Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware Protect 2009 Pop-Ups/Trojan Viruses


  • This topic is locked This topic is locked
27 replies to this topic

#1 mc2009

mc2009

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:54 PM

Posted 18 February 2009 - 04:06 PM

I've had this virus in my HP computer with Windows XP since February 6. First I kept getting pop-ups from Spyware Protect 2009. I managed to get rid of that. There are two user accounts. I was only able to access mine for a day. I couldn't even turn the computer off by clicking on 'turn off computer.' I had to press the button on the hard drive to do that. I solved that problem with Malwarebytes. I've been using CA Security Center to quarantine viruses, but its system tray icon has vanished. It would always come up on startup, but it hasn't lately. The system tray arrow had vanished and so did the volume indicator bar. I've gotten the arrow back now. I've gotten a lot of help here on what to do about the problems I've been having, but the virus, or viruses, is still there.

[post="http://www.bleepingcomputer.com/forums/t/202250/multiple-problems/"]Multiple Problems[/post]


I've posted a DDS log. I hope it can help in getting rid of this virus.

Here's my DDS log:

DDS (Ver_09-02-01.01) - NTFSx86
Run by M at 15:26:43.56 on Wed 02/18/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.293 [GMT -5:00]

AV: CA Anti-Virus *On-access scanning enabled* (Updated)
FW: CA Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Metacafe\MetacafeAgent.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\GetRight\GetRight.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CAGlobal.exe
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Light\CAGlobalLight.exe
c:\Program Files\Microsoft Works\WksWP.exe
c:\Program Files\Microsoft Works\WkDStore.exe
c:\Program Files\Microsoft Works\wkgdcach.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.optimum.net/Home
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: NoExplorer - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: IE to GetRight Helper: {31ff080d-12a3-439a-a2ef-4ba95a3148e8} - c:\program files\getright\xx2gr.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: MYPOINTS: {a057a204-bacc-4d26-cec4-75a487fd6484} - c:\progra~1\mypoints\mypoints.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: CA Toolbar Helper: {fbf2401b-7447-4727-be5d-c19b2075ca84} - c:\program files\ca\ca internet security suite\ca website inspector\toolbar\CallingIDIE.dll
TB: CA Toolbar: {10134636-e7af-4ac5-a1dc-c7c44bb97d81} - c:\program files\ca\ca internet security suite\ca website inspector\toolbar\CallingIDIE.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: MYPOINTS: {a057a204-bacc-4d26-cec4-75a487fd6484} - c:\progra~1\mypoints\mypoints.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {2D2DE234-AB9F-4345-9D17-94FA78BA37E3} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [PCDrProfiler]
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [QOELOADER] "c:\program files\ca\ca internet security suite\ca anti-spam\qsp-6.0.1.33\QOELoader.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\metacafe.lnk - c:\program files\metacafe\MetacafeAgent.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\orbit.lnk - c:\program files\orbitdownloader\orbitdm.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\startg~1.lnk - c:\program files\getright\GetRight.exe
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: Download All Files by HiDownload - c:\program files\streamingstar\hidownload\HDGetAll.htm
IE: Download by HiDownload - c:\program files\streamingstar\hidownload\HDGet.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
LSP: c:\windows\system32\VetRedir.dll
Trusted Zone: trymedia.com
DPF: {5E92F538-B50B-46C5-9C5F-C6EECED3F6C6} - hxxp://www.infospace.com/mypoints.main/tbar/mypointsSetup.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: ShellHook Class: {1869181a-9f50-4fcf-8bff-1b8588ecb85c} - c:\program files\ca\ca internet security suite\ca website inspector\linkadvisor\CIDLinkAdvisor.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\opnnOihe

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\m\applic~1\mozilla\firefox\profiles\bsc1y8h9.default\
FF - prefs.js: browser.search.selectedEngine - Orbit Search (Powered By Google)
FF - component: c:\program files\ca\ca internet security suite\ca website inspector\linkadvisor\firefox\components\CallingIDLinkAdvisorGecko.dll
FF - component: c:\program files\ca\ca internet security suite\ca website inspector\toolbar\firefox\components\CIDDomFx3.dll
FF - plugin: c:\documents and settings\m\application data\mozilla\firefox\profiles\bsc1y8h9.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\windows\system32\npmirage.dll

============= SERVICES / DRIVERS ===============

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2008-6-24 93712]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2008-6-24 63504]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2008-6-24 45584]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2008-6-24 115216]
R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2008-5-11 26352]
R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2008-5-11 21104]
R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\vetefile.sys [2008-5-11 880560]
R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\vetfddnt.sys [2008-5-11 21488]
R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2008-5-11 32240]
R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2007-7-6 561152]
R2 Akamai;Akamai;c:\windows\system32\svchost.exe -k Akamai [2006-2-15 14336]
R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus\isafe.exe [2008-1-26 144696]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2008-6-24 134648]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2008-6-24 66576]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2007-10-18 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2007-10-18 801296]
R2 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2008-6-24 281104]
R2 VETMSGNT;VET Message Service;c:\program files\ca\ca internet security suite\ca anti-virus\vetmsg.exe [2008-1-26 255216]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2008-6-24 88816]
R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\veteboot.sys [2008-5-11 108368]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;c:\windows\system32\drivers\NSDriver.sys [2007-6-4 9344]
S3 PPCtlPriv;PPCtlPriv;c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [2008-1-26 185584]

=============== Created Last 30 ================

2009-02-16 11:23 578,560 a------- c:\windows\system32\dllcache\user32.dll
2009-02-16 11:16 --d----- c:\windows\ERUNT
2009-02-16 09:18 --d----- C:\SDFix
2009-02-12 14:05 --d----- c:\documents and settings\m\DoctorWeb
2009-02-11 13:39 --d----- c:\docume~1\m\applic~1\SUPERAntiSpyware.com
2009-02-09 15:33 --d----- c:\docume~1\m\applic~1\HPQ
2009-02-09 05:37 1,559,995 ---sh--- c:\windows\system32\eljsykmk.ini
2009-02-09 05:32 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-08 17:27 39,265 a--sh--- c:\windows\system32\ehiOnnpo.ini2
2009-02-08 17:27 39,265 a--sh--- c:\windows\system32\ehiOnnpo.ini
2009-02-08 16:20 24,660 a------- c:\windows\system32\dllcache\spxupchk.dll
2009-02-08 16:20 61,824 a------- c:\windows\system32\dllcache\speed.sys
2009-02-08 16:20 106,584 a------- c:\windows\system32\dllcache\spdports.dll
2009-02-08 16:20 19,072 a------- c:\windows\system32\dllcache\sparrow.sys
2009-02-08 16:20 7,552 a------- c:\windows\system32\dllcache\sonypvu1.sys
2009-02-08 16:18 91,294 a------- c:\windows\system32\dllcache\skfpwin.sys
2009-02-08 16:17 11,648 a------- c:\windows\system32\dllcache\scsiprnt.sys
2009-02-08 16:16 79,872 a------- c:\windows\system32\dllcache\rwia430.dll
2009-02-08 16:15 33,152 a------- c:\windows\system32\dllcache\ql10wnt.sys
2009-02-08 16:14 27,904 a------- c:\windows\system32\dllcache\perm2.sys
2009-02-08 16:13 54,186 a------- c:\windows\system32\dllcache\otcsercb.sys
2009-02-08 16:12 39,264 a------- c:\windows\system32\dllcache\neo20xx.sys
2009-02-08 16:11 2,944 a------- c:\windows\system32\dllcache\msmpu401.sys
2009-02-08 16:10 58,368 a------- c:\windows\system32\dllcache\m3091dc.dll
2009-02-08 16:09 6,144 a------- c:\windows\system32\dllcache\kbd106.dll
2009-02-08 16:08 20,480 a------- c:\windows\system32\dllcache\icam5ext.dll
2009-02-08 16:07 57,471 a------- c:\windows\system32\dllcache\hsf_samp.sys
2009-02-08 16:06 20,352 a------- c:\windows\system32\dllcache\hidbatt.sys
2009-02-08 16:05 27,165 a------- c:\windows\system32\dllcache\fetnd5.sys
2009-02-08 16:04 18,503 a------- c:\windows\system32\dllcache\epro4.sys
2009-02-08 16:03 29,696 a------- c:\windows\system32\dllcache\dm9pci5.sys
2009-02-08 16:02 117,760 a------- c:\windows\system32\dllcache\d100ib5.sys
2009-02-08 16:01 1,677,824 a------- c:\windows\system32\dllcache\chsbrkr.dll
2009-02-08 16:00 12,160 a------- c:\windows\system32\dllcache\brfiltlo.sys
2009-02-08 15:58 66,048 a------- c:\windows\system32\dllcache\s3legacy.dll
2009-02-07 16:30 --d----- c:\docume~1\m\applic~1\Malwarebytes
2009-02-07 16:30 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-07 14:42 --d----- c:\docume~1\m\applic~1\WinBatch
2009-02-07 12:38 --d----- c:\program files\Spyware Doctor
2009-02-06 08:22 36,559 a--sh--- c:\windows\system32\GOWvDcdd.ini2
2009-02-06 08:22 36,559 a--sh--- c:\windows\system32\GOWvDcdd.ini
2009-02-05 11:09 --d----- c:\documents and settings\m\.drdivx2
2009-02-02 08:30 128,840 a------- c:\windows\system32\Metacafe.scr

==================== Find3M ====================

2009-02-18 14:25 2,204 a------- c:\docume~1\m\applic~1\wklnhst.dat
2009-02-18 09:17 878,052 a------- c:\windows\system32\drivers\kmxcfg.u2k0
2009-02-18 09:17 64 a------- c:\windows\system32\drivers\kmxcfg.u2k7
2009-02-18 09:17 64 a------- c:\windows\system32\drivers\kmxcfg.u2k6
2009-02-18 09:17 64 a------- c:\windows\system32\drivers\kmxcfg.u2k5
2009-02-18 09:17 64 a------- c:\windows\system32\drivers\kmxcfg.u2k4
2009-02-18 09:17 64 a------- c:\windows\system32\drivers\kmxcfg.u2k3
2009-02-18 09:17 64 a------- c:\windows\system32\drivers\kmxcfg.u2k2
2009-02-18 09:17 64 a------- c:\windows\system32\drivers\kmxcfg.u2k1
2009-01-16 21:35 3,594,752 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-19 04:10 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 04:10 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 00:25 634,024 a------- c:\windows\system32\dllcache\iexplore.exe
2008-12-19 00:23 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2008-12-13 12:17 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-11 05:57 333,952 -------- c:\windows\system32\dllcache\srv.sys

============= FINISH: 15:28:04.39 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:01:54 PM

Posted 01 March 2009 - 02:12 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 mc2009

mc2009
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:54 PM

Posted 03 March 2009 - 10:12 AM

I'm still having problems, and now the Spyware Protect 2009 pop-ups have returned. I used Malwarebytes again, so I hope I've at least gotten rid of that one problem.

I used DDS and here's what came up:

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\svcprs32.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe
C:\WINDOWS\cfgmng32.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Metacafe\MetacafeAgent.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\GetRight\GetRight.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\WINDOWS\system32\mdmcls32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CAGlobal.exe
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Light\CAGlobalLight.exe
C:\Downloads\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.optimum.net/Home
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: NoExplorer - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: IE to GetRight Helper: {31ff080d-12a3-439a-a2ef-4ba95a3148e8} - c:\program files\getright\xx2gr.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: MYPOINTS: {a057a204-bacc-4d26-cec4-75a487fd6484} - c:\progra~1\mypoints\mypoints.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: CA Toolbar Helper: {fbf2401b-7447-4727-be5d-c19b2075ca84} - c:\program files\ca\ca internet security suite\ca website inspector\toolbar\CallingIDIE.dll
TB: CA Toolbar: {10134636-e7af-4ac5-a1dc-c7c44bb97d81} - c:\program files\ca\ca internet security suite\ca website inspector\toolbar\CallingIDIE.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: MYPOINTS: {a057a204-bacc-4d26-cec4-75a487fd6484} - c:\progra~1\mypoints\mypoints.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {2D2DE234-AB9F-4345-9D17-94FA78BA37E3} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [rundll32.exe] rundll32.exe "c:\documents and settings\m\application data\macromedia\common\3293c05a1.dll""
mRun: [PCDrProfiler]
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [QOELOADER] "c:\program files\ca\ca internet security suite\ca anti-spam\qsp-6.0.1.33\QOELoader.exe"
mRun: [dvHighMem] c:\windows\cfgmng32.exe
mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"
mRun: [cafw] c:\program files\ca\ca internet security suite\ca personal firewall\cafw.exe -cl
mRun: [capfasem] c:\program files\ca\ca internet security suite\ca personal firewall\capfasem.exe
mRun: [capfupgrade] c:\program files\ca\ca internet security suite\ca personal firewall\capfupgrade.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
dRun: [rundll32.exe] rundll32.exe "c:\windows\system32\config\systemprofile\application data\macromedia\common\3293c05a1.dll""
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\metacafe.lnk - c:\program files\metacafe\MetacafeAgent.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\orbit.lnk - c:\program files\orbitdownloader\orbitdm.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\startg~1.lnk - c:\program files\getright\GetRight.exe
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: Download All Files by HiDownload - c:\program files\streamingstar\hidownload\HDGetAll.htm
IE: Download by HiDownload - c:\program files\streamingstar\hidownload\HDGet.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
LSP: c:\windows\system32\winsflt.dll
LSP: c:\windows\system32\VetRedir.dll
Trusted Zone: trymedia.com
DPF: {5E92F538-B50B-46C5-9C5F-C6EECED3F6C6} - hxxp://www.infospace.com/mypoints.main/tbar/mypointsSetup.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: PFW - UmxWnp.Dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: ShellHook Class: {1869181a-9f50-4fcf-8bff-1b8588ecb85c} - c:\program files\ca\ca internet security suite\ca website inspector\linkadvisor\CIDLinkAdvisor.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\opnnOihe

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\m\applic~1\mozilla\firefox\profiles\bsc1y8h9.default\
FF - prefs.js: browser.search.selectedEngine - Orbit Search (Powered By Google)
FF - component: c:\program files\ca\ca internet security suite\ca website inspector\linkadvisor\firefox\components\CallingIDLinkAdvisorGecko.dll
FF - component: c:\program files\ca\ca internet security suite\ca website inspector\toolbar\firefox\components\CIDDomFx3.dll
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\m\application data\mozilla\firefox\profiles\bsc1y8h9.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\windows\system32\npmirage.dll

============= SERVICES / DRIVERS ===============

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2008-6-24 93712]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2008-6-24 63504]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2008-6-24 45584]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2008-6-24 115216]
R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2009-2-21 26352]
R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2009-2-21 21104]
R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\vetefile.sys [2009-2-21 880560]
R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\vetfddnt.sys [2009-2-21 21488]
R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2009-2-21 32240]
R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2007-7-6 561152]
R2 Akamai;Akamai;c:\windows\system32\svchost.exe -k Akamai [2006-2-15 14336]
R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus\isafe.exe [2008-1-26 144696]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2008-6-24 134648]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2008-6-24 66576]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2007-10-18 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2007-10-18 801296]
R2 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2008-6-24 281104]
R2 VETMSGNT;VET Message Service;c:\program files\ca\ca internet security suite\ca anti-virus\vetmsg.exe [2008-1-26 255216]
R2 WinSvchostManager;WinSock Svchost Manager;c:\windows\system32\svcprs32.exe [2009-2-21 823296]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2008-6-24 88816]
R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\veteboot.sys [2009-2-21 108368]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;c:\windows\system32\drivers\NSDriver.sys [2007-6-4 9344]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2009-2-27 42512]
S3 PPCtlPriv;PPCtlPriv;c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [2008-1-26 185584]

=============== Created Last 30 ================

2009-03-03 06:23 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-03 06:23 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-01 13:35 1,665,505 ---sh--- c:\windows\system32\iziteref.ini
2009-02-27 09:14 <DIR> --d----- C:\Y.D.T
2009-02-27 08:05 297 a------- c:\windows\system32\Infob.dat
2009-02-27 08:05 0 a------- c:\windows\system32\Infoa.dat
2009-02-27 07:59 355 a------- c:\windows\system32\treeinfo.dat
2009-02-27 07:55 240,240 a------- c:\windows\system32\wpcap.dll
2009-02-27 07:55 88,704 a------- c:\windows\system32\Packet.dll
2009-02-27 07:55 68,224 a------- c:\windows\system32\WanPacket.dll
2009-02-27 07:55 53,299 a------- c:\windows\system32\pthreadVC.dll
2009-02-27 07:55 42,512 a------- c:\windows\system32\drivers\npf.sys
2009-02-27 07:55 <DIR> --d----- c:\program files\E.M. Youtube Video Download Tool
2009-02-27 06:57 <DIR> --d----- c:\program files\Smart FLV Converter Pro
2009-02-24 08:36 <DIR> --d----- c:\program files\common files\xing shared
2009-02-21 06:39 7 a------- c:\windows\system32\mkghj.dll
2009-02-21 06:37 296,434 a------- c:\windows\system32\drivers\kmxcfg.u2k0
2009-02-21 06:37 64 a------- c:\windows\system32\drivers\kmxcfg.u2k7
2009-02-21 06:37 64 a------- c:\windows\system32\drivers\kmxcfg.u2k6
2009-02-21 06:37 64 a------- c:\windows\system32\drivers\kmxcfg.u2k5
2009-02-21 06:37 64 a------- c:\windows\system32\drivers\kmxcfg.u2k4
2009-02-21 06:37 64 a------- c:\windows\system32\drivers\kmxcfg.u2k3
2009-02-21 06:37 64 a------- c:\windows\system32\drivers\kmxcfg.u2k2
2009-02-21 06:37 64 a------- c:\windows\system32\drivers\kmxcfg.u2k1
2009-02-21 06:33 880,560 a------- c:\windows\system32\drivers\vetefile.sys
2009-02-21 06:33 108,368 a------- c:\windows\system32\drivers\veteboot.sys
2009-02-21 06:33 91,376 a------- c:\windows\system32\isafprod.dll
2009-02-21 06:33 32,240 a------- c:\windows\system32\drivers\vetmonnt.sys
2009-02-21 06:33 26,352 a------- c:\windows\system32\drivers\vet-filt.sys
2009-02-21 06:33 21,488 a------- c:\windows\system32\drivers\vetfddnt.sys
2009-02-21 06:33 21,104 a------- c:\windows\system32\drivers\vet-rec.sys
2009-02-21 06:32 2,732,032 a------- c:\windows\system32\win32cpr.dll
2009-02-21 06:32 823,296 a------- c:\windows\system32\svcprs32.exe
2009-02-21 06:32 1,564,771 a------- c:\windows\system32\winsflt.dll
2009-02-21 06:32 1,212,416 a------- c:\windows\system32\mdmcls32.exe
2009-02-21 06:32 1,830,912 a------- c:\windows\system32\winsflte.dll
2009-02-21 06:32 7,440 a------- c:\windows\system32\sporder.dll
2009-02-16 11:23 578,560 a------- c:\windows\system32\dllcache\user32.dll
2009-02-16 11:16 <DIR> --d----- c:\windows\ERUNT
2009-02-16 09:18 <DIR> --d----- C:\SDFix
2009-02-12 14:05 <DIR> --d----- c:\documents and settings\m\DoctorWeb
2009-02-11 13:39 <DIR> --d----- c:\docume~1\m\applic~1\SUPERAntiSpyware.com
2009-02-09 15:33 <DIR> --d----- c:\docume~1\m\applic~1\HPQ
2009-02-09 05:37 1,559,995 ---sh--- c:\windows\system32\eljsykmk.ini
2009-02-09 05:32 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-08 17:27 39,265 a--sh--- c:\windows\system32\ehiOnnpo.ini2
2009-02-08 17:27 39,265 a--sh--- c:\windows\system32\ehiOnnpo.ini
2009-02-08 16:20 24,660 a------- c:\windows\system32\dllcache\spxupchk.dll
2009-02-08 16:20 61,824 a------- c:\windows\system32\dllcache\speed.sys
2009-02-08 16:20 106,584 a------- c:\windows\system32\dllcache\spdports.dll
2009-02-08 16:20 19,072 a------- c:\windows\system32\dllcache\sparrow.sys
2009-02-08 16:20 7,552 a------- c:\windows\system32\dllcache\sonypvu1.sys
2009-02-08 16:18 91,294 a------- c:\windows\system32\dllcache\skfpwin.sys
2009-02-08 16:17 11,648 a------- c:\windows\system32\dllcache\scsiprnt.sys
2009-02-08 16:16 79,872 a------- c:\windows\system32\dllcache\rwia430.dll
2009-02-08 16:15 33,152 a------- c:\windows\system32\dllcache\ql10wnt.sys
2009-02-08 16:14 27,904 a------- c:\windows\system32\dllcache\perm2.sys
2009-02-08 16:13 54,186 a------- c:\windows\system32\dllcache\otcsercb.sys
2009-02-08 16:12 39,264 a------- c:\windows\system32\dllcache\neo20xx.sys
2009-02-08 16:11 2,944 a------- c:\windows\system32\dllcache\msmpu401.sys
2009-02-08 16:10 58,368 a------- c:\windows\system32\dllcache\m3091dc.dll
2009-02-08 16:09 6,144 a------- c:\windows\system32\dllcache\kbd106.dll
2009-02-08 16:08 20,480 a------- c:\windows\system32\dllcache\icam5ext.dll
2009-02-08 16:07 57,471 a------- c:\windows\system32\dllcache\hsf_samp.sys
2009-02-08 16:06 20,352 a------- c:\windows\system32\dllcache\hidbatt.sys
2009-02-08 16:05 27,165 a------- c:\windows\system32\dllcache\fetnd5.sys
2009-02-08 16:04 18,503 a------- c:\windows\system32\dllcache\epro4.sys
2009-02-08 16:03 29,696 a------- c:\windows\system32\dllcache\dm9pci5.sys
2009-02-08 16:02 117,760 a------- c:\windows\system32\dllcache\d100ib5.sys
2009-02-08 16:01 1,677,824 a------- c:\windows\system32\dllcache\chsbrkr.dll
2009-02-08 16:00 12,160 a------- c:\windows\system32\dllcache\brfiltlo.sys
2009-02-08 15:58 66,048 a------- c:\windows\system32\dllcache\s3legacy.dll
2009-02-07 16:30 <DIR> --d----- c:\docume~1\m\applic~1\Malwarebytes
2009-02-07 16:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-07 14:42 <DIR> --d----- c:\docume~1\m\applic~1\WinBatch
2009-02-07 12:38 <DIR> --d----- c:\program files\Spyware Doctor
2009-02-06 08:22 36,559 a--sh--- c:\windows\system32\GOWvDcdd.ini2
2009-02-06 08:22 36,559 a--sh--- c:\windows\system32\GOWvDcdd.ini
2009-02-05 11:09 <DIR> --d----- c:\documents and settings\m\.drdivx2
2009-02-02 08:30 128,840 a------- c:\windows\system32\Metacafe.scr

==================== Find3M ====================

2009-03-03 09:16 2,204 a------- c:\docume~1\m\applic~1\wklnhst.dat
2009-03-01 13:35 143,360 a--sh--- c:\windows\system32\lapolude.dll
2009-02-24 08:35 499,712 a------- c:\windows\system32\msvcp71.dll
2009-02-24 08:35 348,160 a------- c:\windows\system32\msvcr71.dll
2009-01-16 21:35 3,594,752 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-19 04:10 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 04:10 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 00:25 634,024 a------- c:\windows\system32\dllcache\iexplore.exe
2008-12-19 00:23 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2008-12-13 12:17 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-11 05:57 333,952 -------- c:\windows\system32\dllcache\srv.sys

============= FINISH: 10:03:29.43 ===============

Attached Files



#4 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:54 PM

Posted 03 March 2009 - 10:35 AM

Hi


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix


Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  • Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds.txt log.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#5 mc2009

mc2009
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:54 PM

Posted 03 March 2009 - 02:42 PM

"M" - 2009-03-03 14:02:25 Service Pack 3
ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\M\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


"C:\WINDOWS\system32\pthreadVC.dll"
"C:\WINDOWS\system32\drivers\npf.sys"


((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_NPF
-------\NPF


((((((((((((((((((((((((((((((( Files Created from 2009-02-03 to 2009-03-03 ))))))))))))))))))))))))))))))))))


2009-03-03 06:23 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2009-03-03 06:23 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2009-02-27 09:14 <DIR> d-------- C:\Y.D.T
2009-02-27 08:05 297 --a------ C:\WINDOWS\system32\Infob.dat
2009-02-27 08:05 0 --a------ C:\WINDOWS\system32\Infoa.dat
2009-02-27 07:59 355 --a------ C:\WINDOWS\system32\treeinfo.dat
2009-02-27 07:55 88,704 --a------ C:\WINDOWS\system32\Packet.dll
2009-02-27 07:55 68,224 --a------ C:\WINDOWS\system32\WanPacket.dll
2009-02-27 07:55 240,240 --a------ C:\WINDOWS\system32\wpcap.dll
2009-02-27 07:55 <DIR> d-------- C:\Program Files\E.M. Youtube Video Download Tool
2009-02-27 06:57 <DIR> d-------- C:\Program Files\Smart FLV Converter Pro
2009-02-24 08:36 <DIR> d-------- C:\Program Files\Common Files\xing shared
2009-02-21 06:39 7 --a------ C:\WINDOWS\system32\mkghj.dll
2009-02-21 06:33 91,376 --a------ C:\WINDOWS\system32\isafprod.dll
2009-02-21 06:33 880,560 --a------ C:\WINDOWS\system32\drivers\vetefile.sys
2009-02-21 06:33 32,240 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
2009-02-21 06:33 26,352 --a------ C:\WINDOWS\system32\drivers\vet-filt.sys
2009-02-21 06:33 21,488 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys
2009-02-21 06:33 21,104 --a------ C:\WINDOWS\system32\drivers\vet-rec.sys
2009-02-21 06:33 108,368 --a------ C:\WINDOWS\system32\drivers\veteboot.sys
2009-02-21 06:32 823,296 --a------ C:\WINDOWS\system32\svcprs32.exe
2009-02-21 06:32 7,440 --a------ C:\WINDOWS\system32\sporder.dll
2009-02-21 06:32 2,732,032 --a------ C:\WINDOWS\system32\win32cpr.dll
2009-02-21 06:32 1,830,912 --a------ C:\WINDOWS\system32\winsflte.dll
2009-02-21 06:32 1,564,771 --a------ C:\WINDOWS\system32\winsflt.dll
2009-02-21 06:32 1,212,416 --a------ C:\WINDOWS\system32\mdmcls32.exe
2009-02-16 11:16 <DIR> d-------- C:\WINDOWS\ERUNT
2009-02-12 14:05 <DIR> d-------- C:\Documents and Settings\M\DoctorWeb
2009-02-12 14:05 <DIR> d-------- C:\DOCUME~1\M\DoctorWeb
2009-02-12 00:23 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\SUPERAntiSpyware.com
2009-02-11 13:39 <DIR> d-------- C:\DOCUME~1\M\APPLIC~1\SUPERAntiSpyware.com
2009-02-09 15:33 <DIR> d-------- C:\DOCUME~1\M\APPLIC~1\HPQ
2009-02-09 12:26 <DIR> d-------- C:\Program Files\FLV Player
2009-02-09 09:10 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Malwarebytes
2009-02-09 05:32 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-08 17:28 6,029,312 --a------ C:\Documents and Settings\M\ntuser.dat
2009-02-08 17:28 6,029,312 --a------ C:\DOCUME~1\M\ntuser.dat
2009-02-08 17:27 39,265 --ahs---- C:\WINDOWS\system32\ehiOnnpo.ini2
2009-02-07 16:30 <DIR> d-------- C:\DOCUME~1\M\APPLIC~1\Malwarebytes
2009-02-07 16:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
2009-02-07 14:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP Product Assistant
2009-02-07 14:42 <DIR> d-------- C:\DOCUME~1\M\APPLIC~1\WinBatch
2009-02-07 12:38 <DIR> d-------- C:\Program Files\Spyware Doctor
2009-02-06 08:22 36,559 --ahs---- C:\WINDOWS\system32\GOWvDcdd.ini2
2009-02-05 11:09 <DIR> d-------- C:\Documents and Settings\M\.drdivx2
2009-02-05 11:09 <DIR> d-------- C:\DOCUME~1\M\.drdivx2


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2009-03-03 19:17:12 -------- d-----w C:\DOCUME~1\M\APPLIC~1\Orbit
2009-03-03 19:14:25 -------- d-----w C:\Program Files\Common Files\Akamai
2009-03-03 19:12:25 -------- d-----w C:\DOCUME~1\M\APPLIC~1\Metacafe
2009-03-03 19:05:31 -------- d-----w C:\DOCUME~1\M\APPLIC~1\CallingID
2009-03-03 18:59:16 -------- d-----w C:\Program Files\Orbitdownloader
2009-03-03 16:59:42 2,204 ----a-w C:\DOCUME~1\M\APPLIC~1\wklnhst.dat
2009-03-01 18:35:09 143,360 --sha-w C:\WINDOWS\system32\lapolude.dll
2009-02-27 23:35:22 -------- d-----w C:\Program Files\MediaCoder
2009-02-24 16:26:26 -------- d-----w C:\Program Files\CinemaForge
2009-02-24 13:35:51 -------- d-----w C:\Program Files\Common Files\Real
2009-02-24 13:35:24 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2009-02-24 13:35:24 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2009-02-12 05:23:07 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2009-02-09 15:34:48 -------- d-----w C:\Program Files\Metacafe
2009-02-07 19:49:09 -------- d-----w C:\Program Files\Hewlett-Packard
2009-02-05 16:09:25 -------- d-----w C:\Program Files\DivX
2009-02-02 13:30:32 128,840 ----a-w C:\WINDOWS\system32\Metacafe.scr
2009-01-10 04:48:30 -------- d--h--w C:\Program Files\GMBD
2009-01-08 03:26:26 -------- d-----w C:\Program Files\Google
2009-01-05 19:08:32 -------- d-----w C:\DOCUME~1\M\APPLIC~1\InterVideo
2009-01-04 21:02:21 -------- d-----w C:\Program Files\GetRight
2008-12-13 17:17:58 410,984 ----a-w C:\WINDOWS\system32\deploytk.dll
2006-09-15 22:18:06 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
1601-01-01 00:12:31 70,656 --sha-w C:\WINDOWS\system32\zayitigi.dll
1601-01-01 00:12:31 70,656 --sha-w C:\WINDOWS\system32\noguyiyu.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{000123B4-9B42-4900-B3F7-F4B073EFC214}=C:\Program Files\Orbitdownloader\orbitcth.dll [2009-02-27 10:01]
{02478D38-C3F9-4efb-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [2007-10-19 16:56]
{3049C3E9-B461-4BC5-8870-4C09146192CA}=C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-02-24 08:35]
{31FF080D-12A3-439A-A2EF-4BA95A3148E8}=C:\Program Files\GetRight\xx2gr.dll [2007-07-18 16:54]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-13 12:17]
{A057A204-BACC-4D26-CEC4-75A487FD6484}=C:\PROGRA~1\mypoints\mypoints.dll [2008-10-29 20:47]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-07 21:07]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-01-07 22:26]
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}=C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-01-07 21:07]
{DBC80044-A445-435b-BC74-9C25C1C588A9}=C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-13 12:17]
{E7E6F031-17CE-4C07-BC86-EABFE594F69C}=C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-13 12:17]
{FBF2401B-7447-4727-BE5D-C19B2075CA84}=C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll [2008-07-23 09:21]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCDrProfiler"="" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-06 14:09]
"QOELOADER"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe" [2008-05-11 15:00]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2008-08-30 15:14]
"cafw"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-08-28 10:52]
"capfasem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-08-28 10:52]
"capfupgrade"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-08-28 10:52]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2009-02-24 08:35]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:12]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-20 17:45]
"rundll32.exe"="C:\Documents and Settings\M\Application Data\Macromedia\Common\3293c05a1.dll" [2009-03-02 13:32]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"rundll32.exe"=rundll32.exe "C:\Documents and Settings\NetworkService\Application Data\Macromedia\Common\3293c05a1.dll""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"=1 (0x1)
"HonorAutoRunSetting"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}"="C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\CIDLinkAdvisor.dll" [2008-07-23 09:31]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
UmxWnp.Dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages msv1_0 C:\WINDOWS\system32\opnnOihe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\ati0tbxx.sys]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai Akamai
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*
napagent


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae8a9c04-8281-11da-9582-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae8a9c08-8281-11da-9582-0013d4311d62}]
AutoRun\command- F:\~tmp0.1st.exe


Contents of the 'Scheduled Tasks' folder
2009-02-27 19:52:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2009-02-21 11:33:50 C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as HP_Administrator at 6 33 AM.job
2007-06-17 17:45:39 C:\WINDOWS\tasks\RegClean Scheduled Scan.job

********************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-03 14:15:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\JavaQuickStarterService]
"ImagePath"="\"C:\Program Files\Java\jre6\bin\jqs.exe\" -service -config \"C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf\""

Completion time: 2009-03-03 14:20:34 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2009-03-03 14:20

--- E O F ---

And Here's the DDS log:

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\svcprs32.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Metacafe\MetacafeAgent.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\GetRight\GetRight.exe
C:\WINDOWS\system32\mdmcls32.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CAGlobal.exe
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Light\CAGlobalLight.exe
C:\Downloads\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.optimum.net/Home
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mStart Page = about:blank
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: NoExplorer - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: IE to GetRight Helper: {31ff080d-12a3-439a-a2ef-4ba95a3148e8} - c:\program files\getright\xx2gr.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: MYPOINTS: {a057a204-bacc-4d26-cec4-75a487fd6484} - c:\progra~1\mypoints\mypoints.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: CA Toolbar Helper: {fbf2401b-7447-4727-be5d-c19b2075ca84} - c:\program files\ca\ca internet security suite\ca website inspector\toolbar\CallingIDIE.dll
TB: CA Toolbar: {10134636-e7af-4ac5-a1dc-c7c44bb97d81} - c:\program files\ca\ca internet security suite\ca website inspector\toolbar\CallingIDIE.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: MYPOINTS: {a057a204-bacc-4d26-cec4-75a487fd6484} - c:\progra~1\mypoints\mypoints.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {2D2DE234-AB9F-4345-9D17-94FA78BA37E3} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [rundll32.exe] rundll32.exe "c:\documents and settings\m\application data\macromedia\common\3293c05a1.dll""
mRun: [PCDrProfiler]
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [QOELOADER] "c:\program files\ca\ca internet security suite\ca anti-spam\qsp-6.0.1.33\QOELoader.exe"
mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"
mRun: [cafw] c:\program files\ca\ca internet security suite\ca personal firewall\cafw.exe -cl
mRun: [capfasem] c:\program files\ca\ca internet security suite\ca personal firewall\capfasem.exe
mRun: [capfupgrade] c:\program files\ca\ca internet security suite\ca personal firewall\capfupgrade.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
dRun: [rundll32.exe] rundll32.exe "c:\documents and settings\networkservice\application data\macromedia\common\3293c05a1.dll""
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\metacafe.lnk - c:\program files\metacafe\MetacafeAgent.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\orbit.lnk - c:\program files\orbitdownloader\orbitdm.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\startg~1.lnk - c:\program files\getright\GetRight.exe
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: Download All Files by HiDownload - c:\program files\streamingstar\hidownload\HDGetAll.htm
IE: Download by HiDownload - c:\program files\streamingstar\hidownload\HDGet.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
LSP: c:\windows\system32\winsflt.dll
LSP: c:\windows\system32\VetRedir.dll
Trusted Zone: trymedia.com
DPF: {5E92F538-B50B-46C5-9C5F-C6EECED3F6C6} - hxxp://www.infospace.com/mypoints.main/tbar/mypointsSetup.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: PFW - UmxWnp.Dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: ShellHook Class: {1869181a-9f50-4fcf-8bff-1b8588ecb85c} - c:\program files\ca\ca internet security suite\ca website inspector\linkadvisor\CIDLinkAdvisor.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\opnnOihe

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\m\applic~1\mozilla\firefox\profiles\bsc1y8h9.default\
FF - prefs.js: browser.search.selectedEngine - Orbit Search (Powered By Google)
FF - component: c:\program files\ca\ca internet security suite\ca website inspector\linkadvisor\firefox\components\CallingIDLinkAdvisorGecko.dll
FF - component: c:\program files\ca\ca internet security suite\ca website inspector\toolbar\firefox\components\CIDDomFx3.dll
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\m\application data\mozilla\firefox\profiles\bsc1y8h9.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\windows\system32\npmirage.dll

============= SERVICES / DRIVERS ===============

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2008-6-24 93712]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2008-6-24 63504]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2008-6-24 45584]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2008-6-24 115216]
R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2009-2-21 26352]
R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2009-2-21 21104]
R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\vetefile.sys [2009-2-21 880560]
R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\vetfddnt.sys [2009-2-21 21488]
R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2009-2-21 32240]
R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2007-7-6 561152]
R2 Akamai;Akamai;c:\windows\system32\svchost.exe -k Akamai [2006-2-15 14336]
R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus\isafe.exe [2008-1-26 144696]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2008-6-24 134648]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2008-6-24 66576]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2007-10-18 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2007-10-18 801296]
R2 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2008-6-24 281104]
R2 VETMSGNT;VET Message Service;c:\program files\ca\ca internet security suite\ca anti-virus\vetmsg.exe [2008-1-26 255216]
R2 WinSvchostManager;WinSock Svchost Manager;c:\windows\system32\svcprs32.exe [2009-2-21 823296]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2008-6-24 88816]
R3 PPCtlPriv;PPCtlPriv;c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [2008-1-26 185584]
R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\veteboot.sys [2009-2-21 108368]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;c:\windows\system32\drivers\NSDriver.sys [2007-6-4 9344]

=============== Created Last 30 ================

2009-03-03 14:20 428,032 a------- c:\windows\system32\swreg.exe
2009-03-03 14:20 87,040 a------- c:\windows\catchme.exe
2009-03-03 14:20 49,152 a------- c:\windows\system32\vfind.exe
2009-03-03 14:20 212,480 a------- c:\windows\system32\swxcacls.exe
2009-03-03 14:20 38,400 a------- c:\windows\system32\moveex.exe
2009-03-03 06:23 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-03 06:23 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-01 13:35 1,665,505 ---sh--- c:\windows\system32\iziteref.ini
2009-02-27 09:14 <DIR> --d----- C:\Y.D.T
2009-02-27 08:05 297 a------- c:\windows\system32\Infob.dat
2009-02-27 08:05 0 a------- c:\windows\system32\Infoa.dat
2009-02-27 07:59 355 a------- c:\windows\system32\treeinfo.dat
2009-02-27 07:55 240,240 a------- c:\windows\system32\wpcap.dll
2009-02-27 07:55 88,704 a------- c:\windows\system32\Packet.dll
2009-02-27 07:55 68,224 a------- c:\windows\system32\WanPacket.dll
2009-02-27 07:55 <DIR> --d----- c:\program files\E.M. Youtube Video Download Tool
2009-02-27 06:57 <DIR> --d----- c:\program files\Smart FLV Converter Pro
2009-02-24 08:36 <DIR> --d----- c:\program files\common files\xing shared
2009-02-21 06:39 7 a------- c:\windows\system32\mkghj.dll
2009-02-21 06:37 296,434 a------- c:\windows\system32\drivers\kmxcfg.u2k0
2009-02-21 06:37 64 a------- c:\windows\system32\drivers\kmxcfg.u2k7
2009-02-21 06:37 64 a------- c:\windows\system32\drivers\kmxcfg.u2k6
2009-02-21 06:37 64 a------- c:\windows\system32\drivers\kmxcfg.u2k5
2009-02-21 06:37 64 a------- c:\windows\system32\drivers\kmxcfg.u2k4
2009-02-21 06:37 64 a------- c:\windows\system32\drivers\kmxcfg.u2k3
2009-02-21 06:37 64 a------- c:\windows\system32\drivers\kmxcfg.u2k2
2009-02-21 06:37 64 a------- c:\windows\system32\drivers\kmxcfg.u2k1
2009-02-21 06:33 880,560 a------- c:\windows\system32\drivers\vetefile.sys
2009-02-21 06:33 108,368 a------- c:\windows\system32\drivers\veteboot.sys
2009-02-21 06:33 91,376 a------- c:\windows\system32\isafprod.dll
2009-02-21 06:33 32,240 a------- c:\windows\system32\drivers\vetmonnt.sys
2009-02-21 06:33 26,352 a------- c:\windows\system32\drivers\vet-filt.sys
2009-02-21 06:33 21,488 a------- c:\windows\system32\drivers\vetfddnt.sys
2009-02-21 06:33 21,104 a------- c:\windows\system32\drivers\vet-rec.sys
2009-02-21 06:32 2,732,032 a------- c:\windows\system32\win32cpr.dll
2009-02-21 06:32 823,296 a------- c:\windows\system32\svcprs32.exe
2009-02-21 06:32 1,564,771 a------- c:\windows\system32\winsflt.dll
2009-02-21 06:32 1,212,416 a------- c:\windows\system32\mdmcls32.exe
2009-02-21 06:32 1,830,912 a------- c:\windows\system32\winsflte.dll
2009-02-21 06:32 7,440 a------- c:\windows\system32\sporder.dll
2009-02-16 11:23 578,560 a------- c:\windows\system32\dllcache\user32.dll
2009-02-16 11:16 <DIR> --d----- c:\windows\ERUNT
2009-02-16 09:18 <DIR> --d----- C:\SDFix
2009-02-12 14:05 <DIR> --d----- c:\documents and settings\m\DoctorWeb
2009-02-11 13:39 <DIR> --d----- c:\docume~1\m\applic~1\SUPERAntiSpyware.com
2009-02-09 15:33 <DIR> --d----- c:\docume~1\m\applic~1\HPQ
2009-02-09 05:37 1,559,995 ---sh--- c:\windows\system32\eljsykmk.ini
2009-02-09 05:32 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-08 17:27 39,265 a--sh--- c:\windows\system32\ehiOnnpo.ini2
2009-02-08 17:27 39,265 a--sh--- c:\windows\system32\ehiOnnpo.ini
2009-02-08 16:20 24,660 a------- c:\windows\system32\dllcache\spxupchk.dll
2009-02-08 16:20 61,824 a------- c:\windows\system32\dllcache\speed.sys
2009-02-08 16:20 106,584 a------- c:\windows\system32\dllcache\spdports.dll
2009-02-08 16:20 19,072 a------- c:\windows\system32\dllcache\sparrow.sys
2009-02-08 16:20 7,552 a------- c:\windows\system32\dllcache\sonypvu1.sys
2009-02-08 16:18 91,294 a------- c:\windows\system32\dllcache\skfpwin.sys
2009-02-08 16:17 11,648 a------- c:\windows\system32\dllcache\scsiprnt.sys
2009-02-08 16:16 79,872 a------- c:\windows\system32\dllcache\rwia430.dll
2009-02-08 16:15 33,152 a------- c:\windows\system32\dllcache\ql10wnt.sys
2009-02-08 16:14 27,904 a------- c:\windows\system32\dllcache\perm2.sys
2009-02-08 16:13 54,186 a------- c:\windows\system32\dllcache\otcsercb.sys
2009-02-08 16:12 39,264 a------- c:\windows\system32\dllcache\neo20xx.sys
2009-02-08 16:11 2,944 a------- c:\windows\system32\dllcache\msmpu401.sys
2009-02-08 16:10 58,368 a------- c:\windows\system32\dllcache\m3091dc.dll
2009-02-08 16:09 6,144 a------- c:\windows\system32\dllcache\kbd106.dll
2009-02-08 16:08 20,480 a------- c:\windows\system32\dllcache\icam5ext.dll
2009-02-08 16:07 57,471 a------- c:\windows\system32\dllcache\hsf_samp.sys
2009-02-08 16:06 20,352 a------- c:\windows\system32\dllcache\hidbatt.sys
2009-02-08 16:05 27,165 a------- c:\windows\system32\dllcache\fetnd5.sys
2009-02-08 16:04 18,503 a------- c:\windows\system32\dllcache\epro4.sys
2009-02-08 16:03 29,696 a------- c:\windows\system32\dllcache\dm9pci5.sys
2009-02-08 16:02 117,760 a------- c:\windows\system32\dllcache\d100ib5.sys
2009-02-08 16:01 1,677,824 a------- c:\windows\system32\dllcache\chsbrkr.dll
2009-02-08 16:00 12,160 a------- c:\windows\system32\dllcache\brfiltlo.sys
2009-02-08 15:58 66,048 a------- c:\windows\system32\dllcache\s3legacy.dll
2009-02-07 16:30 <DIR> --d----- c:\docume~1\m\applic~1\Malwarebytes
2009-02-07 16:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-07 14:42 <DIR> --d----- c:\docume~1\m\applic~1\WinBatch
2009-02-07 12:38 <DIR> --d----- c:\program files\Spyware Doctor
2009-02-06 08:22 36,559 a--sh--- c:\windows\system32\GOWvDcdd.ini2
2009-02-06 08:22 36,559 a--sh--- c:\windows\system32\GOWvDcdd.ini
2009-02-05 11:09 <DIR> --d----- c:\documents and settings\m\.drdivx2
2009-02-02 08:30 128,840 a------- c:\windows\system32\Metacafe.scr

==================== Find3M ====================

2009-03-03 11:59 2,204 a------- c:\docume~1\m\applic~1\wklnhst.dat
2009-03-01 13:35 143,360 a--sh--- c:\windows\system32\lapolude.dll
2009-02-24 08:35 499,712 a------- c:\windows\system32\msvcp71.dll
2009-02-24 08:35 348,160 a------- c:\windows\system32\msvcr71.dll
2009-01-16 21:35 3,594,752 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-19 04:10 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 04:10 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 00:25 634,024 a------- c:\windows\system32\dllcache\iexplore.exe
2008-12-19 00:23 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2008-12-13 12:17 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-11 05:57 333,952 -------- c:\windows\system32\dllcache\srv.sys

============= FINISH: 14:34:15.29 ===============

#6 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:54 PM

Posted 03 March 2009 - 03:26 PM

Hi

I'm not sure where you got that old ComboFix version. Please delete it and get a fresh one by following instructions in my previous post :thumbup2:

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#7 mc2009

mc2009
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:54 PM

Posted 04 March 2009 - 12:00 AM

I did follow your instructions, but I couldn't get ComboFix from any of those links. CA Anti-Virus kept coming up and saying that ComboFix.exe was infected, so then CA deleted it each time I tried to download it. So I went to another website and downloaded it there instead. I have deleted it. Should I disable Anti-Virus and try to download ComboFix here again or is there some other way?

#8 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:54 PM

Posted 04 March 2009 - 11:28 AM

Hi

Yes, following was stated in my instructions:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.


Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#9 mc2009

mc2009
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:54 PM

Posted 04 March 2009 - 02:48 PM

I had disabled it, but that wasn't until after I downloaded ComboFix. I downloaded the right one this time and here's what came up:

Running from: c:\downloads\ComboFix.exe
AV: CA Anti-Virus *On-access scanning disabled* (Updated)
FW: CA Personal Firewall *enabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ehiOnnpo.ini
c:\windows\system32\ehiOnnpo.ini2
c:\windows\system32\eljsykmk.ini
c:\windows\system32\GOWvDcdd.ini
c:\windows\system32\GOWvDcdd.ini2
c:\windows\system32\iziteref.ini
c:\windows\system32\lapolude.dll
c:\windows\system32\noguyiyu.dll
c:\windows\system32\Packet.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
c:\windows\system32\zayitigi.dll
.
---- Previous Run -------
.
c:\program files\MW
c:\windows\IE4 Error Log.txt
c:\windows\system32\config\systemprofile\Application Data\Macromedia\Common
c:\windows\system32\config\systemprofile\Application Data\Macromedia\Common\3293c05a1.dll
c:\windows\system32\mkghj.dll
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-02-04 to 2009-03-04 )))))))))))))))))))))))))))))))
.

2009-03-03 14:20 . 2005-11-09 00:26 38,400 --a------ c:\windows\system32\moveex.exe
2009-03-03 06:23 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-03 06:23 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-27 09:14 . 2009-02-27 09:14 <DIR> d-------- C:\Y.D.T
2009-02-27 08:05 . 2009-02-27 08:20 297 --a------ c:\windows\system32\Infob.dat
2009-02-27 08:05 . 2009-02-27 08:20 0 --a------ c:\windows\system32\Infoa.dat
2009-02-27 07:59 . 2009-02-27 08:14 355 --a------ c:\windows\system32\treeinfo.dat
2009-02-27 07:55 . 2009-02-27 09:14 <DIR> d-------- c:\program files\E.M. Youtube Video Download Tool
2009-02-27 06:57 . 2009-02-27 06:57 <DIR> d-------- c:\program files\Smart FLV Converter Pro
2009-02-24 08:36 . 2009-02-24 08:36 <DIR> d-------- c:\program files\Common Files\xing shared
2009-02-21 06:37 . 2009-03-04 02:17 300,674 --a------ c:\windows\system32\drivers\kmxcfg.u2k0
2009-02-21 06:37 . 2009-03-04 02:17 64 --a------ c:\windows\system32\drivers\kmxcfg.u2k7
2009-02-21 06:37 . 2009-03-04 02:17 64 --a------ c:\windows\system32\drivers\kmxcfg.u2k6
2009-02-21 06:37 . 2009-03-04 02:17 64 --a------ c:\windows\system32\drivers\kmxcfg.u2k5
2009-02-21 06:37 . 2009-03-04 02:17 64 --a------ c:\windows\system32\drivers\kmxcfg.u2k4
2009-02-21 06:37 . 2009-03-04 02:17 64 --a------ c:\windows\system32\drivers\kmxcfg.u2k3
2009-02-21 06:37 . 2009-03-04 02:17 64 --a------ c:\windows\system32\drivers\kmxcfg.u2k2
2009-02-21 06:37 . 2009-03-04 02:17 64 --a------ c:\windows\system32\drivers\kmxcfg.u2k1
2009-02-21 06:33 . 2009-02-21 06:35 880,560 --a------ c:\windows\system32\drivers\vetefile.sys
2009-02-21 06:33 . 2009-02-21 06:35 108,368 --a------ c:\windows\system32\drivers\veteboot.sys
2009-02-21 06:33 . 2008-08-30 15:14 91,376 --a------ c:\windows\system32\isafprod.dll
2009-02-21 06:33 . 2008-08-30 15:14 32,240 --a------ c:\windows\system32\drivers\vetmonnt.sys
2009-02-21 06:33 . 2008-08-30 15:14 26,352 --a------ c:\windows\system32\drivers\vet-filt.sys
2009-02-21 06:33 . 2008-08-30 15:14 21,488 --a------ c:\windows\system32\drivers\vetfddnt.sys
2009-02-21 06:33 . 2008-08-30 15:14 21,104 --a------ c:\windows\system32\drivers\vet-rec.sys
2009-02-21 06:32 . 2009-02-21 06:32 2,732,032 --a------ c:\windows\system32\win32cpr.dll
2009-02-21 06:32 . 2007-11-14 12:26 1,830,912 --a------ c:\windows\system32\winsflte.dll
2009-02-21 06:32 . 2009-02-21 06:32 1,564,771 --a------ c:\windows\system32\winsflt.dll
2009-02-21 06:32 . 2007-11-14 12:34 1,212,416 --a------ c:\windows\system32\mdmcls32.exe
2009-02-21 06:32 . 2007-11-14 12:35 823,296 --a------ c:\windows\system32\svcprs32.exe
2009-02-21 06:32 . 2002-01-01 13:02 7,440 --a------ c:\windows\system32\sporder.dll
2009-02-17 15:39 . 2009-02-17 15:39 128,840 --a------ c:\windows\system32\Metacafe.scr
2009-02-16 11:23 . 2009-02-16 11:23 578,560 --a------ c:\windows\system32\dllcache\user32.dll
2009-02-16 11:16 . 2009-02-16 11:17 <DIR> d-------- c:\windows\ERUNT
2009-02-16 09:18 . 2009-02-16 11:49 <DIR> d-------- C:\SDFix
2009-02-12 14:05 . 2009-02-12 15:37 <DIR> d-------- c:\documents and settings\M\DoctorWeb
2009-02-12 00:23 . 2009-02-12 00:23 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
2009-02-11 13:39 . 2009-02-11 13:39 <DIR> d-------- c:\documents and settings\M\Application Data\SUPERAntiSpyware.com
2009-02-09 15:33 . 2009-02-09 15:33 <DIR> d-------- c:\documents and settings\M\Application Data\HPQ
2009-02-09 12:26 . 2009-02-09 12:26 <DIR> d-------- c:\program files\FLV Player
2009-02-09 09:10 . 2009-02-09 09:10 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2009-02-09 05:32 . 2009-03-03 06:24 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-08 16:20 . 2001-08-17 22:36 106,584 --a------ c:\windows\system32\dllcache\spdports.dll
2009-02-08 16:20 . 2001-08-17 13:51 61,824 --a------ c:\windows\system32\dllcache\speed.sys
2009-02-08 16:20 . 2001-08-17 22:36 24,660 --a------ c:\windows\system32\dllcache\spxupchk.dll
2009-02-08 16:20 . 2001-08-17 14:07 19,072 --a------ c:\windows\system32\dllcache\sparrow.sys
2009-02-08 16:20 . 2001-08-17 13:56 7,552 --a------ c:\windows\system32\dllcache\sonypvu1.sys
2009-02-08 16:18 . 2001-08-17 22:36 386,560 --a------ c:\windows\system32\dllcache\sgiul50.dll
2009-02-08 16:17 . 2001-08-17 22:36 495,616 --a------ c:\windows\system32\dllcache\sblfx.dll
2009-02-08 16:16 . 2001-08-17 13:28 899,146 --a------ c:\windows\system32\dllcache\r2mdkxga.sys
2009-02-08 16:15 . 2008-04-13 20:10 259,328 --a------ c:\windows\system32\dllcache\perm3dd.dll
2009-02-08 16:14 . 2001-08-17 14:05 351,616 --a------ c:\windows\system32\dllcache\ovcodek2.sys
2009-02-08 16:13 . 2001-08-17 12:50 198,144 --a------ c:\windows\system32\dllcache\nv3.sys
2009-02-08 16:12 . 2004-08-10 00:00 229,439 --a------ c:\windows\system32\dllcache\multibox.dll
2009-02-08 16:11 . 2004-08-10 00:00 1,875,968 --a------ c:\windows\system32\dllcache\msir3jp.lex
2009-02-08 16:10 . 2004-08-10 00:00 1,158,818 --a------ c:\windows\system32\dllcache\korwbrkr.lex
2009-02-08 16:09 . 2004-08-10 00:00 471,102 --a------ c:\windows\system32\dllcache\imskdic.dll
2009-02-08 16:08 . 2004-08-10 00:00 10,129,408 --a------ c:\windows\system32\dllcache\hwxkor.dll
2009-02-08 16:07 . 2001-08-17 13:28 542,879 --a------ c:\windows\system32\dllcache\hsf_msft.sys
2009-02-08 16:06 . 2001-08-17 14:56 1,733,120 --a------ c:\windows\system32\dllcache\g400d.dll
2009-02-08 16:05 . 2001-08-17 12:17 629,952 --a------ c:\windows\system32\dllcache\eqn.sys
2009-02-08 16:04 . 2001-08-17 13:28 634,134 --a------ c:\windows\system32\dllcache\el656ct5.sys
2009-02-08 16:03 . 2001-08-17 12:14 952,007 --a------ c:\windows\system32\dllcache\diwan.sys
2009-02-08 16:02 . 2001-08-17 12:13 980,034 --a------ c:\windows\system32\dllcache\cicap.sys
2009-02-08 16:01 . 2004-08-10 00:00 1,677,824 --a------ c:\windows\system32\dllcache\chsbrkr.dll
2009-02-08 16:00 . 2001-08-17 13:28 871,388 --a------ c:\windows\system32\dllcache\bcmdm.sys
2009-02-08 15:58 . 2001-08-17 14:56 66,048 --a------ c:\windows\system32\dllcache\s3legacy.dll
2009-02-07 16:30 . 2009-02-07 16:30 <DIR> d-------- c:\documents and settings\M\Application Data\Malwarebytes
2009-02-07 16:30 . 2009-02-07 16:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-07 14:48 . 2009-02-07 14:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-02-07 14:42 . 2009-02-07 14:42 <DIR> d-------- c:\documents and settings\M\Application Data\WinBatch
2009-02-07 12:38 . 2009-02-07 13:32 <DIR> d-------- c:\program files\Spyware Doctor
2009-02-05 11:09 . 2009-02-05 11:09 <DIR> d-------- c:\documents and settings\M\.drdivx2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-04 07:19 --------- d-----w c:\documents and settings\M\Application Data\Orbit
2009-03-04 07:18 --------- d-----w c:\program files\Common Files\Akamai
2009-03-04 07:16 --------- d-----w c:\documents and settings\M\Application Data\Metacafe
2009-03-04 07:16 --------- d-----w c:\documents and settings\All Users\Application Data\Metacafe
2009-03-04 07:09 --------- d-----w c:\program files\Orbitdownloader
2009-03-04 03:06 2,204 ----a-w c:\documents and settings\M\Application Data\wklnhst.dat
2009-03-04 03:05 --------- d-----w c:\program files\Metacafe
2009-03-04 02:03 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\Orbit
2009-03-03 19:28 --------- d-----w c:\documents and settings\M\Application Data\CallingID
2009-03-03 02:25 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\CallingID
2009-02-27 23:35 --------- d-----w c:\program files\MediaCoder
2009-02-24 16:26 --------- d-----w c:\program files\CinemaForge
2009-02-24 13:35 --------- d-----w c:\program files\Common Files\Real
2009-02-21 11:26 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\GetRightToGo
2009-02-12 05:23 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-09 19:20 1,206 ----a-w c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
2009-02-07 19:49 --------- d-----w c:\program files\Hewlett-Packard
2009-02-07 18:32 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-07 11:31 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\MYPOINTS
2009-02-05 16:09 --------- d-----w c:\program files\DivX
2009-01-10 04:48 --------- d--h--w c:\program files\GMBD
2009-01-08 03:26 --------- d-----w c:\program files\Google
2009-01-05 19:08 --------- d-----w c:\documents and settings\M\Application Data\InterVideo
2009-01-04 21:02 --------- d-----w c:\program files\GetRight
2006-09-15 22:18 22 --sha-w c:\windows\SMINST\HPCD.sys
2008-11-25 03:18 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008111720081124\index.dat
2008-12-01 11:00 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008112420081201\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-CEC4-75A487FD6484}]
2008-10-29 20:47 1909248 --a------ c:\progra~1\mypoints\mypoints.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-CEC4-75A487FD6484}"= "c:\progra~1\mypoints\mypoints.dll" [2008-10-29 1909248]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-cec4-75a487fd6484}]
[HKEY_CLASSES_ROOT\mypoints.MYPOINTS]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A057A204-BACC-4D26-CEC4-75A487FD6484}"= "c:\progra~1\mypoints\mypoints.dll" [2008-10-29 1909248]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-cec4-75a487fd6484}]
[HKEY_CLASSES_ROOT\mypoints.MYPOINTS]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-20 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe" [2008-05-11 14088]
"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2008-08-30 234736]
"cafw"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-08-28 771312]
"capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-08-28 173296]
"capfupgrade"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-08-28 259312]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-24 198160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Metacafe.lnk - c:\program files\Metacafe\MetacafeAgent.exe [2009-02-17 145736]
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2008-05-11 1719496]
Start GetRight.lnk - c:\program files\GetRight\GetRight.exe [2006-09-30 4694296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}"= "c:\program files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\CIDLinkAdvisor.dll" [2008-07-23 1377720]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 12:30 79368 c:\windows\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.MV30"= c:\windows\system32\mv3.dll
"msacm.ac3filter"= ac3filter.acm
"vidc.VP31"= vp31vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2008-06-24 93712]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2008-06-24 63504]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2008-06-24 45584]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2008-06-24 115216]
R2 Akamai;Akamai;c:\windows\System32\svchost.exe -k Akamai [2006-02-15 14336]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2008-06-24 134648]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2008-06-24 66576]
R2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2007-10-18 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2007-10-18 801296]
R2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [2008-06-24 281104]
R2 WinSvchostManager;WinSock Svchost Manager;c:\windows\system32\svcprs32.exe [2009-02-21 823296]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2008-06-24 88816]
S3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2008-01-26 185584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae8a9c04-8281-11da-9582-806d6172696f}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae8a9c08-8281-11da-9582-0013d4311d62}]
\Shell\AutoRun\command - F:\~tmp0.1st.exe
.
Contents of the 'Scheduled Tasks' folder

2009-02-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe []

2009-02-21 c:\windows\Tasks\CAAntiSpywareScan_Daily as HP_Administrator at 6 33 AM.job
- c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\caantispyware.exe [2008-08-27 18:44]

2007-06-17 c:\windows\Tasks\RegClean Scheduled Scan.job
- c:\program files\RegClean\RegClean.exe []

2007-06-17 c:\windows\Tasks\RegClean Scheduled Scan.job
- c:\program files\RegClean []
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{2D2DE234-AB9F-4345-9D17-94FA78BA37E3} - (no file)
HKCU-Run-rundll32.exe - c:\documents and settings\M\Application Data\Macromedia\Common\3293c05a1.dll
HKLM-Run-PCDrProfiler - (no file)
SafeBoot-ati0tbxx.sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.optimum.net/Home
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mStart Page = about:blank
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Download All Files by HiDownload - c:\program files\StreamingStar\HiDownload\HDGetAll.htm
IE: Download by HiDownload - c:\program files\StreamingStar\HiDownload\HDGet.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\winsflt.dll
LSP: c:\windows\system32\VetRedir.dll
Trusted Zone: trymedia.com
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-04 02:18:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\Root\LEGACY_ATI0TBXX\0000\LogConf]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(616)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\UmxWnp.Dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll

- - - - - - - > 'lsass.exe'(672)
c:\windows\system32\winsflt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
c:\windows\system32\ati2evxx.exe
c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\arservice.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\spool\drivers\w32x86\3\HPZIPM12.EXE
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\program files\CA\CA Internet Security Suite\ccprovsp.exe
c:\windows\system32\rundll32.exe
c:\program files\Orbitdownloader\orbitnet.exe
c:\windows\system32\mdmcls32.exe
c:\program files\Metacafe\Metacafe.exe
.
**************************************************************************
.
Completion time: 2009-03-04 2:23:59 - machine was rebooted [M]
ComboFix-quarantined-files.txt 2009-03-04 07:23:56
ComboFix2.txt 2009-03-03 19:20:35

Pre-Run: 98,773,733,376 bytes free
Post-Run: 98,989,699,072 bytes free

302 --- E O F --- 2009-02-25 13:52:23

And here's the DDS log:

V: CA Anti-Virus *On-access scanning enabled* (Updated)
FW: CA Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\svcprs32.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Metacafe\MetacafeAgent.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\GetRight\GetRight.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\WINDOWS\system32\mdmcls32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CAGlobal.exe
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Light\CAGlobalLight.exe
C:\Program Files\CA\CA Internet Security Suite\ccupdate\CCUpdate.exe
C:\Downloads\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.optimum.net/Home
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mStart Page = about:blank
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: NoExplorer - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: IE to GetRight Helper: {31ff080d-12a3-439a-a2ef-4ba95a3148e8} - c:\program files\getright\xx2gr.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: MYPOINTS: {a057a204-bacc-4d26-cec4-75a487fd6484} - c:\progra~1\mypoints\mypoints.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: CA Toolbar Helper: {fbf2401b-7447-4727-be5d-c19b2075ca84} - c:\program files\ca\ca internet security suite\ca website inspector\toolbar\CallingIDIE.dll
TB: CA Toolbar: {10134636-e7af-4ac5-a1dc-c7c44bb97d81} - c:\program files\ca\ca internet security suite\ca website inspector\toolbar\CallingIDIE.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: MYPOINTS: {a057a204-bacc-4d26-cec4-75a487fd6484} - c:\progra~1\mypoints\mypoints.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [QOELOADER] "c:\program files\ca\ca internet security suite\ca anti-spam\qsp-6.0.1.33\QOELoader.exe"
mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"
mRun: [cafw] c:\program files\ca\ca internet security suite\ca personal firewall\cafw.exe -cl
mRun: [capfasem] c:\program files\ca\ca internet security suite\ca personal firewall\capfasem.exe
mRun: [capfupgrade] c:\program files\ca\ca internet security suite\ca personal firewall\capfupgrade.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\metacafe.lnk - c:\program files\metacafe\MetacafeAgent.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\orbit.lnk - c:\program files\orbitdownloader\orbitdm.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\startg~1.lnk - c:\program files\getright\GetRight.exe
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: Download All Files by HiDownload - c:\program files\streamingstar\hidownload\HDGetAll.htm
IE: Download by HiDownload - c:\program files\streamingstar\hidownload\HDGet.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
LSP: c:\windows\system32\winsflt.dll
LSP: c:\windows\system32\VetRedir.dll
Trusted Zone: trymedia.com
DPF: {5E92F538-B50B-46C5-9C5F-C6EECED3F6C6} - hxxp://www.infospace.com/mypoints.main/tbar/mypointsSetup.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: PFW - UmxWnp.Dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: ShellHook Class: {1869181a-9f50-4fcf-8bff-1b8588ecb85c} - c:\program files\ca\ca internet security suite\ca website inspector\linkadvisor\CIDLinkAdvisor.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\m\applic~1\mozilla\firefox\profiles\bsc1y8h9.default\
FF - prefs.js: browser.search.selectedEngine - Orbit Search (Powered By Google)
FF - component: c:\program files\ca\ca internet security suite\ca website inspector\linkadvisor\firefox\components\CallingIDLinkAdvisorGecko.dll
FF - component: c:\program files\ca\ca internet security suite\ca website inspector\toolbar\firefox\components\CIDDomFx3.dll
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\m\application data\mozilla\firefox\profiles\bsc1y8h9.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\windows\system32\npmirage.dll

============= SERVICES / DRIVERS ===============

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2008-6-24 93712]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2008-6-24 63504]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2008-6-24 45584]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2008-6-24 115216]
R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2009-2-21 26352]
R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2009-2-21 21104]
R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\vetefile.sys [2009-2-21 880560]
R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\vetfddnt.sys [2009-2-21 21488]
R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2009-2-21 32240]
R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2007-7-6 561152]
R2 Akamai;Akamai;c:\windows\system32\svchost.exe -k Akamai [2006-2-15 14336]
R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus\isafe.exe [2008-1-26 144696]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2008-6-24 134648]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2008-6-24 66576]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2007-10-18 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2007-10-18 801296]
R2 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2008-6-24 281104]
R2 VETMSGNT;VET Message Service;c:\program files\ca\ca internet security suite\ca anti-virus\vetmsg.exe [2008-1-26 255216]
R2 WinSvchostManager;WinSock Svchost Manager;c:\windows\system32\svcprs32.exe [2009-2-21 823296]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2008-6-24 88816]
R3 PPCtlPriv;PPCtlPriv;c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [2008-1-26 185584]
R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\veteboot.sys [2009-2-21 108368]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;c:\windows\system32\drivers\NSDriver.sys [2007-6-4 9344]

=============== Created Last 30 ================

2009-03-04 13:34 161,792 a------- c:\windows\SWREG.exe
2009-03-04 13:34 98,816 a------- c:\windows\sed.exe
2009-03-03 14:20 38,400 a------- c:\windows\system32\moveex.exe
2009-03-03 06:23 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-03 06:23 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-27 09:14 <DIR> --d----- C:\Y.D.T
2009-02-27 08:05 297 a------- c:\windows\system32\Infob.dat
2009-02-27 08:05 0 a------- c:\windows\system32\Infoa.dat
2009-02-27 07:59 355 a------- c:\windows\system32\treeinfo.dat
2009-02-27 07:55 <DIR> --d----- c:\program files\E.M. Youtube Video Download Tool
2009-02-27 06:57 <DIR> --d----- c:\program files\Smart FLV Converter Pro
2009-02-24 08:36 <DIR> --d----- c:\program files\common files\xing shared
2009-02-21 06:37 300,674 a------- c:\windows\system32\drivers\kmxcfg.u2k0
2009-02-21 06:37 64 a------- c:\windows\system32\drivers\kmxcfg.u2k7
2009-02-21 06:37 64 a------- c:\windows\system32\drivers\kmxcfg.u2k6
2009-02-21 06:37 64 a------- c:\windows\system32\drivers\kmxcfg.u2k5
2009-02-21 06:37 64 a------- c:\windows\system32\drivers\kmxcfg.u2k4
2009-02-21 06:37 64 a------- c:\windows\system32\drivers\kmxcfg.u2k3
2009-02-21 06:37 64 a------- c:\windows\system32\drivers\kmxcfg.u2k2
2009-02-21 06:37 64 a------- c:\windows\system32\drivers\kmxcfg.u2k1
2009-02-21 06:33 880,560 a------- c:\windows\system32\drivers\vetefile.sys
2009-02-21 06:33 108,368 a------- c:\windows\system32\drivers\veteboot.sys
2009-02-21 06:33 91,376 a------- c:\windows\system32\isafprod.dll
2009-02-21 06:33 32,240 a------- c:\windows\system32\drivers\vetmonnt.sys
2009-02-21 06:33 26,352 a------- c:\windows\system32\drivers\vet-filt.sys
2009-02-21 06:33 21,488 a------- c:\windows\system32\drivers\vetfddnt.sys
2009-02-21 06:33 21,104 a------- c:\windows\system32\drivers\vet-rec.sys
2009-02-21 06:32 2,732,032 a------- c:\windows\system32\win32cpr.dll
2009-02-21 06:32 823,296 a------- c:\windows\system32\svcprs32.exe
2009-02-21 06:32 1,564,771 a------- c:\windows\system32\winsflt.dll
2009-02-21 06:32 1,212,416 a------- c:\windows\system32\mdmcls32.exe
2009-02-21 06:32 1,830,912 a------- c:\windows\system32\winsflte.dll
2009-02-21 06:32 7,440 a------- c:\windows\system32\sporder.dll
2009-02-17 15:39 128,840 a------- c:\windows\system32\Metacafe.scr
2009-02-16 11:23 578,560 a------- c:\windows\system32\dllcache\user32.dll
2009-02-16 11:16 <DIR> --d----- c:\windows\ERUNT
2009-02-16 09:18 <DIR> --d----- C:\SDFix
2009-02-12 14:05 <DIR> --d----- c:\documents and settings\m\DoctorWeb
2009-02-11 13:39 <DIR> --d----- c:\docume~1\m\applic~1\SUPERAntiSpyware.com
2009-02-09 15:33 <DIR> --d----- c:\docume~1\m\applic~1\HPQ
2009-02-09 05:32 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-08 16:20 24,660 a------- c:\windows\system32\dllcache\spxupchk.dll
2009-02-08 16:20 61,824 a------- c:\windows\system32\dllcache\speed.sys
2009-02-08 16:20 106,584 a------- c:\windows\system32\dllcache\spdports.dll
2009-02-08 16:20 19,072 a------- c:\windows\system32\dllcache\sparrow.sys
2009-02-08 16:20 7,552 a------- c:\windows\system32\dllcache\sonypvu1.sys
2009-02-08 16:18 91,294 a------- c:\windows\system32\dllcache\skfpwin.sys
2009-02-08 16:17 11,648 a------- c:\windows\system32\dllcache\scsiprnt.sys
2009-02-08 16:16 79,872 a------- c:\windows\system32\dllcache\rwia430.dll
2009-02-08 16:15 33,152 a------- c:\windows\system32\dllcache\ql10wnt.sys
2009-02-08 16:14 27,904 a------- c:\windows\system32\dllcache\perm2.sys
2009-02-08 16:13 54,186 a------- c:\windows\system32\dllcache\otcsercb.sys
2009-02-08 16:12 39,264 a------- c:\windows\system32\dllcache\neo20xx.sys
2009-02-08 16:11 2,944 a------- c:\windows\system32\dllcache\msmpu401.sys
2009-02-08 16:10 58,368 a------- c:\windows\system32\dllcache\m3091dc.dll
2009-02-08 16:09 6,144 a------- c:\windows\system32\dllcache\kbd106.dll
2009-02-08 16:08 20,480 a------- c:\windows\system32\dllcache\icam5ext.dll
2009-02-08 16:07 57,471 a------- c:\windows\system32\dllcache\hsf_samp.sys
2009-02-08 16:06 20,352 a------- c:\windows\system32\dllcache\hidbatt.sys
2009-02-08 16:05 27,165 a------- c:\windows\system32\dllcache\fetnd5.sys
2009-02-08 16:04 18,503 a------- c:\windows\system32\dllcache\epro4.sys
2009-02-08 16:03 29,696 a------- c:\windows\system32\dllcache\dm9pci5.sys
2009-02-08 16:02 117,760 a------- c:\windows\system32\dllcache\d100ib5.sys
2009-02-08 16:01 1,677,824 a------- c:\windows\system32\dllcache\chsbrkr.dll
2009-02-08 16:00 12,160 a------- c:\windows\system32\dllcache\brfiltlo.sys
2009-02-08 15:58 66,048 a------- c:\windows\system32\dllcache\s3legacy.dll
2009-02-07 16:30 <DIR> --d----- c:\docume~1\m\applic~1\Malwarebytes
2009-02-07 16:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-07 14:42 <DIR> --d----- c:\docume~1\m\applic~1\WinBatch
2009-02-07 12:38 <DIR> --d----- c:\program files\Spyware Doctor
2009-02-05 11:09 <DIR> --d----- c:\documents and settings\m\.drdivx2

==================== Find3M ====================

2009-03-03 22:06 2,204 a------- c:\docume~1\m\applic~1\wklnhst.dat
2009-02-24 08:35 499,712 a------- c:\windows\system32\msvcp71.dll
2009-02-24 08:35 348,160 a------- c:\windows\system32\msvcr71.dll
2009-01-16 21:35 3,594,752 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-19 04:10 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 04:10 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 00:25 634,024 a------- c:\windows\system32\dllcache\iexplore.exe
2008-12-19 00:23 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2008-12-13 12:17 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-11 05:57 333,952 -------- c:\windows\system32\dllcache\srv.sys

============= FINISH: 14:31:06.68 ===============

Attached Files



#10 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:54 PM

Posted 05 March 2009 - 11:08 AM

Hi

Uninstall these vulnerable Javas:
J2SE Runtime Environment 5.0 Update 5
Java™ 6 Update 5
Java™ 6 Update 7



Uninstall old Adobe Reader versions and get the latest one here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader!


Open notepad and copy/paste the text in the quotebox below into it:

File::
F:\~tmp0.1st.exe

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=-

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae8a9c08-8281-11da-9582-0013d4311d62}]

DDS::
mStart Page = about:blank
BHO: NoExplorer - No File
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} -
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} -
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} -


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.



Download ATF (Atribune Temp File) Cleanerę by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here. If you get a message that latest Java must be installed "enable" the Java add-ons in IE7. Do that using "manage add-ons" from the IE7 toolbar.


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#11 mc2009

mc2009
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:54 PM

Posted 05 March 2009 - 01:31 PM

I used Kaspersky, but when I went to Scan Report, nothing came up.

Here's the ComboFix log:

Running from: c:\downloads\ComboFix.exe
Command switches used :: c:\documents and settings\M\Desktop\CFScript.txt
AV: CA Anti-Virus *On-access scanning disabled* (Updated)
FW: CA Personal Firewall *disabled*
* Created a new restore point

FILE ::
F:\~tmp0.1st.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\config\systemprofile\Application Data\Macromedia\Common
c:\windows\system32\config\systemprofile\Application Data\Macromedia\Common\3293c05a1.dll

.
((((((((((((((((((((((((( Files Created from 2009-02-05 to 2009-03-05 )))))))))))))))))))))))))))))))
.

2009-03-03 14:20 . 2005-11-09 00:26 38,400 --a------ c:\windows\system32\moveex.exe
2009-03-03 06:23 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-03 06:23 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-27 09:14 . 2009-02-27 09:14 <DIR> d-------- C:\Y.D.T
2009-02-27 08:05 . 2009-02-27 08:20 297 --a------ c:\windows\system32\Infob.dat
2009-02-27 08:05 . 2009-02-27 08:20 0 --a------ c:\windows\system32\Infoa.dat
2009-02-27 07:59 . 2009-02-27 08:14 355 --a------ c:\windows\system32\treeinfo.dat
2009-02-27 07:55 . 2009-02-27 09:14 <DIR> d-------- c:\program files\E.M. Youtube Video Download Tool
2009-02-27 06:57 . 2009-02-27 06:57 <DIR> d-------- c:\program files\Smart FLV Converter Pro
2009-02-24 08:36 . 2009-02-24 08:36 <DIR> d-------- c:\program files\Common Files\xing shared
2009-02-21 06:37 . 2009-03-05 11:37 300,674 --a------ c:\windows\system32\drivers\kmxcfg.u2k0
2009-02-21 06:37 . 2009-03-05 11:37 64 --a------ c:\windows\system32\drivers\kmxcfg.u2k7
2009-02-21 06:37 . 2009-03-05 11:37 64 --a------ c:\windows\system32\drivers\kmxcfg.u2k6
2009-02-21 06:37 . 2009-03-05 11:37 64 --a------ c:\windows\system32\drivers\kmxcfg.u2k5
2009-02-21 06:37 . 2009-03-05 11:37 64 --a------ c:\windows\system32\drivers\kmxcfg.u2k4
2009-02-21 06:37 . 2009-03-05 11:37 64 --a------ c:\windows\system32\drivers\kmxcfg.u2k3
2009-02-21 06:37 . 2009-03-05 11:37 64 --a------ c:\windows\system32\drivers\kmxcfg.u2k2
2009-02-21 06:37 . 2009-03-05 11:37 64 --a------ c:\windows\system32\drivers\kmxcfg.u2k1
2009-02-21 06:33 . 2009-02-21 06:35 880,560 --a------ c:\windows\system32\drivers\vetefile.sys
2009-02-21 06:33 . 2009-02-21 06:35 108,368 --a------ c:\windows\system32\drivers\veteboot.sys
2009-02-21 06:33 . 2008-08-30 15:14 91,376 --a------ c:\windows\system32\isafprod.dll
2009-02-21 06:33 . 2008-08-30 15:14 32,240 --a------ c:\windows\system32\drivers\vetmonnt.sys
2009-02-21 06:33 . 2008-08-30 15:14 26,352 --a------ c:\windows\system32\drivers\vet-filt.sys
2009-02-21 06:33 . 2008-08-30 15:14 21,488 --a------ c:\windows\system32\drivers\vetfddnt.sys
2009-02-21 06:33 . 2008-08-30 15:14 21,104 --a------ c:\windows\system32\drivers\vet-rec.sys
2009-02-21 06:32 . 2009-02-21 06:32 2,732,032 --a------ c:\windows\system32\win32cpr.dll
2009-02-21 06:32 . 2007-11-14 12:26 1,830,912 --a------ c:\windows\system32\winsflte.dll
2009-02-21 06:32 . 2009-02-21 06:32 1,564,771 --a------ c:\windows\system32\winsflt.dll
2009-02-21 06:32 . 2007-11-14 12:34 1,212,416 --a------ c:\windows\system32\mdmcls32.exe
2009-02-21 06:32 . 2007-11-14 12:35 823,296 --a------ c:\windows\system32\svcprs32.exe
2009-02-21 06:32 . 2002-01-01 13:02 7,440 --a------ c:\windows\system32\sporder.dll
2009-02-17 15:39 . 2009-02-17 15:39 128,840 --a------ c:\windows\system32\Metacafe.scr
2009-02-16 11:23 . 2009-02-16 11:23 578,560 --a------ c:\windows\system32\dllcache\user32.dll
2009-02-16 11:16 . 2009-02-16 11:17 <DIR> d-------- c:\windows\ERUNT
2009-02-16 09:18 . 2009-02-16 11:49 <DIR> d-------- C:\SDFix
2009-02-12 14:05 . 2009-02-12 15:37 <DIR> d-------- c:\documents and settings\M\DoctorWeb
2009-02-12 00:23 . 2009-02-12 00:23 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
2009-02-11 13:39 . 2009-02-11 13:39 <DIR> d-------- c:\documents and settings\M\Application Data\SUPERAntiSpyware.com
2009-02-09 15:33 . 2009-02-09 15:33 <DIR> d-------- c:\documents and settings\M\Application Data\HPQ
2009-02-09 12:26 . 2009-02-09 12:26 <DIR> d-------- c:\program files\FLV Player
2009-02-09 09:10 . 2009-02-09 09:10 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2009-02-09 05:32 . 2009-03-03 06:24 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-08 16:20 . 2001-08-17 22:36 106,584 --a------ c:\windows\system32\dllcache\spdports.dll
2009-02-08 16:20 . 2001-08-17 13:51 61,824 --a------ c:\windows\system32\dllcache\speed.sys
2009-02-08 16:20 . 2001-08-17 22:36 24,660 --a------ c:\windows\system32\dllcache\spxupchk.dll
2009-02-08 16:20 . 2001-08-17 14:07 19,072 --a------ c:\windows\system32\dllcache\sparrow.sys
2009-02-08 16:20 . 2001-08-17 13:56 7,552 --a------ c:\windows\system32\dllcache\sonypvu1.sys
2009-02-08 16:18 . 2001-08-17 22:36 386,560 --a------ c:\windows\system32\dllcache\sgiul50.dll
2009-02-08 16:17 . 2001-08-17 22:36 495,616 --a------ c:\windows\system32\dllcache\sblfx.dll
2009-02-08 16:16 . 2001-08-17 13:28 899,146 --a------ c:\windows\system32\dllcache\r2mdkxga.sys
2009-02-08 16:15 . 2008-04-13 20:10 259,328 --a------ c:\windows\system32\dllcache\perm3dd.dll
2009-02-08 16:14 . 2001-08-17 14:05 351,616 --a------ c:\windows\system32\dllcache\ovcodek2.sys
2009-02-08 16:13 . 2001-08-17 12:50 198,144 --a------ c:\windows\system32\dllcache\nv3.sys
2009-02-08 16:12 . 2004-08-10 00:00 229,439 --a------ c:\windows\system32\dllcache\multibox.dll
2009-02-08 16:11 . 2004-08-10 00:00 1,875,968 --a------ c:\windows\system32\dllcache\msir3jp.lex
2009-02-08 16:10 . 2004-08-10 00:00 1,158,818 --a------ c:\windows\system32\dllcache\korwbrkr.lex
2009-02-08 16:09 . 2004-08-10 00:00 471,102 --a------ c:\windows\system32\dllcache\imskdic.dll
2009-02-08 16:08 . 2004-08-10 00:00 10,129,408 --a------ c:\windows\system32\dllcache\hwxkor.dll
2009-02-08 16:07 . 2001-08-17 13:28 542,879 --a------ c:\windows\system32\dllcache\hsf_msft.sys
2009-02-08 16:06 . 2001-08-17 14:56 1,733,120 --a------ c:\windows\system32\dllcache\g400d.dll
2009-02-08 16:05 . 2001-08-17 12:17 629,952 --a------ c:\windows\system32\dllcache\eqn.sys
2009-02-08 16:04 . 2001-08-17 13:28 634,134 --a------ c:\windows\system32\dllcache\el656ct5.sys
2009-02-08 16:03 . 2001-08-17 12:14 952,007 --a------ c:\windows\system32\dllcache\diwan.sys
2009-02-08 16:02 . 2001-08-17 12:13 980,034 --a------ c:\windows\system32\dllcache\cicap.sys
2009-02-08 16:01 . 2004-08-10 00:00 1,677,824 --a------ c:\windows\system32\dllcache\chsbrkr.dll
2009-02-08 16:00 . 2001-08-17 13:28 871,388 --a------ c:\windows\system32\dllcache\bcmdm.sys
2009-02-08 15:58 . 2001-08-17 14:56 66,048 --a------ c:\windows\system32\dllcache\s3legacy.dll
2009-02-07 16:30 . 2009-02-07 16:30 <DIR> d-------- c:\documents and settings\M\Application Data\Malwarebytes
2009-02-07 16:30 . 2009-02-07 16:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-07 14:48 . 2009-02-07 14:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-02-07 14:42 . 2009-02-07 14:42 <DIR> d-------- c:\documents and settings\M\Application Data\WinBatch
2009-02-07 12:38 . 2009-02-07 13:32 <DIR> d-------- c:\program files\Spyware Doctor
2009-02-05 11:09 . 2009-02-05 11:09 <DIR> d-------- c:\documents and settings\M\.drdivx2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-05 17:10 --------- d-----w c:\program files\Orbitdownloader
2009-03-05 17:06 --------- d-----w c:\documents and settings\M\Application Data\Orbit
2009-03-05 17:05 --------- d-----w c:\program files\Common Files\Akamai
2009-03-05 16:32 --------- d-----w c:\program files\Java
2009-03-05 15:28 --------- d-----w c:\documents and settings\M\Application Data\Metacafe
2009-03-05 15:28 --------- d-----w c:\documents and settings\All Users\Application Data\Metacafe
2009-03-05 03:17 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\Orbit
2009-03-04 19:56 2,204 ----a-w c:\documents and settings\M\Application Data\wklnhst.dat
2009-03-04 03:05 --------- d-----w c:\program files\Metacafe
2009-03-03 19:28 --------- d-----w c:\documents and settings\M\Application Data\CallingID
2009-03-03 02:25 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\CallingID
2009-02-27 23:35 --------- d-----w c:\program files\MediaCoder
2009-02-24 16:26 --------- d-----w c:\program files\CinemaForge
2009-02-24 13:35 499,712 ----a-w c:\windows\system32\msvcp71.dll
2009-02-24 13:35 348,160 ----a-w c:\windows\system32\msvcr71.dll
2009-02-24 13:35 --------- d-----w c:\program files\Common Files\Real
2009-02-21 11:26 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\GetRightToGo
2009-02-12 05:23 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-09 19:20 1,206 ----a-w c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
2009-02-07 19:49 --------- d-----w c:\program files\Hewlett-Packard
2009-02-07 18:32 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-07 11:31 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\MYPOINTS
2009-02-05 16:09 --------- d-----w c:\program files\DivX
2009-01-17 02:35 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
2009-01-10 04:48 --------- d--h--w c:\program files\GMBD
2009-01-08 03:26 --------- d-----w c:\program files\Google
2009-01-05 19:08 --------- d-----w c:\documents and settings\M\Application Data\InterVideo
2008-12-19 09:10 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 05:25 634,024 ----a-w c:\windows\system32\dllcache\iexplore.exe
2008-12-19 05:23 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2008-12-13 17:17 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2006-09-15 22:18 22 --sha-w c:\windows\SMINST\HPCD.sys
2008-11-25 03:18 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008111720081124\index.dat
2008-12-01 11:00 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008112420081201\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-03-04_ 2.22.36.84 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-05 16:47:26 295,606 ----a-r c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A81300000003}\SC_Reader.exe
- 2009-03-04 07:16:28 2,777,088 ----a-w c:\windows\rnapxs\CSDK\urlcache\domainNames.dat
+ 2009-03-05 16:37:21 2,793,472 ----a-w c:\windows\rnapxs\CSDK\urlcache\domainNames.dat
- 2009-03-04 07:16:28 136,060,928 ----a-w c:\windows\rnapxs\CSDK\urlcache\urlCacheDb.dat
+ 2009-03-05 17:09:33 137,592,832 ----a-w c:\windows\rnapxs\CSDK\urlcache\urlCacheDb.dat
+ 2009-03-05 17:04:56 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_4cc.dat
+ 2006-06-05 19:14:28 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll
+ 2006-06-05 19:14:28 548,864 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll
+ 2006-06-05 19:14:28 626,688 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-CEC4-75A487FD6484}]
2008-10-29 20:47 1909248 --a------ c:\progra~1\mypoints\mypoints.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-CEC4-75A487FD6484}"= "c:\progra~1\mypoints\mypoints.dll" [2008-10-29 1909248]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-cec4-75a487fd6484}]
[HKEY_CLASSES_ROOT\mypoints.MYPOINTS]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A057A204-BACC-4D26-CEC4-75A487FD6484}"= "c:\progra~1\mypoints\mypoints.dll" [2008-10-29 1909248]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-cec4-75a487fd6484}]
[HKEY_CLASSES_ROOT\mypoints.MYPOINTS]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-20 68856]
"rundll32.exe"="c:\documents and settings\M\Application Data\Macromedia\Common\3293c05a1.dll" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe" [2008-05-11 14088]
"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2008-08-30 234736]
"cafw"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-08-28 771312]
"capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-08-28 173296]
"capfupgrade"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-08-28 259312]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-24 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-13 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Metacafe.lnk - c:\program files\Metacafe\MetacafeAgent.exe [2009-02-17 145736]
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2008-05-11 1719496]
Start GetRight.lnk - c:\program files\GetRight\GetRight.exe [2006-09-30 4694296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}"= "c:\program files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\CIDLinkAdvisor.dll" [2008-07-23 1377720]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 12:30 79368 c:\windows\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.MV30"= c:\windows\system32\mv3.dll
"msacm.ac3filter"= ac3filter.acm
"vidc.VP31"= vp31vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1688:TCP"= 1688:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2008-06-24 93712]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2008-06-24 63504]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2008-06-24 45584]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2008-06-24 115216]
R2 Akamai;Akamai;c:\windows\System32\svchost.exe -k Akamai [2006-02-15 14336]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2008-06-24 134648]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2008-06-24 66576]
R2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2007-10-18 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2007-10-18 801296]
R2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [2008-06-24 281104]
R2 WinSvchostManager;WinSock Svchost Manager;c:\windows\system32\svcprs32.exe [2009-02-21 823296]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2008-06-24 88816]
R3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2008-01-26 185584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae8a9c04-8281-11da-9582-806d6172696f}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
.
Contents of the 'Scheduled Tasks' folder

2009-02-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe []

2009-02-21 c:\windows\Tasks\CAAntiSpywareScan_Daily as HP_Administrator at 6 33 AM.job
- c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\caantispyware.exe [2008-08-27 18:44]

2007-06-17 c:\windows\Tasks\RegClean Scheduled Scan.job
- c:\program files\RegClean\RegClean.exe []

2007-06-17 c:\windows\Tasks\RegClean Scheduled Scan.job
- c:\program files\RegClean []
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.optimum.net/Home
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Download All Files by HiDownload - c:\program files\StreamingStar\HiDownload\HDGetAll.htm
IE: Download by HiDownload - c:\program files\StreamingStar\HiDownload\HDGet.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\winsflt.dll
LSP: c:\windows\system32\VetRedir.dll
Trusted Zone: trymedia.com
FF - ProfilePath - c:\documents and settings\M\Application Data\Mozilla\Firefox\Profiles\bsc1y8h9.default\
FF - prefs.js: browser.search.selectedEngine - Orbit Search (Powered By Google)
FF - component: c:\program files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\components\CallingIDLinkAdvisorGecko.dll
FF - component: c:\program files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\Firefox\components\CIDDomFx3.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\M\Application Data\Mozilla\Firefox\Profiles\bsc1y8h9.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\windows\system32\npmirage.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-05 12:18:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\Root\LEGACY_ATI0TBXX\0000\LogConf]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(612)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\UmxWnp.Dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll

- - - - - - - > 'lsass.exe'(692)
c:\windows\system32\winsflt.dll
.
Completion time: 2009-03-05 12:20:40
ComboFix-quarantined-files.txt 2009-03-05 17:20:07
ComboFix2.txt 2009-03-04 07:24:02
ComboFix3.txt 2009-03-03 19:20:35

Pre-Run: 102,905,126,912 bytes free
Post-Run: 103,073,390,592 bytes free

278 --- E O F --- 2009-02-25 13:52:23


Here's the DDS log:

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\svcprs32.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Metacafe\MetacafeAgent.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\WINDOWS\system32\mdmcls32.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CAGlobal.exe
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Light\CAGlobalLight.exe
C:\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.optimum.net/Home
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: NoExplorer - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: IE to GetRight Helper: {31ff080d-12a3-439a-a2ef-4ba95a3148e8} - c:\program files\getright\xx2gr.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: MYPOINTS: {a057a204-bacc-4d26-cec4-75a487fd6484} - c:\progra~1\mypoints\mypoints.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: CA Toolbar Helper: {fbf2401b-7447-4727-be5d-c19b2075ca84} - c:\program files\ca\ca internet security suite\ca website inspector\toolbar\CallingIDIE.dll
TB: CA Toolbar: {10134636-e7af-4ac5-a1dc-c7c44bb97d81} - c:\program files\ca\ca internet security suite\ca website inspector\toolbar\CallingIDIE.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: MYPOINTS: {a057a204-bacc-4d26-cec4-75a487fd6484} - c:\progra~1\mypoints\mypoints.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [rundll32.exe] rundll32.exe "c:\documents and settings\m\application data\macromedia\common\3293c05a1.dll""
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [QOELOADER] "c:\program files\ca\ca internet security suite\ca anti-spam\qsp-6.0.1.33\QOELoader.exe"
mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"
mRun: [cafw] c:\program files\ca\ca internet security suite\ca personal firewall\cafw.exe -cl
mRun: [capfasem] c:\program files\ca\ca internet security suite\ca personal firewall\capfasem.exe
mRun: [capfupgrade] c:\program files\ca\ca internet security suite\ca personal firewall\capfupgrade.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] c:\program files\java\jre6\bin\jusched.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\metacafe.lnk - c:\program files\metacafe\MetacafeAgent.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\orbit.lnk - c:\program files\orbitdownloader\orbitdm.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\startg~1.lnk - c:\program files\getright\GetRight.exe
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: Download All Files by HiDownload - c:\program files\streamingstar\hidownload\HDGetAll.htm
IE: Download by HiDownload - c:\program files\streamingstar\hidownload\HDGet.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
LSP: c:\windows\system32\winsflt.dll
LSP: c:\windows\system32\VetRedir.dll
Trusted Zone: trymedia.com
DPF: {5E92F538-B50B-46C5-9C5F-C6EECED3F6C6} - hxxp://www.infospace.com/mypoints.main/tbar/mypointsSetup.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: PFW - UmxWnp.Dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: ShellHook Class: {1869181a-9f50-4fcf-8bff-1b8588ecb85c} - c:\program files\ca\ca internet security suite\ca website inspector\linkadvisor\CIDLinkAdvisor.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\m\applic~1\mozilla\firefox\profiles\bsc1y8h9.default\
FF - prefs.js: browser.search.selectedEngine - Orbit Search (Powered By Google)
FF - component: c:\program files\ca\ca internet security suite\ca website inspector\linkadvisor\firefox\components\CallingIDLinkAdvisorGecko.dll
FF - component: c:\program files\ca\ca internet security suite\ca website inspector\toolbar\firefox\components\CIDDomFx3.dll
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\m\application data\mozilla\firefox\profiles\bsc1y8h9.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\windows\system32\npmirage.dll

============= SERVICES / DRIVERS ===============

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2008-6-24 93712]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2008-6-24 63504]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2008-6-24 45584]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2008-6-24 115216]
R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2009-2-21 26352]
R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2009-2-21 21104]
R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\vetefile.sys [2009-2-21 880560]
R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\vetfddnt.sys [2009-2-21 21488]
R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2009-2-21 32240]
R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2007-7-6 561152]
R2 Akamai;Akamai;c:\windows\system32\svchost.exe -k Akamai [2006-2-15 14336]
R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus\isafe.exe [2008-1-26 144696]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2008-6-24 134648]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2008-6-24 66576]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2007-10-18 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2007-10-18 801296]
R2 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2008-6-24 281104]
R2 VETMSGNT;VET Message Service;c:\program files\ca\ca internet security suite\ca anti-virus\vetmsg.exe [2008-1-26 255216]
R2 WinSvchostManager;WinSock Svchost Manager;c:\windows\system32\svcprs32.exe [2009-2-21 823296]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2008-6-24 88816]
R3 PPCtlPriv;PPCtlPriv;c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [2008-1-26 185584]
R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\veteboot.sys [2009-2-21 108368]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;c:\windows\system32\drivers\NSDriver.sys [2007-6-4 9344]

=============== Created Last 30 ================

2009-03-04 13:34 161,792 a------- c:\windows\SWREG.exe
2009-03-04 13:34 98,816 a------- c:\windows\sed.exe
2009-03-03 14:20 38,400 a------- c:\windows\system32\moveex.exe
2009-03-03 06:23 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-03 06:23 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-27 09:14 <DIR> --d----- C:\Y.D.T
2009-02-27 08:05 297 a------- c:\windows\system32\Infob.dat
2009-02-27 08:05 0 a------- c:\windows\system32\Infoa.dat
2009-02-27 07:59 355 a------- c:\windows\system32\treeinfo.dat
2009-02-27 07:55 <DIR> --d----- c:\program files\E.M. Youtube Video Download Tool
2009-02-27 06:57 <DIR> --d----- c:\program files\Smart FLV Converter Pro
2009-02-24 08:36 <DIR> --d----- c:\program files\common files\xing shared
2009-02-21 06:37 300,674 a------- c:\windows\system32\drivers\kmxcfg.u2k0
2009-02-21 06:37 64 a------- c:\windows\system32\drivers\kmxcfg.u2k7
2009-02-21 06:37 64 a------- c:\windows\system32\drivers\kmxcfg.u2k6
2009-02-21 06:37 64 a------- c:\windows\system32\drivers\kmxcfg.u2k5
2009-02-21 06:37 64 a------- c:\windows\system32\drivers\kmxcfg.u2k4
2009-02-21 06:37 64 a------- c:\windows\system32\drivers\kmxcfg.u2k3
2009-02-21 06:37 64 a------- c:\windows\system32\drivers\kmxcfg.u2k2
2009-02-21 06:37 64 a------- c:\windows\system32\drivers\kmxcfg.u2k1
2009-02-21 06:33 880,560 a------- c:\windows\system32\drivers\vetefile.sys
2009-02-21 06:33 108,368 a------- c:\windows\system32\drivers\veteboot.sys
2009-02-21 06:33 91,376 a------- c:\windows\system32\isafprod.dll
2009-02-21 06:33 32,240 a------- c:\windows\system32\drivers\vetmonnt.sys
2009-02-21 06:33 26,352 a------- c:\windows\system32\drivers\vet-filt.sys
2009-02-21 06:33 21,488 a------- c:\windows\system32\drivers\vetfddnt.sys
2009-02-21 06:33 21,104 a------- c:\windows\system32\drivers\vet-rec.sys
2009-02-21 06:32 2,732,032 a------- c:\windows\system32\win32cpr.dll
2009-02-21 06:32 823,296 a------- c:\windows\system32\svcprs32.exe
2009-02-21 06:32 1,564,771 a------- c:\windows\system32\winsflt.dll
2009-02-21 06:32 1,212,416 a------- c:\windows\system32\mdmcls32.exe
2009-02-21 06:32 1,830,912 a------- c:\windows\system32\winsflte.dll
2009-02-21 06:32 7,440 a------- c:\windows\system32\sporder.dll
2009-02-17 15:39 128,840 a------- c:\windows\system32\Metacafe.scr
2009-02-16 11:23 578,560 a------- c:\windows\system32\dllcache\user32.dll
2009-02-16 11:16 <DIR> --d----- c:\windows\ERUNT
2009-02-16 09:18 <DIR> --d----- C:\SDFix
2009-02-12 14:05 <DIR> --d----- c:\documents and settings\m\DoctorWeb
2009-02-11 13:39 <DIR> --d----- c:\docume~1\m\applic~1\SUPERAntiSpyware.com
2009-02-09 15:33 <DIR> --d----- c:\docume~1\m\applic~1\HPQ
2009-02-09 05:32 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-08 16:20 24,660 a------- c:\windows\system32\dllcache\spxupchk.dll
2009-02-08 16:20 61,824 a------- c:\windows\system32\dllcache\speed.sys
2009-02-08 16:20 106,584 a------- c:\windows\system32\dllcache\spdports.dll
2009-02-08 16:20 19,072 a------- c:\windows\system32\dllcache\sparrow.sys
2009-02-08 16:20 7,552 a------- c:\windows\system32\dllcache\sonypvu1.sys
2009-02-08 16:18 91,294 a------- c:\windows\system32\dllcache\skfpwin.sys
2009-02-08 16:17 11,648 a------- c:\windows\system32\dllcache\scsiprnt.sys
2009-02-08 16:16 79,872 a------- c:\windows\system32\dllcache\rwia430.dll
2009-02-08 16:15 33,152 a------- c:\windows\system32\dllcache\ql10wnt.sys
2009-02-08 16:14 27,904 a------- c:\windows\system32\dllcache\perm2.sys
2009-02-08 16:13 54,186 a------- c:\windows\system32\dllcache\otcsercb.sys
2009-02-08 16:12 39,264 a------- c:\windows\system32\dllcache\neo20xx.sys
2009-02-08 16:11 2,944 a------- c:\windows\system32\dllcache\msmpu401.sys
2009-02-08 16:10 58,368 a------- c:\windows\system32\dllcache\m3091dc.dll
2009-02-08 16:09 6,144 a------- c:\windows\system32\dllcache\kbd106.dll
2009-02-08 16:08 20,480 a------- c:\windows\system32\dllcache\icam5ext.dll
2009-02-08 16:07 57,471 a------- c:\windows\system32\dllcache\hsf_samp.sys
2009-02-08 16:06 20,352 a------- c:\windows\system32\dllcache\hidbatt.sys
2009-02-08 16:05 27,165 a------- c:\windows\system32\dllcache\fetnd5.sys
2009-02-08 16:04 18,503 a------- c:\windows\system32\dllcache\epro4.sys
2009-02-08 16:03 29,696 a------- c:\windows\system32\dllcache\dm9pci5.sys
2009-02-08 16:02 117,760 a------- c:\windows\system32\dllcache\d100ib5.sys
2009-02-08 16:01 1,677,824 a------- c:\windows\system32\dllcache\chsbrkr.dll
2009-02-08 16:00 12,160 a------- c:\windows\system32\dllcache\brfiltlo.sys
2009-02-08 15:58 66,048 a------- c:\windows\system32\dllcache\s3legacy.dll
2009-02-07 16:30 <DIR> --d----- c:\docume~1\m\applic~1\Malwarebytes
2009-02-07 16:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-07 14:42 <DIR> --d----- c:\docume~1\m\applic~1\WinBatch
2009-02-07 12:38 <DIR> --d----- c:\program files\Spyware Doctor
2009-02-05 11:09 <DIR> --d----- c:\documents and settings\m\.drdivx2

==================== Find3M ====================

2009-03-04 14:56 2,204 a------- c:\docume~1\m\applic~1\wklnhst.dat
2009-02-24 08:35 499,712 a------- c:\windows\system32\msvcp71.dll
2009-02-24 08:35 348,160 a------- c:\windows\system32\msvcr71.dll
2009-01-16 21:35 3,594,752 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-19 04:10 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 04:10 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 00:25 634,024 a------- c:\windows\system32\dllcache\iexplore.exe
2008-12-19 00:23 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2008-12-13 12:17 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-11 05:57 333,952 -------- c:\windows\system32\dllcache\srv.sys

============= FINISH: 13:21:41.57 ===============

Attached Files



#12 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:54 PM

Posted 05 March 2009 - 03:54 PM

Hi again,


Looks like you didn't update Adobe Reader yet. Please do so. Also, have you thus far posted whole ComboFix logs without leaving first lines off?


Open notepad and copy/paste the text in the quotebox below into it:

Driver::
ATI0TBXX

DDS::
Trusted Zone: trymedia.com

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"rundll32.exe"=-

RegLock::
[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\Root\LEGACY_ATI0TBXX\0000\LogConf]


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log & fresh dds.txt contents. How's the system running?


Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#13 mc2009

mc2009
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:54 PM

Posted 05 March 2009 - 06:18 PM

I never posted the first line because I didn't think I needed to. I downloaded Adobe 9, but I couldn't install it because an error message kept coming up: Nosso 2.0: File: setup.exe. I'll use ComboFix again tomorrow morning.

#14 mc2009

mc2009
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:54 PM

Posted 05 March 2009 - 11:41 PM

I fixed the Adobe problem.

#15 mc2009

mc2009
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:54 PM

Posted 06 March 2009 - 11:14 AM

ComboFix 09-03-04.01 - M 2009-03-06 10:44:19.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.356 [GMT -5:00]
Running from: c:\downloads\ComboFix.exe
Command switches used :: c:\documents and settings\M\Desktop\CFScript.txt
AV: CA Anti-Virus *On-access scanning disabled* (Updated)
FW: CA Personal Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\config\systemprofile\Application Data\Macromedia\Common
c:\windows\system32\config\systemprofile\Application Data\Macromedia\Common\3293c05a1.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ATI0TBXX


((((((((((((((((((((((((( Files Created from 2009-02-06 to 2009-03-06 )))))))))))))))))))))))))))))))
.

2009-03-06 09:21 . 2009-03-06 09:21 <DIR> d-------- c:\documents and settings\M\Application Data\Search Settings
2009-03-06 09:17 . 2009-03-06 09:17 <DIR> d-------- c:\program files\Search Settings
2009-03-06 09:15 . 2009-03-06 09:21 <DIR> d-------- c:\program files\Free FLV Converter
2009-03-06 09:15 . 2008-06-04 17:42 364,544 --a------ c:\windows\system32\PropertyGrid.ocx
2009-03-06 09:15 . 2008-12-24 08:02 274,432 --a------ c:\windows\system32\TubeFinder.exe
2009-03-06 09:15 . 2008-06-04 17:42 208,500 --a------ c:\windows\system32\ReyXpBasics.tlb
2009-03-06 09:15 . 2008-06-04 17:42 141,312 --a------ c:\windows\system32\MSCMCFR.DLL
2009-03-06 09:15 . 2008-06-04 17:42 119,568 --a------ c:\windows\system32\VB6FR.DLL
2009-03-06 09:15 . 2008-06-04 17:42 101,888 --a------ c:\windows\system32\VB6STKIT.DLL
2009-03-06 09:15 . 2008-06-04 17:42 84,512 --a------ c:\windows\system32\PICCLP32.OCX
2009-03-06 09:15 . 2008-06-04 17:42 32,768 --a------ c:\windows\system32\CMDLGFR.DLL
2009-03-06 09:15 . 2008-06-04 17:42 24,576 --a------ c:\windows\system32\ControlSubX.ocx
2009-03-06 09:15 . 2008-06-04 17:42 9,728 --a------ c:\windows\system32\PCCLPFR.DLL
2009-03-05 23:34 . 2009-03-05 23:34 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-03-05 23:26 . 2009-03-06 05:58 <DIR> d-------- c:\program files\NOS
2009-03-05 23:26 . 2009-03-06 05:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS
2009-03-05 23:24 . 2009-03-05 23:24 <DIR> d-------- c:\windows\system32\Adobe
2009-03-03 14:20 . 2005-11-09 00:26 38,400 --a------ c:\windows\system32\moveex.exe
2009-03-03 06:23 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-03 06:23 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-27 09:14 . 2009-02-27 09:14 <DIR> d-------- C:\Y.D.T
2009-02-27 08:05 . 2009-02-27 08:20 297 --a------ c:\windows\system32\Infob.dat
2009-02-27 08:05 . 2009-02-27 08:20 0 --a------ c:\windows\system32\Infoa.dat
2009-02-27 07:59 . 2009-02-27 08:14 355 --a------ c:\windows\system32\treeinfo.dat
2009-02-27 07:55 . 2009-02-27 09:14 <DIR> d-------- c:\program files\E.M. Youtube Video Download Tool
2009-02-27 06:57 . 2009-02-27 06:57 <DIR> d-------- c:\program files\Smart FLV Converter Pro
2009-02-24 08:36 . 2009-02-24 08:36 <DIR> d-------- c:\program files\Common Files\xing shared
2009-02-21 06:37 . 2009-03-06 10:50 312,834 --a------ c:\windows\system32\drivers\kmxcfg.u2k0
2009-02-21 06:37 . 2009-03-06 10:50 64 --a------ c:\windows\system32\drivers\kmxcfg.u2k7
2009-02-21 06:37 . 2009-03-06 10:50 64 --a------ c:\windows\system32\drivers\kmxcfg.u2k6
2009-02-21 06:37 . 2009-03-06 10:50 64 --a------ c:\windows\system32\drivers\kmxcfg.u2k5
2009-02-21 06:37 . 2009-03-06 10:50 64 --a------ c:\windows\system32\drivers\kmxcfg.u2k4
2009-02-21 06:37 . 2009-03-06 10:50 64 --a------ c:\windows\system32\drivers\kmxcfg.u2k3
2009-02-21 06:37 . 2009-03-06 10:50 64 --a------ c:\windows\system32\drivers\kmxcfg.u2k2
2009-02-21 06:37 . 2009-03-06 10:50 64 --a------ c:\windows\system32\drivers\kmxcfg.u2k1
2009-02-21 06:33 . 2009-02-21 06:35 880,560 --a------ c:\windows\system32\drivers\vetefile.sys
2009-02-21 06:33 . 2009-02-21 06:35 108,368 --a------ c:\windows\system32\drivers\veteboot.sys
2009-02-21 06:33 . 2008-08-30 15:14 91,376 --a------ c:\windows\system32\isafprod.dll
2009-02-21 06:33 . 2008-08-30 15:14 32,240 --a------ c:\windows\system32\drivers\vetmonnt.sys
2009-02-21 06:33 . 2008-08-30 15:14 26,352 --a------ c:\windows\system32\drivers\vet-filt.sys
2009-02-21 06:33 . 2008-08-30 15:14 21,488 --a------ c:\windows\system32\drivers\vetfddnt.sys
2009-02-21 06:33 . 2008-08-30 15:14 21,104 --a------ c:\windows\system32\drivers\vet-rec.sys
2009-02-21 06:32 . 2009-02-21 06:32 2,732,032 --a------ c:\windows\system32\win32cpr.dll
2009-02-21 06:32 . 2007-11-14 12:26 1,830,912 --a------ c:\windows\system32\winsflte.dll
2009-02-21 06:32 . 2009-02-21 06:32 1,564,771 --a------ c:\windows\system32\winsflt.dll
2009-02-21 06:32 . 2007-11-14 12:34 1,212,416 --a------ c:\windows\system32\mdmcls32.exe
2009-02-21 06:32 . 2007-11-14 12:35 823,296 --a------ c:\windows\system32\svcprs32.exe
2009-02-21 06:32 . 2002-01-01 13:02 7,440 --a------ c:\windows\system32\sporder.dll
2009-02-17 15:39 . 2009-02-17 15:39 128,840 --a------ c:\windows\system32\Metacafe.scr
2009-02-16 11:23 . 2009-02-16 11:23 578,560 --a------ c:\windows\system32\dllcache\user32.dll
2009-02-16 11:16 . 2009-02-16 11:17 <DIR> d-------- c:\windows\ERUNT
2009-02-16 09:18 . 2009-02-16 11:49 <DIR> d-------- C:\SDFix
2009-02-12 14:05 . 2009-02-12 15:37 <DIR> d-------- c:\documents and settings\M\DoctorWeb
2009-02-12 00:23 . 2009-02-12 00:23 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
2009-02-11 13:39 . 2009-02-11 13:39 <DIR> d-------- c:\documents and settings\M\Application Data\SUPERAntiSpyware.com
2009-02-09 15:33 . 2009-02-09 15:33 <DIR> d-------- c:\documents and settings\M\Application Data\HPQ
2009-02-09 12:26 . 2009-02-09 12:26 <DIR> d-------- c:\program files\FLV Player
2009-02-09 09:10 . 2009-02-09 09:10 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2009-02-09 05:32 . 2009-03-03 06:24 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-08 16:20 . 2001-08-17 22:36 106,584 --a------ c:\windows\system32\dllcache\spdports.dll
2009-02-08 16:20 . 2001-08-17 13:51 61,824 --a------ c:\windows\system32\dllcache\speed.sys
2009-02-08 16:20 . 2001-08-17 22:36 24,660 --a------ c:\windows\system32\dllcache\spxupchk.dll
2009-02-08 16:20 . 2001-08-17 14:07 19,072 --a------ c:\windows\system32\dllcache\sparrow.sys
2009-02-08 16:20 . 2001-08-17 13:56 7,552 --a------ c:\windows\system32\dllcache\sonypvu1.sys
2009-02-08 16:18 . 2001-08-17 22:36 386,560 --a------ c:\windows\system32\dllcache\sgiul50.dll
2009-02-08 16:17 . 2001-08-17 22:36 495,616 --a------ c:\windows\system32\dllcache\sblfx.dll
2009-02-08 16:16 . 2001-08-17 13:28 899,146 --a------ c:\windows\system32\dllcache\r2mdkxga.sys
2009-02-08 16:15 . 2008-04-13 20:10 259,328 --a------ c:\windows\system32\dllcache\perm3dd.dll
2009-02-08 16:14 . 2001-08-17 14:05 351,616 --a------ c:\windows\system32\dllcache\ovcodek2.sys
2009-02-08 16:13 . 2001-08-17 12:50 198,144 --a------ c:\windows\system32\dllcache\nv3.sys
2009-02-08 16:12 . 2004-08-10 00:00 229,439 --a------ c:\windows\system32\dllcache\multibox.dll
2009-02-08 16:11 . 2004-08-10 00:00 1,875,968 --a------ c:\windows\system32\dllcache\msir3jp.lex
2009-02-08 16:10 . 2004-08-10 00:00 1,158,818 --a------ c:\windows\system32\dllcache\korwbrkr.lex
2009-02-08 16:09 . 2004-08-10 00:00 471,102 --a------ c:\windows\system32\dllcache\imskdic.dll
2009-02-08 16:08 . 2004-08-10 00:00 10,129,408 --a------ c:\windows\system32\dllcache\hwxkor.dll
2009-02-08 16:07 . 2001-08-17 13:28 542,879 --a------ c:\windows\system32\dllcache\hsf_msft.sys
2009-02-08 16:06 . 2001-08-17 14:56 1,733,120 --a------ c:\windows\system32\dllcache\g400d.dll
2009-02-08 16:05 . 2001-08-17 12:17 629,952 --a------ c:\windows\system32\dllcache\eqn.sys
2009-02-08 16:04 . 2001-08-17 13:28 634,134 --a------ c:\windows\system32\dllcache\el656ct5.sys
2009-02-08 16:03 . 2001-08-17 12:14 952,007 --a------ c:\windows\system32\dllcache\diwan.sys
2009-02-08 16:02 . 2001-08-17 12:13 980,034 --a------ c:\windows\system32\dllcache\cicap.sys
2009-02-08 16:01 . 2004-08-10 00:00 1,677,824 --a------ c:\windows\system32\dllcache\chsbrkr.dll
2009-02-08 16:00 . 2001-08-17 13:28 871,388 --a------ c:\windows\system32\dllcache\bcmdm.sys
2009-02-08 15:58 . 2001-08-17 14:56 66,048 --a------ c:\windows\system32\dllcache\s3legacy.dll
2009-02-07 16:30 . 2009-02-07 16:30 <DIR> d-------- c:\documents and settings\M\Application Data\Malwarebytes
2009-02-07 16:30 . 2009-02-07 16:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-07 14:48 . 2009-02-07 14:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-02-07 14:42 . 2009-02-07 14:42 <DIR> d-------- c:\documents and settings\M\Application Data\WinBatch
2009-02-07 12:38 . 2009-02-07 13:32 <DIR> d-------- c:\program files\Spyware Doctor

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-06 15:52 --------- d-----w c:\program files\Common Files\Akamai
2009-03-06 15:52 --------- d-----w c:\documents and settings\M\Application Data\Orbit
2009-03-06 15:50 --------- d-----w c:\documents and settings\M\Application Data\Metacafe
2009-03-06 15:50 --------- d-----w c:\documents and settings\All Users\Application Data\Metacafe
2009-03-06 15:42 --------- d-----w c:\program files\Orbitdownloader
2009-03-06 12:46 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\Orbit
2009-03-06 04:33 --------- d-----w c:\program files\Common Files\Adobe
2009-03-05 21:14 2,204 ----a-w c:\documents and settings\M\Application Data\wklnhst.dat
2009-03-05 16:32 --------- d-----w c:\program files\Java
2009-03-04 03:05 --------- d-----w c:\program files\Metacafe
2009-03-03 19:28 --------- d-----w c:\documents and settings\M\Application Data\CallingID
2009-03-03 02:25 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\CallingID
2009-02-27 23:35 --------- d-----w c:\program files\MediaCoder
2009-02-24 16:26 --------- d-----w c:\program files\CinemaForge
2009-02-24 13:35 --------- d-----w c:\program files\Common Files\Real
2009-02-21 11:26 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\GetRightToGo
2009-02-12 05:23 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-09 19:20 1,206 ----a-w c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
2009-02-07 19:49 --------- d-----w c:\program files\Hewlett-Packard
2009-02-07 18:32 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-07 11:31 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\MYPOINTS
2009-02-05 16:09 --------- d-----w c:\program files\DivX
2009-01-10 04:48 --------- d--h--w c:\program files\GMBD
2009-01-08 03:26 --------- d-----w c:\program files\Google
2006-09-15 22:18 22 --sha-w c:\windows\SMINST\HPCD.sys
2008-11-25 03:18 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008111720081124\index.dat
2008-12-01 11:00 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008112420081201\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-03-04_ 2.22.36.84 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-12 20:06:42 295,606 ----a-r c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe
+ 2009-03-06 14:17:10 10,134 ----a-r c:\windows\Installer\{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}\ARPPRODUCTICON.exe
- 2009-03-04 07:16:28 2,777,088 ----a-w c:\windows\rnapxs\CSDK\urlcache\domainNames.dat
+ 2009-03-06 14:22:11 2,809,856 ----a-w c:\windows\rnapxs\CSDK\urlcache\domainNames.dat
- 2009-03-04 07:16:28 136,060,928 ----a-w c:\windows\rnapxs\CSDK\urlcache\urlCacheDb.dat
+ 2009-03-06 15:50:19 139,366,400 ----a-w c:\windows\rnapxs\CSDK\urlcache\urlCacheDb.dat
+ 2009-01-17 00:17:04 114,688 ----a-w c:\windows\system32\Adobe\Director\np32dsw.dll
+ 2009-01-16 22:19:40 202,168 ------w c:\windows\system32\Adobe\Director\swdir.dll
+ 2009-01-16 22:19:58 67,000 ----a-w c:\windows\system32\Adobe\Director\SwDnld.exe
+ 2009-01-17 00:17:42 499,712 ----a-w c:\windows\system32\Adobe\Shockwave 11\Control.dll
+ 2009-01-16 23:58:24 1,798,144 ----a-w c:\windows\system32\Adobe\Shockwave 11\dirapi.dll
+ 2009-01-17 00:17:46 9,216 ----a-w c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2009-01-16 23:45:12 703,488 ----a-w c:\windows\system32\Adobe\Shockwave 11\gi.dll
+ 2009-01-16 23:45:12 1,145,896 ----a-w c:\windows\system32\Adobe\Shockwave 11\gt.exe
+ 2009-01-16 23:45:12 52,288 ----a-w c:\windows\system32\Adobe\Shockwave 11\gtapi.dll
+ 2009-01-16 23:54:42 892,928 ----a-w c:\windows\system32\Adobe\Shockwave 11\iml32.dll
+ 2009-01-17 00:16:22 266,240 ----a-w c:\windows\system32\Adobe\Shockwave 11\Plugin.dll
+ 2009-01-17 00:18:16 446,464 ----a-w c:\windows\system32\Adobe\Shockwave 11\Proj.dll
+ 2009-01-17 00:25:14 460,216 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwHelper_1103472.exe
+ 2009-01-17 00:16:08 114,688 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwInit.exe
+ 2009-01-17 00:16:06 94,208 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll
+ 2009-01-16 23:45:12 58,736 ----a-w c:\windows\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL
+ 1999-06-25 15:55:30 149,504 ----a-w c:\windows\system32\Adobe\Shockwave 11\UNWISE.EXE
- 2009-02-07 18:26:16 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-03-06 04:26:58 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-02-07 18:26:16 65,536 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-03-06 04:26:58 65,536 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-03-06 04:26:58 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-03 02:07:18 240,544 ----a-r c:\windows\system32\Macromed\Flash\FlashUtil10b.exe
- 2009-01-04 04:19:13 89,102 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2009-03-06 04:23:20 89,102 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2009-03-06 15:51:53 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_17c.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-CEC4-75A487FD6484}]
2008-10-29 20:47 1909248 --a------ c:\progra~1\mypoints\mypoints.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-CEC4-75A487FD6484}"= "c:\progra~1\mypoints\mypoints.dll" [2008-10-29 1909248]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-cec4-75a487fd6484}]
[HKEY_CLASSES_ROOT\mypoints.MYPOINTS]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A057A204-BACC-4D26-CEC4-75A487FD6484}"= "c:\progra~1\mypoints\mypoints.dll" [2008-10-29 1909248]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-cec4-75a487fd6484}]
[HKEY_CLASSES_ROOT\mypoints.MYPOINTS]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-20 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe" [2008-05-11 14088]
"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2008-08-30 234736]
"cafw"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-08-28 771312]
"capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-08-28 173296]
"capfupgrade"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-08-28 259312]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-24 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-13 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [2008-06-12 991584]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Metacafe.lnk - c:\program files\Metacafe\MetacafeAgent.exe [2009-02-17 145736]
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2008-05-11 1719496]
Start GetRight.lnk - c:\program files\GetRight\GetRight.exe [2006-09-30 4694296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}"= "c:\program files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\CIDLinkAdvisor.dll" [2008-07-23 1377720]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 12:30 79368 c:\windows\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.MV30"= c:\windows\system32\mv3.dll
"msacm.ac3filter"= ac3filter.acm
"vidc.VP31"= vp31vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1688:TCP"= 1688:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2008-06-24 93712]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2008-06-24 63504]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2008-06-24 45584]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2008-06-24 115216]
R2 Akamai;Akamai;c:\windows\System32\svchost.exe -k Akamai [2006-02-15 14336]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2008-06-24 134648]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2008-06-24 66576]
R2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2007-10-18 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2007-10-18 801296]
R2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [2008-06-24 281104]
R2 WinSvchostManager;WinSock Svchost Manager;c:\windows\system32\svcprs32.exe [2009-02-21 823296]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2008-06-24 88816]
S3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2008-01-26 185584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae8a9c04-8281-11da-9582-806d6172696f}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
.
Contents of the 'Scheduled Tasks' folder

2009-02-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe []

2009-02-21 c:\windows\Tasks\CAAntiSpywareScan_Daily as HP_Administrator at 6 33 AM.job
- c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\caantispyware.exe [2008-08-27 18:44]

2007-06-17 c:\windows\Tasks\RegClean Scheduled Scan.job
- c:\program files\RegClean\RegClean.exe []

2007-06-17 c:\windows\Tasks\RegClean Scheduled Scan.job
- c:\program files\RegClean []
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.optimum.net/Home
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Download All Files by HiDownload - c:\program files\StreamingStar\HiDownload\HDGetAll.htm
IE: Download by HiDownload - c:\program files\StreamingStar\HiDownload\HDGet.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\winsflt.dll
LSP: c:\windows\system32\VetRedir.dll
FF - ProfilePath - c:\documents and settings\M\Application Data\Mozilla\Firefox\Profiles\bsc1y8h9.default\
FF - prefs.js: browser.search.selectedEngine - Orbit Search (Powered By Google)
FF - component: c:\program files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\components\CallingIDLinkAdvisorGecko.dll
FF - component: c:\program files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\Firefox\components\CIDDomFx3.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\M\Application Data\Mozilla\Firefox\Profiles\bsc1y8h9.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\windows\system32\npmirage.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-06 10:52:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(612)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\UmxWnp.Dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll

- - - - - - - > 'lsass.exe'(668)
c:\windows\system32\winsflt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
c:\windows\system32\ati2evxx.exe
c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\arservice.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\spool\drivers\w32x86\3\HPZIPM12.EXE
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Orbitdownloader\orbitnet.exe
c:\windows\system32\dllhost.exe
c:\program files\CA\CA Internet Security Suite\ccprovsp.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\mdmcls32.exe
c:\program files\Metacafe\Metacafe.exe
.
**************************************************************************
.
Completion time: 2009-03-06 10:57:36 - machine was rebooted [M]
ComboFix-quarantined-files.txt 2009-03-06 15:57:33
ComboFix2.txt 2009-03-05 17:20:41
ComboFix3.txt 2009-03-04 07:24:02
ComboFix4.txt 2009-03-03 19:20:35

Pre-Run: 102,219,190,272 bytes free
Post-Run: 102,498,881,536 bytes free

338 --- E O F --- 2009-02-25 13:52:23


DDS (Ver_09-02-01.01) - NTFSx86
Run by M at 11:07:22.45 on Fri 03/06/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.297 [GMT -5:00]

AV: CA Anti-Virus *On-access scanning disabled* (Updated)
FW: CA Personal Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
svchost.exe
C:\Program Files\Metacafe\MetacafeAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\svcprs32.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\system32\mdmcls32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.optimum.net/Home
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: NoExplorer - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: IE to GetRight Helper: {31ff080d-12a3-439a-a2ef-4ba95a3148e8} - c:\program files\getright\xx2gr.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: MYPOINTS: {a057a204-bacc-4d26-cec4-75a487fd6484} - c:\progra~1\mypoints\mypoints.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: CA Toolbar Helper: {fbf2401b-7447-4727-be5d-c19b2075ca84} - c:\program files\ca\ca internet security suite\ca website inspector\toolbar\CallingIDIE.dll
TB: CA Toolbar: {10134636-e7af-4ac5-a1dc-c7c44bb97d81} - c:\program files\ca\ca internet security suite\ca website inspector\toolbar\CallingIDIE.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: MYPOINTS: {a057a204-bacc-4d26-cec4-75a487fd6484} - c:\progra~1\mypoints\mypoints.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [QOELOADER] "c:\program files\ca\ca internet security suite\ca anti-spam\qsp-6.0.1.33\QOELoader.exe"
mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"
mRun: [cafw] c:\program files\ca\ca internet security suite\ca personal firewall\cafw.exe -cl
mRun: [capfasem] c:\program files\ca\ca internet security suite\ca personal firewall\capfasem.exe
mRun: [capfupgrade] c:\program files\ca\ca internet security suite\ca personal firewall\capfupgrade.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] c:\program files\java\jre6\bin\jusched.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SearchSettings] c:\program files\search settings\SearchSettings.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\metacafe.lnk - c:\program files\metacafe\MetacafeAgent.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\orbit.lnk - c:\program files\orbitdownloader\orbitdm.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\startg~1.lnk - c:\program files\getright\GetRight.exe
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: Download All Files by HiDownload - c:\program files\streamingstar\hidownload\HDGetAll.htm
IE: Download by HiDownload - c:\program files\streamingstar\hidownload\HDGet.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
LSP: c:\windows\system32\winsflt.dll
LSP: c:\windows\system32\VetRedir.dll
DPF: {5E92F538-B50B-46C5-9C5F-C6EECED3F6C6} - hxxp://www.infospace.com/mypoints.main/tbar/mypointsSetup.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: PFW - UmxWnp.Dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: ShellHook Class: {1869181a-9f50-4fcf-8bff-1b8588ecb85c} - c:\program files\ca\ca internet security suite\ca website inspector\linkadvisor\CIDLinkAdvisor.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\m\applic~1\mozilla\firefox\profiles\bsc1y8h9.default\
FF - prefs.js: browser.search.selectedEngine - Orbit Search (Powered By Google)
FF - component: c:\program files\ca\ca internet security suite\ca website inspector\linkadvisor\firefox\components\CallingIDLinkAdvisorGecko.dll
FF - component: c:\program files\ca\ca internet security suite\ca website inspector\toolbar\firefox\components\CIDDomFx3.dll
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll

============= SERVICES / DRIVERS ===============

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2008-6-24 93712]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2008-6-24 63504]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2008-6-24 45584]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2008-6-24 115216]
R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2009-2-21 26352]
R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2009-2-21 21104]
R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\vetefile.sys [2009-2-21 880560]
R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\vetfddnt.sys [2009-2-21 21488]
R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2009-2-21 32240]
R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2007-7-6 561152]
R2 Akamai;Akamai;c:\windows\system32\svchost.exe -k Akamai [2006-2-15 14336]
R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus\isafe.exe [2008-1-26 144696]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2008-6-24 134648]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2008-6-24 66576]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2007-10-18 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2007-10-18 801296]
R2 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2008-6-24 281104]
R2 VETMSGNT;VET Message Service;c:\program files\ca\ca internet security suite\ca anti-virus\vetmsg.exe [2008-1-26 255216]
R2 WinSvchostManager;WinSock Svchost Manager;c:\windows\system32\svcprs32.exe [2009-2-21 823296]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2008-6-24 88816]
R3 PPCtlPriv;PPCtlPriv;c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [2008-1-26 185584]
R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\veteboot.sys [2009-2-21 108368]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;c:\windows\system32\drivers\NSDriver.sys [2007-6-4 9344]

=============== Created Last 30 ================

2009-03-06 09:21 <DIR> --d----- c:\docume~1\m\applic~1\Search Settings
2009-03-06 09:17 <DIR> --d----- c:\program files\Search Settings
2009-03-06 09:15 274,432 a------- c:\windows\system32\TubeFinder.exe
2009-03-06 09:15 364,544 a------- c:\windows\system32\PropertyGrid.ocx
2009-03-06 09:15 208,500 a------- c:\windows\system32\ReyXpBasics.tlb
2009-03-06 09:15 119,568 a------- c:\windows\system32\VB6FR.DLL
2009-03-06 09:15 101,888 a------- c:\windows\system32\VB6STKIT.DLL
2009-03-06 09:15 84,512 a------- c:\windows\system32\PICCLP32.OCX
2009-03-06 09:15 141,312 a------- c:\windows\system32\MSCMCFR.DLL
2009-03-06 09:15 32,768 a------- c:\windows\system32\CMDLGFR.DLL
2009-03-06 09:15 24,576 a------- c:\windows\system32\ControlSubX.ocx
2009-03-06 09:15 9,728 a------- c:\windows\system32\PCCLPFR.DLL
2009-03-06 09:15 <DIR> --d----- c:\program files\Free FLV Converter
2009-03-05 23:24 <DIR> --d----- c:\windows\system32\Adobe
2009-03-04 13:34 161,792 a------- c:\windows\SWREG.exe
2009-03-04 13:34 98,816 a------- c:\windows\sed.exe
2009-03-03 14:20 38,400 a------- c:\windows\system32\moveex.exe
2009-03-03 06:23 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-03 06:23 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-27 09:14 <DIR> --d----- C:\Y.D.T
2009-02-27 08:05 297 a------- c:\windows\system32\Infob.dat
2009-02-27 08:05 0 a------- c:\windows\system32\Infoa.dat
2009-02-27 07:59 355 a------- c:\windows\system32\treeinfo.dat
2009-02-27 07:55 <DIR> --d----- c:\program files\E.M. Youtube Video Download Tool
2009-02-27 06:57 <DIR> --d----- c:\program files\Smart FLV Converter Pro
2009-02-24 08:36 <DIR> --d----- c:\program files\common files\xing shared
2009-02-21 06:37 312,834 a------- c:\windows\system32\drivers\kmxcfg.u2k0
2009-02-21 06:37 64 a------- c:\windows\system32\drivers\kmxcfg.u2k7
2009-02-21 06:37 64 a------- c:\windows\system32\drivers\kmxcfg.u2k6
2009-02-21 06:37 64 a------- c:\windows\system32\drivers\kmxcfg.u2k5
2009-02-21 06:37 64 a------- c:\windows\system32\drivers\kmxcfg.u2k4
2009-02-21 06:37 64 a------- c:\windows\system32\drivers\kmxcfg.u2k3
2009-02-21 06:37 64 a------- c:\windows\system32\drivers\kmxcfg.u2k2
2009-02-21 06:37 64 a------- c:\windows\system32\drivers\kmxcfg.u2k1
2009-02-21 06:33 880,560 a------- c:\windows\system32\drivers\vetefile.sys
2009-02-21 06:33 108,368 a------- c:\windows\system32\drivers\veteboot.sys
2009-02-21 06:33 91,376 a------- c:\windows\system32\isafprod.dll
2009-02-21 06:33 32,240 a------- c:\windows\system32\drivers\vetmonnt.sys
2009-02-21 06:33 26,352 a------- c:\windows\system32\drivers\vet-filt.sys
2009-02-21 06:33 21,488 a------- c:\windows\system32\drivers\vetfddnt.sys
2009-02-21 06:33 21,104 a------- c:\windows\system32\drivers\vet-rec.sys
2009-02-21 06:32 2,732,032 a------- c:\windows\system32\win32cpr.dll
2009-02-21 06:32 823,296 a------- c:\windows\system32\svcprs32.exe
2009-02-21 06:32 1,564,771 a------- c:\windows\system32\winsflt.dll
2009-02-21 06:32 1,212,416 a------- c:\windows\system32\mdmcls32.exe
2009-02-21 06:32 1,830,912 a------- c:\windows\system32\winsflte.dll
2009-02-21 06:32 7,440 a------- c:\windows\system32\sporder.dll
2009-02-17 15:39 128,840 a------- c:\windows\system32\Metacafe.scr
2009-02-16 11:23 578,560 a------- c:\windows\system32\dllcache\user32.dll
2009-02-16 11:16 <DIR> --d----- c:\windows\ERUNT
2009-02-16 09:18 <DIR> --d----- C:\SDFix
2009-02-12 14:05 <DIR> --d----- c:\documents and settings\m\DoctorWeb
2009-02-11 13:39 <DIR> --d----- c:\docume~1\m\applic~1\SUPERAntiSpyware.com
2009-02-09 15:33 <DIR> --d----- c:\docume~1\m\applic~1\HPQ
2009-02-09 05:32 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-08 16:20 24,660 a------- c:\windows\system32\dllcache\spxupchk.dll
2009-02-08 16:20 61,824 a------- c:\windows\system32\dllcache\speed.sys
2009-02-08 16:20 106,584 a------- c:\windows\system32\dllcache\spdports.dll
2009-02-08 16:20 19,072 a------- c:\windows\system32\dllcache\sparrow.sys
2009-02-08 16:20 7,552 a------- c:\windows\system32\dllcache\sonypvu1.sys
2009-02-08 16:18 91,294 a------- c:\windows\system32\dllcache\skfpwin.sys
2009-02-08 16:17 11,648 a------- c:\windows\system32\dllcache\scsiprnt.sys
2009-02-08 16:16 79,872 a------- c:\windows\system32\dllcache\rwia430.dll
2009-02-08 16:15 33,152 a------- c:\windows\system32\dllcache\ql10wnt.sys
2009-02-08 16:14 27,904 a------- c:\windows\system32\dllcache\perm2.sys
2009-02-08 16:13 54,186 a------- c:\windows\system32\dllcache\otcsercb.sys
2009-02-08 16:12 39,264 a------- c:\windows\system32\dllcache\neo20xx.sys
2009-02-08 16:11 2,944 a------- c:\windows\system32\dllcache\msmpu401.sys
2009-02-08 16:10 58,368 a------- c:\windows\system32\dllcache\m3091dc.dll
2009-02-08 16:09 6,144 a------- c:\windows\system32\dllcache\kbd106.dll
2009-02-08 16:08 20,480 a------- c:\windows\system32\dllcache\icam5ext.dll
2009-02-08 16:07 57,471 a------- c:\windows\system32\dllcache\hsf_samp.sys
2009-02-08 16:06 20,352 a------- c:\windows\system32\dllcache\hidbatt.sys
2009-02-08 16:05 27,165 a------- c:\windows\system32\dllcache\fetnd5.sys
2009-02-08 16:04 18,503 a------- c:\windows\system32\dllcache\epro4.sys
2009-02-08 16:03 29,696 a------- c:\windows\system32\dllcache\dm9pci5.sys
2009-02-08 16:02 117,760 a------- c:\windows\system32\dllcache\d100ib5.sys
2009-02-08 16:01 1,677,824 a------- c:\windows\system32\dllcache\chsbrkr.dll
2009-02-08 16:00 12,160 a------- c:\windows\system32\dllcache\brfiltlo.sys
2009-02-08 15:58 66,048 a------- c:\windows\system32\dllcache\s3legacy.dll
2009-02-07 16:30 <DIR> --d----- c:\docume~1\m\applic~1\Malwarebytes
2009-02-07 16:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-07 14:42 <DIR> --d----- c:\docume~1\m\applic~1\WinBatch
2009-02-07 12:38 <DIR> --d----- c:\program files\Spyware Doctor
2009-02-05 11:09 <DIR> --d----- c:\documents and settings\m\.drdivx2

==================== Find3M ====================

2009-03-05 16:14 2,204 a------- c:\docume~1\m\applic~1\wklnhst.dat
2009-02-24 08:35 499,712 a------- c:\windows\system32\msvcp71.dll
2009-02-24 08:35 348,160 a------- c:\windows\system32\msvcr71.dll
2009-01-16 21:35 3,594,752 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-19 04:10 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 04:10 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 00:25 634,024 a------- c:\windows\system32\dllcache\iexplore.exe
2008-12-19 00:23 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2008-12-13 12:17 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-11 05:57 333,952 -------- c:\windows\system32\dllcache\srv.sys

============= FINISH: 11:07:54.12 ===============

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users