Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Trojan.virtumonde


  • Please log in to reply
6 replies to this topic

#1 scitronix

scitronix

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:46 AM

Posted 09 June 2008 - 12:22 PM

I know that i am infected with virtumonde, i have had several attempts on my own to get rid of this but every time i log into windows and open up "My computer", it gives me a fake system alert and tries to open up internet explorer. I have Kaspersky Internet Security and even that will not get rid of it. I am out of options and don't know what to do to get my system clean... it seems hopeless lol. In the past i have tried combo fix, 2 virtumonde be gone programs, and spyware doctor. They can't see it anymore but i know it is def. still there. Here is my hijack this log....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:13:01 AM, on 6/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Michael DeBrosse\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\MICHAE~1.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {6130B975-BF86-4205-9C90-27672EC900F7} - (no file)
O2 - BHO: (no name) - {777AF7A8-4CDA-45C8-AFC3-4A7D2C2A9F75} - C:\WINDOWS\system32\encap.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1194400166812
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: jkkHWOfg - jkkHWOfg.dll (file missing)
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

--
End of file - 6467 bytes

-- Files created between 2008-05-09 and 2008-06-09 -----------------------------

2008-06-09 10:09:02 0 d-------- C:\Program Files\Trend Micro
2008-06-07 15:08:48 96966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-06-07 15:08:48 88774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-06-07 15:08:03 0 d-------- C:\Program Files\Kaspersky Lab
2008-06-07 15:07:59 39200 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-07 15:07:59 4707616 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-06 18:21:00 0 dr-h----- C:\Documents and Settings\Michael DeBrosse\Recent
2008-06-06 11:09:23 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-06-06 11:09:22 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-06-05 12:53:51 0 d-------- C:\Norton
2008-06-05 10:10:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-05 10:10:03 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-05 09:37:47 68096 --a------ C:\WINDOWS\zip.exe
2008-06-05 09:37:47 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-05 09:37:47 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-05 09:37:47 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-05 09:37:47 98816 --a------ C:\WINDOWS\sed.exe
2008-06-05 09:37:47 80412 --a------ C:\WINDOWS\grep.exe
2008-06-05 09:37:47 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-03 22:43:02 691545 --a------ C:\WINDOWS\unins000.exe
2008-06-03 22:43:02 4674 --a------ C:\WINDOWS\unins000.dat
2008-06-03 20:26:29 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-05-29 20:11:27 0 d-------- C:\Program Files\Yahoo!
2008-05-29 20:11:19 0 d-------- C:\Program Files\CCleaner
2008-05-28 21:07:37 0 d-------- C:\VundoFix Backups
2008-05-28 19:49:45 0 d-------- C:\Program Files\Spyware Doctor
2008-05-28 19:49:45 0 d-------- C:\Documents and Settings\Michael DeBrosse\Application Data\PC Tools
2008-05-23 20:19:14 0 dr-h----- C:\Documents and Settings\LocalService\Recent
2008-05-22 23:06:22 0 d-------- C:\Documents and Settings\Michael DeBrosse\Application Data\Mozilla
2008-05-14 14:56:37 0 d-------- C:\Documents and Settings\LocalService\Application Data\iolo
2008-05-14 14:56:31 126976 --a------ C:\WINDOWS\system32\iavlsp.dll
2008-05-14 14:53:11 37888 --a------ C:\WINDOWS\system32\rar.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
2008-05-14 14:22:12 28160 --a------ C:\WINDOWS\system32\zlib.dll <Not Verified; ; ZLib.DLL>
2008-05-14 14:21:26 40960 --a------ C:\WINDOWS\Keygen.exe
2008-05-14 14:14:52 74703 --a------ C:\WINDOWS\system32\mfc45.dll
2008-05-14 14:14:49 0 d-------- C:\Documents and Settings\Michael DeBrosse\Application Data\iolo
2008-05-14 14:14:49 0 d-------- C:\Documents and Settings\All Users\Application Data\iolo


-- Find3M Report ---------------------------------------------------------------

2008-06-09 09:56:10 0 --a------ C:\WINDOWS\TempFile
2008-06-09 09:17:31 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-09 09:17:27 0 d-------- C:\Program Files\Symantec AntiVirus
2008-06-05 10:07:19 0 d-------- C:\Program Files\Java
2008-06-05 10:07:19 0 d-------- C:\Program Files\Common Files
2008-06-05 09:08:00 1533 --a------ C:\WINDOWS\mozver.dat
2008-06-03 20:22:24 0 d-------- C:\Documents and Settings\Michael DeBrosse\Application Data\Vso
2008-06-03 20:22:24 47360 --a------ C:\Documents and Settings\Michael DeBrosse\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-06-03 20:22:24 33 --a------ C:\Documents and Settings\Michael DeBrosse\Application Data\pcouffin.log
2008-06-03 20:22:24 1144 --a------ C:\Documents and Settings\Michael DeBrosse\Application Data\pcouffin.inf
2008-06-03 20:22:24 7887 --a------ C:\Documents and Settings\Michael DeBrosse\Application Data\pcouffin.cat
2008-06-03 20:21:46 0 d-------- C:\Program Files\Common Files\AOL
2008-06-03 20:21:05 0 d-------- C:\Documents and Settings\Michael DeBrosse\Application Data\uTorrent
2008-05-22 23:04:32 0 d-------- C:\Program Files\Mozilla Firefox 3 Beta 1
2008-05-19 16:35:40 0 d-------- C:\Program Files\DVDFab Platinum 4
2008-05-19 02:52:25 0 d-------- C:\Documents and Settings\Michael DeBrosse\Application Data\Azureus
2008-05-18 19:18:18 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-15 18:49:44 984576 --a------ C:\Documents and Settings\Michael DeBrosse\Application Data\kernel33.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-12 00:24:54 0 d-------- C:\Documents and Settings\Michael DeBrosse\Application Data\Adobe
2008-04-20 21:44:11 0 d-------- C:\Documents and Settings\Michael DeBrosse\Application Data\MonkeyJam
2008-03-18 13:28:42 27997 --a------ C:\WINDOWS\scunin.dat
2008-03-18 13:28:39 967 --a------ C:\WINDOWS\ScUnin.pif
2008-03-18 13:28:38 94208 --a------ C:\WINDOWS\ScUnin.exe <Not Verified; Blizzard Entertainment; Starcraft Uninstaller>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6130B975-BF86-4205-9C90-27672EC900F7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{777AF7A8-4CDA-45C8-AFC3-4A7D2C2A9F75}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [06/28/2007 12:51 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkHWOfg]
jkkHWOfg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk
backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WLAN Configuration Utility.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WLAN Configuration Utility.lnk
backup=C:\WINDOWS\pss\WLAN Configuration Utility.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
"C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
"C:\Program Files\Ares\Ares.exe" -h

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
HDAudPropShortcut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
"C:\Program Files\Spyware Doctor\pctsTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\The Rush Limbaugh Show]
C:\Program Files\Rush 24-7 Media Center\Rush 24-7 Media Center.exe /noopen

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
C:\PROGRA~1\SYMANT~1\VPTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"btwdins"=2 (0x2)
"idsvc"=3 (0x3)
"AresChatServer"=3 (0x3)
"Symantec AntiVirus"=2 (0x2)
"DefWatch"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"SNDSrvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"aawservice"=2 (0x2)
"iPod Service"=3 (0x3)
"StarWindServiceAE"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"ioloSystemService"=2 (0x2)
"ioloFileInfoList"=2 (0x2)
"dvpapi"=2 (0x2)
"WMPNetworkSvc"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"SavRoam"=3 (0x3)
"ose"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"odserv"=3 (0x3)
"MDM"=2 (0x2)
"Adobe Version Cue CS3"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"sdCoreService"=2 (0x2)
"sdAuxService"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"NVSvc"=2 (0x2)
"SLService"=2 (0x2)
"RMYDNXZT"=3 (0x3)
"dmadmin"=3 (0x3)
"SPBBCSvc"=3 (0x3)
"LiveUpdate"=3 (0x3)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49c0f1b5-8e4c-11dc-a533-001109f7da4f}]




-- End of Deckard's System Scanner: finished at 2008-06-09 10:13:24 ------------


PLEASE HELP!

BC AdBot (Login to Remove)

 


#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 12 June 2008 - 01:30 AM

Hi and Welcome to the forums.

Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall



Note Now!!

I understand you have used CF in the past but we need a fresh version onboard and your trust in these eyes to clear this problem up.

Self Inflicted problem??--> 2008-05-14 14:21:26 40960 --a------ C:\WINDOWS\Keygen.exe

#3 scitronix

scitronix
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  

Posted 12 June 2008 - 01:16 PM

ComboFix 08-06-10.5 - Michael DeBrosse 2008-06-12 11:06:32.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1976 [GMT -7:00]
Running from: C:\Documents and Settings\Michael DeBrosse\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-05-12 to 2008-06-12 )))))))))))))))))))))))))))))))
.

2008-06-09 14:15 . 2008-06-09 14:15 <DIR> d-------- C:\Documents and Settings\Michael DeBrosse\Application Data\Malwarebytes
2008-06-09 14:14 . 2008-06-09 14:15 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-09 14:14 . 2008-06-09 14:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-09 14:14 . 2008-06-05 16:04 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-09 14:14 . 2008-06-05 16:04 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-09 10:09 . 2008-06-09 10:09 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-09 10:05 . 2008-06-09 10:05 <DIR> d-------- C:\Deckard
2008-06-07 15:13 . 2008-06-07 15:13 76 --a------ C:\WINDOWS\system32\ikhcore.cfg
2008-06-07 15:08 . 2008-06-07 15:08 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-06-07 15:08 . 2008-06-07 15:17 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-06-07 15:08 . 2008-06-07 15:17 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-06-07 15:07 . 2008-06-12 11:08 4,969,248 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-07 15:07 . 2008-06-12 11:08 47,648 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-07 15:07 . 2008-06-09 09:41 6,044 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-07 15:07 . 2008-06-09 09:41 4,580 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-05 12:53 . 2008-06-08 03:35 <DIR> d-------- C:\Norton
2008-06-05 12:53 . 2007-12-02 12:56 11,123 --a------ C:\dvt.nfo
2008-06-05 10:10 . 2008-06-05 10:10 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-05 10:10 . 2008-06-09 09:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-03 23:46 . 2008-06-03 23:46 95 --a------ C:\WINDOWS\wininit.ini
2008-06-03 22:43 . 2008-06-03 22:44 691,545 --a------ C:\WINDOWS\unins000.exe
2008-06-03 22:43 . 2008-06-03 22:45 4,674 --a------ C:\WINDOWS\unins000.dat
2008-05-29 20:11 . 2008-05-29 20:12 <DIR> d-------- C:\Program Files\Yahoo!
2008-05-29 20:11 . 2008-05-29 20:11 <DIR> d-------- C:\Program Files\CCleaner
2008-05-28 21:07 . 2008-05-28 21:07 <DIR> d-------- C:\VundoFix Backups
2008-05-28 19:49 . 2008-06-09 09:04 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-05-28 19:49 . 2008-05-28 19:49 <DIR> d-------- C:\Documents and Settings\Michael DeBrosse\Application Data\PC Tools
2008-05-18 01:03 . 2008-06-09 12:40 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-18 01:03 . 2008-05-18 01:03 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-14 15:03 . 2008-05-14 15:03 406 --a------ C:\WINDOWS\system32\ioloBootDefrag.cfg
2008-05-14 15:02 . 2008-05-14 15:02 432 --a------ C:\WINDOWS\system32\iolo.ini
2008-05-14 14:56 . 2008-05-14 14:56 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\iolo
2008-05-14 14:56 . 2007-07-25 09:42 126,976 --a------ C:\WINDOWS\system32\iavlsp.dll
2008-05-14 14:53 . 2008-05-14 15:03 37,888 --a------ C:\WINDOWS\system32\rar.exe
2008-05-14 14:22 . 2008-05-15 18:49 28,160 --a------ C:\WINDOWS\system32\zlib.dll
2008-05-14 14:21 . 2008-05-14 14:22 40,960 --a------ C:\WINDOWS\Keygen.exe
2008-05-14 14:14 . 2008-05-14 16:27 <DIR> d-------- C:\Documents and Settings\Michael DeBrosse\Application Data\iolo
2008-05-14 14:14 . 2008-05-22 22:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo
2008-05-14 14:14 . 2008-05-14 14:14 74,703 --a------ C:\WINDOWS\system32\mfc45.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-09 16:20 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-09 16:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-09 16:17 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-06-09 16:17 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-09 16:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-09 16:04 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-07 22:17 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-06-05 17:07 --------- d-----w C:\Program Files\Java
2008-06-04 03:22 47,360 ----a-w C:\Documents and Settings\Michael DeBrosse\Application Data\pcouffin.sys
2008-06-04 03:22 --------- d-----w C:\Documents and Settings\Michael DeBrosse\Application Data\Vso
2008-06-04 03:21 --------- d-----w C:\Program Files\Common Files\AOL
2008-06-04 03:21 --------- d-----w C:\Documents and Settings\Michael DeBrosse\Application Data\uTorrent
2008-05-23 06:04 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 1
2008-05-19 23:37 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-05-19 23:35 --------- d-----w C:\Program Files\DVDFab Platinum 4
2008-05-19 09:52 --------- d-----w C:\Documents and Settings\Michael DeBrosse\Application Data\Azureus
2008-05-19 02:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-16 01:49 984,576 ----a-w C:\Documents and Settings\Michael DeBrosse\Application Data\kernel33.dll
2008-04-21 04:44 --------- d-----w C:\Documents and Settings\Michael DeBrosse\Application Data\MonkeyJam
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-18 20:28 94,208 ----a-w C:\WINDOWS\ScUnin.exe
2008-03-12 20:10 633,344 ----a-w C:\WINDOWS\system32\gpprefcl.dll
2007-12-05 04:01 2 --shatr C:\WINDOWS\winstart.bat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6130B975-BF86-4205-9C90-27672EC900F7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{777AF7A8-4CDA-45C8-AFC3-4A7D2C2A9F75}]
2008-03-06 22:24 98048 --a------ C:\WINDOWS\system32\encap.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkHWOfg]
jkkHWOfg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk
backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WLAN Configuration Utility.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WLAN Configuration Utility.lnk
backup=C:\WINDOWS\pss\WLAN Configuration Utility.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2007-05-10 23:46 624248 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
--a------ 2007-05-03 17:32 961024 C:\Program Files\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-26 22:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 14:39 1289000 C:\Program Files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--a------ 2004-08-12 18:45 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
C:\Program Files\Spyware Doctor\pctsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-11-02 19:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\The Rush Limbaugh Show]
--a------ 2006-01-23 13:56 1028096 C:\Program Files\Rush 24-7 Media Center\Rush 24-7 Media Center.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
C:\PROGRA~1\SYMANT~1\VPTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"btwdins"=2 (0x2)
"idsvc"=3 (0x3)
"AresChatServer"=3 (0x3)
"Symantec AntiVirus"=2 (0x2)
"DefWatch"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"SNDSrvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"aawservice"=2 (0x2)
"iPod Service"=3 (0x3)
"StarWindServiceAE"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"ioloSystemService"=2 (0x2)
"ioloFileInfoList"=2 (0x2)
"dvpapi"=2 (0x2)
"WMPNetworkSvc"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"SavRoam"=3 (0x3)
"ose"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"odserv"=3 (0x3)
"MDM"=2 (0x2)
"Adobe Version Cue CS3"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"sdCoreService"=2 (0x2)
"sdAuxService"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"NVSvc"=2 (0x2)
"SLService"=2 (0x2)
"RMYDNXZT"=3 (0x3)
"dmadmin"=3 (0x3)
"SPBBCSvc"=3 (0x3)
"LiveUpdate"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R0 vmalxgao;vmalxgao;C:\WINDOWS\system32\drivers\iolzuxhp.dat []
R3 CB54G3;Wireless CB54G3/MP54G3 Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\i2220ntx.sys [2004-04-27 02:56]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
R3 Slazldrv;SmartLink AMR_PCI Driver;C:\WINDOWS\system32\DRIVERS\SLDRV\slazldrv.sys [2005-04-29 02:32]
S4 RMYDNXZT;RMYDNXZT;C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\RMYDNXZT.exe []
S4 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 14:38]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-31 04:52:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-12 11:08:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vmalxgao]
"ImagePath"="system32\drivers\iolzuxhp.dat"
.
Completion time: 2008-06-12 11:10:33
ComboFix-quarantined-files.txt 2008-06-12 18:09:52
ComboFix2.txt 2008-06-07 01:20:03
ComboFix3.txt 2008-06-06 20:32:46
ComboFix4.txt 2008-06-06 20:19:01
ComboFix5.txt 2008-06-05 20:18:59

Pre-Run: 53,238,792,192 bytes free
Post-Run: 53,226,958,848 bytes free

208














-- HijackThis (run as Michael DeBrosse.exe) ------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:14:29 AM, on 6/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Autodesk\Maya8.5\bin\maya.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Michael DeBrosse\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\MICHAE~1.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {6130B975-BF86-4205-9C90-27672EC900F7} - (no file)
O2 - BHO: (no name) - {777AF7A8-4CDA-45C8-AFC3-4A7D2C2A9F75} - C:\WINDOWS\system32\encap.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1194400166812
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: jkkHWOfg - jkkHWOfg.dll (file missing)
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

--
End of file - 6497 bytes

-- Files created between 2008-05-12 and 2008-06-12 -----------------------------

2008-06-12 11:06:00 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-09 14:15:08 0 d-------- C:\Documents and Settings\Michael DeBrosse\Application Data\Malwarebytes
2008-06-09 14:14:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-09 14:14:55 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-09 10:09:02 0 d-------- C:\Program Files\Trend Micro
2008-06-07 15:08:48 96966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-06-07 15:08:48 88774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-06-07 15:08:03 0 d-------- C:\Program Files\Kaspersky Lab
2008-06-07 15:07:59 48160 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-07 15:07:59 4974624 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-06 18:21:00 0 dr-h----- C:\Documents and Settings\Michael DeBrosse\Recent
2008-06-06 11:09:23 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-06-06 11:09:22 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-06-05 12:53:51 0 d-------- C:\Norton
2008-06-05 10:10:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-05 10:10:03 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-05 09:37:47 68096 --a------ C:\WINDOWS\zip.exe
2008-06-05 09:37:47 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-05 09:37:47 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-05 09:37:47 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-05 09:37:47 98816 --a------ C:\WINDOWS\sed.exe
2008-06-05 09:37:47 80412 --a------ C:\WINDOWS\grep.exe
2008-06-05 09:37:47 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-03 22:43:02 691545 --a------ C:\WINDOWS\unins000.exe
2008-06-03 22:43:02 4674 --a------ C:\WINDOWS\unins000.dat
2008-06-03 20:26:29 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-05-29 20:11:27 0 d-------- C:\Program Files\Yahoo!
2008-05-29 20:11:19 0 d-------- C:\Program Files\CCleaner
2008-05-28 21:07:37 0 d-------- C:\VundoFix Backups
2008-05-28 19:49:45 0 d-------- C:\Program Files\Spyware Doctor
2008-05-28 19:49:45 0 d-------- C:\Documents and Settings\Michael DeBrosse\Application Data\PC Tools
2008-05-23 20:19:14 0 dr-h----- C:\Documents and Settings\LocalService\Recent
2008-05-22 23:06:22 0 d-------- C:\Documents and Settings\Michael DeBrosse\Application Data\Mozilla
2008-05-14 14:56:37 0 d-------- C:\Documents and Settings\LocalService\Application Data\iolo
2008-05-14 14:56:31 126976 --a------ C:\WINDOWS\system32\iavlsp.dll
2008-05-14 14:53:11 37888 --a------ C:\WINDOWS\system32\rar.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
2008-05-14 14:22:12 28160 --a------ C:\WINDOWS\system32\zlib.dll <Not Verified; ; ZLib.DLL>
2008-05-14 14:21:26 40960 --a------ C:\WINDOWS\Keygen.exe
2008-05-14 14:14:52 74703 --a------ C:\WINDOWS\system32\mfc45.dll
2008-05-14 14:14:49 0 d-------- C:\Documents and Settings\Michael DeBrosse\Application Data\iolo
2008-05-14 14:14:49 0 d-------- C:\Documents and Settings\All Users\Application Data\iolo


-- Find3M Report ---------------------------------------------------------------

2008-06-09 09:56:10 8405015 --a------ C:\WINDOWS\TempFile
2008-06-09 09:17:31 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-09 09:17:27 0 d-------- C:\Program Files\Symantec AntiVirus
2008-06-05 10:07:19 0 d-------- C:\Program Files\Java
2008-06-05 10:07:19 0 d-------- C:\Program Files\Common Files
2008-06-05 09:08:00 1533 --a------ C:\WINDOWS\mozver.dat
2008-06-03 20:22:24 0 d-------- C:\Documents and Settings\Michael DeBrosse\Application Data\Vso
2008-06-03 20:22:24 47360 --a------ C:\Documents and Settings\Michael DeBrosse\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-06-03 20:22:24 33 --a------ C:\Documents and Settings\Michael DeBrosse\Application Data\pcouffin.log
2008-06-03 20:22:24 1144 --a------ C:\Documents and Settings\Michael DeBrosse\Application Data\pcouffin.inf
2008-06-03 20:22:24 7887 --a------ C:\Documents and Settings\Michael DeBrosse\Application Data\pcouffin.cat
2008-06-03 20:21:46 0 d-------- C:\Program Files\Common Files\AOL
2008-06-03 20:21:05 0 d-------- C:\Documents and Settings\Michael DeBrosse\Application Data\uTorrent
2008-05-22 23:04:32 0 d-------- C:\Program Files\Mozilla Firefox 3 Beta 1
2008-05-19 16:35:40 0 d-------- C:\Program Files\DVDFab Platinum 4
2008-05-19 02:52:25 0 d-------- C:\Documents and Settings\Michael DeBrosse\Application Data\Azureus
2008-05-18 19:18:18 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-15 18:49:44 984576 --a------ C:\Documents and Settings\Michael DeBrosse\Application Data\kernel33.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-12 00:24:54 0 d-------- C:\Documents and Settings\Michael DeBrosse\Application Data\Adobe
2008-04-20 21:44:11 0 d-------- C:\Documents and Settings\Michael DeBrosse\Application Data\MonkeyJam
2008-03-18 13:28:42 27997 --a------ C:\WINDOWS\scunin.dat
2008-03-18 13:28:39 967 --a------ C:\WINDOWS\ScUnin.pif
2008-03-18 13:28:38 94208 --a------ C:\WINDOWS\ScUnin.exe <Not Verified; Blizzard Entertainment; Starcraft Uninstaller>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6130B975-BF86-4205-9C90-27672EC900F7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{777AF7A8-4CDA-45C8-AFC3-4A7D2C2A9F75}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkHWOfg]
jkkHWOfg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk
backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WLAN Configuration Utility.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WLAN Configuration Utility.lnk
backup=C:\WINDOWS\pss\WLAN Configuration Utility.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
"C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
"C:\Program Files\Ares\Ares.exe" -h

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
HDAudPropShortcut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
"C:\Program Files\Spyware Doctor\pctsTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\The Rush Limbaugh Show]
C:\Program Files\Rush 24-7 Media Center\Rush 24-7 Media Center.exe /noopen

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
C:\PROGRA~1\SYMANT~1\VPTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"btwdins"=2 (0x2)
"idsvc"=3 (0x3)
"AresChatServer"=3 (0x3)
"Symantec AntiVirus"=2 (0x2)
"DefWatch"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"SNDSrvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"aawservice"=2 (0x2)
"iPod Service"=3 (0x3)
"StarWindServiceAE"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"ioloSystemService"=2 (0x2)
"ioloFileInfoList"=2 (0x2)
"dvpapi"=2 (0x2)
"WMPNetworkSvc"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"SavRoam"=3 (0x3)
"ose"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"odserv"=3 (0x3)
"MDM"=2 (0x2)
"Adobe Version Cue CS3"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"sdCoreService"=2 (0x2)
"sdAuxService"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"NVSvc"=2 (0x2)
"SLService"=2 (0x2)
"RMYDNXZT"=3 (0x3)
"dmadmin"=3 (0x3)
"SPBBCSvc"=3 (0x3)
"LiveUpdate"=3 (0x3)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49c0f1b5-8e4c-11dc-a533-001109f7da4f}]

*Newly Created Service* - CATCHME



-- End of Deckard's System Scanner: finished at 2008-06-12 11:14:54 ------------



Thankyou so much for your help!

#4 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 12 June 2008 - 02:16 PM

Click Start--> Click Run--> Type in devmgmt.msc and click OK.

The Device Manager will open--> Click View--> Click Show Hidden Devices--> Scroll the list and locate Non-Plug and Play Drivers

Double Click to expand--> Scroll down the list--> Right Click and Select Properties on this entry--> vmalxgao

Click the Driver tab and under Startup--> Change it to Disabled--> Click the General Tab and under Device Usage--> Change it to Do Not use this device(disable)

Windows will prompt you to restart,please allow this to happen.


Once rebooted,Go to add\remove programs and remove any versions of quicktime you have onboard,if you use this app,you can replace it with current version from the site below
http://www.apple.com/quicktime/download/

Copy the text below to notepad and save it to the desktop with the name CFScript

Driver::
vmalxgao
RMYDNXZT
File::
C:\WINDOWS\QTFont.qfn
C:\WINDOWS\QTFont.for
C:\WINDOWS\Keygen.exe
C:\WINDOWS\system32\encap.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6130B975-BF86-4205-9C90-27672EC900F7}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{777AF7A8-4CDA-45C8-AFC3-4A7D2C2A9F75}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkHWOfg]

Once saved,drag CFScript.txt on top of ComboFix.exe and this will launch the tool and begin the script.


Once completed,post the new CombFix log and a fresh HijackThis log.

#5 scitronix

scitronix
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:46 AM

Posted 12 June 2008 - 04:19 PM

ComboFix 08-06-10.5 - Michael DeBrosse 2008-06-12 16:52:04.2 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2504 [GMT -4:00]
Running from: C:\Documents and Settings\Michael DeBrosse\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Michael DeBrosse\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\Keygen.exe
C:\WINDOWS\QTFont.for
C:\WINDOWS\QTFont.qfn
C:\WINDOWS\system32\encap.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Keygen.exe
C:\WINDOWS\system32\encap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_RMYDNXZT
-------\Legacy_VMALXGAO
-------\Service_RMYDNXZT
-------\Service_vmalxgao


((((((((((((((((((((((((( Files Created from 2008-05-12 to 2008-06-12 )))))))))))))))))))))))))))))))
.

2008-06-09 17:15 . 2008-06-09 17:15 <DIR> d-------- C:\Documents and Settings\Michael DeBrosse\Application Data\Malwarebytes
2008-06-09 17:14 . 2008-06-09 17:15 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-09 17:14 . 2008-06-09 17:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-09 17:14 . 2008-06-05 19:04 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-09 17:14 . 2008-06-05 19:04 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-09 13:09 . 2008-06-09 13:09 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-09 13:05 . 2008-06-09 13:05 <DIR> d-------- C:\Deckard
2008-06-07 18:13 . 2008-06-07 18:13 76 --a------ C:\WINDOWS\system32\ikhcore.cfg
2008-06-07 18:08 . 2008-06-07 18:08 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-06-07 18:08 . 2008-06-07 18:17 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-06-07 18:08 . 2008-06-07 18:17 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-06-07 18:07 . 2008-06-12 16:57 5,033,760 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-07 18:07 . 2008-06-12 16:45 68,444 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-07 18:07 . 2008-06-12 16:57 54,048 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-07 18:07 . 2008-06-12 16:45 6,068 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-05 15:53 . 2008-06-08 06:35 <DIR> d-------- C:\Norton
2008-06-05 15:53 . 2007-12-02 15:56 11,123 --a------ C:\dvt.nfo
2008-06-05 13:10 . 2008-06-05 13:10 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-05 13:10 . 2008-06-12 16:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-04 02:46 . 2008-06-04 02:46 95 --a------ C:\WINDOWS\wininit.ini
2008-06-04 01:43 . 2008-06-04 01:44 691,545 --a------ C:\WINDOWS\unins000.exe
2008-06-04 01:43 . 2008-06-04 01:45 4,674 --a------ C:\WINDOWS\unins000.dat
2008-05-29 23:11 . 2008-05-29 23:12 <DIR> d-------- C:\Program Files\Yahoo!
2008-05-29 23:11 . 2008-05-29 23:11 <DIR> d-------- C:\Program Files\CCleaner
2008-05-29 00:07 . 2008-05-29 00:07 <DIR> d-------- C:\VundoFix Backups
2008-05-28 22:49 . 2008-06-09 12:04 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-05-28 22:49 . 2008-05-28 22:49 <DIR> d-------- C:\Documents and Settings\Michael DeBrosse\Application Data\PC Tools
2008-05-14 18:03 . 2008-05-14 18:03 406 --a------ C:\WINDOWS\system32\ioloBootDefrag.cfg
2008-05-14 18:02 . 2008-05-14 18:02 432 --a------ C:\WINDOWS\system32\iolo.ini
2008-05-14 17:56 . 2008-05-14 17:56 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\iolo
2008-05-14 17:56 . 2007-07-25 12:42 126,976 --a------ C:\WINDOWS\system32\iavlsp.dll
2008-05-14 17:53 . 2008-05-14 18:03 37,888 --a------ C:\WINDOWS\system32\rar.exe
2008-05-14 17:22 . 2008-05-15 21:49 28,160 --a------ C:\WINDOWS\system32\zlib.dll
2008-05-14 17:14 . 2008-05-14 19:27 <DIR> d-------- C:\Documents and Settings\Michael DeBrosse\Application Data\iolo
2008-05-14 17:14 . 2008-05-23 01:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo
2008-05-14 17:14 . 2008-05-14 17:14 74,703 --a------ C:\WINDOWS\system32\mfc45.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-12 20:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-09 16:20 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-09 16:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-09 16:17 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-06-09 16:17 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-09 16:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-09 16:04 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-07 22:17 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-06-05 17:07 --------- d-----w C:\Program Files\Java
2008-06-04 03:22 47,360 ----a-w C:\Documents and Settings\Michael DeBrosse\Application Data\pcouffin.sys
2008-06-04 03:22 --------- d-----w C:\Documents and Settings\Michael DeBrosse\Application Data\Vso
2008-06-04 03:21 --------- d-----w C:\Program Files\Common Files\AOL
2008-06-04 03:21 --------- d-----w C:\Documents and Settings\Michael DeBrosse\Application Data\uTorrent
2008-05-23 06:04 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 1
2008-05-19 23:37 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-05-19 23:35 --------- d-----w C:\Program Files\DVDFab Platinum 4
2008-05-19 09:52 --------- d-----w C:\Documents and Settings\Michael DeBrosse\Application Data\Azureus
2008-05-19 02:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-16 01:49 984,576 ----a-w C:\Documents and Settings\Michael DeBrosse\Application Data\kernel33.dll
2008-04-21 04:44 --------- d-----w C:\Documents and Settings\Michael DeBrosse\Application Data\MonkeyJam
2008-03-18 20:28 94,208 ----a-w C:\WINDOWS\ScUnin.exe
2007-12-05 04:01 2 --shatr C:\WINDOWS\winstart.bat
.

((((((((((((((((((((((((((((( snapshot@2008-06-12_11.09.28.63 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-09 16:56:00 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-12 20:56:41 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2005-10-21 03:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-21 00:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-21 00:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
- 2000-08-31 15:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
+ 2000-08-31 12:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
- 2000-08-31 15:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe
+ 2000-08-31 12:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe
- 2008-05-29 02:51:02 72,350 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-06-12 20:27:02 72,350 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-05-29 02:51:02 444,766 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-06-12 20:27:02 444,766 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 15:51 218376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk
backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WLAN Configuration Utility.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WLAN Configuration Utility.lnk
backup=C:\WINDOWS\pss\WLAN Configuration Utility.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2007-05-11 02:46 624248 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
--a------ 2007-05-03 20:32 961024 C:\Program Files\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 01:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 17:39 1289000 C:\Program Files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--a------ 2004-08-12 21:45 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
C:\Program Files\Spyware Doctor\pctsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-11-02 22:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\The Rush Limbaugh Show]
--a------ 2006-01-23 16:56 1028096 C:\Program Files\Rush 24-7 Media Center\Rush 24-7 Media Center.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
C:\PROGRA~1\SYMANT~1\VPTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"btwdins"=2 (0x2)
"idsvc"=3 (0x3)
"AresChatServer"=3 (0x3)
"Symantec AntiVirus"=2 (0x2)
"DefWatch"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"SNDSrvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"aawservice"=2 (0x2)
"iPod Service"=3 (0x3)
"StarWindServiceAE"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"ioloSystemService"=2 (0x2)
"ioloFileInfoList"=2 (0x2)
"dvpapi"=2 (0x2)
"WMPNetworkSvc"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"SavRoam"=3 (0x3)
"ose"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"odserv"=3 (0x3)
"MDM"=2 (0x2)
"Adobe Version Cue CS3"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"sdCoreService"=2 (0x2)
"sdAuxService"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"NVSvc"=2 (0x2)
"SLService"=2 (0x2)
"RMYDNXZT"=3 (0x3)
"dmadmin"=3 (0x3)
"SPBBCSvc"=3 (0x3)
"LiveUpdate"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 17:58]
R3 Slazldrv;SmartLink AMR_PCI Driver;C:\WINDOWS\system32\DRIVERS\SLDRV\slazldrv.sys [2005-04-29 05:32]
S3 CB54G3;Wireless CB54G3/MP54G3 Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\i2220ntx.sys [2004-04-27 05:56]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-31 04:52:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-12 16:57:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-06-12 17:01:38 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-12 21:01:21
ComboFix2.txt 2008-06-12 18:10:35
ComboFix3.txt 2008-06-07 01:20:03
ComboFix4.txt 2008-06-06 20:32:46
ComboFix5.txt 2008-06-06 20:19:01

Pre-Run: 56,229,539,840 bytes free
Post-Run: 53,257,482,240 bytes free

234









Deckard's System Scanner v20071014.68
Run by Michael DeBrosse on 2008-06-12 17:03:15
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Michael DeBrosse.exe) ------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:03:30 PM, on 6/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Michael DeBrosse\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\MICHAE~1.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1194400166812
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

--
End of file - 5965 bytes

-- Files created between 2008-05-12 and 2008-06-12 -----------------------------

2008-06-12 14:06:00 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-09 17:15:08 0 d-------- C:\Documents and Settings\Michael DeBrosse\Application Data\Malwarebytes
2008-06-09 17:14:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-09 17:14:55 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-09 13:09:02 0 d-------- C:\Program Files\Trend Micro
2008-06-07 18:08:48 96966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-06-07 18:08:48 88774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-06-07 18:08:03 0 d-------- C:\Program Files\Kaspersky Lab
2008-06-07 18:07:59 54816 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-07 18:07:59 5044512 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-06 21:21:00 0 dr-h----- C:\Documents and Settings\Michael DeBrosse\Recent
2008-06-06 14:09:23 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-06-06 14:09:22 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-06-05 15:53:51 0 d-------- C:\Norton
2008-06-05 13:10:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-05 13:10:03 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-05 12:37:47 68096 --a------ C:\WINDOWS\zip.exe
2008-06-05 12:37:47 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-05 12:37:47 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-05 12:37:47 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-05 12:37:47 98816 --a------ C:\WINDOWS\sed.exe
2008-06-05 12:37:47 80412 --a------ C:\WINDOWS\grep.exe
2008-06-05 12:37:47 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-04 01:43:02 691545 --a------ C:\WINDOWS\unins000.exe
2008-06-04 01:43:02 4674 --a------ C:\WINDOWS\unins000.dat
2008-06-03 23:26:29 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-05-29 23:11:27 0 d-------- C:\Program Files\Yahoo!
2008-05-29 23:11:19 0 d-------- C:\Program Files\CCleaner
2008-05-29 00:07:37 0 d-------- C:\VundoFix Backups
2008-05-28 22:49:45 0 d-------- C:\Program Files\Spyware Doctor
2008-05-28 22:49:45 0 d-------- C:\Documents and Settings\Michael DeBrosse\Application Data\PC Tools
2008-05-23 23:19:14 0 dr-h----- C:\Documents and Settings\LocalService\Recent
2008-05-23 02:06:22 0 d-------- C:\Documents and Settings\Michael DeBrosse\Application Data\Mozilla
2008-05-14 17:56:37 0 d-------- C:\Documents and Settings\LocalService\Application Data\iolo
2008-05-14 17:56:31 126976 --a------ C:\WINDOWS\system32\iavlsp.dll
2008-05-14 17:53:11 37888 --a------ C:\WINDOWS\system32\rar.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
2008-05-14 17:22:12 28160 --a------ C:\WINDOWS\system32\zlib.dll <Not Verified; ; ZLib.DLL>
2008-05-14 17:14:52 74703 --a------ C:\WINDOWS\system32\mfc45.dll
2008-05-14 17:14:49 0 d-------- C:\Documents and Settings\Michael DeBrosse\Application Data\iolo
2008-05-14 17:14:49 0 d-------- C:\Documents and Settings\All Users\Application Data\iolo


-- Find3M Report ---------------------------------------------------------------

2008-06-12 16:56:51 0 --a------ C:\WINDOWS\TempFile
2008-06-09 12:17:31 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-09 12:17:27 0 d-------- C:\Program Files\Symantec AntiVirus
2008-06-05 13:07:19 0 d-------- C:\Program Files\Java
2008-06-05 13:07:19 0 d-------- C:\Program Files\Common Files
2008-06-05 12:08:00 1533 --a------ C:\WINDOWS\mozver.dat
2008-06-03 23:22:24 0 d-------- C:\Documents and Settings\Michael DeBrosse\Application Data\Vso
2008-06-03 23:22:24 47360 --a------ C:\Documents and Settings\Michael DeBrosse\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-06-03 23:22:24 33 --a------ C:\Documents and Settings\Michael DeBrosse\Application Data\pcouffin.log
2008-06-03 23:22:24 1144 --a------ C:\Documents and Settings\Michael DeBrosse\Application Data\pcouffin.inf
2008-06-03 23:22:24 7887 --a------ C:\Documents and Settings\Michael DeBrosse\Application Data\pcouffin.cat
2008-06-03 23:21:46 0 d-------- C:\Program Files\Common Files\AOL
2008-06-03 23:21:05 0 d-------- C:\Documents and Settings\Michael DeBrosse\Application Data\uTorrent
2008-05-23 02:04:32 0 d-------- C:\Program Files\Mozilla Firefox 3 Beta 1
2008-05-19 19:35:40 0 d-------- C:\Program Files\DVDFab Platinum 4
2008-05-19 05:52:25 0 d-------- C:\Documents and Settings\Michael DeBrosse\Application Data\Azureus
2008-05-18 22:18:18 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-15 21:49:44 984576 --a------ C:\Documents and Settings\Michael DeBrosse\Application Data\kernel33.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-12 03:24:54 0 d-------- C:\Documents and Settings\Michael DeBrosse\Application Data\Adobe
2008-04-21 00:44:11 0 d-------- C:\Documents and Settings\Michael DeBrosse\Application Data\MonkeyJam
2008-03-18 16:28:42 27997 --a------ C:\WINDOWS\scunin.dat
2008-03-18 16:28:39 967 --a------ C:\WINDOWS\ScUnin.pif
2008-03-18 16:28:38 94208 --a------ C:\WINDOWS\ScUnin.exe <Not Verified; Blizzard Entertainment; Starcraft Uninstaller>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk
backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WLAN Configuration Utility.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WLAN Configuration Utility.lnk
backup=C:\WINDOWS\pss\WLAN Configuration Utility.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
"C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
"C:\Program Files\Ares\Ares.exe" -h

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
HDAudPropShortcut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
"C:\Program Files\Spyware Doctor\pctsTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\The Rush Limbaugh Show]
C:\Program Files\Rush 24-7 Media Center\Rush 24-7 Media Center.exe /noopen

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
C:\PROGRA~1\SYMANT~1\VPTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"btwdins"=2 (0x2)
"idsvc"=3 (0x3)
"AresChatServer"=3 (0x3)
"Symantec AntiVirus"=2 (0x2)
"DefWatch"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"SNDSrvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"aawservice"=2 (0x2)
"iPod Service"=3 (0x3)
"StarWindServiceAE"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"ioloSystemService"=2 (0x2)
"ioloFileInfoList"=2 (0x2)
"dvpapi"=2 (0x2)
"WMPNetworkSvc"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"SavRoam"=3 (0x3)
"ose"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"odserv"=3 (0x3)
"MDM"=2 (0x2)
"Adobe Version Cue CS3"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"sdCoreService"=2 (0x2)
"sdAuxService"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"NVSvc"=2 (0x2)
"SLService"=2 (0x2)
"RMYDNXZT"=3 (0x3)
"dmadmin"=3 (0x3)
"SPBBCSvc"=3 (0x3)
"LiveUpdate"=3 (0x3)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49c0f1b5-8e4c-11dc-a533-001109f7da4f}]




-- End of Deckard's System Scanner: finished at 2008-06-12 17:04:30 ------------

Everything went fine and here are the new reports but the internet is not working at all except in safe mode, which i am now in.... what do i do?

#6 scitronix

scitronix
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  

Posted 12 June 2008 - 04:28 PM

nm about the internet thing.... kaspersky internet security was being a loser lol

#7 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 13 June 2008 - 05:16 AM

So how are things today,would you mind updating your kaspersky and running a full scan.

If it flags anything,see if you can generate some sort of log.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users