Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus2009 Antispywaremaster Smitfraud


  • Please log in to reply
9 replies to this topic

#1 NickTTTA

NickTTTA

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 30 July 2008 - 01:10 AM

Alright,

I have been battling this since 7/22/08. Spybot S&D and AdAware are not doing the job. They find Vituremod, smitfraud c, and a few other mal/ad ware and claim to "fix" the problem, but after a reboot I still get random pop ups while browsing IE7 or FF2. They will open a new window in IE7, a new tab in FF2, and sometimes in IE7 I get an "OK/Canel" window telling me my computer is infected and to download either "AntispywareMaster" or "Antivirus2009".

Google sometimes will not work, the paste feature in IE7 has stopped working, and after a while the computer will lock up once explorer.exe gets over 112MB. Instances of iexplore.exe will stay open after I close all windows. I tried to use Spybot S&D's file shredder to delete

C:\windows\system32\drivers\flpydiskk.sys
C:\windows\system32\drivers\core.cache.dsk
along with the dozen .dll files in the system32 folder that have random lettered names and are all created within minutes of each other.

The 2 files in the drivers folder will not delete, no matter what. The dlls in the system32 folder will delete, then a hidden file with a strange extension will replace it.

I have never had anything this bad, or hard to remove. I am usually the guy people bring their computers to, for fixing. I followed the tutorials for removing antivirus2009 and antispywaremaster, but the registry items they said to delete were not in my registry. I also think those tutorials were for people who acutally downloaded the fake virus/adware removers, which I have not.

Here is the scan from DSS

I have also attached the file named extra.txt to this post.


Deckard's System Scanner v20071014.68
Run by User on 2008-07-30 01:49:56
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
16: 2008-07-30 05:50:00 UTC - RP16 - Deckard's System Scanner Restore Point
15: 2008-07-28 21:30:22 UTC - RP15 - Spybot-S&D Spyware removal
14: 2008-07-28 13:51:43 UTC - RP14 - Spybot-S&D Spyware removal
13: 2008-07-28 12:02:54 UTC - RP13 - Removed Comodo AntiVirus 1.0
12: 2008-07-28 11:55:56 UTC - RP12 - Spybot-S&D Spyware removal


-- First Restore Point --
1: 2008-07-23 18:16:17 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as User.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:51:21, on 7/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\User\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\User.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {31AFCADF-3241-4D67-8328-C5F357320897} - C:\WINDOWS\system32\fccbXnKD.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: {7f04cd82-948f-99b8-4ad4-bb841e28a24b} - {b42a82e1-48bb-4da4-8b99-f84928dc40f7} - C:\WINDOWS\system32\lrygnd.dll (file missing)
O2 - BHO: (no name) - {E4C55BCF-CDC5-48F1-BC39-D5A501834934} - C:\WINDOWS\system32\xxyvsQhH.dll
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autoclose
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O20 - Winlogon Notify: xxyvsQhH - C:\WINDOWS\SYSTEM32\xxyvsQhH.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6097 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080722-194228-175 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
backup-20080722-194228-353 O4 - HKCU\..\Run: [mjc] C:\Program Files\mjc\mjc.exe
backup-20080722-194228-366 O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
backup-20080722-194228-372 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
backup-20080722-194228-538 O4 - HKCU\..\Run: [Skra] C:\Program Files\Skra\Skra.exe
backup-20080722-194228-674 O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
backup-20080722-194228-703 O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\VXNlcg\command.exe
backup-20080722-194228-895 O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
backup-20080722-194228-977 O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
backup-20080724-234719-107 O4 - HKLM\..\Run: [Windows Logon Applicationedc] C:\Documents and Settings\User\winlogon.exe
backup-20080724-234719-743 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
backup-20080724-235509-100 O4 - HKCU\..\Run: [Odeu] "C:\WINDOWS\system32\PPPATC~1\notepad.exe" -vt ndrv
backup-20080724-235509-320 O4 - HKLM\..\Run: [ecadc903] rundll32.exe "C:\WINDOWS\system32\weslwqas.dll",b
backup-20080724-235509-403 O4 - HKLM\..\Run: [BMef9efa9f] Rundll32.exe "C:\WINDOWS\system32\bscfilem.dll",s
backup-20080724-235649-429 O4 - HKLM\..\Run: [BMef9efa9f] Rundll32.exe "C:\WINDOWS\system32\bscfilem.dll",s
backup-20080724-235808-217 O4 - HKLM\..\Run: [BMef9efa9f] Rundll32.exe "C:\WINDOWS\system32\bscfilem.dll",s
backup-20080727-151402-124 O2 - BHO: (no name) - {AC4ACA4E-2DFC-2B74-AE48-0EA2E69F1892} - (no file)
backup-20080727-151402-210 O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)
backup-20080727-151402-242 O2 - BHO: (no name) - {51bd0028-9373-4e16-b953-060fc3aad169} - (no file)
backup-20080727-151402-323 O2 - BHO: (no name) - {DB036A52-3A88-466B-BD39-05A6D9D9B18A} - (no file)
backup-20080727-151402-326 O2 - BHO: (no name) - {02271A03-F035-4066-B2D5-D269EAD8EEDD} - (no file)
backup-20080727-151402-370 O2 - BHO: {65fcf783-d5f9-6ea9-3a64-10a321b94578} - {87549b12-3a01-46a3-9ae6-9f5d387fcf56} - C:\WINDOWS\system32\jsjyze.dll (file missing)
backup-20080727-151402-377 O2 - BHO: (no name) - {86BAFA72-C5C3-4E8F-B7FE-683AC93BC780} - C:\WINDOWS\system32\atmpvcn.dll
backup-20080727-151402-419 O2 - BHO: (no name) - {4F7CEC43-D52A-4ED4-95D1-D8DC8F518E44} - C:\WINDOWS\system32\atmpvcn.dll
backup-20080727-151402-430 O2 - BHO: (no name) - {1985DC4D-DE2A-49AE-8AD2-5072A5DDB9EA} - (no file)
backup-20080727-151402-509 O2 - BHO: (no name) - {6A1A18C4-98D2-4578-81E6-3E891742D4EA} - C:\WINDOWS\system32\atmpvcn.dll
backup-20080727-151402-605 O2 - BHO: (no name) - {37E10337-6A37-45BB-BB1A-146C7D2A6E73} - (no file)
backup-20080727-151402-708 O2 - BHO: (no name) - {7DE355B2-6BF2-4531-9918-9B1853E074AE} - C:\WINDOWS\system32\jkkJbbyw.dll (file missing)
backup-20080727-151402-752 O2 - BHO: (no name) - {F5A70EB4-BF4C-4369-802E-A1C5AD7FDC3E} - C:\WINDOWS\system32\xxyXqqNd.dll (file missing)
backup-20080727-151402-836 O20 - Winlogon Notify: wvUkLEXn - wvUkLEXn.dll (file missing)
backup-20080727-151402-861 O2 - BHO: (no name) - {B18F769F-6A9E-4396-B777-8819A450F493} - C:\WINDOWS\system32\atmpvcn.dll
backup-20080727-151402-994 O20 - Winlogon Notify: rqRIccaY - rqRIccaY.dll (file missing)
backup-20080730-012954-273 O20 - AppInit_DLLs: NVDESK32.DLL C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll
backup-20080730-012954-381 R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (file missing)
backup-20080730-012954-557 O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
backup-20080730-012954-589 O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
backup-20080730-012954-724 O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
backup-20080730-012954-765 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
backup-20080730-012954-767 O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
backup-20080730-012954-777 O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing)
backup-20080730-012954-952 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

-- File Associations -----------------------------------------------------------

.bat - batfile - shell\edit\command - unable to read value
.cmd - cmdfile - shell\edit\command - unable to read value
.inf - inffile - shell\open\command - unable to read value
.ini - inifile - shell\open\command - notepad.exe %1
.reg - regfile - shell\edit\command - unable to read value
.txt - txtfile - shell\open\command - notepad.exe %1
.vbs - VBSFile - shell\edit\command - unable to read value


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 flpydiskk - c:\windows\system32\drivers\flpydiskk.sys
R2 SetupNT - c:\windows\system32\setupnt.sys

S3 DCamUSBMR (PC Camera 8070 CIF) - c:\windows\system32\drivers\mr97110.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

S4 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" (file missing)
S4 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\70D6919900
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\70D6919900
Service: NIC1394


-- Scheduled Tasks -------------------------------------------------------------

2008-07-28 17:42:37 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-06-30 and 2008-07-30 -----------------------------

2008-07-30 00:43:10 774894 --ahs---- C:\WINDOWS\system32\DKnXbccf.ini2
2008-07-29 22:04:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-07-28 22:53:58 0 d-------- C:\Documents and Settings\User\Application Data\PC Tools
2008-07-28 08:25:14 105472 --a------ C:\WINDOWS\system32\ikkazt.dll
2008-07-28 08:25:13 105472 --a------ C:\WINDOWS\system32\egaliekt.dll
2008-07-28 08:19:49 91648 --a------ C:\WINDOWS\system32\hhstudem.dll
2008-07-28 08:19:06 314880 --a------ C:\WINDOWS\system32\fccbXnKD.dll
2008-07-28 08:16:52 0 d-------- C:\Program Files\AskSBar
2008-07-28 08:14:03 26112 --a------ C:\WINDOWS\system32\xxyvsQhH.dll
2008-07-28 08:11:41 0 d-------- C:\Documents and Settings\All Users\Application Data\BOC427
2008-07-28 08:10:07 216576 --a------ C:\WINDOWS\system32\monln.dll <Not Verified; Comodo Inc.; Comodo Anti-Viruspyware>
2008-07-27 16:02:18 1632 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-27 10:56:40 3088 --ahs---- C:\WINDOWS\system32\wybbJkkj.ini2
2008-07-24 23:59:18 0 d-------- C:\!KillBox
2008-07-24 23:39:40 0 d-------- C:\Program Files\RogueRemover FREE
2008-07-24 23:32:58 0 dr-h----- C:\Documents and Settings\User\Recent
2008-07-23 14:28:03 0 d-------- C:\Program Files\Common Files\??mbols
2008-07-23 14:27:58 0 d-------- C:\WINDOWS\system32\?ppPatch
2008-07-22 19:25:49 0 d-------- C:\Program Files\Trend Micro
2008-07-22 19:19:34 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-07-22 19:19:33 0 d-------- C:\Documents and Settings\LocalService\Application Data\Talkback
2008-07-22 19:18:42 0 d-------- C:\Documents and Settings\LocalService\Application Data\Mozilla
2008-07-22 18:41:19 91648 --a------ C:\WINDOWS\system32\atmpvcn.dll
2008-07-22 18:38:32 0 d--hs---- C:\WINDOWS\VXNlcg
2008-07-22 18:38:29 0 d-------- C:\WINDOWS\system32\wn32
2008-07-22 18:38:29 0 d-------- C:\WINDOWS\system32\og1
2008-07-22 18:38:29 86144 -----n--- C:\WINDOWS\system32\drivers\flpydiskk.sys
2008-07-22 18:38:27 0 d-------- C:\WINDOWS\system32\kBin02
2008-07-22 00:01:40 794624 --a------ C:\WINDOWS\system32\spr32d35.dll <Not Verified; FarPoint Technologies, Inc.; Spread>
2008-07-21 23:55:11 0 d-------- C:\Program Files\Punch! Home Design - Platinum
2008-07-21 23:25:55 717296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-07-21 23:25:52 0 d-------- C:\Documents and Settings\User\Application Data\DAEMON Tools
2008-07-21 21:32:50 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-21 00:12:44 0 d-------- C:\WINDOWS\system32\carH18
2008-07-21 00:12:44 0 d-------- C:\Temp
2008-07-21 00:12:39 77 --a------ C:\Documents and Settings\User\4562.bat
2008-07-04 20:51:53 0 d-------- C:\WINDOWS\pss
2008-07-04 20:44:31 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-07-04 20:44:31 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-07-04 20:44:31 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-07-04 20:44:31 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-07-04 20:44:31 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-07-04 20:44:31 1048576 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-07-04 20:44:31 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-07-04 20:44:31 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-07-04 20:44:31 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-07-04 20:44:31 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-07-04 20:44:31 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-07-04 20:44:31 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-07-04 20:44:31 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-07-04 20:44:31 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-03 20:21:23 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-03 20:07:23 0 d-------- C:\Program Files\Common Files\Macrovision Shared


-- Find3M Report ---------------------------------------------------------------

2008-07-30 00:52:03 0 d-------- C:\Program Files\LogMeIn
2008-07-28 08:16:53 0 d-------- C:\Program Files\Comodo
2008-07-28 08:15:25 0 d-------- C:\Documents and Settings\User\Application Data\Comodo
2008-07-27 22:52:06 0 d-------- C:\Program Files\Starcraft
2008-07-24 23:28:21 0 d-------- C:\Program Files\GetRight
2008-07-24 23:27:19 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-23 20:13:13 0 d-------- C:\Program Files\Common Files
2008-07-23 14:28:03 0 d-------- C:\Program Files\Common Files\??mbols
2008-07-22 19:10:31 0 d-------- C:\Program Files\Windows NT
2008-07-22 18:47:21 0 d-------- C:\Documents and Settings\User\Application Data\DNA
2008-07-21 22:19:56 0 d-------- C:\Program Files\BPK
2008-07-21 21:33:44 0 d-------- C:\Program Files\Lavasoft
2008-07-21 18:00:07 0 d-------- C:\Documents and Settings\User\Application Data\BitTorrent
2008-07-21 01:16:02 0 d-------- C:\Program Files\ffdshow
2008-07-21 00:46:42 0 d-------- C:\Documents and Settings\User\Application Data\iPod Copy Expert
2008-07-21 00:37:32 0 d-------- C:\Program Files\Common Files\AnswerWorks 4.0
2008-07-06 12:16:25 0 d-------- C:\Program Files\Java
2008-07-04 17:59:35 0 d-------- C:\Documents and Settings\User\Application Data\Adobe
2008-07-03 21:04:02 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-30 00:50:52 0 d-------- C:\Program Files\Picasa2
2008-06-29 12:54:21 0 d-------- C:\Documents and Settings\User\Application Data\Opera


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31AFCADF-3241-4D67-8328-C5F357320897}]
07/28/2008 08:19 314880 --a------ C:\WINDOWS\system32\fccbXnKD.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b42a82e1-48bb-4da4-8b99-f84928dc40f7}]
C:\WINDOWS\system32\lrygnd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E4C55BCF-CDC5-48F1-BC39-D5A501834934}]
07/28/2008 08:14 26112 --a------ C:\WINDOWS\system32\xxyvsQhH.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [04/17/2007 14:03]
"SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" [01/28/2008 12:43]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [02/24/2005 07:32]
"BOC-427"="C:\PROGRA~1\Comodo\CBOClean\BOC427.exe" [07/14/2008 05:09]
"COMODO SafeSurf"="C:\Program Files\COMODO\SafeSurf\cssurf.exe" [07/28/2008 08:16]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\cfp.exe" [07/28/2008 09:58]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00]

C:\Documents and Settings\User\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 8:16:50 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E4C55BCF-CDC5-48F1-BC39-D5A501834934}"= C:\WINDOWS\system32\xxyvsQhH.dll [07/28/2008 08:14 26112]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 11/21/2007 22:04 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyvsQhH]
xxyvsQhH.dll 07/28/2008 08:14 26112 C:\WINDOWS\system32\xxyvsQhH.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\fccbXnKD

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMef9efa9f]
Rundll32.exe "C:\WINDOWS\system32\ddkhblcg.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bpk]
C:\Program Files\BPK\bpk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cnfgCav]
"C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe" " /login"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
"C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Comodo Anti-Virus and Anti-Spyware Service"=2 (0x2)
"Bonjour Service"=2 (0x2)
"dlcf_device"=2 (0x2)
"cmdService"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"MDM"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"SoundMan"=SOUNDMAN.EXE
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8639cc1-8be1-11db-bb08-806d6172696f}]
AutoRun\command- D:\setup.exe




-- End of Deckard's System Scanner: finished at 2008-07-30 01:52:06 ------------

BC AdBot (Login to Remove)

 


m

#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:11:42 AM

Posted 30 July 2008 - 05:25 AM

Hello there and welcome to BleepingComputer! :thumbsup:

Please download Combofix to your desktop.
Doubleclick combofix.exe to launch the application.

Follow the prompts that will be displayed on the screen.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.

#3 NickTTTA

NickTTTA
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 30 July 2008 - 06:50 AM

ComboFix 08-07-29.1 - User 2008-07-30 7:23:38.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.649 [GMT -4:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\User\Application Data\macromedia\Flash Player\#SharedObjects\VKENRFXF\interclick.com
C:\Documents and Settings\User\Application Data\macromedia\Flash Player\#SharedObjects\VKENRFXF\interclick.com\ud.sol
C:\Documents and Settings\User\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\User\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Program Files\Common Files\mbols~1
C:\Temp\1cb
C:\temp\tn3
C:\WINDOWS\BMef9efa9f.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\atmpvcn.dll
C:\WINDOWS\system32\DKnXbccf.ini
C:\WINDOWS\system32\DKnXbccf.ini2
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\flpydiskk.sys
C:\WINDOWS\system32\fccbXnKD.dll
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pppatc~1
C:\WINDOWS\system32\pppatc~1\?ppPatch\
C:\WINDOWS\system32\wybbJkkj.ini2
C:\WINDOWS\system32\xxyvsQhH.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CMDSERVICE
-------\Legacy_FLPYDISKK
-------\Legacy_NETWORK_MONITOR
-------\Service_flpydiskk


((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-30 )))))))))))))))))))))))))))))))
.

2008-07-30 01:49 . 2008-07-30 01:49 <DIR> d-------- C:\Deckard
2008-07-30 00:52 . 2008-07-30 00:55 13,588 --a------ C:\WINDOWS\system32\wpa.dbl
2008-07-28 22:54 . 2008-06-10 21:22 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-07-28 22:54 . 2008-06-02 15:19 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-07-28 22:54 . 2008-06-02 15:19 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-07-28 22:54 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-07-28 22:53 . 2008-07-28 22:53 <DIR> d-------- C:\Documents and Settings\User\Application Data\PC Tools
2008-07-28 08:25 . 2008-07-28 08:25 105,472 --a------ C:\WINDOWS\system32\ikkazt.dll
2008-07-28 08:25 . 2008-07-28 08:25 105,472 --a------ C:\WINDOWS\system32\egaliekt.dll
2008-07-28 08:19 . 2008-07-28 08:19 91,648 --a------ C:\WINDOWS\system32\hhstudem.dll
2008-07-28 08:16 . 2008-07-28 08:16 <DIR> d-------- C:\Program Files\AskSBar
2008-07-28 08:16 . 2008-07-28 08:16 249,592 --a------ C:\WINDOWS\system32\cssdll32.dll
2008-07-28 08:15 . 2008-07-28 09:58 143,104 --a------ C:\WINDOWS\system32\guard32.dll
2008-07-28 08:15 . 2008-07-28 09:58 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-07-28 08:15 . 2008-07-28 09:58 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-07-28 08:11 . 2008-07-28 10:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BOC427
2008-07-28 08:11 . 2008-07-14 05:09 212,728 --a------ C:\WINDOWS\CMDLIC.DLL
2008-07-28 08:11 . 2008-07-14 05:09 205,560 --a------ C:\WINDOWS\UNBOC.EXE
2008-07-28 08:11 . 2004-08-04 08:00 22,528 --a------ C:\WINDOWS\system32\wsock32.dlb
2008-07-28 08:11 . 2008-07-30 07:35 9,419 --a------ C:\WINDOWS\BOC427.INI
2008-07-28 08:10 . 2008-07-28 08:10 434,252 --a------ C:\WINDOWS\system32\MSVCRTD.DLL
2008-07-28 08:10 . 2008-07-28 08:10 216,576 --a------ C:\WINDOWS\system32\monln.dll
2008-07-27 17:27 . 2008-07-27 17:27 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
2008-07-27 16:02 . 2008-07-27 23:54 1,632 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-26 12:22 . 2008-07-27 10:57 102,400 --------- C:\WINDOWS\system32\qtcxyyof.rtr
2008-07-26 12:22 . 2008-07-27 10:57 102,400 --a------ C:\WINDOWS\system32\qememhhc.cri
2008-07-24 23:59 . 2008-07-24 23:59 <DIR> d-------- C:\!KillBox
2008-07-24 23:41 . 2008-07-27 10:57 106,496 --------- C:\WINDOWS\system32\gpextspm.yok
2008-07-24 23:41 . 2008-07-27 10:57 106,496 --a------ C:\WINDOWS\system32\dokqcgsg.mfm
2008-07-24 23:39 . 2008-07-24 23:40 <DIR> d-------- C:\Program Files\RogueRemover FREE
2008-07-23 18:33 . 2008-07-27 10:57 102,400 --------- C:\WINDOWS\system32\xydrbqgw.gkh
2008-07-23 18:33 . 2008-07-27 10:57 102,400 --a------ C:\WINDOWS\system32\lxxitpbt.zur
2008-07-22 19:25 . 2008-07-22 19:25 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-22 19:19 . 2008-07-22 19:19 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Talkback
2008-07-22 18:40 . 2008-07-27 10:57 102,400 --------- C:\WINDOWS\system32\eldfyihe.pjw
2008-07-22 18:40 . 2008-07-27 10:57 102,400 --a------ C:\WINDOWS\system32\bxpggkho.tzv
2008-07-22 18:38 . 2008-07-22 20:54 <DIR> d--hs---- C:\WINDOWS\VXNlcg
2008-07-22 18:38 . 2008-07-22 20:53 <DIR> d-------- C:\WINDOWS\system32\wn32
2008-07-22 18:38 . 2008-07-22 20:53 <DIR> d-------- C:\WINDOWS\system32\og1
2008-07-22 18:38 . 2008-07-23 14:18 <DIR> d-------- C:\WINDOWS\system32\kBin02
2008-07-22 18:38 . 2008-07-27 11:16 <DIR> d-------- C:\Temp\epr1
2008-07-22 13:42 . 2008-07-27 10:57 102,400 --------- C:\WINDOWS\system32\zkemvwjl.gtw
2008-07-22 13:42 . 2008-07-27 10:57 102,400 --a------ C:\WINDOWS\system32\pimfflny.rgl
2008-07-22 00:01 . 2002-08-18 19:43 794,624 --a------ C:\WINDOWS\system32\spr32d35.dll
2008-07-21 23:55 . 2008-07-22 00:11 <DIR> d-------- C:\Program Files\Punch! Home Design - Platinum
2008-07-21 23:25 . 2008-07-21 23:25 <DIR> d-------- C:\Documents and Settings\User\Application Data\DAEMON Tools
2008-07-21 23:25 . 2008-07-21 23:25 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-07-21 21:32 . 2008-07-21 21:32 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-21 13:39 . 2008-07-27 10:57 102,400 --a------ C:\WINDOWS\system32\qcexqhws.xvb
2008-07-21 13:39 . 2008-07-27 10:57 102,400 --------- C:\WINDOWS\system32\drxcysjx.gae
2008-07-21 01:33 . 2008-07-21 01:33 283,136 --a------ C:\WINDOWS\system32\ysduorlz.nak
2008-07-21 00:12 . 2008-07-25 06:10 <DIR> d-------- C:\WINDOWS\system32\carH18
2008-07-21 00:12 . 2008-07-27 11:16 <DIR> d-------- C:\Temp\btxv15
2008-07-21 00:12 . 2008-07-30 07:24 <DIR> d-------- C:\Temp
2008-07-21 00:12 . 2008-07-21 00:12 77 --a------ C:\Documents and Settings\User\4562.bat
2008-07-18 10:59 . 2008-07-29 13:00 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-18 10:59 . 2008-07-18 10:59 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-12 13:39 . 2008-07-12 13:39 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2008-07-06 12:16 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-04 20:44 . 2008-07-04 20:44 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-03 20:21 . 2008-07-03 20:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-03 20:17 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-07-03 20:17 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-07-03 20:07 . 2008-07-03 20:07 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-06-11 02:11 . 2008-06-13 09:10 272,128 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 02:11 . 2008-06-13 09:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-30 04:52 --------- d-----w C:\Program Files\LogMeIn
2008-07-28 14:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Comodo
2008-07-28 12:16 --------- d-----w C:\Program Files\Comodo
2008-07-28 12:15 --------- d-----w C:\Documents and Settings\User\Application Data\Comodo
2008-07-28 12:10 499,712 -c--a-w C:\WINDOWS\system32\msvcp71.dll
2008-07-28 12:10 348,160 -c--a-w C:\WINDOWS\system32\msvcr71.dll
2008-07-28 12:10 1,060,864 ----a-w C:\WINDOWS\system32\MFC71.dll
2008-07-28 02:52 --------- d-----w C:\Program Files\Starcraft
2008-07-25 04:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-25 03:28 --------- d-----w C:\Program Files\GetRight
2008-07-25 03:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-22 22:47 --------- d-----w C:\Documents and Settings\User\Application Data\DNA
2008-07-22 02:19 --------- d-----w C:\Program Files\BPK
2008-07-22 01:33 --------- d-----w C:\Program Files\Lavasoft
2008-07-22 01:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-21 22:00 --------- d-----w C:\Documents and Settings\User\Application Data\BitTorrent
2008-07-21 05:16 --------- d-----w C:\Program Files\ffdshow
2008-07-21 04:46 --------- d-----w C:\Documents and Settings\User\Application Data\iPod Copy Expert
2008-07-21 04:38 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-21 04:37 --------- d-----w C:\Program Files\Common Files\AnswerWorks 4.0
2008-07-06 16:16 --------- d-----w C:\Program Files\Java
2008-07-04 01:04 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-30 04:50 --------- d-----w C:\Program Files\Picasa2
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2007-05-23 00:14 8,784 -c--a-w C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-05-23 00:17 245,408 -c--a-w C:\Program Files\mozilla firefox\plugins\unicows.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 14:03 63048]
"SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" [2008-01-28 12:43 5146448]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-02-24 07:32 5537792]
"BOC-427"="C:\PROGRA~1\Comodo\CBOClean\BOC427.exe" [2008-07-14 05:09 351480]
"COMODO SafeSurf"="C:\Program Files\COMODO\SafeSurf\cssurf.exe" [2008-07-28 08:16 278264]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\cfp.exe" [2008-07-28 09:58 1655552]

C:\Documents and Settings\User\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2007-11-21 22:04 87352 C:\WINDOWS\system32\LMIinit.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-09 11:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 08:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2005-02-24 07:32 5537792 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2005-02-24 07:32 86016 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-02-24 07:32 1495040 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Comodo Anti-Virus and Anti-Spyware Service"=2 (0x2)
"Bonjour Service"=2 (0x2)
"dlcf_device"=2 (0x2)
"cmdService"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"MDM"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"SoundMan"=SOUNDMAN.EXE
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\Starcraft\\StarCraft.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\WINDOWS\\system32\\dlcfcoms.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"80:TCP"= 80:TCP:http
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-07-28 09:58]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-07-28 09:58]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-04-17 14:00]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-04-05 11:55]
S3 DCamUSBMR;PC Camera 8070 CIF;C:\WINDOWS\system32\DRIVERS\MR97110.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8639cc1-8be1-11db-bb08-806d6172696f}]
\Shell\AutoRun\command - D:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2008-07-28 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]
.
- - - - ORPHANS REMOVED - - - -

BHO-{b42a82e1-48bb-4da4-8b99-f84928dc40f7} - C:\WINDOWS\system32\lrygnd.dll
ShellExecuteHooks-{37E10337-6A37-45BB-BB1A-146C7D2A6E73} - (no file)
ShellExecuteHooks-{F5A70EB4-BF4C-4369-802E-A1C5AD7FDC3E} - (no file)
MSConfigStartUp-BMef9efa9f - C:\WINDOWS\system32\ddkhblcg.dll
MSConfigStartUp-bpk - C:\Program Files\BPK\bpk.exe
MSConfigStartUp-cnfgCav - C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe
MSConfigStartUp-DAEMON Tools Lite - C:\Program Files\DAEMON Tools Lite\daemon.exe


.
------- Supplementary Scan -------
.
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: &Clean Traces
O8 -: &Download with &DAP
O8 -: Download &all with DAP
O8 -: Download with GetRight
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 -: Open with GetRight Browser


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-30 07:35:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.hu.txt 26884 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.ja_JP.txt 24896 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.lt_LT.txt 26224 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.nl_BE.txt 26866 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.ps_AF.txt 23926 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.sl_SI.txt 26994 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.sw_TZ.txt 23804 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.gv_GB.txt 22468 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.he.txt
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.he_IL.txt 25412 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.hi.txt 26476 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.hi_IN.txt
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.hi__DIRECT.txt 26476 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.hr.txt
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.hr_HR.txt 26778 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.hu_HU.txt 26884 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.hy.txt 22586 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.hy_AM.txt 22586 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.hy_AM_REVISED.txt 22586 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.id.txt 26974 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.id_ID.txt 26974 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.is.txt 22500 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.is_IS.txt 22500 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.it.txt 27078 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.it_CH.txt 27078 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.it_IT.txt 27078 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.it_IT_PREEURO.txt 27078 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.ja.txt 24896 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.ja_JP_TRADITIONAL.txt 24896 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.kk.txt 22494 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.kk_KZ.txt 22494 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.kl.txt 22532 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.kl_GL.txt 22532 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.kn.txt 22524 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.kn_IN.txt 22524 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.ko.txt 24146 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.kok.txt 24994 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.kok_IN.txt 24994 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.ko_KR.txt 24146 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.kw.txt 22588 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.kw_GB.txt 22588 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.lt.txt 26224 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.lv.txt 25980 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.lv_LV.txt 25980 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.mk.txt 22516 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.mk_MK.txt 22516 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.mr.txt 25006 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.mr_IN.txt 25006 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.ms.txt 24564 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.ms_BN.txt 24564 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.ms_MY.txt 24564 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.mt.txt 26936 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.mt_MT.txt 26936 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.nb.txt 26998 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.nb_NO.txt 26998 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.nl.txt 26866 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.nl_BE_PREEURO.txt 26866 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.nl_NL.txt 26866 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.nl_NL_PREEURO.txt 26866 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.nn.txt 22564 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.nn_NO.txt 22564 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.om.txt 22592 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.om_ET.txt 22592 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.om_KE.txt 22592 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.pa.txt 22528 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.pa_IN.txt 22528 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.pl.txt 26806 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.pl_PL.txt 26806 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.ps.txt 23926 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.pt.txt 27080 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.pt_BR.txt 27080 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.pt_PT.txt 27222 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.pt_PT_PREEURO.txt 27222 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.ro.txt 26146 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.ro_RO.txt 26146 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.ru.txt 28448 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.ru_RU.txt 28448 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.ru_UA.txt 28448 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.sh.txt 26878 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.sh_YU.txt 26878 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.sk.txt 26614 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.sk_SK.txt 26614 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.sl.txt 26994 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.so.txt 24258 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.so_DJ.txt 24258 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.so_ET.txt 24258 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.so_KE.txt 24258 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.so_SO.txt 24258 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.sq.txt 22498 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.sq_AL.txt 22498 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.sr.txt 26728 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.sr_YU.txt 26728 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.sv.txt 27758 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.sv_FI.txt 27758 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.sv_SE.txt 27758 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.sw.txt 23804 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.sw_KE.txt 23804 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.ta.txt 27540 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.ta_IN.txt 27540 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.te.txt 22638 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.te_IN.txt 22638 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.th.txt 26910 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.th_TH.txt 26910 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.th_TH_TRADITIONAL.txt 26910 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.ti.txt 24338 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.ti_ER.txt 24338 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.ti_ET.txt 24338 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.tr.txt 27988 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.tr_TR.txt 27988 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.uk.txt 27788 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.uk_UA.txt 27788 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.vi.txt 26858 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.vi_VN.txt 26858 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.zh.txt 23674 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.zh_CN.txt 23674 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.zh_HK.txt 23652 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.zh_MO.txt 23652 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.zh_SG.txt 23650 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.zh_TW.txt 23652 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.zh_TW_STROKE.txt 23652 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.zh__PINYIN.txt 23674 bytes

scan completed successfully
hidden files: 121

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Comodo\CBOClean\BOCore.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\LogMeIn\x86\ramaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Comodo\CBOClean\BOC427.EXE
C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\update\update.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-07-30 7:45:44 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-30 11:45:30

Pre-Run: 66,561,425,408 bytes free
Post-Run: 66,590,068,736 bytes free

410 --- E O F --- 2008-07-27 21:22:52

#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:11:42 AM

Posted 30 July 2008 - 11:10 AM

First things first, we need to install the recovery console onto your system; it's an important security and safety feature which you really do need to have installed. You can install the recovery console regardless of whether or not you have the XP cd that came with the operating system - I recommend you download the recovery console installation file from the internet, it's only about 4mb in size, so it shouldn't take too long to download.

Go to Microsoft's website => http://support.microsoft.com/kb/310994
At that page, scroll down and click on the appropriate download for your version of Windows XP (Home or Professional) and the service pack level that you have installed. When you click on the link to download the file, make sure you save it directly to your desktop.

If you are unsure what version of Windows you have and what Service Pack is installed, you can follow these instructions to gain that information:

1) Click on the Start button.
2) Click on the Run menu option.
3) In the Open: field type the following: sysdm.cpl and then click on the OK button.
4) A screen will appear showing information about your installation.
Under the System: category you should see your Windows version and the installed Service Pack.

Once the Microsoft file has finished downloading, close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. This is shown in the following image:
Posted Image
Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.

#5 NickTTTA

NickTTTA
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 30 July 2008 - 07:41 PM

My computer updated to service pack 3, however the recovery console installed just fine. Computer seems perfect again. Here is the log, and I await my next instruction.

The log is too big to post due to the installation of SP3. I will attach the log.

Edited by NickTTTA, 30 July 2008 - 07:43 PM.


#6 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:11:42 AM

Posted 31 July 2008 - 08:27 AM

Aha ok, I didn't realise you had updated to SP3, in that case there's no need to worry about the recovery console.
We've got quite a bit of work to do here, this PC is infested!

Click start > run and type: notepad, then hit enter.
Copy and paste in the following text into the window.

Folder::
C:\Program Files\AskSBar
C:\WINDOWS\VXNlcg
C:\WINDOWS\system32\wn32
C:\WINDOWS\system32\og1
C:\WINDOWS\system32\kBin02
C:\Temp\epr1
C:\WINDOWS\system32\carH18
C:\Temp\btxv15

File::
C:\WINDOWS\system32\ikkazt.dll
C:\WINDOWS\system32\egaliekt.dll
C:\WINDOWS\system32\hhstudem.dll
C:\WINDOWS\system32\cssdll32.dll
C:\WINDOWS\system32\qtcxyyof.rtr
C:\WINDOWS\system32\qememhhc.cri
C:\WINDOWS\system32\gpextspm.yok
C:\WINDOWS\system32\dokqcgsg.mfm
C:\WINDOWS\system32\xydrbqgw.gkh
C:\WINDOWS\system32\lxxitpbt.zur
C:\WINDOWS\system32\eldfyihe.pjw
C:\WINDOWS\system32\bxpggkho.tzv
C:\WINDOWS\system32\zkemvwjl.gtw
C:\WINDOWS\system32\pimfflny.rgl
C:\WINDOWS\system32\qcexqhws.xvb
C:\WINDOWS\system32\drxcysjx.gae
C:\WINDOWS\system32\ysduorlz.nak

Click File > Save and call it "CFScript.txt" (without quotes).
Save it to your desktop.
Posted Image
Refering to the picture above, drag CFscript.txt into ComboFix.exe
Combofix will run, and a text file will open. Please post it back here.

Please download Malwarebytes Anti-Malware and save it to your desktop.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation finishes, leave both 'Update' and 'Launch' checked. Click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.
If an update is found, the program will automatically update itself.
Press the OK button to close that box and continue.
If you encounter any problems while downloading the updates, manually download them from here.

On the Scanner tab, ensure the "Perform Quick Scan" option is selected, then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
When the scan finishes, a box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply and exit MBAM.

#7 NickTTTA

NickTTTA
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 31 July 2008 - 02:56 PM

I would have stopped at the last step. Glad you are here to help!

ComboFix 08-07-29.1 - User 2008-07-31 15:32:02.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.590 [GMT -4:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\User\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\system32\bxpggkho.tzv
C:\WINDOWS\system32\cssdll32.dll
C:\WINDOWS\system32\dokqcgsg.mfm
C:\WINDOWS\system32\drxcysjx.gae
C:\WINDOWS\system32\egaliekt.dll
C:\WINDOWS\system32\eldfyihe.pjw
C:\WINDOWS\system32\gpextspm.yok
C:\WINDOWS\system32\hhstudem.dll
C:\WINDOWS\system32\ikkazt.dll
C:\WINDOWS\system32\lxxitpbt.zur
C:\WINDOWS\system32\pimfflny.rgl
C:\WINDOWS\system32\qcexqhws.xvb
C:\WINDOWS\system32\qememhhc.cri
C:\WINDOWS\system32\qtcxyyof.rtr
C:\WINDOWS\system32\xydrbqgw.gkh
C:\WINDOWS\system32\ysduorlz.nak
C:\WINDOWS\system32\zkemvwjl.gtw
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\AskSBar
C:\Program Files\AskSBar\SrchAstt\1.bin\xpvpitro.dxf
C:\Temp\btxv15
C:\Temp\epr1
C:\WINDOWS\system32\bxpggkho.tzv
C:\WINDOWS\system32\carH18
C:\WINDOWS\system32\cssdll32.dll
C:\WINDOWS\system32\dokqcgsg.mfm
C:\WINDOWS\system32\drxcysjx.gae
C:\WINDOWS\system32\egaliekt.dll
C:\WINDOWS\system32\eldfyihe.pjw
C:\WINDOWS\system32\gpextspm.yok
C:\WINDOWS\system32\hhstudem.dll
C:\WINDOWS\system32\ikkazt.dll
C:\WINDOWS\system32\kBin02
C:\WINDOWS\system32\kBin02\kBin022328.exe
C:\WINDOWS\system32\lxxitpbt.zur
C:\WINDOWS\system32\og1
C:\WINDOWS\system32\pimfflny.rgl
C:\WINDOWS\system32\qcexqhws.xvb
C:\WINDOWS\system32\qememhhc.cri
C:\WINDOWS\system32\qtcxyyof.rtr
C:\WINDOWS\system32\wn32
C:\WINDOWS\system32\xydrbqgw.gkh
C:\WINDOWS\system32\ysduorlz.nak
C:\WINDOWS\system32\zkemvwjl.gtw
C:\WINDOWS\VXNlcg

.
((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-31 )))))))))))))))))))))))))))))))
.

2008-07-30 21:00 . 2008-07-31 04:10 <DIR> d-------- C:\WINDOWS\LastGood
2008-07-30 20:57 . 2008-07-30 20:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogMeIn
2008-07-30 20:13 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\000001_.tmp
2008-07-30 12:05 . 2008-07-30 20:19 3,660 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP
2008-07-30 12:04 . 2008-06-13 07:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-30 12:04 . 2008-05-08 10:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-07-30 11:54 . 2008-07-30 11:54 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-07-30 11:54 . 2008-07-30 11:54 <DIR> d-------- C:\WINDOWS\system32\en
2008-07-30 11:54 . 2008-07-30 11:54 <DIR> d-------- C:\WINDOWS\system32\bits
2008-07-30 11:54 . 2008-07-30 11:54 <DIR> d-------- C:\WINDOWS\l2schemas
2008-07-30 11:52 . 2008-07-30 11:55 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-07-30 11:48 . 2008-07-30 20:15 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-07-30 11:45 . 2008-07-30 20:12 <DIR> d-------- C:\WINDOWS\EHome
2008-07-30 07:55 . 2008-04-13 20:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-07-30 01:49 . 2008-07-30 01:49 <DIR> d-------- C:\Deckard
2008-07-30 00:52 . 2008-07-30 20:17 13,646 --a------ C:\WINDOWS\system32\wpa.dbl
2008-07-28 22:54 . 2008-06-10 21:22 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-07-28 22:54 . 2008-06-02 15:19 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-07-28 22:54 . 2008-06-02 15:19 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-07-28 22:54 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-07-28 22:53 . 2008-07-28 22:53 <DIR> d-------- C:\Documents and Settings\User\Application Data\PC Tools
2008-07-28 08:15 . 2008-07-28 09:58 143,104 --a------ C:\WINDOWS\system32\guard32.dll
2008-07-28 08:15 . 2008-07-28 09:58 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-07-28 08:15 . 2008-07-28 09:58 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-07-28 08:11 . 2008-07-28 10:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BOC427
2008-07-28 08:11 . 2008-07-14 05:09 212,728 --a------ C:\WINDOWS\CMDLIC.DLL
2008-07-28 08:11 . 2008-07-14 05:09 205,560 --a------ C:\WINDOWS\UNBOC.EXE
2008-07-28 08:11 . 2004-08-04 08:00 22,528 --a------ C:\WINDOWS\system32\wsock32.dlb
2008-07-28 08:11 . 2008-07-30 21:00 9,138 --a------ C:\WINDOWS\BOC427.INI
2008-07-28 08:10 . 2008-07-28 08:10 434,252 --a------ C:\WINDOWS\system32\MSVCRTD.DLL
2008-07-28 08:10 . 2008-07-28 08:10 216,576 --a------ C:\WINDOWS\system32\monln.dll
2008-07-27 17:27 . 2008-07-27 17:27 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
2008-07-27 16:02 . 2008-07-27 23:54 1,632 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-24 23:59 . 2008-07-24 23:59 <DIR> d-------- C:\!KillBox
2008-07-24 23:39 . 2008-07-24 23:40 <DIR> d-------- C:\Program Files\RogueRemover FREE
2008-07-22 19:25 . 2008-07-22 19:25 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-22 19:19 . 2008-07-22 19:19 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Talkback
2008-07-22 00:01 . 2002-08-18 19:43 794,624 --a------ C:\WINDOWS\system32\spr32d35.dll
2008-07-21 23:55 . 2008-07-22 00:11 <DIR> d-------- C:\Program Files\Punch! Home Design - Platinum
2008-07-21 23:25 . 2008-07-21 23:25 <DIR> d-------- C:\Documents and Settings\User\Application Data\DAEMON Tools
2008-07-21 23:25 . 2008-07-21 23:25 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-07-21 21:32 . 2008-07-21 21:32 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-21 00:12 . 2008-07-31 15:32 <DIR> d-------- C:\Temp
2008-07-21 00:12 . 2008-07-21 00:12 77 --a------ C:\Documents and Settings\User\4562.bat
2008-07-18 10:59 . 2008-07-30 20:02 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-18 10:59 . 2008-07-18 10:59 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-12 13:39 . 2008-07-12 13:39 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2008-07-06 12:16 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-04 20:44 . 2008-07-04 20:44 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-03 20:21 . 2008-07-03 20:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-03 20:17 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-07-03 20:17 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-07-03 20:07 . 2008-07-03 20:07 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-06-20 13:46 . 2008-06-20 13:46 245,248 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 13:46 . 2008-06-20 13:46 147,968 -----c--- C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 07:51 . 2008-06-20 07:51 361,600 -----c--- C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 07:40 . 2008-06-20 07:40 138,496 -----c--- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 07:08 . 2008-06-20 07:08 225,856 -----c--- C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-11 02:11 . 2008-06-13 07:05 272,128 --a------ C:\WINDOWS\system32\drivers\bthport.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-31 18:14 --------- d-----w C:\Program Files\LogMeIn
2008-07-28 14:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Comodo
2008-07-28 12:16 --------- d-----w C:\Program Files\Comodo
2008-07-28 12:15 --------- d-----w C:\Documents and Settings\User\Application Data\Comodo
2008-07-28 12:10 499,712 -c--a-w C:\WINDOWS\system32\msvcp71.dll
2008-07-28 12:10 348,160 -c--a-w C:\WINDOWS\system32\msvcr71.dll
2008-07-28 12:10 1,060,864 ----a-w C:\WINDOWS\system32\MFC71.dll
2008-07-28 02:52 --------- d-----w C:\Program Files\Starcraft
2008-07-25 04:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-25 03:28 --------- d-----w C:\Program Files\GetRight
2008-07-25 03:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-22 22:47 --------- d-----w C:\Documents and Settings\User\Application Data\DNA
2008-07-22 02:19 --------- d-----w C:\Program Files\BPK
2008-07-22 01:33 --------- d-----w C:\Program Files\Lavasoft
2008-07-22 01:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-21 22:00 --------- d-----w C:\Documents and Settings\User\Application Data\BitTorrent
2008-07-21 05:16 --------- d-----w C:\Program Files\ffdshow
2008-07-21 04:46 --------- d-----w C:\Documents and Settings\User\Application Data\iPod Copy Expert
2008-07-21 04:38 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-21 04:37 --------- d-----w C:\Program Files\Common Files\AnswerWorks 4.0
2008-07-06 16:16 --------- d-----w C:\Program Files\Java
2008-07-04 01:04 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-30 04:50 --------- d-----w C:\Program Files\Picasa2
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-05-28 16:33 83,288 ----a-w C:\WINDOWS\system32\LMIRfsClientNP.dll
2008-05-28 16:32 87,352 ----a-w C:\WINDOWS\system32\LMIinit.dll
2008-05-28 16:32 24,608 ----a-w C:\WINDOWS\system32\LMIport.dll
2008-05-28 16:32 23,736 ----a-w C:\WINDOWS\system32\LMImirr.dll
2008-05-28 16:32 10,040 ----a-w C:\WINDOWS\system32\LMImirr2.dll
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-14 09:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 09:42 7,680 ----a-w C:\WINDOWS\system32\spdwnwxp.exe
2008-04-14 09:42 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 09:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-13 21:00 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 19:27 2,188,928 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:35 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll
2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 18:31 2,065,792 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 18:14 76,800 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-13 17:39 438,784 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 17:39 2,897,920 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 17:39 187,392 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 17:27 79,872 ------w C:\WINDOWS\system32\msxml6r.dll
2008-04-13 17:26 94,208 ----a-w C:\WINDOWS\system32\odbcint.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 17:24 20,480 ----a-w C:\WINDOWS\system32\msorc32r.dll
2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-04-13 17:09 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-13 17:03 63,488 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-13 17:03 549,376 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-13 16:48 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2008-04-13 16:22 48,128 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-13 15:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
2007-05-23 00:14 8,784 -c--a-w C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-05-23 00:17 245,408 -c--a-w C:\Program Files\mozilla firefox\plugins\unicows.dll
.

((((((((((((((((((((((((((((( snapshot_2008-07-30_20.28.16.71 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-24 23:33:02 1,527,056 ----a-w C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
- 2007-04-05 15:55:14 46,112 ----a-w C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
+ 2008-03-07 17:39:48 45,848 ----a-w C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
+ 2008-03-25 02:32:44 218,496 ----a-r C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe
- 2008-02-22 14:04:41 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
+ 2008-07-31 01:00:06 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
- 2007-11-22 02:04:15 15,160 -c--a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\LMIprinter.dll
+ 2008-05-28 16:33:00 33,080 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\LMIprinter.dll
- 2007-11-22 02:04:15 16,696 -c--a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\LMIprinterdat.dll
+ 2008-05-28 16:33:02 43,320 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\LMIprinterdat.dll
- 2007-11-22 02:04:15 16,696 -c--a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\LMIprinterui.dll
+ 2008-05-28 16:33:02 43,320 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\LMIprinterui.dll
- 2007-11-22 02:04:15 15,160 -c--a-w C:\WINDOWS\system32\spool\drivers\w32x86\LMIprinter.dll
+ 2008-05-28 16:33:00 33,080 -c--a-w C:\WINDOWS\system32\spool\drivers\w32x86\LMIprinter.dll
- 2007-11-22 02:04:15 16,696 -c--a-w C:\WINDOWS\system32\spool\drivers\w32x86\LMIprinterdat.dll
+ 2008-05-28 16:33:02 43,320 -c--a-w C:\WINDOWS\system32\spool\drivers\w32x86\LMIprinterdat.dll
- 2007-11-22 02:04:15 16,696 -c--a-w C:\WINDOWS\system32\spool\drivers\w32x86\LMIprinterui.dll
+ 2008-05-28 16:33:02 43,320 -c--a-w C:\WINDOWS\system32\spool\drivers\w32x86\LMIprinterui.dll
- 2007-11-22 02:04:15 28,472 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\LMIproc.dll
+ 2008-05-28 16:33:04 47,416 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\LMIproc.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 13:39 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 14:03 63048]
"SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" [2008-01-28 12:43 5146448]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-02-24 07:32 5537792]
"BOC-427"="C:\PROGRA~1\Comodo\CBOClean\BOC427.exe" [2008-07-14 05:09 351480]
"COMODO SafeSurf"="C:\Program Files\COMODO\SafeSurf\cssurf.exe" [2008-07-28 08:16 278264]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\cfp.exe" [2008-07-28 09:58 1655552]

C:\Documents and Settings\User\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-09 11:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 20:12 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2005-02-24 07:32 5537792 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2005-02-24 07:32 86016 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-02-24 07:32 1495040 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Comodo Anti-Virus and Anti-Spyware Service"=2 (0x2)
"Bonjour Service"=2 (0x2)
"dlcf_device"=2 (0x2)
"cmdService"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"MDM"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"SoundMan"=SOUNDMAN.EXE
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\Starcraft\\StarCraft.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\WINDOWS\\system32\\dlcfcoms.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"80:TCP"= 80:TCP:http
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-07-28 09:58]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-07-28 09:58]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2008-02-28 15:31]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39]
S3 DCamUSBMR;PC Camera 8070 CIF;C:\WINDOWS\system32\DRIVERS\MR97110.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8639cc1-8be1-11db-bb08-806d6172696f}]
\Shell\AutoRun\command - D:\setup.exe

*Newly Created Service* - LMIMAINT
.
Contents of the 'Scheduled Tasks' folder

2008-07-28 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-31 15:36:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.hu.txt 26884 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.ja_JP.txt 24896 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.lt_LT.txt 26224 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.nl_BE.txt 26866 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.ps_AF.txt 23926 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.sl_SI.txt 26994 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.sw_TZ.txt 23804 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.gv_GB.txt 22468 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.he.txt
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.he_IL.txt 25412 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.hi.txt
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.hi_IN.txt
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.hi__DIRECT.txt 26476 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.hr.txt
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.hr_HR.txt 26778 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.hu_HU.txt 26884 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.hy.txt 22586 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.hy_AM.txt 22586 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.hy_AM_REVISED.txt 22586 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.id.txt 26974 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.id_ID.txt 26974 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.is.txt 22500 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.is_IS.txt 22500 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.it.txt 27078 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.it_CH.txt 27078 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.it_IT.txt 27078 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.it_IT_PREEURO.txt 27078 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.ja.txt 24896 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.ja_JP_TRADITIONAL.txt 24896 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.kk.txt 22494 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.kk_KZ.txt 22494 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.kl.txt 22532 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.kl_GL.txt 22532 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.kn.txt 22524 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.kn_IN.txt 22524 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.ko.txt 24146 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.kok.txt 24994 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.kok_IN.txt 24994 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.ko_KR.txt 24146 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.kw.txt 22588 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.kw_GB.txt 22588 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.lt.txt 26224 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.lv.txt 25980 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.lv_LV.txt 25980 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.mk.txt 22516 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.mk_MK.txt 22516 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.mr.txt 25006 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.mr_IN.txt 25006 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.ms.txt 24564 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.ms_BN.txt 24564 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.ms_MY.txt 24564 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.mt.txt 26936 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.mt_MT.txt 26936 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.nb.txt 26998 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.nb_NO.txt 26998 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.nl.txt 26866 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.nl_BE_PREEURO.txt 26866 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.nl_NL.txt 26866 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.nl_NL_PREEURO.txt 26866 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.nn.txt 22564 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.nn_NO.txt 22564 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.om.txt 22592 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.om_ET.txt 22592 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.om_KE.txt 22592 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.pa.txt 22528 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.pa_IN.txt 22528 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.pl.txt 26806 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.pl_PL.txt 26806 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.ps.txt 23926 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.pt.txt 27080 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.pt_BR.txt 27080 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.pt_PT.txt 27222 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.pt_PT_PREEURO.txt 27222 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.ro.txt 26146 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.ro_RO.txt 26146 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.ru.txt 28448 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.ru_RU.txt 28448 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.ru_UA.txt 28448 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.sh.txt 26878 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.sh_YU.txt 26878 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.sk.txt 26614 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.sk_SK.txt 26614 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.sl.txt 26994 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.so.txt 24258 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.so_DJ.txt 24258 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.so_ET.txt 24258 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.so_KE.txt 24258 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.so_SO.txt 24258 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.sq.txt 22498 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.sq_AL.txt 22498 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.sr.txt 26728 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.sr_YU.txt 26728 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.sv.txt 27758 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.sv_FI.txt 27758 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.sv_SE.txt 27758 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.sw.txt 23804 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.sw_KE.txt 23804 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.ta.txt 27540 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.ta_IN.txt 27540 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.te.txt 22638 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.te_IN.txt 22638 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.th.txt 26910 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.th_TH.txt 26910 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.th_TH_TRADITIONAL.txt 26910 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.ti.txt 24338 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.ti_ER.txt 24338 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.ti_ET.txt 24338 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.tr.txt 27988 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.tr_TR.txt 27988 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.uk.txt 27788 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.uk_UA.txt 27788 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.vi.txt 26858 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.vi_VN.txt 26858 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.zh.txt 23674 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.zh_CN.txt 23674 bytes
C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames\DisplayLanguageNames.zh_HK.txt 23652 bytes
C:\Program Files\Common Files\Adob


**************************************************************************
.
Completion time: 2008-07-31 15:40:16
ComboFix-quarantined-files.txt 2008-07-31 19:39:13
ComboFix2.txt 2008-07-31 00:29:27
ComboFix3.txt 2008-07-30 11:45:46

Pre-Run: 63,882,670,080 bytes free
Post-Run: 63,942,709,248 bytes free

453 --- E O F --- 2008-07-30 16:05:29


Malwarebytes' Anti-Malware 1.24
Database version: 1013
Windows 5.1.2600 Service Pack 3

3:54:18 PM 7/31/2008
mbam-log-7-31-2008 (15-54-18).txt

Scan type: Quick Scan
Objects scanned: 40690
Time elapsed: 4 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\BMef9efa9f.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

#8 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:11:42 AM

Posted 31 July 2008 - 05:11 PM

Good work! How is the system running? I see clean logs all round here.. :thumbsup:

#9 NickTTTA

NickTTTA
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 31 July 2008 - 10:27 PM

Excellent!

It's back to normal! I am going to read on how to get in your training program, I would like to help others-this place is priceless! :thumbsup:

#10 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:11:42 AM

Posted 01 August 2008 - 06:43 AM

Glad I could help! :thumbsup:
The latest log is looking clean!
Follow this list and your potential for being infected again will be reduced dramatically.

Use an Anti Virus Software -
* It is very important that your computer has an anti-virus software running on your machine.
* This alone can save you a lot of trouble with malware in the future. This link has listings of stand-alone anti virus programs:
* Click here for more information on -> Computer Safety On line - Anti-Virus
* I would recommend Grisoft's AVG or AVAST.
* These are the more secure and better ones.

Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.

Use a Firewall -
* I can not stress how important it is that you use a Firewall on your computer.
* Without a firewall your computer is susceptible to being hacked and taken over.
* Simply using a Firewall in its default configuration can lower your risk greatly.
* For an article on Firewalls and a listing of some available ones see the link below:
* Click here for more information on -> Computer Safety On line - Software Firewalls
* I would recommend ZoneAlarm as a firewall as it's easy to use.

Visit Microsoft's Windows Update Site Frequently -
* It is important that you visit http://www.windowsupdate.com regularly.
* This will ensure your computer has always the latest security updates available installed on your computer.
* If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Next, if they're not already present, I would recommend the download and installation of some or all of the following programs (all free), and the updating of them regularly

Install Spybot© - Search and Destroy- Install and download Spybot - Search and Destroy with its TeaTimer option.
* This will provide real-time spyware & hijacker protection on your computer alongside your virus protection.
* You should also scan your computer with program on a regular basis just as you would an anti virus software.
* A tutorial on installing & using this product can be found here:
* Click here for more info -->Instructions for - Spybot S & D and Ad-aware

Install Lavasofts© Ad-Aware - Install and download Ad-Aware.
* You should also scan your computer with the program on a regular basis just as you would an anti virus software in conjunction with Spybot.
* A tutorial on installing & using this product can be found here:
* Click here for more info -->Instructions for - Spybot S & D and Ad-aware

Install Javacools© SpywareBlaster -
* SpywareBlaster will added a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs.
* A article on anti-malware products with links for this program and others can be found here:
* Click here for more info -->Computer Safety on line - Anti-Malware

Update all these programs regularly - Make sure you update all the programs I have listed regularly.
Without regular updates you WILL NOT be protected when new malicious programs are released.

If you have any addition questions just ask...
David




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users