PDA

View Full Version : Virtumonde.dll problems



linnyack
2008-03-29, 10:16
I am having problems with spybot not deleting virtumonde.dll files when a scan has been done and fixing the problems.
On fixing the problems it come up with a smaller window saying:

Unexpected error in fixing problem. Cannot create file C:Windows/wininit.ini and the process cannot access the file its being used by another process. Can you please help

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 6:43:36 PM, on 29/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\system32\zxpwowgjgffq.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\iAVEmailScanner.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Documents and Settings\All Users\Documents\My Music\LimeWire\LimeWire.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\BootCD\WinTools\AutoRun.exe
C:\DOCUME~1\Philyn\LOCALS~1\Temp\HIJACK.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Exploiter/Exploder
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {390E69A8-AD3D-C2B1-4AB9-D1BFDE8E8692} - (no file)
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {013ACE02-BC54-4B71-8768-D34072072A21} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {1A1B9D1E-92F6-42D4-83EF-BB4EB32DF23A} - (no file)
O2 - BHO: (no name) - {2FF867D5-6E1E-4E0E-9DBC-E6B1E261DFAE} - (no file)
O2 - BHO: (no name) - {3E42C121-9252-400A-A631-7868B52774D1} - (no file)
O2 - BHO: (no name) - {408F8D5C-B067-425F-9F45-6CAA69C14CBF} - (no file)
O2 - BHO: (no name) - {40F7620F-5B41-42AE-8A67-3CDDC228B41D} - (no file)
O2 - BHO: (no name) - {4419B524-3A81-4A5A-86EB-65718C0D8BEA} - (no file)
O2 - BHO: (no name) - {49139C73-0667-4161-835C-A2C05B245AEC} - (no file)
O2 - BHO: (no name) - {4E8B94F9-ECC8-4386-BBBE-82E4D0A65C19} - C:\WINDOWS\system32\awvts.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {550772AA-923E-405B-93A7-A4C8420F1945} - (no file)
O2 - BHO: (no name) - {56F86F46-C4B0-414F-A074-D890332CBC1B} - (no file)
O2 - BHO: (no name) - {579AEDD5-2D94-4059-A888-E6C17AD2637B} - (no file)
O2 - BHO: (no name) - {5C752D51-0224-48E3-8C41-1F3A60EBE93D} - (no file)
O2 - BHO: (no name) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
O2 - BHO: dcads - {733716E1-76D2-4003-AC39-845281C0EF85} - C:\WINDOWS\system32\nso87.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7B40940D-11A5-4AF0-91BD-F5FB4426FB30} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A0D37C83-C371-4C95-A5D4-2C658ED0F63A} - (no file)
O2 - BHO: (no name) - {AC7D5F13-5684-4743-B257-EAD20086DB7F} - (no file)
O2 - BHO: (no name) - {B296603D-D6A7-4D89-AEB5-7C9621F0FB4B} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {BE8AEB1F-2DF0-463A-A788-EEC792F8F680} - (no file)
O2 - BHO: (no name) - {C32B4CF0-A73F-4BB0-9C9B-93C7366F36C6} - (no file)
O2 - BHO: (no name) - {C8B63983-E145-4FE7-B952-2F1ED9EB9B0F} - (no file)
O2 - BHO: (no name) - {C92ABDF6-298E-4C03-A4B9-6A3C0C273429} - (no file)
O2 - BHO: (no name) - {CDC2EB9E-02D8-48F4-83F1-48746E60B79B} - (no file)
O2 - BHO: (no name) - {D5D67270-EAC4-43E6-8414-43939EA39D43} - (no file)
O2 - BHO: (no name) - {F67551B1-A5C7-4964-AB3C-316C82F555BA} - (no file)
O2 - BHO: (no name) - {FBDE121B-94D0-457B-B32C-91648AFAE76D} - (no file)
O2 - BHO: (no name) - {FDB85F70-0E4E-4D64-B751-C4A5CF1B4BF3} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [Machine Debug Mgr] mdn.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iolo AntiVirus] "C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [b] C:\WINDOWS\system32\b.exe
O4 - HKLM\..\Run: [zxpwowgjgffq] C:\WINDOWS\system32\zxpwowgjgffq.exe
O4 - HKLM\..\Run: [0c1581d7] rundll32.exe "C:\WINDOWS\system32\chxqshci.dll",b
O4 - HKLM\..\Run: [BM0f26b24b] Rundll32.exe "C:\WINDOWS\system32\tlxtmcry.dll",s
O4 - HKLM\..\Run: [iolo Personal Firewall] "C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe"
O4 - HKLM\..\RunServices: [b] C:\WINDOWS\system32\b.exe
O4 - HKLM\..\RunServices: [zxpwowgjgffq] C:\WINDOWS\system32\zxpwowgjgffq.exe
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = My Music\LimeWire\LimeWire.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O16 - DPF: CabBuilder - http://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://wrifil38.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.bigfishgames.com/online/bejeweled2/popcaploader_v6.cab
O20 - Winlogon Notify: dsgmxonq - C:\WINDOWS\SYSTEM32\dsgmxonq.dll
O20 - Winlogon Notify: Reliability - C:\WINDOWS\
O20 - Winlogon Notify: __c00AF3AF - C:\WINDOWS\SYSTEM32\__c00AF3AF.dat
O20 - Winlogon Notify: __c00FEF15 - C:\WINDOWS\SYSTEM32\__c00FEF15.dat
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: ShellService - {8FB2D6CA-E258-48CF-9DAB-EEFB735E225C} - C:\WINDOWS\system32\config\atww\ShellService.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Print Spooler Service (eqoaulouamlm) - Unknown owner - C:\WINDOWS\system32\zxpwowgjgffq.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 15602 bytes

linnyack
2008-03-29, 13:24
I have run hijackthis again and also tried combofix but still have the virtumonde.dll files in the spybot scan which wont delete. Please Help

HiJackThis:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9:50:05 PM, on 29/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\system32\zxpwowgjgffq.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe
C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Documents and Settings\All Users\Documents\My Music\LimeWire\LimeWire.exe
C:\WINDOWS\explorer.exe
C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\iAVEmailScanner.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
D:\BootCD\WinTools\AutoRun.exe
C:\DOCUME~1\Philyn\LOCALS~1\Temp\HIJACK.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {390E69A8-AD3D-C2B1-4AB9-D1BFDE8E8692} - (no file)
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {4E8B94F9-ECC8-4386-BBBE-82E4D0A65C19} - C:\WINDOWS\system32\awvts.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [Machine Debug Mgr] mdn.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iolo AntiVirus] "C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [zxpwowgjgffq] C:\WINDOWS\system32\zxpwowgjgffq.exe
O4 - HKLM\..\Run: [0c1581d7] rundll32.exe "C:\WINDOWS\system32\chxqshci.dll",b
O4 - HKLM\..\Run: [BM0f26b24b] Rundll32.exe "C:\WINDOWS\system32\tlxtmcry.dll",s
O4 - HKLM\..\Run: [iolo Personal Firewall] "C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe"
O4 - HKLM\..\RunServices: [b] C:\WINDOWS\system32\b.exe
O4 - HKLM\..\RunServices: [zxpwowgjgffq] C:\WINDOWS\system32\zxpwowgjgffq.exe
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = My Music\LimeWire\LimeWire.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O16 - DPF: CabBuilder - http://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://wrifil38.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.bigfishgames.com/online/bejeweled2/popcaploader_v6.cab
O20 - Winlogon Notify: __c00AF3AF - __c00AF3AF.dat (file missing)
O20 - Winlogon Notify: __c00FEF15 - __c00FEF15.dat (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: ShellService - {8FB2D6CA-E258-48CF-9DAB-EEFB735E225C} - C:\WINDOWS\system32\config\atww\ShellService.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Print Spooler Service (eqoaulouamlm) - Unknown owner - C:\WINDOWS\system32\zxpwowgjgffq.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 13165 bytes

linnyack
2008-03-29, 13:25
ComboFix 08-03-27.3 - Philyn 2008-03-29 21:31:48.2 - NTFSx86
Running from: C:\Documents and Settings\Philyn\Desktop\ComboFix2.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
The following files were disabled during the run:
C:\Program Files\iolo\common\lib\ioloHL.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\__c00AF3AF.dat
C:\WINDOWS\system32\__c00FEF15.dat
C:\WINDOWS\system32\_000008_.tmp.dll
C:\WINDOWS\system32\_000009_.tmp.dll
C:\WINDOWS\system32\b.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_npf


((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-29 )))))))))))))))))))))))))))))))
.

2008-03-29 21:31 . 2008-03-29 21:31 <DIR> d-------- C:\ComboFix
2008-03-29 19:49 . 2008-03-29 19:49 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-28 20:24 . 2008-03-28 20:24 <DIR> d-------- C:\WINDOWS\ccleaner
2008-03-28 18:46 . 2008-03-28 19:15 163,840 --a------ C:\WINDOWS\system32\sfix.exe
2008-03-28 18:46 . 2008-03-28 19:15 163,840 --a------ C:\WINDOWS\system32\gzcsaayg.exe
2008-03-28 18:44 . 2008-03-28 18:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-03-28 18:31 . 2008-03-28 18:31 <DIR> d-------- C:\Program Files\Windows Live Favorites
2008-03-28 12:45 . 2008-03-29 18:08 1,584,237 ---hs---- C:\WINDOWS\system32\ichsqxhc.ini
2008-03-28 07:47 . 2008-03-28 12:45 1,583,367 --ahs---- C:\WINDOWS\system32\wfnsvbgd.ini
2008-03-28 07:35 . 2008-03-28 07:35 315,568 --------- C:\WINDOWS\system32\ddaba.dll_old
2008-03-27 19:07 . 2008-03-27 19:07 315,600 --------- C:\WINDOWS\system32\awvts.dll_old
2008-03-26 22:03 . 2008-03-26 22:32 253,952 --a------ C:\WINDOWS\system32\zxpwowgjgffq.exe
2008-03-26 21:28 . 2008-03-26 21:28 315,600 --------- C:\WINDOWS\system32\ddcyv.dll_old
2008-03-25 15:28 . 2008-03-25 15:28 315,552 --------- C:\WINDOWS\system32\ddayy.dll_old
2008-03-24 21:11 . 2008-03-24 21:12 315,552 --------- C:\WINDOWS\system32\awvvw.dll_old
2008-03-23 16:08 . 2008-03-23 16:08 315,616 --------- C:\WINDOWS\system32\gebca.dll_old
2008-03-22 12:03 . 2008-03-22 12:03 315,552 --------- C:\WINDOWS\system32\geedd.dll_old
2008-03-20 21:49 . 2008-03-20 21:49 315,536 --------- C:\WINDOWS\system32\gebcb.dll_old
2008-03-20 16:29 . 2008-03-20 16:29 315,504 --------- C:\WINDOWS\system32\mljgf.dll_old
2008-03-19 22:16 . 2008-03-19 22:16 315,504 --------- C:\WINDOWS\system32\awtst.dll_old
2008-03-19 22:03 . 2008-03-19 22:03 315,504 --------- C:\WINDOWS\system32\pmkjg.dll_old
2008-03-19 09:20 . 2008-03-19 09:20 315,600 --------- C:\WINDOWS\system32\geedc.dll_old
2008-03-18 20:45 . 2008-03-18 20:46 315,600 --------- C:\WINDOWS\system32\vtsqp.dll_old
2008-03-17 13:11 . 2008-03-29 21:40 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-17 13:11 . 2008-03-17 13:11 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-14 08:47 . 2008-03-14 08:47 315,536 --------- C:\WINDOWS\system32\mllmn.dll_old
2008-03-10 19:33 . 2008-03-10 19:43 4,077,500,416 --a------ C:\MENACE.ISO
2008-03-10 16:39 . 2008-03-10 16:42 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-03-10 15:21 . 2007-12-07 12:51 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-03-10 15:21 . 2007-07-01 14:01 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-03-10 15:21 . 2007-07-01 14:06 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-03-10 15:21 . 2007-12-07 12:51 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-03-10 15:21 . 2007-12-07 12:51 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-03-10 15:21 . 2007-12-07 12:51 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-03-10 15:21 . 2007-12-07 12:51 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-03-10 15:21 . 2007-12-07 12:51 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-03-10 15:21 . 2007-12-06 21:30 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-03-10 14:09 . 2008-03-10 16:39 <DIR> d-------- C:\Program Files\Nero
2008-03-08 22:49 . 2008-03-08 22:50 <DIR> d-------- C:\Program Files\iTunes
2008-03-08 22:49 . 2008-03-08 22:49 <DIR> d-------- C:\Program Files\iPod
2008-03-08 22:44 . 2008-03-08 22:45 <DIR> d-------- C:\Program Files\QuickTime
2008-03-05 19:36 . 2008-03-05 19:36 0 --a------ C:\WINDOWS\Irremote.ini
2008-03-03 16:36 . 2008-03-14 14:08 <DIR> d-------- C:\Documents and Settings\Kids\Phone Browser
2008-03-03 16:09 . 2008-03-14 14:07 <DIR> d-------- C:\Warcraft III
2008-03-02 15:07 . 2008-03-22 19:57 139,264 --a------ C:\WINDOWS\War3Unin.exe
2008-03-02 15:07 . 2008-03-22 19:57 77,661 --a------ C:\WINDOWS\War3Unin.dat
2008-03-02 15:07 . 2008-03-22 19:57 2,829 --a------ C:\WINDOWS\War3Unin.pif

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-29 11:11 --------- d-----w C:\Documents and Settings\Philyn\Application Data\LimeWire
2008-03-29 09:41 374 ----a-w C:\Documents and Settings\Philyn\Application Data\internaldb6334.dat
2008-03-29 09:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-28 08:57 --------- d-----w C:\Program Files\RegistrySmart
2008-03-28 08:03 --------- d-----w C:\Program Files\Yahoo!
2008-03-28 08:03 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-03-28 07:53 --------- d-----w C:\Program Files\Windows Live
2008-03-28 07:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-28 07:08 --------- d-----w C:\Program Files\SlySoft
2008-03-28 06:59 --------- d--h--r C:\Documents and Settings\Philyn\Application Data\yahoo!
2008-03-28 06:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-03-26 11:27 --------- d-----w C:\Program Files\Microsoft LifeCam
2008-03-26 11:15 --------- d-----w C:\Program Files\Google
2008-03-10 09:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-03-10 06:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-03-10 03:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-28 07:38 --------- d-----w C:\Program Files\Seagate
2008-02-28 07:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Seagate
2008-02-28 07:37 --------- d-----w C:\Program Files\MSXML 6.0
2008-02-22 01:14 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-22 00:47 --------- d-----w C:\Program Files\Adverts
2008-02-21 05:01 --------- d-----w C:\Program Files\IrfanView
2008-02-21 03:58 555 ----a-w C:\Documents and Settings\Philyn\Application Data\internaldb8467.dat
2008-02-21 03:58 18,432 ----a-w C:\Documents and Settings\Philyn\Application Data\internaldb41.dat
2008-02-21 02:03 --------- d-----w C:\Program Files\RegistryFix
2008-02-21 01:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-21 01:11 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-16 23:53 --------- d-----w C:\Documents and Settings\Kids\Application Data\Skype
2008-02-16 11:02 --------- d-----w C:\Program Files\Mortimer Beckett And The Secrets Of Spooky Manor
2008-02-10 04:37 --------- d-----w C:\Program Files\Aspyr
2008-02-10 04:19 --------- d--h--r C:\Documents and Settings\Philyn\Application Data\SecuROM
2008-02-10 03:00 363,980 ----a-w C:\WINDOWS\1-fe5e180d56ed9c233080898276c260cc.exe
2008-02-10 02:59 177,480 ----a-w C:\WINDOWS\distro_SelectRebatesSetup_um1002.exe
2008-02-09 10:41 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-08 13:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Go Go Gourmet
2008-02-08 13:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-02-08 12:58 --------- d-----w C:\Program Files\bfgclient
2008-02-05 07:27 --------- d-----w C:\Documents and Settings\Philyn\Application Data\PlayFirst
2008-02-05 07:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-02-02 23:31 --------- d-----w C:\Documents and Settings\Kids\Application Data\Nero
2008-02-02 07:07 --------- d-----w C:\Documents and Settings\Philyn\Application Data\Nero
2008-02-01 04:49 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-01 00:41 586,240 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-29 23:59 --------- d-----w C:\Documents and Settings\Philyn\Application Data\Nokia Multimedia Player
2007-06-27 09:16 8 ----a-w C:\Documents and Settings\Philyn\Application Data\usb.dat.bin
2006-11-11 04:29 24,192 ----a-w C:\Documents and Settings\Philyn\usbsermptxp.sys
2006-11-11 04:29 22,768 ----a-w C:\Documents and Settings\Philyn\usbsermpt.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

linnyack
2008-03-29, 13:26
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E8B94F9-ECC8-4386-BBBE-82E4D0A65C19}]
C:\WINDOWS\system32\awvts.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe" [2008-03-13 10:28 759656]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2007-04-12 02:43 1661304]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 17:53 221568]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2002-12-31 22:30 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe" [2008-03-13 10:28 759656]
"VX3000"="C:\WINDOWS\vVX3000.exe" [2006-06-30 10:25 707376]
"USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 21:44 65536]
"Machine Debug Mgr"="mdn.exe" []
"BluetoothAuthenticationAgent"="bthprops.cpl" [2002-12-31 22:30 110592 C:\WINDOWS\system32\bthprops.cpl]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"basicsmssmenu"="C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 16:21 169328]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"iolo AntiVirus"="C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe" [2008-03-05 10:48 1095520]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-06-30 10:24 269104]
"zxpwowgjgffq"="C:\WINDOWS\system32\zxpwowgjgffq.exe" [2008-03-26 22:32 253952]
"0c1581d7"="C:\WINDOWS\system32\chxqshci.dll" [ ]
"BM0f26b24b"="C:\WINDOWS\system32\tlxtmcry.dll" [ ]
"iolo Personal Firewall"="C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe" [2008-03-05 11:06 1305440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SMRequiresRestart"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"b"="C:\WINDOWS\system32\b.exe" [ ]
"zxpwowgjgffq"="C:\WINDOWS\system32\zxpwowgjgffq.exe" [2008-03-26 22:32 253952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2002-12-31 22:30 15360]

C:\Documents and Settings\Philyn\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Documents and Settings\All Users\Documents\My Music\LimeWire\LimeWire.exe [2008-02-09 08:02:57 147456]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{8FB2D6CA-E258-48CF-9DAB-EEFB735E225C}"= C:\WINDOWS\system32\config\atww\ShellService.dll [2007-09-12 05:47 90240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00AF3AF]
__c00AF3AF.dat

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00FEF15]
__c00FEF15.dat

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
--a------ 2002-12-31 22:30 176216 C:\Program Files\Executive Software\Diskeeper\DkIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2005-02-24 16:02 5537792 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2005-02-24 16:02 86016 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-02-24 16:02 1495040 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-03 12:54 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2005-02-24 03:43 77824 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\Msmsgs.exe"=
"C:\\Documents and Settings\\All Users\\Documents\\My Music\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\Aspyr\\Guitar Hero III\\gh3.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Documents and Settings\\Kids\\Desktop\\Warcraft III.exe"=
"C:\\Warcraft III\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 XPacket;iolo Personal Firewall Driver;C:\WINDOWS\system32\xpacket.sys [2007-05-18 17:08]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2004-11-03 02:30]
R1 Klmc;Klmc;C:\WINDOWS\system32\drivers\klmc.sys [2005-10-04 01:29]
R2 Basics Service;Basics Service;"C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe" [2007-10-09 16:21]
R2 eqoaulouamlm;Print Spooler Service;C:\WINDOWS\system32\zxpwowgjgffq.exe [2008-03-26 22:32]
R2 filesvc;filesvc;C:\WINDOWS\system32\config\atww\filesvc.sys [2007-05-26 10:35]
R2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-03-13 10:11]
R2 ioloSystemService;iolo System Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-03-13 10:11]
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamSvc.exe" [2006-06-30 10:24]
R2 procdrv;procdrv;C:\WINDOWS\system32\config\atww\procdrv.sys [2007-05-26 10:35]
R2 regfil;regfil;C:\WINDOWS\system32\config\atww\regfil.sys [2007-05-26 10:35]
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2003-12-19 22:45]
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2004-06-12 21:57]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2004-01-10 20:58]
S3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys [2004-03-04 02:20]
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 15:31]
S3 W8100XP;Marvell Libertas 802.11b/g SoftAP Driver for Windows XP ;C:\WINDOWS\system32\DRIVERS\mrv8ka51.sys [2004-05-21 06:17]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8cbcea4c-9807-11dc-8b06-0002443a4731}]
\Shell\AutoRun\command - E:\Launch.exe /run

.
Contents of the 'Scheduled Tasks' folder
"2008-03-27 07:39:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-29 10:20:02 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-03-28 22:30:00 C:\WINDOWS\Tasks\Temp.job"
- C:\WINDOWS\Temp
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-29 21:41:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\iolo\common\lib\ioloHL.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\iolo\common\lib\ioloHL.dll

PROCESS: C:\WINDOWS\system32\csrss.exe
-> C:\Program Files\iolo\common\lib\ioloHL.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\iAVEmailScanner.exe
.
**************************************************************************
.
Completion time: 2008-03-29 21:48:55 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-29 11:18:33
ComboFix2.txt 2008-03-29 09:54:56
Pre-Run: 20,739,022,848 bytes free
Post-Run: 20,727,963,648 bytes free
.
2008-03-28 16:33:14 --- E O F ---