PDA

View Full Version : Please help with zlob Virus I think it was called



Necroelf
2008-10-27, 02:32
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:26, on 10/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Stardock\Impulse\Impulse.exe
C:\Program Files\MagicTune Premium\MagicTune.exe
C:\Program Files\Stardock\CursorFX\CursorFX.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\Yahoo!\browser\ybrowser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll (file missing)
O2 - BHO: (no name) - {970796E4-14B9-4C30-AC31-C21091937229} - C:\WINDOWS\system32\khfCtsSm.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - blank (file missing)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (file missing)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - blank (file missing)
O3 - Toolbar: bkqxdons - {BF54CDC2-E0D2-4C75-8BB5-CF71F1DD2AE5} - C:\WINDOWS\TEMP\ac8zt2\bkqxdons.dll (file missing)
O3 - Toolbar: bkqxdons - {EF331C30-03C4-4CC9-B520-E4C41DB9AFAE} - C:\WINDOWS\TEMP\ac8zt2\bkqxdons.dll (file missing)
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
O4 - HKLM\..\Run: [RegistryMechanic] F:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\bootskin.exe" /StartupJobs
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ImpulseFastStart] "C:\Program Files\Stardock\Impulse\Impulse.exe" /fastload
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [CursorFX] "C:\Program Files\Stardock\CursorFX\CursorFX.exe"
O4 - S-1-5-18 Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1215054470233
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1215054633498
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15102/CTPID.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
O20 - Winlogon Notify: khfCtsSm - C:\WINDOWS\SYSTEM32\khfCtsSm.dll
O20 - Winlogon Notify: SSOExec - %windir%\temp\sso\ssoexec.dll (file missing)
O21 - SSODL: qnflkotm - {B39F06D5-E585-47FF-9890-C9F015D052C3} - \qnflkotm.dll
O21 - SSODL: vwnskbot - {156C30CE-C895-4F00-9B6C-F0FA42E08239} - C:\WINDOWS\vwnskbot.dll (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Diskeeper - Unknown owner - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 12786 bytes

Shaba
2008-10-27, 10:35
Hi Necroelf

Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)

* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools


Double click on ComboFix.exe & follow the prompts.


As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/whatnext.png


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.

Necroelf
2008-10-27, 13:09
Sorry again that it took so long I ended up having to run combofix 2 times the first time it had found and delted some files, and it did the log but I wasn't able to connect to the internet or anything. So I ran it again adn this is the log from the second time.

ComboFix 08-10-25.01 - Necro 2008-10-27 5:47:31.2 - NTFSx86
Running from: C:\Documents and Settings\Necro\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-09-27 to 2008-10-27 )))))))))))))))))))))))))))))))
.

2008-10-26 22:06 . 2008-10-26 22:06 93 --a------ C:\WINDOWS\wininit.ini
2008-10-26 20:07 . 2008-10-26 20:07 <DIR> d-------- C:\WINDOWS\WinRAR
2008-10-26 19:24 . 2008-10-26 19:24 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-26 13:37 . 2008-10-24 06:26 344,064 --a------ C:\vwnskbot.dll
2008-10-26 13:37 . 2008-10-24 06:26 327,680 --a------ C:\qnflkotm.dll
2008-10-26 12:54 . 2008-10-26 13:34 <DIR> d-------- C:\Program Files\SinEpisodes
2008-10-26 02:23 . 2008-10-26 02:23 <DIR> d-------- C:\Program Files\JoWooD
2008-10-26 01:05 . 2008-10-26 02:18 <DIR> d-------- C:\Program Files\Steam
2008-10-24 02:29 . 2008-10-24 02:55 <DIR> d-------- C:\Documents and Settings\Necro\Application Data\SPORE
2008-10-24 01:32 . 2008-10-15 11:34 337,408 --a------ C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-22 03:19 . 2008-10-22 15:13 278,984 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2008-10-22 03:19 . 2008-10-22 03:19 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2008-10-22 03:06 . 2008-10-22 03:06 <DIR> d-------- C:\Program Files\SpellForce
2008-10-21 11:11 . 2008-10-21 13:31 <DIR> d-------- C:\Program Files\Crysis Warhead
2008-10-20 22:04 . 2008-10-20 22:06 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Yahoo!
2008-10-20 22:00 . 2008-10-20 22:00 <DIR> d-------- C:\Documents and Settings\Administrator
2008-10-20 04:28 . 2008-10-20 04:28 <DIR> d-------- C:\Program Files\DIFX
2008-10-20 04:20 . 2008-10-20 04:20 <DIR> d-------- C:\WINDOWS\system32\xlive
2008-10-20 00:17 . 2008-10-20 00:17 <DIR> d-------- C:\Documents and Settings\Necro\Application Data\Friday's games
2008-10-20 00:15 . 2008-10-20 00:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SugarGames
2008-10-19 23:27 . 2008-10-19 23:27 <DIR> d-------- C:\Documents and Settings\Necro\Saved Games
2008-10-19 23:27 . 2008-10-19 23:27 <DIR> d-------- C:\Documents and Settings\Necro\Application Data\iWin
2008-10-19 23:24 . 2008-10-19 23:24 0 --a------ C:\WINDOWS\Game.INI
2008-10-19 16:19 . 2007-12-03 14:35 340,040 --a------ C:\WINDOWS\CSWSKAX5.OCX
2008-10-19 07:18 . 2008-10-19 07:18 <DIR> d-------- C:\Program Files\ReflexiveArcade
2008-10-19 03:16 . 2008-10-19 03:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Escape From Paradise
2008-10-18 23:16 . 2008-10-18 23:16 <DIR> d-------- C:\Documents and Settings\Necro\Application Data\WildTangent
2008-10-18 04:07 . 2008-10-18 06:12 <DIR> d-------- C:\Program Files\Ground Control II
2008-10-18 04:06 . 2008-10-18 04:06 <DIR> d-------- C:\Sierra
2008-10-15 23:54 . 2008-10-15 23:56 <DIR> d-------- C:\WINDOWS\NV31521380.TMP
2008-10-15 23:54 . 2008-10-07 13:33 201,157 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-10-15 23:53 . 2008-10-15 23:53 <DIR> d-------- C:\NVIDIA
2008-10-15 23:48 . 2008-10-15 23:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-10-15 23:33 . 2008-10-15 23:44 <DIR> d-------- C:\WINDOWS\NV27362932.TMP
2008-10-15 18:52 . 2003-03-12 15:48 2,359,352 --a------ C:\WINDOWS\Krypto_BG.bmp
2008-10-15 03:42 . 2008-10-15 03:42 <DIR> d-------- C:\Program Files\CD Projekt
2008-10-15 03:09 . 2008-09-08 05:41 333,824 --a------ C:\WINDOWS\system32\dllcache\srv.sys
2008-10-15 03:08 . 2008-08-14 05:11 2,189,184 --a------ C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-15 03:08 . 2008-08-14 05:09 2,145,280 --a------ C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-15 03:08 . 2008-08-14 04:33 2,066,048 --a------ C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-15 03:08 . 2008-08-14 04:33 2,023,936 --a------ C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-15 03:08 . 2008-09-15 07:12 1,846,400 --a------ C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-14 16:51 . 2008-10-14 16:51 <DIR> d-------- C:\Documents and Settings\Necro\Application Data\Disney Interactive Studios
2008-10-14 16:38 . 2008-10-14 16:38 <DIR> d-------- C:\Program Files\Disney Interactive Studios
2008-10-14 16:38 . 2008-07-12 08:18 3,851,784 --a------ C:\WINDOWS\system32\D3DX9_39.dll
2008-10-14 16:38 . 2008-07-12 08:18 1,493,528 --a------ C:\WINDOWS\system32\D3DCompiler_39.dll
2008-10-14 16:38 . 2008-07-31 10:40 509,448 --a------ C:\WINDOWS\system32\XAudio2_2.dll
2008-10-14 16:38 . 2008-07-12 08:18 467,984 --a------ C:\WINDOWS\system32\d3dx10_39.dll
2008-10-14 16:38 . 2008-07-31 10:41 238,088 --a------ C:\WINDOWS\system32\xactengine3_2.dll
2008-10-14 16:38 . 2008-07-31 10:41 68,616 --a------ C:\WINDOWS\system32\XAPOFX1_1.dll
2008-10-14 16:36 . 2008-10-14 16:48 1,049 --a------ C:\WINDOWS\disney.ini
2008-10-13 04:14 . 2008-10-15 04:13 <DIR> d-------- C:\Program Files\Stardock Games
2008-10-13 02:21 . 2008-10-14 03:29 112 --a------ C:\WINDOWS\SpaceForce-RU.cfg
2008-10-13 02:13 . 2008-10-13 02:13 <DIR> d-------- C:\Program Files\Dreamcatcher
2008-10-12 23:35 . 2008-10-27 05:55 24 --a------ C:\WINDOWS\LogonStudio.ini
2008-10-12 23:25 . 2008-10-12 23:25 <DIR> d-------- C:\Program Files\WinCustomize
2008-10-12 23:25 . 2000-10-10 13:01 198,656 --a------ C:\WINDOWS\system32\comdlg32.ocx
2008-10-12 23:25 . 2000-05-17 09:52 187,392 --a------ C:\WINDOWS\system32\JPGUtils.dll
2008-10-12 23:23 . 2008-10-15 19:50 163,712 --a------ C:\WINDOWS\system32\drivers\vidstub.sys
2008-10-12 22:50 . 2008-10-12 22:50 0 --a------ C:\WINDOWS\WB.ini
2008-10-12 22:34 . 2008-05-06 15:25 58,616 --a------ C:\WINDOWS\system32\wbload.dll
2008-10-12 22:34 . 2008-04-28 11:35 42,672 --a------ C:\WINDOWS\system32\wbsys.dll
2008-10-12 22:32 . 2003-02-08 13:03 748,544 --a------ C:\WINDOWS\system32\bandvwm.dll
2008-10-12 17:58 . 2008-10-12 17:58 <DIR> d-------- C:\Documents and Settings\Necro\Application Data\CyberLink
2008-10-12 17:40 . 2008-04-27 10:33 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-10-12 17:40 . 2008-04-27 10:35 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-10-12 17:40 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2008-10-11 15:08 . 2008-10-11 15:08 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2008-10-11 04:18 . 2008-10-11 04:18 <DIR> d-------- C:\Program Files\Lighthouse Interactive
2008-10-10 19:37 . 2008-10-10 19:37 <DIR> d-------- C:\Program Files\EA Games
2008-10-10 06:52 . 2008-10-10 06:52 <DIR> d-------- C:\Program Files\Cinemaware
2008-10-09 21:35 . 2008-10-27 03:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-10-09 20:47 . 2008-10-09 20:47 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-10-09 20:09 . 2008-10-20 00:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WildTangent
2008-10-09 19:23 . 2008-10-09 19:23 <DIR> d-------- C:\Documents and Settings\Necro\Application Data\Activision
2008-10-09 06:14 . 2008-10-09 06:14 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-10-09 03:19 . 2008-10-09 03:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MumboJumbo
2008-10-07 19:16 . 2008-10-07 19:16 <DIR> dr-h----- C:\Documents and Settings\Necro\Application Data\SecuROM
2008-10-07 19:16 . 2008-10-07 19:16 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-10-06 17:46 . 2008-10-06 17:58 <DIR> d-------- C:\WINDOWS\NV2252588.TMP
2008-10-06 16:48 . 2008-10-06 16:48 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-10-06 16:48 . 2008-10-06 16:48 <DIR> d-------- C:\WINDOWS\system32\en
2008-10-06 16:48 . 2008-10-06 16:48 <DIR> d-------- C:\WINDOWS\l2schemas
2008-10-06 16:22 . 2008-10-06 16:24 4,156 --a------ C:\fix.reg
2008-10-05 19:27 . 2008-10-12 17:40 <DIR> d-------- C:\Documents and Settings\Necro\Application Data\Apple Computer
2008-10-05 19:26 . 2008-10-22 18:56 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-10-05 19:15 . 2008-10-05 19:15 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\{CB371711-F700-43CC-ACE0-9ADC5CEBBA81}
2008-10-05 19:07 . 2008-10-12 22:36 <DIR> d-------- C:\Documents and Settings\Necro\Application Data\Stardock
2008-10-05 19:06 . 2008-10-15 20:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Stardock
2008-10-05 19:01 . 2008-10-05 19:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-10-05 18:57 . 2008-10-05 18:57 <DIR> d-------- C:\Program Files\QuickTime
2008-10-05 18:57 . 2008-10-19 18:46 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-10-05 18:57 . 2008-10-19 18:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-10-05 18:56 . 2008-10-05 18:56 <DIR> d-------- C:\Program Files\Apple Software Update
2008-10-05 18:56 . 2008-10-05 18:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-10-05 16:06 . 2008-04-13 19:11 650,752 --a------ C:\WINDOWS\system32\dot3ui.dll
2008-10-05 16:05 . 2008-04-13 19:11 233,472 --a------ C:\WINDOWS\system32\azroles.dll
2008-10-05 16:05 . 2008-04-13 19:11 7,168 --a------ C:\WINDOWS\system32\bitsprx4.dll
2008-10-05 01:44 . 2008-10-05 01:44 <DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-10-05 01:43 . 2008-10-05 01:43 <DIR> d-------- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2008-10-05 00:59 . 2008-07-30 17:42 23,888 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-10-05 00:59 . 2008-07-30 17:28 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-10-05 00:59 . 2008-07-30 17:28 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-10-05 00:49 . 2008-10-05 00:49 285 --a------ C:\WINDOWS\vtmb.ini
2008-10-05 00:39 . 2008-10-25 00:51 <DIR> d-------- C:\Program Files\Vuze
2008-10-05 00:32 . 2008-10-05 00:32 361 --a------ C:\WINDOWS\system32\QuickTime.qtp
2008-10-05 00:21 . 2008-10-05 00:21 <DIR> d-------- C:\Documents and Settings\Necro\Application Data\InstallShield
2008-10-05 00:01 . 2008-10-05 00:25 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-10-05 00:01 . 2008-10-05 00:25 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-10-05 00:00 . 2008-10-05 00:59 <DIR> d-------- C:\Program Files\Symantec
2008-10-05 00:00 . 2008-10-27 03:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-10-04 23:49 . 2008-10-04 23:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-10-04 23:44 . 2008-10-03 12:41 6,066,176 --a------ C:\WINDOWS\system32\dllcache\ieframe.dll
2008-10-04 23:44 . 2007-04-17 04:32 2,455,488 --a------ C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-10-04 23:44 . 2007-03-08 00:10 991,232 --a------ C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-10-04 23:44 . 2008-08-26 02:24 459,264 --a------ C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-10-04 23:44 . 2008-08-26 02:24 383,488 --a------ C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-10-04 23:44 . 2008-08-26 02:24 267,776 --a------ C:\WINDOWS\system32\dllcache\iertutil.dll
2008-10-04 23:44 . 2008-08-26 02:24 63,488 --a------ C:\WINDOWS\system32\dllcache\icardie.dll
2008-10-04 23:44 . 2008-08-26 02:24 52,224 --a------ C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-10-04 23:44 . 2008-08-25 03:38 13,824 --a------ C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-10-04 23:42 . 2008-04-11 14:04 691,712 --a------ C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-10-04 22:12 . 2008-10-04 22:12 1,430,808 --a------ C:\WINDOWS\system32\AutoPartNt.exe
2008-10-04 22:12 . 2008-10-04 22:14 1,024 --a------ C:\WINDOWS\system32\AutoPartNt.let
2008-10-04 21:51 . 2008-10-04 21:51 <DIR> d-------- C:\Program Files\7-Zip

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-27 10:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-10-27 08:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-27 08:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-10-26 20:45 --------- d-----w C:\Documents and Settings\Necro\Application Data\Azureus
2008-10-25 05:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-18 09:15 --------- d-----w C:\Documents and Settings\Necro\Application Data\IGN_DLM
2008-10-13 04:02 --------- d-----w C:\Documents and Settings\Necro\Application Data\Yahoo!
2008-10-12 22:56 --------- d--h--w C:\Program Files\Creative Installation Information
2008-10-10 02:35 0 ----a-w C:\Program Files\temp01
2008-10-07 18:33 6,133,856 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2008-10-06 00:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\NOS
2008-10-05 05:25 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-10-05 05:25 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-10-04 22:20 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-07-02 07:12 84 --sh--w C:\Program Files\desktop.ini
2008-07-02 05:36 3,022,457 --sha-w C:\Documents and Settings\Necro\rundll32.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"ImpulseFastStart"="C:\Program Files\Stardock\Impulse\Impulse.exe" [2008-10-14 1717616]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2008-08-01 1103216]
"CursorFX"="C:\Program Files\Stardock\CursorFX\CursorFX.exe" [2008-07-07 416768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2007-10-26 509224]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-10-07 13574144]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"osCheck"="C:\PROGRA~1\Symantec\osCheck.exe" [2007-01-14 771704]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-06 413696]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936]
"LogonStudio"="C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 987187]
"BootSkin Startup Jobs"="C:\Program Files\Stardock\WinCustomize\BootSkin\bootskin.exe" [2004-04-26 270336]
"Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 2051096]
"Launch LGDCore"="C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 2095640]
"Start WingMan Profiler"="C:\Program Files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-10-07 86016]
"nwiz"="nwiz.exe" [2008-10-07 C:\WINDOWS\system32\nwiz.exe]
"P17Helper"="P17.dll" [2006-03-17 C:\WINDOWS\system32\P17.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideClock"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"qnflkotm"= {B39F06D5-E585-47FF-9890-C9F015D052C3} - \qnflkotm.dll [2008-10-24 327680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 15:13 49152 C:\PROGRA~1\COMMON~1\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-09-22 16:59 174328 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\SEGA\\Universe At War Earth Assault\\UAWEA.exe"=

R0 BootScreen;BootScreen;C:\WINDOWS\\SystemRoot\System32\drivers\vidstub.sys []
R3 GameConsoleService;GameConsoleService;C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe [2008-10-02 20:20]
R3 getPlus(R) Helper;getPlus(R) Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 10:00]
R3 p17filt;p17filt;C:\WINDOWS\system32\drivers\p17filt.sys [2006-03-20 18:34]
R4 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.syS []


*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2008-10-22 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-10-21 C:\WINDOWS\Tasks\Norton Security Online - Run Full System Scan - Necro.job
- C:\PROGRA~1\Symantec\Norton AntiVirus\Navw32.exe [2007-01-14 04:09]
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-RunOnce-<NO NAME> - (no file)


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
R0 -: HKLM-Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
R0 -: HKLM-Main,Search Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
R1 -: HKCU-SearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab

O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
C:\WINDOWS\Downloaded Program Files\SysReqLab3.osd
C:\WINDOWS\Downloaded Program Files\sysreqlab3.dll
.
.
------- File Associations -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-27 05:55:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\PROGRA~1\COMMON~1\Stardock\sdmcp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\MagicTune Premium\MagicTune.exe
.
**************************************************************************
.
Completion time: 2008-10-27 6:03:54 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-27 11:03:48
ComboFix2.txt 2008-10-27 10:35:07

Pre-Run: 373,169,987,584 bytes free
Post-Run: 373,192,777,728 bytes free

282 --- E O F --- 2008-10-21 09:44:48

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:04, on 10/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Stardock\Impulse\Impulse.exe
C:\Program Files\Stardock\CursorFX\CursorFX.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\MagicTune Premium\MagicTune.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - blank (file missing)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - blank (file missing)
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\bootskin.exe" /StartupJobs
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ImpulseFastStart] "C:\Program Files\Stardock\Impulse\Impulse.exe" /fastload
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [CursorFX] "C:\Program Files\Stardock\CursorFX\CursorFX.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1215054470233
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1215054633498
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15102/CTPID.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{11DACA1C-85EB-4833-8366-9596924E65AD}: NameServer = 66.73.20.40 206.141.193.55
O17 - HKLM\System\CS2\Services\Tcpip\..\{11DACA1C-85EB-4833-8366-9596924E65AD}: NameServer = 66.73.20.40 206.141.193.55
O21 - SSODL: qnflkotm - {B39F06D5-E585-47FF-9890-C9F015D052C3} - \qnflkotm.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Diskeeper - Unknown owner - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 11241 bytes

Shaba
2008-10-27, 13:18
Please post also contents of that first combofix log; it should be in C:\ and filename ComboFix2.txt :)

Necroelf
2008-10-27, 13:20
ComboFix 08-10-25.01 - Necro 2008-10-27 5:47:31.2 - NTFSx86
Running from: C:\Documents and Settings\Necro\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-09-27 to 2008-10-27 )))))))))))))))))))))))))))))))
.

2008-10-26 22:06 . 2008-10-26 22:06 93 --a------ C:\WINDOWS\wininit.ini
2008-10-26 20:07 . 2008-10-26 20:07 <DIR> d-------- C:\WINDOWS\WinRAR
2008-10-26 19:24 . 2008-10-26 19:24 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-26 13:37 . 2008-10-24 06:26 344,064 --a------ C:\vwnskbot.dll
2008-10-26 13:37 . 2008-10-24 06:26 327,680 --a------ C:\qnflkotm.dll
2008-10-26 12:54 . 2008-10-26 13:34 <DIR> d-------- C:\Program Files\SinEpisodes
2008-10-26 02:23 . 2008-10-26 02:23 <DIR> d-------- C:\Program Files\JoWooD
2008-10-26 01:05 . 2008-10-26 02:18 <DIR> d-------- C:\Program Files\Steam
2008-10-24 02:29 . 2008-10-24 02:55 <DIR> d-------- C:\Documents and Settings\Necro\Application Data\SPORE
2008-10-24 01:32 . 2008-10-15 11:34 337,408 --a------ C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-22 03:19 . 2008-10-22 15:13 278,984 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2008-10-22 03:19 . 2008-10-22 03:19 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2008-10-22 03:06 . 2008-10-22 03:06 <DIR> d-------- C:\Program Files\SpellForce
2008-10-21 11:11 . 2008-10-21 13:31 <DIR> d-------- C:\Program Files\Crysis Warhead
2008-10-20 22:04 . 2008-10-20 22:06 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Yahoo!
2008-10-20 22:00 . 2008-10-20 22:00 <DIR> d-------- C:\Documents and Settings\Administrator
2008-10-20 04:28 . 2008-10-20 04:28 <DIR> d-------- C:\Program Files\DIFX
2008-10-20 04:20 . 2008-10-20 04:20 <DIR> d-------- C:\WINDOWS\system32\xlive
2008-10-20 00:17 . 2008-10-20 00:17 <DIR> d-------- C:\Documents and Settings\Necro\Application Data\Friday's games
2008-10-20 00:15 . 2008-10-20 00:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SugarGames
2008-10-19 23:27 . 2008-10-19 23:27 <DIR> d-------- C:\Documents and Settings\Necro\Saved Games
2008-10-19 23:27 . 2008-10-19 23:27 <DIR> d-------- C:\Documents and Settings\Necro\Application Data\iWin
2008-10-19 23:24 . 2008-10-19 23:24 0 --a------ C:\WINDOWS\Game.INI
2008-10-19 16:19 . 2007-12-03 14:35 340,040 --a------ C:\WINDOWS\CSWSKAX5.OCX
2008-10-19 07:18 . 2008-10-19 07:18 <DIR> d-------- C:\Program Files\ReflexiveArcade
2008-10-19 03:16 . 2008-10-19 03:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Escape From Paradise
2008-10-18 23:16 . 2008-10-18 23:16 <DIR> d-------- C:\Documents and Settings\Necro\Application Data\WildTangent
2008-10-18 04:07 . 2008-10-18 06:12 <DIR> d-------- C:\Program Files\Ground Control II
2008-10-18 04:06 . 2008-10-18 04:06 <DIR> d-------- C:\Sierra
2008-10-15 23:54 . 2008-10-15 23:56 <DIR> d-------- C:\WINDOWS\NV31521380.TMP
2008-10-15 23:54 . 2008-10-07 13:33 201,157 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-10-15 23:53 . 2008-10-15 23:53 <DIR> d-------- C:\NVIDIA
2008-10-15 23:48 . 2008-10-15 23:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-10-15 23:33 . 2008-10-15 23:44 <DIR> d-------- C:\WINDOWS\NV27362932.TMP
2008-10-15 18:52 . 2003-03-12 15:48 2,359,352 --a------ C:\WINDOWS\Krypto_BG.bmp
2008-10-15 03:42 . 2008-10-15 03:42 <DIR> d-------- C:\Program Files\CD Projekt
2008-10-15 03:09 . 2008-09-08 05:41 333,824 --a------ C:\WINDOWS\system32\dllcache\srv.sys
2008-10-15 03:08 . 2008-08-14 05:11 2,189,184 --a------ C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-15 03:08 . 2008-08-14 05:09 2,145,280 --a------ C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-15 03:08 . 2008-08-14 04:33 2,066,048 --a------ C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-15 03:08 . 2008-08-14 04:33 2,023,936 --a------ C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-15 03:08 . 2008-09-15 07:12 1,846,400 --a------ C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-14 16:51 . 2008-10-14 16:51 <DIR> d-------- C:\Documents and Settings\Necro\Application Data\Disney Interactive Studios
2008-10-14 16:38 . 2008-10-14 16:38 <DIR> d-------- C:\Program Files\Disney Interactive Studios
2008-10-14 16:38 . 2008-07-12 08:18 3,851,784 --a------ C:\WINDOWS\system32\D3DX9_39.dll
2008-10-14 16:38 . 2008-07-12 08:18 1,493,528 --a------ C:\WINDOWS\system32\D3DCompiler_39.dll
2008-10-14 16:38 . 2008-07-31 10:40 509,448 --a------ C:\WINDOWS\system32\XAudio2_2.dll
2008-10-14 16:38 . 2008-07-12 08:18 467,984 --a------ C:\WINDOWS\system32\d3dx10_39.dll
2008-10-14 16:38 . 2008-07-31 10:41 238,088 --a------ C:\WINDOWS\system32\xactengine3_2.dll
2008-10-14 16:38 . 2008-07-31 10:41 68,616 --a------ C:\WINDOWS\system32\XAPOFX1_1.dll
2008-10-14 16:36 . 2008-10-14 16:48 1,049 --a------ C:\WINDOWS\disney.ini
2008-10-13 04:14 . 2008-10-15 04:13 <DIR> d-------- C:\Program Files\Stardock Games
2008-10-13 02:21 . 2008-10-14 03:29 112 --a------ C:\WINDOWS\SpaceForce-RU.cfg
2008-10-13 02:13 . 2008-10-13 02:13 <DIR> d-------- C:\Program Files\Dreamcatcher
2008-10-12 23:35 . 2008-10-27 05:55 24 --a------ C:\WINDOWS\LogonStudio.ini
2008-10-12 23:25 . 2008-10-12 23:25 <DIR> d-------- C:\Program Files\WinCustomize
2008-10-12 23:25 . 2000-10-10 13:01 198,656 --a------ C:\WINDOWS\system32\comdlg32.ocx
2008-10-12 23:25 . 2000-05-17 09:52 187,392 --a------ C:\WINDOWS\system32\JPGUtils.dll
2008-10-12 23:23 . 2008-10-15 19:50 163,712 --a------ C:\WINDOWS\system32\drivers\vidstub.sys
2008-10-12 22:50 . 2008-10-12 22:50 0 --a------ C:\WINDOWS\WB.ini
2008-10-12 22:34 . 2008-05-06 15:25 58,616 --a------ C:\WINDOWS\system32\wbload.dll
2008-10-12 22:34 . 2008-04-28 11:35 42,672 --a------ C:\WINDOWS\system32\wbsys.dll
2008-10-12 22:32 . 2003-02-08 13:03 748,544 --a------ C:\WINDOWS\system32\bandvwm.dll
2008-10-12 17:58 . 2008-10-12 17:58 <DIR> d-------- C:\Documents and Settings\Necro\Application Data\CyberLink
2008-10-12 17:40 . 2008-04-27 10:33 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-10-12 17:40 . 2008-04-27 10:35 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-10-12 17:40 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2008-10-11 15:08 . 2008-10-11 15:08 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2008-10-11 04:18 . 2008-10-11 04:18 <DIR> d-------- C:\Program Files\Lighthouse Interactive
2008-10-10 19:37 . 2008-10-10 19:37 <DIR> d-------- C:\Program Files\EA Games
2008-10-10 06:52 . 2008-10-10 06:52 <DIR> d-------- C:\Program Files\Cinemaware
2008-10-09 21:35 . 2008-10-27 03:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-10-09 20:47 . 2008-10-09 20:47 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-10-09 20:09 . 2008-10-20 00:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WildTangent
2008-10-09 19:23 . 2008-10-09 19:23 <DIR> d-------- C:\Documents and Settings\Necro\Application Data\Activision
2008-10-09 06:14 . 2008-10-09 06:14 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-10-09 03:19 . 2008-10-09 03:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MumboJumbo
2008-10-07 19:16 . 2008-10-07 19:16 <DIR> dr-h----- C:\Documents and Settings\Necro\Application Data\SecuROM
2008-10-07 19:16 . 2008-10-07 19:16 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-10-06 17:46 . 2008-10-06 17:58 <DIR> d-------- C:\WINDOWS\NV2252588.TMP
2008-10-06 16:48 . 2008-10-06 16:48 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-10-06 16:48 . 2008-10-06 16:48 <DIR> d-------- C:\WINDOWS\system32\en
2008-10-06 16:48 . 2008-10-06 16:48 <DIR> d-------- C:\WINDOWS\l2schemas
2008-10-06 16:22 . 2008-10-06 16:24 4,156 --a------ C:\fix.reg
2008-10-05 19:27 . 2008-10-12 17:40 <DIR> d-------- C:\Documents and Settings\Necro\Application Data\Apple Computer
2008-10-05 19:26 . 2008-10-22 18:56 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-10-05 19:15 . 2008-10-05 19:15 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\{CB371711-F700-43CC-ACE0-9ADC5CEBBA81}
2008-10-05 19:07 . 2008-10-12 22:36 <DIR> d-------- C:\Documents and Settings\Necro\Application Data\Stardock
2008-10-05 19:06 . 2008-10-15 20:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Stardock
2008-10-05 19:01 . 2008-10-05 19:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-10-05 18:57 . 2008-10-05 18:57 <DIR> d-------- C:\Program Files\QuickTime
2008-10-05 18:57 . 2008-10-19 18:46 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-10-05 18:57 . 2008-10-19 18:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-10-05 18:56 . 2008-10-05 18:56 <DIR> d-------- C:\Program Files\Apple Software Update
2008-10-05 18:56 . 2008-10-05 18:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-10-05 16:06 . 2008-04-13 19:11 650,752 --a------ C:\WINDOWS\system32\dot3ui.dll
2008-10-05 16:05 . 2008-04-13 19:11 233,472 --a------ C:\WINDOWS\system32\azroles.dll
2008-10-05 16:05 . 2008-04-13 19:11 7,168 --a------ C:\WINDOWS\system32\bitsprx4.dll
2008-10-05 01:44 . 2008-10-05 01:44 <DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-10-05 01:43 . 2008-10-05 01:43 <DIR> d-------- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2008-10-05 00:59 . 2008-07-30 17:42 23,888 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-10-05 00:59 . 2008-07-30 17:28 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-10-05 00:59 . 2008-07-30 17:28 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-10-05 00:49 . 2008-10-05 00:49 285 --a------ C:\WINDOWS\vtmb.ini
2008-10-05 00:39 . 2008-10-25 00:51 <DIR> d-------- C:\Program Files\Vuze
2008-10-05 00:32 . 2008-10-05 00:32 361 --a------ C:\WINDOWS\system32\QuickTime.qtp
2008-10-05 00:21 . 2008-10-05 00:21 <DIR> d-------- C:\Documents and Settings\Necro\Application Data\InstallShield
2008-10-05 00:01 . 2008-10-05 00:25 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-10-05 00:01 . 2008-10-05 00:25 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-10-05 00:00 . 2008-10-05 00:59 <DIR> d-------- C:\Program Files\Symantec
2008-10-05 00:00 . 2008-10-27 03:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-10-04 23:49 . 2008-10-04 23:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-10-04 23:44 . 2008-10-03 12:41 6,066,176 --a------ C:\WINDOWS\system32\dllcache\ieframe.dll
2008-10-04 23:44 . 2007-04-17 04:32 2,455,488 --a------ C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-10-04 23:44 . 2007-03-08 00:10 991,232 --a------ C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-10-04 23:44 . 2008-08-26 02:24 459,264 --a------ C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-10-04 23:44 . 2008-08-26 02:24 383,488 --a------ C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-10-04 23:44 . 2008-08-26 02:24 267,776 --a------ C:\WINDOWS\system32\dllcache\iertutil.dll
2008-10-04 23:44 . 2008-08-26 02:24 63,488 --a------ C:\WINDOWS\system32\dllcache\icardie.dll
2008-10-04 23:44 . 2008-08-26 02:24 52,224 --a------ C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-10-04 23:44 . 2008-08-25 03:38 13,824 --a------ C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-10-04 23:42 . 2008-04-11 14:04 691,712 --a------ C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-10-04 22:12 . 2008-10-04 22:12 1,430,808 --a------ C:\WINDOWS\system32\AutoPartNt.exe
2008-10-04 22:12 . 2008-10-04 22:14 1,024 --a------ C:\WINDOWS\system32\AutoPartNt.let
2008-10-04 21:51 . 2008-10-04 21:51 <DIR> d-------- C:\Program Files\7-Zip

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-27 10:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-10-27 08:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-27 08:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-10-26 20:45 --------- d-----w C:\Documents and Settings\Necro\Application Data\Azureus
2008-10-25 05:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-18 09:15 --------- d-----w C:\Documents and Settings\Necro\Application Data\IGN_DLM
2008-10-13 04:02 --------- d-----w C:\Documents and Settings\Necro\Application Data\Yahoo!
2008-10-12 22:56 --------- d--h--w C:\Program Files\Creative Installation Information
2008-10-10 02:35 0 ----a-w C:\Program Files\temp01
2008-10-07 18:33 6,133,856 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2008-10-06 00:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\NOS
2008-10-05 05:25 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-10-05 05:25 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-10-04 22:20 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-07-02 07:12 84 --sh--w C:\Program Files\desktop.ini
2008-07-02 05:36 3,022,457 --sha-w C:\Documents and Settings\Necro\rundll32.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"ImpulseFastStart"="C:\Program Files\Stardock\Impulse\Impulse.exe" [2008-10-14 1717616]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2008-08-01 1103216]
"CursorFX"="C:\Program Files\Stardock\CursorFX\CursorFX.exe" [2008-07-07 416768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2007-10-26 509224]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-10-07 13574144]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"osCheck"="C:\PROGRA~1\Symantec\osCheck.exe" [2007-01-14 771704]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-06 413696]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936]
"LogonStudio"="C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 987187]
"BootSkin Startup Jobs"="C:\Program Files\Stardock\WinCustomize\BootSkin\bootskin.exe" [2004-04-26 270336]
"Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 2051096]
"Launch LGDCore"="C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 2095640]
"Start WingMan Profiler"="C:\Program Files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-10-07 86016]
"nwiz"="nwiz.exe" [2008-10-07 C:\WINDOWS\system32\nwiz.exe]
"P17Helper"="P17.dll" [2006-03-17 C:\WINDOWS\system32\P17.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideClock"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"qnflkotm"= {B39F06D5-E585-47FF-9890-C9F015D052C3} - \qnflkotm.dll [2008-10-24 327680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 15:13 49152 C:\PROGRA~1\COMMON~1\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-09-22 16:59 174328 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\SEGA\\Universe At War Earth Assault\\UAWEA.exe"=

R0 BootScreen;BootScreen;C:\WINDOWS\\SystemRoot\System32\drivers\vidstub.sys []
R3 GameConsoleService;GameConsoleService;C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe [2008-10-02 20:20]
R3 getPlus(R) Helper;getPlus(R) Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 10:00]
R3 p17filt;p17filt;C:\WINDOWS\system32\drivers\p17filt.sys [2006-03-20 18:34]
R4 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.syS []


*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2008-10-22 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-10-21 C:\WINDOWS\Tasks\Norton Security Online - Run Full System Scan - Necro.job
- C:\PROGRA~1\Symantec\Norton AntiVirus\Navw32.exe [2007-01-14 04:09]
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-RunOnce-<NO NAME> - (no file)


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
R0 -: HKLM-Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
R0 -: HKLM-Main,Search Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
R1 -: HKCU-SearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab

O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
C:\WINDOWS\Downloaded Program Files\SysReqLab3.osd
C:\WINDOWS\Downloaded Program Files\sysreqlab3.dll
.
.
------- File Associations -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-27 05:55:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\PROGRA~1\COMMON~1\Stardock\sdmcp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\MagicTune Premium\MagicTune.exe
.
**************************************************************************
.
Completion time: 2008-10-27 6:03:54 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-27 11:03:48
ComboFix2.txt 2008-10-27 10:35:07

Pre-Run: 373,169,987,584 bytes free
Post-Run: 373,192,777,728 bytes free

282 --- E O F --- 2008-10-21 09:44:48

Shaba
2008-10-27, 14:08
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg

5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.

Necroelf
2008-10-27, 18:39
Acrobat.com
Acrobat.com
Ad-Aware SE Personal
Adobe AIR
Adobe AIR
Adobe Flash Player ActiveX
Adobe Reader 9
Adobe Shockwave Player 11
AppCore
Apple Software Update
AT&T Yahoo! Applications
AV
BootSkin
Born of Blood
ccCommon
Component Tray
Creative EAX Console
Creative MediaSource
Creative MediaSource 5
Creative Software AutoUpdate
Creative System Information
DarkCrusade
Data Lifeguard Tools
Dawn of War - Soulstorm
Desktop Gadgets
DesktopX
Download Manager 2.3.6
EA Download Manager
Galactic Civilizations II
GalCiv II - Dark Avatar
GalCiv II - Twilight of the Arnor
getPlus(R) for Adobe
Ground Control
Ground Control II
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
HP Deskjet 3900 series
HP Extended Capabilities 5.0
HP Image Zone Express
HP Imaging Device Functions 5.0
HP Software Update
HP Solution Center & Imaging Support Tools 5.0
IconDeveloper
IconPackager 4
IconX
Impulse
Impulse
Keyboard Launchpad
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Logitech GamePanel Software 2.02
Logitech Gaming Software 5.02
LogonStudio
MagicTune Premium
Mercenaries 2: World in Flames(tm)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Plus! for Windows XP
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MSRedist
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Natural Color Pro
neroxml
Norton AntiVirus
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Protection Center
NVIDIA Drivers
NVIDIA PhysX v8.04.25
NVIDIA WDM Drivers
Object Desktop Documentation
Object Desktop Launchpad
ObjectBar
ObjectDock Plus
OceanDive 1.2
PowerISO
Pure
QuickTime
Registry Mechanic 5.1
RightClick
Seagate*DiscWizard
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB958644)
SkinStudio 6 Professional
SkinStudio Professional
Sound Blaster Audigy
SoundPackager
Space Rangers 2
Space Rangers 2: Reboot
SpaceForce Rogue Universe
SPBBC 32bit
SpellForce
Spellforce 2 - Dragon Storm
SpellForce 2 - Shadow Wars
SpellForce 2 Update v1.02
Spelling Dictionaries Support For Adobe Reader 9
SPORE™
Stardock Virtual Desktops
Starscape
Steam
System Requirements Lab
Tab LaunchPad
The Witcher: Enhanced Edition
Theme Manager
Three thrixx Games v32
Universe at War Earth Assault
Universe at War Earth Assault
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Vampire - The Masquerade Bloodlines
Vuze
WildTangent Games
WinCustomize Browser
WindowBlinds 6
WindowFX
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Imaging Component
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
WinRAR archiver
Xvid 1.1.3 final uninstall
Yahoo! Mail Advisor

Shaba
2008-10-27, 18:47
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

Vuze

I'd like you to read the this thread (http://forums.spybot.info/showthread.php?t=282).

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Please run a new uninstall list scan when finished and post the log back here.

Necroelf
2008-10-27, 18:55
Acrobat.com
Acrobat.com
Ad-Aware SE Personal
Adobe AIR
Adobe AIR
Adobe Flash Player ActiveX
Adobe Reader 9
Adobe Shockwave Player 11
AppCore
Apple Software Update
AT&T Yahoo! Applications
AV
BootSkin
Born of Blood
ccCommon
Component Tray
Creative EAX Console
Creative MediaSource
Creative MediaSource 5
Creative Software AutoUpdate
Creative System Information
DarkCrusade
Data Lifeguard Tools
Dawn of War - Soulstorm
Desktop Gadgets
DesktopX
Download Manager 2.3.6
EA Download Manager
Galactic Civilizations II
GalCiv II - Dark Avatar
GalCiv II - Twilight of the Arnor
getPlus(R) for Adobe
Ground Control
Ground Control II
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
HP Deskjet 3900 series
HP Extended Capabilities 5.0
HP Image Zone Express
HP Imaging Device Functions 5.0
HP Software Update
HP Solution Center & Imaging Support Tools 5.0
IconDeveloper
IconPackager 4
IconX
Impulse
Impulse
Keyboard Launchpad
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Logitech GamePanel Software 2.02
Logitech Gaming Software 5.02
LogonStudio
MagicTune Premium
Mercenaries 2: World in Flames(tm)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Plus! for Windows XP
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MSRedist
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Natural Color Pro
neroxml
Norton AntiVirus
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Protection Center
NVIDIA Drivers
NVIDIA PhysX v8.04.25
NVIDIA WDM Drivers
Object Desktop Documentation
Object Desktop Launchpad
ObjectBar
ObjectDock Plus
OceanDive 1.2
PowerISO
Pure
QuickTime
Registry Mechanic 5.1
RightClick
Seagate*DiscWizard
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB958644)
SkinStudio 6 Professional
SkinStudio Professional
Sound Blaster Audigy
SoundPackager
Space Rangers 2
Space Rangers 2: Reboot
SpaceForce Rogue Universe
SPBBC 32bit
SpellForce
Spellforce 2 - Dragon Storm
SpellForce 2 - Shadow Wars
SpellForce 2 Update v1.02
Spelling Dictionaries Support For Adobe Reader 9
SPORE™
Stardock Virtual Desktops
Starscape
Steam
System Requirements Lab
Tab LaunchPad
The Witcher: Enhanced Edition
Theme Manager
Three thrixx Games v32
Universe at War Earth Assault
Universe at War Earth Assault
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Vampire - The Masquerade Bloodlines
WildTangent Games
WinCustomize Browser
WindowBlinds 6
WindowFX
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Imaging Component
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
WinRAR archiver
Xvid 1.1.3 final uninstall
Yahoo! Mail Advisor

Shaba
2008-10-27, 19:51
Open notepad and copy/paste the text in the codebox below into it:


File::
C:\vwnskbot.dll
C:\qnflkotm.dll
C:\Documents and Settings\Necro\rundll32.exe

Folder::
C:\Program Files\Vuze
C:\Documents and Settings\Necro\Application Data\Azureus

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"qnflkotm"=-

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com



Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

Necroelf
2008-10-27, 20:35
ComboFix 08-10-26.01 - Necro 2008-10-27 13:16:07.3 - NTFSx86
Command switches used :: C:\Documents and Settings\Necro\Desktop\CFScript.txt
* Created a new restore point

FILE ::
File:: C:\vwnskbot.dll C:\qnflkotm.dll C:\Documents and Settings\Necro\rundll32.exe Folder:: C:\Program Files\Vuze C:\Documents and Settings\Necro\Application Data\Azureus Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "qnflkotm"=- R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
.

((((((((((((((((((((((((( Files Created from 2008-09-27 to 2008-10-27 )))))))))))))))))))))))))))))))
.

2008-10-26 22:06 . 2008-10-26 22:06 93 --a------ C:\WINDOWS\wininit.ini
2008-10-26 20:07 . 2008-10-26 20:07 <DIR> d-------- C:\WINDOWS\WinRAR
2008-10-26 19:24 . 2008-10-26 19:24 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-26 13:37 . 2008-10-24 06:26 344,064 --a------ C:\vwnskbot.dll
2008-10-26 13:37 . 2008-10-24 06:26 327,680 --a------ C:\qnflkotm.dll
2008-10-26 12:54 . 2008-10-26 13:34 <DIR> d-------- C:\Program Files\SinEpisodes
2008-10-26 02:23 . 2008-10-26 02:23 <DIR> d-------- C:\Program Files\JoWooD
2008-10-26 01:05 . 2008-10-26 02:18 <DIR> d-------- C:\Program Files\Steam
2008-10-24 02:29 . 2008-10-24 02:55 <DIR> d-------- C:\Documents and Settings\Necro\Application Data\SPORE
2008-10-24 01:32 . 2008-10-15 11:34 337,408 --a------ C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-22 03:19 . 2008-10-22 15:13 278,984 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2008-10-22 03:19 . 2008-10-22 03:19 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2008-10-22 03:06 . 2008-10-22 03:06 <DIR> d-------- C:\Program Files\SpellForce
2008-10-21 11:11 . 2008-10-21 13:31 <DIR> d-------- C:\Program Files\Crysis Warhead
2008-10-20 22:04 . 2008-10-20 22:06 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Yahoo!
2008-10-20 22:00 . 2008-10-20 22:00 <DIR> d-------- C:\Documents and Settings\Administrator
2008-10-20 04:28 . 2008-10-20 04:28 <DIR> d-------- C:\Program Files\DIFX
2008-10-20 04:20 . 2008-10-20 04:20 <DIR> d-------- C:\WINDOWS\system32\xlive
2008-10-20 00:17 . 2008-10-20 00:17 <DIR> d-------- C:\Documents and Settings\Necro\Application Data\Friday's games
2008-10-20 00:15 . 2008-10-20 00:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SugarGames
2008-10-19 23:27 . 2008-10-19 23:27 <DIR> d-------- C:\Documents and Settings\Necro\Saved Games
2008-10-19 23:27 . 2008-10-19 23:27 <DIR> d-------- C:\Documents and Settings\Necro\Application Data\iWin
2008-10-19 23:24 . 2008-10-19 23:24 0 --a------ C:\WINDOWS\Game.INI
2008-10-19 16:19 . 2007-12-03 14:35 340,040 --a------ C:\WINDOWS\CSWSKAX5.OCX
2008-10-19 07:18 . 2008-10-19 07:18 <DIR> d-------- C:\Program Files\ReflexiveArcade
2008-10-19 03:16 . 2008-10-19 03:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Escape From Paradise
2008-10-18 23:16 . 2008-10-18 23:16 <DIR> d-------- C:\Documents and Settings\Necro\Application Data\WildTangent
2008-10-18 04:07 . 2008-10-18 06:12 <DIR> d-------- C:\Program Files\Ground Control II
2008-10-18 04:06 . 2008-10-18 04:06 <DIR> d-------- C:\Sierra
2008-10-15 23:54 . 2008-10-15 23:56 <DIR> d-------- C:\WINDOWS\NV31521380.TMP
2008-10-15 23:54 . 2008-10-07 13:33 201,157 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-10-15 23:53 . 2008-10-15 23:53 <DIR> d-------- C:\NVIDIA
2008-10-15 23:48 . 2008-10-15 23:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-10-15 23:33 . 2008-10-15 23:44 <DIR> d-------- C:\WINDOWS\NV27362932.TMP
2008-10-15 18:52 . 2003-03-12 15:48 2,359,352 --a------ C:\WINDOWS\Krypto_BG.bmp
2008-10-15 03:42 . 2008-10-15 03:42 <DIR> d-------- C:\Program Files\CD Projekt
2008-10-15 03:09 . 2008-09-08 05:41 333,824 --a------ C:\WINDOWS\system32\dllcache\srv.sys
2008-10-15 03:08 . 2008-08-14 05:11 2,189,184 --a------ C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-15 03:08 . 2008-08-14 05:09 2,145,280 --a------ C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-15 03:08 . 2008-08-14 04:33 2,066,048 --a------ C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-15 03:08 . 2008-08-14 04:33 2,023,936 --a------ C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-15 03:08 . 2008-09-15 07:12 1,846,400 --a------ C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-14 16:51 . 2008-10-14 16:51 <DIR> d-------- C:\Documents and Settings\Necro\Application Data\Disney Interactive Studios
2008-10-14 16:38 . 2008-10-14 16:38 <DIR> d-------- C:\Program Files\Disney Interactive Studios
2008-10-14 16:38 . 2008-07-12 08:18 3,851,784 --a------ C:\WINDOWS\system32\D3DX9_39.dll
2008-10-14 16:38 . 2008-07-12 08:18 1,493,528 --a------ C:\WINDOWS\system32\D3DCompiler_39.dll
2008-10-14 16:38 . 2008-07-31 10:40 509,448 --a------ C:\WINDOWS\system32\XAudio2_2.dll
2008-10-14 16:38 . 2008-07-12 08:18 467,984 --a------ C:\WINDOWS\system32\d3dx10_39.dll
2008-10-14 16:38 . 2008-07-31 10:41 238,088 --a------ C:\WINDOWS\system32\xactengine3_2.dll
2008-10-14 16:38 . 2008-07-31 10:41 68,616 --a------ C:\WINDOWS\system32\XAPOFX1_1.dll
2008-10-14 16:36 . 2008-10-14 16:48 1,049 --a------ C:\WINDOWS\disney.ini
2008-10-13 04:14 . 2008-10-15 04:13 <DIR> d-------- C:\Program Files\Stardock Games
2008-10-13 02:21 . 2008-10-14 03:29 112 --a------ C:\WINDOWS\SpaceForce-RU.cfg
2008-10-13 02:13 . 2008-10-13 02:13 <DIR> d-------- C:\Program Files\Dreamcatcher
2008-10-12 23:35 . 2008-10-27 13:24 24 --a------ C:\WINDOWS\LogonStudio.ini
2008-10-12 23:25 . 2008-10-12 23:25 <DIR> d-------- C:\Program Files\WinCustomize
2008-10-12 23:25 . 2000-10-10 13:01 198,656 --a------ C:\WINDOWS\system32\comdlg32.ocx
2008-10-12 23:25 . 2000-05-17 09:52 187,392 --a------ C:\WINDOWS\system32\JPGUtils.dll
2008-10-12 23:23 . 2008-10-15 19:50 163,712 --a------ C:\WINDOWS\system32\drivers\vidstub.sys
2008-10-12 22:50 . 2008-10-12 22:50 0 --a------ C:\WINDOWS\WB.ini
2008-10-12 22:34 . 2008-05-06 15:25 58,616 --a------ C:\WINDOWS\system32\wbload.dll
2008-10-12 22:34 . 2008-04-28 11:35 42,672 --a------ C:\WINDOWS\system32\wbsys.dll
2008-10-12 22:32 . 2003-02-08 13:03 748,544 --a------ C:\WINDOWS\system32\bandvwm.dll
2008-10-12 17:58 . 2008-10-12 17:58 <DIR> d-------- C:\Documents and Settings\Necro\Application Data\CyberLink
2008-10-12 17:40 . 2008-04-27 10:33 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-10-12 17:40 . 2008-04-27 10:35 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-10-12 17:40 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2008-10-11 15:08 . 2008-10-11 15:08 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2008-10-11 04:18 . 2008-10-11 04:18 <DIR> d-------- C:\Program Files\Lighthouse Interactive
2008-10-10 19:37 . 2008-10-10 19:37 <DIR> d-------- C:\Program Files\EA Games
2008-10-10 06:52 . 2008-10-10 06:52 <DIR> d-------- C:\Program Files\Cinemaware
2008-10-09 21:35 . 2008-10-27 03:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-10-09 20:47 . 2008-10-09 20:47 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-10-09 20:09 . 2008-10-20 00:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WildTangent
2008-10-09 19:23 . 2008-10-09 19:23 <DIR> d-------- C:\Documents and Settings\Necro\Application Data\Activision
2008-10-09 06:14 . 2008-10-09 06:14 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-10-09 03:19 . 2008-10-09 03:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MumboJumbo
2008-10-07 19:16 . 2008-10-07 19:16 <DIR> dr-h----- C:\Documents and Settings\Necro\Application Data\SecuROM
2008-10-07 19:16 . 2008-10-07 19:16 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-10-06 17:46 . 2008-10-06 17:58 <DIR> d-------- C:\WINDOWS\NV2252588.TMP
2008-10-06 16:48 . 2008-10-06 16:48 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-10-06 16:48 . 2008-10-06 16:48 <DIR> d-------- C:\WINDOWS\system32\en
2008-10-06 16:48 . 2008-10-06 16:48 <DIR> d-------- C:\WINDOWS\l2schemas
2008-10-06 16:22 . 2008-10-06 16:24 4,156 --a------ C:\fix.reg
2008-10-05 19:27 . 2008-10-12 17:40 <DIR> d-------- C:\Documents and Settings\Necro\Application Data\Apple Computer
2008-10-05 19:26 . 2008-10-22 18:56 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-10-05 19:15 . 2008-10-05 19:15 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\{CB371711-F700-43CC-ACE0-9ADC5CEBBA81}
2008-10-05 19:07 . 2008-10-12 22:36 <DIR> d-------- C:\Documents and Settings\Necro\Application Data\Stardock
2008-10-05 19:06 . 2008-10-15 20:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Stardock
2008-10-05 19:01 . 2008-10-05 19:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-10-05 18:57 . 2008-10-05 18:57 <DIR> d-------- C:\Program Files\QuickTime
2008-10-05 18:57 . 2008-10-19 18:46 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-10-05 18:57 . 2008-10-19 18:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-10-05 18:56 . 2008-10-05 18:56 <DIR> d-------- C:\Program Files\Apple Software Update
2008-10-05 18:56 . 2008-10-05 18:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-10-05 16:06 . 2008-04-13 19:11 650,752 --a------ C:\WINDOWS\system32\dot3ui.dll
2008-10-05 16:05 . 2008-04-13 19:11 233,472 --a------ C:\WINDOWS\system32\azroles.dll
2008-10-05 16:05 . 2008-04-13 19:11 7,168 --a------ C:\WINDOWS\system32\bitsprx4.dll
2008-10-05 01:44 . 2008-10-05 01:44 <DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-10-05 01:43 . 2008-10-05 01:43 <DIR> d-------- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2008-10-05 00:59 . 2008-07-30 17:42 23,888 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-10-05 00:59 . 2008-07-30 17:28 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-10-05 00:59 . 2008-07-30 17:28 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-10-05 00:49 . 2008-10-05 00:49 285 --a------ C:\WINDOWS\vtmb.ini
2008-10-05 00:39 . 2008-10-27 11:52 <DIR> d-------- C:\Program Files\Vuze
2008-10-05 00:32 . 2008-10-05 00:32 361 --a------ C:\WINDOWS\system32\QuickTime.qtp
2008-10-05 00:21 . 2008-10-05 00:21 <DIR> d-------- C:\Documents and Settings\Necro\Application Data\InstallShield
2008-10-05 00:01 . 2008-10-05 00:25 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-10-05 00:01 . 2008-10-05 00:25 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-10-05 00:00 . 2008-10-05 00:59 <DIR> d-------- C:\Program Files\Symantec
2008-10-05 00:00 . 2008-10-27 03:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-10-04 23:49 . 2008-10-04 23:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-10-04 23:44 . 2008-10-03 12:41 6,066,176 --a------ C:\WINDOWS\system32\dllcache\ieframe.dll
2008-10-04 23:44 . 2007-04-17 04:32 2,455,488 --a------ C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-10-04 23:44 . 2007-03-08 00:10 991,232 --a------ C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-10-04 23:44 . 2008-08-26 02:24 459,264 --a------ C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-10-04 23:44 . 2008-08-26 02:24 383,488 --a------ C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-10-04 23:44 . 2008-08-26 02:24 267,776 --a------ C:\WINDOWS\system32\dllcache\iertutil.dll
2008-10-04 23:44 . 2008-08-26 02:24 63,488 --a------ C:\WINDOWS\system32\dllcache\icardie.dll
2008-10-04 23:44 . 2008-08-26 02:24 52,224 --a------ C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-10-04 23:44 . 2008-08-25 03:38 13,824 --a------ C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-10-04 23:42 . 2008-04-11 14:04 691,712 --a------ C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-10-04 22:12 . 2008-10-04 22:12 1,430,808 --a------ C:\WINDOWS\system32\AutoPartNt.exe
2008-10-04 22:12 . 2008-10-04 22:14 1,024 --a------ C:\WINDOWS\system32\AutoPartNt.let
2008-10-04 21:51 . 2008-10-04 21:51 <DIR> d-------- C:\Program Files\7-Zip

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-27 10:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-10-27 08:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-27 08:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-10-26 20:45 --------- d-----w C:\Documents and Settings\Necro\Application Data\Azureus
2008-10-25 05:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-18 09:15 --------- d-----w C:\Documents and Settings\Necro\Application Data\IGN_DLM
2008-10-13 04:02 --------- d-----w C:\Documents and Settings\Necro\Application Data\Yahoo!
2008-10-12 22:56 --------- d--h--w C:\Program Files\Creative Installation Information
2008-10-10 02:35 0 ----a-w C:\Program Files\temp01
2008-10-07 18:33 6,133,856 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2008-10-06 00:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\NOS
2008-10-05 05:25 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-10-05 05:25 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-10-04 22:20 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-07-02 07:12 84 --sh--w C:\Program Files\desktop.ini
2008-07-02 05:36 3,022,457 --sha-w C:\Documents and Settings\Necro\rundll32.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"ImpulseFastStart"="C:\Program Files\Stardock\Impulse\Impulse.exe" [2008-10-14 1717616]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2008-08-01 1103216]
"CursorFX"="C:\Program Files\Stardock\CursorFX\CursorFX.exe" [2008-07-07 416768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2007-10-26 509224]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-10-07 13574144]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"osCheck"="C:\PROGRA~1\Symantec\osCheck.exe" [2007-01-14 771704]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-06 413696]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936]
"LogonStudio"="C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 987187]
"BootSkin Startup Jobs"="C:\Program Files\Stardock\WinCustomize\BootSkin\bootskin.exe" [2004-04-26 270336]
"Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 2051096]
"Launch LGDCore"="C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 2095640]
"Start WingMan Profiler"="C:\Program Files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-10-07 86016]
"nwiz"="nwiz.exe" [2008-10-07 C:\WINDOWS\system32\nwiz.exe]
"P17Helper"="P17.dll" [2006-03-17 C:\WINDOWS\system32\P17.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideClock"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"qnflkotm"= {B39F06D5-E585-47FF-9890-C9F015D052C3} - \qnflkotm.dll [2008-10-24 327680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 15:13 49152 C:\PROGRA~1\COMMON~1\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-09-22 16:59 174328 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\SEGA\\Universe At War Earth Assault\\UAWEA.exe"=

R0 BootScreen;BootScreen;C:\WINDOWS\\SystemRoot\System32\drivers\vidstub.sys []
R3 GameConsoleService;GameConsoleService;C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe [2008-10-02 20:20]
R3 getPlus(R) Helper;getPlus(R) Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 10:00]
R3 p17filt;p17filt;C:\WINDOWS\system32\drivers\p17filt.sys [2006-03-20 18:34]
R4 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.syS []


*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2008-10-22 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-10-21 C:\WINDOWS\Tasks\Norton Security Online - Run Full System Scan - Necro.job
- C:\PROGRA~1\Symantec\Norton AntiVirus\Navw32.exe [2007-01-14 04:09]
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-RunOnce-<NO NAME> - (no file)



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-27 13:24:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\PROGRA~1\COMMON~1\Stardock\sdmcp.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\MagicTune Premium\MagicTune.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
.
**************************************************************************
.
Completion time: 2008-10-27 13:32:12 - machine was rebooted [Necro]
ComboFix-quarantined-files.txt 2008-10-27 18:32:05
ComboFix2.txt 2008-10-27 11:03:56
ComboFix3.txt 2008-10-27 10:35:07

Pre-Run: 373,105,876,992 bytes free
Post-Run: 373,139,275,776 bytes free

267 --- E O F --- 2008-10-21 09:44:48

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:34, on 10/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Stardock\Impulse\Impulse.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Stardock\CursorFX\CursorFX.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\MagicTune Premium\MagicTune.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - blank (file missing)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - blank (file missing)
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\bootskin.exe" /StartupJobs
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ImpulseFastStart] "C:\Program Files\Stardock\Impulse\Impulse.exe" /fastload
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [CursorFX] "C:\Program Files\Stardock\CursorFX\CursorFX.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1215054470233
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1215054633498
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15102/CTPID.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{11DACA1C-85EB-4833-8366-9596924E65AD}: NameServer = 66.73.20.40 206.141.193.55
O17 - HKLM\System\CS2\Services\Tcpip\..\{11DACA1C-85EB-4833-8366-9596924E65AD}: NameServer = 66.73.20.40 206.141.193.55
O21 - SSODL: qnflkotm - {B39F06D5-E585-47FF-9890-C9F015D052C3} - \qnflkotm.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Diskeeper - Unknown owner - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 11141 bytes

Shaba
2008-10-27, 20:57
That didn't work as supposed.

Ensure that CFScript looks exactly same as in code box; all entries in their own lines and try again, please.

Necroelf
2008-10-27, 21:31
this time I noticed it deleted all of that Vuse stuff so it should be the one you wanted to see this time I hope:)Oh one more thing when I ran it it said there is a newer version of combofix but when it tried to update it it alwasys failed. But other than that I don't think anything went wrong.

ComboFix 08-10-27.01 - Necro 2008-10-27 14:06:41.4 - NTFSx86
Command switches used :: C:\Documents and Settings\Necro\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Documents and Settings\Necro\rundll32.exe
C:\qnflkotm.dll
C:\vwnskbot.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Necro\Application Data\Azureus
C:\Documents and Settings\Necro\Application Data\Azureus\.certs
C:\Documents and Settings\Necro\Application Data\Azureus\.keystore
C:\Documents and Settings\Necro\Application Data\Azureus\.lock
C:\Documents and Settings\Necro\Application Data\Azureus\active\472C8806E48CC56880485368C033884D516E1229.dat
C:\Documents and Settings\Necro\Application Data\Azureus\active\472C8806E48CC56880485368C033884D516E1229.dat.bak
C:\Documents and Settings\Necro\Application Data\Azureus\active\A08262448504E88F8E11F298862124436A2212C9.dat
C:\Documents and Settings\Necro\Application Data\Azureus\active\A08262448504E88F8E11F298862124436A2212C9.dat.bak
C:\Documents and Settings\Necro\Application Data\Azureus\active\C59A74CED30D26210143EC7F38F433C0AE602C50.dat
C:\Documents and Settings\Necro\Application Data\Azureus\active\C59A74CED30D26210143EC7F38F433C0AE602C50.dat.bak
C:\Documents and Settings\Necro\Application Data\Azureus\active\cache.dat
C:\Documents and Settings\Necro\Application Data\Azureus\azureus.config
C:\Documents and Settings\Necro\Application Data\Azureus\azureus.config.bak
C:\Documents and Settings\Necro\Application Data\Azureus\azureus.statistics
C:\Documents and Settings\Necro\Application Data\Azureus\azureus.statistics.bak
C:\Documents and Settings\Necro\Application Data\Azureus\banips.config
C:\Documents and Settings\Necro\Application Data\Azureus\banips.config.bak
C:\Documents and Settings\Necro\Application Data\Azureus\dht\addresses.dat
C:\Documents and Settings\Necro\Application Data\Azureus\dht\contacts.dat
C:\Documents and Settings\Necro\Application Data\Azureus\dht\diverse.dat
C:\Documents and Settings\Necro\Application Data\Azureus\dht\general.dat
C:\Documents and Settings\Necro\Application Data\Azureus\dht\version.dat
C:\Documents and Settings\Necro\Application Data\Azureus\downloads.config
C:\Documents and Settings\Necro\Application Data\Azureus\downloads.config.bak
C:\Documents and Settings\Necro\Application Data\Azureus\filters.config
C:\Documents and Settings\Necro\Application Data\Azureus\friends.config
C:\Documents and Settings\Necro\Application Data\Azureus\friends.config.bak
C:\Documents and Settings\Necro\Application Data\Azureus\ipfilter.cache
C:\Documents and Settings\Necro\Application Data\Azureus\logs\alerts_1.log
C:\Documents and Settings\Necro\Application Data\Azureus\logs\AutoSpeed_1.log
C:\Documents and Settings\Necro\Application Data\Azureus\logs\AutoSpeedSearchHistory_1.log
C:\Documents and Settings\Necro\Application Data\Azureus\logs\clientid_1.log
C:\Documents and Settings\Necro\Application Data\Azureus\logs\debug_1.log
C:\Documents and Settings\Necro\Application Data\Azureus\logs\debug_2.log
C:\Documents and Settings\Necro\Application Data\Azureus\logs\Friends_1.log
C:\Documents and Settings\Necro\Application Data\Azureus\logs\Friends_2.log
C:\Documents and Settings\Necro\Application Data\Azureus\logs\MetaSearch_1.log
C:\Documents and Settings\Necro\Application Data\Azureus\logs\MetaSearch_Engine_3.txt
C:\Documents and Settings\Necro\Application Data\Azureus\logs\MetaSearch_Engine_3295948906.txt
C:\Documents and Settings\Necro\Application Data\Azureus\logs\MetaSearch_Engine_3973235077.txt
C:\Documents and Settings\Necro\Application Data\Azureus\logs\MetaSearch_Engine_4.txt
C:\Documents and Settings\Necro\Application Data\Azureus\logs\MetaSearch_Engine_5.txt
C:\Documents and Settings\Necro\Application Data\Azureus\logs\MetaSearch_Engine_9.txt
C:\Documents and Settings\Necro\Application Data\Azureus\logs\NetStatus_1.log
C:\Documents and Settings\Necro\Application Data\Azureus\logs\save\1224497374500_alerts_1.log
C:\Documents and Settings\Necro\Application Data\Azureus\logs\save\1224497374500_AutoSpeed_1.log
C:\Documents and Settings\Necro\Application Data\Azureus\logs\save\1224497374500_AutoSpeedSearchHistory_1.log
C:\Documents and Settings\Necro\Application Data\Azureus\logs\save\1224497374500_clientid_1.log
C:\Documents and Settings\Necro\Application Data\Azureus\logs\save\1224497374500_debug_1.log
C:\Documents and Settings\Necro\Application Data\Azureus\logs\save\1224497374500_debug_2.log
C:\Documents and Settings\Necro\Application Data\Azureus\logs\save\1224497374500_Friends_1.log
C:\Documents and Settings\Necro\Application Data\Azureus\logs\save\1224497374500_MetaSearch_1.log
C:\Documents and Settings\Necro\Application Data\Azureus\logs\save\1224497374500_NetStatus_1.log
C:\Documents and Settings\Necro\Application Data\Azureus\logs\save\1224497374500_seltrace_1.log
C:\Documents and Settings\Necro\Application Data\Azureus\logs\save\1224497374500_SpeedMan_1.log
C:\Documents and Settings\Necro\Application Data\Azureus\logs\save\1224497374500_Subscriptions_1.log
C:\Documents and Settings\Necro\Application Data\Azureus\logs\save\1224497374500_thread_1.log
C:\Documents and Settings\Necro\Application Data\Azureus\logs\save\1224497374500_thread_2.log
C:\Documents and Settings\Necro\Application Data\Azureus\logs\save\1224497374500_v3.ads_1.log
C:\Documents and Settings\Necro\Application Data\Azureus\logs\save\1224497374500_v3.CMsgr_1.log
C:\Documents and Settings\Necro\Application Data\Azureus\logs\save\1224497374500_v3.Friends_1.log
C:\Documents and Settings\Necro\Application Data\Azureus\logs\save\1224497374500_v3.PMsgr_1.log
C:\Documents and Settings\Necro\Application Data\Azureus\logs\save\1224497374500_v3.PMsgr_2.log
C:\Documents and Settings\Necro\Application Data\Azureus\logs\save\1224497374500_v3.Stream_1.log
C:\Documents and Settings\Necro\Application Data\Azureus\logs\save\1225053810500_alerts_1.log
C:\Documents and Settings\Necro\Application Data\Azureus\logs\save\1225053810500_AutoSpeed_1.log
C:\Documents and Settings\Necro\Application Data\Azureus\logs\save\1225053810500_AutoSpeedSearchHistory_1.log
C:\Documents and Settings\Necro\Application Data\Azureus\logs\save\1225053810500_clientid_1.log
C:\Documents and Settings\Necro\Application Data\Azureus\logs\save\1225053810500_debug_1.log
C:\Documents and Settings\Necro\Application Data\Azureus\logs\save\1225053810500_debug_2.log
C:\Documents and Settings\Necro\Application Data\Azureus\logs\save\1225053810500_Friends_1.log
C:\Documents and Settings\Necro\Application Data\Azureus\logs\save\1225053810500_Friends_2.log
C:\Documents and Settings\Necro\Application Data\Azureus\logs\save\1225053810500_MetaSearch_1.log
C:\Documents and Settings\Necro\Application Data\Azureus\logs\save\1225053810500_MetaSearch_Engine_3.txt
C:\Documents and Settings\Necro\Application Data\Azureus\logs\save\1225053810500_MetaSearch_Engine_3295948906.txt
C:\Documents and Settings\Necro\Application Data\Azureus\logs\save\1225053810500_MetaSearch_Engine_3973235077.txt
C:\Documents and Settings\Necro\Application Data\Azureus\logs\save\1225053810500_MetaSearch_Engine_4.txt
C:\Documents and Settings\Necro\Application Data\Azureus\logs\save\1225053810500_MetaSearch_Engine_5.txt
C:\Documents and Settings\Necro\Application Data\Azureus\logs\save\1225053810500_MetaSearch_Engine_9.txt
C:\Documents and Settings\Necro\Application Data\Azureus\logs\save\1225053810500_NetStatus_1.log
C:\Documents and Settings\Necro\Application Data\Azureus\logs\save\1225053810500_seltrace_1.log
C:\Documents and Settings\Necro\Application Data\Azureus\logs\save\1225053810500_SpeedMan_1.log
C:\Documents and Settings\Necro\Application Data\Azureus\logs\save\1225053810500_Subscriptions_1.log
C:\Documents and Settings\Necro\Application Data\Azureus\logs\save\1225053810500_thread_1.log
C:\Documents and Settings\Necro\Application Data\Azureus\logs\save\1225053810500_thread_2.log
C:\Documents and Settings\Necro\Application Data\Azureus\logs\save\1225053810500_v3.ads_1.log
C:\Documents and Settings\Necro\Application Data\Azureus\logs\save\1225053810500_v3.CMsgr_1.log
C:\Documents and Settings\Necro\Application Data\Azureus\logs\save\1225053810500_v3.CMsgr_2.log
C:\Documents and Settings\Necro\Application Data\Azureus\logs\save\1225053810500_v3.emp_1.log
C:\Documents and Settings\Necro\Application Data\Azureus\logs\save\1225053810500_v3.Friends_1.log
C:\Documents and Settings\Necro\Application Data\Azureus\logs\save\1225053810500_v3.Friends_2.log
C:\Documents and Settings\Necro\Application Data\Azureus\logs\save\1225053810500_v3.MD_1.log
C:\Documents and Settings\Necro\Application Data\Azureus\logs\save\1225053810500_v3.PMsgr_1.log
C:\Documents and Settings\Necro\Application Data\Azureus\logs\save\1225053810500_v3.PMsgr_2.log
C:\Documents and Settings\Necro\Application Data\Azureus\logs\save\1225053810500_v3.Stream_1.log
C:\Documents and Settings\Necro\Application Data\Azureus\logs\seltrace_1.log
C:\Documents and Settings\Necro\Application Data\Azureus\logs\SpeedMan_1.log
C:\Documents and Settings\Necro\Application Data\Azureus\logs\Subscriptions_1.log
C:\Documents and Settings\Necro\Application Data\Azureus\logs\thread_1.log
C:\Documents and Settings\Necro\Application Data\Azureus\logs\thread_2.log
C:\Documents and Settings\Necro\Application Data\Azureus\logs\v3.ads_1.log
C:\Documents and Settings\Necro\Application Data\Azureus\logs\v3.CMsgr_1.log
C:\Documents and Settings\Necro\Application Data\Azureus\logs\v3.CMsgr_2.log
C:\Documents and Settings\Necro\Application Data\Azureus\logs\v3.emp_1.log
C:\Documents and Settings\Necro\Application Data\Azureus\logs\v3.Friends_1.log
C:\Documents and Settings\Necro\Application Data\Azureus\logs\v3.Friends_2.log
C:\Documents and Settings\Necro\Application Data\Azureus\logs\v3.MD_1.log
C:\Documents and Settings\Necro\Application Data\Azureus\logs\v3.PMsgr_1.log
C:\Documents and Settings\Necro\Application Data\Azureus\logs\v3.PMsgr_2.log
C:\Documents and Settings\Necro\Application Data\Azureus\logs\v3.Stream_1.log
C:\Documents and Settings\Necro\Application Data\Azureus\metasearch.config
C:\Documents and Settings\Necro\Application Data\Azureus\metasearch.config.bak
C:\Documents and Settings\Necro\Application Data\Azureus\net\pm_7132.dat
C:\Documents and Settings\Necro\Application Data\Azureus\net\pm_default.dat
C:\Documents and Settings\Necro\Application Data\Azureus\sidebarauto.config
C:\Documents and Settings\Necro\Application Data\Azureus\sidebarauto.config.bak
C:\Documents and Settings\Necro\Application Data\Azureus\subs\047969C2F30A401262F9.vuze
C:\Documents and Settings\Necro\Application Data\Azureus\subs\04C5EE008E353478F7DD.vuze
C:\Documents and Settings\Necro\Application Data\Azureus\subs\AF734186BA1B192A332E.vuze
C:\Documents and Settings\Necro\Application Data\Azureus\subs\AF734186BA1B192A332E.vuze.2
C:\Documents and Settings\Necro\Application Data\Azureus\subscriptions.config
C:\Documents and Settings\Necro\Application Data\Azureus\subscriptions.config.bak
C:\Documents and Settings\Necro\Application Data\Azureus\tables.config
C:\Documents and Settings\Necro\Application Data\Azureus\tables.config.bak
C:\Documents and Settings\Necro\Application Data\Azureus\timingstats.dat
C:\Documents and Settings\Necro\Application Data\Azureus\tmp\AZU40630.tmp
C:\Documents and Settings\Necro\Application Data\Azureus\tmp\AZU40631.tmp
C:\Documents and Settings\Necro\Application Data\Azureus\tmp\AZU40632.tmp
C:\Documents and Settings\Necro\Application Data\Azureus\tmp\AZU40633.tmp
C:\Documents and Settings\Necro\Application Data\Azureus\tmp\AZU40634.tmp
C:\Documents and Settings\Necro\Application Data\Azureus\tmp\AZU40635.tmp
C:\Documents and Settings\Necro\Application Data\Azureus\tmp\AZU40636.tmp
C:\Documents and Settings\Necro\Application Data\Azureus\tmp\AZU40637.tmp
C:\Documents and Settings\Necro\Application Data\Azureus\tracker.config
C:\Documents and Settings\Necro\Application Data\Azureus\tracker.config.bak
C:\Documents and Settings\Necro\Application Data\Azureus\unsentdata.config
C:\Documents and Settings\Necro\Application Data\Azureus\unsentdata.config.bak
C:\Documents and Settings\Necro\Application Data\Azureus\update.log
C:\Documents and Settings\Necro\Application Data\Azureus\update.properties
C:\Documents and Settings\Necro\Application Data\Azureus\v3.Friends.dat
C:\Documents and Settings\Necro\Application Data\Azureus\v3.Friends.dat.bak
C:\Documents and Settings\Necro\Application Data\Azureus\VuzeActivities.config
C:\Documents and Settings\Necro\Application Data\Azureus\VuzeActivities.config.bak
C:\Documents and Settings\Necro\rundll32.exe
C:\Program Files\Vuze
C:\Program Files\Vuze\plugins\azemp\mplayer\config
C:\qnflkotm.dll
C:\vwnskbot.dll

.
((((((((((((((((((((((((( Files Created from 2008-09-27 to 2008-10-27 )))))))))))))))))))))))))))))))
.

2008-10-26 22:06 . 2008-10-26 22:06 93 --a------ C:\WINDOWS\wininit.ini
2008-10-26 20:07 . 2008-10-26 20:07 <DIR> d-------- C:\WINDOWS\WinRAR
2008-10-26 19:24 . 2008-10-26 19:24 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-26 12:54 . 2008-10-26 13:34 <DIR> d-------- C:\Program Files\SinEpisodes
2008-10-26 02:23 . 2008-10-26 02:23 <DIR> d-------- C:\Program Files\JoWooD
2008-10-26 01:05 . 2008-10-26 02:18 <DIR> d-------- C:\Program Files\Steam
2008-10-24 02:29 . 2008-10-24 02:55 <DIR> d-------- C:\Documents and Settings\Necro\Application Data\SPORE
2008-10-24 01:32 . 2008-10-15 11:34 337,408 --a------ C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-22 03:19 . 2008-10-22 15:13 278,984 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2008-10-22 03:19 . 2008-10-22 03:19 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2008-10-22 03:06 . 2008-10-22 03:06 <DIR> d-------- C:\Program Files\SpellForce
2008-10-21 11:11 . 2008-10-21 13:31 <DIR> d-------- C:\Program Files\Crysis Warhead
2008-10-20 22:04 . 2008-10-20 22:06 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Yahoo!
2008-10-20 22:00 . 2008-10-20 22:00 <DIR> d-------- C:\Documents and Settings\Administrator
2008-10-20 04:28 . 2008-10-20 04:28 <DIR> d-------- C:\Program Files\DIFX
2008-10-20 04:20 . 2008-10-20 04:20 <DIR> d-------- C:\WINDOWS\system32\xlive
2008-10-20 00:17 . 2008-10-20 00:17 <DIR> d-------- C:\Documents and Settings\Necro\Application Data\Friday's games
2008-10-20 00:15 . 2008-10-20 00:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SugarGames
2008-10-19 23:27 . 2008-10-19 23:27 <DIR> d-------- C:\Documents and Settings\Necro\Saved Games
2008-10-19 23:27 . 2008-10-19 23:27 <DIR> d-------- C:\Documents and Settings\Necro\Application Data\iWin
2008-10-19 23:24 . 2008-10-19 23:24 0 --a------ C:\WINDOWS\Game.INI
2008-10-19 16:19 . 2007-12-03 14:35 340,040 --a------ C:\WINDOWS\CSWSKAX5.OCX
2008-10-19 07:18 . 2008-10-19 07:18 <DIR> d-------- C:\Program Files\ReflexiveArcade
2008-10-19 03:16 . 2008-10-19 03:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Escape From Paradise
2008-10-18 23:16 . 2008-10-18 23:16 <DIR> d-------- C:\Documents and Settings\Necro\Application Data\WildTangent
2008-10-18 04:07 . 2008-10-18 06:12 <DIR> d-------- C:\Program Files\Ground Control II
2008-10-18 04:06 . 2008-10-18 04:06 <DIR> d-------- C:\Sierra
2008-10-15 23:54 . 2008-10-15 23:56 <DIR> d-------- C:\WINDOWS\NV31521380.TMP
2008-10-15 23:54 . 2008-10-07 13:33 201,157 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-10-15 23:53 . 2008-10-15 23:53 <DIR> d-------- C:\NVIDIA
2008-10-15 23:48 . 2008-10-15 23:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-10-15 23:33 . 2008-10-15 23:44 <DIR> d-------- C:\WINDOWS\NV27362932.TMP
2008-10-15 18:52 . 2003-03-12 15:48 2,359,352 --a------ C:\WINDOWS\Krypto_BG.bmp
2008-10-15 03:42 . 2008-10-15 03:42 <DIR> d-------- C:\Program Files\CD Projekt
2008-10-15 03:09 . 2008-09-08 05:41 333,824 --a------ C:\WINDOWS\system32\dllcache\srv.sys
2008-10-15 03:08 . 2008-08-14 05:11 2,189,184 --a------ C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-15 03:08 . 2008-08-14 05:09 2,145,280 --a------ C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-15 03:08 . 2008-08-14 04:33 2,066,048 --a------ C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-15 03:08 . 2008-08-14 04:33 2,023,936 --a------ C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-15 03:08 . 2008-09-15 07:12 1,846,400 --a------ C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-14 16:51 . 2008-10-14 16:51 <DIR> d-------- C:\Documents and Settings\Necro\Application Data\Disney Interactive Studios
2008-10-14 16:38 . 2008-10-14 16:38 <DIR> d-------- C:\Program Files\Disney Interactive Studios
2008-10-14 16:38 . 2008-07-12 08:18 3,851,784 --a------ C:\WINDOWS\system32\D3DX9_39.dll
2008-10-14 16:38 . 2008-07-12 08:18 1,493,528 --a------ C:\WINDOWS\system32\D3DCompiler_39.dll
2008-10-14 16:38 . 2008-07-31 10:40 509,448 --a------ C:\WINDOWS\system32\XAudio2_2.dll
2008-10-14 16:38 . 2008-07-12 08:18 467,984 --a------ C:\WINDOWS\system32\d3dx10_39.dll
2008-10-14 16:38 . 2008-07-31 10:41 238,088 --a------ C:\WINDOWS\system32\xactengine3_2.dll
2008-10-14 16:38 . 2008-07-31 10:41 68,616 --a------ C:\WINDOWS\system32\XAPOFX1_1.dll
2008-10-14 16:36 . 2008-10-14 16:48 1,049 --a------ C:\WINDOWS\disney.ini
2008-10-13 04:14 . 2008-10-15 04:13 <DIR> d-------- C:\Program Files\Stardock Games
2008-10-13 02:21 . 2008-10-14 03:29 112 --a------ C:\WINDOWS\SpaceForce-RU.cfg
2008-10-13 02:13 . 2008-10-13 02:13 <DIR> d-------- C:\Program Files\Dreamcatcher
2008-10-12 23:35 . 2008-10-27 13:24 24 --a------ C:\WINDOWS\LogonStudio.ini
2008-10-12 23:25 . 2008-10-12 23:25 <DIR> d-------- C:\Program Files\WinCustomize
2008-10-12 23:25 . 2000-10-10 13:01 198,656 --a------ C:\WINDOWS\system32\comdlg32.ocx
2008-10-12 23:25 . 2000-05-17 09:52 187,392 --a------ C:\WINDOWS\system32\JPGUtils.dll
2008-10-12 23:23 . 2008-10-15 19:50 163,712 --a------ C:\WINDOWS\system32\drivers\vidstub.sys
2008-10-12 22:50 . 2008-10-12 22:50 0 --a------ C:\WINDOWS\WB.ini
2008-10-12 22:34 . 2008-05-06 15:25 58,616 --a------ C:\WINDOWS\system32\wbload.dll
2008-10-12 22:34 . 2008-04-28 11:35 42,672 --a------ C:\WINDOWS\system32\wbsys.dll
2008-10-12 22:32 . 2003-02-08 13:03 748,544 --a------ C:\WINDOWS\system32\bandvwm.dll
2008-10-12 17:58 . 2008-10-12 17:58 <DIR> d-------- C:\Documents and Settings\Necro\Application Data\CyberLink
2008-10-12 17:40 . 2008-04-27 10:33 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-10-12 17:40 . 2008-04-27 10:35 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-10-12 17:40 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2008-10-11 15:08 . 2008-10-11 15:08 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2008-10-11 04:18 . 2008-10-11 04:18 <DIR> d-------- C:\Program Files\Lighthouse Interactive
2008-10-10 19:37 . 2008-10-10 19:37 <DIR> d-------- C:\Program Files\EA Games
2008-10-10 06:52 . 2008-10-10 06:52 <DIR> d-------- C:\Program Files\Cinemaware
2008-10-09 21:35 . 2008-10-27 03:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-10-09 20:47 . 2008-10-09 20:47 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-10-09 20:09 . 2008-10-20 00:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WildTangent
2008-10-09 19:23 . 2008-10-09 19:23 <DIR> d-------- C:\Documents and Settings\Necro\Application Data\Activision
2008-10-09 06:14 . 2008-10-09 06:14 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-10-09 03:19 . 2008-10-09 03:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MumboJumbo
2008-10-07 19:16 . 2008-10-07 19:16 <DIR> dr-h----- C:\Documents and Settings\Necro\Application Data\SecuROM
2008-10-07 19:16 . 2008-10-07 19:16 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-10-06 17:46 . 2008-10-06 17:58 <DIR> d-------- C:\WINDOWS\NV2252588.TMP
2008-10-06 16:48 . 2008-10-06 16:48 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-10-06 16:48 . 2008-10-06 16:48 <DIR> d-------- C:\WINDOWS\system32\en
2008-10-06 16:48 . 2008-10-06 16:48 <DIR> d-------- C:\WINDOWS\l2schemas
2008-10-06 16:22 . 2008-10-06 16:24 4,156 --a------ C:\fix.reg
2008-10-05 19:27 . 2008-10-12 17:40 <DIR> d-------- C:\Documents and Settings\Necro\Application Data\Apple Computer
2008-10-05 19:26 . 2008-10-22 18:56 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-10-05 19:15 . 2008-10-05 19:15 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\{CB371711-F700-43CC-ACE0-9ADC5CEBBA81}
2008-10-05 19:07 . 2008-10-12 22:36 <DIR> d-------- C:\Documents and Settings\Necro\Application Data\Stardock
2008-10-05 19:06 . 2008-10-15 20:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Stardock
2008-10-05 19:01 . 2008-10-05 19:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-10-05 18:57 . 2008-10-05 18:57 <DIR> d-------- C:\Program Files\QuickTime
2008-10-05 18:57 . 2008-10-19 18:46 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-10-05 18:57 . 2008-10-19 18:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-10-05 18:56 . 2008-10-05 18:56 <DIR> d-------- C:\Program Files\Apple Software Update
2008-10-05 18:56 . 2008-10-05 18:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-10-05 16:06 . 2008-04-13 19:11 650,752 --a------ C:\WINDOWS\system32\dot3ui.dll
2008-10-05 16:05 . 2008-04-13 19:11 233,472 --a------ C:\WINDOWS\system32\azroles.dll
2008-10-05 16:05 . 2008-04-13 19:11 7,168 --a------ C:\WINDOWS\system32\bitsprx4.dll
2008-10-05 01:44 . 2008-10-05 01:44 <DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-10-05 01:43 . 2008-10-05 01:43 <DIR> d-------- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2008-10-05 00:59 . 2008-07-30 17:42 23,888 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-10-05 00:59 . 2008-07-30 17:28 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-10-05 00:59 . 2008-07-30 17:28 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-10-05 00:49 . 2008-10-05 00:49 285 --a------ C:\WINDOWS\vtmb.ini
2008-10-05 00:32 . 2008-10-05 00:32 361 --a------ C:\WINDOWS\system32\QuickTime.qtp
2008-10-05 00:21 . 2008-10-05 00:21 <DIR> d-------- C:\Documents and Settings\Necro\Application Data\InstallShield
2008-10-05 00:01 . 2008-10-05 00:25 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-10-05 00:01 . 2008-10-05 00:25 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-10-05 00:00 . 2008-10-05 00:59 <DIR> d-------- C:\Program Files\Symantec
2008-10-05 00:00 . 2008-10-27 03:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-10-04 23:49 . 2008-10-04 23:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-10-04 23:44 . 2008-10-03 12:41 6,066,176 --a------ C:\WINDOWS\system32\dllcache\ieframe.dll
2008-10-04 23:44 . 2007-04-17 04:32 2,455,488 --a------ C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-10-04 23:44 . 2007-03-08 00:10 991,232 --a------ C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-10-04 23:44 . 2008-08-26 02:24 459,264 --a------ C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-10-04 23:44 . 2008-08-26 02:24 383,488 --a------ C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-10-04 23:44 . 2008-08-26 02:24 267,776 --a------ C:\WINDOWS\system32\dllcache\iertutil.dll
2008-10-04 23:44 . 2008-08-26 02:24 63,488 --a------ C:\WINDOWS\system32\dllcache\icardie.dll
2008-10-04 23:44 . 2008-08-26 02:24 52,224 --a------ C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-10-04 23:44 . 2008-08-25 03:38 13,824 --a------ C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-10-04 23:42 . 2008-04-11 14:04 691,712 --a------ C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-10-04 22:12 . 2008-10-04 22:12 1,430,808 --a------ C:\WINDOWS\system32\AutoPartNt.exe
2008-10-04 22:12 . 2008-10-04 22:14 1,024 --a------ C:\WINDOWS\system32\AutoPartNt.let
2008-10-04 21:51 . 2008-10-04 21:51 <DIR> d-------- C:\Program Files\7-Zip
2008-10-04 21:51 . 2008-10-04 21:51 <DIR> d-------- C:\Program Files\10 Days Under The Sea
2008-10-04 21:47 . 2008-10-04 21:47 <DIR> d-------- C:\Program Files\Ancient Quest of Saqqarah
2008-10-04 21:47 . 2008-10-11 15:08 <DIR> d-------- C:\Program Files\AGEIA Technologies

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-27 10:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-10-27 08:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-27 08:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-10-25 05:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-18 09:15 --------- d-----w C:\Documents and Settings\Necro\Application Data\IGN_DLM
2008-10-13 04:02 --------- d-----w C:\Documents and Settings\Necro\Application Data\Yahoo!
2008-10-12 22:56 --------- d--h--w C:\Program Files\Creative Installation Information
2008-10-10 02:35 0 ----a-w C:\Program Files\temp01
2008-10-07 18:33 6,133,856 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2008-10-06 00:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\NOS
2008-10-05 05:25 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-10-05 05:25 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-10-04 22:20 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-07-02 07:12 84 --sh--w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"ImpulseFastStart"="C:\Program Files\Stardock\Impulse\Impulse.exe" [2008-10-14 1717616]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2008-08-01 1103216]
"CursorFX"="C:\Program Files\Stardock\CursorFX\CursorFX.exe" [2008-07-07 416768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2007-10-26 509224]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-10-07 13574144]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"osCheck"="C:\PROGRA~1\Symantec\osCheck.exe" [2007-01-14 771704]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-06 413696]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936]
"LogonStudio"="C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 987187]
"BootSkin Startup Jobs"="C:\Program Files\Stardock\WinCustomize\BootSkin\bootskin.exe" [2004-04-26 270336]
"Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 2051096]
"Launch LGDCore"="C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 2095640]
"Start WingMan Profiler"="C:\Program Files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-10-07 86016]
"nwiz"="nwiz.exe" [2008-10-07 C:\WINDOWS\system32\nwiz.exe]
"P17Helper"="P17.dll" [2006-03-17 C:\WINDOWS\system32\P17.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideClock"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 15:13 49152 C:\PROGRA~1\COMMON~1\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-09-22 16:59 174328 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\SEGA\\Universe At War Earth Assault\\UAWEA.exe"=

R0 BootScreen;BootScreen;C:\WINDOWS\\SystemRoot\System32\drivers\vidstub.sys []
R3 GameConsoleService;GameConsoleService;C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe [2008-10-02 20:20]
R3 getPlus(R) Helper;getPlus(R) Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 10:00]
R3 p17filt;p17filt;C:\WINDOWS\system32\drivers\p17filt.sys [2006-03-20 18:34]
R4 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.syS []


*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2008-10-22 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-10-21 C:\WINDOWS\Tasks\Norton Security Online - Run Full System Scan - Necro.job
- C:\PROGRA~1\Symantec\Norton AntiVirus\Navw32.exe [2007-01-14 04:09]
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-RunOnce-<NO NAME> - (no file)



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-27 14:15:02
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\PROGRA~1\COMMON~1\Stardock\sdmcp.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\MagicTune Premium\MagicTune.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
.
**************************************************************************
.
Completion time: 2008-10-27 14:23:51 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-27 19:23:44
ComboFix2.txt 2008-10-27 18:32:14
ComboFix3.txt 2008-10-27 11:03:56
ComboFix4.txt 2008-10-27 10:35:07

Pre-Run: 373,050,761,216 bytes free
Post-Run: 373,069,459,456 bytes free

416 --- E O F --- 2008-10-21 09:44:48

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:27, on 10/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Stardock\Impulse\Impulse.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Stardock\CursorFX\CursorFX.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\MagicTune Premium\MagicTune.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - blank (file missing)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - blank (file missing)
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\bootskin.exe" /StartupJobs
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ImpulseFastStart] "C:\Program Files\Stardock\Impulse\Impulse.exe" /fastload
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [CursorFX] "C:\Program Files\Stardock\CursorFX\CursorFX.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1215054470233
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1215054633498
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15102/CTPID.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{11DACA1C-85EB-4833-8366-9596924E65AD}: NameServer = 66.73.20.40 206.141.193.55
O17 - HKLM\System\CS2\Services\Tcpip\..\{11DACA1C-85EB-4833-8366-9596924E65AD}: NameServer = 66.73.20.40 206.141.193.55
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Diskeeper - Unknown owner - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 10906 bytes

Shaba
2008-10-27, 22:43
Yes :)

Please make sure that all programs are closed when installing Java.

Click here (http://java.sun.com/javase/downloads/index.jsp) to visit Java's website.
Scroll down to Java Runtime Environment (JRE) 6 Update 10. Click on Download.
Select Windows from the drop-down list for Platform.
Select Multi-language from the drop-down list for Language.
Check (tick) I agree to the Java SE Runtime Environment 6 License Agreement box and click on Continue.
Click on jre-6u10-windows-i586-p.exe link to download it and save this to a convenient location.
Double click on jre-6u10-windows-i586-p.exe to install Java.
After the Java installation has finished, please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.

If you need a tutorial, see here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif)

Necroelf
2008-10-28, 03:56
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:53, on 10/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Stardock\Impulse\Impulse.exe
C:\Program Files\Stardock\CursorFX\CursorFX.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\MagicTune Premium\MagicTune.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - blank (file missing)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - blank (file missing)
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\bootskin.exe" /StartupJobs
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ImpulseFastStart] "C:\Program Files\Stardock\Impulse\Impulse.exe" /fastload
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [CursorFX] "C:\Program Files\Stardock\CursorFX\CursorFX.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
O4 - S-1-5-18 Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1215054470233
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1215054633498
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15102/CTPID.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{11DACA1C-85EB-4833-8366-9596924E65AD}: NameServer = 66.73.20.40 206.141.193.55
O17 - HKLM\System\CS2\Services\Tcpip\..\{11DACA1C-85EB-4833-8366-9596924E65AD}: NameServer = 66.73.20.40 206.141.193.55
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Diskeeper - Unknown owner - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 11859 bytes

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, October 27, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, October 27, 2008 20:30:26
Records in database: 1351940
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 282688
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 04:20:23


File name / Threat name / Threats count
C:\Documents and Settings\Necro\Desktop\Downloads\Deamon Tools\daemon4121-lite.exe Infected: not-a-virus:AdWare.Win32.Shopper.r 1

The selected area was scanned.

Necroelf
2008-10-28, 04:31
But I just did another scan with spybot and it found a virus smitfraud, so I guess that online scanner was crap or it just doesn't scan the hkey places of the hard drives thought you should know this... I will be gone for a few hours now I will be back around 12:00 am central will look for more help then. Thank again just hink we need to do something else to get rid of the problem / s

Shaba
2008-10-28, 15:32
"But I just did another scan with spybot and it found a virus smitfraud, so I guess that online scanner was crap or it just doesn't scan the hkey places of the hard drives thought you should know this..."

Kaspersky online scanner is far from crap :)

It is maybe the best online scanner available. It doesn't scan windows registry (hkey is registry hive) like you said so that is the reason why it didn't catch that.

Please post next spybot report.

Necroelf
2008-10-28, 19:47
I appligise for my statement of that online scanner :) and again thanks very much for all of this help. Ok what would be the next step ?

Shaba
2008-10-28, 19:57
You can delete this:

C:\Documents and Settings\Necro\Desktop\Downloads\Deamon Tools\daemon4121-lite.exe

Still problems?

Necroelf
2008-10-28, 21:57
I don't see anything else I ran another spybot for just in case and still nothing there :) thanks very much ... the only thing I might need a bit of help with is I cannot seem to get my clock back to normal it's still set to military time, other than that I think you solved it all :)

Shaba
2008-10-28, 21:59
Go to start - run

Type combofix /u and click ok.

Let me know if it helped :)

Necroelf
2008-10-28, 23:03
when I goto the date and time in the control panel it says the right time, but on the desktop time it's still in military.I did uninstall combofix though. I do belive when I first got the virus/s that is when my desktop time got messed up, if there is anything else you can think of that would be great. if you cannot I can live with a miner inconvience :) You have done a great job and I am very happy to have my pc back to where it should be thank you again :)

Shaba
2008-10-29, 11:34
Right-click clock in desktop and choose change time/date and adjust time format within that.

Did it help?

Necroelf
2008-10-30, 00:25
I just don't get it when I went to adjust the date/time it is the normal time in there... like 5:22pm it says there but on the desktop one it is in military time still... Like I said if that is the only thing wrong I can live with it :) Thank you so much again for fixing my pc again I wont be downloading anymore crap off web.

Shaba
2008-10-30, 10:47
Is it OK to redirect you to some windows forum for that issue?

Shaba
2008-11-08, 12:05
Due to the lack of feedback this Topic is closed.

If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.

Everyone else please begin a New Topic.