Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan, Malware, And More


  • Please log in to reply
14 replies to this topic

#1 TRhoden

TRhoden

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:41 AM

Posted 09 June 2007 - 09:08 PM

It Keeps popping up adds when i get on the internet...


Logfile of HijackThis v1.99.1
Scan saved at 9:06:57 PM, on 6/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\program files\a-squared free\a2service.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ResChanger 2005\ResChanger2005.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Trent\Desktop\Protection\HijackThis\abc.bat.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {4B646AFB-9341-4330-8FD1-C32485AEE619} - C:\WINDOWS\system32\tmp6487.tmp.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9f900c2b-cfce-4ce1-9c31-cd84fdfd013c} - C:\WINDOWS\system32\logyle.dll
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\qonlmm.dll",realset
O4 - HKCU\..\Run: [ResChanger 2005] C:\Program Files\ResChanger 2005\ResChanger2005.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1170619651515
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disteng/neff...ffyLauncher.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/heavyweap...aploader_v6.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...624/mcfscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: logyle - C:\WINDOWS\SYSTEM32\logyle.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Thanks in advance for your help...

Trent

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 10 June 2007 - 10:27 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum TRhoden :thumbsup:

Please download VundoFix.exe to your desktop.
Double-click VundoFix.exe to run it.
When VundoFix re-opens,click the "Scan for Vundo" button.
Once it's done scanning,click the "Remove Vundo" button.
You will receive a prompt asking if you want to remove the files, click "YES".
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed,it will prompt that it will reboot your computer,click "OK".
Post the contents of C:\vundofix.txt into your next reply.

Note:
It is possible that VundoFix encountered a file it could not remove.
In this case,VundoFix will run on reboot,simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

******************

Please download Combofix and save to your desktop:
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.


Also post a new Hijackthis log please.
Posted Image
Posted Image

#3 TRhoden

TRhoden
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:41 AM

Posted 10 June 2007 - 03:24 PM

VundoFix did not catch anything

ComboFix 07-06-11 - C:\Documents and Settings\Trent\Desktop\ComboFix.exe
"Trent" - 2007-06-10 15:11:23 - Service Pack 2 NTFS


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\awwxww.dll
C:\WINDOWS\cbyxvv.dll
C:\WINDOWS\dddddc.dll
C:\WINDOWS\effcyv.dll
C:\WINDOWS\pmllif.dll
C:\WINDOWS\qomkhh.dll
C:\WINDOWS\qonlmm.dll
C:\WINDOWS\rqollk.dll
C:\WINDOWS\urpqrr.dll
C:\WINDOWS\wwxwwa.ini
C:\WINDOWS\vvxybc.ini
C:\WINDOWS\cddddd.ini
C:\WINDOWS\vycffe.ini
C:\WINDOWS\fillmp.ini
C:\WINDOWS\hhkmoq.ini
C:\WINDOWS\mmlnoq.ini
C:\WINDOWS\klloqr.ini
C:\WINDOWS\rrqpru.ini
C:\WINDOWS\system32\logyle.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\winsupdater
C:\WINDOWS\system32\drivers\sfsync02.sys


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_SFSYNC02
-------\sfsync02


((((((((((((((((((((((((( Files Created from 2007-05-10 to 2007-06-10 )))))))))))))))))))))))))))))))


2007-06-10 15:15 0 --a------ C:\WINDOWS\system32\sfsync02.dll
2007-06-10 15:10 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-10 14:35 <DIR> d-------- C:\DOCUME~1\Trent\APPLIC~1\Reno 911 Paintball
2007-06-09 21:08 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp794.tmp.exe
2007-06-08 14:40 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp1EFC.tmp.exe
2007-06-08 10:55 131,072 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp18FA.tmp.exe
2007-06-07 16:54 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp1272.tmp.exe
2007-06-07 16:51 <DIR> d-------- C:\DOCUME~1\Trent\.housecall6.6
2007-06-07 16:46 131,072 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpEBB.tmp.exe
2007-06-07 16:44 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpDE5.tmp.exe
2007-06-07 16:37 131,072 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpD15.tmp.exe
2007-06-07 16:26 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpB42.tmp.exe
2007-06-07 16:24 131,072 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpA11.tmp.exe
2007-06-07 07:52 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp6F60.tmp.exe
2007-06-07 07:52 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp6EFA.tmp.exe
2007-06-07 07:51 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp6EF1.tmp.exe
2007-06-07 07:51 131,072 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp6EF0.tmp.exe
2007-06-06 21:35 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpD8FD.tmp.exe
2007-06-06 21:30 131,072 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpD650.tmp.exe
2007-06-06 21:29 131,072 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpD649.tmp.exe
2007-06-06 21:29 131,072 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpD640.tmp.exe
2007-06-06 21:27 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpD483.tmp.exe
2007-06-06 21:21 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpD1DC.tmp.exe
2007-06-06 21:21 131,072 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpD1D9.tmp.exe
2007-06-06 21:06 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpCCB0.tmp.exe
2007-06-06 20:54 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpC74C.tmp.exe
2007-06-06 20:54 131,072 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpC744.tmp.exe
2007-06-06 20:49 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpC5C8.tmp.exe
2007-06-06 20:36 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpC1FC.tmp.exe
2007-06-06 20:35 131,072 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpC1F1.tmp.exe
2007-06-06 20:32 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpC107.tmp.exe
2007-06-06 20:25 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpBD7C.tmp.exe
2007-06-06 20:22 131,072 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpBC71.tmp.exe
2007-06-05 17:51 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-06-05 16:46 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp8AE0.tmp.exe
2007-06-05 16:30 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp88FD.tmp.exe
2007-06-05 16:24 131,072 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp86A9.tmp.exe
2007-06-05 16:23 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp8680.tmp.exe
2007-06-05 14:31 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp6E2F.tmp.exe
2007-06-05 14:21 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp6B10.tmp.exe
2007-06-05 14:21 131,072 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp6B2A.tmp.exe
2007-06-05 14:20 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp6AEA.tmp.exe
2007-06-05 14:18 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp695E.tmp.exe
2007-06-05 14:17 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp6744.tmp.exe
2007-06-05 14:17 131,072 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp68B5.tmp.exe
2007-06-05 14:14 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp6448.tmp.exe
2007-06-05 14:12 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp62D2.tmp.exe
2007-06-05 14:12 131,072 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp62EF.tmp.exe
2007-06-05 14:04 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp5B96.tmp.exe
2007-06-03 21:14 233,661 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp4D9B.tmp.exe
2007-06-03 21:14 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp4D72.tmp.exe
2007-06-03 21:13 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp4D26.tmp.exe
2007-06-03 13:49 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp41FE.tmp.exe
2007-06-03 13:41 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp3F03.tmp.exe
2007-06-03 13:41 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp3F21.tmp.exe
2007-06-03 13:41 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp3F18.tmp.exe
2007-06-03 13:29 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp3CB7.tmp.exe
2007-06-03 13:21 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp3ADD.tmp.exe
2007-06-03 13:21 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp3AE6.tmp.exe
2007-06-03 13:21 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp3ADF.tmp.exe
2007-06-03 13:13 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp39A6.tmp.exe
2007-06-03 13:07 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp3578.tmp.exe
2007-06-03 13:06 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp3574.tmp.exe
2007-06-03 13:06 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp3535.tmp.exe
2007-06-03 13:06 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp3576.tmp.exe
2007-06-02 19:17 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp1C8E.tmp.exe
2007-06-02 19:17 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp1C6B.tmp.exe
2007-06-02 19:17 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp1C95.tmp.exe
2007-06-02 19:17 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp1C93.tmp.exe
2007-06-02 13:42 233,702 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp12F8.tmp.exe
2007-06-02 13:39 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp12EB.tmp.exe
2007-06-02 13:39 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp12ED.tmp.exe
2007-06-02 13:32 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp126F.tmp.exe
2007-06-02 13:21 233,702 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpFBE.tmp.exe
2007-06-02 13:20 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpFB5.tmp.exe
2007-06-02 13:20 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpFB7.tmp.exe
2007-06-02 13:14 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpF14.tmp.exe
2007-06-02 13:09 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpD59.tmp.exe
2007-06-02 13:09 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpD7A.tmp.exe
2007-06-02 13:09 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpD69.tmp.exe
2007-06-02 13:07 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpCAC.tmp.exe
2007-06-02 13:02 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp7FE.tmp.exe
2007-06-02 13:02 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp717.tmp.exe
2007-06-02 13:02 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp8D1.tmp.exe
2007-06-02 13:02 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp881.tmp.exe
2007-06-02 08:55 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpFCE1.tmp.exe
2007-06-02 08:55 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpFCE3.tmp.exe
2007-06-02 00:03 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpB87F.tmp.exe
2007-06-01 23:45 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpB58A.tmp.exe
2007-06-01 23:45 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpB5AC.tmp.exe
2007-06-01 23:45 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpB5A5.tmp.exe
2007-06-01 23:44 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpB4DF.tmp.exe
2007-06-01 23:37 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpB3A4.tmp.exe
2007-06-01 21:56 233,432 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpB069.tmp.exe
2007-06-01 21:56 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpB067.tmp.exe
2007-06-01 21:55 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpAF9D.tmp.exe
2007-06-01 21:54 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpAF18.tmp.exe
2007-06-01 21:43 233,432 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpAD27.tmp.exe
2007-06-01 21:43 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpAD26.tmp.exe
2007-06-01 21:40 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpAC3B.tmp.exe


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-10 19:31:02 -------- d-s---w C:\Program Files\Xfire
2007-06-10 02:53:03 -------- d-----w C:\Program Files\Steam
2007-06-10 01:55:30 -------- d-----w C:\Program Files\a-squared Free
2007-06-10 01:43:40 -------- d-----w C:\Program Files\Neffy
2007-06-10 01:27:15 -------- d-----w C:\DOCUME~1\Trent\APPLIC~1\teamspeak2
2007-06-07 13:14:40 -------- d-----w C:\DOCUME~1\Trent\APPLIC~1\dvdcss
2007-06-05 22:51:46 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-05 22:44:42 -------- d-----w C:\Program Files\Microsoft Games
2007-06-02 14:08:00 50,508 ----a-w C:\DOCUME~1\Trent\APPLIC~1\tmp720.tmp.Vexe
2007-06-02 14:07:53 50,785 ----a-w C:\DOCUME~1\Trent\APPLIC~1\tmp6487.tmp.Vexe
2007-06-02 14:07:28 50,944 ----a-w C:\DOCUME~1\Trent\APPLIC~1\tmp39D.tmp.Vexe
2007-06-02 14:07:21 50,937 ----a-w C:\DOCUME~1\Trent\APPLIC~1\tmp293D.tmp.Vexe
2007-06-02 14:07:14 50,508 ----a-w C:\DOCUME~1\Trent\APPLIC~1\tmp269D.tmp.Vexe
2007-06-02 14:06:51 50,508 ----a-w C:\DOCUME~1\Trent\APPLIC~1\tmp21B3.tmp.Vexe
2007-06-02 14:06:27 50,944 ----a-w C:\DOCUME~1\Trent\APPLIC~1\tmp1F39.tmp.Vexe
2007-06-02 02:24:31 -------- d-----w C:\Program Files\iPod
2007-05-29 14:40:59 -------- d-----w C:\Program Files\Silkroad
2007-05-29 05:05:21 -------- d-----w C:\Program Files\EA GAMES
2007-05-24 21:14:32 -------- d--h--w C:\DOCUME~1\Trent\APPLIC~1\Move Networks
2007-05-13 04:17:59 -------- d-----w C:\Program Files\Microsoft Works
2007-05-12 02:06:01 -------- d-----w C:\Program Files\QuickTime
2007-05-08 03:39:25 -------- d-----w C:\Program Files\Ubisoft
2007-05-08 03:35:49 -------- d-----w C:\Program Files\Hero_Online
2007-05-08 03:33:58 -------- d-----w C:\Program Files\Guild Wars
2007-05-08 03:30:28 -------- d-----w C:\Program Files\Doom 3
2007-05-08 03:27:44 -------- d-----w C:\Program Files\Electronic Arts
2007-05-02 03:25:57 -------- d-----w C:\Program Files\Yahoo!
2007-05-02 03:22:02 -------- d-----w C:\Program Files\CCleaner
2007-05-01 04:10:14 -------- d-----w C:\DOCUME~1\Trent\APPLIC~1\MySpace
2007-04-27 23:36:17 -------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2007-04-26 23:28:10 -------- d-----w C:\DOCUME~1\Trent\APPLIC~1\Ventrilo
2007-04-26 01:32:01 -------- d-----w C:\DOCUME~1\Trent\APPLIC~1\WordWeb
2007-04-25 15:39:53 -------- d-----w C:\Program Files\DivX
2007-04-24 03:10:29 -------- d-----w C:\Program Files\Trillian
2007-04-17 21:33:24 40,960 ----a-w C:\WINDOWS\system32\SSWv2.dll
2007-04-16 03:42:53 22,584 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-04-16 03:42:02 99,904 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-04-12 04:03:57 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-04-04 01:39:02 63,040 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-03-27 07:55:57 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-03-27 07:55:48 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-03-27 07:55:31 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-03-27 07:55:31 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-03-27 07:55:31 116,472 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-03-27 07:55:23 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-03-27 07:55:23 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-03-27 07:49:07 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-03-27 07:49:07 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-03-27 07:49:05 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-03-27 07:49:03 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-03-27 07:49:02 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-03-27 07:49:02 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-03-27 07:49:02 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-03-27 07:49:02 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-03-27 07:48:59 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-03-27 07:48:58 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-03-27 07:48:58 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-03-27 07:48:58 639,066 ----a-w C:\WINDOWS\system32\DivX.dll
2006-05-17 22:17:54 88 --sh--r C:\WINDOWS\system32\8B683F1C52.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-04-07 00:02]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGEIA PhysX SysTray"="C:\Program Files\AGEIA Technologies\TrayIcon.exe" [2006-03-20 14:43]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-03-08 23:21]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-01-11 17:45]
"nwiz"="nwiz.exe" [2006-04-28 15:47 C:\WINDOWS\system32\nwiz.exe]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 16:30]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-05-26 12:45]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-28 15:47]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ResChanger 2005"="C:\Program Files\ResChanger 2005\ResChanger2005.exe" [2005-05-26 18:30]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 09:13]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SilkRoadHack]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f152f25a-4e2b-11da-bc1c-00301b2b4c2c}]
AutoRun\command- G:\JDSecure\Windows\JDSecure20.exe


Contents of the 'Scheduled Tasks' folder
2007-06-08 23:18:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-10 15:17:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-10 15:16:12 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-10 15:16

--- E O F ---
(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\awwxww.dll
C:\WINDOWS\cbyxvv.dll
C:\WINDOWS\dddddc.dll
C:\WINDOWS\effcyv.dll
C:\WINDOWS\pmllif.dll
C:\WINDOWS\qomkhh.dll
C:\WINDOWS\qonlmm.dll
C:\WINDOWS\rqollk.dll
C:\WINDOWS\urpqrr.dll
C:\WINDOWS\wwxwwa.ini
C:\WINDOWS\vvxybc.ini
C:\WINDOWS\cddddd.ini
C:\WINDOWS\vycffe.ini
C:\WINDOWS\fillmp.ini
C:\WINDOWS\hhkmoq.ini
C:\WINDOWS\mmlnoq.ini
C:\WINDOWS\klloqr.ini
C:\WINDOWS\rrqpru.ini
C:\WINDOWS\system32\logyle.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\winsupdater
C:\WINDOWS\system32\drivers\sfsync02.sys


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_SFSYNC02
-------\sfsync02


((((((((((((((((((((((((( Files Created from 2007-05-10 to 2007-06-10 )))))))))))))))))))))))))))))))


2007-06-07 16:51 <DIR> d-------- C:\DOCUME~1\Trent\.housecall6.6
2007-05-29 00:20 <DIR> d-------- C:\DOCUME~1\Trent\.limewire


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-10 19:31:02 -------- d-s---w C:\Program Files\Xfire
2007-06-10 02:53:03 -------- d-----w C:\Program Files\Steam
2007-06-10 01:55:30 -------- d-----w C:\Program Files\a-squared Free
2007-06-10 01:43:40 -------- d-----w C:\Program Files\Neffy
2007-06-10 01:27:15 -------- d-----w C:\DOCUME~1\Trent\APPLIC~1\teamspeak2
2007-06-07 13:14:40 -------- d-----w C:\DOCUME~1\Trent\APPLIC~1\dvdcss
2007-06-05 22:51:46 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-05 22:44:42 -------- d-----w C:\Program Files\Microsoft Games
2007-06-02 14:08:00 50,508 ----a-w C:\DOCUME~1\Trent\APPLIC~1\tmp720.tmp.Vexe
2007-06-02 14:07:53 50,785 ----a-w C:\DOCUME~1\Trent\APPLIC~1\tmp6487.tmp.Vexe
2007-06-02 14:07:28 50,944 ----a-w C:\DOCUME~1\Trent\APPLIC~1\tmp39D.tmp.Vexe
2007-06-02 14:07:21 50,937 ----a-w C:\DOCUME~1\Trent\APPLIC~1\tmp293D.tmp.Vexe
2007-06-02 14:07:14 50,508 ----a-w C:\DOCUME~1\Trent\APPLIC~1\tmp269D.tmp.Vexe
2007-06-02 14:06:51 50,508 ----a-w C:\DOCUME~1\Trent\APPLIC~1\tmp21B3.tmp.Vexe
2007-06-02 14:06:27 50,944 ----a-w C:\DOCUME~1\Trent\APPLIC~1\tmp1F39.tmp.Vexe
2007-06-02 02:24:31 -------- d-----w C:\Program Files\iPod
2007-05-29 14:40:59 -------- d-----w C:\Program Files\Silkroad
2007-05-29 05:05:21 -------- d-----w C:\Program Files\EA GAMES
2007-05-24 21:14:32 -------- d--h--w C:\DOCUME~1\Trent\APPLIC~1\Move Networks
2007-05-13 04:17:59 -------- d-----w C:\Program Files\Microsoft Works
2007-05-12 02:06:01 -------- d-----w C:\Program Files\QuickTime
2007-05-08 03:39:25 -------- d-----w C:\Program Files\Ubisoft
2007-05-08 03:35:49 -------- d-----w C:\Program Files\Hero_Online
2007-05-08 03:33:58 -------- d-----w C:\Program Files\Guild Wars
2007-05-08 03:30:28 -------- d-----w C:\Program Files\Doom 3
2007-05-08 03:27:44 -------- d-----w C:\Program Files\Electronic Arts
2007-05-02 03:25:57 -------- d-----w C:\Program Files\Yahoo!
2007-05-02 03:22:02 -------- d-----w C:\Program Files\CCleaner
2007-05-01 04:10:14 -------- d-----w C:\DOCUME~1\Trent\APPLIC~1\MySpace
2007-04-27 23:36:17 -------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2007-04-26 23:28:10 -------- d-----w C:\DOCUME~1\Trent\APPLIC~1\Ventrilo
2007-04-26 01:32:01 -------- d-----w C:\DOCUME~1\Trent\APPLIC~1\WordWeb
2007-04-25 15:39:53 -------- d-----w C:\Program Files\DivX
2007-04-24 03:10:29 -------- d-----w C:\Program Files\Trillian
2007-04-17 21:33:24 40,960 ----a-w C:\WINDOWS\system32\SSWv2.dll
2007-04-16 03:42:53 22,584 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-04-16 03:42:02 99,904 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-04-12 04:03:57 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-04-04 01:39:02 63,040 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-03-27 07:55:57 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-03-27 07:55:48 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-03-27 07:55:31 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-03-27 07:55:31 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-03-27 07:55:31 116,472 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-03-27 07:55:23 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-03-27 07:55:23 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-03-27 07:49:07 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-03-27 07:49:07 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-03-27 07:49:05 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-03-27 07:49:03 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-03-27 07:49:02 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-03-27 07:49:02 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-03-27 07:49:02 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-03-27 07:49:02 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-03-27 07:48:59 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-03-27 07:48:58 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-03-27 07:48:58 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-03-27 07:48:58 639,066 ----a-w C:\WINDOWS\system32\DivX.dll
2006-05-17 22:17:54 88 --sh--r C:\WINDOWS\system32\8B683F1C52.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-04-07 00:02]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGEIA PhysX SysTray"="C:\Program Files\AGEIA Technologies\TrayIcon.exe" [2006-03-20 14:43]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-03-08 23:21]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-01-11 17:45]
"nwiz"="nwiz.exe" [2006-04-28 15:47 C:\WINDOWS\system32\nwiz.exe]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 16:30]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-05-26 12:45]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ResChanger 2005"="C:\Program Files\ResChanger 2005\ResChanger2005.exe" [2005-05-26 18:30]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 09:13]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SilkRoadHack]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f152f25a-4e2b-11da-bc1c-00301b2b4c2c}]
AutoRun\command- G:\JDSecure\Windows\JDSecure20.exe


Contents of the 'Scheduled Tasks' folder
2007-06-08 23:18:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-10 15:16:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-06-10 15:17:10 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-10 15:16

--- E O F ---










Logfile of HijackThis v1.99.1
Scan saved at 15:18, on 2007-06-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\a-squared free\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ResChanger 2005\ResChanger2005.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Trent\Desktop\Protection\HijackThis\abc.bat.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ResChanger 2005] C:\Program Files\ResChanger 2005\ResChanger2005.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1170619651515
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disteng/neff...ffyLauncher.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/heavyweap...aploader_v6.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...624/mcfscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



Thanks

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 10 June 2007 - 05:10 PM

Double click on combofix.exe again and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.

Also post a new Hijackthis log please.

Posted Image
Posted Image

#5 TRhoden

TRhoden
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:41 AM

Posted 12 June 2007 - 09:03 AM

ComboFix 07-06-11 - C:\Documents and Settings\Trent\Desktop\ComboFix.exe
"Trent" - 2007-06-12 8:47:10 - Service Pack 2 NTFS


((((((((((((((((((((((((( Files Created from 2007-05-12 to 2007-06-12 )))))))))))))))))))))))))))))))


2007-06-10 15:15 0 --a------ C:\WINDOWS\system32\sfsync02.dll
2007-06-10 15:10 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-10 14:35 <DIR> d-------- C:\DOCUME~1\Trent\APPLIC~1\Reno 911 Paintball
2007-06-09 21:08 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp794.tmp.exe
2007-06-08 14:40 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp1EFC.tmp.exe
2007-06-08 10:55 131,072 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp18FA.tmp.exe
2007-06-07 16:54 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp1272.tmp.exe
2007-06-07 16:51 <DIR> d-------- C:\DOCUME~1\Trent\.housecall6.6
2007-06-07 16:46 131,072 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpEBB.tmp.exe
2007-06-07 16:44 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpDE5.tmp.exe
2007-06-07 16:37 131,072 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpD15.tmp.exe
2007-06-07 16:26 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpB42.tmp.exe
2007-06-07 16:24 131,072 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpA11.tmp.exe
2007-06-07 07:52 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp6F60.tmp.exe
2007-06-07 07:52 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp6EFA.tmp.exe
2007-06-07 07:51 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp6EF1.tmp.exe
2007-06-07 07:51 131,072 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp6EF0.tmp.exe
2007-06-06 21:35 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpD8FD.tmp.exe
2007-06-06 21:30 131,072 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpD650.tmp.exe
2007-06-06 21:29 131,072 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpD649.tmp.exe
2007-06-06 21:29 131,072 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpD640.tmp.exe
2007-06-06 21:27 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpD483.tmp.exe
2007-06-06 21:21 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpD1DC.tmp.exe
2007-06-06 21:21 131,072 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpD1D9.tmp.exe
2007-06-06 21:06 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpCCB0.tmp.exe
2007-06-06 20:54 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpC74C.tmp.exe
2007-06-06 20:54 131,072 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpC744.tmp.exe
2007-06-06 20:49 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpC5C8.tmp.exe
2007-06-06 20:36 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpC1FC.tmp.exe
2007-06-06 20:35 131,072 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpC1F1.tmp.exe
2007-06-06 20:32 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpC107.tmp.exe
2007-06-06 20:25 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpBD7C.tmp.exe
2007-06-06 20:22 131,072 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpBC71.tmp.exe
2007-06-05 17:51 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-06-05 16:46 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp8AE0.tmp.exe
2007-06-05 16:30 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp88FD.tmp.exe
2007-06-05 16:24 131,072 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp86A9.tmp.exe
2007-06-05 16:23 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp8680.tmp.exe
2007-06-05 14:31 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp6E2F.tmp.exe
2007-06-05 14:21 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp6B10.tmp.exe
2007-06-05 14:21 131,072 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp6B2A.tmp.exe
2007-06-05 14:20 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp6AEA.tmp.exe
2007-06-05 14:18 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp695E.tmp.exe
2007-06-05 14:17 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp6744.tmp.exe
2007-06-05 14:17 131,072 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp68B5.tmp.exe
2007-06-05 14:14 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp6448.tmp.exe
2007-06-05 14:12 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp62D2.tmp.exe
2007-06-05 14:12 131,072 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp62EF.tmp.exe
2007-06-05 14:04 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp5B96.tmp.exe
2007-06-03 21:14 233,661 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp4D9B.tmp.exe
2007-06-03 21:14 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp4D72.tmp.exe
2007-06-03 21:13 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp4D26.tmp.exe
2007-06-03 13:49 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp41FE.tmp.exe
2007-06-03 13:41 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp3F03.tmp.exe
2007-06-03 13:41 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp3F21.tmp.exe
2007-06-03 13:41 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp3F18.tmp.exe
2007-06-03 13:29 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp3CB7.tmp.exe
2007-06-03 13:21 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp3ADD.tmp.exe
2007-06-03 13:21 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp3AE6.tmp.exe
2007-06-03 13:21 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp3ADF.tmp.exe
2007-06-03 13:13 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp39A6.tmp.exe
2007-06-03 13:07 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp3578.tmp.exe
2007-06-03 13:06 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp3574.tmp.exe
2007-06-03 13:06 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp3535.tmp.exe
2007-06-03 13:06 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp3576.tmp.exe
2007-06-02 19:17 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp1C8E.tmp.exe
2007-06-02 19:17 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp1C6B.tmp.exe
2007-06-02 19:17 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp1C95.tmp.exe
2007-06-02 19:17 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp1C93.tmp.exe
2007-06-02 13:42 233,702 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp12F8.tmp.exe
2007-06-02 13:39 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp12EB.tmp.exe
2007-06-02 13:39 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp12ED.tmp.exe
2007-06-02 13:32 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp126F.tmp.exe
2007-06-02 13:21 233,702 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpFBE.tmp.exe
2007-06-02 13:20 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpFB5.tmp.exe
2007-06-02 13:20 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpFB7.tmp.exe
2007-06-02 13:14 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpF14.tmp.exe
2007-06-02 13:09 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpD59.tmp.exe
2007-06-02 13:09 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpD7A.tmp.exe
2007-06-02 13:09 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpD69.tmp.exe
2007-06-02 13:07 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpCAC.tmp.exe
2007-06-02 13:02 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp7FE.tmp.exe
2007-06-02 13:02 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp717.tmp.exe
2007-06-02 13:02 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp8D1.tmp.exe
2007-06-02 13:02 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp881.tmp.exe
2007-06-02 08:55 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpFCE1.tmp.exe
2007-06-02 08:55 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpFCE3.tmp.exe
2007-06-02 00:03 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpB87F.tmp.exe
2007-06-01 23:45 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpB58A.tmp.exe
2007-06-01 23:45 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpB5AC.tmp.exe
2007-06-01 23:45 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpB5A5.tmp.exe
2007-06-01 23:44 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpB4DF.tmp.exe
2007-06-01 23:37 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpB3A4.tmp.exe
2007-06-01 21:56 233,432 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpB069.tmp.exe
2007-06-01 21:56 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpB067.tmp.exe
2007-06-01 21:55 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpAF9D.tmp.exe
2007-06-01 21:54 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpAF18.tmp.exe
2007-06-01 21:43 233,432 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpAD27.tmp.exe
2007-06-01 21:43 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpAD26.tmp.exe
2007-06-01 21:40 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpAC3B.tmp.exe


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-12 02:23:25 -------- d-----w C:\Program Files\Steam
2007-06-12 02:22:36 -------- d-----w C:\DOCUME~1\Trent\APPLIC~1\Xfire
2007-06-12 02:21:51 -------- d-s---w C:\Program Files\Xfire
2007-06-11 18:11:48 -------- d-----w C:\Program Files\Guild Wars
2007-06-10 01:55:30 -------- d-----w C:\Program Files\a-squared Free
2007-06-10 01:43:40 -------- d-----w C:\Program Files\Neffy
2007-06-10 01:27:15 -------- d-----w C:\DOCUME~1\Trent\APPLIC~1\teamspeak2
2007-06-07 13:14:40 -------- d-----w C:\DOCUME~1\Trent\APPLIC~1\dvdcss
2007-06-05 22:51:46 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-05 22:44:42 -------- d-----w C:\Program Files\Microsoft Games
2007-06-02 14:08:00 50,508 ----a-w C:\DOCUME~1\Trent\APPLIC~1\tmp720.tmp.Vexe
2007-06-02 14:07:53 50,785 ----a-w C:\DOCUME~1\Trent\APPLIC~1\tmp6487.tmp.Vexe
2007-06-02 14:07:28 50,944 ----a-w C:\DOCUME~1\Trent\APPLIC~1\tmp39D.tmp.Vexe
2007-06-02 14:07:21 50,937 ----a-w C:\DOCUME~1\Trent\APPLIC~1\tmp293D.tmp.Vexe
2007-06-02 14:07:14 50,508 ----a-w C:\DOCUME~1\Trent\APPLIC~1\tmp269D.tmp.Vexe
2007-06-02 14:06:51 50,508 ----a-w C:\DOCUME~1\Trent\APPLIC~1\tmp21B3.tmp.Vexe
2007-06-02 14:06:27 50,944 ----a-w C:\DOCUME~1\Trent\APPLIC~1\tmp1F39.tmp.Vexe
2007-06-02 02:24:31 -------- d-----w C:\Program Files\iPod
2007-05-29 14:40:59 -------- d-----w C:\Program Files\Silkroad
2007-05-29 05:05:21 -------- d-----w C:\Program Files\EA GAMES
2007-05-24 21:14:32 -------- d--h--w C:\DOCUME~1\Trent\APPLIC~1\Move Networks
2007-05-13 04:17:59 -------- d-----w C:\Program Files\Microsoft Works
2007-05-12 17:06:05 -------- d-----w C:\Program Files\Teamspeak2_RC2
2007-05-12 02:06:01 -------- d-----w C:\Program Files\QuickTime
2007-05-08 03:39:25 -------- d-----w C:\Program Files\Ubisoft
2007-05-08 03:35:49 -------- d-----w C:\Program Files\Hero_Online
2007-05-08 03:30:28 -------- d-----w C:\Program Files\Doom 3
2007-05-08 03:27:44 -------- d-----w C:\Program Files\Electronic Arts
2007-05-02 03:25:57 -------- d-----w C:\Program Files\Yahoo!
2007-05-02 03:22:02 -------- d-----w C:\Program Files\CCleaner
2007-05-01 04:10:14 -------- d-----w C:\DOCUME~1\Trent\APPLIC~1\MySpace
2007-04-27 23:36:17 -------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2007-04-26 23:28:10 -------- d-----w C:\DOCUME~1\Trent\APPLIC~1\Ventrilo
2007-04-26 01:32:01 -------- d-----w C:\DOCUME~1\Trent\APPLIC~1\WordWeb
2007-04-25 15:39:53 -------- d-----w C:\Program Files\DivX
2007-04-24 03:10:29 -------- d-----w C:\Program Files\Trillian
2007-04-17 21:33:24 40,960 ----a-w C:\WINDOWS\system32\SSWv2.dll
2007-04-16 03:42:53 22,584 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-04-16 03:42:02 99,904 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-04-12 04:03:57 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-04-04 01:39:02 63,040 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-03-27 07:55:57 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-03-27 07:55:48 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-03-27 07:55:31 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-03-27 07:55:31 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-03-27 07:55:31 116,472 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-03-27 07:55:23 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-03-27 07:55:23 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-03-27 07:49:07 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-03-27 07:49:07 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-03-27 07:49:05 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-03-27 07:49:03 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-03-27 07:49:02 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-03-27 07:49:02 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-03-27 07:49:02 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-03-27 07:49:02 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-03-27 07:48:59 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-03-27 07:48:58 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-03-27 07:48:58 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-03-27 07:48:58 639,066 ----a-w C:\WINDOWS\system32\DivX.dll
2006-05-17 22:17:54 88 --sh--r C:\WINDOWS\system32\8B683F1C52.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-04-07 00:02]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGEIA PhysX SysTray"="C:\Program Files\AGEIA Technologies\TrayIcon.exe" [2006-03-20 14:43]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-03-08 23:21]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-01-11 17:45]
"nwiz"="nwiz.exe" [2006-04-28 15:47 C:\WINDOWS\system32\nwiz.exe]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 16:30]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-05-26 12:45]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ResChanger 2005"="C:\Program Files\ResChanger 2005\ResChanger2005.exe" [2005-05-26 18:30]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 09:13]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SilkRoadHack]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f152f25a-4e2b-11da-bc1c-00301b2b4c2c}]
AutoRun\command- G:\JDSecure\Windows\JDSecure20.exe


Contents of the 'Scheduled Tasks' folder
2007-06-08 23:18:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-12 08:52:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-06-12 8:53:26
C:\ComboFix-quarantined-files.txt ... 2007-06-12 08:52
C:\ComboFix2.txt ... 2007-06-10 15:17

--- E O F ---
















Logfile of HijackThis v1.99.1
Scan saved at 08:54, on 2007-06-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\a-squared free\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\ResChanger 2005\ResChanger2005.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Steam\Steam.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Trent\Desktop\Protection\HijackThis\abc.bat.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ResChanger 2005] C:\Program Files\ResChanger 2005\ResChanger2005.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1170619651515
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disteng/neff...ffyLauncher.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/heavyweap...aploader_v6.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...624/mcfscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#6 TRhoden

TRhoden
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:41 AM

Posted 12 June 2007 - 09:03 AM

ComboFix 07-06-11 - C:\Documents and Settings\Trent\Desktop\ComboFix.exe
"Trent" - 2007-06-12 8:47:10 - Service Pack 2 NTFS


((((((((((((((((((((((((( Files Created from 2007-05-12 to 2007-06-12 )))))))))))))))))))))))))))))))


2007-06-10 15:15 0 --a------ C:\WINDOWS\system32\sfsync02.dll
2007-06-10 15:10 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-10 14:35 <DIR> d-------- C:\DOCUME~1\Trent\APPLIC~1\Reno 911 Paintball
2007-06-09 21:08 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp794.tmp.exe
2007-06-08 14:40 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp1EFC.tmp.exe
2007-06-08 10:55 131,072 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp18FA.tmp.exe
2007-06-07 16:54 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp1272.tmp.exe
2007-06-07 16:51 <DIR> d-------- C:\DOCUME~1\Trent\.housecall6.6
2007-06-07 16:46 131,072 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpEBB.tmp.exe
2007-06-07 16:44 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpDE5.tmp.exe
2007-06-07 16:37 131,072 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpD15.tmp.exe
2007-06-07 16:26 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpB42.tmp.exe
2007-06-07 16:24 131,072 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpA11.tmp.exe
2007-06-07 07:52 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp6F60.tmp.exe
2007-06-07 07:52 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp6EFA.tmp.exe
2007-06-07 07:51 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp6EF1.tmp.exe
2007-06-07 07:51 131,072 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp6EF0.tmp.exe
2007-06-06 21:35 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpD8FD.tmp.exe
2007-06-06 21:30 131,072 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpD650.tmp.exe
2007-06-06 21:29 131,072 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpD649.tmp.exe
2007-06-06 21:29 131,072 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpD640.tmp.exe
2007-06-06 21:27 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpD483.tmp.exe
2007-06-06 21:21 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpD1DC.tmp.exe
2007-06-06 21:21 131,072 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpD1D9.tmp.exe
2007-06-06 21:06 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpCCB0.tmp.exe
2007-06-06 20:54 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpC74C.tmp.exe
2007-06-06 20:54 131,072 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpC744.tmp.exe
2007-06-06 20:49 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpC5C8.tmp.exe
2007-06-06 20:36 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpC1FC.tmp.exe
2007-06-06 20:35 131,072 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpC1F1.tmp.exe
2007-06-06 20:32 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpC107.tmp.exe
2007-06-06 20:25 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpBD7C.tmp.exe
2007-06-06 20:22 131,072 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpBC71.tmp.exe
2007-06-05 17:51 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-06-05 16:46 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp8AE0.tmp.exe
2007-06-05 16:30 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp88FD.tmp.exe
2007-06-05 16:24 131,072 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp86A9.tmp.exe
2007-06-05 16:23 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp8680.tmp.exe
2007-06-05 14:31 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp6E2F.tmp.exe
2007-06-05 14:21 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp6B10.tmp.exe
2007-06-05 14:21 131,072 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp6B2A.tmp.exe
2007-06-05 14:20 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp6AEA.tmp.exe
2007-06-05 14:18 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp695E.tmp.exe
2007-06-05 14:17 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp6744.tmp.exe
2007-06-05 14:17 131,072 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp68B5.tmp.exe
2007-06-05 14:14 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp6448.tmp.exe
2007-06-05 14:12 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp62D2.tmp.exe
2007-06-05 14:12 131,072 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp62EF.tmp.exe
2007-06-05 14:04 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp5B96.tmp.exe
2007-06-03 21:14 233,661 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp4D9B.tmp.exe
2007-06-03 21:14 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp4D72.tmp.exe
2007-06-03 21:13 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp4D26.tmp.exe
2007-06-03 13:49 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp41FE.tmp.exe
2007-06-03 13:41 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp3F03.tmp.exe
2007-06-03 13:41 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp3F21.tmp.exe
2007-06-03 13:41 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp3F18.tmp.exe
2007-06-03 13:29 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp3CB7.tmp.exe
2007-06-03 13:21 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp3ADD.tmp.exe
2007-06-03 13:21 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp3AE6.tmp.exe
2007-06-03 13:21 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp3ADF.tmp.exe
2007-06-03 13:13 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp39A6.tmp.exe
2007-06-03 13:07 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp3578.tmp.exe
2007-06-03 13:06 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp3574.tmp.exe
2007-06-03 13:06 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp3535.tmp.exe
2007-06-03 13:06 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp3576.tmp.exe
2007-06-02 19:17 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp1C8E.tmp.exe
2007-06-02 19:17 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp1C6B.tmp.exe
2007-06-02 19:17 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp1C95.tmp.exe
2007-06-02 19:17 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp1C93.tmp.exe
2007-06-02 13:42 233,702 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp12F8.tmp.exe
2007-06-02 13:39 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp12EB.tmp.exe
2007-06-02 13:39 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp12ED.tmp.exe
2007-06-02 13:32 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp126F.tmp.exe
2007-06-02 13:21 233,702 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpFBE.tmp.exe
2007-06-02 13:20 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpFB5.tmp.exe
2007-06-02 13:20 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpFB7.tmp.exe
2007-06-02 13:14 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpF14.tmp.exe
2007-06-02 13:09 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpD59.tmp.exe
2007-06-02 13:09 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpD7A.tmp.exe
2007-06-02 13:09 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpD69.tmp.exe
2007-06-02 13:07 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpCAC.tmp.exe
2007-06-02 13:02 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp7FE.tmp.exe
2007-06-02 13:02 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp717.tmp.exe
2007-06-02 13:02 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp8D1.tmp.exe
2007-06-02 13:02 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp881.tmp.exe
2007-06-02 08:55 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpFCE1.tmp.exe
2007-06-02 08:55 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpFCE3.tmp.exe
2007-06-02 00:03 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpB87F.tmp.exe
2007-06-01 23:45 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpB58A.tmp.exe
2007-06-01 23:45 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpB5AC.tmp.exe
2007-06-01 23:45 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpB5A5.tmp.exe
2007-06-01 23:44 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpB4DF.tmp.exe
2007-06-01 23:37 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpB3A4.tmp.exe
2007-06-01 21:56 233,432 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpB069.tmp.exe
2007-06-01 21:56 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpB067.tmp.exe
2007-06-01 21:55 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpAF9D.tmp.exe
2007-06-01 21:54 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpAF18.tmp.exe
2007-06-01 21:43 233,432 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpAD27.tmp.exe
2007-06-01 21:43 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpAD26.tmp.exe
2007-06-01 21:40 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpAC3B.tmp.exe


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-12 02:23:25 -------- d-----w C:\Program Files\Steam
2007-06-12 02:22:36 -------- d-----w C:\DOCUME~1\Trent\APPLIC~1\Xfire
2007-06-12 02:21:51 -------- d-s---w C:\Program Files\Xfire
2007-06-11 18:11:48 -------- d-----w C:\Program Files\Guild Wars
2007-06-10 01:55:30 -------- d-----w C:\Program Files\a-squared Free
2007-06-10 01:43:40 -------- d-----w C:\Program Files\Neffy
2007-06-10 01:27:15 -------- d-----w C:\DOCUME~1\Trent\APPLIC~1\teamspeak2
2007-06-07 13:14:40 -------- d-----w C:\DOCUME~1\Trent\APPLIC~1\dvdcss
2007-06-05 22:51:46 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-05 22:44:42 -------- d-----w C:\Program Files\Microsoft Games
2007-06-02 14:08:00 50,508 ----a-w C:\DOCUME~1\Trent\APPLIC~1\tmp720.tmp.Vexe
2007-06-02 14:07:53 50,785 ----a-w C:\DOCUME~1\Trent\APPLIC~1\tmp6487.tmp.Vexe
2007-06-02 14:07:28 50,944 ----a-w C:\DOCUME~1\Trent\APPLIC~1\tmp39D.tmp.Vexe
2007-06-02 14:07:21 50,937 ----a-w C:\DOCUME~1\Trent\APPLIC~1\tmp293D.tmp.Vexe
2007-06-02 14:07:14 50,508 ----a-w C:\DOCUME~1\Trent\APPLIC~1\tmp269D.tmp.Vexe
2007-06-02 14:06:51 50,508 ----a-w C:\DOCUME~1\Trent\APPLIC~1\tmp21B3.tmp.Vexe
2007-06-02 14:06:27 50,944 ----a-w C:\DOCUME~1\Trent\APPLIC~1\tmp1F39.tmp.Vexe
2007-06-02 02:24:31 -------- d-----w C:\Program Files\iPod
2007-05-29 14:40:59 -------- d-----w C:\Program Files\Silkroad
2007-05-29 05:05:21 -------- d-----w C:\Program Files\EA GAMES
2007-05-24 21:14:32 -------- d--h--w C:\DOCUME~1\Trent\APPLIC~1\Move Networks
2007-05-13 04:17:59 -------- d-----w C:\Program Files\Microsoft Works
2007-05-12 17:06:05 -------- d-----w C:\Program Files\Teamspeak2_RC2
2007-05-12 02:06:01 -------- d-----w C:\Program Files\QuickTime
2007-05-08 03:39:25 -------- d-----w C:\Program Files\Ubisoft
2007-05-08 03:35:49 -------- d-----w C:\Program Files\Hero_Online
2007-05-08 03:30:28 -------- d-----w C:\Program Files\Doom 3
2007-05-08 03:27:44 -------- d-----w C:\Program Files\Electronic Arts
2007-05-02 03:25:57 -------- d-----w C:\Program Files\Yahoo!
2007-05-02 03:22:02 -------- d-----w C:\Program Files\CCleaner
2007-05-01 04:10:14 -------- d-----w C:\DOCUME~1\Trent\APPLIC~1\MySpace
2007-04-27 23:36:17 -------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2007-04-26 23:28:10 -------- d-----w C:\DOCUME~1\Trent\APPLIC~1\Ventrilo
2007-04-26 01:32:01 -------- d-----w C:\DOCUME~1\Trent\APPLIC~1\WordWeb
2007-04-25 15:39:53 -------- d-----w C:\Program Files\DivX
2007-04-24 03:10:29 -------- d-----w C:\Program Files\Trillian
2007-04-17 21:33:24 40,960 ----a-w C:\WINDOWS\system32\SSWv2.dll
2007-04-16 03:42:53 22,584 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-04-16 03:42:02 99,904 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-04-12 04:03:57 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-04-04 01:39:02 63,040 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-03-27 07:55:57 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-03-27 07:55:48 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-03-27 07:55:31 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-03-27 07:55:31 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-03-27 07:55:31 116,472 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-03-27 07:55:23 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-03-27 07:55:23 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-03-27 07:49:07 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-03-27 07:49:07 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-03-27 07:49:05 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-03-27 07:49:03 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-03-27 07:49:02 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-03-27 07:49:02 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-03-27 07:49:02 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-03-27 07:49:02 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-03-27 07:48:59 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-03-27 07:48:58 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-03-27 07:48:58 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-03-27 07:48:58 639,066 ----a-w C:\WINDOWS\system32\DivX.dll
2006-05-17 22:17:54 88 --sh--r C:\WINDOWS\system32\8B683F1C52.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-04-07 00:02]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGEIA PhysX SysTray"="C:\Program Files\AGEIA Technologies\TrayIcon.exe" [2006-03-20 14:43]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-03-08 23:21]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-01-11 17:45]
"nwiz"="nwiz.exe" [2006-04-28 15:47 C:\WINDOWS\system32\nwiz.exe]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 16:30]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-05-26 12:45]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ResChanger 2005"="C:\Program Files\ResChanger 2005\ResChanger2005.exe" [2005-05-26 18:30]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 09:13]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SilkRoadHack]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f152f25a-4e2b-11da-bc1c-00301b2b4c2c}]
AutoRun\command- G:\JDSecure\Windows\JDSecure20.exe


Contents of the 'Scheduled Tasks' folder
2007-06-08 23:18:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-12 08:52:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-06-12 8:53:26
C:\ComboFix-quarantined-files.txt ... 2007-06-12 08:52
C:\ComboFix2.txt ... 2007-06-10 15:17

--- E O F ---
















Logfile of HijackThis v1.99.1
Scan saved at 08:54, on 2007-06-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\a-squared free\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\ResChanger 2005\ResChanger2005.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Steam\Steam.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Trent\Desktop\Protection\HijackThis\abc.bat.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ResChanger 2005] C:\Program Files\ResChanger 2005\ResChanger2005.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1170619651515
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disteng/neff...ffyLauncher.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/heavyweap...aploader_v6.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...624/mcfscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#7 TRhoden

TRhoden
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:41 AM

Posted 12 June 2007 - 09:03 AM

ComboFix 07-06-11 - C:\Documents and Settings\Trent\Desktop\ComboFix.exe
"Trent" - 2007-06-12 8:47:10 - Service Pack 2 NTFS


((((((((((((((((((((((((( Files Created from 2007-05-12 to 2007-06-12 )))))))))))))))))))))))))))))))


2007-06-10 15:15 0 --a------ C:\WINDOWS\system32\sfsync02.dll
2007-06-10 15:10 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-10 14:35 <DIR> d-------- C:\DOCUME~1\Trent\APPLIC~1\Reno 911 Paintball
2007-06-09 21:08 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp794.tmp.exe
2007-06-08 14:40 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp1EFC.tmp.exe
2007-06-08 10:55 131,072 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp18FA.tmp.exe
2007-06-07 16:54 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp1272.tmp.exe
2007-06-07 16:51 <DIR> d-------- C:\DOCUME~1\Trent\.housecall6.6
2007-06-07 16:46 131,072 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpEBB.tmp.exe
2007-06-07 16:44 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpDE5.tmp.exe
2007-06-07 16:37 131,072 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpD15.tmp.exe
2007-06-07 16:26 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpB42.tmp.exe
2007-06-07 16:24 131,072 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpA11.tmp.exe
2007-06-07 07:52 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp6F60.tmp.exe
2007-06-07 07:52 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp6EFA.tmp.exe
2007-06-07 07:51 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp6EF1.tmp.exe
2007-06-07 07:51 131,072 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp6EF0.tmp.exe
2007-06-06 21:35 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpD8FD.tmp.exe
2007-06-06 21:30 131,072 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpD650.tmp.exe
2007-06-06 21:29 131,072 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpD649.tmp.exe
2007-06-06 21:29 131,072 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpD640.tmp.exe
2007-06-06 21:27 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpD483.tmp.exe
2007-06-06 21:21 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpD1DC.tmp.exe
2007-06-06 21:21 131,072 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpD1D9.tmp.exe
2007-06-06 21:06 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpCCB0.tmp.exe
2007-06-06 20:54 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpC74C.tmp.exe
2007-06-06 20:54 131,072 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpC744.tmp.exe
2007-06-06 20:49 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpC5C8.tmp.exe
2007-06-06 20:36 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpC1FC.tmp.exe
2007-06-06 20:35 131,072 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpC1F1.tmp.exe
2007-06-06 20:32 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpC107.tmp.exe
2007-06-06 20:25 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpBD7C.tmp.exe
2007-06-06 20:22 131,072 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpBC71.tmp.exe
2007-06-05 17:51 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-06-05 16:46 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp8AE0.tmp.exe
2007-06-05 16:30 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp88FD.tmp.exe
2007-06-05 16:24 131,072 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp86A9.tmp.exe
2007-06-05 16:23 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp8680.tmp.exe
2007-06-05 14:31 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp6E2F.tmp.exe
2007-06-05 14:21 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp6B10.tmp.exe
2007-06-05 14:21 131,072 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp6B2A.tmp.exe
2007-06-05 14:20 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp6AEA.tmp.exe
2007-06-05 14:18 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp695E.tmp.exe
2007-06-05 14:17 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp6744.tmp.exe
2007-06-05 14:17 131,072 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp68B5.tmp.exe
2007-06-05 14:14 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp6448.tmp.exe
2007-06-05 14:12 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp62D2.tmp.exe
2007-06-05 14:12 131,072 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp62EF.tmp.exe
2007-06-05 14:04 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp5B96.tmp.exe
2007-06-03 21:14 233,661 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp4D9B.tmp.exe
2007-06-03 21:14 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp4D72.tmp.exe
2007-06-03 21:13 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp4D26.tmp.exe
2007-06-03 13:49 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp41FE.tmp.exe
2007-06-03 13:41 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp3F03.tmp.exe
2007-06-03 13:41 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp3F21.tmp.exe
2007-06-03 13:41 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp3F18.tmp.exe
2007-06-03 13:29 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp3CB7.tmp.exe
2007-06-03 13:21 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp3ADD.tmp.exe
2007-06-03 13:21 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp3AE6.tmp.exe
2007-06-03 13:21 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp3ADF.tmp.exe
2007-06-03 13:13 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp39A6.tmp.exe
2007-06-03 13:07 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp3578.tmp.exe
2007-06-03 13:06 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp3574.tmp.exe
2007-06-03 13:06 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp3535.tmp.exe
2007-06-03 13:06 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp3576.tmp.exe
2007-06-02 19:17 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp1C8E.tmp.exe
2007-06-02 19:17 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp1C6B.tmp.exe
2007-06-02 19:17 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp1C95.tmp.exe
2007-06-02 19:17 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp1C93.tmp.exe
2007-06-02 13:42 233,702 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp12F8.tmp.exe
2007-06-02 13:39 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp12EB.tmp.exe
2007-06-02 13:39 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp12ED.tmp.exe
2007-06-02 13:32 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp126F.tmp.exe
2007-06-02 13:21 233,702 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpFBE.tmp.exe
2007-06-02 13:20 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpFB5.tmp.exe
2007-06-02 13:20 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpFB7.tmp.exe
2007-06-02 13:14 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpF14.tmp.exe
2007-06-02 13:09 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpD59.tmp.exe
2007-06-02 13:09 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpD7A.tmp.exe
2007-06-02 13:09 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpD69.tmp.exe
2007-06-02 13:07 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpCAC.tmp.exe
2007-06-02 13:02 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp7FE.tmp.exe
2007-06-02 13:02 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp717.tmp.exe
2007-06-02 13:02 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp8D1.tmp.exe
2007-06-02 13:02 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp881.tmp.exe
2007-06-02 08:55 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpFCE1.tmp.exe
2007-06-02 08:55 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpFCE3.tmp.exe
2007-06-02 00:03 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpB87F.tmp.exe
2007-06-01 23:45 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpB58A.tmp.exe
2007-06-01 23:45 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpB5AC.tmp.exe
2007-06-01 23:45 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpB5A5.tmp.exe
2007-06-01 23:44 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpB4DF.tmp.exe
2007-06-01 23:37 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpB3A4.tmp.exe
2007-06-01 21:56 233,432 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpB069.tmp.exe
2007-06-01 21:56 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpB067.tmp.exe
2007-06-01 21:55 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpAF9D.tmp.exe
2007-06-01 21:54 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpAF18.tmp.exe
2007-06-01 21:43 233,432 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpAD27.tmp.exe
2007-06-01 21:43 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpAD26.tmp.exe
2007-06-01 21:40 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpAC3B.tmp.exe


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-12 02:23:25 -------- d-----w C:\Program Files\Steam
2007-06-12 02:22:36 -------- d-----w C:\DOCUME~1\Trent\APPLIC~1\Xfire
2007-06-12 02:21:51 -------- d-s---w C:\Program Files\Xfire
2007-06-11 18:11:48 -------- d-----w C:\Program Files\Guild Wars
2007-06-10 01:55:30 -------- d-----w C:\Program Files\a-squared Free
2007-06-10 01:43:40 -------- d-----w C:\Program Files\Neffy
2007-06-10 01:27:15 -------- d-----w C:\DOCUME~1\Trent\APPLIC~1\teamspeak2
2007-06-07 13:14:40 -------- d-----w C:\DOCUME~1\Trent\APPLIC~1\dvdcss
2007-06-05 22:51:46 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-05 22:44:42 -------- d-----w C:\Program Files\Microsoft Games
2007-06-02 14:08:00 50,508 ----a-w C:\DOCUME~1\Trent\APPLIC~1\tmp720.tmp.Vexe
2007-06-02 14:07:53 50,785 ----a-w C:\DOCUME~1\Trent\APPLIC~1\tmp6487.tmp.Vexe
2007-06-02 14:07:28 50,944 ----a-w C:\DOCUME~1\Trent\APPLIC~1\tmp39D.tmp.Vexe
2007-06-02 14:07:21 50,937 ----a-w C:\DOCUME~1\Trent\APPLIC~1\tmp293D.tmp.Vexe
2007-06-02 14:07:14 50,508 ----a-w C:\DOCUME~1\Trent\APPLIC~1\tmp269D.tmp.Vexe
2007-06-02 14:06:51 50,508 ----a-w C:\DOCUME~1\Trent\APPLIC~1\tmp21B3.tmp.Vexe
2007-06-02 14:06:27 50,944 ----a-w C:\DOCUME~1\Trent\APPLIC~1\tmp1F39.tmp.Vexe
2007-06-02 02:24:31 -------- d-----w C:\Program Files\iPod
2007-05-29 14:40:59 -------- d-----w C:\Program Files\Silkroad
2007-05-29 05:05:21 -------- d-----w C:\Program Files\EA GAMES
2007-05-24 21:14:32 -------- d--h--w C:\DOCUME~1\Trent\APPLIC~1\Move Networks
2007-05-13 04:17:59 -------- d-----w C:\Program Files\Microsoft Works
2007-05-12 17:06:05 -------- d-----w C:\Program Files\Teamspeak2_RC2
2007-05-12 02:06:01 -------- d-----w C:\Program Files\QuickTime
2007-05-08 03:39:25 -------- d-----w C:\Program Files\Ubisoft
2007-05-08 03:35:49 -------- d-----w C:\Program Files\Hero_Online
2007-05-08 03:30:28 -------- d-----w C:\Program Files\Doom 3
2007-05-08 03:27:44 -------- d-----w C:\Program Files\Electronic Arts
2007-05-02 03:25:57 -------- d-----w C:\Program Files\Yahoo!
2007-05-02 03:22:02 -------- d-----w C:\Program Files\CCleaner
2007-05-01 04:10:14 -------- d-----w C:\DOCUME~1\Trent\APPLIC~1\MySpace
2007-04-27 23:36:17 -------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2007-04-26 23:28:10 -------- d-----w C:\DOCUME~1\Trent\APPLIC~1\Ventrilo
2007-04-26 01:32:01 -------- d-----w C:\DOCUME~1\Trent\APPLIC~1\WordWeb
2007-04-25 15:39:53 -------- d-----w C:\Program Files\DivX
2007-04-24 03:10:29 -------- d-----w C:\Program Files\Trillian
2007-04-17 21:33:24 40,960 ----a-w C:\WINDOWS\system32\SSWv2.dll
2007-04-16 03:42:53 22,584 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-04-16 03:42:02 99,904 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-04-12 04:03:57 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-04-04 01:39:02 63,040 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-03-27 07:55:57 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-03-27 07:55:48 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-03-27 07:55:31 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-03-27 07:55:31 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-03-27 07:55:31 116,472 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-03-27 07:55:23 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-03-27 07:55:23 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-03-27 07:49:07 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-03-27 07:49:07 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-03-27 07:49:05 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-03-27 07:49:03 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-03-27 07:49:02 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-03-27 07:49:02 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-03-27 07:49:02 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-03-27 07:49:02 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-03-27 07:48:59 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-03-27 07:48:58 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-03-27 07:48:58 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-03-27 07:48:58 639,066 ----a-w C:\WINDOWS\system32\DivX.dll
2006-05-17 22:17:54 88 --sh--r C:\WINDOWS\system32\8B683F1C52.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-04-07 00:02]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGEIA PhysX SysTray"="C:\Program Files\AGEIA Technologies\TrayIcon.exe" [2006-03-20 14:43]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-03-08 23:21]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-01-11 17:45]
"nwiz"="nwiz.exe" [2006-04-28 15:47 C:\WINDOWS\system32\nwiz.exe]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 16:30]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-05-26 12:45]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ResChanger 2005"="C:\Program Files\ResChanger 2005\ResChanger2005.exe" [2005-05-26 18:30]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 09:13]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SilkRoadHack]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f152f25a-4e2b-11da-bc1c-00301b2b4c2c}]
AutoRun\command- G:\JDSecure\Windows\JDSecure20.exe


Contents of the 'Scheduled Tasks' folder
2007-06-08 23:18:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-12 08:52:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-06-12 8:53:26
C:\ComboFix-quarantined-files.txt ... 2007-06-12 08:52
C:\ComboFix2.txt ... 2007-06-10 15:17

--- E O F ---
















Logfile of HijackThis v1.99.1
Scan saved at 08:54, on 2007-06-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\a-squared free\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\ResChanger 2005\ResChanger2005.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Steam\Steam.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Trent\Desktop\Protection\HijackThis\abc.bat.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ResChanger 2005] C:\Program Files\ResChanger 2005\ResChanger2005.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1170619651515
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disteng/neff...ffyLauncher.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/heavyweap...aploader_v6.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...624/mcfscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#8 TRhoden

TRhoden
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:41 AM

Posted 12 June 2007 - 09:23 AM

Oops, sorry didnt mean to post it 3 times

#9 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 12 June 2007 - 10:32 AM

Copy and paste the following bold blue text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: ComboFix-Do.txt to your desktop.

File::
C:\WINDOWS\system32\sfsync02.dll
C:\DOCUME~1\Trent\APPLIC~1\tmp794.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp1EFC.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp18FA.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp1272.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpEBB.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpDE5.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpD15.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpB42.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpA11.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp6F60.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp6EFA.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp6EF1.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp6EF0.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpD8FD.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpD650.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpD649.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpD640.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpD483.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpD1DC.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpD1D9.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpCCB0.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpC74C.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpC744.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpC5C8.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpC1FC.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpC1F1.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpC107.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpBD7C.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpBC71.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp8AE0.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp88FD.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp86A9.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp8680.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp6E2F.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp6B10.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp6B2A.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp6AEA.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp695E.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp6744.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp68B5.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp6448.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp62D2.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp62EF.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp5B96.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp4D9B.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp4D72.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp4D26.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp41FE.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp3F03.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp3F21.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp3F18.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp3CB7.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp3ADD.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp3AE6.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp3ADF.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp39A6.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp3578.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp3574.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp3535.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp3576.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp1C8E.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp1C6B.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp1C95.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp1C93.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp12F8.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp12EB.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp12ED.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp126F.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpFBE.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpFB5.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpFB7.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpF14.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpD59.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpD7A.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpD69.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpCAC.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp7FE.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp717.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp8D1.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp881.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpFCE1.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpFCE3.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpB87F.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpB58A.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpB5AC.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpB5A5.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpB4DF.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpB3A4.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpB069.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpB067.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpAF9D.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpAF18.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpAD27.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpAD26.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpAC3B.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp720.tmp.Vexe
C:\DOCUME~1\Trent\APPLIC~1\tmp6487.tmp.Vexe
C:\DOCUME~1\Trent\APPLIC~1\tmp39D.tmp.Vexe
C:\DOCUME~1\Trent\APPLIC~1\tmp293D.tmp.Vexe
C:\DOCUME~1\Trent\APPLIC~1\tmp269D.tmp.Vexe
C:\DOCUME~1\Trent\APPLIC~1\tmp21B3.tmp.Vexe
C:\DOCUME~1\Trent\APPLIC~1\tmp1F39.tmp.Vexe

Now drag then drop the ComboFix-Do.txt file onto ComboFix.exe as you see in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply along with a new HijackThis log.
Posted Image
Posted Image

#10 TRhoden

TRhoden
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:41 AM

Posted 14 June 2007 - 01:24 PM

ComboFix 07-06-11 - C:\Documents and Settings\Trent\Desktop\ComboFix.exe
"Trent" - 2007-06-14 13:16:04 - Service Pack 2 NTFS
Command switches used :: C:\Documents and Settings\Trent\Desktop\ComboFix-Do.txt


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Trent\APPLIC~1\tmp126F.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp1272.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp12EB.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp12ED.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp12F8.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp18FA.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp1C6B.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp1C8E.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp1C93.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp1C95.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp1EFC.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp1F39.tmp.Vexe
C:\DOCUME~1\Trent\APPLIC~1\tmp21B3.tmp.Vexe
C:\DOCUME~1\Trent\APPLIC~1\tmp269D.tmp.Vexe
C:\DOCUME~1\Trent\APPLIC~1\tmp293D.tmp.Vexe
C:\DOCUME~1\Trent\APPLIC~1\tmp3535.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp3574.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp3576.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp3578.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp39A6.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp39D.tmp.Vexe
C:\DOCUME~1\Trent\APPLIC~1\tmp3ADD.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp3ADF.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp3AE6.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp3CB7.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp3F03.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp3F18.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp3F21.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp41FE.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp4D26.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp4D72.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp4D9B.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp5B96.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp62D2.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp62EF.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp6448.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp6487.tmp.Vexe
C:\DOCUME~1\Trent\APPLIC~1\tmp6744.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp68B5.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp695E.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp6AEA.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp6B10.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp6B2A.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp6E2F.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp6EF0.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp6EF1.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp6EFA.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp6F60.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp717.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp720.tmp.Vexe
C:\DOCUME~1\Trent\APPLIC~1\tmp794.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp7FE.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp8680.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp86A9.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp881.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp88FD.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp8AE0.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp8D1.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpA11.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpAC3B.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpAD26.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpAD27.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpAF18.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpAF9D.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpB067.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpB069.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpB3A4.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpB42.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpB4DF.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpB58A.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpB5A5.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpB5AC.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpB87F.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpBC71.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpBD7C.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpC107.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpC1F1.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpC1FC.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpC5C8.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpC744.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpC74C.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpCAC.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpCCB0.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpD15.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpD1D9.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpD1DC.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpD483.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpD59.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpD640.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpD649.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpD650.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpD69.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpD7A.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpD8FD.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpDE5.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpEBB.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpF14.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpFB5.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpFB7.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpFBE.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpFCE1.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpFCE3.tmp.exe
C:\WINDOWS\system32\sfsync02.dll


((((((((((((((((((((((((( Files Created from 2007-05-14 to 2007-06-14 )))))))))))))))))))))))))))))))


2007-06-14 11:47 <DIR> d-------- C:\Program Files\Blaze Media Pro
2007-06-14 11:39 <DIR> d-------- C:\WINDOWS\LastGood
2007-06-12 13:30 <DIR> d-------- C:\Program Files\LimeWire
2007-06-12 12:02 4,103,032 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2007-06-12 12:02 13,013 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2007-06-12 12:01 <DIR> d-------- C:\Program Files\Illustrate
2007-06-12 11:51 <DIR> d-------- C:\Converted
2007-06-12 11:43 513,152 --a------ C:\WINDOWS\system32\drivers\MusCDriverV32.sys
2007-06-10 15:10 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-10 14:35 <DIR> d-------- C:\DOCUME~1\Trent\APPLIC~1\Reno 911 Paintball
2007-06-07 16:51 <DIR> d-------- C:\DOCUME~1\Trent\.housecall6.6
2007-06-05 17:51 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-06-01 21:40 2,560 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpAC54.tmp.exe
2007-06-01 21:24 <DIR> d-------- C:\Program Files\iTunes
2007-06-01 10:55 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp95CB.tmp.exe
2007-06-01 10:55 233,432 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp95D8.tmp.exe
2007-06-01 10:55 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp95D1.tmp.exe
2007-06-01 10:23 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp8D77.tmp.exe
2007-06-01 10:23 233,432 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp8DAD.tmp.exe
2007-06-01 10:23 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp8DA1.tmp.exe
2007-06-01 10:05 32,768 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp8853.tmp.exe
2007-06-01 10:05 233,432 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp8869.tmp.exe
2007-06-01 10:05 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp8857.tmp.exe
2007-05-31 11:42 233,615 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp649B.tmp.exe
2007-05-31 11:42 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp6497.tmp.exe
2007-05-30 19:45 233,346 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp1904.tmp.exe
2007-05-30 19:45 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp1903.tmp.exe
2007-05-30 19:30 50,912 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp1885.tmp.exe
2007-05-30 19:09 233,346 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp16D6.tmp.exe
2007-05-30 19:09 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp16D5.tmp.exe
2007-05-30 18:06 233,346 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp11F7.tmp.exe
2007-05-30 18:05 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp11F2.tmp.exe
2007-05-30 11:10 233,346 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpED.tmp.exe
2007-05-30 11:10 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpE2.tmp.exe
2007-05-30 08:26 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-05-30 08:23 233,540 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp2947.tmp.exe
2007-05-30 08:22 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp2943.tmp.exe
2007-05-29 23:38 233,058 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp1F83.tmp.exe
2007-05-29 23:38 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp1F7C.tmp.exe
2007-05-29 23:20 233,058 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp1E23.tmp.exe
2007-05-29 23:20 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp1E22.tmp.exe
2007-05-29 22:20 233,058 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp1942.tmp.exe
2007-05-29 22:20 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp1941.tmp.exe
2007-05-29 19:50 233,058 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpD60.tmp.exe
2007-05-29 19:50 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpD5D.tmp.exe
2007-05-29 19:11 233,426 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp451.tmp.exe
2007-05-29 19:11 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp444.tmp.exe
2007-05-29 11:11 75,512 --a------ C:\WINDOWS\zllsputility.exe
2007-05-29 11:11 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-05-29 11:10 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-05-29 11:10 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-05-29 11:09 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-05-29 11:07 233,637 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp27CF.tmp.exe
2007-05-29 11:07 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp27CE.tmp.exe
2007-05-29 08:35 233,637 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp22CD.tmp.exe
2007-05-29 08:35 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp22CC.tmp.exe
2007-05-29 08:33 233,637 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp20A0.tmp.exe
2007-05-29 08:33 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp209F.tmp.exe
2007-05-29 07:38 233,637 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp1479.tmp.exe
2007-05-29 07:36 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp1472.tmp.exe
2007-05-29 00:29 233,637 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpC0D.tmp.exe
2007-05-29 00:29 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmpBA2.tmp.exe
2007-05-29 00:20 <DIR> d-------- C:\DOCUME~1\Trent\.limewire
2007-05-29 00:17 16,384 --a------ C:\DOCUME~1\Trent\APPLIC~1\tmp8B2.tmp.exe
2007-05-29 00:07 47,994 --a------ C:\WINDOWS\system32\jkkji.exe
2007-05-29 00:03 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2007-05-19 18:57 <DIR> d-------- C:\Program Files\Password Safe
2007-05-19 17:37 <DIR> d-------- C:\Program Files\Deskshare
2007-05-19 17:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-05-17 20:22 <DIR> d-------- C:\Program Files\New Folder
2007-05-15 18:09 <DIR> d-------- C:\WINDOWS\system32\New Folder


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-14 16:47:27 -------- d-----w C:\Program Files\Steam
2007-06-14 16:46:28 -------- d-----w C:\DOCUME~1\Trent\APPLIC~1\Xfire
2007-06-14 16:24:42 -------- d-s---w C:\Program Files\Xfire
2007-06-12 15:13:28 -------- d-----w C:\Program Files\CoffeeCup Software
2007-06-11 18:11:48 -------- d-----w C:\Program Files\Guild Wars
2007-06-10 01:55:30 -------- d-----w C:\Program Files\a-squared Free
2007-06-10 01:43:40 -------- d-----w C:\Program Files\Neffy
2007-06-10 01:27:15 -------- d-----w C:\DOCUME~1\Trent\APPLIC~1\teamspeak2
2007-06-07 13:14:40 -------- d-----w C:\DOCUME~1\Trent\APPLIC~1\dvdcss
2007-06-05 22:51:46 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-05 22:44:42 -------- d-----w C:\Program Files\Microsoft Games
2007-06-02 02:24:31 -------- d-----w C:\Program Files\iPod
2007-05-29 14:40:59 -------- d-----w C:\Program Files\Silkroad
2007-05-29 05:05:21 -------- d-----w C:\Program Files\EA GAMES
2007-05-24 21:14:32 -------- d--h--w C:\DOCUME~1\Trent\APPLIC~1\Move Networks
2007-05-13 04:17:59 -------- d-----w C:\Program Files\Microsoft Works
2007-05-13 04:16:47 -------- d-----w C:\Program Files\Microsoft.NET
2007-05-12 17:06:05 -------- d-----w C:\Program Files\Teamspeak2_RC2
2007-05-12 02:06:01 -------- d-----w C:\Program Files\QuickTime
2007-05-08 03:39:25 -------- d-----w C:\Program Files\Ubisoft
2007-05-08 03:35:49 -------- d-----w C:\Program Files\Hero_Online
2007-05-08 03:30:28 -------- d-----w C:\Program Files\Doom 3
2007-05-08 03:27:44 -------- d-----w C:\Program Files\Electronic Arts
2007-05-02 03:25:57 -------- d-----w C:\Program Files\Yahoo!
2007-05-02 03:22:02 -------- d-----w C:\Program Files\CCleaner
2007-05-01 04:10:14 -------- d-----w C:\DOCUME~1\Trent\APPLIC~1\MySpace
2007-04-27 23:36:17 -------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2007-04-26 23:28:10 -------- d-----w C:\DOCUME~1\Trent\APPLIC~1\Ventrilo
2007-04-26 01:32:01 -------- d-----w C:\DOCUME~1\Trent\APPLIC~1\WordWeb
2007-04-25 15:39:53 -------- d-----w C:\Program Files\DivX
2007-04-24 03:10:29 -------- d-----w C:\Program Files\Trillian
2007-04-17 21:33:24 40,960 ----a-w C:\WINDOWS\system32\SSWv2.dll
2007-04-16 03:42:53 22,584 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-04-16 03:42:02 99,904 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-04-12 04:03:57 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-04-04 01:39:02 63,040 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-03-27 07:55:57 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-03-27 07:55:48 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-03-27 07:55:31 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-03-27 07:55:31 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-03-27 07:55:31 116,472 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-03-27 07:55:23 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-03-27 07:55:23 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-03-27 07:49:07 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-03-27 07:49:07 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-03-27 07:49:05 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-03-27 07:49:03 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-03-27 07:49:02 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-03-27 07:49:02 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-03-27 07:49:02 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-03-27 07:49:02 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-03-27 07:48:59 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-03-27 07:48:58 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-03-27 07:48:58 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-03-27 07:48:58 639,066 ----a-w C:\WINDOWS\system32\DivX.dll
2006-05-17 22:17:54 88 --sh--r C:\WINDOWS\system32\8B683F1C52.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-04-07 00:02]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGEIA PhysX SysTray"="C:\Program Files\AGEIA Technologies\TrayIcon.exe" [2006-03-20 14:43]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-03-08 23:21]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-01-11 17:45]
"nwiz"="nwiz.exe" [2006-04-28 15:47 C:\WINDOWS\system32\nwiz.exe]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 16:30]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-05-26 12:45]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ResChanger 2005"="C:\Program Files\ResChanger 2005\ResChanger2005.exe" [2005-05-26 18:30]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"GrpConv"=grpconv.exe -o

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 09:13]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SilkRoadHack]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f152f25a-4e2b-11da-bc1c-00301b2b4c2c}]
AutoRun\command- G:\JDSecure\Windows\JDSecure20.exe


Contents of the 'Scheduled Tasks' folder
2007-06-08 23:18:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-14 13:23:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-14 13:23:37
C:\ComboFix-quarantined-files.txt ... 2007-06-14 13:23
C:\ComboFix2.txt ... 2007-06-12 08:53
C:\ComboFix3.txt ... 2007-06-10 15:17

--- E O F ---

Logfile of HijackThis v1.99.1
Scan saved at 13:25, on 2007-06-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\a-squared free\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\ResChanger 2005\ResChanger2005.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Trent\Desktop\Protection\HijackThis\abc.bat.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [GrpConv] grpconv.exe -o
O4 - HKCU\..\Run: [ResChanger 2005] C:\Program Files\ResChanger 2005\ResChanger2005.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1170619651515
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disteng/neff...ffyLauncher.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/heavyweap...aploader_v6.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...624/mcfscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#11 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 14 June 2007 - 02:24 PM

Download Avenger from the link below:
http://swandog46.geekstogo.com/avenger.zip
Unzip/extract it to your desktop.

Start up Avenger.
Check the 'Input script manually' option.
Click the Magnifying Glass icon.
In the box that opens,copy and paste ALL the following bold blue text in the Quote box below:

Files to delete:
C:\WINDOWS\system32\jkkji.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp27CF.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp27CE.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp22CD.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp22CC.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp20A0.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp209F.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp1479.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp1472.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpC0D.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpBA2.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp8B2.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp2947.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp2943.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp1F83.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp1F7C.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp1E23.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp1E22.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp1942.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp1941.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpD60.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpD5D.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp451.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp444.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp95CB.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp95D8.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp95D1.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp8D77.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp8DAD.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp8DA1.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp8853.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp8869.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp8857.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp649B.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp6497.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp1904.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp1903.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp1885.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp16D6.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp16D5.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp11F7.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmp11F2.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpED.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpE2.tmp.exe
C:\DOCUME~1\Trent\APPLIC~1\tmpAC54.tmp.exe

Then click on 'Done'.
Click the Traffic Light icon to start the program.
Then press OK at the prompts to reboot your PC.

Post the Avenger output.txt, which you can find at C:\Avenger\.txt into your next reply.

*****************************

Run 'BitDefender Online Scanner' using Internet Explorer:
http://www.bitdefender.com/scan8/ie.html
Read the 'END USER SOFTWARE LICENSE AGREEMENT' then click 'I agree'.
You'll be prompted to install the activex control,please do so.
Once installed,disable your current antivirus program,then click the 'Click here to scan' button.
The virus signatures will then load.
Once loaded the scan will start.
The scan will take quite some time so please be patient.
Once the scan has finished select the 'Detected Problems' tab.
Click on 'Click here to export scan'.
Save the file as an HTML file to your desktop.
Then click on the saved file and allow it to open with your browser.
Go to 'Edit'/'Select All' then copy and paste that log into your next reply.
*Note*
Don't forget to re-enable your antivirus program.

*****************************

Double click on combofix.exe again and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.

Also post a new Hijackthis log.
Posted Image
Posted Image

#12 TRhoden

TRhoden
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:41 AM

Posted 17 June 2007 - 12:30 PM

BitDefender Online Scanner



Scan report generated at: Sun, Jun 17, 2007 - 09:53:05





Scan path: A:\;C:\;D:\;E:\;F:\;







Statistics

Time
01:26:48

Files
293180

Folders
8267

Boot Sectors
2

Archives
2051

Packed Files
9315




Results

Identified Viruses
8

Infected Files
11

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
12




Engines Info

Virus Definitions
514010

Engine build
AVCORE v1.0 (build 2410) (i386) (Jun 12 2007 21:08:27)

Scan plugins
14

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Documents and Settings\Trent\Desktop\Blackdog Private v1.rar=>Blackdog Private v1\BlackDog's private v1.dll
Infected with: Trojan.Small.NS

C:\Documents and Settings\Trent\Desktop\Blackdog Private v1.rar=>Blackdog Private v1\BlackDog's private v1.dll
Disinfection failed

C:\Documents and Settings\Trent\Desktop\Blackdog Private v1.rar=>Blackdog Private v1\BlackDog's private v1.dll
Deleted

C:\Documents and Settings\Trent\Desktop\Blackdog Private v1.rar
Update failed

C:\Documents and Settings\Trent\Desktop\Satan hack recoded.rar=>Private\private.dll
Infected with: Trojan.Small.NS

C:\Documents and Settings\Trent\Desktop\Satan hack recoded.rar=>Private\private.dll
Disinfection failed

C:\Documents and Settings\Trent\Desktop\Satan hack recoded.rar=>Private\private.dll
Deleted

C:\Documents and Settings\Trent\Desktop\Satan hack recoded.rar
Update failed

C:\Documents and Settings\Trent\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Emailing: Battlefield 2 - Special Forces Addon, Battlefield 2 Special Forces, Battlefield 1942 and Battlefield 2]=>Battlefield 2 - Special Forces Addon.zip=>Setup.exe
Infected with: Worm.Vb.AN

C:\Documents and Settings\Trent\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Emailing: Battlefield 2 - Special Forces Addon, Battlefield 2 Special Forces, Battlefield 1942 and Battlefield 2]=>Battlefield 2 - Special Forces Addon.zip=>Setup.exe
Disinfection failed

C:\Documents and Settings\Trent\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Emailing: Battlefield 2 - Special Forces Addon, Battlefield 2 Special Forces, Battlefield 1942 and Battlefield 2]=>Battlefield 2 - Special Forces Addon.zip=>Setup.exe
Deleted

C:\Documents and Settings\Trent\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Emailing: Battlefield 2 - Special Forces Addon, Battlefield 2 Special Forces, Battlefield 1942 and Battlefield 2]=>Battlefield 2 - Special Forces Addon.zip
Updated

C:\Documents and Settings\Trent\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst
Update failed

C:\Documents and Settings\Trent\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Emailing: Battlefield 2 - Special Forces Addon, Battlefield 2 Special Forces, Battlefield 1942 and Battlefield 2]=>Battlefield 2 Special Forces.zip=>Setup.exe
Infected with: Worm.Vb.AN

C:\Documents and Settings\Trent\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Emailing: Battlefield 2 - Special Forces Addon, Battlefield 2 Special Forces, Battlefield 1942 and Battlefield 2]=>Battlefield 2 Special Forces.zip=>Setup.exe
Disinfection failed

C:\Documents and Settings\Trent\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Emailing: Battlefield 2 - Special Forces Addon, Battlefield 2 Special Forces, Battlefield 1942 and Battlefield 2]=>Battlefield 2 Special Forces.zip=>Setup.exe
Deleted

C:\Documents and Settings\Trent\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Emailing: Battlefield 2 - Special Forces Addon, Battlefield 2 Special Forces, Battlefield 1942 and Battlefield 2]=>Battlefield 2 Special Forces.zip
Updated

C:\Documents and Settings\Trent\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst
Update failed

C:\Documents and Settings\Trent\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Emailing: Battlefield 2 - Special Forces Addon, Battlefield 2 Special Forces, Battlefield 1942 and Battlefield 2]=>Battlefield 1942 and Battlefield 2.zip=>Setup.exe
Infected with: Worm.Vb.AN

C:\Documents and Settings\Trent\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Emailing: Battlefield 2 - Special Forces Addon, Battlefield 2 Special Forces, Battlefield 1942 and Battlefield 2]=>Battlefield 1942 and Battlefield 2.zip=>Setup.exe
Disinfection failed

C:\Documents and Settings\Trent\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Emailing: Battlefield 2 - Special Forces Addon, Battlefield 2 Special Forces, Battlefield 1942 and Battlefield 2]=>Battlefield 1942 and Battlefield 2.zip=>Setup.exe
Deleted

C:\Documents and Settings\Trent\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Emailing: Battlefield 2 - Special Forces Addon, Battlefield 2 Special Forces, Battlefield 1942 and Battlefield 2]=>Battlefield 1942 and Battlefield 2.zip
Updated

C:\Documents and Settings\Trent\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst
Update failed

C:\Program Files\ESET\infected\52MMGDBA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>bpkhk.dll
Infected with: Generic.Perfloger.83AF2D0B

C:\Program Files\ESET\infected\52MMGDBA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>bpkhk.dll
Disinfection failed

C:\Program Files\ESET\infected\52MMGDBA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>bpkhk.dll
Deleted

C:\Program Files\ESET\infected\52MMGDBA.NQF=>(Quarantine-PE)=>(RAR Sfx o)
Update failed

C:\Program Files\ESET\infected\52MMGDBA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>bpkwb.dll
Detected with: Application.Keylog.Perfect.A

C:\Program Files\ESET\infected\52MMGDBA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>bpkwb.dll
Disinfection failed

C:\Program Files\ESET\infected\52MMGDBA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>bpkwb.dll
Deleted

C:\Program Files\ESET\infected\52MMGDBA.NQF=>(Quarantine-PE)=>(RAR Sfx o)
Update failed

C:\Program Files\ESET\infected\52MMGDBA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>bpk.exe
Infected with: Generic.Keylogger.C14DC4A5

C:\Program Files\ESET\infected\52MMGDBA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>bpk.exe
Disinfection failed

C:\Program Files\ESET\infected\52MMGDBA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>bpk.exe
Deleted

C:\Program Files\ESET\infected\52MMGDBA.NQF=>(Quarantine-PE)=>(RAR Sfx o)
Update failed

C:\Program Files\ESET\infected\52MMGDBA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>rinst.exe
Infected with: Trojan.Keylogger.PerfectKeyLogger.1.4.7

C:\Program Files\ESET\infected\52MMGDBA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>rinst.exe
Disinfection failed

C:\Program Files\ESET\infected\52MMGDBA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>rinst.exe
Deleted

C:\Program Files\ESET\infected\52MMGDBA.NQF=>(Quarantine-PE)=>(RAR Sfx o)
Update failed

C:\Program Files\ESET\infected\CCZQORCA.NQF=>(Quarantine-PE)
Infected with: MemScan:Trojan.Juan.G

C:\Program Files\ESET\infected\CCZQORCA.NQF=>(Quarantine-PE)
Disinfection failed

C:\Program Files\ESET\infected\CCZQORCA.NQF=>(Quarantine-PE)
Deleted

C:\Program Files\ESET\infected\K5XQYADA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>targetsaver.exe
Infected with: Trojan.Downloader.Tsupdate.O

C:\Program Files\ESET\infected\K5XQYADA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>targetsaver.exe
Disinfection failed

C:\Program Files\ESET\infected\K5XQYADA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>targetsaver.exe
Deleted

C:\Program Files\ESET\infected\K5XQYADA.NQF=>(Quarantine-PE)=>(RAR Sfx o)
Update failed








Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\jirfxqnj

*******************

Script file located at: \??\C:\WINDOWS\system32\lgeiwviq.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\jkkji.exe deleted successfully.
File C:\DOCUME~1\Trent\APPLIC~1\tmp27CF.tmp.exe deleted successfully.
File C:\DOCUME~1\Trent\APPLIC~1\tmp27CE.tmp.exe deleted successfully.
File C:\DOCUME~1\Trent\APPLIC~1\tmp22CD.tmp.exe deleted successfully.
File C:\DOCUME~1\Trent\APPLIC~1\tmp22CC.tmp.exe deleted successfully.
File C:\DOCUME~1\Trent\APPLIC~1\tmp20A0.tmp.exe deleted successfully.
File C:\DOCUME~1\Trent\APPLIC~1\tmp209F.tmp.exe deleted successfully.
File C:\DOCUME~1\Trent\APPLIC~1\tmp1479.tmp.exe deleted successfully.
File C:\DOCUME~1\Trent\APPLIC~1\tmp1472.tmp.exe deleted successfully.
File C:\DOCUME~1\Trent\APPLIC~1\tmpC0D.tmp.exe deleted successfully.
File C:\DOCUME~1\Trent\APPLIC~1\tmpBA2.tmp.exe deleted successfully.
File C:\DOCUME~1\Trent\APPLIC~1\tmp8B2.tmp.exe deleted successfully.
File C:\DOCUME~1\Trent\APPLIC~1\tmp2947.tmp.exe deleted successfully.
File C:\DOCUME~1\Trent\APPLIC~1\tmp2943.tmp.exe deleted successfully.
File C:\DOCUME~1\Trent\APPLIC~1\tmp1F83.tmp.exe deleted successfully.
File C:\DOCUME~1\Trent\APPLIC~1\tmp1F7C.tmp.exe deleted successfully.
File C:\DOCUME~1\Trent\APPLIC~1\tmp1E23.tmp.exe deleted successfully.
File C:\DOCUME~1\Trent\APPLIC~1\tmp1E22.tmp.exe deleted successfully.
File C:\DOCUME~1\Trent\APPLIC~1\tmp1942.tmp.exe deleted successfully.
File C:\DOCUME~1\Trent\APPLIC~1\tmp1941.tmp.exe deleted successfully.
File C:\DOCUME~1\Trent\APPLIC~1\tmpD60.tmp.exe deleted successfully.
File C:\DOCUME~1\Trent\APPLIC~1\tmpD5D.tmp.exe deleted successfully.
File C:\DOCUME~1\Trent\APPLIC~1\tmp451.tmp.exe deleted successfully.
File C:\DOCUME~1\Trent\APPLIC~1\tmp444.tmp.exe deleted successfully.
File C:\DOCUME~1\Trent\APPLIC~1\tmp95CB.tmp.exe deleted successfully.
File C:\DOCUME~1\Trent\APPLIC~1\tmp95D8.tmp.exe deleted successfully.
File C:\DOCUME~1\Trent\APPLIC~1\tmp95D1.tmp.exe deleted successfully.
File C:\DOCUME~1\Trent\APPLIC~1\tmp8D77.tmp.exe deleted successfully.
File C:\DOCUME~1\Trent\APPLIC~1\tmp8DAD.tmp.exe deleted successfully.
File C:\DOCUME~1\Trent\APPLIC~1\tmp8DA1.tmp.exe deleted successfully.
File C:\DOCUME~1\Trent\APPLIC~1\tmp8853.tmp.exe deleted successfully.
File C:\DOCUME~1\Trent\APPLIC~1\tmp8869.tmp.exe deleted successfully.
File C:\DOCUME~1\Trent\APPLIC~1\tmp8857.tmp.exe deleted successfully.
File C:\DOCUME~1\Trent\APPLIC~1\tmp649B.tmp.exe deleted successfully.
File C:\DOCUME~1\Trent\APPLIC~1\tmp6497.tmp.exe deleted successfully.
File C:\DOCUME~1\Trent\APPLIC~1\tmp1904.tmp.exe deleted successfully.
File C:\DOCUME~1\Trent\APPLIC~1\tmp1903.tmp.exe deleted successfully.
File C:\DOCUME~1\Trent\APPLIC~1\tmp1885.tmp.exe deleted successfully.
File C:\DOCUME~1\Trent\APPLIC~1\tmp16D6.tmp.exe deleted successfully.
File C:\DOCUME~1\Trent\APPLIC~1\tmp16D5.tmp.exe deleted successfully.
File C:\DOCUME~1\Trent\APPLIC~1\tmp11F7.tmp.exe deleted successfully.
File C:\DOCUME~1\Trent\APPLIC~1\tmp11F2.tmp.exe deleted successfully.
File C:\DOCUME~1\Trent\APPLIC~1\tmpED.tmp.exe deleted successfully.
File C:\DOCUME~1\Trent\APPLIC~1\tmpE2.tmp.exe deleted successfully.
File C:\DOCUME~1\Trent\APPLIC~1\tmpAC54.tmp.exe deleted successfully.

Completed script processing.

*******************

Finished! Terminate.



ComboFix 07-06-11 - C:\Documents and Settings\Trent\Desktop\ComboFix.exe
"Trent" - 2007-06-17 12:34:53 - Service Pack 2 NTFS


((((((((((((((((((((((((( Files Created from 2007-05-17 to 2007-06-17 )))))))))))))))))))))))))))))))


2007-06-16 20:57 <DIR> d-------- C:\WINDOWS\LastGood
2007-06-16 20:57 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-06-16 14:22 <DIR> d-------- C:\TrentJudo
2007-06-14 11:47 <DIR> d-------- C:\Program Files\Blaze Media Pro
2007-06-12 13:30 <DIR> d-------- C:\Program Files\LimeWire
2007-06-12 12:02 4,103,032 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2007-06-12 12:02 13,013 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2007-06-12 12:01 <DIR> d-------- C:\Program Files\Illustrate
2007-06-12 11:51 <DIR> d-------- C:\Converted
2007-06-12 11:43 513,152 --a------ C:\WINDOWS\system32\drivers\MusCDriverV32.sys
2007-06-10 15:10 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-10 14:35 <DIR> d-------- C:\DOCUME~1\Trent\APPLIC~1\Reno 911 Paintball
2007-06-07 16:51 <DIR> d-------- C:\DOCUME~1\Trent\.housecall6.6
2007-06-05 17:51 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-06-01 21:24 <DIR> d-------- C:\Program Files\iTunes
2007-05-30 08:26 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-05-29 11:11 75,512 --a------ C:\WINDOWS\zllsputility.exe
2007-05-29 11:11 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-05-29 11:10 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-05-29 11:10 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-05-29 11:09 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-05-29 00:20 <DIR> d-------- C:\DOCUME~1\Trent\.limewire
2007-05-29 00:03 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2007-05-19 18:57 <DIR> d-------- C:\Program Files\Password Safe
2007-05-19 17:37 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-05-19 17:37 <DIR> d-------- C:\Program Files\Deskshare
2007-05-17 20:22 <DIR> d-------- C:\Program Files\New Folder


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-17 17:40:03 -------- d-----w C:\DOCUME~1\Trent\APPLIC~1\Xfire
2007-06-17 17:36:21 -------- d-s---w C:\Program Files\Xfire
2007-06-17 12:23:01 -------- d-----w C:\Program Files\Steam
2007-06-14 18:26:10 -------- d-----w C:\DOCUME~1\Trent\APPLIC~1\dvdcss
2007-06-12 15:13:28 -------- d-----w C:\Program Files\CoffeeCup Software
2007-06-11 18:11:48 -------- d-----w C:\Program Files\Guild Wars
2007-06-10 01:55:30 -------- d-----w C:\Program Files\a-squared Free
2007-06-10 01:43:40 -------- d-----w C:\Program Files\Neffy
2007-06-10 01:27:15 -------- d-----w C:\DOCUME~1\Trent\APPLIC~1\teamspeak2
2007-06-05 22:51:46 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-05 22:44:42 -------- d-----w C:\Program Files\Microsoft Games
2007-06-02 02:24:31 -------- d-----w C:\Program Files\iPod
2007-05-29 14:40:59 -------- d-----w C:\Program Files\Silkroad
2007-05-29 05:05:21 -------- d-----w C:\Program Files\EA GAMES
2007-05-24 21:14:32 -------- d--h--w C:\DOCUME~1\Trent\APPLIC~1\Move Networks
2007-05-13 04:17:59 -------- d-----w C:\Program Files\Microsoft Works
2007-05-13 04:16:47 -------- d-----w C:\Program Files\Microsoft.NET
2007-05-12 17:06:05 -------- d-----w C:\Program Files\Teamspeak2_RC2
2007-05-12 02:06:01 -------- d-----w C:\Program Files\QuickTime
2007-05-08 03:39:25 -------- d-----w C:\Program Files\Ubisoft
2007-05-08 03:35:49 -------- d-----w C:\Program Files\Hero_Online
2007-05-08 03:30:28 -------- d-----w C:\Program Files\Doom 3
2007-05-08 03:27:44 -------- d-----w C:\Program Files\Electronic Arts
2007-05-02 03:25:57 -------- d-----w C:\Program Files\Yahoo!
2007-05-02 03:22:02 -------- d-----w C:\Program Files\CCleaner
2007-05-01 04:10:14 -------- d-----w C:\DOCUME~1\Trent\APPLIC~1\MySpace
2007-04-27 23:36:17 -------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2007-04-26 23:28:10 -------- d-----w C:\DOCUME~1\Trent\APPLIC~1\Ventrilo
2007-04-26 01:32:01 -------- d-----w C:\DOCUME~1\Trent\APPLIC~1\WordWeb
2007-04-25 15:39:53 -------- d-----w C:\Program Files\DivX
2007-04-24 03:10:29 -------- d-----w C:\Program Files\Trillian
2007-04-17 21:33:24 40,960 ----a-w C:\WINDOWS\system32\SSWv2.dll
2007-04-16 03:42:02 99,904 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-04-12 04:03:57 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-04-04 01:39:02 63,040 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-03-27 07:55:57 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-03-27 07:55:48 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-03-27 07:55:31 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-03-27 07:55:31 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-03-27 07:55:31 116,472 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-03-27 07:55:23 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-03-27 07:55:23 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-03-27 07:49:07 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-03-27 07:49:07 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-03-27 07:49:05 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-03-27 07:49:03 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-03-27 07:49:02 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-03-27 07:49:02 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-03-27 07:49:02 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-03-27 07:49:02 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-03-27 07:48:59 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-03-27 07:48:58 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-03-27 07:48:58 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-03-27 07:48:58 639,066 ----a-w C:\WINDOWS\system32\DivX.dll
2006-05-17 22:17:54 88 --sh--r C:\WINDOWS\system32\8B683F1C52.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-04-07 00:02]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGEIA PhysX SysTray"="C:\Program Files\AGEIA Technologies\TrayIcon.exe" [2006-03-20 14:43]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-03-08 23:21]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-01-11 17:45]
"nwiz"="nwiz.exe" [2006-04-28 15:47 C:\WINDOWS\system32\nwiz.exe]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 16:30]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-05-26 12:45]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ResChanger 2005"="C:\Program Files\ResChanger 2005\ResChanger2005.exe" [2005-05-26 18:30]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 09:13]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SilkRoadHack]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f152f25a-4e2b-11da-bc1c-00301b2b4c2c}]
AutoRun\command- G:\JDSecure\Windows\JDSecure20.exe


Contents of the 'Scheduled Tasks' folder
2007-06-15 23:18:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-17 12:40:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-17 12:41:15
C:\ComboFix-quarantined-files.txt ... 2007-06-17 12:41
C:\ComboFix2.txt ... 2007-06-14 13:23
C:\ComboFix3.txt ... 2007-06-12 08:53

--- E O F ---


Logfile of HijackThis v1.99.1
Scan saved at 12:42, on 2007-06-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\a-squared free\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\ResChanger 2005\ResChanger2005.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ESET\nod32kui.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Trent\Desktop\Protection\HijackThis\abc.bat.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ResChanger 2005] C:\Program Files\ResChanger 2005\ResChanger2005.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1170619651515
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disteng/neff...ffyLauncher.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/heavyweap...aploader_v6.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...624/mcfscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Edited by TRhoden, 17 June 2007 - 12:39 PM.


#13 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 17 June 2007 - 12:58 PM

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)


Your log is clean,hows your pc running now.
Posted Image
Posted Image

#14 TRhoden

TRhoden
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:41 AM

Posted 17 June 2007 - 05:25 PM

It is running great! Thanks for all your help!

#15 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 17 June 2007 - 06:01 PM

Your log is clean :thumbsup:
If all's ok,please do the following:

Find and delete:
VundoFix.exe
Combofix
Avenger

C:\Avenger
C:\QooBox

Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click on the 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description\name for the Restore Point,then click on 'Create',wait,then click 'Close'.
The date and time will be created automatically.

Next click on Start/All Programs/Accessories/System Tools/Disk Cleanup.
The 'Select Drive' box will appear,click on Ok.
The 'Disk Cleanup for [C:]' box will appear,click on the 'More Options' tab.
At the bottom in the 'System Restore' window,click on the 'Clean up...' button.
A box will pop up 'Are you sure you want to delete all but the most recent restore point?',click on 'Yes'.
Click on 'Yes' at 'Are you sure you want to perform these actions?'.
Now wait until 'Disk Cleanup' finishes and the box disappears.

Read through the information found here,to help you prevent any possible future infections.
'How to prevent Malware' by miekiemoes:
http://users.telenet.be/bluepatchy/miekiem...prevention.html
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users