View Full Version : Need to remove Virtumonde
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:03:17 AM, on 10/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmjb.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_director.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\Plugins\RazaWebHook.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [MimBoot] C:\Program Files\Musicmatch\Musicmatch Jukebox\mimboot.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [mntwebapi] C:\WINDOWS\system32\xopgdyvy.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [MAHC3SPcTh] C:\Documents and Settings\All Users.WINDOWS\Application Data\dqngtkfw\nchsxmtq.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1220455285503
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O21 - SSODL: SetHlp - {755AF48E-1D7D-4E94-CEDA-009958966B24} - C:\Program Files\cpkgiid\SetHlp.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 11573 bytes
pskelley
2008-10-21, 03:11
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.
Make sure you read and follow the directions, anything else will slow the process and waste both of our time. I suggest you keep this computer offline except when troubleshooting, the junk may download more. If you have any tool I use, delete it and download it new from the link I provide. Read and follow the directions carefully, the tools will not work unless you do.
The junk can be tough to remove, so do not expect fast or easy.
1) We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:
* Run Spybot-S&D in Advanced Mode.
* If it is not already set to do this Go to the Mode menu select "Advanced Mode"
* On the left hand side, Click on Tools
* Then click on the Resident Icon in the List
* Uncheck "Resident TeaTimer" and OK any prompts.
* Restart your computer.
(leave TT disabled until we finish)
2) Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.
3) Remove any old copies of combofix before you proceed.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
Read and follow these directions
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Thanks to sUBs and anyone else who helped with this fix.
It is important that it is saved directly to your Desktop.
Download ComboFix from Here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your Desktop
Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
Post the uninstall list, the combofix log and a new HJT log.
How is the computer running?
Thanks
ComboFix Log File
ComboFix 08-10-22.05 - Dave DeBruin 2008-10-23 2:38:59.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.990 [GMT -6:00]
Running from: C:\Software Updates\VirusInfo\ComboFix-Malware&TrojanRemover\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\IE4 Error Log.txt
.
((((((((((((((((((((((((( Files Created from 2008-09-23 to 2008-10-23 )))))))))))))))))))))))))))))))
.
2008-10-23 02:02 . 2008-10-23 02:02 81,920 --a------ C:\WINDOWS\system32\nsbydanq.exe
2008-10-23 01:14 . 2008-10-23 01:14 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\CyberLink
2008-10-20 05:02 . 2008-10-20 05:02 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-18 13:03 . 2008-10-18 13:03 <DIR> d-------- C:\WINDOWS\Sun
2008-10-18 13:02 . 2008-10-18 13:02 <DIR> d-------- C:\Program Files\Java
2008-10-18 13:02 . 2008-10-18 13:02 49,262 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2008-10-18 13:01 . 2008-10-18 13:01 <DIR> d-------- C:\Program Files\Common Files\Java
2008-10-17 18:44 . 2008-10-17 18:44 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\LightScribe
2008-10-17 16:32 . 2008-10-17 16:32 86,016 --a------ C:\WINDOWS\system32\wvylkruv.exe
2008-10-17 16:23 . 2008-10-17 16:23 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\CyberLink
2008-10-17 15:31 . 2008-10-22 22:26 <DIR> d-------- C:\Documents and Settings\Dave DeBruin\Application Data\CyberLink
2008-10-17 15:30 . 2008-10-17 15:35 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\CyberLink
2008-10-17 14:18 . 2008-10-17 20:39 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-17 14:18 . 2008-10-18 01:13 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-10-17 13:53 . 2008-10-22 22:28 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-10-17 13:42 . 2008-10-23 01:12 <DIR> d-------- C:\MyWorks
2008-10-17 12:42 . 2008-10-17 13:41 <DIR> d-------- C:\Program Files\XoftSpySE
2008-10-17 12:12 . 2008-10-17 13:41 <DIR> d-------- C:\Program Files\RegCure
2008-10-17 10:37 . 2008-10-17 13:43 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2008-10-17 10:36 . 2008-10-17 18:45 <DIR> d-------- C:\Documents and Settings\Dave DeBruin\Application Data\Ahead
2008-10-17 10:35 . 2008-10-17 10:35 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ahead
2008-10-17 10:33 . 2008-10-17 10:33 <DIR> d-------- C:\Program Files\Nero
2008-10-17 10:33 . 2008-10-17 13:41 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-10-17 10:33 . 2008-10-17 13:42 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero
2008-10-17 10:28 . 2008-10-17 10:30 <DIR> d-------- C:\Temp
2008-10-17 10:27 . 2008-10-23 02:24 <DIR> d-------- C:\Program Files\lg_fwupdate
2008-10-17 10:27 . 1998-06-24 00:00 115,016 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-10-17 10:27 . 1998-07-22 00:00 102,912 --a------ C:\WINDOWS\system32\Vb6stkit.dll
2008-10-17 10:27 . 1998-07-22 00:00 102,160 --a------ C:\WINDOWS\system32\VB6KO.DLL
2008-10-17 10:27 . 2001-08-29 21:00 59,904 --a------ C:\WINDOWS\system32\wbemdisp.tlb
2008-10-17 10:27 . 2006-02-17 14:19 16,384 --a------ C:\WINDOWS\system32\lgfwunis.exe
2008-10-17 10:27 . 2008-10-23 02:24 265 --a------ C:\WINDOWS\lgfwup.ini
2008-10-17 10:20 . 2008-10-17 13:20 <DIR> d-------- C:\Program Files\CyberLink
2008-10-17 10:20 . 2007-01-08 22:17 27,168 --------- C:\WINDOWS\system32\msxml3a.dll
2008-10-17 03:04 . 2008-10-17 03:04 <DIR> d-------- C:\Program Files\cpkgiid
2008-10-17 03:04 . 2008-10-17 03:04 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\dqngtkfw
2008-10-17 03:04 . 2008-10-17 03:04 77,824 --a------ C:\WINDOWS\system32\xopgdyvy.exe
2008-10-17 01:30 . 2008-10-17 01:30 870,128 --a------ C:\WINDOWS\system32\mcs.rma
2008-10-17 01:30 . 2008-10-17 01:30 4 --a------ C:\WINDOWS\system32\DF77E9
2008-10-17 01:29 . 2008-10-17 01:29 8,413 --a------ C:\WINDOWS\system32\drivers\mcstrm.sys
2008-10-06 18:13 . 2008-10-06 18:13 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-10-06 18:13 . 2008-10-06 18:13 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2008-10-06 05:09 . 2008-10-06 05:11 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-10-05 11:28 . 2008-10-09 10:43 <DIR> d-------- C:\Program Files\Macromedia
2008-10-05 11:28 . 2008-10-05 11:28 <DIR> d-------- C:\Program Files\Common Files\Macromedia
2008-10-05 11:28 . 1997-02-27 13:00 247,808 --a------ C:\WINDOWS\system32\QTVRW32.QTC
2008-10-05 11:27 . 2008-10-05 11:27 <DIR> d-------- C:\Documents and Settings\Dave DeBruin\WINDOWS
2008-10-05 11:27 . 1997-01-18 09:40 299,520 --a------ C:\WINDOWS\uninst.exe
2008-10-05 09:56 . 1998-12-02 01:22 237 --a------ C:\WINDOWS\swacnfg.ini
2008-10-05 08:38 . 2008-10-05 08:38 <DIR> d-------- C:\Documents and Settings\Dave DeBruin\Application Data\LG Electronics
2008-10-05 08:16 . 2008-10-05 08:41 <DIR> d-------- C:\Program Files\LG PC Suite
2008-10-03 19:44 . 2008-10-03 19:44 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\FLEXnet
2008-10-03 19:29 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-10-03 19:29 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-10-03 18:15 . 2008-10-03 18:15 <DIR> d-------- C:\Program Files\Bonjour
2008-10-03 18:07 . 2008-10-03 18:07 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-10-01 16:48 . 2008-10-13 13:00 <DIR> d-------- C:\OutLawMusic2008
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-17 16:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-17 16:02 --------- d-----w C:\Program Files\Sonic
2008-10-09 12:19 --------- d-----w C:\Program Files\Common Files\Adobe
2008-10-07 00:14 --------- d-----w C:\Program Files\QuickTime
2008-10-06 10:35 --------- d-----w C:\Documents and Settings\Dave DeBruin\Application Data\nView_Wallpaper
2008-10-03 22:51 --------- d-----w C:\Program Files\Yahoo!
2008-10-03 10:30 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8
2008-09-30 07:38 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-09-22 23:39 --------- d-----w C:\Documents and Settings\Dave DeBruin\Application Data\AdobeUM
2008-09-20 08:13 --------- d-----w C:\Program Files\AudioLabel
2008-09-20 07:43 --------- d-----w C:\Program Files\BitTorrent Fastest Tool
2008-09-12 09:08 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-09-12 09:08 --------- d-----w C:\Program Files\ACD Systems
2008-09-10 09:09 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2008-09-04 02:44 --------- d-----w C:\Program Files\Solveig Multimedia
2008-09-04 02:42 --------- d-----w C:\Program Files\MSDN
2008-09-04 02:29 --------- d-----w C:\Program Files\Microsoft Visual Studio 9.0
2008-09-04 02:27 --------- d-----w C:\Program Files\MSBuild
2008-09-04 02:13 --------- d-----w C:\Program Files\Common Files\Merge Modules
2008-09-03 20:46 --------- d-----w C:\Documents and Settings\Dave DeBruin\Application Data\Apple Computer
2008-09-03 20:14 --------- d-----w C:\Documents and Settings\Dave DeBruin\Application Data\NoteTable
2008-08-28 16:59 --------- d-----w C:\Program Files\Business Objects
2008-08-28 16:56 --------- d-----w C:\Program Files\Microsoft.NET
2008-08-28 16:53 --------- d-----w C:\Program Files\MSXML 6.0
2008-08-28 16:49 --------- d-----w C:\Program Files\Microsoft Device Emulator
2008-08-28 16:48 --------- d-----w C:\Program Files\Windows Mobile 5.0 SDK R2
2008-08-28 16:46 --------- d-----w C:\Program Files\Microsoft Synchronization Services
2008-08-28 16:46 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-08-28 16:39 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\PreEmptive Solutions
2008-08-28 16:35 --------- d-----w C:\Program Files\HTML Help Workshop
2008-08-28 16:31 --------- d-----w C:\Program Files\Microsoft SDKs
2008-08-28 16:28 --------- d-----w C:\Program Files\Microsoft Web Designer Tools
2008-08-28 06:08 --------- d-----w C:\Program Files\Windows Media Components
2008-08-28 05:49 --------- d-----w C:\Program Files\Elecard
2008-08-28 05:49 --------- d-----w C:\Program Files\Common Files\Elecard
2008-08-27 13:49 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\NVIDIA
2008-08-27 13:47 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\nView_Profiles
2008-08-25 09:03 --------- d-----w C:\Program Files\MSXML 4.0
2008-08-24 20:38 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-08-24 16:28 --------- d-----w C:\Program Files\Pinnacle
2008-08-24 11:34 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Pinnacle Studio
2008-08-24 11:33 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Pinnacle
2008-08-24 11:10 --------- d-----w C:\Documents and Settings\Dave DeBruin\Application Data\InstallShield
2008-08-20 20:12 203,776 ----a-w C:\WINDOWS\system32\clrviddc.dll
2008-08-08 15:09 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-07-25 08:36 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-07-23 16:50 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-07-23 16:50 120,056 -c----w C:\WINDOWS\system32\pxcpyi64.exe
2008-07-23 16:50 118,520 -c----w C:\WINDOWS\system32\pxinsi64.exe
2008-07-23 16:48 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-07-23 16:48 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-07-23 16:46 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2005-11-08 18:43 271 --sh--w C:\Program Files\desktop.ini
2005-11-08 18:43 21,952 -c-ha-w C:\Program Files\folder.htt
2002-07-26 23:02 153,088 ----a-w C:\Program Files\UNWISE.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"LaunchList"="C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 145496]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-12-05 2295072]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-08 1235736]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 7700480]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-08-10 185896]
"USB2Check"="C:\WINDOWS\system32\PCLECoInst.dll" [2007-01-23 81920]
"USBToolTip"="C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"MimBoot"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mimboot.exe" [2005-01-18 11776]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-01-18 110592]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" [2008-10-17 548864]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [2007-11-26 1629480]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2007-11-26 1057064]
"NBKeyScan"="C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" [2007-09-17 1377576]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0\bin\jusched.exe" [2008-10-18 36972]
"C-Media Mixer"="Mixer.exe" [2002-10-15 C:\WINDOWS\mixer.exe]
"nwiz"="nwiz.exe" [2006-10-22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-10-22 C:\WINDOWS\system32\nvmctray.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"MAHC3SPcTh"="C:\Documents and Settings\All Users.WINDOWS\Application Data\dqngtkfw\nchsxmtq.exe" [2008-10-17 57344]
C:\Documents and Settings\Dave DeBruin\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2008-09-20 225280]
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2008-10-08 295606]
Adobe Acrobat Synchronizer.lnk - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-08-12 110592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SetHlp"= {755AF48E-1D7D-4E94-CEDA-009958966B24} - C:\Program Files\cpkgiid\SetHlp.dll [2008-10-17 102400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"VIDC.MJPG"= Pvmjpg30.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Expression\\Media 2\\Media.exe"= C:\\Program Files\\Microsoft Expression\\Media 2\\Media.exe
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\Adobe\\Adobe Flash CS3\\Flash.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6346:UDP"= 6346:UDP:Sharaza
R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-08-07 12936]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-08 97928]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-15 875288]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-08 231704]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-07 76040]
S3 PinnacleMarvinAVS;Pinnacle AVStream Service for MovieBox Deluxe, 500-USB and 700-USB;C:\WINDOWS\system32\DRIVERS\MarvinAVS.sys [2007-05-09 434176]
S4 cdawdm;CDAWDM;C:\WINDOWS\system32\DRIVERS\CDAWDM.sys [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\AutoRun\AutoRun.exe
*Newly Created Service* - PROCEXP90
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2008-10-20 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2008-10-23 C:\WINDOWS\Tasks\RegCure Program Check.job
- C:\Program Files\RegCure\RegCure.exe [2007-08-02 09:20]
2008-10-17 C:\WINDOWS\Tasks\RegCure.job
- C:\Program Files\RegCure\RegCure.exe [2007-08-02 09:20]
2008-10-23 C:\WINDOWS\Tasks\XoftSpySE 2.job
- C:\Program Files\XoftSpySE\XoftSpy.exe [2008-10-15 08:21]
2008-10-21 C:\WINDOWS\Tasks\XoftSpySE.job
- C:\Program Files\XoftSpySE\XoftSpy.exe [2008-10-15 08:21]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.Google.com
R0 -: HKLM-Main,Start Page = hxxp://www.Google.com
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 -: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 -: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Download with &Shareaza - C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: Open Picture in &Microsoft PhotoDraw - C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
O15 -: Trusted Zone: *.musicmatch.com
O15 -: Trusted Zone: *.musicmatch.com
O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
C:\WINDOWS\Downloaded Program Files\SysReqLab3.osd
C:\WINDOWS\Downloaded Program Files\sysreqlab3.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-23 02:45:44
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-10-23 2:50:02
ComboFix-quarantined-files.txt 2008-10-23 08:49:39
Pre-Run: 30,241,812,480 bytes free
Post-Run: 31,159,148,544 bytes free
253 --- E O F --- 2008-10-05 14:01:24
HighJackThis Log File
ComboFix 08-10-22.05 - Dave DeBruin 2008-10-23 2:38:59.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.990 [GMT -6:00]
Running from: C:\Software Updates\VirusInfo\ComboFix-Malware&TrojanRemover\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\IE4 Error Log.txt
.
((((((((((((((((((((((((( Files Created from 2008-09-23 to 2008-10-23 )))))))))))))))))))))))))))))))
.
2008-10-23 02:02 . 2008-10-23 02:02 81,920 --a------ C:\WINDOWS\system32\nsbydanq.exe
2008-10-23 01:14 . 2008-10-23 01:14 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\CyberLink
2008-10-20 05:02 . 2008-10-20 05:02 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-18 13:03 . 2008-10-18 13:03 <DIR> d-------- C:\WINDOWS\Sun
2008-10-18 13:02 . 2008-10-18 13:02 <DIR> d-------- C:\Program Files\Java
2008-10-18 13:02 . 2008-10-18 13:02 49,262 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2008-10-18 13:01 . 2008-10-18 13:01 <DIR> d-------- C:\Program Files\Common Files\Java
2008-10-17 18:44 . 2008-10-17 18:44 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\LightScribe
2008-10-17 16:32 . 2008-10-17 16:32 86,016 --a------ C:\WINDOWS\system32\wvylkruv.exe
2008-10-17 16:23 . 2008-10-17 16:23 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\CyberLink
2008-10-17 15:31 . 2008-10-22 22:26 <DIR> d-------- C:\Documents and Settings\Dave DeBruin\Application Data\CyberLink
2008-10-17 15:30 . 2008-10-17 15:35 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\CyberLink
2008-10-17 14:18 . 2008-10-17 20:39 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-17 14:18 . 2008-10-18 01:13 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-10-17 13:53 . 2008-10-22 22:28 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-10-17 13:42 . 2008-10-23 01:12 <DIR> d-------- C:\MyWorks
2008-10-17 12:42 . 2008-10-17 13:41 <DIR> d-------- C:\Program Files\XoftSpySE
2008-10-17 12:12 . 2008-10-17 13:41 <DIR> d-------- C:\Program Files\RegCure
2008-10-17 10:37 . 2008-10-17 13:43 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2008-10-17 10:36 . 2008-10-17 18:45 <DIR> d-------- C:\Documents and Settings\Dave DeBruin\Application Data\Ahead
2008-10-17 10:35 . 2008-10-17 10:35 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ahead
2008-10-17 10:33 . 2008-10-17 10:33 <DIR> d-------- C:\Program Files\Nero
2008-10-17 10:33 . 2008-10-17 13:41 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-10-17 10:33 . 2008-10-17 13:42 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero
2008-10-17 10:28 . 2008-10-17 10:30 <DIR> d-------- C:\Temp
2008-10-17 10:27 . 2008-10-23 02:24 <DIR> d-------- C:\Program Files\lg_fwupdate
2008-10-17 10:27 . 1998-06-24 00:00 115,016 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-10-17 10:27 . 1998-07-22 00:00 102,912 --a------ C:\WINDOWS\system32\Vb6stkit.dll
2008-10-17 10:27 . 1998-07-22 00:00 102,160 --a------ C:\WINDOWS\system32\VB6KO.DLL
2008-10-17 10:27 . 2001-08-29 21:00 59,904 --a------ C:\WINDOWS\system32\wbemdisp.tlb
2008-10-17 10:27 . 2006-02-17 14:19 16,384 --a------ C:\WINDOWS\system32\lgfwunis.exe
2008-10-17 10:27 . 2008-10-23 02:24 265 --a------ C:\WINDOWS\lgfwup.ini
2008-10-17 10:20 . 2008-10-17 13:20 <DIR> d-------- C:\Program Files\CyberLink
2008-10-17 10:20 . 2007-01-08 22:17 27,168 --------- C:\WINDOWS\system32\msxml3a.dll
2008-10-17 03:04 . 2008-10-17 03:04 <DIR> d-------- C:\Program Files\cpkgiid
2008-10-17 03:04 . 2008-10-17 03:04 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\dqngtkfw
2008-10-17 03:04 . 2008-10-17 03:04 77,824 --a------ C:\WINDOWS\system32\xopgdyvy.exe
2008-10-17 01:30 . 2008-10-17 01:30 870,128 --a------ C:\WINDOWS\system32\mcs.rma
2008-10-17 01:30 . 2008-10-17 01:30 4 --a------ C:\WINDOWS\system32\DF77E9
2008-10-17 01:29 . 2008-10-17 01:29 8,413 --a------ C:\WINDOWS\system32\drivers\mcstrm.sys
2008-10-06 18:13 . 2008-10-06 18:13 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-10-06 18:13 . 2008-10-06 18:13 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2008-10-06 05:09 . 2008-10-06 05:11 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-10-05 11:28 . 2008-10-09 10:43 <DIR> d-------- C:\Program Files\Macromedia
2008-10-05 11:28 . 2008-10-05 11:28 <DIR> d-------- C:\Program Files\Common Files\Macromedia
2008-10-05 11:28 . 1997-02-27 13:00 247,808 --a------ C:\WINDOWS\system32\QTVRW32.QTC
2008-10-05 11:27 . 2008-10-05 11:27 <DIR> d-------- C:\Documents and Settings\Dave DeBruin\WINDOWS
2008-10-05 11:27 . 1997-01-18 09:40 299,520 --a------ C:\WINDOWS\uninst.exe
2008-10-05 09:56 . 1998-12-02 01:22 237 --a------ C:\WINDOWS\swacnfg.ini
2008-10-05 08:38 . 2008-10-05 08:38 <DIR> d-------- C:\Documents and Settings\Dave DeBruin\Application Data\LG Electronics
2008-10-05 08:16 . 2008-10-05 08:41 <DIR> d-------- C:\Program Files\LG PC Suite
2008-10-03 19:44 . 2008-10-03 19:44 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\FLEXnet
2008-10-03 19:29 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-10-03 19:29 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-10-03 18:15 . 2008-10-03 18:15 <DIR> d-------- C:\Program Files\Bonjour
2008-10-03 18:07 . 2008-10-03 18:07 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-10-01 16:48 . 2008-10-13 13:00 <DIR> d-------- C:\OutLawMusic2008
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-17 16:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-17 16:02 --------- d-----w C:\Program Files\Sonic
2008-10-09 12:19 --------- d-----w C:\Program Files\Common Files\Adobe
2008-10-07 00:14 --------- d-----w C:\Program Files\QuickTime
2008-10-06 10:35 --------- d-----w C:\Documents and Settings\Dave DeBruin\Application Data\nView_Wallpaper
2008-10-03 22:51 --------- d-----w C:\Program Files\Yahoo!
2008-10-03 10:30 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8
2008-09-30 07:38 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-09-22 23:39 --------- d-----w C:\Documents and Settings\Dave DeBruin\Application Data\AdobeUM
2008-09-20 08:13 --------- d-----w C:\Program Files\AudioLabel
2008-09-20 07:43 --------- d-----w C:\Program Files\BitTorrent Fastest Tool
2008-09-12 09:08 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-09-12 09:08 --------- d-----w C:\Program Files\ACD Systems
2008-09-10 09:09 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2008-09-04 02:44 --------- d-----w C:\Program Files\Solveig Multimedia
2008-09-04 02:42 --------- d-----w C:\Program Files\MSDN
2008-09-04 02:29 --------- d-----w C:\Program Files\Microsoft Visual Studio 9.0
2008-09-04 02:27 --------- d-----w C:\Program Files\MSBuild
2008-09-04 02:13 --------- d-----w C:\Program Files\Common Files\Merge Modules
2008-09-03 20:46 --------- d-----w C:\Documents and Settings\Dave DeBruin\Application Data\Apple Computer
2008-09-03 20:14 --------- d-----w C:\Documents and Settings\Dave DeBruin\Application Data\NoteTable
2008-08-28 16:59 --------- d-----w C:\Program Files\Business Objects
2008-08-28 16:56 --------- d-----w C:\Program Files\Microsoft.NET
2008-08-28 16:53 --------- d-----w C:\Program Files\MSXML 6.0
2008-08-28 16:49 --------- d-----w C:\Program Files\Microsoft Device Emulator
2008-08-28 16:48 --------- d-----w C:\Program Files\Windows Mobile 5.0 SDK R2
2008-08-28 16:46 --------- d-----w C:\Program Files\Microsoft Synchronization Services
2008-08-28 16:46 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-08-28 16:39 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\PreEmptive Solutions
2008-08-28 16:35 --------- d-----w C:\Program Files\HTML Help Workshop
2008-08-28 16:31 --------- d-----w C:\Program Files\Microsoft SDKs
2008-08-28 16:28 --------- d-----w C:\Program Files\Microsoft Web Designer Tools
2008-08-28 06:08 --------- d-----w C:\Program Files\Windows Media Components
2008-08-28 05:49 --------- d-----w C:\Program Files\Elecard
2008-08-28 05:49 --------- d-----w C:\Program Files\Common Files\Elecard
2008-08-27 13:49 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\NVIDIA
2008-08-27 13:47 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\nView_Profiles
2008-08-25 09:03 --------- d-----w C:\Program Files\MSXML 4.0
2008-08-24 20:38 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-08-24 16:28 --------- d-----w C:\Program Files\Pinnacle
2008-08-24 11:34 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Pinnacle Studio
2008-08-24 11:33 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Pinnacle
2008-08-24 11:10 --------- d-----w C:\Documents and Settings\Dave DeBruin\Application Data\InstallShield
2008-08-20 20:12 203,776 ----a-w C:\WINDOWS\system32\clrviddc.dll
2008-08-08 15:09 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-07-25 08:36 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-07-23 16:50 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-07-23 16:50 120,056 -c----w C:\WINDOWS\system32\pxcpyi64.exe
2008-07-23 16:50 118,520 -c----w C:\WINDOWS\system32\pxinsi64.exe
2008-07-23 16:48 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-07-23 16:48 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-07-23 16:46 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2005-11-08 18:43 271 --sh--w C:\Program Files\desktop.ini
2005-11-08 18:43 21,952 -c-ha-w C:\Program Files\folder.htt
2002-07-26 23:02 153,088 ----a-w C:\Program Files\UNWISE.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"LaunchList"="C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 145496]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-12-05 2295072]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-08 1235736]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 7700480]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-08-10 185896]
"USB2Check"="C:\WINDOWS\system32\PCLECoInst.dll" [2007-01-23 81920]
"USBToolTip"="C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"MimBoot"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mimboot.exe" [2005-01-18 11776]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-01-18 110592]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" [2008-10-17 548864]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [2007-11-26 1629480]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2007-11-26 1057064]
"NBKeyScan"="C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" [2007-09-17 1377576]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0\bin\jusched.exe" [2008-10-18 36972]
"C-Media Mixer"="Mixer.exe" [2002-10-15 C:\WINDOWS\mixer.exe]
"nwiz"="nwiz.exe" [2006-10-22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-10-22 C:\WINDOWS\system32\nvmctray.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"MAHC3SPcTh"="C:\Documents and Settings\All Users.WINDOWS\Application Data\dqngtkfw\nchsxmtq.exe" [2008-10-17 57344]
C:\Documents and Settings\Dave DeBruin\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2008-09-20 225280]
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2008-10-08 295606]
Adobe Acrobat Synchronizer.lnk - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-08-12 110592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SetHlp"= {755AF48E-1D7D-4E94-CEDA-009958966B24} - C:\Program Files\cpkgiid\SetHlp.dll [2008-10-17 102400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"VIDC.MJPG"= Pvmjpg30.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Expression\\Media 2\\Media.exe"= C:\\Program Files\\Microsoft Expression\\Media 2\\Media.exe
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\Adobe\\Adobe Flash CS3\\Flash.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6346:UDP"= 6346:UDP:Sharaza
R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-08-07 12936]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-08 97928]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-15 875288]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-08 231704]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-07 76040]
S3 PinnacleMarvinAVS;Pinnacle AVStream Service for MovieBox Deluxe, 500-USB and 700-USB;C:\WINDOWS\system32\DRIVERS\MarvinAVS.sys [2007-05-09 434176]
S4 cdawdm;CDAWDM;C:\WINDOWS\system32\DRIVERS\CDAWDM.sys [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\AutoRun\AutoRun.exe
*Newly Created Service* - PROCEXP90
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2008-10-20 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2008-10-23 C:\WINDOWS\Tasks\RegCure Program Check.job
- C:\Program Files\RegCure\RegCure.exe [2007-08-02 09:20]
2008-10-17 C:\WINDOWS\Tasks\RegCure.job
- C:\Program Files\RegCure\RegCure.exe [2007-08-02 09:20]
2008-10-23 C:\WINDOWS\Tasks\XoftSpySE 2.job
- C:\Program Files\XoftSpySE\XoftSpy.exe [2008-10-15 08:21]
2008-10-21 C:\WINDOWS\Tasks\XoftSpySE.job
- C:\Program Files\XoftSpySE\XoftSpy.exe [2008-10-15 08:21]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.Google.com
R0 -: HKLM-Main,Start Page = hxxp://www.Google.com
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 -: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 -: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Download with &Shareaza - C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: Open Picture in &Microsoft PhotoDraw - C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
O15 -: Trusted Zone: *.musicmatch.com
O15 -: Trusted Zone: *.musicmatch.com
O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
C:\WINDOWS\Downloaded Program Files\SysReqLab3.osd
C:\WINDOWS\Downloaded Program Files\sysreqlab3.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-23 02:45:44
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-10-23 2:50:02
ComboFix-quarantined-files.txt 2008-10-23 08:49:39
Pre-Run: 30,241,812,480 bytes free
Post-Run: 31,159,148,544 bytes free
253 --- E O F --- 2008-10-05 14:01:24
Occationally, AVG will pick up a Trojan and Teh Windows Security Alert pops up stll. The Trojan-Clecker.Win32.Tiony.h just poped up. I do not enable it, I close it from task manager.
pskelley
2008-10-23, 13:14
Dave? If we are to continue, you are going to have to read and follow the directions I post!
This is where the instructions say to run combofix from:
It is important that it is saved directly to your Desktop.
Download ComboFix from Here to your Desktop
This is where you installed it:
C:\Software Updates\VirusInfo\ComboFix-Malware&TrojanRemover\ComboFix.exe
Delete the copy of combofix completely from the computer, download it again and follow the directions this time.
Once you have the log from combofix running on the Desktop, these are the next directions to follow:
Post the uninstall list, the combofix log and a new HJT log.
Sorry about missing your directions on the last post. Hopefully, I've got what you need now.
Let me know if I've missed anything!
Dave
Uninstall list
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
ACDSee Pro 2.5
Adobe Color Common Settings
Adobe Creative Suite
Adobe ExtendScript Toolkit 2
Adobe Flash Player ActiveX
Adobe Reader 6.0
Adobe SVG Viewer 3.0
Apple Software Update
AudioLabel
AVG 8.0
Canon MP500
Crystal Reports Basic for Visual Studio 2008
CSS Menu Generator 3.4
DiscWizard for Windows
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DVD Suite
Elecard MPEG Player
Elecard MPEG-2 Decoder&Streaming Plug-in for WMP
GDR 3068 for SQL Server Database Services 2005 ENU (KB948109)
GDR 3068 for SQL Server Tools and Workstation Components 2005 ENU (KB948109)
Guitar Pro 5.0
HijackThis 2.0.2
Hotfix for Microsoft Visual Studio 2008 Standard Edition - ENU (KB952241)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Intel(R) 537 Modem
J2SE Runtime Environment 5.0
LG ODD Auto Firmware Update
LG PhoneManager
LG SyncManager
LightScribe System Software 1.10.27.1
Lyra DJ
Macromedia Director 6
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Device Emulator version 3.0 - ENU
Microsoft DirectX SDK (October 2006)
Microsoft Document Explorer 2008
Microsoft Document Explorer 2008
Microsoft Expression Blend 2
Microsoft Expression Blend 2
Microsoft Expression Design 2
Microsoft Expression Design 2
Microsoft Expression Encoder 2
Microsoft Expression Encoder 2
Microsoft Expression Media 2 SP1
Microsoft Expression Studio 2
Microsoft Expression Studio 2
Microsoft Expression Web
Microsoft Expression Web
Microsoft Expression Web 2
Microsoft Expression Web 2
Microsoft Expression Web 2 MUI (English)
Microsoft Expression Web MUI (English)
Microsoft Expression Web Service Pack 1 (SP1)
Microsoft Expression Web Service Pack 1 (SP1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office FrontPage 2003
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft PhotoDraw 2000 V2
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 ENU
Microsoft SQL Server Compact 3.5 for Devices ENU
Microsoft SQL Server Database Publishing Wizard 1.2
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2008 Standard Edition - ENU
Microsoft Visual Studio 2008 Standard Edition - ENU
Microsoft Visual Studio Web Authoring Component
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
Microsoft Windows SDK for Visual Studio 2008 Tools
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
MSDN Library for Visual Studio 2008 - ENU
MSDN Library for Visual Studio 2008 - ENU
MSN
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser
Musicmatch® Jukebox
Nero 7 Essentials
neroxml
NVIDIA Drivers
PCI Audio Driver
Pinnacle Instant DVD Recorder
PowerDVD
PowerProducer
QuickTime
RealPlayer
RegCure 1.5.0.0
SecurDisc Viewer
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Shareaza version 2.2.5.0
Sonic Foundry Acoustics Modeler DirectX Plug-In DEMO 1.0
Sony Noise Reduction Plug-In 2.0h
Sony Sound Forge 7.0
Sony Sound Forge 9.0
Spybot - Search & Destroy
Studio 11
System Requirements Lab
Update for Office 2007 (KB946691)
Update for Office 2007 (KB946691)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime
Windows Internet Explorer 7
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format 11 SDK
Windows Media Player 11
Windows Media Player 11
Windows Mobile 5.0 SDK R2 for Pocket PC
Windows Mobile 5.0 SDK R2 for Smartphone
Windows XP Service Pack 3
WinZip
XoftSpySE
Yahoo! Desktop Login
Combo Log
ComboFix 08-10-22.05 - Dave DeBruin 2008-10-23 9:46:02.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1033 [GMT -6:00]
Running from: C:\Documents and Settings\Dave DeBruin\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2008-09-23 to 2008-10-23 )))))))))))))))))))))))))))))))
.
2008-10-23 09:42 . 2008-10-23 09:42 81,920 --a------ C:\WINDOWS\system32\ixqnclmr.exe
2008-10-23 02:55 . 2008-10-23 02:55 81,920 --a------ C:\WINDOWS\system32\zmdsryne.exe
2008-10-23 02:02 . 2008-10-23 02:02 81,920 --a------ C:\WINDOWS\system32\nsbydanq.exe
2008-10-23 01:14 . 2008-10-23 01:14 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\CyberLink
2008-10-20 05:02 . 2008-10-20 05:02 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-18 13:03 . 2008-10-18 13:03 <DIR> d-------- C:\WINDOWS\Sun
2008-10-18 13:02 . 2008-10-18 13:02 <DIR> d-------- C:\Program Files\Java
2008-10-18 13:02 . 2008-10-18 13:02 49,262 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2008-10-18 13:01 . 2008-10-18 13:01 <DIR> d-------- C:\Program Files\Common Files\Java
2008-10-17 18:44 . 2008-10-17 18:44 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\LightScribe
2008-10-17 16:32 . 2008-10-17 16:32 86,016 --a------ C:\WINDOWS\system32\wvylkruv.exe
2008-10-17 16:23 . 2008-10-17 16:23 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\CyberLink
2008-10-17 15:31 . 2008-10-22 22:26 <DIR> d-------- C:\Documents and Settings\Dave DeBruin\Application Data\CyberLink
2008-10-17 15:30 . 2008-10-17 15:35 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\CyberLink
2008-10-17 14:18 . 2008-10-17 20:39 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-17 14:18 . 2008-10-18 01:13 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-10-17 13:53 . 2008-10-23 06:09 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-10-17 13:42 . 2008-10-23 01:12 <DIR> d-------- C:\MyWorks
2008-10-17 12:42 . 2008-10-17 13:41 <DIR> d-------- C:\Program Files\XoftSpySE
2008-10-17 12:12 . 2008-10-17 13:41 <DIR> d-------- C:\Program Files\RegCure
2008-10-17 10:37 . 2008-10-17 13:43 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2008-10-17 10:36 . 2008-10-17 18:45 <DIR> d-------- C:\Documents and Settings\Dave DeBruin\Application Data\Ahead
2008-10-17 10:35 . 2008-10-17 10:35 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ahead
2008-10-17 10:33 . 2008-10-17 10:33 <DIR> d-------- C:\Program Files\Nero
2008-10-17 10:33 . 2008-10-17 13:41 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-10-17 10:33 . 2008-10-17 13:42 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero
2008-10-17 10:28 . 2008-10-17 10:30 <DIR> d-------- C:\Temp
2008-10-17 10:27 . 2008-10-23 09:41 <DIR> d-------- C:\Program Files\lg_fwupdate
2008-10-17 10:27 . 1998-06-24 00:00 115,016 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-10-17 10:27 . 1998-07-22 00:00 102,912 --a------ C:\WINDOWS\system32\Vb6stkit.dll
2008-10-17 10:27 . 1998-07-22 00:00 102,160 --a------ C:\WINDOWS\system32\VB6KO.DLL
2008-10-17 10:27 . 2001-08-29 21:00 59,904 --a------ C:\WINDOWS\system32\wbemdisp.tlb
2008-10-17 10:27 . 2006-02-17 14:19 16,384 --a------ C:\WINDOWS\system32\lgfwunis.exe
2008-10-17 10:27 . 2008-10-23 09:41 265 --a------ C:\WINDOWS\lgfwup.ini
2008-10-17 10:20 . 2008-10-17 13:20 <DIR> d-------- C:\Program Files\CyberLink
2008-10-17 10:20 . 2007-01-08 22:17 27,168 --------- C:\WINDOWS\system32\msxml3a.dll
2008-10-17 03:04 . 2008-10-17 03:04 <DIR> d-------- C:\Program Files\cpkgiid
2008-10-17 03:04 . 2008-10-17 03:04 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\dqngtkfw
2008-10-17 03:04 . 2008-10-17 03:04 77,824 --a------ C:\WINDOWS\system32\xopgdyvy.exe
2008-10-17 01:30 . 2008-10-17 01:30 870,128 --a------ C:\WINDOWS\system32\mcs.rma
2008-10-17 01:30 . 2008-10-17 01:30 4 --a------ C:\WINDOWS\system32\DF77E9
2008-10-17 01:29 . 2008-10-17 01:29 8,413 --a------ C:\WINDOWS\system32\drivers\mcstrm.sys
2008-10-06 18:13 . 2008-10-06 18:13 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-10-06 18:13 . 2008-10-06 18:13 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2008-10-06 05:09 . 2008-10-06 05:11 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-10-05 11:28 . 2008-10-09 10:43 <DIR> d-------- C:\Program Files\Macromedia
2008-10-05 11:28 . 2008-10-05 11:28 <DIR> d-------- C:\Program Files\Common Files\Macromedia
2008-10-05 11:28 . 1997-02-27 13:00 247,808 --a------ C:\WINDOWS\system32\QTVRW32.QTC
2008-10-05 11:27 . 2008-10-05 11:27 <DIR> d-------- C:\Documents and Settings\Dave DeBruin\WINDOWS
2008-10-05 11:27 . 1997-01-18 09:40 299,520 --a------ C:\WINDOWS\uninst.exe
2008-10-05 09:56 . 1998-12-02 01:22 237 --a------ C:\WINDOWS\swacnfg.ini
2008-10-05 08:38 . 2008-10-05 08:38 <DIR> d-------- C:\Documents and Settings\Dave DeBruin\Application Data\LG Electronics
2008-10-05 08:16 . 2008-10-05 08:41 <DIR> d-------- C:\Program Files\LG PC Suite
2008-10-03 19:44 . 2008-10-03 19:44 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\FLEXnet
2008-10-03 19:29 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-10-03 19:29 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-10-01 16:48 . 2008-10-13 13:00 <DIR> d-------- C:\OutLawMusic2008
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-23 15:45 90,632 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-10-23 14:42 --------- d-----w C:\Program Files\Common Files\Adobe
2008-10-17 16:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-17 16:02 --------- d-----w C:\Program Files\Sonic
2008-10-07 00:14 --------- d-----w C:\Program Files\QuickTime
2008-10-06 10:35 --------- d-----w C:\Documents and Settings\Dave DeBruin\Application Data\nView_Wallpaper
2008-10-03 22:51 --------- d-----w C:\Program Files\Yahoo!
2008-10-03 10:30 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8
2008-09-30 07:38 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-09-22 23:39 --------- d-----w C:\Documents and Settings\Dave DeBruin\Application Data\AdobeUM
2008-09-20 08:13 --------- d-----w C:\Program Files\AudioLabel
2008-09-20 07:43 --------- d-----w C:\Program Files\BitTorrent Fastest Tool
2008-09-12 09:08 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-09-12 09:08 --------- d-----w C:\Program Files\ACD Systems
2008-09-10 09:09 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2008-09-04 02:44 --------- d-----w C:\Program Files\Solveig Multimedia
2008-09-04 02:42 --------- d-----w C:\Program Files\MSDN
2008-09-04 02:29 --------- d-----w C:\Program Files\Microsoft Visual Studio 9.0
2008-09-04 02:27 --------- d-----w C:\Program Files\MSBuild
2008-09-04 02:13 --------- d-----w C:\Program Files\Common Files\Merge Modules
2008-09-03 20:46 --------- d-----w C:\Documents and Settings\Dave DeBruin\Application Data\Apple Computer
2008-09-03 20:14 --------- d-----w C:\Documents and Settings\Dave DeBruin\Application Data\NoteTable
2008-08-28 16:59 --------- d-----w C:\Program Files\Business Objects
2008-08-28 16:56 --------- d-----w C:\Program Files\Microsoft.NET
2008-08-28 16:53 --------- d-----w C:\Program Files\MSXML 6.0
2008-08-28 16:49 --------- d-----w C:\Program Files\Microsoft Device Emulator
2008-08-28 16:48 --------- d-----w C:\Program Files\Windows Mobile 5.0 SDK R2
2008-08-28 16:46 --------- d-----w C:\Program Files\Microsoft Synchronization Services
2008-08-28 16:46 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-08-28 16:39 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\PreEmptive Solutions
2008-08-28 16:35 --------- d-----w C:\Program Files\HTML Help Workshop
2008-08-28 16:31 --------- d-----w C:\Program Files\Microsoft SDKs
2008-08-28 16:28 --------- d-----w C:\Program Files\Microsoft Web Designer Tools
2008-08-28 06:08 --------- d-----w C:\Program Files\Windows Media Components
2008-08-28 05:49 --------- d-----w C:\Program Files\Elecard
2008-08-28 05:49 --------- d-----w C:\Program Files\Common Files\Elecard
2008-08-27 13:49 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\NVIDIA
2008-08-27 13:47 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\nView_Profiles
2008-08-25 09:03 --------- d-----w C:\Program Files\MSXML 4.0
2008-08-24 20:38 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-08-24 16:28 --------- d-----w C:\Program Files\Pinnacle
2008-08-24 11:34 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Pinnacle Studio
2008-08-24 11:33 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Pinnacle
2008-08-24 11:10 --------- d-----w C:\Documents and Settings\Dave DeBruin\Application Data\InstallShield
2008-08-20 20:12 203,776 ----a-w C:\WINDOWS\system32\clrviddc.dll
2008-08-08 15:09 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-07-25 08:36 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-07-23 16:50 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-07-23 16:50 120,056 -c----w C:\WINDOWS\system32\pxcpyi64.exe
2008-07-23 16:50 118,520 -c----w C:\WINDOWS\system32\pxinsi64.exe
2008-07-23 16:48 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-07-23 16:48 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-07-23 16:46 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2005-11-08 18:43 271 --sh--w C:\Program Files\desktop.ini
2005-11-08 18:43 21,952 -c-ha-w C:\Program Files\folder.htt
2002-07-26 23:02 153,088 ----a-w C:\Program Files\UNWISE.EXE
.
((((((((((((((((((((((((((((( snapshot@2008-10-23_ 2.49.09.84 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-10 00:02:22 1,730,000 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-10-23 14:53:30 1,729,944 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2008-10-23 08:28:29 89,940 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-10-23 15:45:44 89,940 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-10-23 08:28:29 491,126 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-10-23 15:45:44 491,126 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"LaunchList"="C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 145496]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-12-05 2295072]
"actcmden"="C:\WINDOWS\system32\zmdsryne.exe" [2008-10-23 81920]
"aplen"="C:\WINDOWS\system32\ixqnclmr.exe" [2008-10-23 81920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-08 1235736]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 7700480]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-08-10 185896]
"USB2Check"="C:\WINDOWS\system32\PCLECoInst.dll" [2007-01-23 81920]
"USBToolTip"="C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"MimBoot"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mimboot.exe" [2005-01-18 11776]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-01-18 110592]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" [2008-10-17 548864]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [2007-11-26 1629480]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2007-11-26 1057064]
"NBKeyScan"="C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" [2007-09-17 1377576]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0\bin\jusched.exe" [2008-10-18 36972]
"C-Media Mixer"="Mixer.exe" [2002-10-15 C:\WINDOWS\mixer.exe]
"nwiz"="nwiz.exe" [2006-10-22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-10-22 C:\WINDOWS\system32\nvmctray.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"MAHC3SPcTh"="C:\Documents and Settings\All Users.WINDOWS\Application Data\dqngtkfw\nchsxmtq.exe" [2008-10-17 57344]
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-08-12 110592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SetHlp"= {755AF48E-1D7D-4E94-CEDA-009958966B24} - C:\Program Files\cpkgiid\SetHlp.dll [2008-10-17 102400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"VIDC.MJPG"= Pvmjpg30.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Expression\\Media 2\\Media.exe"= C:\\Program Files\\Microsoft Expression\\Media 2\\Media.exe
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6346:UDP"= 6346:UDP:Sharaza
R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-08-07 12936]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-08 97928]
R1 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-10-23 90632]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-15 875288]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-08 231704]
S3 PinnacleMarvinAVS;Pinnacle AVStream Service for MovieBox Deluxe, 500-USB and 700-USB;C:\WINDOWS\system32\DRIVERS\MarvinAVS.sys [2007-05-09 434176]
S4 cdawdm;CDAWDM;C:\WINDOWS\system32\DRIVERS\CDAWDM.sys [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\AutoRun\AutoRun.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2008-10-20 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2008-10-23 C:\WINDOWS\Tasks\RegCure Program Check.job
- C:\Program Files\RegCure\RegCure.exe [2007-08-02 09:20]
2008-10-23 C:\WINDOWS\Tasks\RegCure.job
- C:\Program Files\RegCure\RegCure.exe [2007-08-02 09:20]
2008-10-23 C:\WINDOWS\Tasks\XoftSpySE 2.job
- C:\Program Files\XoftSpySE\XoftSpy.exe [2008-10-15 08:21]
2008-10-21 C:\WINDOWS\Tasks\XoftSpySE.job
- C:\Program Files\XoftSpySE\XoftSpy.exe [2008-10-15 08:21]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.Google.com
R0 -: HKLM-Main,Start Page = hxxp://www.Google.com
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: Download with &Shareaza - C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: Open Picture in &Microsoft PhotoDraw - C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
O15 -: Trusted Zone: *.musicmatch.com
O15 -: Trusted Zone: *.musicmatch.com
O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
C:\WINDOWS\Downloaded Program Files\SysReqLab3.osd
C:\WINDOWS\Downloaded Program Files\sysreqlab3.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-23 09:50:33
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-10-23 9:56:36
ComboFix-quarantined-files.txt 2008-10-23 15:56:28
ComboFix2.txt 2008-10-23 08:50:04
Pre-Run: 31,941,992,448 bytes free
Post-Run: 31,935,897,600 bytes free
246 --- E O F --- 2008-10-05 14:01:24
Hijackthis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:59:03 AM, on 10/23/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Documents and Settings\All Users.WINDOWS\Application Data\dqngtkfw\nchsxmtq.exe
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\Plugins\RazaWebHook.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [MimBoot] C:\Program Files\Musicmatch\Musicmatch Jukebox\mimboot.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [actcmden] C:\WINDOWS\system32\zmdsryne.exe
O4 - HKCU\..\Run: [aplen] C:\WINDOWS\system32\ixqnclmr.exe
O4 - HKLM\..\Policies\Explorer\Run: [MAHC3SPcTh] C:\Documents and Settings\All Users.WINDOWS\Application Data\dqngtkfw\nchsxmtq.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1220455285503
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O21 - SSODL: SetHlp - {755AF48E-1D7D-4E94-CEDA-009958966B24} - C:\Program Files\cpkgiid\SetHlp.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 8940 bytes
pskelley
2008-10-23, 22:43
Uninstall list: I look for malware and security issues only. Hackers are using out of date programs to infect folks more and more,
**Here is a small free tool that lets you know when something needs an update if you are interested:
https://psi.secunia.com/ While PSI runs in the System Tray for realtime notifications, I personally prefer to turn it off in MSConfig and run it from All Programs when I want to do a check.
Adobe Reader 6.0 <<< out of date
http://www.filehippo.com/download_adobe_reader/
J2SE Runtime Environment 5.0 <<< out of date
http://forums.spybot.info/showpost.php?p=12880&postcount=2
RegCure 1.5.0.0 <<< for your information
http://forums.spybot.info/showthread.php?t=30113
Shareaza version 2.2.5.0 <<< uninstall all p2p programs
File Sharing, otherwise known as Peer To Peer. (P2P)
http://forums.spybot.info/showthread.php?t=282
If your helper detects the presence of such programs on your computer he/she will ask you to remove them. Help will be withdrawn should you not agree to their removal.
Read and follow all directions carefully and in the numbered order:
1) Please download ATF Cleaner by Atribune
http://www.atribune.org/public-beta/ATF-Cleaner.exe
Save it to your Desktop. We will use this later.
2) Open notepad and copy/paste the text in the codebox below into it:
File::
C:\WINDOWS\lgfwup.ini
C:\WINDOWS\system32\zmdsryne.exe
C:\WINDOWS\system32\ixqnclmr.exe
C:\WINDOWS\system32\nsbydanq.exe
C:\WINDOWS\system32\wvylkruv.exe
C:\WINDOWS\system32\lgfwunis.exe
C:\WINDOWS\system32\xopgdyvy.exe
Folder::
C:\Program Files\cpkgiid
C:\Documents and Settings\All Users.WINDOWS\Application Data\dqngtkfw
Save this as CFScript
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Referring to the picture above, drag CFScript into ComboFix.exe.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log. (wait until you finish to post the logs)
3) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\Plugins\RazaWebHook.dll
O4 - HKCU\..\Run: [actcmden] C:\WINDOWS\system32\zmdsryne.exe
O4 - HKCU\..\Run: [aplen] C:\WINDOWS\system32\ixqnclmr.exe
O4 - HKLM\..\Policies\Explorer\Run: [MAHC3SPcTh] C:\Documents and Settings\All Users.WINDOWS\Application Data\dqngtkfw\nchsxmtq.exe
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O21 - SSODL: SetHlp - {755AF48E-1D7D-4E94-CEDA-009958966B24} - C:\Program Files\cpkgiid\SetHlp.dll
Close all programs but HJT and all browser windows, then click on "Fix Checked"
4) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.
*Cleaning Prefetch may result in a few slow starts until the folder is repopulated:
http://www.windowsnetworking.com/articles_tutorials/Gaining-Speed-Empty-Prefetch-XP.html
5) Download Malwarebytes' Anti-Malware to your Desktop
http://www.besttechie.net/tools/mbam-setup.exe
* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
* Please post the log from CFScript, the log from MBAM and a new HJT log.
How is the computer running now?
Thanks
I ran the removals you recommended with the Combo Fix, and it seems to have removed the majority of the problems. However, I click multiple times before and after a reboot to download the ATF-cleaner.exe. It appears to be a bad link(it's in a beta directory). I am able to use my brower to browse the internet with no problems, so I'm assuming it's a bad link.
As a result I didn't go past that step in your list. Here is a copy of the combofix scan and a New HJT scan. I also removed Shareaza. In addition I ran Spybot - Search and Distroy and had no errors.
Things seem to be like new. Should I continue to the ATF-Cleaner.exe and the two steps following it. I will need a working link to the correct version of the ATFCleaner if so.
ComboFix log
ComboFix 08-10-22.05 - Dave DeBruin 2008-10-23 20:17:13.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.973 [GMT -6:00]
Running from: C:\Documents and Settings\Dave DeBruin\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Dave DeBruin\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\WINDOWS\lgfwup.ini
C:\WINDOWS\system32\ixqnclmr.exe
C:\WINDOWS\system32\lgfwunis.exe
C:\WINDOWS\system32\nsbydanq.exe
C:\WINDOWS\system32\wvylkruv.exe
C:\WINDOWS\system32\xopgdyvy.exe
C:\WINDOWS\system32\zmdsryne.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users.WINDOWS\Application Data\dqngtkfw
C:\Documents and Settings\All Users.WINDOWS\Application Data\dqngtkfw\nchsxmtq.exe
C:\Program Files\cpkgiid
C:\Program Files\cpkgiid\SetHlp.dll
C:\WINDOWS\lgfwup.ini
C:\WINDOWS\system32\ixqnclmr.exe
C:\WINDOWS\system32\lgfwunis.exe
C:\WINDOWS\system32\nsbydanq.exe
C:\WINDOWS\system32\wvylkruv.exe
C:\WINDOWS\system32\xopgdyvy.exe
C:\WINDOWS\system32\zmdsryne.exe
.
((((((((((((((((((((((((( Files Created from 2008-09-24 to 2008-10-24 )))))))))))))))))))))))))))))))
.
2008-10-23 14:26 . 2008-10-23 14:26 <DIR> d-------- C:\Program Files\Viewpoint
2008-10-23 14:26 . 2008-10-23 14:26 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint
2008-10-23 14:26 . 2008-10-23 14:26 37,027 --a------ C:\WINDOWS\atmoUn.exe
2008-10-23 01:14 . 2008-10-23 01:14 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\CyberLink
2008-10-20 05:02 . 2008-10-20 05:02 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-18 13:03 . 2008-10-18 13:03 <DIR> d-------- C:\WINDOWS\Sun
2008-10-18 13:02 . 2008-10-18 13:02 <DIR> d-------- C:\Program Files\Java
2008-10-18 13:02 . 2008-10-18 13:02 49,262 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2008-10-18 13:01 . 2008-10-18 13:01 <DIR> d-------- C:\Program Files\Common Files\Java
2008-10-17 18:44 . 2008-10-17 18:44 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\LightScribe
2008-10-17 16:23 . 2008-10-17 16:23 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\CyberLink
2008-10-17 15:31 . 2008-10-22 22:26 <DIR> d-------- C:\Documents and Settings\Dave DeBruin\Application Data\CyberLink
2008-10-17 15:30 . 2008-10-17 15:35 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\CyberLink
2008-10-17 14:18 . 2008-10-17 20:39 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-17 14:18 . 2008-10-18 01:13 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-10-17 13:53 . 2008-10-23 15:48 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-10-17 13:42 . 2008-10-23 01:12 <DIR> d-------- C:\MyWorks
2008-10-17 12:42 . 2008-10-17 13:41 <DIR> d-------- C:\Program Files\XoftSpySE
2008-10-17 12:12 . 2008-10-17 13:41 <DIR> d-------- C:\Program Files\RegCure
2008-10-17 10:37 . 2008-10-17 13:43 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2008-10-17 10:36 . 2008-10-17 18:45 <DIR> d-------- C:\Documents and Settings\Dave DeBruin\Application Data\Ahead
2008-10-17 10:35 . 2008-10-17 10:35 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ahead
2008-10-17 10:33 . 2008-10-17 10:33 <DIR> d-------- C:\Program Files\Nero
2008-10-17 10:33 . 2008-10-17 13:41 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-10-17 10:33 . 2008-10-17 13:42 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero
2008-10-17 10:28 . 2008-10-17 10:30 <DIR> d-------- C:\Temp
2008-10-17 10:27 . 2008-10-23 09:41 <DIR> d-------- C:\Program Files\lg_fwupdate
2008-10-17 10:27 . 1998-06-24 00:00 115,016 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-10-17 10:27 . 1998-07-22 00:00 102,912 --a------ C:\WINDOWS\system32\Vb6stkit.dll
2008-10-17 10:27 . 1998-07-22 00:00 102,160 --a------ C:\WINDOWS\system32\VB6KO.DLL
2008-10-17 10:27 . 2001-08-29 21:00 59,904 --a------ C:\WINDOWS\system32\wbemdisp.tlb
2008-10-17 10:20 . 2008-10-17 13:20 <DIR> d-------- C:\Program Files\CyberLink
2008-10-17 10:20 . 2007-01-08 22:17 27,168 --------- C:\WINDOWS\system32\msxml3a.dll
2008-10-17 01:30 . 2008-10-17 01:30 870,128 --a------ C:\WINDOWS\system32\mcs.rma
2008-10-17 01:30 . 2008-10-17 01:30 4 --a------ C:\WINDOWS\system32\DF77E9
2008-10-17 01:29 . 2008-10-17 01:29 8,413 --a------ C:\WINDOWS\system32\drivers\mcstrm.sys
2008-10-06 18:13 . 2008-10-06 18:13 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-10-06 18:13 . 2008-10-06 18:13 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2008-10-06 05:09 . 2008-10-06 05:11 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-10-05 11:28 . 2008-10-09 10:43 <DIR> d-------- C:\Program Files\Macromedia
2008-10-05 11:28 . 2008-10-05 11:28 <DIR> d-------- C:\Program Files\Common Files\Macromedia
2008-10-05 11:28 . 1997-02-27 13:00 247,808 --a------ C:\WINDOWS\system32\QTVRW32.QTC
2008-10-05 11:27 . 2008-10-05 11:27 <DIR> d-------- C:\Documents and Settings\Dave DeBruin\WINDOWS
2008-10-05 11:27 . 1997-01-18 09:40 299,520 --a------ C:\WINDOWS\uninst.exe
2008-10-05 09:56 . 1998-12-02 01:22 237 --a------ C:\WINDOWS\swacnfg.ini
2008-10-05 08:38 . 2008-10-05 08:38 <DIR> d-------- C:\Documents and Settings\Dave DeBruin\Application Data\LG Electronics
2008-10-05 08:16 . 2008-10-05 08:41 <DIR> d-------- C:\Program Files\LG PC Suite
2008-10-03 19:44 . 2008-10-03 19:44 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\FLEXnet
2008-10-03 19:29 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-10-03 19:29 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-10-01 16:48 . 2008-10-13 13:00 <DIR> d-------- C:\OutLawMusic2008
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-23 20:26 --------- d-----w C:\Documents and Settings\Dave DeBruin\Application Data\AdobeUM
2008-10-23 19:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-23 19:49 --------- d-----w C:\Program Files\Common Files\Adobe
2008-10-23 15:45 90,632 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-10-17 16:02 --------- d-----w C:\Program Files\Sonic
2008-10-07 00:14 --------- d-----w C:\Program Files\QuickTime
2008-10-06 10:35 --------- d-----w C:\Documents and Settings\Dave DeBruin\Application Data\nView_Wallpaper
2008-10-03 22:51 --------- d-----w C:\Program Files\Yahoo!
2008-10-03 10:30 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8
2008-09-30 07:38 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-09-20 08:13 --------- d-----w C:\Program Files\AudioLabel
2008-09-20 07:43 --------- d-----w C:\Program Files\BitTorrent Fastest Tool
2008-09-12 09:08 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-09-12 09:08 --------- d-----w C:\Program Files\ACD Systems
2008-09-10 09:09 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2008-09-04 02:44 --------- d-----w C:\Program Files\Solveig Multimedia
2008-09-04 02:42 --------- d-----w C:\Program Files\MSDN
2008-09-04 02:29 --------- d-----w C:\Program Files\Microsoft Visual Studio 9.0
2008-09-04 02:27 --------- d-----w C:\Program Files\MSBuild
2008-09-04 02:13 --------- d-----w C:\Program Files\Common Files\Merge Modules
2008-09-03 20:46 --------- d-----w C:\Documents and Settings\Dave DeBruin\Application Data\Apple Computer
2008-09-03 20:14 --------- d-----w C:\Documents and Settings\Dave DeBruin\Application Data\NoteTable
2008-08-28 16:59 --------- d-----w C:\Program Files\Business Objects
2008-08-28 16:56 --------- d-----w C:\Program Files\Microsoft.NET
2008-08-28 16:53 --------- d-----w C:\Program Files\MSXML 6.0
2008-08-28 16:49 --------- d-----w C:\Program Files\Microsoft Device Emulator
2008-08-28 16:48 --------- d-----w C:\Program Files\Windows Mobile 5.0 SDK R2
2008-08-28 16:46 --------- d-----w C:\Program Files\Microsoft Synchronization Services
2008-08-28 16:46 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-08-28 16:39 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\PreEmptive Solutions
2008-08-28 16:35 --------- d-----w C:\Program Files\HTML Help Workshop
2008-08-28 16:31 --------- d-----w C:\Program Files\Microsoft SDKs
2008-08-28 16:28 --------- d-----w C:\Program Files\Microsoft Web Designer Tools
2008-08-28 06:08 --------- d-----w C:\Program Files\Windows Media Components
2008-08-28 05:49 --------- d-----w C:\Program Files\Elecard
2008-08-28 05:49 --------- d-----w C:\Program Files\Common Files\Elecard
2008-08-27 13:49 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\NVIDIA
2008-08-27 13:47 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\nView_Profiles
2008-08-25 09:03 --------- d-----w C:\Program Files\MSXML 4.0
2008-08-24 20:38 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-08-24 16:28 --------- d-----w C:\Program Files\Pinnacle
2008-08-24 11:34 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Pinnacle Studio
2008-08-24 11:33 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Pinnacle
2008-08-24 11:10 --------- d-----w C:\Documents and Settings\Dave DeBruin\Application Data\InstallShield
2008-08-20 20:12 203,776 ----a-w C:\WINDOWS\system32\clrviddc.dll
2008-08-08 15:09 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-07-25 08:36 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2005-11-08 18:43 271 --sh--w C:\Program Files\desktop.ini
2005-11-08 18:43 21,952 -c-ha-w C:\Program Files\folder.htt
2002-07-26 23:02 153,088 ----a-w C:\Program Files\UNWISE.EXE
.
((((((((((((((((((((((((((((( snapshot@2008-10-23_ 2.49.09.84 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-23 20:26:29 23,558 ----a-r C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000001}\ARPPRODUCTICON.exe
- 2006-09-29 12:56:38 28,248 ----a-r C:\WINDOWS\system32\AdobePDF.dll
+ 2003-05-15 07:32:58 21,099 ----a-w C:\WINDOWS\system32\AdobePDF.dll
- 2008-10-10 00:02:22 1,730,000 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-10-23 14:53:30 1,729,944 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2008-10-23 08:28:29 89,940 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-10-23 15:45:44 89,940 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-10-23 08:28:29 491,126 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-10-23 15:45:44 491,126 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2003-05-15 07:02:40 10,809 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\AD2KREGP.DLL
+ 2003-05-15 06:55:54 114,688 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\AD2KUIGP.DLL
- 2003-05-05 22:47:20 129,024 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\Ps5ui.dll
+ 2002-10-07 00:11:48 129,024 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\Ps5ui.dll
- 2003-05-05 22:47:20 455,168 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\PSCRIPT5.DLL
+ 2002-10-07 00:11:48 455,168 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\PSCRIPT5.DLL
+ 2003-05-15 07:02:40 10,809 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\ad2kregp.dll
+ 2003-11-03 22:25:12 114,688 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\ad2kuigp.dll
- 2003-05-05 22:47:20 129,024 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\PS5UI.DLL
+ 2002-10-07 00:11:48 129,024 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\ps5ui.dll
- 2003-05-05 22:47:20 455,168 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\PSCRIPT5.DLL
+ 2002-10-07 00:11:48 455,168 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\pscript5.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"LaunchList"="C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 145496]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-12-05 2295072]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-08 1235736]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 7700480]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-08-10 185896]
"USB2Check"="C:\WINDOWS\system32\PCLECoInst.dll" [2007-01-23 81920]
"USBToolTip"="C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"MimBoot"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mimboot.exe" [2005-01-18 11776]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-01-18 110592]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" [2008-10-17 548864]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [2007-11-26 1629480]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2007-11-26 1057064]
"NBKeyScan"="C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" [2007-09-17 1377576]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0\bin\jusched.exe" [2008-10-18 36972]
"C-Media Mixer"="Mixer.exe" [2002-10-15 C:\WINDOWS\mixer.exe]
"nwiz"="nwiz.exe" [2006-10-22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-10-22 C:\WINDOWS\system32\nvmctray.dll]
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-08-12 110592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"VIDC.MJPG"= Pvmjpg30.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Expression\\Media 2\\Media.exe"= C:\\Program Files\\Microsoft Expression\\Media 2\\Media.exe
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6346:UDP"= 6346:UDP:Sharaza
R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-08-07 12936]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-08 97928]
R1 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-10-23 90632]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-15 875288]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-08 231704]
S3 PinnacleMarvinAVS;Pinnacle AVStream Service for MovieBox Deluxe, 500-USB and 700-USB;C:\WINDOWS\system32\DRIVERS\MarvinAVS.sys [2007-05-09 434176]
S4 cdawdm;CDAWDM;C:\WINDOWS\system32\DRIVERS\CDAWDM.sys [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\AutoRun\AutoRun.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2008-10-20 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2008-10-23 C:\WINDOWS\Tasks\RegCure Program Check.job
- C:\Program Files\RegCure\RegCure.exe [2007-08-02 09:20]
2008-10-23 C:\WINDOWS\Tasks\RegCure.job
- C:\Program Files\RegCure\RegCure.exe [2007-08-02 09:20]
2008-10-23 C:\WINDOWS\Tasks\XoftSpySE 2.job
- C:\Program Files\XoftSpySE\XoftSpy.exe [2008-10-15 08:21]
2008-10-21 C:\WINDOWS\Tasks\XoftSpySE.job
- C:\Program Files\XoftSpySE\XoftSpy.exe [2008-10-15 08:21]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-actcmden - C:\WINDOWS\system32\zmdsryne.exe
HKCU-Run-aplen - C:\WINDOWS\system32\ixqnclmr.exe
HKLM-Explorer_Run-MAHC3SPcTh - C:\Documents and Settings\All Users.WINDOWS\Application Data\dqngtkfw\nchsxmtq.exe
SSODL-SetHlp-{755AF48E-1D7D-4E94-CEDA-009958966B24} - C:\Program Files\cpkgiid\SetHlp.dll
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-23 20:22:13
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-10-23 20:26:35
ComboFix-quarantined-files.txt 2008-10-24 02:26:13
ComboFix2.txt 2008-10-23 15:56:37
ComboFix3.txt 2008-10-23 08:50:04
Pre-Run: 31,031,017,472 bytes free
Post-Run: 31,028,609,024 bytes free
258 --- E O F --- 2008-10-05 14:01:24
HiJackThis Log
ComboFix 08-10-22.05 - Dave DeBruin 2008-10-23 20:17:13.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.973 [GMT -6:00]
Running from: C:\Documents and Settings\Dave DeBruin\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Dave DeBruin\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\WINDOWS\lgfwup.ini
C:\WINDOWS\system32\ixqnclmr.exe
C:\WINDOWS\system32\lgfwunis.exe
C:\WINDOWS\system32\nsbydanq.exe
C:\WINDOWS\system32\wvylkruv.exe
C:\WINDOWS\system32\xopgdyvy.exe
C:\WINDOWS\system32\zmdsryne.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users.WINDOWS\Application Data\dqngtkfw
C:\Documents and Settings\All Users.WINDOWS\Application Data\dqngtkfw\nchsxmtq.exe
C:\Program Files\cpkgiid
C:\Program Files\cpkgiid\SetHlp.dll
C:\WINDOWS\lgfwup.ini
C:\WINDOWS\system32\ixqnclmr.exe
C:\WINDOWS\system32\lgfwunis.exe
C:\WINDOWS\system32\nsbydanq.exe
C:\WINDOWS\system32\wvylkruv.exe
C:\WINDOWS\system32\xopgdyvy.exe
C:\WINDOWS\system32\zmdsryne.exe
.
((((((((((((((((((((((((( Files Created from 2008-09-24 to 2008-10-24 )))))))))))))))))))))))))))))))
.
2008-10-23 14:26 . 2008-10-23 14:26 <DIR> d-------- C:\Program Files\Viewpoint
2008-10-23 14:26 . 2008-10-23 14:26 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint
2008-10-23 14:26 . 2008-10-23 14:26 37,027 --a------ C:\WINDOWS\atmoUn.exe
2008-10-23 01:14 . 2008-10-23 01:14 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\CyberLink
2008-10-20 05:02 . 2008-10-20 05:02 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-18 13:03 . 2008-10-18 13:03 <DIR> d-------- C:\WINDOWS\Sun
2008-10-18 13:02 . 2008-10-18 13:02 <DIR> d-------- C:\Program Files\Java
2008-10-18 13:02 . 2008-10-18 13:02 49,262 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2008-10-18 13:01 . 2008-10-18 13:01 <DIR> d-------- C:\Program Files\Common Files\Java
2008-10-17 18:44 . 2008-10-17 18:44 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\LightScribe
2008-10-17 16:23 . 2008-10-17 16:23 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\CyberLink
2008-10-17 15:31 . 2008-10-22 22:26 <DIR> d-------- C:\Documents and Settings\Dave DeBruin\Application Data\CyberLink
2008-10-17 15:30 . 2008-10-17 15:35 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\CyberLink
2008-10-17 14:18 . 2008-10-17 20:39 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-17 14:18 . 2008-10-18 01:13 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-10-17 13:53 . 2008-10-23 15:48 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-10-17 13:42 . 2008-10-23 01:12 <DIR> d-------- C:\MyWorks
2008-10-17 12:42 . 2008-10-17 13:41 <DIR> d-------- C:\Program Files\XoftSpySE
2008-10-17 12:12 . 2008-10-17 13:41 <DIR> d-------- C:\Program Files\RegCure
2008-10-17 10:37 . 2008-10-17 13:43 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2008-10-17 10:36 . 2008-10-17 18:45 <DIR> d-------- C:\Documents and Settings\Dave DeBruin\Application Data\Ahead
2008-10-17 10:35 . 2008-10-17 10:35 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ahead
2008-10-17 10:33 . 2008-10-17 10:33 <DIR> d-------- C:\Program Files\Nero
2008-10-17 10:33 . 2008-10-17 13:41 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-10-17 10:33 . 2008-10-17 13:42 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero
2008-10-17 10:28 . 2008-10-17 10:30 <DIR> d-------- C:\Temp
2008-10-17 10:27 . 2008-10-23 09:41 <DIR> d-------- C:\Program Files\lg_fwupdate
2008-10-17 10:27 . 1998-06-24 00:00 115,016 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-10-17 10:27 . 1998-07-22 00:00 102,912 --a------ C:\WINDOWS\system32\Vb6stkit.dll
2008-10-17 10:27 . 1998-07-22 00:00 102,160 --a------ C:\WINDOWS\system32\VB6KO.DLL
2008-10-17 10:27 . 2001-08-29 21:00 59,904 --a------ C:\WINDOWS\system32\wbemdisp.tlb
2008-10-17 10:20 . 2008-10-17 13:20 <DIR> d-------- C:\Program Files\CyberLink
2008-10-17 10:20 . 2007-01-08 22:17 27,168 --------- C:\WINDOWS\system32\msxml3a.dll
2008-10-17 01:30 . 2008-10-17 01:30 870,128 --a------ C:\WINDOWS\system32\mcs.rma
2008-10-17 01:30 . 2008-10-17 01:30 4 --a------ C:\WINDOWS\system32\DF77E9
2008-10-17 01:29 . 2008-10-17 01:29 8,413 --a------ C:\WINDOWS\system32\drivers\mcstrm.sys
2008-10-06 18:13 . 2008-10-06 18:13 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-10-06 18:13 . 2008-10-06 18:13 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2008-10-06 05:09 . 2008-10-06 05:11 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-10-05 11:28 . 2008-10-09 10:43 <DIR> d-------- C:\Program Files\Macromedia
2008-10-05 11:28 . 2008-10-05 11:28 <DIR> d-------- C:\Program Files\Common Files\Macromedia
2008-10-05 11:28 . 1997-02-27 13:00 247,808 --a------ C:\WINDOWS\system32\QTVRW32.QTC
2008-10-05 11:27 . 2008-10-05 11:27 <DIR> d-------- C:\Documents and Settings\Dave DeBruin\WINDOWS
2008-10-05 11:27 . 1997-01-18 09:40 299,520 --a------ C:\WINDOWS\uninst.exe
2008-10-05 09:56 . 1998-12-02 01:22 237 --a------ C:\WINDOWS\swacnfg.ini
2008-10-05 08:38 . 2008-10-05 08:38 <DIR> d-------- C:\Documents and Settings\Dave DeBruin\Application Data\LG Electronics
2008-10-05 08:16 . 2008-10-05 08:41 <DIR> d-------- C:\Program Files\LG PC Suite
2008-10-03 19:44 . 2008-10-03 19:44 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\FLEXnet
2008-10-03 19:29 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-10-03 19:29 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-10-01 16:48 . 2008-10-13 13:00 <DIR> d-------- C:\OutLawMusic2008
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-23 20:26 --------- d-----w C:\Documents and Settings\Dave DeBruin\Application Data\AdobeUM
2008-10-23 19:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-23 19:49 --------- d-----w C:\Program Files\Common Files\Adobe
2008-10-23 15:45 90,632 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-10-17 16:02 --------- d-----w C:\Program Files\Sonic
2008-10-07 00:14 --------- d-----w C:\Program Files\QuickTime
2008-10-06 10:35 --------- d-----w C:\Documents and Settings\Dave DeBruin\Application Data\nView_Wallpaper
2008-10-03 22:51 --------- d-----w C:\Program Files\Yahoo!
2008-10-03 10:30 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8
2008-09-30 07:38 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-09-20 08:13 --------- d-----w C:\Program Files\AudioLabel
2008-09-20 07:43 --------- d-----w C:\Program Files\BitTorrent Fastest Tool
2008-09-12 09:08 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-09-12 09:08 --------- d-----w C:\Program Files\ACD Systems
2008-09-10 09:09 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2008-09-04 02:44 --------- d-----w C:\Program Files\Solveig Multimedia
2008-09-04 02:42 --------- d-----w C:\Program Files\MSDN
2008-09-04 02:29 --------- d-----w C:\Program Files\Microsoft Visual Studio 9.0
2008-09-04 02:27 --------- d-----w C:\Program Files\MSBuild
2008-09-04 02:13 --------- d-----w C:\Program Files\Common Files\Merge Modules
2008-09-03 20:46 --------- d-----w C:\Documents and Settings\Dave DeBruin\Application Data\Apple Computer
2008-09-03 20:14 --------- d-----w C:\Documents and Settings\Dave DeBruin\Application Data\NoteTable
2008-08-28 16:59 --------- d-----w C:\Program Files\Business Objects
2008-08-28 16:56 --------- d-----w C:\Program Files\Microsoft.NET
2008-08-28 16:53 --------- d-----w C:\Program Files\MSXML 6.0
2008-08-28 16:49 --------- d-----w C:\Program Files\Microsoft Device Emulator
2008-08-28 16:48 --------- d-----w C:\Program Files\Windows Mobile 5.0 SDK R2
2008-08-28 16:46 --------- d-----w C:\Program Files\Microsoft Synchronization Services
2008-08-28 16:46 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-08-28 16:39 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\PreEmptive Solutions
2008-08-28 16:35 --------- d-----w C:\Program Files\HTML Help Workshop
2008-08-28 16:31 --------- d-----w C:\Program Files\Microsoft SDKs
2008-08-28 16:28 --------- d-----w C:\Program Files\Microsoft Web Designer Tools
2008-08-28 06:08 --------- d-----w C:\Program Files\Windows Media Components
2008-08-28 05:49 --------- d-----w C:\Program Files\Elecard
2008-08-28 05:49 --------- d-----w C:\Program Files\Common Files\Elecard
2008-08-27 13:49 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\NVIDIA
2008-08-27 13:47 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\nView_Profiles
2008-08-25 09:03 --------- d-----w C:\Program Files\MSXML 4.0
2008-08-24 20:38 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-08-24 16:28 --------- d-----w C:\Program Files\Pinnacle
2008-08-24 11:34 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Pinnacle Studio
2008-08-24 11:33 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Pinnacle
2008-08-24 11:10 --------- d-----w C:\Documents and Settings\Dave DeBruin\Application Data\InstallShield
2008-08-20 20:12 203,776 ----a-w C:\WINDOWS\system32\clrviddc.dll
2008-08-08 15:09 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-07-25 08:36 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2005-11-08 18:43 271 --sh--w C:\Program Files\desktop.ini
2005-11-08 18:43 21,952 -c-ha-w C:\Program Files\folder.htt
2002-07-26 23:02 153,088 ----a-w C:\Program Files\UNWISE.EXE
.
((((((((((((((((((((((((((((( snapshot@2008-10-23_ 2.49.09.84 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-23 20:26:29 23,558 ----a-r C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000001}\ARPPRODUCTICON.exe
- 2006-09-29 12:56:38 28,248 ----a-r C:\WINDOWS\system32\AdobePDF.dll
+ 2003-05-15 07:32:58 21,099 ----a-w C:\WINDOWS\system32\AdobePDF.dll
- 2008-10-10 00:02:22 1,730,000 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-10-23 14:53:30 1,729,944 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2008-10-23 08:28:29 89,940 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-10-23 15:45:44 89,940 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-10-23 08:28:29 491,126 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-10-23 15:45:44 491,126 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2003-05-15 07:02:40 10,809 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\AD2KREGP.DLL
+ 2003-05-15 06:55:54 114,688 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\AD2KUIGP.DLL
- 2003-05-05 22:47:20 129,024 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\Ps5ui.dll
+ 2002-10-07 00:11:48 129,024 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\Ps5ui.dll
- 2003-05-05 22:47:20 455,168 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\PSCRIPT5.DLL
+ 2002-10-07 00:11:48 455,168 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\PSCRIPT5.DLL
+ 2003-05-15 07:02:40 10,809 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\ad2kregp.dll
+ 2003-11-03 22:25:12 114,688 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\ad2kuigp.dll
- 2003-05-05 22:47:20 129,024 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\PS5UI.DLL
+ 2002-10-07 00:11:48 129,024 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\ps5ui.dll
- 2003-05-05 22:47:20 455,168 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\PSCRIPT5.DLL
+ 2002-10-07 00:11:48 455,168 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\pscript5.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"LaunchList"="C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 145496]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-12-05 2295072]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-08 1235736]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 7700480]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-08-10 185896]
"USB2Check"="C:\WINDOWS\system32\PCLECoInst.dll" [2007-01-23 81920]
"USBToolTip"="C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"MimBoot"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mimboot.exe" [2005-01-18 11776]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-01-18 110592]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" [2008-10-17 548864]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [2007-11-26 1629480]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2007-11-26 1057064]
"NBKeyScan"="C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" [2007-09-17 1377576]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0\bin\jusched.exe" [2008-10-18 36972]
"C-Media Mixer"="Mixer.exe" [2002-10-15 C:\WINDOWS\mixer.exe]
"nwiz"="nwiz.exe" [2006-10-22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-10-22 C:\WINDOWS\system32\nvmctray.dll]
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-08-12 110592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"VIDC.MJPG"= Pvmjpg30.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Expression\\Media 2\\Media.exe"= C:\\Program Files\\Microsoft Expression\\Media 2\\Media.exe
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6346:UDP"= 6346:UDP:Sharaza
R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-08-07 12936]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-08 97928]
R1 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-10-23 90632]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-15 875288]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-08 231704]
S3 PinnacleMarvinAVS;Pinnacle AVStream Service for MovieBox Deluxe, 500-USB and 700-USB;C:\WINDOWS\system32\DRIVERS\MarvinAVS.sys [2007-05-09 434176]
S4 cdawdm;CDAWDM;C:\WINDOWS\system32\DRIVERS\CDAWDM.sys [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\AutoRun\AutoRun.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2008-10-20 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2008-10-23 C:\WINDOWS\Tasks\RegCure Program Check.job
- C:\Program Files\RegCure\RegCure.exe [2007-08-02 09:20]
2008-10-23 C:\WINDOWS\Tasks\RegCure.job
- C:\Program Files\RegCure\RegCure.exe [2007-08-02 09:20]
2008-10-23 C:\WINDOWS\Tasks\XoftSpySE 2.job
- C:\Program Files\XoftSpySE\XoftSpy.exe [2008-10-15 08:21]
2008-10-21 C:\WINDOWS\Tasks\XoftSpySE.job
- C:\Program Files\XoftSpySE\XoftSpy.exe [2008-10-15 08:21]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-actcmden - C:\WINDOWS\system32\zmdsryne.exe
HKCU-Run-aplen - C:\WINDOWS\system32\ixqnclmr.exe
HKLM-Explorer_Run-MAHC3SPcTh - C:\Documents and Settings\All Users.WINDOWS\Application Data\dqngtkfw\nchsxmtq.exe
SSODL-SetHlp-{755AF48E-1D7D-4E94-CEDA-009958966B24} - C:\Program Files\cpkgiid\SetHlp.dll
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-23 20:22:13
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-10-23 20:26:35
ComboFix-quarantined-files.txt 2008-10-24 02:26:13
ComboFix2.txt 2008-10-23 15:56:37
ComboFix3.txt 2008-10-23 08:50:04
Pre-Run: 31,031,017,472 bytes free
Post-Run: 31,028,609,024 bytes free
258 --- E O F --- 2008-10-05 14:01:24
pskelley
2008-10-24, 14:30
Thanks for returning your information and the feedback. I just clicked on this link: http://www.atribune.org/public-beta/ATF-Cleaner.exe
and it is working fine, perhaps the site was down at the time you tried. You can also use clean manager: http://spyware-free.us/tutorials/cleanmgr/ but I suggest ATF-Cleaner is a nice, small tool you will appreciate and the price is right.
Please continue with the instructions from the point where you left off. I do not need another combofix log.
Thanks