeWare Corporation; USB 2.0 Enhanced Host Controller Driver>
S2 Parclass - c:\windows\system32\drivers\parclass.sys <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
S3 hcdriver (EHCI) - c:\windows\system32\drivers\hcdriver.sys <Not Verified; Intel Corporation; USB2.0 Host Controller Device Driver>
S3 mfeapfk (McAfee Inc.) - c:\windows\system32\drivers\mfeapfk.sys <Not Verified; McAfee, Inc.; McAfee, Inc.>
S3 ousb2hub (OrangeWare USB 2.0 Root Hub Support) - c:\windows\system32\drivers\ousb2hub.sys <Not Verified; OrangeWare Corporation; USB 2.0 Hub Driver>
S3 PCAMPR5 (PCAMPR5 NDIS Protocol Driver) - c:\windows\system32\pcampr5.sys (file missing)
S3 Pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
S3 PLCNDIS5 (PLCNDIS5 NDIS Protocol Driver) - c:\windows\system32\plcndis5.sys <Not Verified; Intellon, Inc.; PCAUSA Rawether for Windows>
S3 ptiusbf (PTI USB Filter) - c:\windows\system32\drivers\ptiusbf.sys (file missing)
S3 radmrdd - c:\windows\system32\drivers\radmrdd.sys (file missing)
S3 StMp3Rec (Player Recovery Device Control Driver) - c:\windows\system32\drivers\stmp3rec.sys <Not Verified; Generic; Generic MP3 Player>
S4 InCDFs (InCD File System) - c:\windows\system32\drivers\incdfs.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 McAfeeFramework (McAfee Framework Service) - "c:\program files\mcafee\common framework\frameworkservice.exe" /servicestart <Not Verified; Network Associates, Inc.; McAfee Common Framework>
R2 McTaskManager (McAfee Task Manager) - "c:\program files\mcafee\antispyware enterprise\vstskmgr.exe" <Not Verified; McAfee, Inc.; McAfee AntiSpyware Enterprise 8.5sa>
R2 RegManServ (Registry Management Service) - c:\program files\advanced registry doctor\regmanserv.exe

S3 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
S4 AdobeActiveFileMonitor5.0 (Adobe Active File Monitor V5) - c:\program files\adobe\photoshop elements 5.0\photoshopelementsfileagent.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 3Com EtherLink XL 10/100 PCI TX NIC (3C905B-TX)
Device ID: PCI\VEN_10B7&DEV_9055&SUBSYS_905510B7&REV_00\4&122329E2&0&48F0
Manufacturer: 3Com
Name: 3Com EtherLink XL 10/100 PCI TX NIC (3C905B-TX)
PNP Device ID: PCI\VEN_10B7&DEV_9055&SUBSYS_905510B7&REV_00\4&122329E2&0&48F0
Service: EL90XBC

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Microsoft PS/2 Port Mouse (IntelliPoint)
Device ID: ACPI\PNP0F03\4&163C0F35&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Port Mouse (IntelliPoint)
PNP Device ID: ACPI\PNP0F03\4&163C0F35&0
Service: i8042prt


-- Scheduled Tasks -------------------------------------------------------------

2008-06-09 10:00:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-06-09 10:00:00 350 --a------ C:\WINDOWS\Tasks\At107.job
2008-06-09 09:00:00 350 --a------ C:\WINDOWS\Tasks\At106.job
2008-06-08 22:00:00 350 --a------ C:\WINDOWS\Tasks\At119.job
2008-06-08 21:00:00 350 --a------ C:\WINDOWS\Tasks\At118.job
2008-06-08 18:00:00 350 --a------ C:\WINDOWS\Tasks\At115.job
2008-06-08 17:00:00 350 --a------ C:\WINDOWS\Tasks\At114.job
2008-06-08 16:00:00 350 --a------ C:\WINDOWS\Tasks\At113.job
2008-06-08 15:00:00 350 --a------ C:\WINDOWS\Tasks\At112.job
2008-06-08 14:00:00 350 --a------ C:\WINDOWS\Tasks\At111.job
2008-06-08 13:00:00 350 --a------ C:\WINDOWS\Tasks\At110.job
2008-06-08 12:00:00 350 --a------ C:\WINDOWS\Tasks\At109.job
2008-06-08 11:00:00 350 --a------ C:\WINDOWS\Tasks\At108.job
2008-06-07 23:00:00 350 --a------ C:\WINDOWS\Tasks\At120.job
2008-06-07 20:00:00 350 --a------ C:\WINDOWS\Tasks\At117.job
2008-06-07 19:00:00 350 --a------ C:\WINDOWS\Tasks\At116.job
2008-06-07 08:00:00 350 --a------ C:\WINDOWS\Tasks\At105.job
2008-05-28 07:00:00 350 --a------ C:\WINDOWS\Tasks\At104.job
2008-05-28 06:00:00 350 --a------ C:\WINDOWS\Tasks\At103.job
2008-05-28 05:00:00 350 --a------ C:\WINDOWS\Tasks\At102.job
2008-05-28 04:00:00 350 --a------ C:\WINDOWS\Tasks\At101.job
2008-05-28 03:00:00 350 --a------ C:\WINDOWS\Tasks\At100.job


-- Files created between 2008-05-09 and 2008-06-09 -----------------------------

2008-06-09 09:46:48 0 d-------- C:\Program Files\Trend Micro
2008-06-08 23:07:06 92160 --a------ C:\WINDOWS\System32\qltoryoh.dll
2008-06-08 23:07:00 108544 --a------ C:\WINDOWS\System32\xbguyujq.dll
2008-06-08 23:06:51 100352 --a------ C:\WINDOWS\System32\wsqakdsm.dll
2008-06-08 23:06:10 729663 --ahs---- C:\WINDOWS\System32\WFLRrtwa.ini2
2008-06-08 23:06:07 346624 --a------ C:\WINDOWS\System32\awtrRLFW.dll
2008-06-08 20:59:42 108544 --a------ C:\WINDOWS\System32\dlystrqi.dll
2008-06-08 20:59:25 100352 --a------ C:\WINDOWS\System32\mrjdtihw.dll
2008-06-08 20:58:23 728803 --ahs---- C:\WINDOWS\System32\xIjPqXyb.ini2
2008-06-08 20:29:47 0 d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-06-08 20:29:28 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-06-08 18:36:24 0 dr-h----- C:\Documents and Settings\Daddio\Recent
2008-06-08 18:10:07 732944 --ahs---- C:\WINDOWS\System32\SvCKknnn.ini2
2008-06-08 18:04:57 33280 --a------ C:\WINDOWS\System32\iiffGXNh.dll
2008-05-17 14:05:25 39424 --a------ C:\WINDOWS\zipinst.exe <Not Verified; NirSoft; ZipInstaller>


-- Find3M Report ---------------------------------------------------------------

2008-06-08 23:12:03 0 d-------- C:\Documents and Settings\Daddio\Application Data\AVG7
2008-06-08 23:06:04 0 d-------- C:\Program Files\Common Files
2008-06-08 18:21:36 0 d-------- C:\Documents and Settings\Daddio\Application Data\uTorrent
2008-05-16 12:19:35 0 d-------- C:\Documents and Settings\Daddio\Application Data\U3
2008-05-16 11:11:12 0 d-------- C:\Program Files\dvdSanta
2008-05-01 09:01:26 0 d-------- C:\Documents and Settings\Daddio\Application Data\abelhadigital.com
2008-05-01 09:00:44 0 d-------- C:\Program Files\abelhadigital.com
2008-04-19 00:40:05 0 d-------- C:\Documents and Settings\Daddio\Application Data\TopLang
2008-04-19 00:36:56 0 d-------- C:\Program Files\OEBackup
2008-04-14 15:15:09 0 d-------- C:\Program Files\My Lockbox
2008-04-14 12:58:24 0 d-------- C:\Program Files\Microsoft IntelliPoint
2008-04-14 12:57:20 0 d-------- C:\Program Files\Microsoft IntelliType Pro
2008-04-14 12:56:21 0 d-------- C:\Program Files\MSXML 6.0
2008-04-11 09:51:33 4212 --ah----- C:\WINDOWS\System32\zllictbl.dat
2008-04-06 18:34:54 2642 --a------ C:\WINDOWS\System32\tmp.reg
2008-03-25 10:54:19 46 --a------ C:\WINDOWS\System32\DonationCoder_urlsnooper_InstallInfo.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D828A7EC-6CEF-4887-9328-0DC7ED0C5D57}]
06/08/2008 11:06 PM 346624 --a------ C:\WINDOWS\System32\awtrRLFW.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE"="C:\Program Files\McAfee\AntiSpyware Enterprise\SHSTAT.exe" [12/07/2005 08:50 AM]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UpdaterUI.exe" [10/26/2005 03:50 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [01/04/2008 06:51 PM]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [01/24/2008 05:03 PM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [03/13/2008 11:11 PM]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [08/31/2007 02:13 PM]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [08/31/2007 02:01 PM]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [08/29/2002 03:41 AM]
"BM97d2fd1b"="C:\WINDOWS\System32\wsqakdsm.dll" [06/08/2008 11:06 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoColorChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispCPL"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)
"disableregistrytools"=0 (0x0)
"DisableTaskMgr"=0 (0x0)
"NoDispAppearancePage"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)
"NoSaveSettings"=0 (0x0)
"NoThemesTab"=0 (0x0)
"ForceActiveDesktopOn"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{BF0CA4FC-6378-4062-B546-3CDE8A28B1E0}"= C:\WINDOWS\System32\iiffGXNh.dll [06/08/2008 06:04 PM 33280]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\System32\awtrRLFW

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BoosterTray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BoosterTray.lnk
backup=C:\WINDOWS\pss\BoosterTray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eEye Windows Animated Cursor Patch Checker.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eEye Windows Animated Cursor Patch Checker.lnk
backup=C:\WINDOWS\pss\eEye Windows Animated Cursor Patch Checker.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Daddio^Start Menu^Programs^Startup^TA_Start.lnk]
path=C:\Documents and Settings\Daddio\Start Menu\Programs\Startup\TA_Start.lnk
backup=C:\WINDOWS\pss\TA_Start.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Daddio^Start Menu^Programs^Startup^Vongo Tray.lnk]
path=C:\Documents and Settings\Daddio\Start Menu\Programs\Startup\Vongo Tray.lnk
backup=C:\WINDOWS\pss\Vongo Tray.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\$Volumouse$]
"C:\Program Files\Volumouse\volumouse.exe" /nodlg

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\94e1ce87]
rundll32.exe "C:\WINDOWS\System32\tpxdvwhl.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM97d2fd1b]
Rundll32.exe "C:\WINDOWS\System32\wsqakdsm.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Default]
"c:\windows\Temp\regapi.exe" cchoice

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\flockbox]
C:\Program Files\My Lockbox\flockbox.exe /a

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IM]
C:\Program Files\IM\IMLauncher.exe /boot:1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\System32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp]
"C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
"C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Plugin Install]
C:\Program Files\QuickTime\Plugins\DeleteMe1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Second Copy]
"C:\PROGRA~1\SecCopy\SecCopy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TopDesk]
C:\Program Files\TopDesk\topdesk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
C:\Program Files\Trojan Remover\Trjscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload]
C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{1C-CE-E2-28-ZN}]
c:\windows\system32\dwdsrngt.exe CHD003




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.myspace.com
127.0.0.1 myspace
127.0.0.1 log.myspace.com
127.0.0.1 browseusers.myspace.com
127.0.0.1 classifieds.myspace.com
127.0.0.1 collect.myspace.com
127.0.0.1 events.myspace.com
127.0.0.1 favorites.myspace.com
127.0.0.1 forum.myspace.com
127.0.0.1 groups.myspace.com

35 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-06-09 10:55:11 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 1.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 1.80GHz
Percentage of Memory in Use: 40%
Physical Memory (total/avail): 895.3 MiB / 533.99 MiB
Pagefile Memory (total/avail): 2168.59 MiB / 1848.79 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1921.36 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 48.83 GiB total, 32.54 GiB free.
D: is CDROM (No Media)
E: is Fixed (NTFS) - 62.96 GiB total, 19.13 GiB free.
G: is CDROM (No Media)
I: is Fixed (NTFS) - 34.18 GiB total, 29.45 GiB free.
J: is Fixed (NTFS) - 34.18 GiB total, 17.53 GiB free.
K: is Fixed (NTFS) - 5.37 GiB total, 4.85 GiB free.
L: is Fixed (NTFS) - 0.8 GiB total, 0.39 GiB free.
P: is Fixed (NTFS) - 24.41 GiB total, 24.14 GiB free.
Q: is Fixed (NTFS) - 24.41 GiB total, 22.69 GiB free.
R: is Fixed (NTFS) - 48.83 GiB total, 43.59 GiB free.
S: is Fixed (NTFS) - 368.1 GiB total, 320.91 GiB free.

\\.\PHYSICALDRIVE1 - MAXTOR STM3500630A - 465.76 GiB - 4 partitions
\PARTITION0 - Installable File System - 24.41 GiB - P:
\PARTITION1 - Installable File System - 24.41 GiB - Q:
\PARTITION2 - Installable File System - 48.83 GiB - R:
\PARTITION3 - Installable File System - 368.1 GiB - S:

\\.\PHYSICALDRIVE0 - WDC WD1200JB-00GVA0 - 111.79 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 48.83 GiB - C:
\PARTITION1 - Installable File System - 62.96 GiB - E:

\\.\PHYSICALDRIVE2 - WDC WD800BB-00DKA0 USB Device - 74.53 GiB - 4 partitions
\PARTITION0 - Installable File System - 34.18 GiB - I:
\PARTITION1 - Installable File System - 34.18 GiB - J:
\PARTITION2 - Installable File System - 5.37 GiB - K:
\PARTITION3 - Installable File System - 815.8 MiB - L:



-- Security Center -------------------------------------------------------------



-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Daddio\Application Data
ASLOGDIR=C:\Program Files\Intuit\QuickBooks 2006\
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PLAETO
ComSpec=C:\WINDOWS\system32\cmd.exe
devmgr_show_nonpresent_devices=1
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Daddio
LOGONSERVER=\\PLAETO
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program;C:\Program Files\IMSI\FloorPlan 3D v9\Program
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0204
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Daddio\LOCALS~1\Temp
TMP=C:\DOCUME~1\Daddio\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=PLAETO
USERNAME=Daddio
USERPROFILE=C:\Documents and Settings\Daddio
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Daddio (admin)
rouser (new local, admin)
Administrator (admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> MsiExec.exe /I{C4CBAD7E-DF4A-4FEC-AC17-8BC709AFB844}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11E83B33-972B-4512-A447-FF0FD0246EE9}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{21B6F79B-2286-4BB0-B1E3-BA6B9498D110}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23EFDB58-0874-4883-9810-EDA510B19FAE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27B9131D-CEFA-42C5-8D7D-56EFD80BAA25}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BFBC62A-3353-443D-93BE-7AC641D9F342}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B100B05B-E290-41EF-9366-8BC4C76D7769}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B14F9B26-D695-4C4A-8B11-0FE6CDCC797B}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDFC3C8D-823E-4FCF-870B-E756B27CB57E}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3568156-59C3-42DF-A520-2C25B6706C91}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E213C271-AEFA-481D-A9B4-914D88925B8D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAD9402A-1A9B-4ABE-A410-393A3622FA5A}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F90CBE30-7269-465D-AB66-0DCF33CE3618}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player ActiveX --> C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 2.1 --> MsiExec.exe /I{25569723-DC5A-4467-A639-79535BF01B71}
Adobe Photoshop Elements 5.0 --> msiexec /I {A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Advanced Registry Doctor --> C:\Program Files\Advanced Registry Doctor\Uninstall Advanced Registry Doctor.exe
Amazon DVD Shrinker 2.4.4 --> "C:\Program Files\Amazon DVD Shrinker\unins000.exe"
AnyDVD --> "C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
Apollo Audio DVD Creator 1.1.8 --> "C:\Program Files\Apollo Audio DVD Creator\unins000.exe"
Apple Software Update --> MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
Ashampoo ClipFinder 1.14 --> "C:\Program Files\Ashampoo\Ashampoo ClipFinder\unins000.exe"
Asynx Planetarium Version 2.20 --> "C:\Program Files\Planetarium0220\unins000.exe"
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
AudioShell 1.2 --> "C:\Program Files\AudioShell\unins000.exe"
Audiotouch Lite --> "C:\Program Files\Audiotouch Lite\unins000.exe"
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AVI/MPEG/RM/WMV Joiner 4.82 --> "C:\Program Files\AVI MPEG RM WMV Joiner\unins000.exe"
Bit Che --> "C:\Program Files\Bit Che\unins000.exe"
BitComet 0.89 --> C:\Program Files\BitComet\uninst.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
CloneCD --> "C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files\SlySoft\CloneCD"
CloneDVD 3.9 --> "C:\Program Files\CloneDVD\unins000.exe"
Creative Mass Storage Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F90CBE30-7269-465D-AB66-0DCF33CE3618}\setup.exe" -l0x9 /remove
DropMyRights --> MsiExec.exe /I{E5B72007-07C9-4E67-B29E-696073F45704}
DVC80 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{99B98440-4A0D-11D5-8310-0050DABBB21D}\Setup.exe"
DVD Audio Extractor 4.2.2 --> "C:\Program Files\DVD Audio Extractor\unins000.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
DVD2one V2.0.0 --> C:\Program Files\DVD2one V2\uninst.exe
dvdSanta 4.00 --> "C:\Program Files\dvdSanta\unins000.exe"
DVDStyler v1.5.1 --> "C:\Program Files\DVDStyler\unins000.exe"
DynGate --> "C:\Program Files\DynGate\uninstall.exe"
eEye Digital Security .ANI Zero-Day Patch --> MsiExec.exe /X{47471965-1DD4-4DE2-A52D-6473D38075D4}
EPSON Copy Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B69CC1A5-0404-11D6-ABCB-005004C21D30}\setup.exe" ADDREMOVEDLG
EPSON Photo Print --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\EPSON\Photo Print\Uninst.isu"
EPSON Scanner Reference Guide --> C:\Program Files\epson\guide\uninstall.exe
EPSON Smart Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C11D561-620B-47DA-A693-4C597F3CDF40}\Setup.exe" -l0x9 Uninstall
EPSON TWAIN 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A3EABC0-CA06-11D4-BF77-00104B130C19}\Setup.exe" -l0x9 UNINSTALL
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSSONIC --> MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS --> MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt --> MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
essvcpt --> MsiExec.exe /I{D1973749-F5E7-40EB-B528-F2B78685B9FF}
Express Burn --> C:\Program Files\NCH Swift Sound\ExpressBurn\uninst.exe
Flash Video MX version 3.4.2.12 --> "C:\Program Files\Moyea\Flash Video MX\unins000.exe"
FlashGet(JetCar) --> C:\PROGRA~1\FlashGet\UNWISE.EXE C:\PROGRA~1\FlashGet\INSTALL.LOG
FloorPlan 3D v9 --> MsiExec.exe /I{7765FF4A-262D-4CFF-BD5E-DE2073CF70F0}
Free Mp3 Wma Converter V 1.2.8 --> "C:\Program Files\Free Audio Pack\unins000.exe"
getPlus®_ocx --> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
GOM Player --> "C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google VideoRIP --> MsiExec.exe /X{87A0331C-C472-4A83-8947-20B5819623CA}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HostsMan 3.1.55 --> MsiExec.exe /I{629AC11F-077F-4F58-916C-5B21E68468A8}
HP Deskjet 5400 series --> C:\Program Files\HP\Digital Imaging\{EB57A16E-500D-43d7-85B9-FBE279EBBA6E}\setup\hpzscr01.exe -datfile hpfscr05.dat
HP Imaging Device Functions 5.0 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center & Imaging Support Tools 5.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
iTunes --> MsiExec.exe /I{85B90D8C-70F3-4E84-BD31-5E9489C0F9FB}
K-Lite Codec Pack 2.69 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
KC Softwares VideoInspector --> "C:\Program Files\KC Softwares\VideoInspector\unins000.exe"
kgcbaby --> MsiExec.exe /I{E18B549C-5D15-45DA-8D8F-8FD2BD946344}
kgcbase --> MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
kgchday --> MsiExec.exe /I{11F3F858-4131-4FFA-A560-3FE282933B6E}
kgchlwn --> MsiExec.exe /I{03EDED24-8375-407D-A721-4643D9768BE1}
kgcinvt --> MsiExec.exe /I{9BD54685-1496-46A5-AB62-357CD140ED8B}
kgckids --> MsiExec.exe /I{693C08A7-9E76-43FF-B11E-9A58175474C4}
kgcmove --> MsiExec.exe /I{A1588373-1D86-4D44-86C9-78ABD190F9CC}
kgcvday --> MsiExec.exe /I{8A8664E1-84C8-4936-891C-BC1F07797549}
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140010_1d933f4\Setup.exe /APR-REMOVE
Magic DVD Ripper V5.1 --> "C:\Program Files\MagicDVDRipper\unins000.exe"
Magic ISO Maker v5.4 (build 0239) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
McAfee AntiSpyware Enterprise --> MsiExec.exe /I{8683644E-5F5C-4EC2-AF9F-AFD9B0AD095F}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Tool Web Package:WntIpcfg.exe --> MsiExec.exe /X{EA82FF50-E258-4DFE-839B-8F26A01A34A7}
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Daddio\Application Data\Move Networks\ie_bin\Uninst.exe
Movie Joiner --> C:\Program Files\Movie Joiner\uninst.exe -c
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MPEG Video Wizard DVD --> C:\PROGRA~1\WOMBLE~1\MPEGVI~1\UNWISE.EXE C:\PROGRA~1\WOMBLE~1\MPEGVI~1\INSTALL.LOG
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
My Lockbox 1.2 for Windows 2000/XP --> "C:\Program Files\My Lockbox\unins000.exe"
MySpeed PC Lite Edition --> "C:\Program Files\MySpeed PC Lite Edition\Uninstall.exe" "C:\Program Files\MySpeed PC Lite Edition"
Nero 7 Demo --> MsiExec.exe /I{84B2CF01-194D-2284-B313-F2E0D78D1033}
NETGEAR XE102 Powerline Ethernet Adapter --> MsiExec.exe /X{AF79DFD1-04C2-4CE5-9C8F-F60CA3CF01A7}
NI TestStand Engine 2.0 (Compact) --> C:\WINDOWS\IsUninst.exe -fC:\TestStand\Setup\Uninstall\TEEngn.isu -y -cC:\TestStand\Setup\EngineUninstall.dll
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
OE Backup 5.0 --> C:\Program Files\OEBackup\uninst.exe
OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OLYMPUS CAMEDIA Master Pro --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{30BB4D60-81DB-11D5-BB77-00400536ABAC}\Setup.exe" CAMEDIA Master 4.2
OpenOffice.org 2.2 --> MsiExec.exe /I{FE5D9F4E-3196-450B-9583-7367C15F81A1}
OTtBP --> MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
OTtBPSDK --> MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
Panasonic DVC USB Driver --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{D1014B9B-5704-4B27-B581-1C19B72528D1} /l1033
Pine Tree Computing Camera Controller --> MsiExec.exe /I{A7C40492-74FA-4A06-8C93-7498BA45EDD1}
Power Video Converter 1.5.42 --> "C:\Program Files\Power Video Converter\unins000.exe"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
Protected Music Converter 0.99b --> "C:\Program Files\WMA-MP3.com\Protected Music Converter\unins000.exe"
QuickAudio 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B8CCC37-2AFC-4F16-B05D-F5553344716F}\setup.exe" -l0x9
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Real Alternative 1.46 --> "C:\Program Files\Real Alternative\unins000.exe"
RogueRemover 1.20 --> C:\Program Files\RogueRemover\uninst.exe
Roxio Easy Media Creator 7 --> MsiExec.exe /I{CB4544EA-C189-41FE-9E3A-76591DDB852B}
Safari --> MsiExec.exe /I{3E719879-9914-4C56-843E-96D0C3FCC3FB}
ScanToWeb --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\setup.exe" ADDREMOVEDLG
SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA --> MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
Sierra Home Architect --> C:\WINDOWS\IsUninst.exe -fC:\SIERRA\SHA\Uninst.isu
Sierra Photo HomeDesigner --> C:\WINDOWS\IsUninst.exe -fC:\SIERRA\PhotoHom\Uninst.isu
Sierra Utilities --> C:\Program Files\Sierra On-Line\sutil32.exe uninstall
SKIN0001 --> MsiExec.exe /I{FDF9943A-3D5C-46B3-9679-586BD237DDEE}
SKINXSDK --> MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
SkyMap Pro 6 --> C:\ASTRON~1\SKYMAP~1\UNWISE.EXE C:\ASTRON~1\SKYMAP~1\INSTALL.LOG
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Starry Night Backyard 3.1 --> C:\WINDOWS\unvise32.exe c:\astronomy\Starry Night\uninstal.log
staticcr --> MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
Stellarium 0.9.0 --> "C:\Program Files\Stellarium\unins000.exe"
Studio 9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D02FCF71-B9A2-406F-ABE5-8E183526CDDF}\Setup.exe" -l0x9 UNINSTALL
SWF Opener --> "C:\Program Files\UnH Solutions\SWF Opener\uninstall.exe"
TeamViewer --> C:\Program Files\TeamViewer\uninstall.exe
The KMPlayer (remove only) --> "C:\Program Files\The KMPlayer\uninstall.exe"
TMPGEnc 4.0 XPress --> MsiExec.exe /I{34E89C10-3E14-4396-A58C-72047CD458AD}
TopDesk 1.4.1 --> C:\Program Files\TopDesk\uninst.exe
Torrent Episode Downloader --> MsiExec.exe /I{C672363C-69EC-4549-B955-AA9997BCACDA}
Torrent Harvester --> C:\Program Files\Torrent Harvester\uninstall.exe
Trojan Remover 6.6.8 --> "C:\Program Files\Trojan Remover\unins000.exe"
Tunebite 4.1.0.22 --> "C:\Program Files\Tunebite\unins000.exe"
TypeFaster Typing Tutor --> "C:\Program Files\TypeFaster\uninstall.exe"
Ulead COOL 3D 3.0 --> C:\WINDOWS\Ulead.dat\uninstall\setup.exe
Ulead VideoStudio 10 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E188D820-1218-4E28-8BCA-91134C3664C2}\setup.exe" -l0x9
Ulead VideoStudio 9.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88F92798-59AB-474F-B40D-1EC5F782F7EE}\setup.exe" -l0x9
Ultra DVD Creator 1.6.0 --> "C:\Program Files\Ultra DVD Creator\unins000.exe"
UltraISO Premium V8.2 --> "C:\Program Files\UltraISO\unins000.exe"
uViewIt --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{F46012B8-67B6-4C12-B39F-BEACBFF9E7F5}
video joiner 1.00 --> "C:\Program Files\Crystalsoftware\video joiner\unins000.exe"
VideoLAN VLC media player 0.8.5 --> C:\Program Files\VideoLAN\VLC\uninstall.exe
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
WavePad Uninstall --> C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
WinAVIVideoConverter --> "C:\Program Files\WinAVIVideoConverter\unins000.exe"
Windows Installer 3.0 (KB884016) --> C:\WINDOWS\$MSI30UninstallMSI30-KB884016$\spuninst\spuninst.exe
Windows XP Service Pack 1a --> C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
WinPatrol 2007 --> C:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0
WinPcap 4.0.1 --> C:\Program Files\WinPcap\uninstall.exe
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinToolsXP 1.0.6 --> "C:\Program Files\WinToolsXP\unins000.exe"
WIRELESS --> MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
XviD 1.1 final uninstall --> "C:\Program Files\XviD\unins000.exe"
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type21810 / Error
Event Submitted/Written: 06/09/2008 10:54:41 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: 0x3a

Event Record #/Type21809 / Error
Event Submitted/Written: 06/09/2008 10:53:53 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: 0x5b4

Event Record #/Type21801 / Error
Event Submitted/Written: 06/08/2008 10:32:23 PM
Event ID/Source: 8193 / VSS
Event Description:
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.

Event Record #/Type21800 / Error
Event Submitted/Written: 06/08/2008 10:32:23 PM
Event ID/Source: 4609 / EventSystem
Event Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043C from line 44 of d:\nt\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Event Record #/Type21797 / Error
Event Submitted/Written: 06/08/2008 08:43:29 PM
Event ID/Source: 8193 / VSS
Event Description:
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type75292 / Error
Event Submitted/Written: 06/09/2008 10:00:00 AM
Event ID/Source: 7901 / Schedule
Event Description:
The At107.job command failed to start due to the following error:
%%2147942402

Event Record #/Type75283 / Error
Event Submitted/Written: 06/09/2008 09:00:00 AM
Event ID/Source: 7901 / Schedule
Event Description:
The At106.job command failed to start due to the following error:
%%2147942402

Event Record #/Type75268 / Error
Event Submitted/Written: 06/09/2008 08:58:33 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Open Host Controller Miniport USB Driver service failed to start due to the following error:
%%2

Event Record #/Type75267 / Error
Event Submitted/Written: 06/09/2008 08:58:33 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The HID Input Service service terminated with the following error:
%%126

Event Record #/Type75266 / Error
Event Submitted/Written: 06/09/2008 08:58:33 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The NEC PCI to USB Enhanced Host Controller service failed to start due to the following error:
%%1058



-- End of Deckard's System Scanner: finished at 2008-06-09 10:55:11 ------------

BC AdBot (Login to Remove)

 


m

#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:08:03 AM

Posted 11 June 2008 - 06:49 AM

Hello Plato12 and welcome to BleepingComputer,

1. * Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Under Browsing History, click Delete.
  • Click Delete Files, Delete cookies and Delete history
  • Click Close below.
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu..
  • Click the Clear now button below.. A new window will popup what to clear.
  • Select all and click the Clear button again.
  • Click OK to close the Options window
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
2. Please download Malwarebytes' Anti-Malware from Here or Here

Doubleclick mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

3. Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first (not for Windows Vista users !).
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you. (WinXP SP3 users, please download the appropriate SP2 file, Home or Pro, to install the RC)

In the event you already have Combofix, delete your current version and download the latest version as described in the tutorial.
It must be saved directly to your desktop.


Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbsup:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#3 plato12

plato12
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 11 June 2008 - 09:31 AM

Hello Thunder,
Thank you for your help. Attached is Combofix and HijackThis logs. WinPatrol is still popping up with warning to change homepage to slobstyle.com.
ComboFix 08-06-10.3 - Daddio 2008-06-11 8:28:36.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.578 [GMT -5:00]
Running from: C:\Documents and Settings\Daddio\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\bold.log
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\BM97d2fd1b.xml
C:\WINDOWS\hosts
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\awtrRLFW.dll
C:\WINDOWS\system32\dlystrqi.dll
C:\WINDOWS\system32\fyxbssxm.dll
C:\WINDOWS\system32\hhkmp.ini
C:\WINDOWS\system32\hhkmp.ini2
C:\WINDOWS\system32\iiffGXNh.dll
C:\WINDOWS\system32\jnerypcx.dll
C:\WINDOWS\system32\lhwvdxpt.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mrjdtihw.dll
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\pxgkwwgg.ini
C:\WINDOWS\system32\rgjgkrna.dll
C:\WINDOWS\system32\SvCKknnn.ini
C:\WINDOWS\system32\SvCKknnn.ini2
C:\WINDOWS\system32\tvvwa.ini
C:\WINDOWS\system32\tvvwa.ini2
C:\WINDOWS\system32\vllnaele.dll
C:\WINDOWS\system32\WFLRrtwa.ini
C:\WINDOWS\system32\wsqakdsm.dll
C:\WINDOWS\system32\xbguyujq.dll
C:\WINDOWS\system32\xIjPqXyb.ini
C:\WINDOWS\system32\xIjPqXyb.ini2

----- BITS: Possible infected sites -----

hxxp://view.afzr.net
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_OHCIUSB
-------\Service_ohciusb


((((((((((((((((((((((((( Files Created from 2008-05-11 to 2008-06-11 )))))))))))))))))))))))))))))))
.

2008-06-11 07:39 . 2008-06-11 07:39 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-11 07:39 . 2008-06-11 07:39 <DIR> d-------- C:\Documents and Settings\Daddio\Application Data\Malwarebytes
2008-06-11 07:39 . 2008-06-11 07:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-11 07:39 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-11 07:39 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-09 10:51 . 2008-06-09 10:51 <DIR> d-------- C:\Deckard
2008-06-09 09:46 . 2008-06-09 09:46 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-08 20:58 . 2008-06-08 20:58 346,624 --a------ C:\WINDOWS\system32\byXqPjIx.old
2008-06-08 20:29 . 2008-06-08 20:29 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-06-08 18:10 . 2008-06-08 18:10 346,624 --a------ C:\WINDOWS\system32\nnnkKCvS.old
2008-06-08 18:10 . 2008-06-08 18:10 100,352 --a------ C:\WINDOWS\system32\xdjdlckj.old
2008-05-17 14:05 . 2008-05-17 14:05 39,424 --a------ C:\WINDOWS\zipinst.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-09 04:12 --------- d-----w C:\Documents and Settings\Daddio\Application Data\AVG7
2008-06-09 01:53 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-09 01:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-08 23:21 --------- d-----w C:\Documents and Settings\Daddio\Application Data\uTorrent
2008-05-16 17:19 --------- d-----w C:\Documents and Settings\Daddio\Application Data\U3
2008-05-16 16:11 --------- d-----w C:\Program Files\dvdSanta
2008-05-01 14:01 --------- d-----w C:\Documents and Settings\Daddio\Application Data\abelhadigital.com
2008-05-01 14:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\abelhadigital.com
2008-05-01 14:00 --------- d-----w C:\Program Files\abelhadigital.com
2008-04-19 05:40 --------- d-----w C:\Documents and Settings\Daddio\Application Data\TopLang
2008-04-19 05:36 --------- d-----w C:\Program Files\OEBackup
2008-04-14 20:15 --------- d-----w C:\Program Files\My Lockbox
2008-04-14 18:03 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-04-14 18:03 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2008-04-14 17:58 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2008-04-14 17:57 --------- d-----w C:\Program Files\Microsoft IntelliType Pro
2008-04-14 17:56 --------- d-----w C:\Program Files\MSXML 6.0
2008-04-06 23:34 2,642 ----a-w C:\WINDOWS\system32\tmp.reg
2008-03-14 04:11 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2008-03-14 04:11 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2007-12-17 04:00 87,608 ----a-w C:\Documents and Settings\Daddio\Application Data\inst.exe
2007-12-17 04:00 47,360 ----a-w C:\Documents and Settings\Daddio\Application Data\pcouffin.sys
2004-11-12 15:41 57,344 ----a-w C:\Documents and Settings\Daddio\DropMyRights.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE"="C:\Program Files\McAfee\AntiSpyware Enterprise\SHSTAT.exe" [2005-12-07 08:50 110592]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UpdaterUI.exe" [2005-10-26 15:50 139320]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-04 18:51 579072]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2008-01-24 17:03 316728]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 14:13 988584]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 14:01 1037736]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2002-08-29 03:41 145408]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-23 11:16 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=anifix1.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"VIDC.NTN1"= NUVision.ax
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll
"VIDC.DVSD"= pdvcodec.dll
"msacm.divxa32"= msaud32_divx.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BoosterTray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BoosterTray.lnk
backup=C:\WINDOWS\pss\BoosterTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eEye Windows Animated Cursor Patch Checker.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eEye Windows Animated Cursor Patch Checker.lnk
backup=C:\WINDOWS\pss\eEye Windows Animated Cursor Patch Checker.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Daddio^Start Menu^Programs^Startup^TA_Start.lnk]
path=C:\Documents and Settings\Daddio\Start Menu\Programs\Startup\TA_Start.lnk
backup=C:\WINDOWS\pss\TA_Start.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Daddio^Start Menu^Programs^Startup^Vongo Tray.lnk]
path=C:\Documents and Settings\Daddio\Start Menu\Programs\Startup\Vongo Tray.lnk
backup=C:\WINDOWS\pss\Vongo Tray.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\$Volumouse$]
C:\Program Files\Volumouse\volumouse.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\94e1ce87]
C:\WINDOWS\System32\hrudhhyq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2006-09-14 07:55 61440 C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 03:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
--a------ 2006-04-12 18:54 458752 C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM97d2fd1b]
C:\WINDOWS\System32\vllnaele.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2005-05-19 08:47 57344 C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Default]
c:\windows\Temp\regapi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\flockbox]
--a------ 2007-12-14 16:59 1071472 C:\Program Files\My Lockbox\flockbox.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-11 23:12 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IM]
C:\Program Files\IM\IMLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-06-10 09:44 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-06-28 09:14 270648 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2002-08-29 03:41 1511453 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\System32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp]
C:\Program Files\Pure Networks\Network Magic\nmapp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
C:\Program Files\Pando Networks\Pando\Pando.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
C:\WINDOWS\System32\PSDrvCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Plugin Install]
--a------ 2007-01-13 13:33 49152 C:\Program Files\QuickTime\Plugins\DeleteMe1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2005-01-12 03:01 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Second Copy]
C:\PROGRA~1\SecCopy\SecCopy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TopDesk]
C:\Program Files\TopDesk\topdesk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
--a------ 2008-04-06 19:01 873552 C:\Program Files\Trojan Remover\Trjscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload]
--------- 2006-03-06 23:52 36864 C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{1C-CE-E2-28-ZN}]
c:\windows\system32\dwdsrngt.exe

R0 MPRIFL;MPRIFL;C:\WINDOWS\System32\DRIVERS\MPRIFL.SYS [2007-12-13 20:13]
R2 cvintdrv;cvintdrv;C:\WINDOWS\System32\drivers\cvintdrv.sys [2000-09-07 10:00]
S2 ousbehci;NEC PCI to USB Enhanced Host Controller;C:\WINDOWS\System32\Drivers\ousbehci.sys [2003-04-15 08:58]
S2 Parclass;Parclass;C:\WINDOWS\System32\Drivers\Parclass.sys [2003-02-10 14:30]
S3 hcdriver;EHCI;C:\WINDOWS\System32\Drivers\hcdriver.sys [2003-04-25 22:16]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\System32\drivers\npf.sys [2007-06-28 19:01]
S3 NUVision;NUVision II Video Service;C:\WINDOWS\System32\DRIVERS\nuvvid2.sys [2001-10-28 16:34]
S3 OlCamudp;OLYMPUS Digital Camera;C:\WINDOWS\System32\Drivers\olcamudp.sys [2000-02-08 08:55]
S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;C:\WINDOWS\System32\DRIVERS\ousb2hub.sys [2003-04-15 08:58]
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;C:\WINDOWS\System32\PLCNDIS5.SYS [2002-09-09 13:53]
S3 ptiusbf;PTI USB Filter;C:\WINDOWS\System32\DRIVERS\PTIUSBF.SYS []
S3 radmrdd;radmrdd;C:\WINDOWS\System32\DRIVERS\radmrdd.sys []
S3 StMp3Rec;Player Recovery Device Control Driver;C:\WINDOWS\System32\Drivers\StMp3Rec.sys [2005-08-16 10:23]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-09 15:00:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-28 08:00:00 C:\WINDOWS\Tasks\At100.job"
- C:\WINDOWS\System32\v3Eo5P78.exe
"2008-05-28 09:00:00 C:\WINDOWS\Tasks\At101.job"
- C:\WINDOWS\System32\v3Eo5P78.exe
"2008-05-28 10:00:00 C:\WINDOWS\Tasks\At102.job"
- C:\WINDOWS\System32\v3Eo5P78.exe
"2008-05-28 11:00:00 C:\WINDOWS\Tasks\At103.job"
- C:\WINDOWS\System32\v3Eo5P78.exe
"2008-05-28 12:00:00 C:\WINDOWS\Tasks\At104.job"
- C:\WINDOWS\System32\v3Eo5P78.exe
"2008-06-11 13:00:00 C:\WINDOWS\Tasks\At105.job"
- C:\WINDOWS\System32\v3Eo5P78.exe
"2008-06-09 14:00:00 C:\WINDOWS\Tasks\At106.job"
- C:\WINDOWS\System32\v3Eo5P78.exe
"2008-06-09 15:00:00 C:\WINDOWS\Tasks\At107.job"
- C:\WINDOWS\System32\v3Eo5P78.exe
"2008-06-09 16:00:00 C:\WINDOWS\Tasks\At108.job"
- C:\WINDOWS\System32\v3Eo5P78.exe
"2008-06-08 17:00:00 C:\WINDOWS\Tasks\At109.job"
- C:\WINDOWS\System32\v3Eo5P78.exe
"2008-06-10 18:00:00 C:\WINDOWS\Tasks\At110.job"
- C:\WINDOWS\System32\v3Eo5P78.exe
"2008-06-08 19:00:00 C:\WINDOWS\Tasks\At111.job"
- C:\WINDOWS\System32\v3Eo5P78.exe
"2008-06-08 20:00:00 C:\WINDOWS\Tasks\At112.job"
- C:\WINDOWS\System32\v3Eo5P78.exe
"2008-06-08 21:00:00 C:\WINDOWS\Tasks\At113.job"
- C:\WINDOWS\System32\v3Eo5P78.exe
"2008-06-08 22:00:00 C:\WINDOWS\Tasks\At114.job"
- C:\WINDOWS\System32\v3Eo5P78.exe
"2008-06-08 23:00:00 C:\WINDOWS\Tasks\At115.job"
- C:\WINDOWS\System32\v3Eo5P78.exe
"2008-06-08 00:00:00 C:\WINDOWS\Tasks\At116.job"
- C:\WINDOWS\System32\v3Eo5P78.exe
"2008-06-08 01:00:00 C:\WINDOWS\Tasks\At117.job"
- C:\WINDOWS\System32\v3Eo5P78.exe
"2008-06-09 02:00:00 C:\WINDOWS\Tasks\At118.job"
- C:\WINDOWS\System32\v3Eo5P78.exe
"2008-06-09 03:00:00 C:\WINDOWS\Tasks\At119.job"
- C:\WINDOWS\System32\v3Eo5P78.exe
"2008-06-10 04:00:00 C:\WINDOWS\Tasks\At120.job"
- C:\WINDOWS\System32\v3Eo5P78.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-11 08:36:06
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\AntiSpyware Enterprise\VsTskMgr.exe
C:\PROGRA~1\McAfee\COMMON~1\naPrdMgr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Advanced Registry Doctor\RegManServ.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
.
**************************************************************************
.
Completion time: 2008-06-11 8:39:12 - machine was rebooted [Daddio]
ComboFix-quarantined-files.txt 2008-06-11 13:39:05

Pre-Run: 34,700,148,736 bytes free
Post-Run: 34,600,202,240 bytes free

292

ComboFix 08-06-10.3 - Daddio 2008-06-11 8:28:36.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.578 [GMT -5:00]
Running from: C:\Documents and Settings\Daddio\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\bold.log
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\BM97d2fd1b.xml
C:\WINDOWS\hosts
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\awtrRLFW.dll
C:\WINDOWS\system32\dlystrqi.dll
C:\WINDOWS\system32\fyxbssxm.dll
C:\WINDOWS\system32\hhkmp.ini
C:\WINDOWS\system32\hhkmp.ini2
C:\WINDOWS\system32\iiffGXNh.dll
C:\WINDOWS\system32\jnerypcx.dll
C:\WINDOWS\system32\lhwvdxpt.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mrjdtihw.dll
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\pxgkwwgg.ini
C:\WINDOWS\system32\rgjgkrna.dll
C:\WINDOWS\system32\SvCKknnn.ini
C:\WINDOWS\system32\SvCKknnn.ini2
C:\WINDOWS\system32\tvvwa.ini
C:\WINDOWS\system32\tvvwa.ini2
C:\WINDOWS\system32\vllnaele.dll
C:\WINDOWS\system32\WFLRrtwa.ini
C:\WINDOWS\system32\wsqakdsm.dll
C:\WINDOWS\system32\xbguyujq.dll
C:\WINDOWS\system32\xIjPqXyb.ini
C:\WINDOWS\system32\xIjPqXyb.ini2

----- BITS: Possible infected sites -----

hxxp://view.afzr.net
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_OHCIUSB
-------\Service_ohciusb


((((((((((((((((((((((((( Files Created from 2008-05-11 to 2008-06-11 )))))))))))))))))))))))))))))))
.

2008-06-11 07:39 . 2008-06-11 07:39 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-11 07:39 . 2008-06-11 07:39 <DIR> d-------- C:\Documents and Settings\Daddio\Application Data\Malwarebytes
2008-06-11 07:39 . 2008-06-11 07:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-11 07:39 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-11 07:39 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-09 10:51 . 2008-06-09 10:51 <DIR> d-------- C:\Deckard
2008-06-09 09:46 . 2008-06-09 09:46 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-08 20:58 . 2008-06-08 20:58 346,624 --a------ C:\WINDOWS\system32\byXqPjIx.old
2008-06-08 20:29 . 2008-06-08 20:29 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-06-08 18:10 . 2008-06-08 18:10 346,624 --a------ C:\WINDOWS\system32\nnnkKCvS.old
2008-06-08 18:10 . 2008-06-08 18:10 100,352 --a------ C:\WINDOWS\system32\xdjdlckj.old
2008-05-17 14:05 . 2008-05-17 14:05 39,424 --a------ C:\WINDOWS\zipinst.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-09 04:12 --------- d-----w C:\Documents and Settings\Daddio\Application Data\AVG7
2008-06-09 01:53 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-09 01:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-08 23:21 --------- d-----w C:\Documents and Settings\Daddio\Application Data\uTorrent
2008-05-16 17:19 --------- d-----w C:\Documents and Settings\Daddio\Application Data\U3
2008-05-16 16:11 --------- d-----w C:\Program Files\dvdSanta
2008-05-01 14:01 --------- d-----w C:\Documents and Settings\Daddio\Application Data\abelhadigital.com
2008-05-01 14:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\abelhadigital.com
2008-05-01 14:00 --------- d-----w C:\Program Files\abelhadigital.com
2008-04-19 05:40 --------- d-----w C:\Documents and Settings\Daddio\Application Data\TopLang
2008-04-19 05:36 --------- d-----w C:\Program Files\OEBackup
2008-04-14 20:15 --------- d-----w C:\Program Files\My Lockbox
2008-04-14 18:03 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-04-14 18:03 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2008-04-14 17:58 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2008-04-14 17:57 --------- d-----w C:\Program Files\Microsoft IntelliType Pro
2008-04-14 17:56 --------- d-----w C:\Program Files\MSXML 6.0
2008-04-06 23:34 2,642 ----a-w C:\WINDOWS\system32\tmp.reg
2008-03-14 04:11 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2008-03-14 04:11 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2007-12-17 04:00 87,608 ----a-w C:\Documents and Settings\Daddio\Application Data\inst.exe
2007-12-17 04:00 47,360 ----a-w C:\Documents and Settings\Daddio\Application Data\pcouffin.sys
2004-11-12 15:41 57,344 ----a-w C:\Documents and Settings\Daddio\DropMyRights.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE"="C:\Program Files\McAfee\AntiSpyware Enterprise\SHSTAT.exe" [2005-12-07 08:50 110592]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UpdaterUI.exe" [2005-10-26 15:50 139320]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-04 18:51 579072]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2008-01-24 17:03 316728]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 14:13 988584]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 14:01 1037736]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2002-08-29 03:41 145408]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-23 11:16 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=anifix1.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"VIDC.NTN1"= NUVision.ax
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll
"VIDC.DVSD"= pdvcodec.dll
"msacm.divxa32"= msaud32_divx.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BoosterTray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BoosterTray.lnk
backup=C:\WINDOWS\pss\BoosterTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eEye Windows Animated Cursor Patch Checker.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eEye Windows Animated Cursor Patch Checker.lnk
backup=C:\WINDOWS\pss\eEye Windows Animated Cursor Patch Checker.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Daddio^Start Menu^Programs^Startup^TA_Start.lnk]
path=C:\Documents and Settings\Daddio\Start Menu\Programs\Startup\TA_Start.lnk
backup=C:\WINDOWS\pss\TA_Start.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Daddio^Start Menu^Programs^Startup^Vongo Tray.lnk]
path=C:\Documents and Settings\Daddio\Start Menu\Programs\Startup\Vongo Tray.lnk
backup=C:\WINDOWS\pss\Vongo Tray.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\$Volumouse$]
C:\Program Files\Volumouse\volumouse.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\94e1ce87]
C:\WINDOWS\System32\hrudhhyq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2006-09-14 07:55 61440 C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 03:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
--a------ 2006-04-12 18:54 458752 C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM97d2fd1b]
C:\WINDOWS\System32\vllnaele.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2005-05-19 08:47 57344 C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Default]
c:\windows\Temp\regapi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\flockbox]
--a------ 2007-12-14 16:59 1071472 C:\Program Files\My Lockbox\flockbox.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-11 23:12 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IM]
C:\Program Files\IM\IMLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-06-10 09:44 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-06-28 09:14 270648 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2002-08-29 03:41 1511453 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\System32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp]
C:\Program Files\Pure Networks\Network Magic\nmapp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
C:\Program Files\Pando Networks\Pando\Pando.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
C:\WINDOWS\System32\PSDrvCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Plugin Install]
--a------ 2007-01-13 13:33 49152 C:\Program Files\QuickTime\Plugins\DeleteMe1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2005-01-12 03:01 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Second Copy]
C:\PROGRA~1\SecCopy\SecCopy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TopDesk]
C:\Program Files\TopDesk\topdesk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
--a------ 2008-04-06 19:01 873552 C:\Program Files\Trojan Remover\Trjscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload]
--------- 2006-03-06 23:52 36864 C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{1C-CE-E2-28-ZN}]
c:\windows\system32\dwdsrngt.exe

R0 MPRIFL;MPRIFL;C:\WINDOWS\System32\DRIVERS\MPRIFL.SYS [2007-12-13 20:13]
R2 cvintdrv;cvintdrv;C:\WINDOWS\System32\drivers\cvintdrv.sys [2000-09-07 10:00]
S2 ousbehci;NEC PCI to USB Enhanced Host Controller;C:\WINDOWS\System32\Drivers\ousbehci.sys [2003-04-15 08:58]
S2 Parclass;Parclass;C:\WINDOWS\System32\Drivers\Parclass.sys [2003-02-10 14:30]
S3 hcdriver;EHCI;C:\WINDOWS\System32\Drivers\hcdriver.sys [2003-04-25 22:16]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\System32\drivers\npf.sys [2007-06-28 19:01]
S3 NUVision;NUVision II Video Service;C:\WINDOWS\System32\DRIVERS\nuvvid2.sys [2001-10-28 16:34]
S3 OlCamudp;OLYMPUS Digital Camera;C:\WINDOWS\System32\Drivers\olcamudp.sys [2000-02-08 08:55]
S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;C:\WINDOWS\System32\DRIVERS\ousb2hub.sys [2003-04-15 08:58]
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;C:\WINDOWS\System32\PLCNDIS5.SYS [2002-09-09 13:53]
S3 ptiusbf;PTI USB Filter;C:\WINDOWS\System32\DRIVERS\PTIUSBF.SYS []
S3 radmrdd;radmrdd;C:\WINDOWS\System32\DRIVERS\radmrdd.sys []
S3 StMp3Rec;Player Recovery Device Control Driver;C:\WINDOWS\System32\Drivers\StMp3Rec.sys [2005-08-16 10:23]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-09 15:00:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-28 08:00:00 C:\WINDOWS\Tasks\At100.job"
- C:\WINDOWS\System32\v3Eo5P78.exe
"2008-05-28 09:00:00 C:\WINDOWS\Tasks\At101.job"
- C:\WINDOWS\System32\v3Eo5P78.exe
"2008-05-28 10:00:00 C:\WINDOWS\Tasks\At102.job"
- C:\WINDOWS\System32\v3Eo5P78.exe
"2008-05-28 11:00:00 C:\WINDOWS\Tasks\At103.job"
- C:\WINDOWS\System32\v3Eo5P78.exe
"2008-05-28 12:00:00 C:\WINDOWS\Tasks\At104.job"
- C:\WINDOWS\System32\v3Eo5P78.exe
"2008-06-11 13:00:00 C:\WINDOWS\Tasks\At105.job"
- C:\WINDOWS\System32\v3Eo5P78.exe
"2008-06-09 14:00:00 C:\WINDOWS\Tasks\At106.job"
- C:\WINDOWS\System32\v3Eo5P78.exe
"2008-06-09 15:00:00 C:\WINDOWS\Tasks\At107.job"
- C:\WINDOWS\System32\v3Eo5P78.exe
"2008-06-09 16:00:00 C:\WINDOWS\Tasks\At108.job"
- C:\WINDOWS\System32\v3Eo5P78.exe
"2008-06-08 17:00:00 C:\WINDOWS\Tasks\At109.job"
- C:\WINDOWS\System32\v3Eo5P78.exe
"2008-06-10 18:00:00 C:\WINDOWS\Tasks\At110.job"
- C:\WINDOWS\System32\v3Eo5P78.exe
"2008-06-08 19:00:00 C:\WINDOWS\Tasks\At111.job"
- C:\WINDOWS\System32\v3Eo5P78.exe
"2008-06-08 20:00:00 C:\WINDOWS\Tasks\At112.job"
- C:\WINDOWS\System32\v3Eo5P78.exe
"2008-06-08 21:00:00 C:\WINDOWS\Tasks\At113.job"
- C:\WINDOWS\System32\v3Eo5P78.exe
"2008-06-08 22:00:00 C:\WINDOWS\Tasks\At114.job"
- C:\WINDOWS\System32\v3Eo5P78.exe
"2008-06-08 23:00:00 C:\WINDOWS\Tasks\At115.job"
- C:\WINDOWS\System32\v3Eo5P78.exe
"2008-06-08 00:00:00 C:\WINDOWS\Tasks\At116.job"
- C:\WINDOWS\System32\v3Eo5P78.exe
"2008-06-08 01:00:00 C:\WINDOWS\Tasks\At117.job"
- C:\WINDOWS\System32\v3Eo5P78.exe
"2008-06-09 02:00:00 C:\WINDOWS\Tasks\At118.job"
- C:\WINDOWS\System32\v3Eo5P78.exe
"2008-06-09 03:00:00 C:\WINDOWS\Tasks\At119.job"
- C:\WINDOWS\System32\v3Eo5P78.exe
"2008-06-10 04:00:00 C:\WINDOWS\Tasks\At120.job"
- C:\WINDOWS\System32\v3Eo5P78.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-11 08:36:06
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\AntiSpyware Enterprise\VsTskMgr.exe
C:\PROGRA~1\McAfee\COMMON~1\naPrdMgr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Advanced Registry Doctor\RegManServ.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
.
**************************************************************************
.
Completion time: 2008-06-11 8:39:12 - machine was rebooted [Daddio]
ComboFix-quarantined-files.txt 2008-06-11 13:39:05

Pre-Run: 34,700,148,736 bytes free
Post-Run: 34,600,202,240 bytes free

292

#4 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:08:03 AM

Posted 11 June 2008 - 10:02 AM

Hello Plato12,

Please disable Winpatrol, as it may interfere with the removal of some entries.
You can re-enable it after you're system is clean.
Right click the running icon of Winpatrol, and choose Exit.

Let's clean up some more :

Open Notepad - don't use any other texteditor than Notepad or the script will fail !
Copy/paste the bold, blue text below into an empty notepad window:File::
C:\WINDOWS\system32\byXqPjIx.old
C:\WINDOWS\system32\nnnkKCvS.old
C:\WINDOWS\system32\xdjdlckj.old
C:\WINDOWS\System32\v3Eo5P78.exe
C:\WINDOWS\Tasks\At100.job
C:\WINDOWS\Tasks\At101.job
C:\WINDOWS\Tasks\At102.job
C:\WINDOWS\Tasks\At103.job
C:\WINDOWS\Tasks\At104.job
C:\WINDOWS\Tasks\At105.job
C:\WINDOWS\Tasks\At106.job
C:\WINDOWS\Tasks\At107.job
C:\WINDOWS\Tasks\At108.job
C:\WINDOWS\Tasks\At109.job
C:\WINDOWS\Tasks\At110.job
C:\WINDOWS\Tasks\At111.job
C:\WINDOWS\Tasks\At112.job
C:\WINDOWS\Tasks\At113.job
C:\WINDOWS\Tasks\At114.job
C:\WINDOWS\Tasks\At115.job
C:\WINDOWS\Tasks\At116.job
C:\WINDOWS\Tasks\At117.job
C:\WINDOWS\Tasks\At118.job
C:\WINDOWS\Tasks\At119.job
C:\WINDOWS\Tasks\At120.job
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\94e1ce87]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM97d2fd1b]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Default]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{1C-CE-E2-28-ZN}]

Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. Upon reboot, (in case it asks to reboot), post the contents of the Combofix log in your next reply, as well as a fresh HijackThislog.

Still having problems ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#5 plato12

plato12
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 11 June 2008 - 11:17 AM

Here's the logs Thunder. Winpatrol still popping up with that change to homepage of slobstyle.com

File::
C:\WINDOWS\system32\byXqPjIx.old
C:\WINDOWS\system32\nnnkKCvS.old
C:\WINDOWS\system32\xdjdlckj.old
C:\WINDOWS\System32\v3Eo5P78.exe
C:\WINDOWS\Tasks\At100.job
C:\WINDOWS\Tasks\At101.job
C:\WINDOWS\Tasks\At102.job
C:\WINDOWS\Tasks\At103.job
C:\WINDOWS\Tasks\At104.job
C:\WINDOWS\Tasks\At105.job
C:\WINDOWS\Tasks\At106.job
C:\WINDOWS\Tasks\At107.job
C:\WINDOWS\Tasks\At108.job
C:\WINDOWS\Tasks\At109.job
C:\WINDOWS\Tasks\At110.job
C:\WINDOWS\Tasks\At111.job
C:\WINDOWS\Tasks\At112.job
C:\WINDOWS\Tasks\At113.job
C:\WINDOWS\Tasks\At114.job
C:\WINDOWS\Tasks\At115.job
C:\WINDOWS\Tasks\At116.job
C:\WINDOWS\Tasks\At117.job
C:\WINDOWS\Tasks\At118.job
C:\WINDOWS\Tasks\At119.job
C:\WINDOWS\Tasks\At120.job
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\94e1ce87]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM97d2fd1b]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Default]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{1C-CE-E2-28-ZN}]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:39:38 AM, on 6/11/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\AntiSpyware Enterprise\VsTskMgr.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Advanced Registry Doctor\RegManServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\McAfee\AntiSpyware Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UpdaterUI.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\AntiSpyware Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: Cab1 - http://video.uviewit.com/cgi-bin/uViewIt-Web.cab
O16 - DPF: {50BD5CDA-4BA8-4048-8FAA-763F222E41D8} - ms-its:mhtml:file://c:\\nores.mht!http://adxrnet.net/code/chm/xpre.chm::/xpreload.ocx
O20 - AppInit_DLLs: anifix1.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\AntiSpyware Enterprise\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Program Files\Advanced Registry Doctor\RegManServ.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 5920 bytes

#6 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:08:03 AM

Posted 11 June 2008 - 02:07 PM

Hello Plato12,

Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following, if still present :O16 - DPF: {50BD5CDA-4BA8-4048-8FAA-763F222E41D8} - ms-its:mhtml:file://c:\\nores.mht!http://adxrnet.net/code/chm/xpre.chm::/xpreload.ocx
O24 - Desktop Component 0: (no name) - (no file)

Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Reboot your system and check if WinPatrol still finds any problems.

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#7 plato12

plato12
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 11 June 2008 - 11:10 PM

Unfortunately, it is still coming up. Here's Hijack log. I also tried with minimal services running and it still popped up. Just got in from work, hope you don't mind if I continue in morning. Thanks again Thunder.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:04:12 AM, on 6/12/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\AntiSpyware Enterprise\VsTskMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Advanced Registry Doctor\RegManServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\McAfee\AntiSpyware Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UpdaterUI.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\AntiSpyware Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: Cab1 - http://video.uviewit.com/cgi-bin/uViewIt-Web.cab
O20 - AppInit_DLLs: anifix1.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\AntiSpyware Enterprise\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Program Files\Advanced Registry Doctor\RegManServ.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - (no file)

#8 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:08:03 AM

Posted 12 June 2008 - 04:47 AM

Hello Plato12,

Can you post the entire last ComboFix log please ? (previous post only included part of it)

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#9 plato12

plato12
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 12 June 2008 - 04:23 PM

sorry for delay, i seem to have caught this stomach virus that's going through my family. Thanks for patience Thunder.


ComboFix 08-06-10.3 - Daddio 2008-06-11 10:34:05.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.544 [GMT -5:00]
Running from: C:\Documents and Settings\Daddio\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Daddio\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\system32\byXqPjIx.old
C:\WINDOWS\system32\nnnkKCvS.old
C:\WINDOWS\System32\v3Eo5P78.exe
C:\WINDOWS\system32\xdjdlckj.old
C:\WINDOWS\Tasks\At100.job
C:\WINDOWS\Tasks\At101.job
C:\WINDOWS\Tasks\At102.job
C:\WINDOWS\Tasks\At103.job
C:\WINDOWS\Tasks\At104.job
C:\WINDOWS\Tasks\At105.job
C:\WINDOWS\Tasks\At106.job
C:\WINDOWS\Tasks\At107.job
C:\WINDOWS\Tasks\At108.job
C:\WINDOWS\Tasks\At109.job
C:\WINDOWS\Tasks\At110.job
C:\WINDOWS\Tasks\At111.job
C:\WINDOWS\Tasks\At112.job
C:\WINDOWS\Tasks\At113.job
C:\WINDOWS\Tasks\At114.job
C:\WINDOWS\Tasks\At115.job
C:\WINDOWS\Tasks\At116.job
C:\WINDOWS\Tasks\At117.job
C:\WINDOWS\Tasks\At118.job
C:\WINDOWS\Tasks\At119.job
C:\WINDOWS\Tasks\At120.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Daddio\Application Data\inst.exe
C:\WINDOWS\system32\byXqPjIx.old
C:\WINDOWS\system32\monterreyn_olive.exe
C:\WINDOWS\system32\monterreyo_olive.exe
C:\WINDOWS\system32\nnnkKCvS.old
C:\WINDOWS\system32\xdjdlckj.old
C:\WINDOWS\Tasks\At100.job
C:\WINDOWS\Tasks\At101.job
C:\WINDOWS\Tasks\At102.job
C:\WINDOWS\Tasks\At103.job
C:\WINDOWS\Tasks\At104.job
C:\WINDOWS\Tasks\At105.job
C:\WINDOWS\Tasks\At106.job
C:\WINDOWS\Tasks\At107.job
C:\WINDOWS\Tasks\At108.job
C:\WINDOWS\Tasks\At109.job
C:\WINDOWS\Tasks\At110.job
C:\WINDOWS\Tasks\At111.job
C:\WINDOWS\Tasks\At112.job
C:\WINDOWS\Tasks\At113.job
C:\WINDOWS\Tasks\At114.job
C:\WINDOWS\Tasks\At115.job
C:\WINDOWS\Tasks\At116.job
C:\WINDOWS\Tasks\At117.job
C:\WINDOWS\Tasks\At118.job
C:\WINDOWS\Tasks\At119.job
C:\WINDOWS\Tasks\At120.job

.
((((((((((((((((((((((((( Files Created from 2008-05-11 to 2008-06-11 )))))))))))))))))))))))))))))))
.

2008-06-11 07:39 . 2008-06-11 07:39 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-11 07:39 . 2008-06-11 07:39 <DIR> d-------- C:\Documents and Settings\Daddio\Application Data\Malwarebytes
2008-06-11 07:39 . 2008-06-11 07:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-11 07:39 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-11 07:39 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-09 10:51 . 2008-06-09 10:51 <DIR> d-------- C:\Deckard
2008-06-09 09:46 . 2008-06-09 09:46 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-08 20:29 . 2008-06-08 20:29 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-05-17 14:05 . 2008-05-17 14:05 39,424 --a------ C:\WINDOWS\zipinst.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-09 04:12 --------- d-----w C:\Documents and Settings\Daddio\Application Data\AVG7
2008-06-09 01:53 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-09 01:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-08 23:21 --------- d-----w C:\Documents and Settings\Daddio\Application Data\uTorrent
2008-05-16 17:19 --------- d-----w C:\Documents and Settings\Daddio\Application Data\U3
2008-05-16 16:11 --------- d-----w C:\Program Files\dvdSanta
2008-05-01 14:01 --------- d-----w C:\Documents and Settings\Daddio\Application Data\abelhadigital.com
2008-05-01 14:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\abelhadigital.com
2008-05-01 14:00 --------- d-----w C:\Program Files\abelhadigital.com
2008-04-19 05:40 --------- d-----w C:\Documents and Settings\Daddio\Application Data\TopLang
2008-04-19 05:36 --------- d-----w C:\Program Files\OEBackup
2008-04-14 20:15 --------- d-----w C:\Program Files\My Lockbox
2008-04-14 18:03 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-04-14 18:03 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2008-04-14 17:58 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2008-04-14 17:57 --------- d-----w C:\Program Files\Microsoft IntelliType Pro
2008-04-14 17:56 --------- d-----w C:\Program Files\MSXML 6.0
2008-04-06 23:34 2,642 ----a-w C:\WINDOWS\system32\tmp.reg
2008-03-14 04:11 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2008-03-14 04:11 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2007-12-17 04:00 47,360 ----a-w C:\Documents and Settings\Daddio\Application Data\pcouffin.sys
2004-11-12 15:41 57,344 ----a-w C:\Documents and Settings\Daddio\DropMyRights.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE"="C:\Program Files\McAfee\AntiSpyware Enterprise\SHSTAT.exe" [2005-12-07 08:50 110592]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UpdaterUI.exe" [2005-10-26 15:50 139320]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-04 18:51 579072]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2008-01-24 17:03 316728]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 14:13 988584]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 14:01 1037736]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2002-08-29 03:41 145408]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-23 11:16 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=anifix1.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"VIDC.NTN1"= NUVision.ax
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll
"VIDC.DVSD"= pdvcodec.dll
"msacm.divxa32"= msaud32_divx.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BoosterTray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BoosterTray.lnk
backup=C:\WINDOWS\pss\BoosterTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eEye Windows Animated Cursor Patch Checker.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eEye Windows Animated Cursor Patch Checker.lnk
backup=C:\WINDOWS\pss\eEye Windows Animated Cursor Patch Checker.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Daddio^Start Menu^Programs^Startup^TA_Start.lnk]
path=C:\Documents and Settings\Daddio\Start Menu\Programs\Startup\TA_Start.lnk
backup=C:\WINDOWS\pss\TA_Start.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Daddio^Start Menu^Programs^Startup^Vongo Tray.lnk]
path=C:\Documents and Settings\Daddio\Start Menu\Programs\Startup\Vongo Tray.lnk
backup=C:\WINDOWS\pss\Vongo Tray.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\$Volumouse$]
C:\Program Files\Volumouse\volumouse.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2006-09-14 07:55 61440 C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 03:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
--a------ 2006-04-12 18:54 458752 C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2005-05-19 08:47 57344 C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\flockbox]
--a------ 2007-12-14 16:59 1071472 C:\Program Files\My Lockbox\flockbox.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-11 23:12 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IM]
C:\Program Files\IM\IMLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-06-10 09:44 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-06-28 09:14 270648 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2002-08-29 03:41 1511453 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\System32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp]
C:\Program Files\Pure Networks\Network Magic\nmapp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
C:\Program Files\Pando Networks\Pando\Pando.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
C:\WINDOWS\System32\PSDrvCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Plugin Install]
--a------ 2007-01-13 13:33 49152 C:\Program Files\QuickTime\Plugins\DeleteMe1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2005-01-12 03:01 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Second Copy]
C:\PROGRA~1\SecCopy\SecCopy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TopDesk]
C:\Program Files\TopDesk\topdesk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
--a------ 2008-04-06 19:01 873552 C:\Program Files\Trojan Remover\Trjscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload]
--------- 2006-03-06 23:52 36864 C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe

R0 MPRIFL;MPRIFL;C:\WINDOWS\System32\DRIVERS\MPRIFL.SYS [2007-12-13 20:13]
R2 cvintdrv;cvintdrv;C:\WINDOWS\System32\drivers\cvintdrv.sys [2000-09-07 10:00]
S2 ousbehci;NEC PCI to USB Enhanced Host Controller;C:\WINDOWS\System32\Drivers\ousbehci.sys [2003-04-15 08:58]
S2 Parclass;Parclass;C:\WINDOWS\System32\Drivers\Parclass.sys [2003-02-10 14:30]
S3 hcdriver;EHCI;C:\WINDOWS\System32\Drivers\hcdriver.sys [2003-04-25 22:16]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\System32\drivers\npf.sys [2007-06-28 19:01]
S3 NUVision;NUVision II Video Service;C:\WINDOWS\System32\DRIVERS\nuvvid2.sys [2001-10-28 16:34]
S3 OlCamudp;OLYMPUS Digital Camera;C:\WINDOWS\System32\Drivers\olcamudp.sys [2000-02-08 08:55]
S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;C:\WINDOWS\System32\DRIVERS\ousb2hub.sys [2003-04-15 08:58]
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;C:\WINDOWS\System32\PLCNDIS5.SYS [2002-09-09 13:53]
S3 ptiusbf;PTI USB Filter;C:\WINDOWS\System32\DRIVERS\PTIUSBF.SYS []
S3 radmrdd;radmrdd;C:\WINDOWS\System32\DRIVERS\radmrdd.sys []
S3 StMp3Rec;Player Recovery Device Control Driver;C:\WINDOWS\System32\Drivers\StMp3Rec.sys [2005-08-16 10:23]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-09 15:00:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-11 10:36:02
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-11 10:37:04
ComboFix-quarantined-files.txt 2008-06-11 15:37:01
ComboFix2.txt 2008-06-11 13:39:13

Pre-Run: 34,597,171,200 bytes free
Post-Run: 34,584,281,088 bytes free

241

#10 plato12

plato12
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 12 June 2008 - 06:45 PM

Thunder,
It seems to be working fine. No more popups. I wrote to tell you earlier and the website was down for maintenance.I want to thank you for your time and saving me from having to reformat computer.You guys do a great service and I will be donating. Again thanks for everything.
plato12

#11 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:08:03 AM

Posted 13 June 2008 - 08:31 AM

Glad we could help, Plato12

I hope you recover as fast a your PC did. :thumbsup:

You can remove all used tools and folders created in the process.
To remove ComboFix :
Go to Start > Run, and copy and paste next command in the field:ComboFix /u
Make sure there's a space between Combofix and /u
Then press Enter.
This will uninstall Combofix, delete its related folders and files, restore your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users